IN, US, UG Regions

dbRegion attribute

Authorizer & IAM Policies

- dbRegion attribute assigned at registration (IN, US, UG)

- Region detection via IP for routing only

- Authentication against home region Cognito pool

- Tokens include dbRegion, role, access_type

- API Gateway validates tokens with region-specific keys

- Requests with mismatched dbRegion rejected

- India user logging in from US: Auth & backend in India only

- Indian admin traveling internationally: VPN required for access

- Uganda users mapped to US pool and backend

- Cross-region login attempts denied and logged