AFS
/
xdr-terraform-live


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							# Set account-wide variables. These are automatically pulled in to configure the remote state bucket in the root
# terragrunt.hcl configuration.
locals {
  # TODO put the right values here
  account_name                    = "mdr-prod-bas"
  account_alias                   = "mdr-prod-bas"
  aws_account_id                  = "081915784976"
  instance_termination_protection = true # set to true for production!
  splunk_prefix                   = "bas"

  splunk_data_sources = [
    "52.61.137.158/32", # TODO: Add customer's public IP addresses
  ]
  splunk_legacy_cidr = []        # Should not be needed for new customers
  splunk_asg_sizes   = [1, 1, 0] # How many indexers in each site


  account_tags = {
    "Client" : local.splunk_prefix,
  }
  c2_account_standards_path = "../../mdr-prod-c2/005-account-standards-c2" # TODO: Subsitute with test or prod

  # For CIDR assignment, see https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation
  vpc_info = {
    "vpc-splunk" = {
      "name"         = "vpc-splunk",
      "purpose"      = "Splunk Systems (BAS)", # TODO: Substitute with Customer Name
      "cidr"         = "10.42.24.0/22",
      "tgw_attached" = true
    }
  }

  # Qualys Connector - See https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/Qualys
  qualys_connector_externalid = "1620314156668" # Needs to come from the qualys console

  # End of TODO

  # Splunk instance sizes can be customized
  # TODO: Set these appropriately in the skeleton for prod
  instance_types = {
    "splunk-cm"      = "m5a.xlarge",   # legacy: t2.small
    "splunk-indexer" = "i3en.3xlarge", # legacy: t2.small, but whats the point if we don't have instance storage.
    "splunk-hf"      = "m5a.xlarge",   # legacy: t2.medium
    "splunk-sh"      = "m5a.4xlarge",  # legacy: ? not sure
  }

  # Splunk Volume Sizes are probably fine at defaults
  splunk_volume_sizes = {
    "cluster_master" = {
      "swap" : 8,           # minimum: 8
      "/" : 20,             # minimum: 20
      "/home" : 4,          # minimum: 4
      "/var" : 15,          # minimum: 15
      "/var/tmp" : 4,       # minimum: 4
      "/var/log" : 8,       # minimum: 8
      "/var/log/audit" : 8, # minimum: 8
      "/tmp" : 4,           # minimum: 4
      "/opt/splunk" : 30,   # No minimum; not in base image
    },
    "indexer" = {
      "swap" : 8,           # minimum: 8
      "/" : 20,             # minimum: 20
      "/home" : 4,          # minimum: 4
      "/var" : 15,          # minimum: 15
      "/var/tmp" : 4,       # minimum: 4
      "/var/log" : 8,       # minimum: 8
      "/var/log/audit" : 8, # minimum: 8
      "/tmp" : 4,           # minimum: 4
      "/opt/splunk" : 30,   # No minimum; not in base image
    },
    "searchhead" = {
      "swap" : 8,           # minimum: 8
      "/" : 20,             # minimum: 20
      "/home" : 4,          # minimum: 4
      "/var" : 15,          # minimum: 15
      "/var/tmp" : 4,       # minimum: 4
      "/var/log" : 8,       # minimum: 8
      "/var/log/audit" : 8, # minimum: 8
      "/tmp" : 4,           # minimum: 4
      "/opt/splunk" : 60,   # No minimum; not in base image
    },
    "heavy_forwarder" = {
      "swap" : 8,           # minimum: 8
      "/" : 20,             # minimum: 20
      "/home" : 4,          # minimum: 4
      "/var" : 15,          # minimum: 15
      "/var/tmp" : 4,       # minimum: 4
      "/var/log" : 8,       # minimum: 8
      "/var/log/audit" : 8, # minimum: 8
      "/tmp" : 4,           # minimum: 4
      "/opt/splunk" : 30,   # No minimum; not in base image
    },
  }
}