Feat: Support AWS Partitions other than 'aws' in Organization Binding

[OlafConijn]

In order to support tasks/templates that can be deployed to one or more partitions it would be good to add an optional attribute to the organization binding syntax.

Proposal A: adding Partition attribute

  OrganizationBinding:
    Account: !Ref AccountA
    Region: us-east-1
    Partition:
      - aws-us-gov
      - aws

This binding will resolve to 2 targets:

• AccountA in us-east-1 on the aws partition
• AccountB in us-gov-east-1 on the aws-us-gov partition.

Regions available in both partitions will be automatically converted to the corresponding aws-us-gov region. Regions that are not available in a target partition will not result in a target (they will be ignored): {Region: eu-central-1, Partition: [aws, aws-us-gov] } will return 1 target because eu-central-1 is not available in aws-us-gov.

The default value for Partition is always 'aws' and can be a single partition ('aws-us-gov') or multiple.

Functions like !GetAtt on AccountA.AccountId or !Ref AccountA will resolve to the physical account id that is currently targeted.

Proposal B: explictly adding regions from different partitions

  OrganizationBinding:
    Account: !Ref AccountA
    Region: 
      - us-east-1
      - us-gov-east-1

This binding will resolve to 2 targets. The AccountId for the us-gov-east-1 target will be the phsycial account Id on the gov side of the mirrored organization. If the account is not mirrored this will result in an error

Functions like !GetAtt on AccountA.AccountId or !Ref AccountA will resolve to the physical account id that is currently targeted.

---

Proposal A is what we discussed before on call. thinking about this twice i tend to think option B makes the partition more explicit. a partition is a group of new regions, not a capability of existing regions.