Migrated most variables out of xdr-terraform-live and into xdr-terraform-modules

The variables in xdr-terraform-live are unlikely to change through the
lifetime of the configuration. These include things like 'account_name',
which--while it can be changed--could possibly have unexpected
ramifications if modified.

This affects variables in:
* `globals.tf`
* `env.tf`
* `partition.tf`
* `region.tf`
* `account.tf`

There are still some values configured directly in individual modules
`terragrunt.hcl` files. These are not addressed at this time, but I
encourage future engineers to consider putting these in the modules
themselves, as well.

There are a handful of additional bugfixes/improvements that arose
during testing, as well as bumping _all_ modules to the latest version.

Requires modules version >= 5.0.0

000-skeleton/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.0.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.00.00"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/150-splunk-cluster-master/terragrunt.hcl

@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

000-skeleton/160-splunk-indexer-cluster/terragrunt.hcl

@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix          = local.account_vars.locals.splunk_prefix
-  instance_type   = local.account_vars.locals.instance_types["splunk-indexer"]
   vpc_id          = dependency.vpc.outputs.vpc_id
   vpc_cidr        = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs             = dependency.vpc.outputs.azs

000-skeleton/170-splunk-searchhead/terragrunt.hcl

@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

000-skeleton/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

000-skeleton/account.hcl

@@ -7,18 +7,7 @@ locals {
   aws_account_id                  = "TODO"
   instance_termination_protection = TODO # set to true for production!
   splunk_prefix                   = "TODO"
-  splunk_private_hec              = TODO # True if the customer needs a private HTTP Event Collector such as for ALSI
 
-  splunk_data_sources = [
-    "x.x.x.x/32", # TODO: Add customer's public IP addresses
-  ]
-  splunk_legacy_cidr = []        # Should not be needed for new customers
-  splunk_asg_sizes   = [1, 1, 1] # How many indexers in each site
-
-
-  account_tags = {
-    "Client" : local.splunk_prefix,
-  }
   c2_account_standards_path = "../../mdr-TODO-c2/005-account-standards-c2" # TODO: Subsitute with test or prod
 
   # For CIDR assignment, see https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
@@ -30,76 +19,4 @@ locals {
       "tgw_attached" = true
     }
   }
-
-  # Qualys Connector - See https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/Qualys
-  qualys_connector_externalid = "LATER" # Needs to come from the qualys console
-
-  # End of TODO
-
-  # Splunk instance sizes can be customized
-  # TODO: Set these appropriately in the skeleton for prod
-  instance_types = {
-    "alsi-master"    = "t3a.small",
-    "alsi-worker"    = "t3a.small",
-    "splunk-cm"      = "t3a.small",  # legacy: t2.small
-    "splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
-    "splunk-hf"      = "t3a.small",  # legacy: t2.medium
-    "splunk-sh"      = "t3a.small",  # legacy: ? not sure
-  }
-
-  # Splunk Volume Sizes are probably fine at defaults
-  splunk_volume_sizes = {
-    "cluster_master" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 10,             # minimum: 10
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-    "indexer" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 10,             # minimum: 10
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-    "searchhead" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 10,             # minimum: 10
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-    "heavy_forwarder" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 10,             # minimum: 10
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-  }
-
-  # ALSI - Aggregated Log Source Ingestion
-  #
-  # If cribl is being used for log ingestion, remember to turn on splunk_private_hec, too.
-  alsi_workers     = 0     # how many cribl workers
-  alsi_splunk_nlb  = false # splunk://moose-alsi-splunk.xdr{,test}.accenturefederalcyber.com:9997 and 9998
-  alsi_elastic_alb = false # https://moose-alsi-elastic.xdr{,test}.accenturefederalcyber.com -> 9200
-  alsi_hec_alb     = false # https://moose-alsi-hec.xdr{,test}.accenturefederalcyber.com -> 8080
 }

bin/terragrunt-apply-all

@@ -122,7 +122,7 @@ for i in `seq -f "%g*" 0 9 | sort -n`; do
   MODULE=$( basename $i )
   if [[ -d $MODULE ]]; then
     echo "====================================================================================="
-    echo "Processing module $MODULE... PWD = `pwd`"
+    echo "Processing module $MODULE ... PWD = `pwd`"
     echo "====================================================================================="
     if [[ $SKIPQUALYS == 1 && $MODULE =~ qualys ]]; then
       echo "Skipping due to skipqualys flag"

common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam-okta?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam-okta?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/005-standard-iam/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_iam?ref=v4.3.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

common/aws-us-gov/afs-mdr-common-services-gov/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/010-shared-ami-key/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v4.0.11"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v5.0.0"
 }
 
 include {

common/aws-us-gov/afs-mdr-common-services-gov/050-lcp-ami-sharing/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/075-codebuild-ecr-base/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_base?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_base?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/080-codebuild-ecr-sample/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/081-codebuild-rpm-collectd/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/085-codebuild-ecr-customer-portal/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_customer_portal?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_customer_portal?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/090-codebuild-rpm-tmux/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/095-codebuild-rpm-aws-efs-utils/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/100-codebuild-rpm-syslog-ng/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/105-codebuild-ecr-mcas-container/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/110-xdr-binaries-write-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v4.2.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/300-s3-xdr-trumpet/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws-us-gov/afs-mdr-common-services-gov/350-codebuild-ecr-content-generator-build-image/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/351-codebuild-splunk-uf-configs/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v5.0.0"
 }
 
 dependency "codebuild-ecr-base" {

common/aws-us-gov/afs-mdr-common-services-gov/355-codebuild-xdr-base-image/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_project_no_artifact?ref=v4.3.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_project_no_artifact?ref=v5.0.0"
 }
 
