validate region for dashboard url

lib/auth/integration/integrationv1/awsoidc.go

@@ -495,7 +495,7 @@ func (s *AWSOIDCService) DeployDatabaseService(ctx context.Context, req *integra
 	}, nil
 }
 
-// ListDeployedDatabaseServices deploys Database Services into Amazon ECS.
+// ListDeployedDatabaseServices lists Database Services deployed into Amazon ECS.
 func (s *AWSOIDCService) ListDeployedDatabaseServices(ctx context.Context, req *integrationpb.ListDeployedDatabaseServicesRequest) (*integrationpb.ListDeployedDatabaseServicesResponse, error) {
 	authCtx, err := s.authorizer.Authorize(ctx)
 	if err != nil {

lib/integrations/awsoidc/deployservice.go

@@ -34,6 +34,7 @@ import (
 
 	"github.com/gravitational/teleport"
 	"github.com/gravitational/teleport/api/types"
+	apiaws "github.com/gravitational/teleport/api/utils/aws"
 	"github.com/gravitational/teleport/api/utils/retryutils"
 	"github.com/gravitational/teleport/lib/integrations/awsoidc/tags"
 	"github.com/gravitational/teleport/lib/utils/teleportassets"
@@ -449,11 +450,17 @@ func DeployService(ctx context.Context, clt DeployServiceClient, req DeployServi
 		ClusterARN:          aws.ToString(cluster.ClusterArn),
 		ServiceARN:          aws.ToString(service.ServiceArn),
 		TaskDefinitionARN:   taskDefinitionARN,
-		ServiceDashboardURL: serviceDashboardURL(req.Region, aws.ToString(req.ClusterName), aws.ToString(req.ServiceName)),
+		ServiceDashboardURL: serviceDashboardURL(req.Region, aws.ToString(req.ClusterName), aws.ToString(service.ServiceName)),
 	}, nil
 }
 
+// serviceDashboardURL builds the ECS Service dashboard URL using the AWS Region, the ECS Cluster and Service Names.
+// It returns an empty string if region is not valid.
 func serviceDashboardURL(region, clusterName, serviceName string) string {
+	if err := apiaws.IsValidRegion(region); err != nil {
+		return ""
+	}
+
 	return fmt.Sprintf("https://%s.console.aws.amazon.com/ecs/v2/clusters/%s/services/%s", region, clusterName, serviceName)
 }