Adds DNS Servers into commercial and govcloud test C2

000-skeleton/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.5.3"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.6.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/account.hcl

@@ -22,11 +22,11 @@ locals {
   ]
   # Delegated zones are created in different accounts
   delegated_public_dns_zones = {
-    "caasp.xdr.accenturefederalcyber.com" = [
-      "tbd1.awsdns-15.com.",
-      "tbd2.awsdns-15.com.",
-      "tbd3.awsdns-15.com.",
-      "tbd4.awsdns-15.com."
+    "caasp.accenturefederalcyber.com" = [
+      "ns-537.awsdns-03.net",
+      "ns-1532.awsdns-63.org",
+      "ns-1933.awsdns-49.co.uk",
+      "ns-417.awsdns-52.com",
     ]
   }
   

prod/aws-us-gov/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.5.9"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.6.0"
 }
 
 dependency "standard_vpc" {

prod/env.hcl

@@ -8,6 +8,26 @@ locals {
     Environment = local.environment
   }
 
+  proxy = "proxy.msoc.defpoint.local"
+  proxy_ip = "10.80.101.166"
+  salt_master = "salt-master.msoc.defpoint.local"
+  salt_master_ip = "10.80.101.170"
+
+  # Todo: Add CIDRs from new environment as they are assigned
+  # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2.
+  # Put any standalone IPs at the end.
+  cidr_map = {
+    "bastions" = [ "10.80.101.133/32" ],
+    "vpns"     = [ "10.80.101.126/32" ],
+    "scanners" = [ "10.40.12.0/22" ],
+    "dns"      = [ "10.40.0.0/22", "10.32.0.0/22" ], # DNS is in standard
+    "monitoring" = [ "10.80.101.230/32" ],
+    "salt"     = [ "10.80.101.170/32" ],
+    "web"      = [ "10.80.101.166/32" ], # Things systems need http/https access to, such as the proxy
+    "smtp"     = [ "10.80.1.107/32" ],
+    "moose"    = [ "10.80.0.0/16" ],
+  }
+
   legacy_account = "477548533976"
   c2_accounts = {
     "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
@@ -17,7 +37,6 @@ locals {
   dns_servers = [ 
     "10.40.0.198",
     "10.40.0.64",
-    "10.40.1.26",
   ]
   dns_info = {
     "private" = {

test/aws-us-gov/mdr-test-c2/011-private-dns-zone/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.5.9"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns?ref=v0.6.0"
 }
 
 dependency "standard_vpc" {

test/aws-us-gov/mdr-test-c2/018-interconnect-instances/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.5.9"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/interconnects?ref=v0.6.0"
 }
 
 dependency "security_vpc" {

test/aws-us-gov/mdr-test-c2/023-dns-resolver-instance/README.md

@@ -0,0 +1,7 @@
+Build Note: For a fresh install, you may need to first build the instance:
+```
+terragrunt-local init
+terragrunt-local apply --target aws_instance.instance
+```
+
+Alternatively, you can disable reverse dns in terragrunt.hcl, but the above method should reduce errors where we forget to create the reverse record.

test/aws-us-gov/mdr-test-c2/023-dns-resolver-instance/terragrunt.hcl

@@ -0,0 +1,42 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/resolver_instance?ref=v0.6.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "DNS Resolver"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  subnet_id = dependency.standard_vpc.outputs.public_subnets[0]
+  vpc_id = dependency.standard_vpc.outputs.vpc_id
+  reverse_enabled = true # Set to 'true' on second run
+}

test/aws-us-gov/mdr-test-c2/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.5.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v0.6.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -18,9 +18,16 @@ locals {
     "security_vpc" = "10.179.128.0/22"
   }
 
+  # DNS Resolver
+  resolver_instance_type = "t3a.micro"
+  resolver_instance_key_name = "fdamstra"
+
   # For testing
   create_test_instance = false
   test_instance_key_name = "fdamstra" # They with which to provision the test instance
+  # Extra customization if you want it
+  test_instance_ami = "base" # default = minion
+  test_instance_type = "t3a.micro" # default = t3a.micro
 
   # AS Number used for various resources, but not every account needs one.
   asn = 64710 # changing this replaces the gateway

test/aws/mdr-test-c2/023-dns-resolver-instance/README.md

@@ -0,0 +1,5 @@
+Build Note: For a fresh install, you may need to first build the instance:
+```
+terragrunt-local init
+terragrunt-local apply --target aws_instance.instance
+```

test/aws/mdr-test-c2/023-dns-resolver-instance/terragrunt.hcl

@@ -0,0 +1,42 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/resolver_instance?ref=v0.6.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "DNS Resolver"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  subnet_id = dependency.standard_vpc.outputs.public_subnets[0]
+  vpc_id = dependency.standard_vpc.outputs.vpc_id
+  reverse_enabled = true # Set to 'true' on second run
+}

test/aws/mdr-test-c2/account.hcl

@@ -4,7 +4,7 @@ locals {
   account_name   = "afs-mdr-test-c2"
   account_alias  = "afs-mdr-test-c2"
   aws_account_id = "816914342178"
-  instance_termination_protection = true # set to true for production!
+  instance_termination_protection = false # set to true for production!
   
   account_tags = { } 
   c2_account_standards_path = "../../mdr-test-c2/005-account-standards-c2"
@@ -12,13 +12,16 @@ locals {
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.16.0.0/22"
 
+  # DNS Resolver
+  resolver_instance_type = "t3a.micro"
+  resolver_instance_key_name = "fdamstra"
+
   # For testing
   create_test_instance = false
   test_instance_key_name = "fdamstra" # They with which to provision the test instance
 
   # AS Number used for various resources, but not every account needs one.
   asn = 64700
-
   security_vpc_cidr = "10.179.132.0/22"
 
   # Interconnects

test/env.hcl

@@ -8,6 +8,26 @@ locals {
     Environment = local.environment
   }
 
+  proxy = "proxy.msoc.defpoint.local"
+  proxy_ip = "10.96.101.188"
+  salt_master = "salt-master.msoc.defpoint.local"
+  salt_master_ip = "10.96.101.161"
+
+  # Todo: Add CIDRs from new environment as they are assigned
+  # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2.
+  # Put any standalone IPs at the end.
+  cidr_map = {
+    "bastions" = [ "10.96.101.218/32" ],
+    "vpns"     = [ "10.96.101.249/32" ],
+    "scanners" = [ "10.20.12.0/22" ],
+    "dns"      = [ "10.20.0.0/22", "10.16.0.0/22" ], # DNS is in standard
+    "monitoring" = [ "10.96.101.43/32" ],
+    "salt"     = [ "10.96.101.161/32" ],
+    "web"      = [ "10.96.101.188/32" ], # Things systems need http/https access to, such as the proxy
+    "smtp"     = [ "10.96.1.160/32" ],
+    "moose"    = [ "10.96.0.0/16" ],
+  }
+
   legacy_account = "527700175026"
   c2_accounts = {
     "aws-us-gov" = "738800754746" # mdr-test-c2-gov
@@ -17,7 +37,6 @@ locals {
   dns_servers = [
     "10.20.0.119",
     "10.20.0.211",
-    "10.20.1.11",
   ]
   dns_info = {
     "private" = {