Adds DNS resolver endpoints for private domains.

common/aws/mdr-common-services/010-public-dns/terragrunt.hcl

@@ -17,7 +17,6 @@ include {
 
 inputs = {
   tags = {
-    Purpose = "Sharing the AMI amongst accounts"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 }

prod/aws-us-gov/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl

@@ -0,0 +1,28 @@
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
+  subnets = dependency.standard_vpc.outputs.private_subnets
+}

prod/aws/mdr-prod-c2/011-private-dns-zone/terragrunt.hcl

@@ -0,0 +1,28 @@
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
+  subnets = dependency.standard_vpc.outputs.private_subnets
+}

prod/env.hcl

@@ -4,6 +4,39 @@ locals {
   environment = "prod"
   transit_gateway_account_name = "mdr-prod-c2" # Which account has the transit gateway
 
+  environment_tags = {
+    Environment = local.environment
+  }
+
+  legacy_account = "477548533976"
+  c2_accounts = {
+    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
+    "aws"        = "045312110490" # mdr-prod-c2
+  }
+
+  private_dns = {
+    "aws-us-gov" = {
+      "name" = "gc.accenturefederalcyber.com",
+      "id"   = "Z08253091KU7QO3JTSCBJ",
+      # If starting fresh, leave dns_servers as an empty list
+      "dns_servers" = [
+        "10.40.0.198",
+        "10.40.0.64",
+        "10.40.1.26",
+      ]
+    },
+    "aws"        = {
+      "name" = "co.accenturefederalcyber.com",
+      "id"   = "Z0295812Z38G5UXFC7OK",
+      "dns_servers" = [ 
+        "10.32.0.166",
+        "10.32.0.47",
+        "10.32.1.83",
+      ]
+    }
+  }
+
+  # Legacy DNS
   dns_private = {
     "id" = "Z2JVOIKXZP64QP"
     "name" = "msoc.defpoint.local"
@@ -17,14 +50,4 @@ locals {
     "id" = "Z2HYR9YEZ4KLDE"
     "name" = "mdr.defpoint.com"
   }
-
-  legacy_account = "477548533976"
-  c2_accounts = {
-    "aws-us-gov" = "721817724804" # mdr-prod-c2-gov
-    "aws"        = "045312110490" # mdr-prod-c2
-  }
-
-  environment_tags = {
-    Environment = local.environment
-  }
 }

test/aws-us-gov/mdr-test-c2/011-private-dns-zone/terragrunt.hcl

@@ -0,0 +1,28 @@
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
+  subnets = dependency.standard_vpc.outputs.private_subnets
+}

test/aws-us-gov/mdr-test-c2/025-test-instance/README.md

@@ -1 +0,0 @@
-# Create a test instance if `create_test_instance` is set to true.

test/aws/mdr-test-c2/011-private-dns-zone/terragrunt.hcl

@@ -0,0 +1,28 @@
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/dns/private_dns_zone?ref=v0.5.5"
+}
+
+dependency "standard_vpc" {
+  config_path = "../010-standard-vpc"
+}
+
+include {
+  path = find_in_parent_folders()
+}
+
+inputs = {
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+  vpcs = [ dependency.standard_vpc.outputs.vpc_id ] # can add more if desired
+  subnets = dependency.standard_vpc.outputs.private_subnets
+}

test/env.hcl

@@ -4,6 +4,39 @@ locals {
   environment = "test"
   transit_gateway_account_name = "mdr-test-c2" # Which account has the transit gateway
 
+  environment_tags = {
+    Environment = local.environment
+  }
+
+  legacy_account = "527700175026"
+  c2_accounts = {
+    "aws-us-gov" = "738800754746" # mdr-test-c2-gov
+    "aws"        = "816914342178" # mdr-test-c2
+  }
+
+  private_dns = {
+    "aws-us-gov" = { 
+      "name" = "gctest.accenturefederalcyber.com",
+      "id"   = "Z08253713IR2OY59O4OGL",
+      # If starting fresh, leave dns_servers as an empty list
+      "dns_servers" = [
+        "10.20.0.119",
+        "10.20.0.211",
+        "10.20.1.11",
+      ]
+    },
+    "aws"        = {
+      "name" = "cotest.accenturefederalcyber.com",
+      "id"   = "Z03093872COCFHKM0AGC2",
+      "dns_servers" = [
+        "10.16.0.13",
+        "10.16.0.207",
+        "10.16.1.23",
+      ]
+    }
+  }
+
+  # Legacy DNS
   dns_private = {
     "id" = "Z39OIGEKXXGJZ2"
     "name" = "msoc.defpoint.local"
@@ -17,13 +50,4 @@ locals {
     "name" = "mdr-test.defpoint.com"
   }
 
-  legacy_account = "527700175026"
-  c2_accounts = {
-    "aws-us-gov" = "738800754746" # mdr-test-c2-gov
-    "aws"        = "816914342178" # mdr-test-c2
-  }
-
-  environment_tags = {
-    Environment = local.environment
-  }
 }