4 سال پیش · 6cd7300b77
--- a/000-skeleton/account.hcl
+++ b/000-skeleton/account.hcl
@@ -7,6 +7,7 @@ locals {
 
				   aws_account_id = "TODO"
			
 
				   instance_termination_protection = TODO # set to true for production!
			
 
				   splunk_prefix = "TODO"
			
 
				+  splunk_private_hec = TODO # True if the customer needs a private HTTP Event Collector such as for ALSI
			
 
				 
			
 
				   splunk_data_sources = [
			
 
				     "x.x.x.x/32", # TODO: Add customer's public IP addresses
			
@@ -41,7 +42,8 @@ locals {
 
				   # Splunk instance sizes can be customized
			
 
				   # TODO: Set these appropriately in the skeleton for prod
			
 
				   instance_types = {
			
 
				-    "alsi"           = "t3a.small",
			
 
				+    "alsi-master"    = "t3a.small",
			
 
				+    "alsi-worker"    = "t3a.small",
			
 
				     "splunk-cm"      = "t3a.small",  # legacy: t2.small
			
 
				     "splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
			
 
				     "splunk-hf"      = "t3a.small", # legacy: t2.medium
			
@@ -95,4 +97,12 @@ locals {
 
				       "/opt/splunk": 30, # No minimum; not in base image
			
 
				     },
			
 
				   }
			
 
				+
			
 
				+  # ALSI - Aggregated Log Source Ingestion
			
 
				+  #
			
 
				+  # If cribl is being used for log ingestion, remember to turn on splunk_private_hec, too.
			
 
				+  alsi_workers = 0 # how many cribl workers
			
 
				+  alsi_splunk_nlb = false # splunk://moose-alsi-splunk.xdr{,test}.accenturefederalcyber.com:9997 and 9998
			
 
				+  alsi_elastic_alb = false # https://moose-alsi-elastic.xdr{,test}.accenturefederalcyber.com -> 9200
			
 
				+  alsi_hec_alb = false # https://moose-alsi-hec.xdr{,test}.accenturefederalcyber.com -> 8080
			
 
				 }
			
--- a/test/aws-us-gov/mdr-test-c2/160-splunk-indexer-cluster/terragrunt.hcl
+++ b/test/aws-us-gov/mdr-test-c2/160-splunk-indexer-cluster/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.4"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.14"
			
 
				 }
			
 
				 
			
 
				 dependency "vpc" {
			
--- a/test/aws-us-gov/mdr-test-c2/account.hcl
+++ b/test/aws-us-gov/mdr-test-c2/account.hcl
@@ -6,6 +6,7 @@ locals {
 
				   aws_account_id = "738800754746"
			
 
				   instance_termination_protection = false # set to true for production!
			
 
				   splunk_prefix = "moose"
			
 
				+  splunk_private_hec = true # True if the customer needs a private HTTP Event Collector such as for ALSI
			
 
				 
			
 
				   # Additional sources that are allowed to send data, such as Customer LCPs, Azure, etc.
			
 
				   splunk_data_sources = [