Moves 005-iam to a standalone module

This fixes the 005-iam module to use the standard format of putting the
module into the xdr-terraform-modules repository.

Also, it adds the prod/aws-us-gov accounts, which were missed in the
original migration to separate repositories.

Lastly, it renames `common/aws/mdr-common-services/005-iam` to
`004-iam-okta` since it is a different thing. That module should
be migrated, as well.

000-skeleton-GOV/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

000-skeleton-GOV/005-iam/child_account.tf

@@ -1,9 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  TODO: Replace with correct alias
-  account_alias = "afs-mdr-TODO-TODO"
-
-  assume_role_trusted_arns  = [
-    "arn:aws-us-gov:iam::701290387780:role/user/mdr_engineer_readonly",
-  ]
-}

000-skeleton-GOV/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

000-skeleton-GOV/account.hcl

@@ -3,5 +3,11 @@
 locals {
   # TODO put the right values here
   account_name   = "TODO"
+  account_alias  = "TODO"
   aws_account_id = "TODO"
+
+  instance_termination_protection = TODO # set to true for production!
+
+  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
+  standard_vpc_cidr = "TODO"
 }

000-skeleton/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

000-skeleton/005-iam/child_account.tf

@@ -1,9 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  TODO: Replace with correct alias
-  account_alias = "afs-mdr-TODO-TODO"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

000-skeleton/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

000-skeleton/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

000-skeleton/account.hcl

@@ -3,5 +3,10 @@
 locals {
   # TODO put the right values here
   account_name   = "TODO"
+  account_alias  = "TODO"
   aws_account_id = "TODO"
+  instance_termination_protection = TODO # set to true for production!
+
+  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
+  standard_vpc_cidr = "TODO"
 }

common/aws/legacy-mdr-root/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

common/aws/legacy-mdr-root/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-
-  # no account_alias on purpose
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

common/aws/legacy-mdr-root/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

common/aws/legacy-mdr-root/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

common/aws/legacy-mdr-root/account.hcl

@@ -2,5 +2,6 @@
 # terragrunt.hcl configuration.
 locals {
   account_name   = "legacy-mdr-root"
+  account_alias  = ""
   aws_account_id = "350838957895"
 }

common/aws/mdr-common-services/004-iam-okta/TODO

@@ -0,0 +1 @@
+This should be moved to xdr-terraform-modules and coverted to just a terragrunt.hcl file

common/aws/mdr-common-services/005-iam/backend.tf → common/aws/mdr-common-services/004-iam-okta/backend.tf

@@ -1,12 +1,12 @@
 # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
 terraform {
   backend "s3" {
-    key            = "aws/common/aws/mdr-common-services/005-iam/terraform.tfstate"
-    profile        = "commercial"
-    region         = "us-east-1"
     role_arn       = "arn:aws:iam::471284459109:role/user/mdr_terraformer"
     bucket         = "afsxdr-terraform-state"
     dynamodb_table = "afsxdr-terraform-state"
     encrypt        = true
+    key            = "aws/common/aws/mdr-common-services/004-iam-okta/terraform.tfstate"
+    profile        = "commercial"
+    region         = "us-east-1"
   }
 }

common/aws/mdr-common-services/005-iam/okta_saml.tf → common/aws/mdr-common-services/004-iam-okta/okta_saml.tf

@@ -6,7 +6,7 @@
 
 
 module "common_services_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/common_services_role?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/common_services_roles?ref=v0.0.1"
   account_alias = "afs-mdr-common-services"
   okta_app      = "AWS - Commercial"
 }

common/aws/mdr-common-services/005-iam/provider.tf → common/aws/mdr-common-services/004-iam-okta/provider.tf

@@ -1,5 +1,6 @@
 # Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
 provider "aws" {
+  version = "~> 2.66"
   region = "us-east-1"
 
   assume_role {

common/aws/mdr-common-services/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

common/aws/mdr-common-services/account.hcl

@@ -2,6 +2,7 @@
 # terragrunt.hcl configuration.
 locals {
   account_name   = "afs-mdr-common-services"
+  account_alias  = "afs-mdr-common-services"
   aws_account_id = "471284459109"
   instance_termination_protection = true # set to true for production!
 