 # Service Role

common/aws-us-gov/afs-mdr-common-services-gov/360-codebuild-vpc/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standalone_vpc?ref=v4.2.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standalone_vpc?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/365-codebuild-oci-lcp-magic-machine/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_lcp_magic_machine?ref=v4.3.9"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_lcp_magic_machine?ref=v5.0.0"
 }
 
 # KMS Key

common/aws-us-gov/afs-mdr-common-services-gov/370-codebuild-vmware-lcp-magic-machine/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_lcp_magic_machine?ref=v4.3.9"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_lcp_magic_machine?ref=v5.0.0"
 }
 
 # KMS Key

common/aws-us-gov/afs-mdr-common-services-gov/account.hcl

@@ -8,9 +8,6 @@ locals {
   splunk_prefix                   = "moose"
   okta_app                        = "AWS - GovCloud"
 
-  account_tags = {
-    "Client" : local.splunk_prefix
-  }
   c2_account_standards_path = "../../../../prod/aws-us-gov/mdr-prod-c2/005-account-standards-c2"
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
@@ -26,37 +23,4 @@ locals {
       "cidr" = "10.1.132.0/22"
     }
   }
-
-  # Panorama / Palo Alto information
-  panorama_serial_numbers = [
-    "000702891433",
-    "000702138816"
-  ]
-  panorama_count         = 0 # We need a second serial number for 2
-  panorama_instance_type = "m5.2xlarge"
-  #panorama_instance_type = "t3.xlarge"
-  panorama_key_name       = "fdamstra" # DO NOT CHANGE
-  palo_alto_count         = 0          # should be divisible by 2
-  palo_alto_instance_type = "m5.xlarge"
-  palo_alto_key_name      = "fdamstra" # DO NOT CHANGE
-
-  # To generate auth keys, log in to the panorama cli and run:
-  #   request bootstrap vm-auth-key generate lifetime 720
-  # where 720 is the validity period in hours (720 is 30 days)
-  # (Should only need to be valid when you stand up the firewall)
-  palo_alto_auth_keys = [
-    "866071457115248", #Expires at: 2020/07/31 15:01:33
-    "165273115818468", #Expires at: 2020/07/31 15:01:34
-  ]
-  palo_alto_license_keys = [ # one per count
-    "32836999",
-    "65202677"
-  ]
-  palo_alto_feature_auth_keys = [ # one per count, not yet implemented
-    "28341453",
-    "62158825"
-  ]
-
-  # Qualys Connector
-  qualys_connector_externalid = "1604790479997"
 }

common/aws-us-gov/afs-mdr-common-services-gov/us-gov-west-1/300-s3-xdr-trumpet/terragrunt.hcl

@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws-us-gov/afs-mdr-common-services-gov/us-gov-west-1/region.hcl

@@ -6,5 +6,4 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-gov-west-1"
-  region_tags = {}
 }

common/aws-us-gov/partition.hcl

@@ -8,70 +8,4 @@ locals {
   common_services_account = "701290387780"
   common_profile          = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
   tfstate_region          = "us-gov-east-1"
-  binaries_key            = "key/a3ed054e-73be-45b4-acf8-6d06cb18cff9"
-
-  # Statically setting the 'last known good' ami gives us some added flexibility
-  # in building amis more regularly.
-  #
-  # Don't forget `lifecycle { ignore_changes = ["ami"] }` in yoru ec2
-  # builds!
-  amis = {
-    "rhel7-base"        = "ami-0b08c1f5f1c84d2e9"
-    "rhel7-master"      = "ami-0ceacf267454aba51"
-    "rhel7-minion"      = "ami-08505f005a686f476"
-    "ubuntu1804-base"   = "ami-0a84bd4b796860be8"
-    "ubuntu1804-minion" = "TBD"
-  }
-  default_ami = local.amis["rhel7-minion"] # Allows us to easily change to a new base standard
-
-  # If you need the raw list of all accounts, see `account_list` below
-  account_map = {
-    "prod" = [
-      "299932671007", # mdr-prod-afs
-      "081915784976", # mdr-prod-bas
-      "721817724804", # mdr-prod-c2
-      "300401536936", # mdr-prod-ca-c19
-      "520742937262", # mdr-prod-dc-c19
-      "137793331041", # mdr-prod-doed
-      "237704155425", # mdr-prod-frtib
-      "520722177857", # mdr-prod-la-c19
-      "738736370544", # mdr-prod-modelclient
-      "876865127438", # mdr-prod-malware
-      "417441737377", # mdr-prod-nga
-      "455637268483", # mdr-prof-root-ca
-      "417443073855", # mdr-prod-tiaas
-      "455571784901", # mdr-prod-dgi
-    ],
-    "test" = [
-      "738800754746", # mdr-test-c2
-      "876942499057", # mdr-test-malware
-      "701341250728", # mdr-test-modelclient
-    ],
-    "common" = [
-      "701290387780", # mdr-common-services
-    ],
-  }
-  # flatten the map into a single list
-  account_list = flatten([
-    for env, accounts in local.account_map : accounts
-  ])
-  # This is similar to the account_map, but used for "what accounts am I responsible for"?
-  responsible_accounts = {
-    "prod"   = concat(local.account_map["prod"], local.account_map["common"]),
-    "test"   = local.account_map["test"],
-    "common" = concat(local.account_map["prod"], local.account_map["common"], local.account_map["test"]),
-  }
-
-  partition_tags = {
-    aws_partition = local.aws_partition
-  }
-
-  customer_accounts = [
-    "738577959608", # AFS/CMPS AIP VA (No Ticket, email from Dalling in 10/2020)
-    "902039776828", # AFS/CMPS FRTIB (MSOCI-1549)
-    "314025119334", # AFS/CMPS BAS-Commerce (MSOCI-1554)
-    "454144835690", # DGI (MSOCI-1769)
-    "172805180504", # DGI (MSOCI-1769)
-    "296374800867", # FRTIB/CMPS (No Ticket, email from Nguyen, Brian A.)
-  ]
 }

