Macie baseline

[willfarrell]

Closes: #208

[nozaq]

Thank you for the proposal, enabling Macie is definitely a good move 🎉

macie_baselines.tf_ tries to enable Macie in each region while in main.tf there is a module declaration only for the main region, so we should pick one.
Given that Macie is a regional service as described in the official FAQ, I guess macie_baselines.tf_ way is preferable?

[willfarrell]

Oops, good catch. macie_baselines.tf_ needs to be deleted. It's a regional service, but is managed globally, just like S3. I'll clean up, give me a few.

[nozaq]

@willfarrell Thank you for the quick update!
I tested with my account, and it seems Macie only gathers information from S3 buckets which reside in the correspondent region. So I guess we need to enable Macie region by region to monitor all S3 buckets as described in CIS benchmark v1.4.0 2.1.4. Feel free to let me know if I'm missing something, thanks!

[willfarrell]

I'll do some more testing, I'm still pretty new to Macie myself. I'm setup with a management account with multiple sub-accounts. When I was building it and trying to enable per region it was throwing error, I'll do some more digging into the docs.