GlobalCorp is expanding its cloud footprint into hundreds of AWS accounts across various Regions, and the Central Governance team needs to ensure compliance by restricting deployments to only approved Regions. As a solutions architect, you must recommend a solution that denies access to any operations outside these designated Regions. Which solution will meet these requirements?