Adds account filter to IC plugin settings

Author: tcsc

api/proto/teleport/legacy/types/types.proto

@@ -6853,6 +6853,28 @@ message PluginAWSICSettings {
   //
   // NOTE: System users are always filtered out by default and will not be provisioned to AWS IC.
   repeated AWSICUserSyncFilter user_sync_filters = 8 [(gogoproto.jsontag) = "user_sync_filters,omitempty"];
+
+  // AwsAccounts is an optional allow-list of AWS accounts to import and manage.
+  // An empty list implies that all accounts managed by the Identity Center
+  // instance will be imported and managed.
+  repeated AWSICAccountFilter aws_accounts = 9;
+}
+
+// AWSICAccountFilter is an entry in the AWS IC plugin settings' allow-list of
+// accounts to import. The filter can specify inclusion either by account ID or
+// regex on the account name.
+message AWSICAccountFilter {
+  option (gogoproto.equal) = true;
+
+  // Filter describes the AWS Account filter to apply
+  oneof filter {
+    // Id indicates that the account should be filtered by ID
+    string id = 1;
+
+    // Name indicates that the account should be included if it matches the
+    // supplied regex.
+    string name = 2;
+  }
 }
 
 // UserSyncFilter is a map of key-value pairs used to filter users based on their metadata labels.