common/aws-us-gov/region.hcl

@@ -6,5 +6,5 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-gov-east-1"
-  region_tags = {}
+  ses_region  = "us-gov-west-1"
 }

common/aws/legacy-mdr-root/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/legacy-mdr-root/006-account-standards-regional/us-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/legacy-mdr-root/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

common/aws/legacy-mdr-root/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/legacy-mdr-root/account.hcl

@@ -6,8 +6,5 @@ locals {
   aws_account_id = "350838957895"
   splunk_prefix  = "moose"
 
-  account_tags = {
-    "Client" : local.splunk_prefix
-  }
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
 }

common/aws/mdr-common-services/004-iam-okta/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam-okta?ref=v4.1.5"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam-okta?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/006-account-standards-regional/us-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

common/aws/mdr-common-services/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/010-public-dns/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/public_dns?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/public_dns?ref=v5.0.0"
 }
 
 include {

common/aws/mdr-common-services/010-shared-ami-key/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v5.0.0"
 }
 
 include {

common/aws/mdr-common-services/011-defpoint_com-legacy-dns/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/legacy_defpoint_com?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/dns/legacy_defpoint_com?ref=v5.0.0"
 }
 
 include {

common/aws/mdr-common-services/019-qualys-service-account/terragrunt.hcl

@@ -13,8 +13,8 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  #source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_iam_baseaccount?ref=v3.5.16"
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/terminated?ref=v4.1.6"
+  #source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_iam_baseaccount?ref=v5.0.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/terminated?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/050-lcp-ami-sharing/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/lcp_ami_key?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/110-xdr-binaries-write-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v4.0.10"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/300-s3-xdr-trumpet/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws/mdr-common-services/account.hcl

@@ -8,9 +8,6 @@ locals {
   splunk_prefix                   = "moose"
   okta_app                        = "AWS - Commercial"
 
-  account_tags = {
-    "Client" : local.splunk_prefix
-  }
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
@@ -21,29 +18,4 @@ locals {
       "cidr"    = "10.1.0.0/22",
     }
   }
-
-  #####################################
-  # DNS Zones
-  hosted_public_dns_zones = [
-    "accenturefederalcyber.com",
-    "accenturefederalcyber.net",
-    "xdr.accenturefederalcyber.com",
-    "xdrtest.accenturefederalcyber.com",
-    "xdrtest.accenturefederalcyber.net", # testing dnssec
-  ]
-  # Delegated zones are created in different accounts
-  delegated_public_dns_zones = {
-    "ai.accenturefederalcyber.com" = [
-      "ns-348.awsdns-43.com",
-      "ns-1733.awsdns-24.co.uk",
-      "ns-1330.awsdns-38.org",
-      "ns-610.awsdns-12.net",
-    ],
-    "caasp.accenturefederalcyber.com" = [
-      "ns-537.awsdns-03.net",
-      "ns-1532.awsdns-63.org",
-      "ns-1933.awsdns-49.co.uk",
-      "ns-417.awsdns-52.com",
-    ],
-  }
 }

common/aws/mdr-common-services/us-east-2/300-s3-xdr-trumpet/terragrunt.hcl

@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws/mdr-common-services/us-east-2/region.hcl

@@ -6,5 +6,4 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-east-2"
-  region_tags = {}
 }

common/aws/mdr-common-services/us-west-1/300-s3-xdr-trumpet/terragrunt.hcl

@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws/mdr-common-services/us-west-1/region.hcl

@@ -6,5 +6,4 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-west-1"
-  region_tags = {}
 }

common/aws/mdr-common-services/us-west-2/300-s3-xdr-trumpet/terragrunt.hcl

@@ -30,11 +30,11 @@ include {
 inputs = {
   name           = "xdr-trumpet-${local.region_vars.locals.aws_region}"
   encryption     = "SSE-S3"
-  extra_accounts = local.partition_vars.locals.customer_accounts
+  customer_access = true
   tags = {
     Purpose   = "Storage of Trumpet Scripts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }
 terraform_version_constraint  = "= 1.1.6"
-terragrunt_version_constraint = "= 0.36.2"
+terragrunt_version_constraint = "= 0.36.2"

common/aws/mdr-common-services/us-west-2/region.hcl

@@ -6,5 +6,4 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-west-2"
-  region_tags = {}
 }

common/aws/mdr-cyber-range/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/006-account-standards-regional/us-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

common/aws/mdr-cyber-range/007-aws-scheduler/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_scheduler?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_scheduler?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/010-shared-ami-key/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v4.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v5.0.0"
 }
 
 dependency "account_standards" {

common/aws/mdr-cyber-range/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/255-phantom-archive-s3/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/phantom_s3_bucket?ref=v4.4.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/phantom_s3_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/account.hcl

