Your organization operates in multiple countries and needs to design a system where AWS resources are only accessible within specific regions to comply with data sovereignty laws. What should they implement to control this?