Updates Skeleton and Deploys Splunk to mdr-test-modelclient

LET'S GO!

000-skeleton/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v0.5.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.9.8"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.0.0"
 }
 
 dependency "c2_account_standards" {

000-skeleton/010-vpc-splunk/terragrunt.hcl

@@ -4,11 +4,11 @@ locals {
   # below.
 
   # e.g. inherited variables:
-  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
-  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
   account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
-  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 
   # Extract out common variables for reuse
   #env = local.environment_vars.locals.environment
@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -26,14 +26,22 @@ include {
   path = find_in_parent_folders()
 }
 
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
 # These are the variables we have to pass in to use the module specified in the terragrunt source above
 inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = true # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
   vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
   tags = {
     #Purpose # grabbed from vpc_info
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
+  accept_tgw_invitation = true
 }

000-skeleton/020-attach-transit-gateway-to-vpc-splunk/README.md

@@ -1,5 +0,0 @@
-# Attaches this account's standard VPCs to the transit gateway
-
-You can reuse this module to attach additional VPCs by updating
-either the dependencies or the inputs, as appropriate.
-

000-skeleton/021-qualys-connector-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/020-attach-transit-gateway-to-vpc-splunk/terragrunt.hcl → 000-skeleton/150-splunk-cluster-master/terragrunt.hcl

@@ -2,8 +2,6 @@ locals {
   # If you want to use any of the variables in _this_ file, you have to load them here.
   # However, they will all be available as inputs to the module loaded in terraform.source
   # below.
-
-  # e.g. inherited variables:
   environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
   region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
@@ -11,20 +9,15 @@ locals {
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 }
 
-dependency "transit_gateway" {
-  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
-}
-
-dependency "vpc_splunk" {
-  config_path = "../010-vpc-splunk"
-}
-
-
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -38,13 +31,13 @@ inputs = {
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
   tags = {
-    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}"
+    Purpose = "Splunk Cluster Master"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  accept_invitation = true # Should only be true for the first one
-  share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
-  tgw_id = dependency.transit_gateway.outputs.tgw_id
-  vpc_id = dependency.vpc_splunk.outputs.vpc_id
-  subnets = dependency.vpc_splunk.outputs.private_subnets
-  route_tables = concat(dependency.vpc_splunk.outputs.private_route_tables, dependency.vpc_splunk.outputs.public_route_tables)
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
 }

000-skeleton/160-splunk-indexer-cluster/README.md

@@ -0,0 +1,7 @@
+# Creates the Indexer Cluster
+
+* 3x indexer ASGs
+* NLB for splunk data
+* ALB for hec without ack
+* ELB classic for HEC with ack
+* Security Groups for all of the above

000-skeleton/160-splunk-indexer-cluster/terragrunt.hcl

@@ -0,0 +1,44 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Indexer Cluster"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-indexer"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  private_subnets = dependency.vpc.outputs.private_subnets
+  public_subnets  = dependency.vpc.outputs.public_subnets
+}

000-skeleton/170-splunk-searchhead/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Searchhead"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

000-skeleton/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Heavy Forwarder"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

000-skeleton/account.hcl

@@ -6,23 +6,90 @@ locals {
   account_alias  = "TODO"
   aws_account_id = "TODO"
   instance_termination_protection = TODO # set to true for production!
+  splunk_prefix = "TODO"
+
+  splunk_data_sources = [
+    "x.x.x.x/32", # TODO: Add customer's public IP addresses
+  ]
+  splunk_legacy_cidr = [ ] # Should not be needed for new customers
+  splunk_asg_sizes   = [ 1, 1, 1 ] # How many indexers in each site
+  
   
   account_tags = { } 
-  c2_account_standards_path = "../../mdr-TODO-c2/005-account-standards-c2"
+  c2_account_standards_path = "../../mdr-TODO-c2/005-account-standards-c2" # TODO: Subsitute with test or prod
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   vpc_info = { 
     "vpc-splunk" = {
        "name" = "vpc-splunk",
-       "purpose" = "Splunk Systems",
-       "cidr" = "TODO"
+       "purpose" = "Splunk Systems (TODO)", # TODO: Substitute with Customer Name
+       "cidr" = "TODO",
+       "tgw_attached" = true
     }
   } 
 
