Disables Palo Altos

Set the numbers of Panorama and Palo Alto devices to 0 and makes a note
of it in the READMEs.

Also updates other modules to current.

Improvements to update_all script to handle common services.

bin/update_all_from_skeleton

@@ -86,11 +86,36 @@ for i in `seq -f "../../../000-skeleton/%g*" 0 9`; do
     update_from_skeleton $*
     popd > /dev/null
   else
+    if [[ $MODULE =~ \* ]]; then
+      continue
+    fi
+
     # Special case: 020-attach-transit-gateway-to-standard-vpc
     if [[ $MODULE == "020-attach-transit-gateway-to-standard-vpc" && $SHORT_PWD =~ -c2$ ]]; then
       echo Skipping $MODULE for C2 Accounts
-    else
+      continue
+    fi
+
+    # Special case: 005-iam in common 
+    if [[ $SHORT_PWD =~ common-services && \
+          ( $MODULE == "005-iam" || \
+            $MODULE == "010-standard-vpc" || \
+            $MODULE == "020-attach-transit-gateway-to-standard-vpc" || \
+            $MODULE == "025-test-instance" \
+          ) \
+       ]]; then
+      # No standard vpc in common services. It doesn't break things, just doesn't seem appropriate at this time.
+      echo Skipping $MODULE for Common Services Accounts
+      continue
+    fi
+
+    read -p "$MODULE doesn't presently exist. Create it? [y/N]? " -n 1 -r
+    echo ""
+    if [[ $REPLY =~ ^[Yy]$ ]]
+    then
       [[ -d ../../../000-skeleton/$MODULE ]] && ${TESTING} cp -rv ../../../000-skeleton/$MODULE .
+    else
+      echo Skipping...
     fi
   fi
 done

common/aws-us-gov/afs-mdr-common-services-gov/006-account-standards/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,10 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  #name = "vpc_primary_${local.account_vars.locals.account_name}"
-  #cidr = local.account_vars.locals.standard_vpc_cidr
-  #tags = {
-  #  Purpose = "Malware Detonation"
-  #  Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
-  #}
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

common/aws-us-gov/afs-mdr-common-services-gov/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/010-shared-ami-key/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v0.4.0"
 }
 
 include {

common/aws-us-gov/afs-mdr-common-services-gov/015-security-vpc/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/security_vpc?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/security_vpc?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/016-panorama/README.md

@@ -1,5 +1,13 @@
 # 016-panorama
 
+## NOTE: DISABLED
+
+These are presently disabled by setting the number of instances to 0. This will allow us to spin up PAs when we want to.
+
+IMPORTANT: These instances consume a license, and may do so automatically. Before destroying, make sure you return the license through the Palo Alto support portal.
+
+## Description
+
 Creates an HA pair of panarama nodes to manage the palo altos.
 
 Note: Post install configuration is required.

common/aws-us-gov/afs-mdr-common-services-gov/016-panorama/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/panorama?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/panorama?ref=v0.4.0"
 }
 
 dependency "security_vpc" {

common/aws-us-gov/afs-mdr-common-services-gov/017-palo-alto-bootstrap/README.md

@@ -1 +1,7 @@
 # Creates the palo alto bootstrap S3 bucket
+
+## NOTE: DISABLED
+
+These are presently disabled by setting the number of instances to 0. This will allow us to spin up PAs when we want to.
+
+IMPORTANT: These instances consume a license, and may do so automatically. Before destroying, make sure you return the license through the Palo Alto support portal.

common/aws-us-gov/afs-mdr-common-services-gov/017-palo-alto-bootstrap/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/bootstrap?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/bootstrap?ref=v0.4.0"
 }
 
 dependency "security_vpc" {

common/aws-us-gov/afs-mdr-common-services-gov/018-palo-alto-firewalls/README.md

@@ -1,5 +1,13 @@
 # Palo Alto Firewalls
 
+## NOTE: DISABLED
+
+These are presently disabled by setting the number of instances to 0. This will allow us to spin up PAs when we want to.
+
+IMPORTANT: These instances consume a license, and may do so automatically. Before destroying, make sure you return the license through the Palo Alto support portal.
+
+## Description
+
 Creates PA firewall nodes spread across the AZs and Subnets in the security VPC. Requires that panorama nodes are already created and running and that S3 buckets for bootstrapping have been created.
 
 *NOTE*

common/aws-us-gov/afs-mdr-common-services-gov/018-palo-alto-firewalls/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/firewall_nodes?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/firewall_nodes?ref=v0.4.0"
 }
 
 dependency "security_vpc" {

common/aws-us-gov/afs-mdr-common-services-gov/account.hcl

@@ -23,11 +23,11 @@ locals {
     "000702891433",
     "000702138816"
   ]
-  panorama_count = 2 # We need a second serial number for 2
+  panorama_count = 0 # We need a second serial number for 2
   panorama_instance_type = "m5.2xlarge"
   #panorama_instance_type = "t3.xlarge"
   panorama_key_name = "fdamstra" # DO NOT CHANGE
-  palo_alto_count = 2 # should be divisible by 2
+  palo_alto_count = 0 # should be divisible by 2
   palo_alto_instance_type = "m5.xlarge"
   palo_alto_key_name = "fdamstra" # DO NOT CHANGE