Updates test and connects all accounts

* Fixed subnet of aws/mdr-test-c2
* Updated all accounts under test to latest modules
* Configured any unconfigured accounts
* Connected legacy VPCs in mdr-test to transit gateway

bin/terragrunt-apply-all

@@ -0,0 +1,116 @@
+#! /bin/bash
+# 
+# Do a more sane apply-all via terragrunt
+
+function argparse {
+  PARAMS=""
+  while (( "$#" )); do
+    case "$1" in
+      -h|--help)
+        echo Usage: $0 '[-l|--local] [-t|--test] [-d|--debug]'
+        exit 0
+        ;;
+      -t|--test)
+        TESTING="/bin/echo TESTING: "
+        shift
+        ;;
+      -l|--local)
+        LOCAL="1"
+        shift
+        ;;
+      -d|--debug)
+        >&2 echo debug: Enabling debugging..
+        DEBUG=1
+        shift
+        ;;
+#      -p|--only-path)
+#        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+#          ONLY_PATH=$2
+#          shift 2
+#        else
+#          echo "Error: Argument for $1 is missing" >&2
+#          exit 1
+#        fi
+#        ;;
+      -*|--*=) # unsupported flags
+        echo "Error: Unsupported flag $1" >&2
+        exit 1
+        ;;
+      *) # preserve positional arguments
+        PARAMS="$PARAMS $1"
+        shift
+        ;;
+    esac
+  done
+  # set positional arguments in their proper place
+  eval set -- "$PARAMS"
+
+  if [[ $LOCAL ]]; then
+    TERRAGRUNT_BIN=`which terragrunt-local`
+  else
+    read -p "Local not specified. Are you sure? [Y/n]? " -n 1 -r
+    echo ""
+    if [[ $REPLY =~ ^[Nn]$ ]]
+    then
+        echo Exiting...
+        exit 0
+    fi
+    TERRAGRUNT_BIN=`which terragrunt`
+  fi
+  if [[ ! -x $TERRAGRUNT_BIN ]]; then
+    >&2 echo "Error: terragrunt executable ($TERRAGRUNT_BIN) not found or not executable."
+    exit 4
+  fi
+}
+
+# Main
+argparse $*
+
+SHORT_PWD=$( basename ${PWD}  )
+PARENT_PWD=$( basename $( cd .. && pwd ) )
+[[ $DEBUG == 1 ]] && >&2 echo debug: PWD=$PWD
+[[ $DEBUG == 1 ]] && >&2 echo debug: SHORT_PWD=$SHORT_PWD
+
+# Sanity Checking
+if [[ $SHORT_PWD == "000-skeleton" ]]; then
+  >&2 echo Error: Cannot run from skeleton directory. Exiting...
+  exit 1
+fi
+
+if [[ $SHORT_PWD =~ ^[0-9]{3}-.* ]]; then
+  >&2 echo Error: We appear to be in a module directory. Please run from the account directory you wish to update. Exiting...
+  exit 2
+fi
+
+if [[ ! $PARENT_PWD =~ ^aws ]]; then
+  >&2 echo Error: We do not appear to be in an account directory. Failing...
+  exit 3
+fi
+
+for i in `seq -f "%g*" 0 9 | sort -n`; do
+  MODULE=$( basename $i )
+  if [[ -d $MODULE ]]; then
+    echo "====================================================================================="
+    echo "Processing module $MODULE..."
+    echo "====================================================================================="
+    pushd . > /dev/null
+    cd $MODULE
+    [[ $TESTING ]] && ${TERRAGRUNT_BIN} plan  # Run a plan if testing
+    [[ $TESTING ]] || ${TERRAGRUNT_BIN} apply # Run an apply otherwise
+    popd > /dev/null
+    echo "=======================================DONE=========================================="
+    echo ""
+    echo ""
+
+    # Prompt to continue after each module. Easier than ctrl-c...
+    read -p "Terragrunt completed. Continue to next module [Y/n]? " -n 1 -r
+    echo ""
+    if [[ $REPLY =~ ^[Nn]$ ]]
+    then
+        echo Exiting...
+        exit 0
+    fi
+  fi
+done
+
+echo Finished.