   # For testing
   create_test_instance = false
-  test_instance_key_name = "TODO" # The key with which to provision the test instance
 
-  # Qualys Connector
-  qualys_connector_externalid = "TODO" # Needs to come from the qualys console
+  # Qualys Connector - See https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/Qualys
+  qualys_connector_externalid = "LATER" # Needs to come from the qualys console
+
+  # End of TODO
+
+  # Splunk instance sizes can be customized
+  # TODO: Set these appropriately in the skeleton for prod
+  instance_types = {
+    "splunk-cm"      = "t3a.small",  # legacy: t2.small
+    "splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
+    "splunk-hf"      = "t3a.small", # legacy: t2.medium
+    "splunk-sh"      = "t3a.small", # legacy: ? not sure
+  }
+
+  # Splunk Volume Sizes are probably fine at defaults
+  splunk_volume_sizes = {
+    "cluster_master" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "indexer" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "searchhead" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "heavy_forwarder" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+  }
 }

bin/terragrunt-apply-all

@@ -7,7 +7,7 @@ function argparse {
   while (( "$#" )); do
     case "$1" in
       -h|--help)
-        echo Usage: $0 '[-l|--local] [-t|--test] [-d|--debug]'
+        echo Usage: $0 '[-l|--local] [-t|--test] [-s|--skipqualys] [-d|--debug]'
         exit 0
         ;;
       -t|--test)
@@ -23,6 +23,10 @@ function argparse {
         DEBUG=1
         shift
         ;;
+      -s|--skipqualys)
+        SKIPQUALYS=1
+        shift
+        ;;
 #      -p|--only-path)
 #        if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
 #          ONLY_PATH=$2
@@ -93,6 +97,13 @@ for i in `seq -f "%g*" 0 9 | sort -n`; do
     echo "====================================================================================="
     echo "Processing module $MODULE..."
     echo "====================================================================================="
+    if [[ $SKIPQUALYS == 1 && $MODULE =~ qualys ]]; then
+      echo "Skipping due to skipqualys flag"
+      echo ""
+      continue
+    else
+     [[ $DEBUG == 1 ]] && echo  "Not qualys - SKIPQUALYS = ${SKIPQUALYS}; Module = ${MODULE}"
+    fi
     pushd . > /dev/null
     cd $MODULE
     if [[ $(basename $(pwd)) =~ regional ]]; then

test/aws-us-gov/mdr-test-modelclient/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-modelclient/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -20,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v0.8.3"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-modelclient/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.9.8"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.0.0"
 }
 
 dependency "c2_account_standards" {

test/aws-us-gov/mdr-test-modelclient/010-vpc-splunk/terragrunt.hcl

@@ -2,22 +2,23 @@ locals {
   # If you want to use any of the variables in _this_ file, you have to load them here.
   # However, they will all be available as inputs to the module loaded in terraform.source
   # below.
+
+  # e.g. inherited variables:
   environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
   region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
   account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
 }
 
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.9.4"
-}
-
-dependency "transit_gateway" {
-  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -25,6 +26,10 @@ include {
   path = find_in_parent_folders()
 }
 
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
 # These are the variables we have to pass in to use the module specified in the terragrunt source above
 inputs = {
   # All of the inputs from the inherited hcl files are available automatically
@@ -35,6 +40,7 @@ inputs = {
   tgw_id = dependency.transit_gateway.outputs.tgw_id
   vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
   tags = {
+    #Purpose # grabbed from vpc_info
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }

test/aws-us-gov/mdr-test-modelclient/021-qualys-connector-role/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.0.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Qualys Connector Role"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-modelclient/025-test-instance/terragrunt.hcl

