Merge branch 'master' into feature/bp_MSOCI-1448_portal_gc

# Conflicts:
#	test/aws-us-gov/mdr-test-c2/account.hcl

000-skeleton/005-iam/terragrunt.hcl

@@ -6,19 +6,44 @@ locals {
   # e.g. inherited variables:
   #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
-  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
   #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 
   # Extract out common variables for reuse
-  #env = local.environment_vars.locals.environment
+  #env            = local.environment_vars.locals.environment
+  aws_region     = local.region_vars.locals.aws_region
+  account_id     = local.account_vars.locals.aws_account_id
+  
+}
+
+# TODO: For provisioning only. Comment out after provisioning
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "template" {
+  version = "~> 2.1"
+}
+
+provider "aws" {
+  version = "~> 3.0"
+  region = "${local.aws_region}"
+
+  # TODO: make sure you have a profile matching this
+  profile = "tmp"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
 }
 
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/006-account-standards/terragrunt.hcl

@@ -14,7 +14,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.10.17"
 }
 
 dependency "c2_account_standards" {

000-skeleton/010-vpc-splunk/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/021-qualys-connector-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/025-test-instance/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "vpc_splunk" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v1.0.2"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/072-salt-master-inventory-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/140-splunk-frozen-bucket/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.10.17"
 }
 
 # Include all settings from the root terragrunt.hcl file

000-skeleton/150-splunk-cluster-master/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.10.17"
 }
 
 dependency "vpc" {

000-skeleton/160-splunk-indexer-cluster/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.17"
 }
 
 dependency "vpc" {

000-skeleton/170-splunk-searchhead/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.10.17"
 }
 
 dependency "vpc" {

000-skeleton/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.0.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.10.17"
 }
 
 dependency "vpc" {

000-skeleton/account.hcl

@@ -7,6 +7,7 @@ locals {
   aws_account_id = "TODO"
   instance_termination_protection = TODO # set to true for production!
   splunk_prefix = "TODO"
+  splunk_private_hec = TODO # True if the customer needs a private HTTP Event Collector such as for ALSI
 
   splunk_data_sources = [
     "x.x.x.x/32", # TODO: Add customer's public IP addresses
@@ -15,7 +16,9 @@ locals {
   splunk_asg_sizes   = [ 1, 1, 1 ] # How many indexers in each site
   
   
-  account_tags = { } 
+  account_tags = {
+    "Client": local.splunk_prefix,
+  } 
   c2_account_standards_path = "../../mdr-TODO-c2/005-account-standards-c2" # TODO: Subsitute with test or prod
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
@@ -39,6 +42,8 @@ locals {
   # Splunk instance sizes can be customized
   # TODO: Set these appropriately in the skeleton for prod
   instance_types = {
+    "alsi-master"    = "t3a.small",
+    "alsi-worker"    = "t3a.small",
     "splunk-cm"      = "t3a.small",  # legacy: t2.small
     "splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
     "splunk-hf"      = "t3a.small", # legacy: t2.medium
@@ -92,4 +97,12 @@ locals {
       "/opt/splunk": 30, # No minimum; not in base image
     },
   }
+
+  # ALSI - Aggregated Log Source Ingestion
+  #
+  # If cribl is being used for log ingestion, remember to turn on splunk_private_hec, too.
+  alsi_workers = 0 # how many cribl workers
+  alsi_splunk_nlb = false # splunk://moose-alsi-splunk.xdr{,test}.accenturefederalcyber.com:9997 and 9998
+  alsi_elastic_alb = false # https://moose-alsi-elastic.xdr{,test}.accenturefederalcyber.com -> 9200
+  alsi_hec_alb = false # https://moose-alsi-hec.xdr{,test}.accenturefederalcyber.com -> 8080
 }

bin/terragrunt-apply-all

@@ -136,6 +136,9 @@ for i in `seq -f "%g*" 0 9 | sort -n`; do
           echo "========== Region completed: $i"
         fi
       done
+    elif [[ -f DISABLED ]]; then
+      echo Skipping module due to \"DISABLED\" file.
+      EXITCODE=0
     else
       [[ $TESTING ]] && ${TERRAGRUNT_BIN} plan  # Run a plan if testing
       [[ $TESTING ]] || ${TERRAGRUNT_BIN} init  # Run an init and apply otherwise