bin/update_all_from_skeleton

@@ -66,6 +66,16 @@ if [[ ! $PARENT_PWD =~ ^aws ]]; then
   exit 3
 fi
 
+if [[ $SHORT_PWD =~ legacy ]]; then
+  >&2 echo Error: This account is appears to be a legacy account. This script will not work.
+  exit 4
+fi
+
+if [[ -f UNUSED.ACCOUNT ]]; then
+  >&2 echo Error: This account is marked as unused. Failing...
+  exit 4
+fi
+
 for i in `seq -f "../../../000-skeleton/%g*" 0 9`; do
   MODULE=$( basename $i )
   [[ $TESTING ]] && >&2 echo debug: Processing module $MODULE...

bin/update_from_skeleton

@@ -52,7 +52,7 @@ function cmpfile {
   # Returns 0 if they're the same (and should not be copied)
   # Returns 1 if they're different (and should be copied)
   SRCFILE=$1
-  DSTFILE=$1
+  DSTFILE=$2
 
   if [[ ! -f $SRCFILE ]]; then
     [[ $DEBUG ]] && echo Warning: $SRCFILE does not exist. Not copying...

common/aws/partition.hcl

@@ -23,11 +23,13 @@ locals {
   # If you need the raw list of all accounts, see `account_list` below
   account_map = {
     "prod" = [
+      "477548533976", # Legacy MDR Prod
       "045312110490", # mdr-prod-c2
       "425831147305", # mdr-prod-modelclient
       "369723129071", # mdr-prod-malware
     ],
     "test" = [
+      "527700175026", # Legacy MDR Test
       "816914342178", # mdr-test-c2
       "449047653882", # mdr-test-modelclient
       "404265901253", # mdr-test-malware

test/aws-us-gov/mdr-test-c2/005-iam/terragrunt.hcl

@@ -31,4 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws-us-gov/mdr-test-c2/006-account-standards/terragrunt.hcl

@@ -31,10 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  #name = "vpc_primary_${local.account_vars.locals.account_name}"
-  #cidr = local.account_vars.locals.standard_vpc_cidr
-  #tags = {
-  #  Purpose = "Malware Detonation"
-  #  Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
-  #}
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws-us-gov/mdr-test-c2/010-standard-vpc/terragrunt.hcl

@@ -34,7 +34,7 @@ inputs = {
   name = "vpc_primary_${local.account_vars.locals.account_name}"
   cidr = local.account_vars.locals.standard_vpc_cidr
   tags = {
-    Purpose = "Malware Detonation"
+    Purpose = "Standard VPC"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }

test/aws-us-gov/mdr-test-c2/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-malware/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,4 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws-us-gov/mdr-test-malware/006-account-standards/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-malware/010-standard-vpc/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -34,7 +34,7 @@ inputs = {
   name = "vpc_primary_${local.account_vars.locals.account_name}"
   cidr = local.account_vars.locals.standard_vpc_cidr
   tags = {
-    Purpose = "Malware Detonation"
+    Purpose = "Standard VPC"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }

test/aws-us-gov/mdr-test-malware/020-attach-transit-gateway-to-standard-vpc/terragrunt.hcl

@@ -24,7 +24,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-malware/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-modelclient/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,4 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws-us-gov/mdr-test-modelclient/006-account-standards/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,10 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  #name = "vpc_primary_${local.account_vars.locals.account_name}"
-  #cidr = local.account_vars.locals.standard_vpc_cidr
-  #tags = {
-  #  Purpose = "Malware Detonation"
-  #  Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
-  #}
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws-us-gov/mdr-test-modelclient/010-standard-vpc/README.md

