diff --git a/.forgejo/workflows/deploy-cfn.yml b/.forgejo/workflows/deploy-cfn.yml
index d5cad8e..8960f5f 100644
--- a/.forgejo/workflows/deploy-cfn.yml
+++ b/.forgejo/workflows/deploy-cfn.yml
@@ -12,7 +12,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
-      AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+      AWS_DEFAULT_REGION: us-east-1
       LOWER: ${{ secrets.LOWER }}
 
     steps:
@@ -61,47 +61,42 @@ jobs:
           echo "Unable to install aws CLI on this runner."
           exit 1
 
-          - name: Parse LOWER bundled secret
-          run: |
-            set -e
-            if [ -z "$LOWER" ]; then
-                echo "LOWER secret is empty or not set; using individual secrets if present."
-                exit 0
-            fi
+      - name: Parse LOWER bundled secret
+        run: |
+          set -e
+          if [ -z "$LOWER" ]; then
+            echo "LOWER secret is empty or not set; using individual secrets if present."
+            exit 0
+          fi
 
-              # Expected LOWER format is multiline KEY=VALUE entries.
-              # Example:
-              # AWS_ACCESS_KEY_ID=...
-              # AWS_SECRET_ACCESS_KEY=...
-              # AWS_SESSION_TOKEN=...   (optional)
-              # AWS_DEFAULT_REGION=us-east-1
-              while IFS= read -r line; do
-                l="$(echo "$line" | sed 's/^ *//;s/ *$//')"
-                [ -z "$l" ] && continue
-                [ "${l#\#}" != "$l" ] && continue
-                case "$l" in
-                  *=*) ;;
-                  *) continue ;;
-                esac
+          # Expected LOWER format is multiline KEY=VALUE entries.
+          while IFS= read -r line; do
+            l="$(echo "$line" | sed 's/^ *//;s/ *$//')"
+            [ -z "$l" ] && continue
+            [ "${l#\#}" != "$l" ] && continue
+            case "$l" in
+              *=*) ;;
+              *) continue ;;
+            esac
 
-                key="${l%%=*}"
-                value="${l#*=}"
-                key="$(echo "$key" | sed 's/^ *//;s/ *$//')"
-                value="$(echo "$value" | sed 's/^ *//;s/ *$//')"
+            key="${l%%=*}"
+            value="${l#*=}"
+            key="$(echo "$key" | sed 's/^ *//;s/ *$//')"
+            value="$(echo "$value" | sed 's/^ *//;s/ *$//')"
 
-                case "$key" in
-                  AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AWS_SESSION_TOKEN|AWS_DEFAULT_REGION|AWS_REGION)
-                    if [ -n "$value" ]; then
-                      echo "$key=$value" >> "$GITHUB_ENV"
-                      if [ "$key" = "AWS_REGION" ]; then
-                        echo "AWS_DEFAULT_REGION=$value" >> "$GITHUB_ENV"
-                      fi
-                    fi
-                    ;;
-                esac
-              done <<EOF
-              $LOWER
-              EOF
+            case "$key" in
+              AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY|AWS_SESSION_TOKEN|AWS_DEFAULT_REGION|AWS_REGION)
+                if [ -n "$value" ]; then
+                  echo "$key=$value" >> "$GITHUB_ENV"
+                  if [ "$key" = "AWS_REGION" ]; then
+                    echo "AWS_DEFAULT_REGION=$value" >> "$GITHUB_ENV"
+                  fi
+                fi
+                ;;
+            esac
+          done <<EOF
+          $LOWER
+          EOF
 
       - name: Check required AWS secrets
         run: |