common/aws-us-gov/afs-mdr-common-services-gov now matches reality

common/aws-us-gov/afs-mdr-common-services-gov/001-iam/okta_saml.tf

@@ -1,23 +0,0 @@
-module "okta_saml" {
-  source = "../../../../modules/iam/okta_saml_roles/0.1"
-  account_alias = "afs-mdr-common-services"
-  okta_app      = "AWS - GovCloud"
-}
-
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}
-
-provider "aws" {
-  region  = "us-gov-east-1"
-  version = "~> 2.0"
-
-  allowed_account_ids = [
-    701290387780
-  ]
-}
-
-provider "okta" {
-  org_name = "mdr-multipass"
-  base_url = "okta.com"
-}

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/main.tf

@@ -1,5 +1,5 @@
 module "tfstate" {
-  source            = "../../../../modules/tfstate/tfstate-s3/0.1"
+  source            = "../../../../../xdr-terraform-modules/base/tfstate/tfstate-s3/"
   bucket_name       = local.name
   lock_table_name   = local.name
 }

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/provider.tf

@@ -1,8 +1,13 @@
 provider "aws" {
   region  = "us-gov-east-1"
   version = "~> 2.0"
+  assume_role {
+    role_arn = "arn:aws-us-gov:iam::701290387780:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
 
-  allowed_account_ids = [
-    701290387780
-  ]
+  profile = "govcloud"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["701290387780"]
 }

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.12.26",
-  "serial": 7,
+  "serial": 9,
   "lineage": "98e5e789-5a16-5c08-b9f6-7e8cb242c2a4",
   "outputs": {},
   "resources": [
@@ -16,9 +16,9 @@
           "schema_version": 0,
           "attributes": {
             "account_id": "701290387780",
-            "arn": "arn:aws-us-gov:iam::701290387780:user/MDRAdmin",
-            "id": "2020-06-10 17:43:36.050495 +0000 UTC",
-            "user_id": "AIDA2GSBKDFCIOHM2OZMZ"
+            "arn": "arn:aws-us-gov:sts::701290387780:assumed-role/mdr_terraformer/terraform",
+            "id": "2020-07-07 14:04:14.074532 +0000 UTC",
+            "user_id": "AROA2GSBKDFCIT5IHVMAA:terraform"
           }
         }
       ]
@@ -171,7 +171,7 @@
           "schema_version": 0,
           "attributes": {
             "dns_suffix": "amazonaws.com",
-            "id": "2020-06-10 17:43:35.802169 +0000 UTC",
+            "id": "2020-07-07 14:04:13.787107 +0000 UTC",
             "partition": "aws-us-gov"
           }
         }
@@ -281,7 +281,7 @@
             "key_id": "dddb424f-ebdd-416e-8772-3fc18aa81cb7",
             "key_usage": "ENCRYPT_DECRYPT",
             "policy": "{\"Id\":\"key-consolepolicy-3\",\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:root\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM User Permissions\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:Put*\",\"kms:List*\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow access for Key Administrators\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow use of the key\"},{\"Action\":[\"kms:RevokeGrant\",\"kms:ListGrants\",\"kms:CreateGrant\"],\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"}},\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow attachment of persistent resources\"}],\"Version\":\"2012-10-17\"}",
-            "tags": null
+            "tags": {}
           },
           "private": "bnVsbA=="
         }
@@ -327,7 +327,7 @@
                   }
                 ],
                 "prefix": "",
-                "tags": null,
+                "tags": {},
                 "transition": []
               }
             ],
@@ -351,7 +351,7 @@
                 ]
               }
             ],
-            "tags": null,
+            "tags": {},
             "versioning": [
               {
                 "enabled": true,

common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/.gitignore

@@ -0,0 +1,5 @@
+# as this directory contains the old style of terragrunt,
+# it generates these two files in the local directory, but
+# we don't need/want to keep them around.
+backend.tf
+provider.tf

common/aws-us-gov/afs-mdr-common-services-gov/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/016-panorama/terragrunt.hcl

@@ -41,5 +41,5 @@ inputs = {
   ] 
   subnet_id_map = dependency.security_vpc.outputs.subnet_id_map
   subnet_cidr_map = dependency.security_vpc.outputs.subnet_cidr_map
-  ebs_key = dependency.security_vpc.outputs.ebs_kms_arn
+  ebs_key = dependency.security_vpc.outputs.kms_palo_key_arn
 }