@@ -0,0 +1,7 @@
+# Standard VPC
+
+Creates a single VPC from the subnet defined in `../accounts.hcl`, divided into 3 subnets.
+
+## Note:
+
+This is the first using the "terragrunt best practice" template, so it will either serve as a good model or it will fail miserably. Either way, this may be outdated.

test/aws-us-gov/mdr-test-modelclient/010-standard-vpc/terragrunt.hcl

@@ -0,0 +1,40 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  name = "vpc_primary_${local.account_vars.locals.account_name}"
+  cidr = local.account_vars.locals.standard_vpc_cidr
+  tags = {
+    Purpose = "Standard VPC"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-modelclient/020-attach-transit-gateway-to-standard-vpc/README.md

@@ -0,0 +1,5 @@
+# Attaches this account's standard VPCs to the transit gateway
+
+You can reuse this module to attach additional VPCs by updating
+either the dependencies or the inputs, as appropriate.
+

test/aws-us-gov/mdr-test-modelclient/020-attach-transit-gateway-to-standard-vpc/terragrunt.hcl

@@ -0,0 +1,50 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = true # Should only be true for the first one
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id = dependency.standard_vpc.outputs.vpc_id
+  subnets = dependency.standard_vpc.outputs.private_subnets
+  route_tables = concat(dependency.standard_vpc.outputs.private_route_tables, dependency.standard_vpc.outputs.public_route_tables)
+}

test/aws-us-gov/mdr-test-modelclient/025-test-instance/README.md

@@ -0,0 +1 @@
+# Create a test instance if `create_test_instance` is set to true.

test/aws-us-gov/mdr-test-modelclient/025-test-instance/terragrunt.hcl

@@ -0,0 +1,41 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Testing Instance"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  subnet_id = dependency.standard_vpc.outputs.public_subnets[0]
+  security_group_ids = [ dependency.standard_vpc.outputs.allow_all_sg_id ]
+}

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -9,9 +9,9 @@ locals {
   account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
-  standard_vpc_cidr = "TODO/TODO"
+  standard_vpc_cidr = "10.20.8.0/22"
 
   # For testing
   create_test_instance = false
-  test_instance_key_name = "TODO" # The key with which to provision the test instance
+  test_instance_key_name = "fdamstra" # The key with which to provision the test instance
 }

test/aws/legacy-mdr-test/021-attach-transit-gateway-to-legacy-main_infrastructure/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/021-attach-transit-gateway-to-legacy-main_infrastructure/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = true # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["main_infrastructure"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["main_infrastructure"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["main_infrastructure"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["main_infrastructure"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-afs/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-afs/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = false # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["afs"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["afs"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["afs"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["afs"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-customer-portal/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-customer-portal/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = false # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["customer-portal"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["customer-portal"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["customer-portal"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["customer-portal"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-dc-c19/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-dc-c19/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = false # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["dc-c19"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["dc-c19"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["dc-c19"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["dc-c19"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-la-c19/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-la-c19/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = false # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["la-c19"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["la-c19"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["la-c19"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["la-c19"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-ma-c19/README.md

@@ -0,0 +1,3 @@
+# Attaches the legacy VPCs to the transit gateway
+
+

test/aws/legacy-mdr-test/022-attach-transit-gateway-to-legacy-ma-c19/terragrunt.hcl

@@ -0,0 +1,45 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}-LEGACY"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = false # Should only be true for the first attachment
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id =  local.account_vars.locals.legacy_vpcs["ma-c19"]["id"]
+  subnets = local.account_vars.locals.legacy_vpcs["ma-c19"]["private_subnets"]
+  route_tables = concat(local.account_vars.locals.legacy_vpcs["ma-c19"]["public_route_tables"], local.account_vars.locals.legacy_vpcs["ma-c19"]["private_route_tables"])
+}

test/aws/legacy-mdr-test/account.hcl

@@ -7,4 +7,50 @@ locals {
   aws_account_id = "527700175026"
   
