Feature Request
Description
Add support for scanning multiple AWS regions in parallel, with aggregated findings in the HTML reports.
Problem
Currently, the assessment only scans the single AWS region where it is deployed. AI/ML resources (SageMaker notebooks, Bedrock guardrails, AgentCore runtimes) may exist in multiple regions, leaving blind spots in the security posture.
Proposed Solution
- Add a
TargetRegions CloudFormation parameter (empty = deployment region only, comma-separated list, or all)
- Use a Step Functions Map state to fan out assessments per region in parallel
- Each assessment Lambda accepts a region from the event and creates boto3 clients with explicit
region_name
- Gracefully handle services not available in a region (return N/A finding)
- Add Region column, filter dropdown, and "Risk by Region" section to HTML reports
- Works with both single-account and multi-account deployment modes
Benefits
- Full visibility across all regions where AI/ML workloads are deployed
- No additional time cost — regions are scanned in parallel
- Backward compatible — leaving the parameter empty preserves current single-region behavior
Feature Request
Description
Add support for scanning multiple AWS regions in parallel, with aggregated findings in the HTML reports.
Problem
Currently, the assessment only scans the single AWS region where it is deployed. AI/ML resources (SageMaker notebooks, Bedrock guardrails, AgentCore runtimes) may exist in multiple regions, leaving blind spots in the security posture.
Proposed Solution
TargetRegionsCloudFormation parameter (empty = deployment region only, comma-separated list, orall)region_nameBenefits