Merge pull request #14 from mdr-engineering/hotfix/ftd_Make_it_match_reality

Make it match reality

common/aws-us-gov/afs-mdr-common-services-gov/001-iam/okta_saml.tf

@@ -1,23 +0,0 @@
-module "okta_saml" {
-  source = "../../../../modules/iam/okta_saml_roles/0.1"
-  account_alias = "afs-mdr-common-services"
-  okta_app      = "AWS - GovCloud"
-}
-
-terraform {
-  required_version = ">= 0.12, < 0.13"
-}
-
-provider "aws" {
-  region  = "us-gov-east-1"
-  version = "~> 2.0"
-
-  allowed_account_ids = [
-    701290387780
-  ]
-}
-
-provider "okta" {
-  org_name = "mdr-multipass"
-  base_url = "okta.com"
-}

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/main.tf

@@ -1,5 +1,5 @@
 module "tfstate" {
-  source            = "../../../../modules/tfstate/tfstate-s3/0.1"
+  source            = "../../../../../xdr-terraform-modules/base/tfstate/tfstate-s3/"
   bucket_name       = local.name
   lock_table_name   = local.name
 }

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/provider.tf

@@ -1,8 +1,13 @@
 provider "aws" {
   region  = "us-gov-east-1"
   version = "~> 2.0"
+  assume_role {
+    role_arn = "arn:aws-us-gov:iam::701290387780:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
 
-  allowed_account_ids = [
-    701290387780
-  ]
+  profile = "govcloud"
+
+  # Only these AWS Account IDs may be operated on by this template
+  allowed_account_ids = ["701290387780"]
 }

common/aws-us-gov/afs-mdr-common-services-gov/001-tfstate/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "0.12.26",
-  "serial": 7,
+  "serial": 9,
   "lineage": "98e5e789-5a16-5c08-b9f6-7e8cb242c2a4",
   "outputs": {},
   "resources": [
@@ -16,9 +16,9 @@
           "schema_version": 0,
           "attributes": {
             "account_id": "701290387780",
-            "arn": "arn:aws-us-gov:iam::701290387780:user/MDRAdmin",
-            "id": "2020-06-10 17:43:36.050495 +0000 UTC",
-            "user_id": "AIDA2GSBKDFCIOHM2OZMZ"
+            "arn": "arn:aws-us-gov:sts::701290387780:assumed-role/mdr_terraformer/terraform",
+            "id": "2020-07-07 14:04:14.074532 +0000 UTC",
+            "user_id": "AROA2GSBKDFCIT5IHVMAA:terraform"
           }
         }
       ]
@@ -171,7 +171,7 @@
           "schema_version": 0,
           "attributes": {
             "dns_suffix": "amazonaws.com",
-            "id": "2020-06-10 17:43:35.802169 +0000 UTC",
+            "id": "2020-07-07 14:04:13.787107 +0000 UTC",
             "partition": "aws-us-gov"
           }
         }
@@ -281,7 +281,7 @@
             "key_id": "dddb424f-ebdd-416e-8772-3fc18aa81cb7",
             "key_usage": "ENCRYPT_DECRYPT",
             "policy": "{\"Id\":\"key-consolepolicy-3\",\"Statement\":[{\"Action\":\"kms:*\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:root\"},\"Resource\":\"*\",\"Sid\":\"Enable IAM User Permissions\"},{\"Action\":[\"kms:Update*\",\"kms:UntagResource\",\"kms:TagResource\",\"kms:ScheduleKeyDeletion\",\"kms:Revoke*\",\"kms:Put*\",\"kms:List*\",\"kms:Get*\",\"kms:Enable*\",\"kms:Disable*\",\"kms:Describe*\",\"kms:Delete*\",\"kms:Create*\",\"kms:CancelKeyDeletion\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow access for Key Administrators\"},{\"Action\":[\"kms:ReEncrypt*\",\"kms:GenerateDataKey*\",\"kms:Encrypt\",\"kms:DescribeKey\",\"kms:Decrypt\"],\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow use of the key\"},{\"Action\":[\"kms:RevokeGrant\",\"kms:ListGrants\",\"kms:CreateGrant\"],\"Condition\":{\"Bool\":{\"kms:GrantIsForAWSResource\":\"true\"}},\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws-us-gov:iam::701290387780:user/MDRAdmin\"},\"Resource\":\"*\",\"Sid\":\"Allow attachment of persistent resources\"}],\"Version\":\"2012-10-17\"}",
-            "tags": null
+            "tags": {}
           },
           "private": "bnVsbA=="
         }
@@ -327,7 +327,7 @@
                   }
                 ],
                 "prefix": "",
-                "tags": null,
+                "tags": {},
                 "transition": []
               }
             ],
@@ -351,7 +351,7 @@
                 ]
               }
             ],
-            "tags": null,
+            "tags": {},
             "versioning": [
               {
                 "enabled": true,

