Merge pull request #614 from mdr-engineering/feature/ftd_MSOCI-2124_UpdatedConnectionHandler

Updates VPNs to Latest for Upgrade Connection Handler

prod/aws-us-gov/mdr-prod-c2/087-amazon-vpn/terragrunt.hcl

@@ -16,7 +16,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_client_vpn?ref=v4.1.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_client_vpn?ref=v4.1.8"
 }
 
 dependency "vpc-access" {
@@ -43,6 +43,8 @@ inputs = {
   private_subnets = dependency.vpc-access.outputs.private_subnets
   public_subnets = dependency.vpc-access.outputs.public_subnets
   split_tunnel = false
+  log_level = "INFO"       # (CRITICAL|ERROR|WARNING|INFO|DEBUG|NOTSET)
+  module_log_level = "INFO" # (CRITICAL|ERROR|WARNING|INFO|DEBUG|NOTSET)
 }
 terraform_version_constraint = "= 1.1.6"
 terragrunt_version_constraint = "= 0.36.2"

prod/aws-us-gov/mdr-prod-c2/account.hcl

@@ -279,7 +279,19 @@ locals {
       kinesis_firehose_iam_policy_name = "KinesisFirehose-Policy-aws_vpn"
       cloudwatch_to_firehose_trust_iam_role_name = "CloudWatchToSplunkFirehoseTrust-aws_vpn"
       cloudwatch_to_fh_access_policy_name = "KinesisCloudWatchToFirehosePolicy-aws_vpn"
+    },
+    "/aws/lambda/AWSClientVPN-ConnectionHandler" = {
+      hec_token = "BEB99C82-7608-454A-B0B1-CB1564A147A4"
+      firehose_name = "aws_vpn_connectionhandler_firehose"
+      lambda_function_name = "aws_vpn_connectionhandler_kinesis_firehose_transform"
+      s3_bucket_name = "${local.account_name}-kinesis-aws-vpn-connectionhandler-s3"
+      log_stream_name = "ClientVPNConnectionHandler"
+      kinesis_firehose_lambda_role_name = "KinesisFirehoseToLambaRole-aws_vpn_connectionhandler"
+      kinesis_firehose_role_name = "kinesis-firehose-role-name-aws-vpn-connectionhandler"
+      lambda_iam_policy_name = "Kinesis-Firehose-to-Splunk-Policy-aws_vpn_connectionhandler"
+      kinesis_firehose_iam_policy_name = "KinesisFirehose-Policy-aws_vpn_connectionhandler"
+      cloudwatch_to_firehose_trust_iam_role_name = "CloudWatchToSplunkFirehoseTrust-aws_vpn_connectionhandler"
+      cloudwatch_to_fh_access_policy_name = "KinesisCloudWatchToFirehosePolicy-aws_vpn_connectionhandler"
     }
   }
-
 }

test/aws-us-gov/mdr-test-c2/087-amazon-vpn/terragrunt.hcl

@@ -16,7 +16,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_client_vpn?ref=v4.1.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/aws_client_vpn?ref=v4.1.8"
 }
 
 dependency "vpc-access" {
@@ -43,6 +43,8 @@ inputs = {
   private_subnets = dependency.vpc-access.outputs.private_subnets
   public_subnets = dependency.vpc-access.outputs.public_subnets
   split_tunnel = false
+  log_level = "DEBUG"       # (CRITICAL|ERROR|WARNING|INFO|DEBUG|NOTSET)
+  module_log_level = "INFO" # (CRITICAL|ERROR|WARNING|INFO|DEBUG|NOTSET)
 }
 terraform_version_constraint = "= 1.1.6"
 terragrunt_version_constraint = "= 0.36.2"

test/aws-us-gov/mdr-test-c2/account.hcl

@@ -283,6 +283,18 @@ locals {
       cloudwatch_to_firehose_trust_iam_role_name = "CloudWatchToSplunkFirehoseTrust-aws_vpn"
       cloudwatch_to_fh_access_policy_name = "KinesisCloudWatchToFirehosePolicy-aws_vpn"
     }
+    "/aws/lambda/AWSClientVPN-ConnectionHandler" = {
+      hec_token = "BEB99C82-7608-454A-B0B1-CB1564A147A4"
+      firehose_name = "aws_vpn_connectionhandler_firehose"
+      lambda_function_name = "aws_vpn_connectionhandler_kinesis_firehose_transform"
+      s3_bucket_name = "${local.account_name}-kinesis-aws-vpn-connectionhandler-s3"
+      log_stream_name = "ClientVPNConnectionHandler"
+      kinesis_firehose_lambda_role_name = "KinesisFirehoseToLambaRole-aws_vpn_connectionhandler"
+      kinesis_firehose_role_name = "kinesis-firehose-role-name-aws-vpn-connectionhandler"
+      lambda_iam_policy_name = "Kinesis-Firehose-to-Splunk-Policy-aws_vpn_connectionhandler"
+      kinesis_firehose_iam_policy_name = "KinesisFirehose-Policy-aws_vpn_connectionhandler"
+      cloudwatch_to_firehose_trust_iam_role_name = "CloudWatchToSplunkFirehoseTrust-aws_vpn_connectionhandler"
+      cloudwatch_to_fh_access_policy_name = "KinesisCloudWatchToFirehosePolicy-aws_vpn_connectionhandler"
+    }
   }
-  
 }