Revamps standard_tags to be built from multiple hcl specific files

000-skeleton/account.hcl

@@ -6,6 +6,8 @@ locals {
   account_alias  = "TODO"
   aws_account_id = "TODO"
   instance_termination_protection = TODO # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "TODO/TODO"

common/aws-us-gov/afs-mdr-common-services-gov/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-common-services-gov"
   aws_account_id = "701290387780"
   instance_termination_protection = true # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.1.132.0/22"

common/aws-us-gov/partition.hcl

@@ -8,6 +8,21 @@ locals {
   common_services_account = "701290387780"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
 
+  partition_tags = { }
+
+  # Statically setting the 'last known good' ami gives us some added flexibility
+  # in building amis more regularly.
+  #
+  # Don't forget `lifecycle { ignore_changes = ["ami"] }` in yoru ec2
+  # builds!
+  amis = {
+    "rhel7-base"   = "ami-07bc8289a7cc97304",
+    "rhel7-master" = "ami-0b2284c85a8635731",
+    "rhel7-minion" = "ami-06df5afc7636bd980"
+  }
+  default_ami = local.amis["rhel7-minion"] # Allows us to easily change to a new base standard
+
+  # If you need the raw list of all accounts, see `account_list` below
   account_map = {
     "prod" = [
       "721817724804", # mdr-prod-c2

common/aws-us-gov/region.hcl

@@ -6,4 +6,5 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region = "us-gov-east-1"
+  region_tags = { }
 }

common/aws/legacy-mdr-root/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "legacy-mdr-root"
   account_alias  = ""
   aws_account_id = "350838957895"
+  
+  account_tags = { } 
 }

common/aws/mdr-common-services/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-common-services"
   aws_account_id = "471284459109"
   instance_termination_protection = true # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.1.1.0/22"

common/aws/mdr-cyber-range/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_name   = "afs-mdr-prod-cyber-range"
   account_alias  = "afs-mdr-prod-cyber-range"
   aws_account_id = "952430311316"
+  
+  account_tags = { } 
 
   iam_additional_trusted_arns = [ "arn:aws:iam::471284459109:role/user/mdr_developer_readonly" ]
 }

common/aws/mdr-dev-ai/account.hcl

@@ -4,6 +4,8 @@ locals {
   account_name   = "afs-mdr-dev-ai"
   account_alias  = "afs-mdr-dev-ai"
   aws_account_id = "228011623757"
+  
+  account_tags = { } 
 
   iam_additional_trusted_arns = [ "arn:aws:iam::471284459109:role/user/mdr_developer_readonly" ]
 }

common/aws/partition.hcl

@@ -8,6 +8,21 @@ locals {
   common_services_account = "471284459109"
   common_profile = "${local.aws_partition == "aws-us-gov" ? "govcloud" : "commercial"}"
 
+  partition_tags = { }
+
+  # Statically setting the 'last known good' ami gives us some added flexibility
+  # in building amis more regularly.
+  #
+  # Don't forget `lifecycle { ignore_changes = ["ami"] }` in yoru ec2
+  # builds!
+  amis = {
+    "rhel7-base"   = "ami-0de46d7d1a164b307",
+    "rhel7-master" = "ami-0114330666839f2b9",
+    "rhel7-minion" = "ami-0425efbff72b3c702"
+  }
+  default_ami = local.amis["rhel7-minion"] # Allows us to easily change to a new base standard
+
+  # If you need the raw list of all accounts, see `account_list` below
   account_map = {
     "prod" = [
       "045312110490", # mdr-prod-c2

common/aws/region.hcl

@@ -6,4 +6,5 @@
 # At some point, this may need to be added as a hierarchical directory when we move to additional regions.
 locals {
   aws_region = "us-east-1"
+  region_tags = { }
 }

globals.hcl

@@ -5,7 +5,7 @@ locals {
   binaries_bucket     = "afsxdr-binaries"        # Storage for binaries
 
   inside_domain = "msoc.defpoint.local"
-  standard_tags = {
+  global_tags = {
     "Schedule" = "MSOC",
     #"Last_Updated" = timestamp() # while this is cool, its usefulness does not warrant the constant updates.
   }

