Merge pull request #307 from mdr-engineering/feature/dw_noticket_fixqualys

Refactored Qualys, plus adding production

bin/terragrunt-providers

@@ -1,5 +1,10 @@
 #! /bin/bash
 
+TG=terragrunt
+if [[ "$1" == "local" ]]; then
+	TG=terragrunt-local
+fi
+
 rm -rf .terragrunt-cache
 mv .terraform.lock.hcl .terraform.lock.hcl.bak
-terragrunt providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64
+${TG} providers lock -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64 -platform=linux_arm64

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/terragrunt.hcl → prod/aws-us-gov/mdr-prod-c2/010-vpc-scanners/terragrunt.hcl

@@ -2,8 +2,6 @@ locals {
   # If you want to use any of the variables in _this_ file, you have to load them here.
   # However, they will all be available as inputs to the module loaded in terraform.source
   # below.
-
-  # e.g. inherited variables:
   environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
   partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
   region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
@@ -11,20 +9,15 @@ locals {
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 }
 
-dependency "transit_gateway" {
-  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
-}
-
-dependency "target_vpc" {
-  config_path = "../030-qualys-vpc"
-}
-
-
 # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v1.0.7"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.23.25"
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -37,13 +30,13 @@ inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = false # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  # no arns for the account hosting the transit gateway
+  #tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_info = local.account_vars.locals.vpc_info["vpc-scanners"]
   tags = {
-    Name = "${local.partition_vars.locals.aws_partition_alias}-${local.environment_vars.locals.environment}"
+    Purpose = "Vulnerability Scanners"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
-  accept_invitation = false # Should only be true for the first one
-  tgw_id = dependency.transit_gateway.outputs.tgw_id
-  vpc_id = dependency.target_vpc.outputs.vpc_id
-  subnets = dependency.target_vpc.outputs.private_subnets
-  route_tables = concat(dependency.target_vpc.outputs.private_route_tables, dependency.target_vpc.outputs.public_route_tables)
 }

prod/aws-us-gov/mdr-prod-c2/021-qualys-connector-role/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_connector_role?ref=v0.9.4"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Qualys Connector Role"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

prod/aws-us-gov/mdr-prod-c2/032-qualys-scanners/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/030-qualys-vpc/terragrunt.hcl → prod/aws-us-gov/mdr-prod-c2/032-qualys-scanners/terragrunt.hcl

@@ -1,3 +1,5 @@
+# Defines qualys scanners
+
 locals {
   # If you want to use any of the variables in _this_ file, you have to load them here.
   # However, they will all be available as inputs to the module loaded in terraform.source
@@ -18,7 +20,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v1.23.22"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v1.23.25"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -26,18 +28,22 @@ include {
   path = find_in_parent_folders()
 }
 
+dependency "vpc" {
+  config_path = "../010-vpc-scanners"
+}
+
 # These are the variables we have to pass in to use the module specified in the terragrunt source above
 inputs = {
   # All of the inputs from the inherited hcl files are available automatically
   # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
   # will be more flexible if you specify particular input values.
-  name = "${ local.account_vars.locals.vpc_info["vpc-qualys"]["name"] }-${local.account_vars.locals.account_name}"
-  cidr = local.account_vars.locals.vpc_info["vpc-qualys"]["cidr"]
   tags = {
-    Purpose = local.account_vars.locals.vpc_info["vpc-qualys"]["purpose"]
+    Purpose = "Qualys Scanning Appliances"
     Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
   }
 
+  vpc_id                = dependency.vpc.outputs.vpc_id
+  subnets               = dependency.vpc.outputs.private_subnets
   personalization_codes = local.account_vars.locals.qualys_personalization_codes
 
 }

prod/aws-us-gov/mdr-prod-c2/275-nessus-security-scanners/terragrunt.hcl

@@ -17,7 +17,7 @@ terraform {
 }
 
 dependency "vpc" {
-  config_path = "../030-qualys-vpc"
+  config_path = "../010-vpc-scanners"
 }
 
