# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
# terragrunt.hcl configuration.
locals {
  account_name   = "afs-mdr-common-services-gov"
  account_alias  = "afs-mdr-common-services-gov"
  aws_account_id = "701290387780"
  instance_termination_protection = true # set to true for production!
  splunk_prefix = "moose"
  okta_app = "AWS - GovCloud"

  account_tags = {
    "Client": local.splunk_prefix
  }
  c2_account_standards_path = "../../../../prod/aws-us-gov/mdr-prod-c2/005-account-standards-c2"

  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
  vpc_info = {
    "vpc-security" = {
      "name" = "vpc-security",
      "purpose" = "Palo altos, can probably be removed.",
      "cidr" = "10.1.128.0/22"
    }
  }

  # Panorama / Palo Alto information
  panorama_serial_numbers = [
    "000702891433",
    "000702138816"
  ]
  panorama_count = 0 # We need a second serial number for 2
  panorama_instance_type = "m5.2xlarge"
  #panorama_instance_type = "t3.xlarge"
  panorama_key_name = "fdamstra" # DO NOT CHANGE
  palo_alto_count = 0 # should be divisible by 2
  palo_alto_instance_type = "m5.xlarge"
  palo_alto_key_name = "fdamstra" # DO NOT CHANGE

  # To generate auth keys, log in to the panorama cli and run:
  #   request bootstrap vm-auth-key generate lifetime 720
  # where 720 is the validity period in hours (720 is 30 days)
  # (Should only need to be valid when you stand up the firewall)
  palo_alto_auth_keys = [
    "866071457115248", #Expires at: 2020/07/31 15:01:33
    "165273115818468", #Expires at: 2020/07/31 15:01:34
  ]
  palo_alto_license_keys = [ # one per count
    "32836999",
    "65202677"
  ]
  palo_alto_feature_auth_keys = [ # one per count, not yet implemented
    "28341453",
    "62158825"
  ]

  # Qualys Connector
  qualys_connector_externalid = "1604790479997"
}