common/aws/mdr-cyber-range/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

common/aws/mdr-cyber-range/005-iam/child_account.tf

@@ -1,9 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-prod-cyber-range"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-    "arn:aws:iam::471284459109:role/user/mdr_developer_readonly",
-  ]
-}

common/aws/mdr-cyber-range/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

common/aws/mdr-cyber-range/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

common/aws/mdr-cyber-range/account.hcl

@@ -3,5 +3,8 @@
 locals {
   # TODO put the right values here
   account_name   = "afs-mdr-prod-cyber-range"
+  account_alias  = "afs-mdr-prod-cyber-range"
   aws_account_id = "952430311316"
+
+  iam_additional_trusted_arns = [ "arn:aws:iam::471284459109:role/user/mdr_developer_readonly" ]
 }

common/aws/mdr-dev-ai/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

common/aws/mdr-dev-ai/005-iam/child_account.tf

@@ -1,9 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-dev-ai"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_developer_readonly",
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

common/aws/mdr-dev-ai/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

common/aws/mdr-dev-ai/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

common/aws/mdr-dev-ai/account.hcl

@@ -1,7 +1,9 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  # TODO put the right values here
-  account_name   = "mdr-dev-ai"
+  account_name   = "afs-mdr-dev-ai"
+  account_alias  = "afs-mdr-dev-ai"
   aws_account_id = "228011623757"
+
+  iam_additional_trusted_arns = [ "arn:aws:iam::471284459109:role/user/mdr_developer_readonly" ]
 }

prod/aws-us-gov/mdr-prod-c2/000-mdradmin-bootstrap/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-c2/001-tfstate/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-c2/005-iam/terragrunt.hcl

@@ -0,0 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws-us-gov/mdr-prod-c2/README.md

@@ -0,0 +1,3 @@
+# MDR Prod C2 (Govcloud)
+
+The real C2

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -0,0 +1,7 @@
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  account_name   = "afs-mdr-prod-c2-gov"
+  account_alias  = "afs-mdr-prod-c2-gov"
+  aws_account_id = "721817724804"
+}

prod/aws-us-gov/mdr-prod-malware/000-mdradmin-bootstrap/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-malware/001-tfstate/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-malware/005-iam/terragrunt.hcl

@@ -0,0 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws-us-gov/mdr-prod-malware/README.md

@@ -0,0 +1,3 @@
+# mdr-prod-malware
+
+Account for hosting vmray and/or other malware detonation.

prod/aws-us-gov/mdr-prod-malware/account.hcl

@@ -0,0 +1,7 @@
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  account_name   = "afs-mdr-prod-malware-gov"
+  account_alias  = "afs-mdr-prod-malware-gov"
+  aws_account_id = "876865127438"
+}

prod/aws-us-gov/mdr-prod-modelclient/000-mdradmin-bootstrap/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-modelclient/001-tfstate/README.md

@@ -0,0 +1,5 @@
+# UNUSED
+
+As of now this isnt needed.
+
+Reserved for future needs

prod/aws-us-gov/mdr-prod-modelclient/005-iam/terragrunt.hcl

@@ -0,0 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws-us-gov/mdr-prod-modelclient/README.md

@@ -0,0 +1,3 @@
+# prod model client (govcloud)
+
+A model client.  Nobody in particular.

prod/aws-us-gov/mdr-prod-modelclient/account.hcl

@@ -0,0 +1,7 @@
+# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
+# terragrunt.hcl configuration.
+locals {
+  account_name   = "afs-mdr-prod-modelclient-gov"
+  account_alias  = "afs-mdr-prod-modelclient-gov"
+  aws_account_id = "738736370544"
+}

prod/aws/legacy-mdr-prod/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

prod/aws/legacy-mdr-prod/005-iam/child_account.tf

@@ -1,9 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-
-  # No account_alias on purpose
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

prod/aws/legacy-mdr-prod/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws/legacy-mdr-prod/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

prod/aws/legacy-mdr-prod/account.hcl

@@ -1,7 +1,7 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  # TODO put the right values here
   account_name   = "legacy-mdr-prod"
+  account_alias  = "" # No alias for legacy accounts
   aws_account_id = "477548533976"
 }

prod/aws/mdr-prod-c2/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

prod/aws/mdr-prod-c2/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-prod-c2"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

prod/aws/mdr-prod-c2/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws/mdr-prod-c2/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

prod/aws/mdr-prod-c2/account.hcl

@@ -1,6 +1,7 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  account_name   = "mdr-prod-c2"
+  account_name   = "afs-mdr-prod-c2"
+  account_alias  = "afs-mdr-prod-c2"
   aws_account_id = "045312110490"
 }

prod/aws/mdr-prod-malware/005-iam/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

prod/aws/mdr-prod-malware/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-prod-malware"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

prod/aws/mdr-prod-malware/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws/mdr-prod-malware/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

prod/aws/mdr-prod-malware/account.hcl

@@ -2,5 +2,6 @@
 # terragrunt.hcl configuration.
 locals {
   account_name   = "afs-mdr-prod-malware"
+  account_alias  = "afs-mdr-prod-malware"
   aws_account_id = "369723129071"
 }