bin/update-ami-accounts

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+AMIS=$( aws ec2 describe-images \
+  --owners self			\
+  --query 'Images[*].[ImageId]' \
+  --output text			\
+  --filters "Name=name,Values=MSOC*" )
+
+LIST=""
+
+while [[ "$1" != "" ]]; do
+	if [[ "$LIST" == "" ]]; then
+		LIST="{UserId=$1}"
+	else
+		LIST="$LIST,{UserId=$1}"
+	fi
+	shift
+done
+
+ADDOPERATION="Add=[$LIST]"
+echo "Operation=$ADDOPERATION"
+
+for AMI in $AMIS; do
+	NAME=$( aws ec2 describe-images --image-ids $AMI --query 'Images[*].[Name]' --output text)
+	echo "Updating AMI sharing for $AMI ($NAME)"
+
+	aws ec2 modify-image-attribute		\
+	   --image-id $AMI		 	\
+	   --launch-permission "$ADDOPERATION"
+done

common/aws-us-gov/afs-mdr-common-services-gov/000-mdradmin-bootstrap/DISABLED

@@ -0,0 +1 @@
+Terraform only. Disabled for terragrunt-apply-all

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/DISABLED

@@ -0,0 +1 @@
+Terraform only. Disabled for terragrunt-apply-all

common/aws-us-gov/afs-mdr-common-services-gov/015-security-vpc/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.10.14"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/072-salt-master-inventory-role/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/075-codebuild-ecr-base/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/075-codebuild-ecr-base/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_base?ref=v1.10.8"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Base module for Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

common/aws-us-gov/afs-mdr-common-services-gov/080-codebuild-ecr-sample/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/080-codebuild-ecr-sample/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/080-codebuild-ecr-sample/terragrunt.hcl

@@ -0,0 +1,74 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v1.10.8"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.1.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build Sample Docker Container with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                  = "xdr-container-sample"
+  service_role          = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key               = dependency.codebuild-ecr-base.outputs.kms_key
+  codebuild_image       = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  #codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket    = ""
+  #artifact_s3_bucket   = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+  webhook_branch_filter = "release/.*"
+}

common/aws-us-gov/afs-mdr-common-services-gov/081-codebuild-rpm-collectd/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/081-codebuild-rpm-collectd/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/081-codebuild-rpm-collectd/terragrunt.hcl

@@ -0,0 +1,72 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v1.10.8"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build RPM with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                = "collectd-rpm"
+  service_role        = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key             = dependency.codebuild-ecr-base.outputs.kms_key
+  #codebuild_image     = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+}

common/aws-us-gov/afs-mdr-common-services-gov/085-codebuild-ecr-customer-portal/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/085-codebuild-ecr-customer-portal/terragrunt.hcl

@@ -0,0 +1,74 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_customer_portal?ref=v1.10.10"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "mdr-engineering"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+#Provider block for Github MDR Content. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "MDR-Content"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build Docker Container with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                  = "customer_portal"
+  service_role          = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key               = dependency.codebuild-ecr-base.outputs.kms_key
+  codebuild_image       = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  #codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket    = ""
+  #artifact_s3_bucket   = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+  webhook_branch_filter = "release/.*"
+}

common/aws-us-gov/afs-mdr-common-services-gov/090-codebuild-rpm-tmux/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/090-codebuild-rpm-tmux/terragrunt.hcl

@@ -0,0 +1,72 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v1.10.8"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build RPM with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                = "tmux-rpm"
+  service_role        = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key             = dependency.codebuild-ecr-base.outputs.kms_key
+  #codebuild_image     = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+}

common/aws-us-gov/afs-mdr-common-services-gov/095-codebuild-rpm-aws-efs-utils/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/095-codebuild-rpm-aws-efs-utils/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/095-codebuild-rpm-aws-efs-utils/terragrunt.hcl

@@ -0,0 +1,72 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v1.10.8"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build RPM with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                = "aws-efs-utils"
+  service_role        = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key             = dependency.codebuild-ecr-base.outputs.kms_key
+  #codebuild_image     = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+}

common/aws-us-gov/afs-mdr-common-services-gov/100-codebuild-rpm-syslog-ng/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/100-codebuild-rpm-syslog-ng/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/100-codebuild-rpm-syslog-ng/terragrunt.hcl

@@ -0,0 +1,72 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_artifact?ref=v1.10.8"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build RPM with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                = "syslog-ng-rpm"
+  service_role        = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key             = dependency.codebuild-ecr-base.outputs.kms_key
+  #codebuild_image     = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  codebuild_image    = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+}

common/aws-us-gov/afs-mdr-common-services-gov/105-codebuild-ecr-mcas-container/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../../.tfswitch.toml

common/aws-us-gov/afs-mdr-common-services-gov/105-codebuild-ecr-mcas-container/DISABLED