@@ -1,19 +1,11 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  # TODO put the right values here
   account_name                    = "afs-mdr-prod-cyber-range"
   account_alias                   = "afs-mdr-prod-cyber-range"
   aws_account_id                  = "952430311316"
   instance_termination_protection = true
   splunk_prefix                   = "caasp"
 
-  account_tags              = {}
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
-
-  iam_additional_trusted_arns = ["arn:aws:iam::471284459109:role/user/mdr_developer_readonly"]
-
-  extra_ebs_key_admins    = []
-  extra_ebs_key_users     = []
-  extra_ebs_key_attachers = []
 }

common/aws/mdr-dev-ai/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-dev-ai/account.hcl

@@ -5,8 +5,5 @@ locals {
   account_alias  = "afs-mdr-dev-ai"
   aws_account_id = "228011623757"
 
-  account_tags              = {}
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
-
-  iam_additional_trusted_arns = ["arn:aws:iam::471284459109:role/user/mdr_developer_readonly"]
 }

common/aws/partition.hcl

@@ -8,99 +8,4 @@ locals {
   common_services_account = "471284459109"
   common_profile          = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
   tfstate_region          = "us-east-1"
-  binaries_key            = "key/b51760b2-d6e1-438a-afd4-1e56f5ac82ef"
-
-  # Statically setting the 'last known good' ami gives us some added flexibility
-  # in building amis more regularly.
-  #
-  # Don't forget `lifecycle { ignore_changes = ["ami"] }` in yoru ec2
-  # builds!
-  amis = {
-    "rhel7-base"        = "ami-0de46d7d1a164b307"
-    "rhel7-master"      = "ami-0114330666839f2b9"
-    "rhel7-minion"      = "ami-0425efbff72b3c702"
-    "ubuntu1804-base"   = "TBD"
-    "ubuntu1804-minion" = "TBD"
-  }
-  default_ami = local.amis["rhel7-minion"] # Allows us to easily change to a new base standard
-
-  # If you need the raw list of all accounts, see `account_list` below
-  account_map = {
-    "prod" = [
-      "477548533976", # Legacy MDR Prod
-      "045312110490", # mdr-prod-c2
-      "425831147305", # mdr-prod-modelclient
-      "369723129071", # mdr-prod-malware
-      # These two apparently don't have the account-standards / skeleton
-      # set up for them (yet?)  For now I'm leaving them commented out
-      #      "821415252513", # mdr-prod-nihors
-      #      "153282776295", # mdr-prod-bas
-      "815967312032", # mdr-prod-doed
-      "752106061897", # mdr-prod-frtib
-      "054411035179", # mdr-prod-ca-c19
-    ],
-    "test" = [
-      "527700175026", # Legacy MDR Test
-      "816914342178", # mdr-test-c2
-      "449047653882", # mdr-test-modelclient
-      "404265901253", # mdr-test-malware
-    ],
-    "common" = [
-      "471284459109", # mdr-common-services
-      "350838957895", # MDR Service Root
-      #      "035764279020", # MDR Playground / "Duane Test"
-      "228011623757", # mdr-dev-ai
-      "952430311316", # mdr-cyber-range
-    ],
-  }
-  # flatten the map into a single list
-  account_list = flatten([
-    for env, accounts in local.account_map : accounts
-  ])
-  # This is similar to the account_map, but used for "what accounts am I responsible for"?
-  responsible_accounts = {
-    "prod"   = concat(local.account_map["prod"], local.account_map["common"]),
-    "test"   = local.account_map["test"],
-    "common" = concat(local.account_map["prod"], local.account_map["common"], local.account_map["test"]),
-  }
-
-  partition_tags = {
-    aws_partition = local.aws_partition
-  }
-
-  customer_accounts = [
-    "392153378647", # CA Dept of Health (MSOCI-1637)
-    "083790825559", #web-dev
-    "096166358174", #feedzai-dev
-    "475533160228", #datalake-dev
-    "588572764859", #ava-dev
-    "612341127123", #cami-dev
-    "663460946890", #generalservices-dev
-    "697684692929", #analytics-dev
-    "741253843590", #workloads-dev
-    "826947492278", #dsop-dev
-    "023060730861", #security-prod
-    "067595219623", #ava-prod
-    "119243463525", #dsop-prod
-    "241888897263", #cami-prod
-    "457319674785", #analytics-prod
-    "476093827706", #datalake-prod
-    "592479024479", #workloads-prod
-    "625579355395", #web-prod
-    "650564742306", #feedzai
-    "689680997102", #generalservices-prod
-    "892774870883",  # frtib-alight
-    "196740810102",  # FRTIB-Alight customer
-    "208374121982",  # FRTIB-Alight customer
-    "361451144797",  # FRTIB-Alight customer
-    "421358389265",  # FRTIB-Alight customer
-    "457704260925",  # FRTIB-Alight customer
-    "518442164384",  # FRTIB-Alight customer
-    "729220298640",  # FRTIB-Alight customer
-    "887194230768",  # FRTIB-Alight customer
-    "892774870883",  # FRTIB-Alight customer
-    "924667097788",  # FRTIB-Alight customer
-    "941092670900",  # FRTIB-Alight customer
-    "963174199075"  # FRTIB-Alight customer
-  ]
 }

