5 tahun lalu · 554a8b6f4f
--- a/common/env.hcl
+++ b/common/env.hcl
@@ -2,7 +2,30 @@
 
				 # feed forward to the child modules.
			
 
				 locals {
			
 
				   environment = "common"
			
 
				+  transit_gateway_account_name = "mdr-prod-c2" # Which account has the transit gateway
			
 
				 
			
 
				+  environment_tags = {
			
 
				+    Environment = local.environment
			
 
				+  }
			
 
				+
			
 
				+  legacy_account = "477548533976"
			
 
				+  c2_accounts = {
			
 
				+    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
			
 
				+    "aws"        = "045312110490" # mdr-prod-c2
			
 
				+  }
			
 
				+
			
 
				+  # Common services doesn't have DNS Servers
			
 
				+  #dns_servers = [
			
 
				+  #]
			
 
				+  # Note: 'private' and 'reverse' do not presently work in common services
			
 
				+  dns_info = {
			
 
				+    "public" = {
			
 
				+      zone = "xdr.accenturefederalcyber.com"
			
 
				+      zone_id = "Z0083657A94URZM2TM87"
			
 
				+    }
			
 
				+  }
			
 
				+
			
 
				+  # legacy DNS
			
 
				   dns_private = {
			
 
				     "id" = "Z2JVOIKXZP64QP"
			
 
				     "name" = "msoc.defpoint.local"
			
@@ -17,12 +40,4 @@ locals {
 
				     "name" = "mdr.defpoint.com"
			
 
				   }
			
 
				 
			
 
				-  legacy_account = "477548533976"
			
 
				-  c2_accounts = {
			
 
				-    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
			
 
				-    "aws"        = "045312110490" # mdr-prod-c2
			
 
				-  }
			
 
				-  environment_tags = {
			
 
				-    Environment = local.environment
			
 
				-  }
			
 
				 }
			
--- a/prod/aws-us-gov/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl
+++ b/prod/aws-us-gov/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl
@@ -8,7 +8,7 @@ locals {
 
				 
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.5.9"
			
 
				 }
			
 
				 
			
 
				 dependency "standard_vpc" {
			
--- a/prod/aws-us-gov/mdr-prod-c2/018-interconnect-instances/terragrunt.hcl
+++ b/prod/aws-us-gov/mdr-prod-c2/018-interconnect-instances/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.5.1"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.5.9"
			
 
				 }
			
 
				 
			
 
				 dependency "security_vpc" {
			
--- a/prod/aws/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl
+++ b/prod/aws/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl
@@ -1,28 +0,0 @@
 
				-locals {
			
 
				-  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
			
 
				-  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
			
 
				-  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
			
 
				-  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
			
 
				-  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
			
 
				-}
			
 
				-
			
 
				-terraform {
			
 
				-  # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
			
 
				-}
			
 
				-
			
 
				-dependency "standard_vpc" {
			
 
				-  config_path = "../010-standard-vpc"
			
 
				-}
			
 
				-
			
 
				-include {
			
 
				-  path = find_in_parent_folders()
			
 
				-}
			
 
				-
			
 
				-inputs = {
			
 
				-  tags = {
			
 
				-    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
			
 
				-  }
			
 
				-  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
			
 
				-  subnets = dependency.standard_vpc.outputs.private_subnets
			
 
				-}
			
--- a/prod/env.hcl
+++ b/prod/env.hcl
@@ -14,25 +14,23 @@ locals {
 
				     "aws"        = "045312110490" # mdr-prod-c2
			
 
				   }
			
 
				 
			
 
				-  private_dns = {
			
 
				-    "aws-us-gov" = {
			
 
				-      "name" = "gc.accenturefederalcyber.com",
			
 
				-      "id"   = "Z08253091KU7QO3JTSCBJ",
			
 
				-      # If starting fresh, leave dns_servers as an empty list
			
 
				-      "dns_servers" = [
			
 
				-        "10.40.0.198",
			
 
				-        "10.40.0.64",
			
 
				-        "10.40.1.26",
			
 
				-      ]
			
 
				-    },
			
 
				-    "aws"        = {
			
 
				-      "name" = "co.accenturefederalcyber.com",
			
 
				-      "id"   = "Z0295812Z38G5UXFC7OK",
			
 
				-      "dns_servers" = [ 
			
 
				-        "10.32.0.166",
			
 
				-        "10.32.0.47",
			
 
				-        "10.32.1.83",
			
 
				-      ]
			
 
				+  dns_servers = [ 
			
 
				+    "10.40.0.198",
			
 
				+    "10.40.0.64",
			
 
				+    "10.40.1.26",
			
 
				+  ]
			
 
				+  dns_info = {
			
 
				+    "private" = {
			
 
				+      zone = "pvt.xdr.accenturefederalcyber.com",
			
 
				+      zone_id = "Z08498911YSZW4A0XN4AG"
			
 
				+    }
			
 
				+    "reverse" = {
			
 
				+      zone = "10.in-addr.arpa"
			
 
				+      zone_id = "Z08395981DXDBY6CVJTW1"
			
 
				+    }
			
 
				+    "public" = {
			
 
				+      zone = "xdr.accenturefederalcyber.com"
			
 
				+      zone_id = "Z0083657A94URZM2TM87"
			
 
				     }
			
 
				   }
			
 
				 
			
--- a/terragrunt.hcl
+++ b/terragrunt.hcl
@@ -63,6 +63,10 @@ generate "provider" {
 
				   path      = "provider.tf"
			
 
				   if_exists = "overwrite_terragrunt"
			
 
				   contents  = <<EOF
			
 
				+provider "template" {
			
 
				+  version = "~> 2.1"
			
 
				+}
			
 
				+
			
 
				 provider "aws" {
			
 
				   version = "~> 2.66"
			
 
				   region = "${local.aws_region}"
			
@@ -86,16 +90,28 @@ provider "aws" {
 
				   alias   = "common"
			
 
				 }
			
 
				 
			
 
				-# The "legacy" provider, used mainly for DNS. This is why you have to log into
			
 
				-# commercial for govcloud plans.
			