@@ -0,0 +1 @@
+Proof of concept code that we may need in the future.

common/aws-us-gov/afs-mdr-common-services-gov/105-codebuild-ecr-mcas-container/terragrunt.hcl

@@ -0,0 +1,73 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_ecr_project?ref=v1.10.10"
+}
+
+dependency "codebuild-ecr-base" {
+  config_path = "../075-codebuild-ecr-base"
+}
+
+#Github specific provider
+generate "github-provider" {
+  path      = "github-provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+terraform {
+  required_providers {
+    github = {
+      source = "integrations/github"
+      version = "4.2.0"
+    }
+  }
+}
+#Provider block for Github engineering. 
+provider "github" {
+  version      = "~> 4.2.0"
+  organization = "mdr-engineering"
+  base_url     = "https://github.mdr.defpoint.com/"
+}
+#Provider block for Github MDR Content. 
+#provider "github" {
+#  version      = "~> 4.2.0"
+#  organization = "MDR-Content"
+#  base_url     = "https://github.mdr.defpoint.com/"
+#}
+EOF
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Build Docker Container with Codebuild"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  name                  = "mcas-agent-container"
+  service_role          = dependency.codebuild-ecr-base.outputs.service_role
+  kms_key               = dependency.codebuild-ecr-base.outputs.kms_key
+  #codebuild_image       = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+  #codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_centos7
+  codebuild_image      = dependency.codebuild-ecr-base.outputs.codebuild_image_rhel7
+  artifact_s3_bucket    = ""
+  #artifact_s3_bucket   = dependency.codebuild-ecr-base.outputs.artifact_s3_bucket
+}

common/aws-us-gov/afs-mdr-common-services-gov/account.hcl

@@ -5,8 +5,11 @@ locals {
   account_alias  = "afs-mdr-common-services-gov"
   aws_account_id = "701290387780"
   instance_termination_protection = true # set to true for production!
-  
-  account_tags = { } 
+  splunk_prefix = "moose"
+
+  account_tags = {
+    "Client": local.splunk_prefix
+  }
   c2_account_standards_path = "../../../../prod/aws-us-gov/mdr-prod-c2/005-account-standards-c2"
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation

common/aws-us-gov/partition.hcl

@@ -28,6 +28,8 @@ locals {
       "721817724804", # mdr-prod-c2
       "738736370544", # mdr-prod-modelclient
       "876865127438", # mdr-prod-malware
+      "022090475570", # mdr-prod-nihors
+      "081915784976", # mdr-prod-bas
     ],
     "test" = [
       "738800754746", # mdr-test-c2

common/aws/legacy-mdr-root/account.hcl

@@ -4,7 +4,10 @@ locals {
   account_name   = "legacy-mdr-root"
   account_alias  = ""
   aws_account_id = "350838957895"
-  
-  account_tags = { } 
+  splunk_prefix = "moose"
+
+  account_tags = {
+    "Client": local.splunk_prefix
+  }
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
 }

common/aws/mdr-common-services/000-mdradmin-bootstrap/DISABLED

@@ -0,0 +1 @@
+Terraform only. Disabled for terragrunt-apply-all

common/aws/mdr-common-services/001-tfstate/DISABLED

@@ -0,0 +1 @@
+Terraform only. Disabled for terragrunt-apply-all

common/aws/mdr-common-services/010-shared-ami-key/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v1.10.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/shared_ami_key?ref=v1.10.17"
 }
 
 include {

common/aws/mdr-common-services/011-defpoint_com-legacy-dns/.tfswitch.toml

@@ -0,0 +1 @@
+version = "0.13.5"

common/aws/mdr-common-services/011-defpoint_com-legacy-dns/terragrunt.hcl

@@ -0,0 +1,22 @@
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/legacy_defpoint_com?ref=v1.10.17"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

common/aws/mdr-common-services/015-security-vpc/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.10.14"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/account.hcl

@@ -5,8 +5,11 @@ locals {
   account_alias  = "afs-mdr-common-services"
   aws_account_id = "471284459109"
   instance_termination_protection = true # set to true for production!
-  
-  account_tags = { } 
+  splunk_prefix = "moose"
+
+  account_tags = {
+    "Client": local.splunk_prefix
+  }
   c2_account_standards_path = "../../../../prod/aws/mdr-prod-c2/005-account-standards-c2"
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation

common/env.hcl

@@ -51,7 +51,15 @@ locals {
     "public" = {
       zone = "xdr.accenturefederalcyber.com"
       zone_id = "Z0083657A94URZM2TM87"
-    }
+    },
+    "legacy_private" = {
+      zone = "msoc.defpoint.local"
+      zone_id = "Z2JVOIKXZP64QP"
+    },
+    "legacy_public" = {
+      zone = "mdr.defpoint.com"
+      zone_id = "Z2HYR9YEZ4KLDE"
+    },
   }
 
