Adding Additional Regions for an Account

When extending the Acante deployment to additional regions in an account, follow a similar deployment process for each region with a different terraform workspace for each region.

Start in the same folder where the terraform code for the primary region resides. You only need a new input file(s) for each of the seocndary region(s):

1. Make a copy of the .tfvars input file (used for the primary region) and rename it for the new region to be deployed e.g. dev-us-west-2.tfvars
2. Update the region-specifc input variables in the .tfvars file as follows:

• primary-region = "" \\ no change, keep the primary region
• Set region = " " \\ region in which you are deploying e.g us-west-2
• Set enable-macie = true \\ required region-specific setting
• Set trusting-account-discovery-allow-iam-identitycenter = false \\ set as "false" since this is an acount-specific setting and already enabled in the deployment in the primary region
• Set enable-cloudtrail-logs-processing = false \\ set as "false" since this is an account-specific setting and already enabled in the deployment in the primary region
• Set enable-cloudwatch-logs-processing = false \\ required region-specific setting. Set as true or false based on desired setting
• metadata-bucket-name \\ do not change this value

Follow the instructions in the README (as before) and run Steps 3-6 to deploy Acante in this new region. Note: you must create a new workspace for this region as in Step 3.
Repeat the process for each region in the account.