prod/aws/mdr-prod-modelclient/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

prod/aws/mdr-prod-modelclient/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-prod-modelclient"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

prod/aws/mdr-prod-modelclient/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

prod/aws/mdr-prod-modelclient/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

prod/aws/mdr-prod-modelclient/account.hcl

@@ -1,6 +1,7 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  account_name   = "mdr-prod-modelclient"
+  account_name   = "afs-mdr-prod-modelclient"
+  account_alias  = "afs-mdr-prod-modelclient"
   aws_account_id = "425831147305"
 }

test/aws-us-gov/mdr-test-c2/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws-us-gov/mdr-test-c2/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-c2-gov"
-
-  assume_role_trusted_arns  = [
-    "arn:aws-us-gov:iam::701290387780:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws-us-gov/mdr-test-c2/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws-us-gov/mdr-test-c2/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -2,5 +2,6 @@
 # terragrunt.hcl configuration.
 locals {
   account_name   = "afs-mdr-test-c2-gov"
+  account_alias  = "afs-mdr-test-c2-gov"
   aws_account_id = "738800754746"
 }

test/aws-us-gov/mdr-test-malware/005-iam/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws-us-gov/mdr-test-malware/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-malware-gov"
-
-  assume_role_trusted_arns  = [
-    "arn:aws-us-gov:iam::701290387780:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws-us-gov/mdr-test-malware/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws-us-gov/mdr-test-malware/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws-us-gov/mdr-test-malware/account.hcl

@@ -1,7 +1,8 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  account_name   = "afs-mdr-test-malware"
+  account_name   = "afs-mdr-test-malware-gov"
+  account_alias  = "afs-mdr-test-malware-gov"
   aws_account_id = "876942499057"
   instance_termination_protection = false # set to true for production!
 

test/aws-us-gov/mdr-test-modelclient/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws-us-gov/mdr-test-modelclient/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-modelclient-gov"
-
-  assume_role_trusted_arns  = [
-    "arn:aws-us-gov:iam::701290387780:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws-us-gov/mdr-test-modelclient/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws-us-gov/mdr-test-modelclient/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -1,6 +1,7 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  account_name   = "mdr-test-modelclient-gov"
+  account_name   = "afs-mdr-test-modelclient-gov"
+  account_alias  = "afs-mdr-test-modelclient-gov"
   aws_account_id = "701341250728"
 }

test/aws/legacy-mdr-test/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws/legacy-mdr-test/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  # No account_alias on purpose
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws/legacy-mdr-test/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws/legacy-mdr-test/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws/legacy-mdr-test/account.hcl

@@ -3,5 +3,6 @@
 locals {
   # TODO put the right values here
   account_name   = "legacy-mdr-test"
+  account_alias  = "" # No alias for legacy
   aws_account_id = "527700175026"
 }

test/aws/mdr-test-c2/005-iam/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws/mdr-test-c2/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-c2"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws/mdr-test-c2/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws/mdr-test-c2/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws/mdr-test-c2/account.hcl

@@ -1,6 +1,7 @@
 # Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
 # terragrunt.hcl configuration.
 locals {
-  account_name   = "mdr-test-c2"
+  account_name   = "afs-mdr-test-c2"
+  account_alias  = "afs-mdr-test-c2"
   aws_account_id = "816914342178"
 }

test/aws/mdr-test-malware/005-iam/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws/mdr-test-malware/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-malware"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}

test/aws/mdr-test-malware/005-iam/terragrunt.hcl

@@ -1,3 +1,34 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  #account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.1.1"
+}
+
+# Include all settings from the root terragrunt.hcl file
 include {
   path = find_in_parent_folders()
 }
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+}

test/aws/mdr-test-malware/005-iam/version.tf

@@ -1,3 +0,0 @@
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}

test/aws/mdr-test-malware/account.hcl

@@ -2,5 +2,6 @@
 # terragrunt.hcl configuration.
 locals {
   account_name   = "afs-mdr-test-malware"
+  account_alias  = "afs-mdr-test-malware"
   aws_account_id = "404265901253"
 }

test/aws/mdr-test-modelclient/.gitignore

@@ -1,3 +0,0 @@
-# Terragrunt creates the backend.tf and provider.tf files, so we don't want to save them.
-backend.tf
-provider.tf

test/aws/mdr-test-modelclient/005-iam/child_account.tf

@@ -1,8 +0,0 @@
-module "iam_roles" {
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam/child_account_roles?ref=v0.0.1"
-  account_alias = "afs-mdr-test-model-client"
-
-  assume_role_trusted_arns  = [
-    "arn:aws:iam::471284459109:role/user/mdr_engineer_readonly",
-  ]
-}