   # legacy DNS

globals.hcl

@@ -10,20 +10,15 @@ locals {
   }
 
   trusted_ips = [ # IPs for 'permissive' ingress. Used for the bastion host and for testing. Think twice before employing.
-    "12.245.107.250/32",   # DPS Office Legato
-    "12.204.167.162/32",   # DPS Office San Antonio
-    "54.86.98.62/32",      # DPS AWS User VPN
     "75.138.227.80/32",    # Duane Waddle
     "24.11.231.98/32",     # George Starcher
     "99.151.37.185/32",    # Wesley Leonard
     "70.106.200.157/32",   # John Reuther
-    "108.243.20.48/32",    # Ryan Plas
     "73.10.53.113/32",     # Rick Page Home
     "50.21.207.50/32",     # Brad Poulton
     "70.160.60.248/32",    # Brandon Naughton
-    "173.71.212.4/32",     # Ryan Howard
     "99.56.213.129/32",    # Fred Damstra
-    "97.117.78.121/32",    # Colby Williams
+    "97.117.81.187/32",    # Colby Williams
   ]
   portal_test_whitelist = local.trusted_ips # for now, an alias
 
@@ -57,6 +52,33 @@ locals {
     "18.253.98.90/32",
   ]  
 
+  # All of the "external" things that need access to publically
+  # available C2 services, like Salt Masters, Repo Servers
+  #
+  # Structure is a list of maps, and the "description" value in the
+  # map must be unique across the whole list or it will cause an error.
+  #
+  # TODO:  the lists of IPs above need to be moved into this.  I did not
+  # attempt it NOW because of the upcoming change freeze and a desire to
+  # not put in unnecessary changes.
+  c2_services_external_ips = [
+    {
+      description = "NIH ORS LCP"
+      cidr_blocks = [
+        "137.187.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
+        "128.231.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
+        "165.112.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
+        "156.40.208.0/20",  # Derived from our VPC Flow Logs deny logs 2020-12-11
+      ]
+    },
+    {
+      description = "BP-OT-DEMO LCP"
+      cidr_blocks = [
+        "184.105.253.64/28", # Provided by OT IP address range for Houston CFC 2021-02-09
+      ]
+    }
+  ]
+
   dns_zone_map = {
     "accenturefederalcyber.com" = "Z03575081VGXN3FUZ8ERU"
     "accenturefederalcyber.net" = "Z07771312N8X39HKP141M"
@@ -70,7 +92,7 @@ locals {
     local.afs_azure_pop,
     local.nga_pop,
     [ "52.179.13.17/32",  #???
-      "75.138.227.80/32", #???
+      "75.138.227.80/32", # Duane's House
     ],
     local.xdr_interconnect
   )

prod/aws-us-gov/mdr-prod-bas/005-iam/terragrunt.hcl

@@ -0,0 +1,62 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env            = local.environment_vars.locals.environment
+  aws_region     = local.region_vars.locals.aws_region
+  account_id     = local.account_vars.locals.aws_account_id
+  
+}
+
+# TODO: For provisioning only. Comment out after provisioning
+#generate "provider" {
+#  path      = "provider.tf"
+#  if_exists = "overwrite_terragrunt"
+#  contents  = <<EOF
+#provider "template" {
+#  version = "~> 2.1"
+#}
+
+#provider "aws" {
+#  version = "~> 3.0"
+#  region = "${local.aws_region}"
+#
+#  # TODO: make sure you have a profile matching this
+#  profile = "tmp"
+#
+#  # Only these AWS Account IDs may be operated on by this template
+#  allowed_account_ids = ["${local.account_id}"]
+#}
+#EOF
+#}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.10.16"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-bas/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -0,0 +1,61 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  aws_partition  = local.partition_vars.locals.aws_partition
+  account_id     = local.account_vars.locals.aws_account_id
+  common_profile = local.partition_vars.locals.common_profile
+
+  target_aws_region = "us-gov-west-1"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.10.16"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+############# Custom provider for the region
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  version = "~> 2.66"
+  region = "${local.target_aws_region}"
+
+  assume_role {
+    role_arn = "arn:${local.aws_partition}:iam::${local.account_id}:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
+
+  profile = "${local.common_profile}"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-bas/006-account-standards/README.md

