Updates legacy_hec module to better handle iratemoses aliases

Only creates iratemoses entries if this is for moose (untested for
non-moose at this point)

Documents the ELB endpoint names. There are too many, but things are out
in the field configured to talk to them so until they can all be tracked
down, we need them.

To be tagged v1.10.20

base/splunk_servers/legacy_hec/README.md

@@ -1,5 +1,36 @@
-This module creates two HEC load balancers for legacy compatibility. It should not be added to new accounts.
+# Summary
 
-Without this, the existing customer AWS data and other things submitting ot the HEC could get lost during the migration.
+This module creates HEC load balancers using the previous domain name for
+for legacy compatibility. It should not be added to new accounts.
+
+Without this, the existing customer AWS data and other things submitting to the
+HEC could get lost during the migration.
 
 But if activity is low/zero, destroy it!
+
+## iratemoses Aliases
+
+Additionally, for MOOSE only, it creates 'iratemoses' aliases.
+
+## List of HECs
+
+### Permanent:
+
+These are the HECs created by the indexer cluster module, which will stick around:
+
+moose-hec.xdrtest.accenturefederalcyber.com - Non-ack external HEC
+moose-hec-ack.xdrtest.accenturefederalcyber.com - ACK external HEC
+moose-hec.pvt.xdrtest.accenturefederalcyber.com - non-ack internal HEC
+moose-hec-ack.pvt.xdrtest.accenturefederalcyber.com - ACK internal HEC
+
+These are the HECs that are created by the legacy_hec module, which should not be used for any new purposes:
+
+moose-hec.mdr-test.defpoint.com
+moose-hec-ack.mdr-test.defpoint.com
+iratemoses.msoc.defpoint.local (moose only)
+iratemoses.mdr-test.defpoint.com (moose only)
+
+Notably, the following intentionally do not exist:
+
+moose-hec.msoc.defpoint.local
+moose-hec-ack.msoc.defpoint.local

base/splunk_servers/legacy_hec/elb-with-acks.tf

@@ -14,6 +14,25 @@ resource "aws_route53_record" "hec-ack" {
   provider = aws.legacy
 }
 
+resource "aws_route53_record" "hec-ack-internal" {
+  # the 'private' copy of the msoc.defpoint.com domain
+  name = "${var.prefix}-hec-ack"
+  type = "CNAME"
+  zone_id = var.dns_info["legacy_public_internal"]["zone_id"]
+  ttl = "600"
+  records = [ aws_elb.hec_classiclb.dns_name ]
+
+  provider = aws.legacy
+}
+
+output hec-with-acks-fqdn {
+  value = aws_route53_record.hec-ack.fqdn
+}
+
+output hec-with-acks-records {
+  value = aws_elb.hec_classiclb.dns_name
+}
+
 #########################
 # Certificate
 resource "aws_acm_certificate" "hec_classiclb_cert" {

base/splunk_servers/legacy_hec/elb-without-ack-internal.tf

@@ -1,19 +1,39 @@
 #------------------------------------------------------------------------------
-# An external ALB for the indexers for HEC
+# An internal ALB without ACKs for moose only
 #------------------------------------------------------------------------------
 
 #########################
 # DNS Entry
 resource "aws_route53_record" "hec_internal" {
+  count = local.is_moose ? 1 : 0
   name = "iratemoses"
   type = "CNAME"
   zone_id = var.dns_info["legacy_private"]["zone_id"]
   ttl = "600"
-  records = [ aws_lb.hec_internal.dns_name ]
+  records = [ aws_lb.hec_internal[count.index].dns_name ]
 
   provider = aws.legacy
 }
 
+resource "aws_route53_record" "hec_internal_accenturefederalcyber" {
+  count = local.is_moose ? 1 : 0
+  name = "iratemoses"
+  type = "CNAME"
+  zone_id = var.dns_info["private"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec_internal[count.index].dns_name ]
+
+  provider = aws.c2
+}
+
+output hec-without-acks-internal-fqdn {
+  value = local.is_moose ? aws_route53_record.hec_internal[0].fqdn : "<not created for non-moose>"
+}
+
+output hec-without-acks-internal-records {
+  value = local.is_moose ? aws_lb.hec_internal[0].dns_name : "<not created for non-moose>"
+}
+
 #########################
 # Certificate
 