 # Include all settings from the root terragrunt.hcl file

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -101,8 +101,8 @@ locals {
       "cidr" = "10.40.0.0/22",
       "tgw_attached" = false, # Attached via tgw creation
     },
-    "vpc-qualys" = {
-      "name" = "vpc-qualys",
+    "vpc-scanners" = {
+      "name" = "vpc-scanners",
       "purpose" = "Security Scanning",
       "cidr" = "10.40.12.0/22",
       "tgw_attached" = true,
@@ -207,4 +207,14 @@ locals {
   interconnects_key_name = "fdamstra" # DO NOT CHANGE
   interconnects_count = 2
   interconnect_instances_path = "../018-interconnect-instances"
+
+  # Qualys Scanners
+  qualys_personalization_codes = {
+    standard      = "21007869625439" # XDR_Prod_Govcloud_Standard
+    preauthorized = "21028116523735" # XDR_Prod_Govcloud_Preauthorized
+  }
+
+  # Qualys Connector, defined in AssetView in Qualys Console
+  qualys_connector_externalid = "1621818655116" # mdr-prod-c2-gov 
+
 }

test/aws-us-gov/mdr-test-c2/010-vpc-scanners/.terraform.lock.hcl

@@ -0,0 +1,88 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.37.0"
+  constraints = ">= 2.42.0, >= 2.70.0, 3.37.0"
+  hashes = [
+    "h1:GeRKgHncFkh8vd+Rlq6G/5D7wgfd9LXLYrfNvLiMy48=",
+    "h1:RvLGIfRZfbzY58wUja9B6CvGdgVVINy7zLVBdLqIelA=",
+    "h1:Tf6Os+utUxE8rEr/emCXLFEDdCb0Y6rsN4Ee84+aDCQ=",
+    "h1:mxnOC4CXzhG+/JiAs6u2QTn6ecDBoiZBqxaXwqp2TB0=",
+    "zh:064c9b21bcd69be7a8631ccb3eccb8690c6a9955051145920803ef6ce6fc06bf",
+    "zh:277dd05750187a41282cf6e066e882eac0dd0056e3211d125f94bf62c19c4b8b",
+    "zh:47050211f72dcbf3d99c82147abd2eefbb7238efb94d5188979f60de66c8a3df",
+    "zh:4a4e0d070399a050847545721dae925c192a2d6354802fdfbea73769077acca5",
+    "zh:4cbc46f79239c85d69389f9e91ca9a9ebf6a8a937cfada026c5a037fd09130fb",
+    "zh:6548dcb1ac4a388ed46034a5317fa74b3b0b0f68eec03393f2d4d09342683f95",
+    "zh:75b4a82596aa525d95b0b2847fe648368c6e2b054059c4dc4dcdee01d374b592",
+    "zh:75cf5cc674b61c82300667a82650f56722618b119ab0526b47b5ecbb4bbf49d0",
+    "zh:93c896682359039960c38eb5a4b29d1cc06422f228db0572b90330427e2a21ec",
+    "zh:c7256663aedbc9de121316b6d0623551386a476fc12b8eb77e88532ce15de354",
+    "zh:e995c32f49c23b5938200386e08b2a3fd69cf5102b5299366c0608bbeac68429",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version     = "2.2.0"
+  constraints = "2.2.0"
+  hashes = [
+    "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
+    "h1:12Bac8B6Aq2+18xe8iqp5iYytav2Bw+jG43z/VaK5zI=",
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/vault" {
+  version     = "2.19.1"
+  constraints = "2.19.1"
+  hashes = [
+    "h1:04SjcwVTpGqFOAZezd9vmo/ceQGovZL/Cb9kVPjQscQ=",
+    "h1:3LNNXigzNkIAALc1v8uRfKmjzlUYyfQH+r/N5plUUeA=",
+    "h1:Sqdnqh2CHtEEVdTQom0+qQsgn+gjnVZXk6Xb9iOPQi4=",
+    "h1:yz5QWTvycJvjR3Z5EaCLF6UC8hugPAz2eIy9NzymPoI=",
+    "zh:0c6ca9d49bc116788015bbf83f7e8e405e4e63bfd9dd198f29d501632bc7d79f",
