Merge branch 'master' into feature/jc_na_update_jeremy_home_ip

globals.hcl

@@ -18,8 +18,8 @@ locals {
     "74.211.32.26/32",     # Brad Poulton
     "70.160.60.248/32",    # Brandon Naughton
     "99.56.213.129/32",    # Fred Damstra
-    "97.117.81.187/32",    # Colby Williams
     "76.173.128.126/32",   # Jeremy Cooper
+    "97.117.87.190/32",    # Colby Williams
   ]
 
   portal_test_whitelist = [ # IPs for Portal Test and vmray
@@ -40,7 +40,7 @@ locals {
 
   admin_remote_ipset = [ 
     {
-      "value" = "71.163.33.106/32"   # James Kerr Home
+      "value" = "71.163.33.68/32"   # James Kerr Home
       type    = "IPV4"
     },
     {
@@ -51,6 +51,10 @@ locals {
       "value" = "99.151.37.185/32"   # Wesley Leonard Home
       type    = "IPV4"
     },
+    {
+      "value" = "74.211.32.26/32"   # Brad Poulton Home
+      type    = "IPV4"
+    },
     {
       "value" = "104.9.149.90/32"    # Greg Rivas Home
       type    = "IPV4"

prod/aws-us-gov/mdr-prod-c2/210-rds-jira/terragrunt.hcl

@@ -15,7 +15,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/jira/rds_jira?ref=v1.21.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/jira/rds_jira?ref=v1.24.10"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws/legacy-mdr-prod/022-attach-transit-gateway-to-legacy-dc-c19/terragrunt.hcl

@@ -19,7 +19,8 @@ dependency "transit_gateway" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  #source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/terminated?ref=v1.24.10"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws/legacy-mdr-prod/022-attach-transit-gateway-to-legacy-la-c19/terragrunt.hcl

@@ -19,7 +19,8 @@ dependency "transit_gateway" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  #source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/terminated?ref=v1.24.10"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws/legacy-mdr-prod/022-attach-transit-gateway-to-legacy-ma-c19/terragrunt.hcl

@@ -19,7 +19,8 @@ dependency "transit_gateway" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  #source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.9.4"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/terminated?ref=v1.24.10"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/085-keycloak/.terraform.lock.hcl

