Utilize IAM Identity Center to establish service-linked roles with IAM policy statements that incorporate the Condition, Resource, and NotAction elements to grant access solely to the designated Regions and services.

Disable AWS Security Token Service (AWS STS) in the Regions where developers are prohibited from accessing.

Develop SCPs (Service Control Policies) that integrate the Condition, Resource, and NotAction elements to permit access exclusively to the designated Regions and services.

For every AWS account, craft customized identity-based policies for IAM Identity Center that utilize statements including the Condition, Resource, and NotAction elements to allow access only to the designated Regions and services.