The problem We are heavy users of AWS Organization and Service Control Policy. We are blocking a lot of stuff that is common foot guns and we do not need to deal with on daily basis. One of our polices is to limit regions that are used across the organization. { "Sid": "DenyAccessToBlockedRegions", "Effect": "Deny", "NotAction": [ "cloudfront:", "iam:", "route53:", "support:", "directconnect:" ], "Resource": "", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "us-east-1", "us-east-2", "us-west-2" ] }, "ArnNotLike": { "aws:PrincipalARN": "arn:aws:iam::*:role/AWSControlTowerExecution" } } } Note It is redacted for simplicity

The problem I do believe I am not the only one who is bombarded with useless spam on my work email. I am getting emails about long forgotten systems that do backup of dead products, Email about some change management requests that is nothing to do with my work or even in same department. I hate it because all of that spam is forcing my set up Email rules to delete or block or remove those emails.