+    "zh:1f13cbe8d6b98a9e0392c72320cd86d5253a09f3c45fe9f4baa2b71660621d1e",
+    "zh:365d07bec517cb17523526c3a6f1bd23dbedb7fe8868d28976998c5eff3b9932",
+    "zh:3ac807ce39cd11d5a573377b868bc547f1f24ac2fb7bf3d7e1ec5a62ead7c31f",
+    "zh:5eb21cf4628353fcbd44231b92d1e027340af98b2ba02aaa01d91b07989caa8c",
+    "zh:66bed701cd0372b864ba656c9a01deb15e6cd7ac4390a3933e034a01f7bbe703",
+    "zh:8dd523de854b59f7e837102064f23fcf33ee69d4d46feeb5a67796b7ba03d003",
+    "zh:a514911915ab7d7b5fda18a7ca1404ca0496a54088a6ef52e0b92e4e0d7ff85e",
+    "zh:b4020c332c2b5b992f56d0e3e7b4940f7dab63f2af5558d913e79834b90b4d80",
+    "zh:bdb1c77d22e7accedf4b501f139c306c46dcb58ff693b9a6dcaef356c6749ee1",
+  ]
+}
+
+provider "registry.terraform.io/jtopjian/sensu" {
+  version     = "0.10.5"
+  constraints = "0.10.5"
+  hashes = [
+    "h1:/i+iYOhp7+nC7rZHJcQ4TWf4POHGhbwShPuvyko+/0s=",
+    "h1:DwoEsKZDLh315Q99LFdnzgqJR0kNHTBeUC9rZRJP2iU=",
+    "h1:MGRbVNP4L1FNXzAKUwBTUu9loNUGmRJQSndDrubRm7o=",
+    "h1:ZMsKGpRtwCSpkxZrpB4jFMxJ+RQCMs9Xed+RLPzMTm4=",
+    "zh:3225f4916085c97dd49deab54a8a590f6d32f9e7b07c4781e1da7a639bacc412",
+    "zh:45dc4d6edd2943f77967bd50065070e3eece274b9a32a5de4541b80609d53aaf",
+    "zh:4a35d980af50e4e86935fe3e1a55baf917f46921bea288abc53f438dc334ada2",
+    "zh:6b1bee30e0d0c2713ae684920c3a9ae0d01bb847e616358e254412b382671d4c",
+    "zh:7f0d10555eff2748c03a5642e785be3624e304cc174874c6ab52cb05041efecf",
+    "zh:7f70a20b92759afd7f5dd9b4877328b657545377e4e6e1f67c9b55e883d08b81",
+    "zh:844c3b405620779d06871d9ca9f84fa3745bbae668af8bd790504fd4649fbb7a",
+    "zh:95aba67c1ccdf6dd3f75c257f1a91e936fbd0ddb47b21fc85e90b7204abe7c05",
+    "zh:97f20679d06fcf74c6dbb30930541c8e12e07e8210213b4437d6b79034b8b60d",
+    "zh:c77dd3019a11eb7e047a09e38d8347de1bd1fecc7893c2f52512ede811ab7103",
+    "zh:c86d3aa646335ac7d5bb85475e7be115b62adc8d06ab4fb962c7f2874a1b5108",
+  ]
+}

test/aws-us-gov/mdr-test-c2/010-vpc-scanners/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/010-vpc-scanners/terragrunt.hcl

@@ -0,0 +1,42 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v1.23.25"
+}
+
+dependency "transit_gateway" {
+  config_path = "../../${local.environment_vars.locals.transit_gateway_account_name}/008-transit-gateway-hub"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  accept_tgw_invitation = false # Should we accept the Transit GT invitation? Should only be true for the first vpc
+  # no arns for the account hosting the transit gateway
+  #tgw_share_arn = dependency.transit_gateway.outputs.resource_share_arns[local.account_vars.locals.aws_account_id]
+  tgw_id = dependency.transit_gateway.outputs.tgw_id
+  vpc_info = local.account_vars.locals.vpc_info["vpc-scanners"]
+  tags = {
+    Purpose = "Vulnerability Scanners"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/030-qualys-vpc/README.md