common/aws/region.hcl

@@ -6,5 +6,4 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region  = "us-east-1"
-  region_tags = {}
 }

common/env.hcl

@@ -3,45 +3,8 @@
 locals {
   environment                  = "common"
   transit_gateway_account_name = "mdr-prod-c2" # Which account has the transit gateway
-
-  environment_tags = {
-    "Schedule"  = "none",
-    Environment = local.environment
-  }
-
-  proxy          = "proxy.pvt.xdr.accenturefederalcyber.com"
-  proxy_ip       = "10.40.2.107"
-  salt_master    = "salt-master.pvt.xdr.accenturefederalcyber.com"
-  salt_master_ip = "10.40.2.106"
-  hec            = "moose-hec.pvt.xdr.accenturefederalcyber.com"
-  hec_pub        = "moose-hec.xdr.accenturefederalcyber.com"
-  hec_pub_ack    = "moose-hec-ack.xdr.accenturefederalcyber.com"
-
-  # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2.
-  # Put any standalone IPs at the end.
-  cidr_map = {
-    "bastions"   = ["10.40.20.0/22"],                # vpc-access in mdr-prod-c2-gov
-    "vpns"       = ["10.40.20.0/22"],                # vpc-access in mdr-prod-c2-gov
-    "scanners"   = ["10.40.12.0/22"],                # vpc-qualys
-    "dns"        = ["10.40.0.0/22", "10.32.0.0/22"], # vpc-system-services in commercial nad gov
-    "monitoring" = ["10.40.0.0/22"],                 # legacy sensu, and vpc-system-services in gov
-    "salt"       = ["10.40.0.0/22"],                 # legacy salt-master, and vpc-system-services in gov
-    "web"        = ["10.40.0.0/22"],                 # legacy proxy/repo, and vpc-system-services in gov
-    "smtp"       = ["10.20.0.0/22"],                 # legacy relay, and vpc-system-services in gov
-    "moose"      = ["10.40.16.0/22"],                # legacy vpc, and vpc-system-services in gov
-  }
-
   legacy_account = "477548533976"
-  c2_accounts = {
-    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
-    "aws"        = "045312110490" # mdr-prod-c2
-  }
 
-  aws_flowlogs_hec_token = "4a2cacb2-fea1-4328-8f25-9bef26333e91"
-
-  # Common services doesn't have DNS Servers
-  #dns_servers = [
-  #]
   # Note: 'private' and 'reverse' do not presently work in common services
   dns_info = {
     "private" = {
@@ -62,18 +25,8 @@ locals {
     },
   }
 
-  # legacy DNS
-  dns_private = {
-    "id"   = "Z2JVOIKXZP64QP"
-    "name" = "msoc.defpoint.local"
-  }
-  dns_private2 = {
-    # There are many of these... future task to figure it out
-    "id"   = "Z2RGT77XQU1QBX"
-    "name" = "mdr.defpoint.com"
-  }
-  dns_public = {
-    "id"   = "Z2HYR9YEZ4KLDE"
-    "name" = "mdr.defpoint.com"
+  c2_accounts = {
+    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
+    "aws"        = "045312110490" # mdr-prod-c2
   }
 }

globals.hcl

@@ -4,221 +4,6 @@ locals {
   remote_state_bucket = "afsxdr-terraform-state" # Could be moved to environment/partition.
   binaries_bucket     = "afsxdr-binaries"        # Storage for binaries
 
