4 роки тому · a13beeaffe
--- a/globals.hcl
+++ b/globals.hcl
@@ -10,18 +10,13 @@ locals {
 
				   }
			
 
				 
			
 
				   trusted_ips = [ # IPs for 'permissive' ingress. Used for the bastion host and for testing. Think twice before employing.
			
 
				-    "12.245.107.250/32",   # DPS Office Legato
			
 
				-    "12.204.167.162/32",   # DPS Office San Antonio
			
 
				-    "54.86.98.62/32",      # DPS AWS User VPN
			
 
				     "75.138.227.80/32",    # Duane Waddle
			
 
				     "24.11.231.98/32",     # George Starcher
			
 
				     "99.151.37.185/32",    # Wesley Leonard
			
 
				     "70.106.200.157/32",   # John Reuther
			
 
				-    "108.243.20.48/32",    # Ryan Plas
			
 
				     "73.10.53.113/32",     # Rick Page Home
			
 
				     "50.21.207.50/32",     # Brad Poulton
			
 
				     "70.160.60.248/32",    # Brandon Naughton
			
 
				-    "173.71.212.4/32",     # Ryan Howard
			
 
				     "99.56.213.129/32",    # Fred Damstra
			
 
				     "97.117.78.121/32",    # Colby Williams
			
 
				   ]
			
@@ -57,6 +52,27 @@ locals {
 
				     "18.253.98.90/32",
			
 
				   ]  
			
 
				 
			
 
				+  # All of the "external" things that need access to publically
			
 
				+  # available C2 services, like Salt Masters, Repo Servers
			
 
				+  #
			
 
				+  # Structure is a list of maps, and the "description" value in the
			
 
				+  # map must be unique across the whole list or it will cause an error.
			
 
				+  #
			
 
				+  # TODO:  the lists of IPs above need to be moved into this.  I did not
			
 
				+  # attempt it NOW because of the upcoming change freeze and a desire to
			
 
				+  # not put in unnecessary changes.
			
 
				+  c2_services_external_ips = [
			
 
				+    {
			
 
				+      description = "NIH ORS LCP"
			
 
				+      cidr_blocks = [
			
 
				+        "137.187.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
			
 
				+        "128.231.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
			
 
				+        "165.112.0.0/16",   # Provided by Vikas @ NIH 2020-12-09
			
 
				+        "156.40.208.0/20",  # Derived from our VPC Flow Logs deny logs 2020-12-11
			
 
				+      ]
			
 
				+    }
			
 
				+  ]
			
 
				+
			
 
				   dns_zone_map = {
			
 
				     "accenturefederalcyber.com" = "Z03575081VGXN3FUZ8ERU"
			
 
				     "accenturefederalcyber.net" = "Z07771312N8X39HKP141M"
			
@@ -70,7 +86,7 @@ locals {
 
				     local.afs_azure_pop,
			
 
				     local.nga_pop,
			
 
				     [ "52.179.13.17/32",  #???
			
 
				-      "75.138.227.80/32", #???
			
 
				+      "75.138.227.80/32", # Duane's House
			
 
				     ],
			
 
				     local.xdr_interconnect
			
 
				   )
			
--- a/prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/.tfswitch.toml
+++ b/prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/.tfswitch.toml
@@ -0,0 +1 @@
 
				+../../../../.tfswitch.toml
			
--- a/prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/terragrunt.hcl
+++ b/prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.0.2"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.10.3"
			
 
				 }
			
 
				 
			
 
				 dependency "vpc-system-services" {
			
--- a/prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/.tfswitch.toml
+++ b/prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/.tfswitch.toml
@@ -0,0 +1 @@
 
				+../../../../.tfswitch.toml
			
--- a/prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/terragrunt.hcl
+++ b/prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.0.2"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.10.3"
			
 
				 }
			
 
				 
			
 
				 dependency "vpc-system-services" {
			
--- a/test/aws-us-gov/mdr-test-c2/071-instance-salt-master/terragrunt.hcl
+++ b/test/aws-us-gov/mdr-test-c2/071-instance-salt-master/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.0.2"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.10.3"
			
 
				 }
			
 
				 
			
 
				 dependency "vpc-system-services" {
			
--- a/test/aws-us-gov/mdr-test-c2/080-instance-repo-server/terragrunt.hcl
+++ b/test/aws-us-gov/mdr-test-c2/080-instance-repo-server/terragrunt.hcl
@@ -13,7 +13,7 @@ locals {
 
				 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
			
 
				 terraform {
			
 
				   # Double slash is intentional and required to show root of modules
			
 
				-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.0.2"
			
 
				+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v1.10.3"
			
 
				 }
			
 
				 
			
 
				 dependency "vpc-system-services" {