I've always used aws ec2 describe-regions and was never aware of the aws account list-regions command as shared by Paweł Grzybek in his post. The account command has a few other operations including enabling or disabling a region and changing contact details linked to the AWS account.

When requesting actions on AWS accounts or resources, AWS needs to verify if the principal (user, role, application, etc.) making the request is allowed to carry out the action. For single accounts with simple workloads, this can be done easily by setting an identity-based policy on the user. However, as needs grow and additional accounts are added, other factors come into play, such as resource-based policies, cross-account roles, service control policies, and more.

Whenever I encounter potential access-related problems, I refer to this flow chart for troubleshooting. Given the number of times I end up searching for this, I believe it might be helpful to share it.