-  global_tags = {
-    "Snapshot" = "Daily", # This will put it on some things where it doesn't belong, but seems useful overall
-    #"Last_Updated" = timestamp() # while this is cool, its usefulness does not warrant the constant updates.
-  }
-
-  trusted_ips = [       # IPs for 'permissive' ingress. Used for the bastion host and for testing. Think twice before employing.
-    "108.203.37.38/32", # Duane Waddle
-    "24.11.231.98/32",  # George Starcher
-    "99.151.37.185/32", # Wesley Leonard
-    "73.10.53.113/32",  # Rick Page Home
-    "74.211.32.26/32",  # Brad Poulton
-    "70.160.60.248/32", # Brandon Naughton
-    "67.167.143.30/32", # Fred Damstra
-    #"76.173.128.126/32",   # Jeremy Cooper
-    "97.117.83.215/32", # Colby Williams
-    # We currently have the VPN in a public subnet and we are using a internet gateway. If we want a static egress IP we need to use a private subnet for the VPN and a NAT gateway. 
-    # https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-static-ip-address/
-    "18.252.173.222/32", # Test AWS VPN Internet GW Dynamic IP
-    "18.252.186.82/32", # Prod AWS VPN Internet GW Dynamic IP
-  ]
-
-  portal_test_whitelist = [ # IPs for Portal Test and vmray
-    "12.245.107.250/32",    # DPS Office Legato
-    "12.204.167.162/32",    # DPS Office San Antonio
-    "54.86.98.62/32",       # DPS AWS User VPN
-    "108.203.37.38/32",     # Duane Waddle
-    "24.11.231.98/32",      # George Starcher
-    "99.151.37.185/32",     # Wesley Leonard
-    "73.10.53.113/32",      # Rick Page Home
-    "74.211.32.26/32",      # Brad Poulton
-    "70.160.60.248/32",     # Brandon Naughton 
-    "67.167.143.30/32",     # Frederick Damstra
-    "97.117.83.215/32",     # Colby Williams
-    #"76.173.128.126/32",   # Jeremy Cooper
-    "73.213.108.186/32", # LaDonia Wicks
-  ]
-
-  admin_ips = [
-    "108.28.25.119/32",   # James Kerr Home
-    "73.10.53.113/32",    # Rick Page Home
-    "99.151.37.185/32",   # Wesley Leonard Home
-    "74.211.32.26/32",    # Brad Poulton Home
-    "104.9.149.90/32",    # Greg Rivas Home
-    "100.4.76.3/32",      # Brandon Naughton Home
-    "170.248.173.247/32", # AFS site
-    "170.248.173.245/32", # AFS site
-    "107.207.74.118/32",  # Angelita Crawley Home
-    "69.207.192.131/32",  # Aaron Flores Home
-    "70.120.19.33/32",    # Hilda Colon-Martinez Home
-    "198.13.82.11/32",    # Hussein Carrenard Home
-    "136.226.18.198/32",  # Jose Alvarez Home 
-  ]
-
-  # from https://config.zscaler.com/zscalergov.net/cenr
-  zscalar_ips = [
-    "165.225.3.0/24",
-    "136.226.10.0/23",
-    "136.226.12.0/23",
-    "136.226.14.0/23",
-    "165.225.46.0/24",
-    "136.226.6.0/23",
-    "136.226.4.0/23",
-    "136.226.8.0/23",
-    "136.226.22.0/24",
-    "165.225.48.0/24",
-    "136.226.18.0/23",
-    "136.226.16.0/23",
-    "136.226.20.0/23",
-  ]
-
-  # Customer External IPs
-  # To increase flexibility and to provide better documentation,
-  # break up the IPs based on on-prem and not on-prem. 
-  #
-  # All of the "external" things that need access to publically
-  # available C2 services, like Salt Masters, Repo Servers
-  #
-  # Structure is a list of maps, and the "description" value in the
-  # map must be unique across the whole list or it will cause an error.
-  #
-
-  c2_services_external_ips = [
-    {
-      description = "Test LCPs"
-      cidr_blocks = [
-        "18.252.65.137/32", # Test LCP in Govcloud (EIP in common-services-gov)
-        "54.224.56.231/32", # Test LCP in Commercial (EIP in common-services)
-      ]
-    },
-    {
-      description = "NGA"
-      cidr_blocks = [
-        "199.16.64.3/32", #  NGA
-      ]
-    },
-    {
-      description = "AFS OnPrem"
-      cidr_blocks = [
-        "170.248.172.0/23", #  AFS Onprem
-      ]
-    },
-    {
-      description = "AFS Azure"
-      cidr_blocks = [
-        "20.190.250.137/32", # EastUS2_External_Access
-        "52.232.227.197/32", # Azure US-East Palo
-        "52.185.64.173/32",  # CentralUS_External_Access
-        "52.242.225.98/32",  # Azure US-Central Palo 20200721
-        "52.177.84.83/32",   # Lab_External_Access
-      ]
-    },
-    {
-      description = "BAS-Commerce CMPS"
-      cidr_blocks = [
-        "52.61.137.158/32", # 2021-04-06 From Daniel Dicke <daniel.dicke@asmr.com>
-        "52.61.70.43/32",   # 2021-04-15 yanked from VPC flow logs
-      ]
-    },
-    {
-      description = "FRTIB VDI"
-      cidr_blocks = [
-        "52.61.113.202/32", # 2021-04-15 From Brian Nguyen brian.a.nguyen@accenturefederal.com
-      ]
-    },
-    {
-      description = "FRTIB CMPS"
-      cidr_blocks = [
-        "15.200.226.57/32", # 2021-07-12 From Brian Nguyen brian.a.nguyen@accenturefederal.com
-      ]
-    },
-    {
-      description = "FRTIB ALIGHT"
-      cidr_blocks = [
-        "54.205.60.17/32", # 2021-05-04 From John Conrad john.conrad.2@alight.com
-        "52.206.203.98/32",
-        "34.233.188.131/32",
-      ]
-    },
-    {
-      description = "FRTIB ALIGHT 2"
-      cidr_blocks = [
-        "34.214.247.125/32", # 2022-01-20 From John Conrad john.conrad.2@alight.com
-        "44.235.174.214/32",
-        "52.89.203.9/32",
-      ]
-    },
-    {
-      description = "CA-C19"
-      cidr_blocks = [
-        "34.223.59.103/32", # 2021-05-04 From Wes Leonard 
-        "44.234.190.14/32",
-        "44.228.141.151/32",
-        "18.215.158.202/32", # 2022-01-03 From Ben Troglia
-        "54.234.108.195/32",
-        "34.228.38.91/32",
-      ]
-    },
-    {
-      description = "DGI"
-      cidr_blocks = [
-        "3.32.175.159/32", # 2021-06-24 From Angelita Crawley MSOCI-1776 
-        "15.200.13.143/32",
-      ]
-    },
-    {
-      description = "FRTIB Chaos test us-east-1"
-      cidr_blocks = [
-        "3.221.245.113/32",
-        "34.237.100.242/32",
-        "35.172.75.107/32",
-        "54.164.205.89/32",
-        "54.209.105.32/32",
-        "54.224.69.136/32",
-      ]
-    },
-    {
-      description = "FRTIB Chaos prod us-east-1"
-      cidr_blocks = [
-        "34.237.183.65/32",
-        "34.227.214.27/32",
-        "3.232.76.136/32",
-      ]
-    },
-
-  ]
-
-  dns_zone_map = {
-    "accenturefederalcyber.com"         = "Z03575081VGXN3FUZ8ERU"
-    "accenturefederalcyber.net"         = "Z07771312N8X39HKP141M"
-    "xdr.accenturefederalcyber.com"     = "Z0083657A94URZM2TM87"
-    "xdrtest.accenturefederalcyber.com" = "Z01677392W0QM639KU2KC"
-  }
-
-  repo_server_whitelist = concat(
-    ["52.179.13.17/32", #???
-    ],
-  )
-
-  key_pairs = {
-    # Should be your username -> key pair
-    "msoc-build" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDv8N5N/ECQNKdqZKmjQqGkPiAtJc3WmWdpcZmhxUfplGRFW0IlHGH/wPUgkXXg+djWNpMyT+bqWI8B4Q18uw0Y+w09lN+F1t/vp2GNPYyIPHTGbr2u/r5RCuPXc5Gg6ogkneyAipPCPAhBRbvPaFtfLSJ94ba01LoFs4xgCIZXetr/3ql61OlLyB8vb8FohpW/7u32zzOVJwObA+QlDrRgivaYpwNBxd+No9HEz29dUVFMsKb3ko0GpBuu4pptbj73XxP0EeodMj0hee0FH4kEkZy80LVbg2WeTsq6Mi/FRZmeGt5f3oZEcfflGqYOPA4FmhTrc9O9pp36DDOGts79TeZ6abky+a0jRJQvaeN8x8DZ6PQXfVGpOrNst5zw0Z9EP3ZrFAkX6CYfZkckq0h5Fs+rcWLeUfM/ppZqcyNBDys7zxjFNdmWk86pgn+XvdCVIlsp99B6CzgDoAJkay09ROVqh39HTK7m2aKZoyFWZvUpaqUOlLkOb47bMQzIBSp8Yaoo4PozSg0lQOzkJl3JTR0OZksbeN0pFKY4qNcUcpgUU5mVYs5SXWAOsih51kC5s+0F6Uxt+iDjT9ASaF1O+Bl46UnhpwrtN4ckpHsFnp58mdfhJCUMjt6PX+UPxjRlSL21EkjGALybG2C0gPuoGo0x5bEsZl/gFrFJ+3r6gQ== MSOC Build Key",
-    "fdamstra"   = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF3pGU9+HufgfEhPP7P0Lt7kqfGWLTGd6sfJgSypcSo3FP1XhwFOWkaNvZIpoIeQXhux5vTm+RoqYZ/3Gj7hcGMLdoHWArvLHD2AGjxbFnsmiCioQgsC/rYLBjiWNsDdVF5Arofby/RwzivMAi7yivhY4nGzXPsHZoucB0Wi34/9AmxbvXWv6ckuWkMjrXVe+uwFje3U7jQHRW9jQRpCRRfUjVA4FmH0PWqWFBlt/zqsDPOzbxNNhAvyrJho7jVBNjCLsq0++lT8BDKrYbaZiT0F2c9uIDRpHJSdjpqVCf9bghmeJWYMoNHAkGR7WCFjPCJ7QM57a2oRBtm1A/EWcr",
-  }
-
-  # Sensu Thresholds
-  sensu_checks = {
-    "dns" : {
-      "warning" : "5.0",  # warn if no resolution for 5 seconds
-      "critical" : "10.0" # critical if no resolution for 10 seconds
-    },
-  }
-
-  # Some sane defaults we don't want to specify everywhere
+  # Default is not a legacy account. This was a strange way to do this, but I'm not fixing it right now.
   is_legacy               = false # By default, accounts are not legacy accounts
-  extra_ebs_key_admins    = []
-  extra_ebs_key_users     = []
-  extra_ebs_key_attachers = []
 }

