There isn’t a great way to do this aside from whitelisting the two regions builds can run in on AWS: CircleCi Source IP