Builds xdr interconnect instances and the VPN connections to test

Added base AMIs to partition variables.
Creates the VPN to the interconnect instances
Creates the interconnect instances

common/aws-us-gov/partition.hcl

@@ -8,8 +8,6 @@ locals {
   common_services_account = "701290387780"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
 
-  partition_tags = { }
-
   # Statically setting the 'last known good' ami gives us some added flexibility
   # in building amis more regularly.
   #
@@ -44,4 +42,8 @@ locals {
   ])
 
   aws_marketplace_ubuntu_owner_id = "874634375141"
+
+  partition_tags = {
+    aws_partition = local.aws_partition
+  }
 }

common/aws/partition.hcl

@@ -8,8 +8,6 @@ locals {
   common_services_account = "471284459109"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
 
-  partition_tags = { }
-
   # Statically setting the 'last known good' ami gives us some added flexibility
   # in building amis more regularly.
   #
@@ -44,4 +42,8 @@ locals {
   ])
 
   aws_marketplace_ubuntu_owner_id = "679593333241"
+
+  partition_tags = {
+    aws_partition = local.aws_partition
+  }
 }

common/env.hcl

@@ -2,4 +2,24 @@
 # feed forward to the child modules.
 locals {
   environment = "common"
+
+  dns_private = {
+    "id" = "Z2JVOIKXZP64QP"
+    "name" = "msoc.defpoint.local"
+  }
+  dns_private2 = {
+    # There are many of these... future task to figure it out
+    "id" = "Z2RGT77XQU1QBX"
+    "name" = "mdr.defpoint.com"
+  }
+  dns_public = {
+    "id" = "Z2HYR9YEZ4KLDE"
+    "name" = "mdr.defpoint.com"
+  }
+
+  legacy_account = "477548533976"
+
+  environment_tags = {
+    Environment = local.environment
+  }
 }

prod/env.hcl

@@ -3,4 +3,24 @@
 locals {
   environment = "prod"
   transit_gateway_account_name = "mdr-prod-c2" # Which account has the transit gateway
+
+  dns_private = {
+    "id" = "Z2JVOIKXZP64QP"
+    "name" = "msoc.defpoint.local"
+  }
+  dns_private2 = {
+    # There are many of these... future task to figure it out
+    "id" = "Z2RGT77XQU1QBX"
+    "name" = "mdr.defpoint.com"
+  }
+  dns_public = {
+    "id" = "Z2HYR9YEZ4KLDE"
+    "name" = "mdr.defpoint.com"
+  }
+
+  legacy_account = "477548533976"
+
+  environment_tags = {
+    Environment = local.environment
+  }
 }

terragrunt.hcl

@@ -46,6 +46,7 @@ locals {
   aws_region     = local.region_vars.locals.aws_region
   aws_partition  = local.partition_vars.locals.aws_partition
   common_services_account = local.partition_vars.locals.common_services_account
+  legacy_account = local.environment_vars.locals.legacy_account
 
   common_profile = local.partition_vars.locals.common_profile
 
@@ -84,6 +85,20 @@ provider "aws" {
   profile = "${local.common_profile}"
   alias   = "common"
 }
+
+# The "legacy" provider, used mainly for DNS. This is why you have to log into
+# commercial for govcloud plans.
+provider "aws" {
+  region = "us-east-1"
+  allowed_account_ids = ["527700175026", "477548533976" ]
+  profile = "commercial"
+  alias = "legacy"
+
+  assume_role {
+    role_arn = "arn:aws:iam::${ local.legacy_account }:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
+}
 EOF
 }
 

test/aws-us-gov/mdr-test-c2/015-security-vpc/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/security_vpc?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/security_vpc?ref=v0.3.1"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/018-xdr-interconnect-instances/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/xdr_interconnects?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/xdr_interconnects?ref=v0.3.1"
 }
 
 dependency "security_vpc" {

test/aws-us-gov/mdr-test-c2/019-attach-transit-gateway-to-hub-account/terragrunt.hcl

@@ -24,7 +24,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.3.1"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/020-transit-gateway-interconnect-vpn/terragrunt.hcl

@@ -1,29 +1,22 @@
 locals {
-  # If you want to use any of the variables in _this_ file, you have to load them here.
-  # However, they will all be available as inputs to the module loaded in terraform.source
-  # below.
-
-  # e.g. inherited variables:
   environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
   account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
-  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 }
 
-# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
-# working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit-gateway-interconnect-vpn?ref=v0.3.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit-gateway-interconnect-vpn?ref=v0.3.1"
 }
 
 dependency "transit-gateway-hub" {
   config_path = "../008-transit-gateway-hub"
 }
 
-dependency "palo-alto-firewalls" {
-  config_path = "../../../../common/aws-us-gov/afs-mdr-common-services-gov/018-palo-alto-firewalls"
+dependency "xdr-interconnect-instances" {
+  config_path = "../018-xdr-interconnect-instances"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -41,5 +34,6 @@ inputs = {
     Purpose = "Transit Gateway VPN"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  firewall_public_ips = dependency.palo-alto-firewalls.outputs.untrusted_ips
+  xdr_interconnect_public_ips = dependency.xdr-interconnect-instances.outputs.public_ips
+  transit_gateway_id = dependency.transit-gateway-hub.outputs.tgw_id
 }

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -24,5 +24,5 @@ locals {
   xdr_interconnect_asn = 64888
   xdr_interconnects_instance_type = "t3a.micro"
   xdr_interconnects_key_name = "fdamstra" # DO NOT CHANGE
-  xdr_interconnects_count = 0
+  xdr_interconnects_count = 2
 }

test/env.hcl

@@ -3,5 +3,23 @@
 locals {
   environment = "test"
   transit_gateway_account_name = "mdr-test-c2" # Which account has the transit gateway
-  environment_tags = { }
+
+  dns_private = {
+    "id" = "Z39OIGEKXXGJZ2"
+    "name" = "msoc.defpoint.local"
+  }
+  dns_private2 = {
+    "id" = "Z13C1OOJMG0BJ7", #zone 2
+    "name" = "mdr-test.defpoint.com"
+  }
+  dns_public = {
+    "id" = "Z3E22S3CIP0UCO",
+    "name" = "mdr-test.defpoint.com"
+  }
+
+  legacy_account = "527700175026"
+
+  environment_tags = {
+    Environment = local.environment
+  }
 }