@@ -0,0 +1,110 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.37.0"
+  constraints = ">= 2.49.0, 3.37.0"
+  hashes = [
+    "h1:GeRKgHncFkh8vd+Rlq6G/5D7wgfd9LXLYrfNvLiMy48=",
+    "h1:RvLGIfRZfbzY58wUja9B6CvGdgVVINy7zLVBdLqIelA=",
+    "h1:Tf6Os+utUxE8rEr/emCXLFEDdCb0Y6rsN4Ee84+aDCQ=",
+    "h1:mxnOC4CXzhG+/JiAs6u2QTn6ecDBoiZBqxaXwqp2TB0=",
+    "zh:064c9b21bcd69be7a8631ccb3eccb8690c6a9955051145920803ef6ce6fc06bf",
+    "zh:277dd05750187a41282cf6e066e882eac0dd0056e3211d125f94bf62c19c4b8b",
+    "zh:47050211f72dcbf3d99c82147abd2eefbb7238efb94d5188979f60de66c8a3df",
+    "zh:4a4e0d070399a050847545721dae925c192a2d6354802fdfbea73769077acca5",
+    "zh:4cbc46f79239c85d69389f9e91ca9a9ebf6a8a937cfada026c5a037fd09130fb",
+    "zh:6548dcb1ac4a388ed46034a5317fa74b3b0b0f68eec03393f2d4d09342683f95",
+    "zh:75b4a82596aa525d95b0b2847fe648368c6e2b054059c4dc4dcdee01d374b592",
+    "zh:75cf5cc674b61c82300667a82650f56722618b119ab0526b47b5ecbb4bbf49d0",
+    "zh:93c896682359039960c38eb5a4b29d1cc06422f228db0572b90330427e2a21ec",
+    "zh:c7256663aedbc9de121316b6d0623551386a476fc12b8eb77e88532ce15de354",
+    "zh:e995c32f49c23b5938200386e08b2a3fd69cf5102b5299366c0608bbeac68429",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.1.0"
+  constraints = ">= 2.2.0, >= 3.1.0"
+  hashes = [
+    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
+    "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=",
+    "h1:cH1JxJhQqK+FqqkJkmpX9QPC1OD08Bak1fm5IZcnMYw=",
+    "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
+    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
+    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
+    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
+    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
+    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
+    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
+    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
+    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
+    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
+    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
+    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version     = "2.2.0"
+  constraints = "2.2.0"
+  hashes = [
+    "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
+    "h1:12Bac8B6Aq2+18xe8iqp5iYytav2Bw+jG43z/VaK5zI=",
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/vault" {
+  version     = "2.19.1"
+  constraints = "2.19.1"
+  hashes = [
+    "h1:04SjcwVTpGqFOAZezd9vmo/ceQGovZL/Cb9kVPjQscQ=",
+    "h1:3LNNXigzNkIAALc1v8uRfKmjzlUYyfQH+r/N5plUUeA=",
+    "h1:Sqdnqh2CHtEEVdTQom0+qQsgn+gjnVZXk6Xb9iOPQi4=",
+    "h1:yz5QWTvycJvjR3Z5EaCLF6UC8hugPAz2eIy9NzymPoI=",
+    "zh:0c6ca9d49bc116788015bbf83f7e8e405e4e63bfd9dd198f29d501632bc7d79f",
+    "zh:1f13cbe8d6b98a9e0392c72320cd86d5253a09f3c45fe9f4baa2b71660621d1e",
+    "zh:365d07bec517cb17523526c3a6f1bd23dbedb7fe8868d28976998c5eff3b9932",
+    "zh:3ac807ce39cd11d5a573377b868bc547f1f24ac2fb7bf3d7e1ec5a62ead7c31f",
+    "zh:5eb21cf4628353fcbd44231b92d1e027340af98b2ba02aaa01d91b07989caa8c",
+    "zh:66bed701cd0372b864ba656c9a01deb15e6cd7ac4390a3933e034a01f7bbe703",
+    "zh:8dd523de854b59f7e837102064f23fcf33ee69d4d46feeb5a67796b7ba03d003",
+    "zh:a514911915ab7d7b5fda18a7ca1404ca0496a54088a6ef52e0b92e4e0d7ff85e",
+    "zh:b4020c332c2b5b992f56d0e3e7b4940f7dab63f2af5558d913e79834b90b4d80",
+    "zh:bdb1c77d22e7accedf4b501f139c306c46dcb58ff693b9a6dcaef356c6749ee1",
+  ]
+}
+
+provider "registry.terraform.io/jtopjian/sensu" {
+  version     = "0.10.5"
+  constraints = "0.10.5"
+  hashes = [
+    "h1:/i+iYOhp7+nC7rZHJcQ4TWf4POHGhbwShPuvyko+/0s=",
+    "h1:DwoEsKZDLh315Q99LFdnzgqJR0kNHTBeUC9rZRJP2iU=",
+    "h1:MGRbVNP4L1FNXzAKUwBTUu9loNUGmRJQSndDrubRm7o=",
+    "h1:ZMsKGpRtwCSpkxZrpB4jFMxJ+RQCMs9Xed+RLPzMTm4=",
+    "zh:3225f4916085c97dd49deab54a8a590f6d32f9e7b07c4781e1da7a639bacc412",
+    "zh:45dc4d6edd2943f77967bd50065070e3eece274b9a32a5de4541b80609d53aaf",
+    "zh:4a35d980af50e4e86935fe3e1a55baf917f46921bea288abc53f438dc334ada2",
+    "zh:6b1bee30e0d0c2713ae684920c3a9ae0d01bb847e616358e254412b382671d4c",
+    "zh:7f0d10555eff2748c03a5642e785be3624e304cc174874c6ab52cb05041efecf",
+    "zh:7f70a20b92759afd7f5dd9b4877328b657545377e4e6e1f67c9b55e883d08b81",
+    "zh:844c3b405620779d06871d9ca9f84fa3745bbae668af8bd790504fd4649fbb7a",
+    "zh:95aba67c1ccdf6dd3f75c257f1a91e936fbd0ddb47b21fc85e90b7204abe7c05",
+    "zh:97f20679d06fcf74c6dbb30930541c8e12e07e8210213b4437d6b79034b8b60d",
+    "zh:c77dd3019a11eb7e047a09e38d8347de1bd1fecc7893c2f52512ede811ab7103",
+    "zh:c86d3aa646335ac7d5bb85475e7be115b62adc8d06ab4fb962c7f2874a1b5108",
+  ]
+}