   account_tags = { } 
+
+  # Legacy information
+  legacy_vpcs = {
+    main_infrastructure = {
+      id = "vpc-0b455a7f22a13412b",
+      private_subnets = [ "subnet-053c6f1b9a48d4285", "subnet-047cba9290bc502fd", "subnet-01d13857b6f3899cb" ]
+      public_subnets  = [ "subnet-0b1e9d82bcd8c0a2c", "subnet-0d65c22aa4f76b634", "subnet-07312c554fb87e4b5" ]
+      private_route_tables = [ "rtb-0effbd34d78eabe6f", "rtb-02e8aaa2e4b82a665", "rtb-00928b94222c589a4" ]
+      public_route_tables  = [ "rtb-022461b2a3c523e73" ]
+    }
+    ma-c19 = {
+      id = "vpc-03522ef9cbaef2378",
+      private_subnets = [ "subnet-0045fcb58b3ec017c", "subnet-05150379ec0cc4181", "subnet-0b4a35031fd20dcfb" ]
+      public_subnets  = [ "subnet-0dee7a137d1598c4b", "subnet-0cc302d548e97188d", "subnet-0947439d65a8b54e2" ]
+      private_route_tables = [ "rtb-01ad15c283474922a", "rtb-09be121675ff21a20", "rtb-08969d2fb85c343bb" ]
+      public_route_tables  = [ "rtb-0d94202396743c4a5" ]
+    }
+    customer-portal = {
+      id = "vpc-075e58bd7619dc5b0",
+      private_subnets = [ "subnet-0f8eec82a17cef7a6", "subnet-02575f16e22431ad6", "subnet-0662ad00a4fbf3034" ]
+      public_subnets  = [ "subnet-0bbb38f6b222607cf", "subnet-03074b876845ebae4", "subnet-0177f1e226cb5bc55" ]
+      private_route_tables = [ "rtb-033ada297a85c58fe", "rtb-08e28c3117db6b282", "rtb-04700e9a72f266287" ]
+      public_route_tables  = [ "rtb-0e26a4fa3833eaa96" ]
+    }
+    afs = {
+      id = "vpc-0bb514965e384f13a",
+      private_subnets = [ "subnet-0db1488cd94ad0b38", "subnet-0275d50060a77e726", "subnet-07a0c3f2ee215d5f1" ]
+      public_subnets  = [ "subnet-05153a99ddb83712c", "subnet-044cf67369cee4967", "subnet-0bb9ec330ead3bab3" ]
+      private_route_tables = [ "rtb-0f1ba98c1ce4a1306", "rtb-0861949990769ea9c", "rtb-00c008cd8a03f9a0d" ]
+      public_route_tables  = [ "rtb-09261ab694d10ed4e" ]
+    }
+    la-c19 = {
+      id = "vpc-0ce10fb98f1e9a078",
+      private_subnets = [ "subnet-02ab0934a1161cd38", "subnet-07197e8b1661a3006", "subnet-00135f6f54e0ee4fc" ]
+      public_subnets  = [ "subnet-0d0ef745c05339043", "subnet-01ab62a37d5c40eb3", "subnet-081ded06d577fd57d" ]
+      private_route_tables = [ "rtb-098d239c29c96fb03", "rtb-0cd81b36f75e817e7", "rtb-06b060305a96cfab4" ]
+      public_route_tables  = [ "rtb-0ca9389c1f764ced5" ]
+    }
+    dc-c19 = {
+      id = "vpc-0f64ba0a5c72b7402",
+      private_subnets = [ "subnet-01973d25e80bc4341", "subnet-0e2d94b352495b3c1", "subnet-0f68328639ccb8754" ]
+      public_subnets  = [ "subnet-04188a43516592efa", "subnet-0a9b6fa8860a05751", "subnet-0281a55f386cf58f2" ]
+      private_route_tables = [ "rtb-0f4babc621c88a81c", "rtb-093ce14bd550edfd2", "rtb-06e4a2609b3c63320" ]
+      public_route_tables  = [ "rtb-0caf65533eea2f16c" ]
+    }
+  }
 }

