Adding Additional Accounts

When extending the Acante deployment to an additional 1-4 accounts, the simplest approach is to follow the similar deployment process (as the Product Deployment Guide - Deploy Acante Components). When deploying in a large number (> 5) of accounts, we recommend using the alternate approach using Organizational accounts.

Before deploying in additional accounts, upgrade the deployment in the first account to the same version as described here. Next, follow this sequence to deploy in each account:

1. Download the latest Terraform module from the Configurations page of the UI
2. Unpack the files to a new folder for the workspace for this account
3. Update dev.s3.tfbackend file with the bucket to use for the S3 backend. Usually this is a different bucket per account so Terraform has access to the bucket in that account.
4. Update the dev.tfvars with the input variables. Some changes that need to be made:
   1. Set enable-macie = true
   2. Set trusting-account-discovery-allow-iam-identitycenter = true
   3. Set enable-cloudtrail-logs-processing = false (access to the Organizational trail has already been provided in the deployment in the first account)
   4. Set enable-cloudwatch-logs-processing = false
   5. Modify the metadata-bucket-name to a unique name (relative to the buckets created in the previously deployed account(s)). The simplest way is to concatenate the default bucket name provided with _<account-alias> for the current account
5. Follow the instructions in the README (as before) and run Steps 1-6 to deploy Acante in this new account

Repeat the process for each account.