 
				+# The "common-services-commercial" provider is used for public DNS entries
			
 
				 provider "aws" {
			
 
				   region = "us-east-1"
			
 
				-  allowed_account_ids = ["527700175026", "477548533976" ]
			
 
				+  allowed_account_ids = [ "471284459109" ]
			
 
				   profile = "commercial"
			
 
				-  alias = "legacy"
			
 
				+  alias   = "mdr-common-services-commercial"
			
 
				+
			
 
				+  assume_role {
			
 
				+    role_arn = "arn:aws:iam::471284459109:role/user/mdr_terraformer"
			
 
				+    session_name = "terraform"
			
 
				+  }
			
 
				+}
			
 
				+
			
 
				+# The "C2" provider, used for private DNS
			
 
				+provider "aws" {
			
 
				+  region = "us-gov-east-1"
			
 
				+  allowed_account_ids = [ "721817724804", "738800754746" ]
			
 
				+  profile = "govcloud"
			
 
				+  alias   = "c2"
			
 
				 
			
 
				   assume_role {
			
 
				-    role_arn = "arn:aws:iam::${ local.legacy_account }:role/user/mdr_terraformer"
			
 
				+    role_arn = "arn:aws-us-gov:iam::${ local.environment_vars.locals.c2_accounts["aws-us-gov"] }:role/user/mdr_terraformer"
			
 
				     session_name = "terraform"
			
 
				   }
			
 
				 }
			
@@ -103,7 +119,6 @@ EOF
 
				 }
			
 
				 
			
 
				 # Configure Terragrunt to automatically store tfstate files in an S3 bucket
			
 
				-# We'll want to reenable this when we have valid settings
			
 
				 remote_state {
			
 
				   backend = "s3"
			
 
				   generate = {
			
--- a/test/aws-us-gov/mdr-test-c2/011-private-dns-zone/terragrunt.hcl
+++ b/test/aws-us-gov/mdr-test-c2/011-private-dns-zone/terragrunt.hcl
@@ -8,7 +8,7 @@ locals {
 
				 
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.5.9"
			
 
				 }
			
 
				 
			
 
				 dependency "standard_vpc" {
			
--- a/test/aws-us-gov/mdr-test-c2/018-interconnect-instances/terragrunt.hcl
+++ b/test/aws-us-gov/mdr-test-c2/018-interconnect-instances/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.5.1"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.5.9"
			
 
				 }
			
 
				 
			
 
				 dependency "security_vpc" {
			
--- a/test/aws/mdr-test-c2/011-private-dns-zone/terragrunt.hcl
+++ b/test/aws/mdr-test-c2/011-private-dns-zone/terragrunt.hcl
@@ -1,28 +0,0 @@
 
				-locals {
			
 
				-  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
			
 
				-  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
			
 
				-  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
			
 
				-  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
			
 
				-  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
			
 
				-}
			
 
				-
			
 
				-terraform {
			
 
				-  # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
			
 
				-}
			
 
				-
			
 
				-dependency "standard_vpc" {
			
 
				-  config_path = "../010-standard-vpc"
			
 
				-}
			
 
				-
			
 
				-include {
			
 
				-  path = find_in_parent_folders()
			
 
				-}
			
 
				-
			
 
				-inputs = {
			
 
				-  tags = {
			
 
				-    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
			
 
				-  }
			
 
				-  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
			
 
				-  subnets = dependency.standard_vpc.outputs.private_subnets
			
 
				-}
			
--- a/test/env.hcl
+++ b/test/env.hcl
@@ -14,25 +14,23 @@ locals {
 
				     "aws"        = "816914342178" # mdr-test-c2
			
 
				   }
			
 
				 
			
 
				-  private_dns = {
			
 
				-    "aws-us-gov" = { 
			
 
				-      "name" = "gctest.accenturefederalcyber.com",
			
 
				-      "id"   = "Z08253713IR2OY59O4OGL",
			
 
				-      # If starting fresh, leave dns_servers as an empty list
			
 
				-      "dns_servers" = [
			
 
				-        "10.20.0.119",
			
 
				-        "10.20.0.211",
			
 
				-        "10.20.1.11",
			
 
				-      ]
			
 
				-    },
			
 
				-    "aws"        = {
			
 
				-      "name" = "cotest.accenturefederalcyber.com",
			
 
				-      "id"   = "Z03093872COCFHKM0AGC2",
			
 
				-      "dns_servers" = [
			
 
				-        "10.16.0.13",
			
 
				-        "10.16.0.207",
			
 
				-        "10.16.1.23",
			
 
				-      ]
			
 
				+  dns_servers = [
			
 
				+    "10.20.0.119",
			
 
				+    "10.20.0.211",
			
 
				+    "10.20.1.11",
			
 
				+  ]
			
 
				+  dns_info = {
			
 
				+    "private" = {
			
 
				+      zone = "pvt.xdrtest.accenturefederalcyber.com",
			
 
				+      zone_id = "Z08514662ZGG8BM81TKD5"
			
 
				+    }
			
 
				+    "reverse" = {
			
 
				+      zone = "10.in-addr.arpa"
			
 
				+      zone_id = "Z08479312XJFUS20YJUJO"
			
 
				+    }
			
 
				+    "public" = {
			
 
				+      zone = "xdrtest.accenturefederalcyber.com" 
			
 
				+      zone_id = "Z01677392W0QM639KU2KC"
			
 
				     }
			
 
				   }