Merge pull request #418 from mdr-engineering/feature/bp_MSOCI-1901_Tenable_LCPs

Updates Nessus and globals

globals.hcl

@@ -97,45 +97,17 @@ locals {
     },
   ]
 
-  #Customer External IPs
-  #To increase flexibility and to provide better documentation,
-  #break up the IPs based on on-prem and not on-prem. 
-
-  #### AFS ON-PREM POP ####
-  afs_pop = [
-    "170.248.172.0/23",
-  ]
-
-  # AFS Azure POP external IPs
-  afs_azure_pop = [
-    "20.190.250.137/32",     # EastUS2_External_Access
-    "52.232.227.197/32",     # Azure US-East Palo
-    "52.185.64.173/32",      # CentralUS_External_Access
-    "52.242.225.98/32",      # Azure US-Central Palo 20200721
-    "52.177.84.83/32",       # Lab_External_Access
-  ]
-
-  #### NGA ####
-  nga_pop = [
-    "199.16.64.3/32"
-  ]
-
-  xdr_interconnect = [
-    "18.252.61.218/32",
-    "18.252.67.171/32",
-    "18.253.123.98/32",
-    "18.253.98.90/32",
-  ]  
-
+  # Customer External IPs
+  # To increase flexibility and to provide better documentation,
+  # break up the IPs based on on-prem and not on-prem. 
+  #
   # All of the "external" things that need access to publically
   # available C2 services, like Salt Masters, Repo Servers
   #
   # Structure is a list of maps, and the "description" value in the
   # map must be unique across the whole list or it will cause an error.
   #
-  # TODO:  the lists of IPs above need to be moved into this.  I did not
-  # attempt it NOW because of the upcoming change freeze and a desire to
-  # not put in unnecessary changes.
+
   c2_services_external_ips = [
     {
       description = "Test LCPs"
@@ -144,6 +116,28 @@ locals {
         "54.224.56.231/32",                 # Test LCP in Commercial (EIP in common-services)
       ]
     },
+    {
+      description = "NGA"
+      cidr_blocks = [
+        "199.16.64.3/32",                    #  NGA
+      ]
+    },
+    {
+      description = "AFS OnPrem"
+      cidr_blocks = [
+        "170.248.172.0/23",                  #  AFS Onprem
+      ]
+    },
+    {
+      description = "AFS Azure"
+      cidr_blocks = [
+        "20.190.250.137/32",                 # EastUS2_External_Access
+        "52.232.227.197/32",                 # Azure US-East Palo
+        "52.185.64.173/32",                  # CentralUS_External_Access
+        "52.242.225.98/32",                  # Azure US-Central Palo 20200721
+        "52.177.84.83/32",                   # Lab_External_Access
+      ]
+    },
     {
       description = "BAS-Commerce CMPS"
       cidr_blocks = [
@@ -196,12 +190,8 @@ locals {
   }
 
   repo_server_whitelist = concat(
-    local.afs_pop,
-    local.afs_azure_pop,
-    local.nga_pop,
     [ "52.179.13.17/32",  #???
     ],
-    local.xdr_interconnect
   )
 
   key_pairs = {

prod/aws-us-gov/mdr-prod-c2/080-instance-proxy-server/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/proxy_server?ref=v1.24.15"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/proxy_server?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/080-instance-repo-server/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v2.0.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/085-rhsso/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/rhsso?ref=v2.0.11"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/rhsso?ref=v2.1.9"
 }
 
 dependency "vpc-public" {

prod/aws-us-gov/mdr-prod-c2/090-instance-github/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/github?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/github?ref=v2.1.9"
 }
 
 dependency "vpc" {

prod/aws-us-gov/mdr-prod-c2/090-instance-mailrelay/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/mailrelay?ref=v2.1.7"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/mailrelay?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/090-instance-teleport/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/teleport-single-instance?ref=v2.0.12"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/teleport-single-instance?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/090-instance-vault/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/vault?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/vault?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

prod/aws-us-gov/mdr-prod-c2/275-nessus-security-managers/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.1.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.1.9"
 }
 
 dependency "vpc" {

test/aws-us-gov/mdr-test-c2/071-instance-salt-master/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/salt_master?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/080-instance-proxy-server/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/proxy_server?ref=v1.24.14"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/proxy_server?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/080-instance-repo-server/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v2.0.3"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/repo_server?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/085-keycloak/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/keycloak?ref=v2.0.8"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/keycloak?ref=v2.1.9"
 }
 
 dependency "vpc-public" {

test/aws-us-gov/mdr-test-c2/085-rhsso/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/rhsso?ref=v2.0.11"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/rhsso?ref=v2.1.9"
 }
 
 dependency "vpc-public" {

test/aws-us-gov/mdr-test-c2/090-instance-github/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/github?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/github?ref=v2.1.9"
 }
 
 dependency "vpc" {

test/aws-us-gov/mdr-test-c2/090-instance-mailrelay/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/mailrelay?ref=v2.1.7"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/mailrelay?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/090-instance-teleport/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/teleport-single-instance?ref=v2.0.12"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/teleport-single-instance?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/090-instance-vault/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/vault?ref=v1.24.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/vault?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/095-instance-sensu/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/sensu?ref=v2.1.8"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/sensu?ref=v2.1.9"
 }
 
 dependency "vpc-system-services" {

test/aws-us-gov/mdr-test-c2/275-nessus-security-managers/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.1.0"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/nessus/instance_nessus_manager?ref=v2.1.9"
 }
 
 dependency "vpc" {