prod/aws-us-gov/mdr-prod-afs/005-iam/terragrunt.hcl

@@ -41,7 +41,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

prod/aws-us-gov/mdr-prod-afs/007-backups/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/backups?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/backups?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/010-vpc-splunk/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/140-splunk-frozen-bucket/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/145-splunk-smartstore-s3/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/smartstore_s3_bucket?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/smartstore_s3_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/150-splunk-cluster-master/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v4.2.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v5.0.0"
 }
 
 dependency "vpc" {
@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

prod/aws-us-gov/mdr-prod-afs/160-splunk-indexer-cluster/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v4.4.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v5.0.0"
 }
 
 dependency "vpc" {
@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix          = local.account_vars.locals.splunk_prefix
-  instance_type   = local.account_vars.locals.instance_types["splunk-indexer"]
   vpc_id          = dependency.vpc.outputs.vpc_id
   vpc_cidr        = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs             = dependency.vpc.outputs.azs

prod/aws-us-gov/mdr-prod-afs/165-splunk-legacy-hec/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v4.2.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v5.0.0"
 }
 
 generate "provider-legacy" {

prod/aws-us-gov/mdr-prod-afs/170-splunk-searchhead/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v4.2.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v5.0.0"
 }
 
 dependency "vpc" {
@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

prod/aws-us-gov/mdr-prod-afs/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v4.2.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v5.0.0"
 }
 
 dependency "vpc" {
@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix        = local.account_vars.locals.splunk_prefix
-  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
   vpc_id        = dependency.vpc.outputs.vpc_id
   vpc_cidr      = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs           = dependency.vpc.outputs.azs

