ec2:DescribeRegions used even when region is specified

[Hermain]

My company denies ec2:DescribeRegions probably in an effort to prevent us from using any other region than the default one.

Now when I run aws-nuke (v3.27.0) with a config like this:

regions:
  - eu-cental-1
blocklist:
  - "999999999999"  
accounts:
  "1111...": {}  
__global__:
  - property: tag:Purpose
    type: "regex"
    value: "^(?!.*(terratest))"
resource-types:
  includes:
    - S3Bucket

I get the following error:
FATA[0001] failed to get regions: UnauthorizedOperation: You are not authorized to perform this operation. User: ----- is not authorized to perform: ec2:DescribeRegions with an explicit deny in a service control policy

Why is describe regions even executed and why ec2 when I only include buckets?
Is there any way around this?

[Hermain]

I found the --default-region flag now it works:
aws-nuke run --default-region eu-central-1

[ekristen]

It's part of the bootstrap and discovery of the account prior to doing the initial run. I've never heard of blocking that call before, that's strange, it won't prevent you from using another region on it's own.

It is part of an automatic region discovery feature.