@@ -11,7 +11,7 @@ locals {
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 }
 
-dependency "standard_vpc" {
+dependency "vpc_splunk" {
   config_path = "../010-vpc-splunk"
 }
 
@@ -36,6 +36,6 @@ inputs = {
     Purpose = "Testing Instance"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  subnet_id = dependency.standard_vpc.outputs.public_subnets[0]
-  security_group_ids = [ dependency.standard_vpc.outputs.allow_all_from_trusted_sg_id ]
+  subnet_id = dependency.vpc_splunk.outputs.public_subnets[0]
+  security_group_ids = [ dependency.vpc_splunk.outputs.allow_all_from_trusted_sg_id ]
 }

test/aws-us-gov/mdr-test-modelclient/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.0.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-modelclient/150-splunk-cluster-master/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Cluster Master"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-modelclient/160-splunk-indexer-cluster/README.md

@@ -0,0 +1,7 @@
+# Creates the Indexer Cluster
+
+* 3x indexer ASGs
+* NLB for splunk data
+* ALB for hec without ack
+* ELB classic for HEC with ack
+* Security Groups for all of the above

test/aws-us-gov/mdr-test-modelclient/160-splunk-indexer-cluster/terragrunt.hcl

@@ -0,0 +1,44 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Indexer Cluster"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-indexer"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  private_subnets = dependency.vpc.outputs.private_subnets
+  public_subnets  = dependency.vpc.outputs.public_subnets
+}

test/aws-us-gov/mdr-test-modelclient/170-splunk-searchhead/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Searchhead"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-modelclient/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.0.0"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Heavy Forwarder"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-modelclient/README.md

@@ -1,3 +1,3 @@
-# model client test (govcloud)
+# mdr-test-modelclient
 
-A model client.  Nobody in particular
+A test account / model client

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -5,21 +5,89 @@ locals {
   account_alias  = "afs-mdr-test-modelclient-gov"
   aws_account_id = "701341250728"
   instance_termination_protection = false # set to true for production!
+  splunk_prefix = "modelclient"
+
+  splunk_data_sources = [
+  ]
+  splunk_legacy_cidr = [ ] # Should not be needed for new customers
+  splunk_asg_sizes   = [ 1, 1, 1 ] # How many indexers in each site
+  
   
-  account_tags = { }
-  c2_account_standards_path = "../../mdr-test-c2/005-account-standards-c2"
+  account_tags = { } 
+  c2_account_standards_path = "../../mdr-test-c2/005-account-standards-c2" # Subsitute with test or prod
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
-  vpc_info = {
+  vpc_info = { 
     "vpc-splunk" = {
-      "name" = "vpc-splunk",
-      "purpose" = "Splunk Systems",
-      "cidr" = "10.20.8.0/22",
-      "tgw_attached" = true,
+       "name" = "vpc-splunk",
+       "purpose" = "Splunk Systems (modelclient)", # Substitute with Customer Name
+       "cidr" = "10.20.8.0/22",
+       "tgw_attached" = true
     }
-  }
+  } 
 
   # For testing
   create_test_instance = false
-  test_instance_key_name = "fdamstra" # The key with which to provision the test instance
+
+  # Qualys Connector
+  qualys_connector_externalid = "LATER" # Needs to come from the qualys console
+
+  # End of TODO
+
+  # Splunk instance sizes can be customized
+  # TODO: Set these appropriately in the skeleton for prod
+  instance_types = {
+    "splunk-cm"      = "t3a.small",  # legacy: t2.small
+    "splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
+    "splunk-hf"      = "t3a.small", # legacy: t2.medium
+    "splunk-sh"      = "t3a.small", # legacy: ? not sure
+  }
+
+  # Splunk Volume Sizes are probably fine at defaults
+  splunk_volume_sizes = {
+    "cluster_master" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "indexer" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "searchhead" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "heavy_forwarder" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+  }
 }