@@ -0,0 +1,26 @@
+# Account Standards
+
+Creates elements that are standard in all accounts, such as access keys, kms keys, etc.
+
+## NOTE: Possible aws_config_configuration_recorder conflict with camrs
+NOTE: For commercial accounts, camrs may have set up AWS config already, though in a configuration where they don't appear to be able to use it. This will conflict with the AWS Config setup present in this module. To fix this, the existing recorder must be imported. In the module directory, run (this will only need to be done once per account):
+```
+terragrunt import aws_config_configuration_recorder.awsconfig_recorder default
+aws --profile <account-profile> configservice describe-delivery-channels
+terragrunt import aws_config_delivery_channel.awsconfig_delivery_channel camrs-rt-aws-mdr-14019-tstsc-config-rDeliveryChannel-3JUH8QIHEQE6
+```
+
+## NOTE: Eventual consistency error with service-linked-role
+
+NOTE: This module creates a service-linked role for AWSAutoScaling. This role may not propagate before terraform tries to create policies that reference it as a principal, resulting in teh error:
+
+```
+Error: MalformedPolicyDocumentException: Policy contains a statement with one or more invalid principals.
+```
+
+I have a `depends_on` clause, but it doesn't resolve the issue. 
+
+This issue appears to be the same thing, but it apparently isn't fixed in this use case:
+https://github.com/hashicorp/terraform-provider-aws/issues/7646
+
+

prod/aws-us-gov/mdr-prod-bas/006-account-standards/terragrunt.hcl

@@ -0,0 +1,38 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.10.16"
+}
+
+dependency "c2_account_standards" {
+  config_path = local.account_vars.locals.c2_account_standards_path
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  cloudtrail_key_arn = dependency.c2_account_standards.outputs.cloudtrail_logging_bucket.kms_key_id
+}

prod/aws-us-gov/mdr-prod-bas/010-vpc-splunk/README.md

@@ -0,0 +1,7 @@
+# Standard VPC
+
+Creates a single VPC from the subnet defined in `../accounts.hcl`, divided into 3 subnets.
+
+## Note:
+
+This is the first using the "terragrunt best practice" template, so it will either serve as a good model or it will fail miserably. Either way, this may be outdated.

prod/aws-us-gov/mdr-prod-bas/010-vpc-splunk/terragrunt.hcl

@@ -0,0 +1,47 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.16"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = true # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_tgw_invitation = true
+}

prod/aws-us-gov/mdr-prod-bas/021-qualys-connector-role/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v1.10.16"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Qualys Connector Role"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-bas/025-test-instance/README.md

@@ -0,0 +1 @@
+# Create a test instance if `create_test_instance` is set to true.

prod/aws-us-gov/mdr-prod-bas/025-test-instance/terragrunt.hcl

@@ -0,0 +1,41 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+dependency "vpc_splunk" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/test_instance?ref=v1.0.2"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Testing Instance"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  subnet_id = dependency.vpc_splunk.outputs.public_subnets[0]
+  security_group_ids = [ dependency.vpc_splunk.outputs.allow_all_from_trusted_sg_id ]
+}

prod/aws-us-gov/mdr-prod-bas/072-salt-master-inventory-role/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master_inventory_role?ref=v1.10.16"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Inventory for FedRAMP Compliance"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-bas/140-splunk-frozen-bucket/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.0.7"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Frozen Data"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-bas/150-splunk-cluster-master/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.10.16"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Cluster Master"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-bas/160-splunk-indexer-cluster/README.md

@@ -0,0 +1,7 @@
+# Creates the Indexer Cluster
+
+* 3x indexer ASGs
+* NLB for splunk data
+* ALB for hec without ack
+* ELB classic for HEC with ack
+* Security Groups for all of the above

prod/aws-us-gov/mdr-prod-bas/160-splunk-indexer-cluster/terragrunt.hcl

@@ -0,0 +1,44 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.17"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Indexer Cluster"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-indexer"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  private_subnets = dependency.vpc.outputs.private_subnets
+  public_subnets  = dependency.vpc.outputs.public_subnets
+}

prod/aws-us-gov/mdr-prod-bas/170-splunk-searchhead/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.10.16"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Searchhead"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-bas/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.10.16"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Heavy Forwarder"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-bas/README.md