test/aws/mdr-test-c2/020-transit-gateway-interconnect-vpn/terragrunt.hcl

@@ -35,5 +35,6 @@ inputs = {
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
   interconnect_public_ips = dependency.interconnect-instances.outputs.public_ips
+  interconnect_private_ips = dependency.interconnect-instances.outputs.private_ips
   transit_gateway_id = dependency.transit-gateway-hub.outputs.tgw_id
 }

test/aws/mdr-test-c2/account.hcl

@@ -9,7 +9,7 @@ locals {
   account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
-  standard_vpc_cidr = "10.40.0.0/22"
+  standard_vpc_cidr = "10.16.0.0/22"
 
   # For testing
   create_test_instance = false

test/aws/mdr-test-malware/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,4 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws/mdr-test-malware/UNUSED.ACCOUNT

@@ -0,0 +1 @@
+This account is unused

test/aws/mdr-test-modelclient/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.4.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,4 +31,7 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
 }

test/aws/mdr-test-modelclient/006-account-standards/README.md

@@ -0,0 +1,3 @@
+# Account Standards
+
+Creates elements that are standard in all accounts, such as access keys, kms keys, etc.

test/aws/mdr-test-modelclient/006-account-standards/terragrunt.hcl

@@ -0,0 +1,37 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws/mdr-test-modelclient/010-standard-vpc/README.md

@@ -0,0 +1,7 @@
+# Standard VPC
+
+Creates a single VPC from the subnet defined in `../accounts.hcl`, divided into 3 subnets.
+
+## Note:
+
+This is the first using the "terragrunt best practice" template, so it will either serve as a good model or it will fail miserably. Either way, this may be outdated.

test/aws/mdr-test-modelclient/010-standard-vpc/terragrunt.hcl

@@ -0,0 +1,40 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  name = "vpc_primary_${local.account_vars.locals.account_name}"
+  cidr = local.account_vars.locals.standard_vpc_cidr
+  tags = {
+    Purpose = "Standard VPC"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws/mdr-test-modelclient/020-attach-transit-gateway-to-standard-vpc/README.md

@@ -0,0 +1,5 @@
+# Attaches this account's standard VPCs to the transit gateway
+
+You can reuse this module to attach additional VPCs by updating
+either the dependencies or the inputs, as appropriate.
+

test/aws/mdr-test-modelclient/020-attach-transit-gateway-to-standard-vpc/terragrunt.hcl

@@ -0,0 +1,50 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_invitation = true # Should only be true for the first one
+  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_id = dependency.standard_vpc.outputs.vpc_id
+  subnets = dependency.standard_vpc.outputs.private_subnets
+  route_tables = concat(dependency.standard_vpc.outputs.private_route_tables, dependency.standard_vpc.outputs.public_route_tables)
+}

test/aws/mdr-test-modelclient/025-test-instance/README.md

@@ -0,0 +1 @@
+# Create a test instance if `create_test_instance` is set to true.

test/aws/mdr-test-modelclient/025-test-instance/terragrunt.hcl

@@ -0,0 +1,41 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.4.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Testing Instance"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  subnet_id = dependency.standard_vpc.outputs.public_subnets[0]
+  security_group_ids = [ dependency.standard_vpc.outputs.allow_all_sg_id ]
+}

test/aws/mdr-test-modelclient/account.hcl

@@ -6,4 +6,11 @@ locals {
   aws_account_id = "449047653882"
   
   account_tags = { } 
+
+  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
+  standard_vpc_cidr = "10.16.8.0/22"
+
+  # For testing
+  create_test_instance = false
+  test_instance_key_name = "fdamstra" # The key with which to provision the test instance
 }