Adds remaining VPCs and Fixes Qualys

prod/aws-us-gov/mdr-prod-c2/010-vpc-access/terragrunt.hcl

@@ -0,0 +1,39 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-access"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/010-vpc-portal/terragrunt.hcl

@@ -0,0 +1,39 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-portal"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/010-vpc-private-services/terragrunt.hcl

@@ -0,0 +1,39 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-private-services"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/010-vpc-public/terragrunt.hcl

@@ -0,0 +1,39 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-public"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/010-vpc-splunk/terragrunt.hcl

@@ -0,0 +1,39 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
+  tags = {
+    #Purpose # grabbed from vpc_info
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -13,6 +13,11 @@ locals {
   standard_vpc_cidr = "10.40.0.0/22"
 
   vpc_info = {
+    "vpc-splunk" = {
+      "name" = "vpc-splunk"
+      "purpose" = "Splunk Systems (MOOSE)"
+      "cidr" = "10.20.16.0/22"
+    },
     "vpc-system-services" = {
       "name" = "vpc-system-services",
       "purpose" = "Internal Services for Systems",
@@ -28,6 +33,26 @@ locals {
       "purpose" = "Interconnections between AWS partitions",
       "cidr" = "10.179.0.0/22"
     },
+    "vpc-access" = {
+      "name" = "vpc-access"
+      "purpose" = "Systems providing restricted access, such as bastions and vpn concentrators"
+      "cidr" = "10.40.20.0/22"
+    },
+    "vpc-portal" = {
+      "name" = "vpc-portal"
+      "purpose" = "The Customer Portal"
+      "cidr" = "10.40.32.0/24"
+    },
+    "vpc-public" = {
+      "name" = "vpc-public"
+      "purpose" = "Publicly Accessible Infrastructure Services, such as GHE and Jira"
+      "cidr" = "10.40.24.0/22"
+    },
+    "vpc-private-services" = {
+      "name" = "vpc-private-services"
+      "purpose" = "Private XDR Services for XDR users"
+      "cidr" = "10.40.28.0/22"
+    },
   }
 
   # DNS Resolver

test/aws-us-gov/mdr-test-c2/010-vpc-access/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-access"]
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/010-vpc-portal/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-portal"]
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/010-vpc-private-services/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-private-services"]
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/010-vpc-public/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-public"]
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/010-vpc-splunk/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.8.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  vpc_info = local.account_vars.locals.vpc_info["vpc-splunk"]
+  tags = {
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/030-qualys-vpc/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v0.7.3"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v0.8.0"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -31,10 +31,10 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  name = "qualys_${local.account_vars.locals.account_name}"
-  cidr = local.account_vars.locals.vpc_cidrs["qualys_vpc"]
+  name = "${ local.account_vars.locals.vpc_info["vpc-qualys"]["name"] }-${local.account_vars.locals.account_name}"
+  cidr = local.account_vars.locals.vpc_info["vpc-qualys"]["cidr"]
   tags = {
-    Purpose = "Qualys Scanner VPC"
+    Purpose = local.account_vars.locals.vpc_info["vpc-qualys"]["purpose"]
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -11,9 +11,14 @@ locals {
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   vpc_info = {
+    "vpc-splunk" = {
+      "name" = "vpc-splunk"
+      "purpose" = "Splunk Systems (MOOSE)"
+      "cidr" = "10.20.16.0/22"
+    },
     "vpc-system-services" = {
       "name" = "vpc-system-services",
-      "purpose" = "Internal Services for Systems",
+      "purpose" = "Internal Services for Systems (not people)",
       "cidr" = "10.20.0.0/22",
     },
     "vpc-qualys" = {
@@ -26,6 +31,26 @@ locals {
       "purpose" = "Interconnections between AWS partitions",
       "cidr" = "10.179.128.0/22",
     },
+    "vpc-access" = {
+      "name" = "vpc-access"
+      "purpose" = "Systems providing restricted access, such as bastions and vpn concentrators"
+      "cidr" = "10.20.20.0/22"
+    },
+    "vpc-portal" = {
+      "name" = "vpc-portal"
+      "purpose" = "The Customer Portal"
+      "cidr" = "10.20.32.0/24"
+    },
+    "vpc-public" = {
+      "name" = "vpc-public"
+      "purpose" = "Publicly Accessible Infrastructure Services, such as GHE and Jira"
+      "cidr" = "10.20.24.0/22"
+    },
+    "vpc-private-services" = {
+      "name" = "vpc-private-services"
+      "purpose" = "Private XDR Services for XDR users"
+      "cidr" = "10.20.28.0/22"
+    },
   }
 
   # DNS Resolver
@@ -42,8 +67,6 @@ locals {
   # AS Number used for various resources, but not every account needs one.
   asn = 64710 # changing this replaces the gateway
 
-  security_vpc_cidr = "10.179.128.0/22"
-
   # Interconnects
   interconnect_asn = 64777
   interconnects_instance_type = "t3a.micro"