Merge pull request #160 from mdr-engineering/feature/dw_MSOCI-1544_CustomerSetup_nihors

WIP on nihors

bin/update-ami-accounts

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+AMIS=$( aws ec2 describe-images \
+  --owners self			\
+  --query 'Images[*].[ImageId]' \
+  --output text			\
+  --filters "Name=name,Values=MSOC*" )
+
+LIST=""
+
+while [[ "$1" != "" ]]; do
+	if [[ "$LIST" == "" ]]; then
+		LIST="{UserId=$1}"
+	else
+		LIST="$LIST,{UserId=$1}"
+	fi
+	shift
+done
+
+ADDOPERATION="Add=[$LIST]"
+echo "Operation=$ADDOPERATION"
+
+for AMI in $AMIS; do
+	NAME=$( aws ec2 describe-images --image-ids $AMI --query 'Images[*].[Name]' --output text)
+	echo "Updating AMI sharing for $AMI ($NAME)"
+
+	aws ec2 modify-image-attribute		\
+	   --image-id $AMI		 	\
+	   --launch-permission "$ADDOPERATION"
+done

common/aws-us-gov/partition.hcl

@@ -28,6 +28,7 @@ locals {
       "721817724804", # mdr-prod-c2
       "738736370544", # mdr-prod-modelclient
       "876865127438", # mdr-prod-malware
+      "022090475570", # mdr-prod-nihors
     ],
     "test" = [
       "738800754746", # mdr-test-c2

prod/aws-us-gov/mdr-prod-nihors/005-iam/terragrunt.hcl

@@ -18,32 +18,33 @@ locals {
 }
 
 # TODO: For provisioning only. Comment out after provisioning
-generate "provider" {
-  path      = "provider.tf"
-  if_exists = "overwrite_terragrunt"
-  contents  = <<EOF
-provider "template" {
-  version = "~> 2.1"
-}
-
-provider "aws" {
-  version = "~> 3.0"
-  region = "${local.aws_region}"
-
-  # TODO: make sure you have a profile matching this
-  profile = "tmp"
-
-  # Only these AWS Account IDs may be operated on by this template
-  allowed_account_ids = ["${local.account_id}"]
-}
-EOF
-}
+#  Provisioning is done so this is commented out
+#generate "provider" {
+#  path      = "provider.tf"
+#  if_exists = "overwrite_terragrunt"
+#  contents  = <<EOF
+#provider "template" {
+#  version = "~> 2.1"
+#}
+#
+#provider "aws" {
+#  version = "~> 3.0"
+#  region = "${local.aws_region}"
+#
+#  # TODO: make sure you have a profile matching this
+#  profile = "tmp"
+#
+#  # Only these AWS Account IDs may be operated on by this template
+#  allowed_account_ids = ["${local.account_id}"]
+#}
+#EOF
+#}
 
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.10.5"
 }
 
 dependency "c2_account_standards" {

prod/aws-us-gov/mdr-prod-nihors/010-vpc-splunk/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/021-qualys-connector-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "vpc_splunk" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v1.0.2"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/140-splunk-frozen-bucket/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.10.5"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-nihors/150-splunk-cluster-master/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.10.5"
 }
 
 dependency "vpc" {

prod/aws-us-gov/mdr-prod-nihors/160-splunk-indexer-cluster/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.5"
 }
 
 dependency "vpc" {

prod/aws-us-gov/mdr-prod-nihors/170-splunk-searchhead/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.10.5"
 }
 
 dependency "vpc" {

prod/aws-us-gov/mdr-prod-nihors/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.10.5"
 }
 
 dependency "vpc" {

prod/aws-us-gov/partition.hcl

@@ -28,6 +28,7 @@ locals {
       "721817724804", # mdr-prod-c2
       "738736370544", # mdr-prod-modelclient
       "876865127438", # mdr-prod-malware
+      "022090475570", # mdr-prod-nihors
     ],
     "test" = [
       "738800754746", # mdr-test-c2

prod/env.hcl

@@ -19,6 +19,7 @@ locals {
   # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2.
   # Put any standalone IPs at the end.
   cidr_map = {
+    "vpc-access" = [ "10.80.101.133/32", "10.80.101.126/32", "10.40.20.0/22" ], # vpc-access in mdr-prod-c2-gov
     "bastions" = [ "10.80.101.133/32", "10.40.20.0/22" ], # vpc-access in mdr-prod-c2-gov
     "vpns"     = [ "10.80.101.126/32", "10.40.20.0/22" ], # vpc-access in mdr-prod-c2-gov
     "scanners" = [ "10.40.12.0/22" ], # vpc-qualys