common/aws-us-gov/afs-mdr-common-services-gov/004-iam-okta/.gitignore

@@ -0,0 +1,5 @@
+# as this directory contains the old style of terragrunt,
+# it generates these two files in the local directory, but
+# we don't need/want to keep them around.
+backend.tf
+provider.tf

common/aws-us-gov/afs-mdr-common-services-gov/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/016-panorama/terragrunt.hcl

@@ -41,5 +41,5 @@ inputs = {
   ] 
   subnet_id_map = dependency.security_vpc.outputs.subnet_id_map
   subnet_cidr_map = dependency.security_vpc.outputs.subnet_cidr_map
-  ebs_key = dependency.security_vpc.outputs.ebs_kms_arn
+  ebs_key = dependency.security_vpc.outputs.kms_palo_key_arn
 }

common/aws/legacy-mdr-root/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/001-tfstate/provider.tf

@@ -2,6 +2,13 @@ provider "aws" {
   region  = "us-east-1"
   version = "~> 2.0"
 
+  assume_role {
+    role_arn = "arn:aws:iam::471284459109:role/user/mdr_terraformer"
+    session_name = "terraform"
+  }
+
+  profile = "commercial"
+
   allowed_account_ids = [
     471284459109
   ]

common/aws/mdr-common-services/004-iam-okta/.gitignore

@@ -0,0 +1,4 @@
+# This is the old style of terragrunt, which creates these two
+# files in the local directory. We don't want/need them.
+backend.tf
+provider.tf

common/aws/mdr-common-services/006-account-standards/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-cyber-range/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-dev-ai/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/005-iam/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.2.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/iam?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/006-account-standards/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/account_standards?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/008-transit-gateway-hub/terragrunt.hcl

@@ -15,7 +15,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_hub?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_hub?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/010-standard-vpc/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/standard_vpc?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/015-security-vpc/terragrunt.hcl

@@ -0,0 +1,33 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/palo_alto/security_vpc?ref=v0.3.0"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Security VPC"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+}

test/aws-us-gov/mdr-test-c2/019-attach-transit-gateway-to-hub-account/terragrunt.hcl

@@ -24,7 +24,7 @@ dependency "standard_vpc" {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_client?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -14,11 +14,13 @@ locals {
   test_instance_key_name = "fdamstra" # They with which to provision the test instance
 
   # AS Number used for various resources, but not every account needs one.
-  asn = 64720
+  asn = 64710 # changing this replaces the gateway
+
+  security_vpc_cidr = "10.179.128.0/22"
 
   # XDR-Interconnects
-  xdr_interconnect_asn = 64700
+  xdr_interconnect_asn = 64888
   xdr_interconnects_instance_type = "t3a.micro"
   xdr_interconnects_key_name = "fdamstra" # DO NOT CHANGE
-  xdr_interconnects_count = 2
+  xdr_interconnects_count = 0
 }

test/aws-us-gov/mdr-test-malware/044-VMRay-Instances/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/vmray_instances?ref=v0.0.1"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/vmray_instances?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file

test/aws/mdr-test-c2/008-transit-gateway-hub/terragrunt.hcl

@@ -15,7 +15,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_hub?ref=v0.2.0"
+  source = "git@github.mdr.defpoint.com:mdr-engineering/xdr-terraform-modules.git//base/transit_gateway_hub?ref=v0.3.0"
 }
 
 # Include all settings from the root terragrunt.hcl file