@@ -1,2 +0,0 @@
-# Qualys VPC and Scanner(s)
-

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/README.md

@@ -1,5 +0,0 @@
-# Attaches this account's Qualys VPCs to the transit gateway, but for the HUB account.
-
-You can reuse this module to attach additional VPCs by updating
-either the dependencies or the inputs, as appropriate.
-

test/aws-us-gov/mdr-test-c2/031-attach-qualys-vpc-to-transit-gateway/.terraform.lock.hcl → test/aws-us-gov/mdr-test-c2/032-qualys-scanners/.terraform.lock.hcl

@@ -3,7 +3,7 @@
 
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "3.37.0"
-  constraints = "3.37.0"
+  constraints = ">= 2.42.0, 3.37.0"
   hashes = [
     "h1:GeRKgHncFkh8vd+Rlq6G/5D7wgfd9LXLYrfNvLiMy48=",
     "h1:RvLGIfRZfbzY58wUja9B6CvGdgVVINy7zLVBdLqIelA=",

test/aws-us-gov/mdr-test-c2/032-qualys-scanners/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

test/aws-us-gov/mdr-test-c2/032-qualys-scanners/terragrunt.hcl

@@ -0,0 +1,47 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+
+  # e.g. inherited variables:
+  #environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  #partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  #region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  #global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+
+  # Extract out common variables for reuse
+  #env = local.environment_vars.locals.environment
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/qualys_scanners?ref=v1.23.25"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+dependency "vpc" {
+  config_path = "../010-vpc-scanners"
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Qualys Scanning Appliances"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+
+  vpc_id                = dependency.vpc.outputs.vpc_id
+  subnets               = dependency.vpc.outputs.private_subnets
+  personalization_codes = local.account_vars.locals.qualys_personalization_codes
+
+}

test/aws-us-gov/mdr-test-c2/275-nessus-security-scanners/terragrunt.hcl

@@ -17,7 +17,7 @@ terraform {
 }
 
 dependency "vpc" {
-  config_path = "../030-qualys-vpc"
+  config_path = "../010-vpc-scanners"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -102,8 +102,8 @@ locals {
       "cidr" = "10.20.0.0/22",
       "tgw_attached" = false, # NOTE: This is attached via the transit gateway creation
     },
-    "vpc-qualys" = {
-      "name" = "vpc-qualys",
+    "vpc-scanners" = {
+      "name" = "vpc-scanners",
       "purpose" = "Security Scanning",
       "cidr" = "10.20.12.0/22",
       "tgw_attached" = true,
@@ -219,8 +219,8 @@ locals {
 
   # Qualys Scanners
   qualys_personalization_codes = {
-    standard = "21009597903247"
-    preauthorized = "21005906078774"
+    standard      = "21035137513195" # XDR_Test_Govcloud_Standard
+    preauthorized = "21054299967066" # XDR_Test_Govcloud_Preauthorized
   }
 
   # Qualys Connector

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -22,7 +22,7 @@ locals {
     "vpc-splunk" = {
        "name" = "vpc-splunk",
        "purpose" = "Splunk Systems (modelclient)", # Substitute with Customer Name
-       "cidr" = "10.20.8.0/22",
+       "cidr" = "10.20.8.0/22",	                   # In the wrong place, needs to be changed to 10.22/16
        "tgw_attached" = true
     }
   } 

test/env.hcl

@@ -66,7 +66,7 @@ locals {
 
   dns_servers = [
     "10.20.2.64",
-    "10.16.2.123",
+    "10.20.2.185",
   ]
   inbound_resolver_endpoints = [
     "10.20.0.119",