prod/aws-us-gov/mdr-prod-afs/190-splunk-customer-searchhead/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/customer_searchhead?ref=v4.3.10"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/customer_searchhead?ref=v5.0.0"
 }
 
 dependency "vpc" {
@@ -35,7 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   prefix                  = local.account_vars.locals.splunk_prefix
-  instance_type           = local.account_vars.locals.instance_types["splunk-sh"]
   vpc_id                  = dependency.vpc.outputs.vpc_id
   vpc_cidr                = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
   azs                     = dependency.vpc.outputs.azs

prod/aws-us-gov/mdr-prod-afs/195-splunk-apps-s3/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/app_s3_bucket?ref=v4.4.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/app_s3_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/360-codebuild-splunk-apps-fm/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_splunk_apps?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_splunk_apps?ref=v5.0.0"
 }
 
 #Github specific provider

prod/aws-us-gov/mdr-prod-afs/360-codebuild-splunk-apps/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_splunk_apps?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_splunk_apps?ref=v5.0.0"
 }
 
 #Github specific provider

prod/aws-us-gov/mdr-prod-afs/435-s3-portal-customer-artifacts/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/generic_s3_bucket_with_role?ref=v4.4.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/generic_s3_bucket_with_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-afs/account.hcl

@@ -7,23 +7,7 @@ locals {
   aws_account_id                  = "299932671007"
   instance_termination_protection = true # set to true for production!
   splunk_prefix                   = "afs"
-  splunk_private_hec              = false # True if the customer needs a private HTTP Event Collector such as for ALSI
 
-  splunk_data_sources = [
-    "170.248.172.0/23",  # Corporate Network
-    "20.190.250.137/32", # Azure: EastUS2_External_Access
-    "52.232.227.197/32", # Azure: Azure US-East Palo
-    "52.185.64.173/32",  # Azure: CentralUS_External_Access
-    "52.242.225.98/32",  # Azure: Azure US-Central Palo 20200721
-    "52.177.84.83/32",   # Azure: Lab_External_Access
-  ]
-  splunk_legacy_cidr = ["10.3.0.0/22"] # Should not be needed for new customers
-  splunk_asg_sizes   = [1, 1, 1]       # How many indexers in each site
-
-
-  account_tags = {
-    "Client" : local.splunk_prefix,
-  }
   c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2" # TODO: Subsitute with test or prod
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
@@ -35,87 +19,4 @@ locals {
       "tgw_attached" = true
     }
   }
-
-  # Qualys Connector - See https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/Qualys
-  qualys_connector_externalid = "1628694246292" # Needs to come from the qualys console
-
-  # End of TODO
-
-  # Splunk instance sizes can be customized
-  # TODO: Set these appropriately in the skeleton for prod
-  instance_types = {
-    "alsi-master"    = "t3a.small",
-    "alsi-worker"    = "t3a.small",
-    "splunk-cm"      = "m5a.xlarge",   # legacy: t2.small
-    "splunk-indexer" = "i3en.6xlarge", # legacy: t2.small, but whats the point if we don't have instance storage.
-    "splunk-hf"      = "m5a.2xlarge",  # legacy: t2.medium
-    "splunk-sh"      = "m5a.4xlarge",  # legacy: ? not sure
-  }
-
-  # Splunk Volume Sizes are probably fine at defaults
-  splunk_volume_sizes = {
-    "cluster_master" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 20,             # minimum: 20
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-    "customer_searchhead" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 20,             # minimum: 20
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 130,  # No minimum; not in base image
-    },
-    "indexer" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 20,             # minimum: 20
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 60,   # No minimum; not in base image
-    },
-    "searchhead" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 20,             # minimum: 20
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 130,  # No minimum; not in base image
-    },
-    "heavy_forwarder" = {
-      "swap" : 8,           # minimum: 8
-      "/" : 20,             # minimum: 20
-      "/home" : 4,          # minimum: 4
-      "/var" : 15,          # minimum: 15
-      "/var/tmp" : 4,       # minimum: 4
-      "/var/log" : 8,       # minimum: 8
-      "/var/log/audit" : 8, # minimum: 8
-      "/tmp" : 4,           # minimum: 4
-      "/opt/splunk" : 30,   # No minimum; not in base image
-    },
-  }
-
-  # ALSI - Aggregated Log Source Ingestion
-  #
-  # If cribl is being used for log ingestion, remember to turn on splunk_private_hec, too.
-  alsi_workers     = 0     # how many cribl workers
-  alsi_splunk_nlb  = false # splunk://moose-alsi-splunk.xdr{,test}.accenturefederalcyber.com:9997 and 9998
-  alsi_elastic_alb = false # https://moose-alsi-elastic.xdr{,test}.accenturefederalcyber.com -> 9200
-  alsi_hec_alb     = false # https://moose-alsi-hec.xdr{,test}.accenturefederalcyber.com -> 8080
 }

prod/aws-us-gov/mdr-prod-bas/005-iam/terragrunt.hcl

@@ -41,7 +41,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-bas/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v3.5.16"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-bas/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v4.2.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v5.0.0"
 }
 
 dependency "c2_account_standards" {

prod/aws-us-gov/mdr-prod-bas/007-backups/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/backups?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/backups?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-bas/010-vpc-splunk/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-bas/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-bas/140-splunk-frozen-bucket/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v4.2.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v5.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file