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-prod-c2-gov"
   aws_account_id = "721817724804"
   instance_termination_protection = true # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.40.0.0/22"

prod/aws-us-gov/mdr-prod-malware/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-prod-malware-gov"
   account_alias  = "afs-mdr-prod-malware-gov"
   aws_account_id = "876865127438"
+  
+  account_tags = { } 
 }

prod/aws-us-gov/mdr-prod-modelclient/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-prod-modelclient-gov"
   account_alias  = "afs-mdr-prod-modelclient-gov"
   aws_account_id = "738736370544"
+  
+  account_tags = { } 
 }

prod/aws/legacy-mdr-prod/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "legacy-mdr-prod"
   account_alias  = "" # No alias for legacy accounts
   aws_account_id = "477548533976"
+  
+  account_tags = { } 
 }

prod/aws/mdr-prod-c2/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-prod-c2"
   aws_account_id = "045312110490"
   instance_termination_protection = true # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.32.0.0/22"

prod/aws/mdr-prod-malware/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-prod-malware"
   account_alias  = "afs-mdr-prod-malware"
   aws_account_id = "369723129071"
+  
+  account_tags = { } 
 }

prod/aws/mdr-prod-modelclient/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-prod-modelclient"
   account_alias  = "afs-mdr-prod-modelclient"
   aws_account_id = "425831147305"
+  
+  account_tags = { } 
 }

terragrunt.hcl

@@ -31,6 +31,15 @@ locals {
   # Automatically load global-level variables
   global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
 
+  # Generate our standard tags
+  standard_tags = merge(
+    local.global_vars.locals.global_tags,
+    local.environment_vars.locals.environment_tags,
+    local.partition_vars.locals.partition_tags,
+    local.region_vars.locals.region_tags,
+    local.account_vars.locals.account_tags
+  )
+
   # Extract the variables we need for easy access
   account_name   = local.account_vars.locals.account_name
   account_id     = local.account_vars.locals.aws_account_id
@@ -114,4 +123,7 @@ inputs = merge(
   local.partition_vars.locals,
   local.environment_vars.locals,
   local.global_vars.locals,
+  { # Variables created in this file that we want to pass through
+    standard_tags = local.standard_tags
+  }
 )

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-test-c2-gov"
   aws_account_id = "738800754746"
   instance_termination_protection = false # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.20.0.0/22"

test/aws-us-gov/mdr-test-malware/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-test-malware-gov"
   aws_account_id = "876942499057"
   instance_termination_protection = false # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.20.4.0/22"

test/aws-us-gov/mdr-test-modelclient/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-test-modelclient-gov"
   aws_account_id = "701341250728"
   instance_termination_protection = false # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "TODO/TODO"

test/aws/legacy-mdr-test/account.hcl

@@ -5,4 +5,6 @@ locals {
   account_name   = "legacy-mdr-test"
   account_alias  = "" # No alias for legacy
   aws_account_id = "527700175026"
+  
+  account_tags = { } 
 }

test/aws/mdr-test-c2/account.hcl

@@ -5,6 +5,8 @@ locals {
   account_alias  = "afs-mdr-test-c2"
   aws_account_id = "816914342178"
   instance_termination_protection = true # set to true for production!
+  
+  account_tags = { } 
 
   # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
   standard_vpc_cidr = "10.40.0.0/22"

test/aws/mdr-test-malware/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-test-malware"
   account_alias  = "afs-mdr-test-malware"
   aws_account_id = "404265901253"
+  
+  account_tags = { } 
 }

test/aws/mdr-test-modelclient/account.hcl

@@ -4,4 +4,6 @@ locals {
   account_name   = "afs-mdr-test-modelclient"
   account_alias  = "afs-mdr-test-modelclient"
   aws_account_id = "449047653882"
+  
+  account_tags = { } 
 }

test/env.hcl

@@ -3,4 +3,5 @@
 locals {
   environment = "test"
   transit_gateway_account_name = "mdr-test-c2" # Which account has the transit gateway
+  environment_tags = { }
 }