@@ -0,0 +1,3 @@
+# Business Applications Solution (BAS) Commerce
+
+copied from skeleton as of commit ffea16f564b3482f6baee8e01dd1f4831ef6a209 (Jan 6 2021)

prod/aws-us-gov/mdr-prod-bas/account.hcl

@@ -0,0 +1,97 @@
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  # TODO put the right values here
+  account_name   = "mdr-prod-bas"
+  account_alias  = "mdr-prod-bas"
+  aws_account_id = "081915784976"
+  instance_termination_protection = true # set to true for production!
+  splunk_prefix = "bas"
+
+  splunk_data_sources = [
+    # "x.x.x.x/32", # TODO: Add customer's public IP addresses
+  ]
+  splunk_legacy_cidr = [ ] # Should not be needed for new customers
+  splunk_asg_sizes   = [ 1, 1, 1 ] # How many indexers in each site
+  
+  
+  account_tags = {
+    "Client": local.splunk_prefix,
+  } 
+  c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2" # TODO: Subsitute with test or prod
+
+  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
+  vpc_info = { 
+    "vpc-splunk" = {
+       "name" = "vpc-splunk",
+       "purpose" = "Splunk Systems (BAS)", # TODO: Substitute with Customer Name
+       "cidr" = "10.42.24.0/22",
+       "tgw_attached" = true
+    }
+  } 
+
+  # For testing
+  create_test_instance = false
+
+  # Qualys Connector - See https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/Qualys
+  qualys_connector_externalid = "1620314156668" # Needs to come from the qualys console
+
+  # End of TODO
+
+  # Splunk instance sizes can be customized
+  # TODO: Set these appropriately in the skeleton for prod
+  instance_types = {
+    "splunk-cm"      = "m5a.xlarge",  # legacy: t2.small
+    "splunk-indexer" = "i3en.3xlarge", # legacy: t2.small, but whats the point if we don't have instance storage.
+    "splunk-hf"      = "m5a.xlarge", # legacy: t2.medium
+    "splunk-sh"      = "m5a.4xlarge", # legacy: ? not sure
+  }
+
+  # Splunk Volume Sizes are probably fine at defaults
+  splunk_volume_sizes = {
+    "cluster_master" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "indexer" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "searchhead" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "heavy_forwarder" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+  }
+}

prod/aws-us-gov/mdr-prod-c2/010-vpc-access/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.14"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/010-vpc-portal/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.14"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/010-vpc-private-services/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.14"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/010-vpc-public/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.14"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/010-vpc-splunk/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.17"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/010-vpc-system-services/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.14"
 }
 
 dependency "transit_gateway" {

prod/aws-us-gov/mdr-prod-c2/015-security-vpc-interconnects/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.0.7"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/security_vpc?ref=v1.10.14"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-c2/020-transit-gateway-interconnect-vpn/terragrunt.hcl

@@ -8,7 +8,7 @@ locals {
 
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_interconnect_vpn?ref=v0.9.4"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_interconnect_vpn?ref=v1.10.16"
 }
 
 dependency "transit-gateway-hub" {

prod/aws/mdr-prod-c2/023-dns-resolver-instance/terragrunt.hcl → prod/aws-us-gov/mdr-prod-c2/023-dns-resolver-instance-2/terragrunt.hcl

@@ -19,7 +19,7 @@ dependency "vpc_system_services" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/resolver_instance?ref=v1.0.9"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/resolver_instance?ref=v1.10.9"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -33,10 +33,11 @@ inputs = {
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
   tags = {
-    Purpose = "DNS Resolver"
+    Purpose = "DNS Resolver 2"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  subnet_id = dependency.vpc_system_services.outputs.public_subnets[0]
+  subnet_id = dependency.vpc_system_services.outputs.public_subnets[1]
   vpc_id = dependency.vpc_system_services.outputs.vpc_id
   reverse_enabled = true # Set to 'true' on second run
+  instance_number = 2
 }

prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.0.2"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.10.3"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.0.2"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.10.3"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/140-splunk-frozen-bucket/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/frozen_s3_bucket?ref=v1.10.17"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Frozen Data"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/150-splunk-cluster-master/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/cluster_master?ref=v1.10.17"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Cluster Master"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-cm"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-c2/160-splunk-indexer-cluster/README.md