@@ -22,6 +42,7 @@ resource "aws_route53_record" "hec_internal" {
 #########################
 # ELB
 resource "aws_lb" "hec_internal" {
+  count              = local.is_moose ? 1 : 0
   tags               = merge(var.standard_tags, var.tags)
   name               = "iratemoses"
   load_balancer_type = "application"
@@ -32,31 +53,33 @@ resource "aws_lb" "hec_internal" {
 
 resource "aws_lb_listener" "hec_internal_443" {
   count             = local.is_moose ? 1 : 0
-  load_balancer_arn = aws_lb.hec.arn
+  load_balancer_arn = aws_lb.hec_internal[count.index].arn
   port              = 443
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
-  certificate_arn   = aws_acm_certificate.hec_cert.arn
+  certificate_arn   = aws_acm_certificate.hec_cert.arn # Intentionally using the external cert
   default_action {
     type = "forward"
-    target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+    target_group_arn = aws_lb_target_group.hec_internal_8088[count.index].arn
   }
 }
 
 resource "aws_lb_listener" "hec_internal_8088" {
-  load_balancer_arn = aws_lb.hec.arn
+  count             = local.is_moose ? 1 : 0
+  load_balancer_arn = aws_lb.hec_internal[count.index].arn
   port              = 8088
   protocol          = "HTTPS"
   ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
-  certificate_arn   = aws_acm_certificate.hec_cert.arn
+  certificate_arn   = aws_acm_certificate.hec_cert.arn # Intentionally using the external cert
   default_action {
     type = "forward"
-    target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+    target_group_arn = aws_lb_target_group.hec_internal_8088[count.index].arn
   }
 }
 
 resource "aws_lb_target_group" "hec_internal_8088" {
-  name         = "${var.prefix}-legacy-hec-targets"
+  count        = local.is_moose ? 1 : 0
+  name         = "${var.prefix}-legacy-hec-int-tgts"
   port         = 8088
   protocol     = "HTTPS"
   target_type  = "instance"
@@ -68,9 +91,9 @@ resource "aws_lb_target_group" "hec_internal_8088" {
   }
 }
 
-# Attach the instnaces to the ELB
+# Attach the instances to the ELB
 resource "aws_autoscaling_attachment" "hec_internal_asg_attachments" {
-  for_each = toset( var.elb_attachments )
-  alb_target_group_arn = aws_lb_target_group.hec_internal_8088.arn
+  for_each = local.is_moose ? toset( var.elb_attachments ) : []
+  alb_target_group_arn = aws_lb_target_group.hec_internal_8088[0].arn
   autoscaling_group_name = each.key
 }

base/splunk_servers/legacy_hec/elb-without-ack.tf

@@ -14,7 +14,22 @@ resource "aws_route53_record" "hec" {
   provider = aws.legacy
 }
 
+resource "aws_route53_record" "hec_public_internal" {
+  name = "${var.prefix}-hec"
+  type = "CNAME"
+  zone_id = var.dns_info["legacy_public_internal"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec.dns_name ]
+
+  provider = aws.legacy
+}
+
+output hec-without-ack-fqdn {
+  value = aws_route53_record.hec.fqdn
+}
+
 resource "aws_route53_record" "iratemoses" {
+  count = local.is_moose ? 1 : 0
   name = "iratemoses"
   type = "CNAME"
   zone_id = var.dns_info["legacy_public"]["zone_id"]
@@ -24,15 +39,43 @@ resource "aws_route53_record" "iratemoses" {
   provider = aws.legacy
 }
 
+resource "aws_route53_record" "iratemoses_public_internal" {
+  count = local.is_moose ? 1 : 0
+  name = "iratemoses"
+  type = "CNAME"
+  zone_id = var.dns_info["legacy_public_internal"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec.dns_name ]
+
+  provider = aws.legacy
+}
+
+resource "aws_route53_record" "iratemoses_public" {
+  count = local.is_moose ? 1 : 0
+  name = "iratemoses"
+  type = "CNAME"
+  zone_id = var.dns_info["public"]["zone_id"]
+  ttl = "600"
+  records = [ aws_lb.hec.dns_name ]
+
+  provider = aws.mdr-common-services-commercial
+}
+
+output hec-without-ack-iratemoses-fqdn {
+  value = local.is_moose ? aws_route53_record.iratemoses[0].fqdn : "<not created for non-moose>"
+}
+
+output hec-without-ack-records {
+  value = aws_lb.hec.dns_name
+}
+
 #########################
 # Certificate
 resource "aws_acm_certificate" "hec_cert" {
   domain_name       = "${var.prefix}-hec.${var.dns_info["legacy_public"]["zone"]}"
   validation_method = "DNS"
 
-  subject_alternative_names = [
-    "iratemoses.${var.dns_info["legacy_public"]["zone"]}",
-  ]
+  subject_alternative_names = local.is_moose ? [ "iratemoses.${var.dns_info["legacy_public"]["zone"]}" ] : [ ]
 
   tags = merge(var.standard_tags, var.tags)
 }