test/aws-us-gov/mdr-test-c2/090-instance-keycloak/terragrunt.hcl → test/aws-us-gov/mdr-test-c2/085-keycloak/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/keycloak-single-instance?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/keycloak?ref=v1.25.0"
 }
 
 dependency "vpc-public" {
@@ -34,11 +34,12 @@ inputs = {
     Purpose = "Identity Provider",
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  instance_name = "keycloak"
-  instance_type = "t3a.large"
+  instance_type = local.account_vars.locals.instance_types["keycloak"]
+  db_instance_type = local.account_vars.locals.instance_types["keycloak-db"]
   vpc_id = dependency.vpc-public.outputs.vpc_id
   azs = dependency.vpc-public.outputs.azs
-  subnets = dependency.vpc-public.outputs.public_subnets
+  public_subnets = dependency.vpc-public.outputs.public_subnets
+  private_subnets = dependency.vpc-public.outputs.private_subnets
 }
 terraform_version_constraint = "= 0.15.1"
 terragrunt_version_constraint = ">= 0.29, < 0.30"

test/aws-us-gov/mdr-test-c2/275-nessus-security-receivers/terragrunt.hcl

@@ -0,0 +1,44 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_receiver?ref=v1.24.10"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-scanners"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Tenable Nessus Receivers - Inbound from LCPs"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  instance_type = local.account_vars.locals.instance_types["nessus_scanners"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  azs = dependency.vpc.outputs.azs
+  public_subnets = dependency.vpc.outputs.public_subnets
+  private_subnets = dependency.vpc.outputs.private_subnets
+}
+terraform_version_constraint = "= 0.15.1"
+terragrunt_version_constraint = ">= 0.29, < 0.30"

test/aws-us-gov/mdr-test-c2/275-nessus-security-scanners/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_scanner?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_scanner?ref=v1.24.10"
 }
 
 dependency "vpc" {

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -148,8 +148,11 @@ locals {
     "github-backup"  = "t3a.medium", # legacy: t2.micro
     "jira-rds"       = "db.t3.medium",
     "jira-server"    = "t3a.small", # legacy test: t2.small, legacy prod: t2.medium
+    "keycloak"       = "t3a.large",
+    "keycloak-db"    = "db.t3.micro"
     "nessus_security_center" = "m5a.xlarge",
     "nessus_scanners" = "m5a.large",
+    "nessus_receivers" = "m5a.large",
     "phantom"        = "t3a.medium", # legacy test: t2.medium, legacy prod: m4.4xlarge
     "qcompliance"    = "t3a.small", # legacy: ? not sure
     "splunk-cm"      = "t3a.small",  # legacy: t2.small
@@ -170,6 +173,9 @@ locals {
   # Bastion
   bastion_instance_type = "t3a.micro"
 
+  # Keycloak
+  keycloak_instance_count = 2
+
   # Salt Master
   salt_master_instance_type = "t3a.large"
 
@@ -178,6 +184,7 @@ locals {
 
   # Nessus Scanner Variables
   nessus_scanner_count = 2
+  nessus_receiver_count = 1 # Can't see us needing more than one?
 
   # OpenVPN Server
   openvpn_instance_type = "t3a.medium"