Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fixes for doed and new customers

Brad Poulton 3 years ago
parent
8992a63562
commit
a1c17add68
5 changed files with 5 additions and 2 deletions
Split View Show Diff Stats
  1. 1 0
      base/splunk_servers/cluster_master/main.tf
  2. 1 0
      base/splunk_servers/heavy_forwarder/main.tf
  3. 1 1
      base/splunk_servers/indexer_cluster/config.tf
  4. 1 1
      base/splunk_servers/indexer_cluster/elb-with-acks.tf
  5. 1 0
      base/splunk_servers/searchhead/main.tf

+ 1 - 0
base/splunk_servers/cluster_master/main.tf
View File 

@@ -36,6 +36,7 @@ resource "aws_instance" "instance" {
 
   iam_instance_profile                 = module.instance_profile.profile_id
 
 
   metadata_options {
 
+    http_endpoint = "enabled"
 
     http_tokens = "optional" # tfsec:ignore:aws-ec2-enforce-http-token-imds Splunk uses v1 by default. MSOCI-2150
 
   }

+ 1 - 0
base/splunk_servers/heavy_forwarder/main.tf
View File 

@@ -36,6 +36,7 @@ resource "aws_instance" "instance" {
 
   iam_instance_profile                 = module.instance_profile.profile_id
 
 
   metadata_options {
 
+    http_endpoint = "enabled"
 
     http_tokens = "optional" # tfsec:ignore:aws-ec2-enforce-http-token-imds Splunk uses v1 by default. AWS Addon doesn't support it at all? MSOCI-2150
 
   }

+ 1 - 1
base/splunk_servers/indexer_cluster/config.tf
View File 

@@ -19,7 +19,7 @@ locals {
 
   splunk_asg_sizes_default = [1, 1, 0]
 
   splunk_asg_sizes_exceptions = {
 
     mdr-prod-afs                 = [1, 1, 1],
 
-    mdr-prod-doed                = [0, 0, 0],
 
+    mdr-prod-doed                = [1, 1, 1],
 
     afs-mdr-prod-c2-gov          = [1, 1, 1],
 
     afs-mdr-prod-modelclient-gov = [0, 0, 0],
 
     afs-mdr-test-modelclient-gov = [1, 1, 1],

+ 1 - 1
base/splunk_servers/indexer_cluster/elb-with-acks.tf
View File 

@@ -140,7 +140,7 @@ resource "aws_load_balancer_policy" "listener_policy-tls-1-2" {
 
 
   policy_attribute {
 
     name  = "Reference-Security-Policy"
 
-    value = "ELBSecurityPolicy-FS-1-2-Res-2020-10" # PFS, TLS1.2, and GCM; most "restrictive" policy
 
+    value = "ELBSecurityPolicy-TLS-1-2-2017-01" # PFS, TLS1.2, and GCM; most "restrictive" policy
 
   }
 
 
   # Workaround for bug above.  If changing TLS policy then be

+ 1 - 0
base/splunk_servers/searchhead/main.tf
View File 

@@ -39,6 +39,7 @@ resource "aws_instance" "instance" {
 
   iam_instance_profile                 = local.is_moose ? module.moose_instance_profile[0].profile_id : "splunk-sh-instance-profile"
 
 
   metadata_options {
 
+    http_endpoint = "enabled"
 
     http_tokens = "optional" # tfsec:ignore:aws-ec2-enforce-http-token-imds Splunk uses v1 by default. MSOCI-2150
 
   }