Merge pull request #98 from mdr-engineering/feature/ftd_MSOCI-1513_CustomerSetup_modelclient

Final Changes for New GC Customer Dry-Run

base/splunk_servers/cluster_master/main.tf

@@ -198,6 +198,7 @@ data "template_cloudinit_config" "cloud-init" {
 #     tcp/8089      - MOOSE ONLY                 - 10.0.0.0/8
 #   Egress:
 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
+#     tcp/9997-9998 - Splunk Data                - Entire VPC + var.splunk_legacy_cidr
 #
 # In legacy, but not carried over:
 #   Ingress:
@@ -257,3 +258,13 @@ resource "aws_security_group_rule" "splunk-api-out" {
   cidr_blocks       = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ]))
   security_group_id = aws_security_group.cluster_master_security_group.id
 }
+
+resource "aws_security_group_rule" "splunk-data-out" {
+  description       = "Splunk Data Outbound to record to local indexers"
+  type              = "egress"
+  from_port         = 9997
+  to_port           = 9998
+  protocol          = "tcp"
+  cidr_blocks       = toset(concat(var.splunk_legacy_cidr, [ var.vpc_cidr ]))
+  security_group_id = aws_security_group.cluster_master_security_group.id
+}

base/splunk_servers/heavy_forwarder/main.tf

@@ -197,7 +197,7 @@ data "template_cloudinit_config" "cloud-init" {
 #
 #   Egress:
 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
-#     tcp/9997      - Splunk Data                - Entire VPC + var.splunk_legacy_cidr
+#     tcp/9997-9998 - Splunk Data                - Entire VPC + var.splunk_legacy_cidr
 resource "aws_security_group" "heavy_forwarder_security_group" {
   name = "heavy_forwarder_security_group"
   description = "Security Group for Splunk Searchhead Instance(s)"

base/splunk_servers/searchhead/main.tf

@@ -196,6 +196,7 @@ data "template_cloudinit_config" "cloud-init" {
 #     tcp/8000      - Splunk Web                 - Entire VPC + var.splunk_legacy_cidr
 #     tcp/8089      - Splunk API                 - vpc-access, legacy openvpn, legacy bastion, Phantom
 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr 
+#     tcp/9997-9998 - Splunk Data                - Entire VPC + var.splunk_legacy_cidr
 #
 #   Egress:
 #     tcp/8089      - Splunk API + IDX Discovery - Entire VPC + var.splunk_legacy_cidr
@@ -245,3 +246,13 @@ resource "aws_security_group_rule" "splunk-api-out" {
   cidr_blocks       = toset(concat([ var.vpc_cidr ], var.splunk_legacy_cidr))
   security_group_id = aws_security_group.searchhead_security_group.id
 }
+
+resource "aws_security_group_rule" "splunk-data-out" {
+  description       = "Splunk Data Outbound to talk to own indexers"
+  type              = "egress"
+  from_port         = 9997
+  to_port           = 9998
+  protocol          = "tcp"
+  cidr_blocks       = toset(concat([ var.vpc_cidr ], var.splunk_legacy_cidr))
+  security_group_id = aws_security_group.searchhead_security_group.id
+}

base/test_instance/vars.tf

@@ -22,8 +22,12 @@ variable "test_instance_type" {
   default = "t3a.micro"
 }
 
+variable "test_instance_key_name" { 
+  type = string
+  default = "msoc-build"
+}
+
 variable "create_test_instance" { type = bool }
-variable "test_instance_key_name" { type = string }
 
 variable "dns_info" { type = map }
 variable "standard_tags" { type = map }