@@ -0,0 +1,7 @@
+# Creates the Indexer Cluster
+
+* 3x indexer ASGs
+* NLB for splunk data
+* ALB for hec without ack
+* ELB classic for HEC with ack
+* Security Groups for all of the above

prod/aws-us-gov/mdr-prod-c2/160-splunk-indexer-cluster/terragrunt.hcl

@@ -0,0 +1,44 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/indexer_cluster?ref=v1.10.17"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Indexer Cluster"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-indexer"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  private_subnets = dependency.vpc.outputs.private_subnets
+  public_subnets  = dependency.vpc.outputs.public_subnets
+}

prod/aws-us-gov/mdr-prod-c2/165-splunk-legacy-hec/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

prod/aws-us-gov/mdr-prod-c2/165-splunk-legacy-hec/terragrunt.hcl

@@ -0,0 +1,71 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/legacy_hec?ref=v1.10.18"
+}
+
+generate "provider-legacy" {
+  path      = "provider-legacy.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  version = "~> 3.0"
+  region = "us-east-1"
+
+  assume_role {
+    role_arn = "arn:aws:iam::${local.environment_vars.locals.legacy_account}:role/user/mdr_terraformer"
+    session_name = "terraform-legacy"
+  }
+
+  profile = "commercial"
+  alias   = "legacy"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = [ ${local.environment_vars.locals.legacy_account} ]
+}
+EOF
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+dependency "indexers" {
+  config_path = "../160-splunk-indexer-cluster"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Legacy ELB for Splunk Migration"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+    Schedule  = "none"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  public_subnets  = dependency.vpc.outputs.public_subnets
+  private_subnets  = dependency.vpc.outputs.private_subnets
+  elb_attachments = dependency.indexers.outputs.elb_attachments
+}

prod/aws-us-gov/mdr-prod-c2/170-splunk-searchhead/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/searchhead?ref=v1.10.17"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Searchhead"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-sh"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-c2/180-splunk-heavy-forwarder/terragrunt.hcl

@@ -0,0 +1,43 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/splunk_servers/heavy_forwarder?ref=v1.10.17"
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-splunk"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Splunk Heavy Forwarder"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  prefix = local.account_vars.locals.splunk_prefix
+  instance_type = local.account_vars.locals.instance_types["splunk-hf"]
+  vpc_id = dependency.vpc.outputs.vpc_id
+  vpc_cidr = local.account_vars.locals.vpc_info["vpc-splunk"]["cidr"]
+  azs = dependency.vpc.outputs.azs
+  subnets = dependency.vpc.outputs.private_subnets
+}

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -5,18 +5,93 @@ locals {
   account_alias  = "afs-mdr-prod-c2-gov"
   aws_account_id = "721817724804"
   instance_termination_protection = true # set to true for production!
+  splunk_prefix = "moose"
+  splunk_private_hec = true # True if the customer needs a private HTTP Event Collector such as for ALSI
   
-  account_tags = { } 
-  c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2"
-
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.40.0.0/22"
 
+  splunk_data_sources = [
+    "170.248.172.0/23", # legacy afs_whitelist
+    "20.190.250.137/32", # legacy afs_azure_whitelist: EastUS2_External_Access
+    "52.232.227.197/32", # legacy afs_azure_whitelist: Azure US-East Palo
+    "52.185.64.173/32", # legacy afs_azure_whitelist: CentralUS_External_Access
+    "52.242.225.98/32", # legacy afs_azure_whitelist: Azure US-Central Palo 20200721
+    "52.177.84.83/32", # legacy afs_azure_whitelist: Lab_External_Access
+    "199.16.64.3/32", # legacy nga_whitelist
+  ]
+  splunk_legacy_cidr = [ # Allow splunk ports to/from here, too
+    "10.80.0.0/16",
+  ]
+  splunk_asg_sizes = [ 1, 1, 1 ] # How many?
+  splunk_volume_sizes = {
+    "cluster_master" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "indexer" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "searchhead" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "qcompliance" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+    "heavy_forwarder" = {
+      "swap": 8,  # minimum: 8
+      "/": 10,    # minimum: 10
+      "/home": 4, # minimum: 4
+      "/var": 15, # minimum: 15
+      "/var/tmp": 4, # minimum: 4
+      "/var/log": 8, # minimum: 8
+      "/var/log/audit": 8, # minimum: 8
+      "/tmp": 4,  # minimum: 4
+      "/opt/splunk": 30, # No minimum; not in base image
+    },
+  }
+
+  account_tags = { 
+    "Client": local.splunk_prefix
+  } 
+  c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2"
+
   vpc_info = {
     "vpc-splunk" = {
       "name" = "vpc-splunk"
       "purpose" = "Splunk Systems (MOOSE)"
-      "cidr" = "10.20.16.0/22",
+      "cidr" = "10.40.16.0/22",
       "tgw_attached" = true,
     },
     "vpc-system-services" = {
@@ -63,11 +138,24 @@ locals {
     },
   }
 
