AFS
/
xdr-terraform-live


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
							# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
# terragrunt.hcl configuration.
locals {
  account_name   = "afs-mdr-prod-c2-gov"
  account_alias  = "afs-mdr-prod-c2-gov"
  aws_account_id = "721817724804"
  instance_termination_protection = true # set to true for production!
  splunk_prefix = "moose"
  
  account_tags = { 
    "Client": local.splunk_prefix
  } 
  c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2"

  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
  standard_vpc_cidr = "10.40.0.0/22"

  vpc_info = {
    "vpc-splunk" = {
      "name" = "vpc-splunk"
      "purpose" = "Splunk Systems (MOOSE)"
      "cidr" = "10.20.16.0/22",
      "tgw_attached" = true,
    },
    "vpc-system-services" = {
      "name" = "vpc-system-services",
      "purpose" = "Internal Services for Systems",
      "cidr" = "10.40.0.0/22",
      "tgw_attached" = false, # Attached via tgw creation
    },
    "vpc-qualys" = {
      "name" = "vpc-qualys",
      "purpose" = "Security Scanning",
      "cidr" = "10.40.12.0/22",
      "tgw_attached" = true,
    },
    "vpc-interconnects" = {
      "name" = "vpc-interconnects",
      "purpose" = "Interconnections between AWS partitions",
      "cidr" = "10.179.0.0/22",
      "tgw_attached" = true,
    },
    "vpc-access" = {
      "name" = "vpc-access"
      "purpose" = "Systems providing restricted access, such as bastions and vpn concentrators"
      "cidr" = "10.40.20.0/22",
      "tgw_attached" = true,
    },
    "vpc-portal" = {
      "name" = "vpc-portal"
      "purpose" = "The Customer Portal"
      "cidr" = "10.40.32.0/24",
      "tgw_attached" = true,
    },
    "vpc-public" = {
      "name" = "vpc-public"
      "purpose" = "Publicly Accessible Infrastructure Services, such as GHE and Jira"
      "cidr" = "10.40.24.0/22",
      "tgw_attached" = true,
    },
    "vpc-private-services" = {
      "name" = "vpc-private-services"
      "purpose" = "Private XDR Services for XDR users"
      "cidr" = "10.40.28.0/22",
      "tgw_attached" = true,
    },
  }

  # Bastion
  bastion_instance_type = "t3a.micro"

  # Salt Master
  salt_master_instance_type = "t3a.large"

  # mailrelay
  mailrelay_instance_type = "t3a.micro"

  # Proxy
  openvpn_instance_type = "t3a.medium"
  
  # Proxy
  proxy_server_instance_type = "t3a.medium"

  # Repo Server
  repo_server_instance_type = "t3a.micro"

  # DNS Resolver
  resolver_instance_type = "t3a.micro"

  # Vault Server
  vault_server_instance_type = "t3a.micro"
  
  # Sensu Server
  sensu_server_instance_type = "t3a.medium"

  # For testing
  create_test_instance = false

  # AS Number used for various resources, but not every account needs one.
  asn = 64810

  security_vpc_cidr = "10.179.0.0/22"

  # Interconnects
  interconnect_asn = 64888
  interconnects_instance_type = "t3a.micro"
  interconnects_key_name = "fdamstra" # DO NOT CHANGE
  interconnects_count = 2
  interconnect_instances_path = "../018-interconnect-instances"
}