AFS
/
xdr-terraform-live


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
							locals {
  # If you want to use any of the variables in _this_ file, you have to load them here.
  # However, they will all be available as inputs to the module loaded in terraform.source
  # below.
  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))

  # Extract the variables we need for easy access
  account_name   = local.account_vars.locals.account_name
  account_id     = local.account_vars.locals.aws_account_id
  aws_region     = local.region_vars.locals.aws_region
  aws_partition  = local.partition_vars.locals.aws_partition
  common_services_account = local.partition_vars.locals.common_services_account
  legacy_account = local.environment_vars.locals.legacy_account
  tfstate_region = local.partition_vars.locals.tfstate_region

  common_profile = local.partition_vars.locals.common_profile
}

# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
# working directory, into a temporary folder, and execute your Terraform commands in that folder.
terraform {
  # Double slash is intentional and required to show root of modules
  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/codebuild_splunk_apps?ref=v4.0.13"
}

# ---------------------------------------------------------------------------------------------------------------------
# Generate an AWS provider block
# Temp fix to backlevel provider because of codebuild issue
# <insert github link here to provider issue>
# ---------------------------------------------------------------------------------------------------------------------
generate "provider" {
  path      = "provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
provider "template" {
}
provider "aws" {
  region = "${local.aws_region}"
  assume_role {
    role_arn = "arn:${local.aws_partition}:iam::${local.account_id}:role/user/mdr_terraformer"
    session_name = "terraform-default"
  }
  profile = "${local.common_profile}"
  # Only these AWS Account IDs may be operated on by this template
  allowed_account_ids = ["${local.account_id}"]
}
# The "common" provider in the respective partition is always available
provider "aws" {
  region = "${local.aws_region}"
  allowed_account_ids = [ "471284459109", "701290387780" ]
  profile = "${local.common_profile}"
  alias   = "common"
  assume_role {
    role_arn = "arn:${local.aws_partition}:iam::${local.common_services_account}:role/user/mdr_terraformer"
    session_name = "terraform-common"
  }
}
# The "mdr-common-services-commercial" provider is used for public DNS entries
provider "aws" {
  region = "us-east-1"
  allowed_account_ids = [ "471284459109" ]
  profile = "commercial"
  alias   = "mdr-common-services-commercial"
  assume_role {
    role_arn = "arn:aws:iam::471284459109:role/user/mdr_terraformer"
    session_name = "terraform-mdr-common-services-commercial"
  }
}
# The "C2" provider, used for private DNS
provider "aws" {
  region = "us-gov-east-1"
  allowed_account_ids = [ "721817724804", "738800754746" ]
  profile = "govcloud"
  alias   = "c2"
  #use_fips_endpoint = true
  assume_role {
    role_arn = "arn:aws-us-gov:iam::${ local.environment_vars.locals.c2_accounts["aws-us-gov"] }:role/user/mdr_terraformer"
    session_name = "terraform-c2"
  }
}
EOF
}

#Github specific provider
generate "required_providers" {
  path      = "required_provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "= 3.63.0" # 2022-03-08: upgrade from 3.63.0; 2021-09-21: upgrade from 3.37.0
    }
    vault = {
      source = "hashicorp/vault"
      version = "= 2.19.1" # 2021-04-29: upgrade from 2.18.0
    }
    sensu = {
      source = "jtopjian/sensu"
      version = "= 0.10.5"
    }
    github = {
      source = "integrations/github"
      version = "4.2.0"
    }
  }
}
EOF
}

generate "github-provider" {
  path      = "github-provider.tf"
  if_exists = "overwrite_terragrunt"
  contents  = <<EOF
provider "github" {
  organization = "content-delivery"
  base_url     = "https://github.xdr.accenturefederalcyber.com/"
}
EOF
}

# Include all settings from the root terragrunt.hcl file
include {
  path = find_in_parent_folders()
}

# These are the variables we have to pass in to use the module specified in the terragrunt source above
inputs = {
  # All of the inputs from the inherited hcl files are available automatically
  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
  # will be more flexible if you specify particular input values.
  tags = {
    Purpose = "Build Splunk Apps and place in bucket"
    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
  }
  source_version = "develop"
  enable_webhooks = false
}
terraform_version_constraint = "= 1.1.6"
terragrunt_version_constraint = "= 0.36.2"