+  instance_types = {
+    #"alsi-master"    = "t3a.small",
+    #"alsi-worker"    = "t3a.small",
+    #"splunk-cm"      = "t3a.small",  # legacy: t2.small
+    #"splunk-indexer" = "t3a.small", # legacy: t2.small, but whats the point if we don't have instance storage.
+    #"splunk-indexer" = "i3en.large", # legacy: t2.small, but whats the point if we don't have instance storage.
+    #"splunk-indexer" = "m5d.large", # these are 1/2 the price of i3en.larges. 8GB RAM, 75GB storage
+    "splunk-cm"      = "m5a.xlarge",
+    "splunk-indexer" = "i3en.3xlarge",
+    "splunk-hf"      = "m5a.xlarge",
+    "splunk-sh"      = "m5a.4xlarge",
+  }
+
   # Bastion
   bastion_instance_type = "t3a.micro"
 
   # Salt Master
-  salt_master_instance_type = "t3a.large"
+  salt_master_instance_type = "t3a.xlarge"
 
   # mailrelay
   mailrelay_instance_type = "t3a.micro"

prod/aws-us-gov/mdr-prod-modelclient/005-iam/terragrunt.hcl

@@ -6,19 +6,22 @@ locals {
   # e.g. inherited variables:
   #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
-  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
-  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
   #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 
   # Extract out common variables for reuse
   #env = local.environment_vars.locals.environment
+  aws_region     = local.region_vars.locals.aws_region
+  account_id     = local.account_vars.locals.aws_account_id
+
 }
 
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.8.3"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v1.10.16"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-modelclient/006-account-standards-regional/us-gov-west-1/terragrunt.hcl

@@ -0,0 +1,61 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  aws_partition  = local.partition_vars.locals.aws_partition
+  account_id     = local.account_vars.locals.aws_account_id
+  common_profile = local.partition_vars.locals.common_profile
+
+  target_aws_region = "us-gov-west-1"
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards_regional?ref=v1.0.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+############# Custom provider for the region
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "aws" {
+  version = "~> 2.66"
+  region = "${local.target_aws_region}"
+
+  assume_role {
+    role_arn = "arn:${local.aws_partition}:iam::${local.account_id}:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
+
+  profile = "${local.common_profile}"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["${local.account_id}"]
+}
+EOF
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-modelclient/006-account-standards/README.md

@@ -0,0 +1,26 @@
+# Account Standards
+
+Creates elements that are standard in all accounts, such as access keys, kms keys, etc.
+
+## NOTE: Possible aws_config_configuration_recorder conflict with camrs
+NOTE: For commercial accounts, camrs may have set up AWS config already, though in a configuration where they don't appear to be able to use it. This will conflict with the AWS Config setup present in this module. To fix this, the existing recorder must be imported. In the module directory, run (this will only need to be done once per account):
+```
+terragrunt import aws_config_configuration_recorder.awsconfig_recorder default
+aws --profile <account-profile> configservice describe-delivery-channels
+terragrunt import aws_config_delivery_channel.awsconfig_delivery_channel camrs-rt-aws-mdr-14019-tstsc-config-rDeliveryChannel-3JUH8QIHEQE6
+```
+
+## NOTE: Eventual consistency error with service-linked-role
+
+NOTE: This module creates a service-linked role for AWSAutoScaling. This role may not propagate before terraform tries to create policies that reference it as a principal, resulting in teh error:
+
+```
+Error: MalformedPolicyDocumentException: Policy contains a statement with one or more invalid principals.
+```
+
+I have a `depends_on` clause, but it doesn't resolve the issue. 
+
+This issue appears to be the same thing, but it apparently isn't fixed in this use case:
+https://github.com/hashicorp/terraform-provider-aws/issues/7646
+
+

prod/aws-us-gov/mdr-prod-modelclient/006-account-standards/terragrunt.hcl

@@ -0,0 +1,38 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v1.10.16"
+}
+
+dependency "c2_account_standards" {
+  config_path = local.account_vars.locals.c2_account_standards_path
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  cloudtrail_key_arn = dependency.c2_account_standards.outputs.cloudtrail_logging_bucket.kms_key_id
+}

prod/aws-us-gov/mdr-prod-modelclient/010-vpc-splunk/README.md

@@ -0,0 +1,7 @@
+# Standard VPC
+
+Creates a single VPC from the subnet defined in `../accounts.hcl`, divided into 3 subnets.
+
+## Note:
+
+This is the first using the "terragrunt best practice" template, so it will either serve as a good model or it will fail miserably. Either way, this may be outdated.

prod/aws-us-gov/mdr-prod-modelclient/010-vpc-splunk/terragrunt.hcl

@@ -0,0 +1,47 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.10.17"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = true # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  accept_tgw_invitation = true
+}