locals { # Supernet(s) for the environment, see IP Address Allocation in wiki supernets = { prod = [ "10.1.0.0/16", # Common Services (gov and commercial) supernet "10.32.0.0/12", # Prod (gov and commercial) supernet ], test = [ "10.1.0.0/16", # Common Services (gov and commercial) supernet "10.16.0.0/12", # Test (gov and commercial) supernet ], common = [] }[var.environment] # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2. # Put any standalone IPs at the end. # # See infrastructure_notes/Architecture_Notes.md and https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation for more information cidr_map = { prod = { "vpc-splunk" = ["10.40.16.0/22"], # Splunk -- **MOOSE** "vpc-access" = ["10.40.20.0/22"], # VPN, bastions (if any), etc. "vpc-public" = ["10.40.24.0/22"], # Public sites (github, ghe-backup, jira, ...) "vpc-scanners" = ["10.40.12.0/22"], # Qualys, etc. "vpc-system-services" = ["10.32.0.0/22", "10.40.0.0/22"], # Internal services such as dns, mailrelay, etc. "vpc-private-services" = ["10.40.28.0/22"], # Private Services - fm-shared-search, qcompliance, phantom, etc. # "old" mappings before architecture planning... we should eliminate these. "bastions" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov "vpns" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov "scanners" = ["10.40.12.0/22"], # vpc-qualys "dns" = ["10.40.0.0/22", "10.32.0.0/22"], # vpc-system-services in commercial nad gov "monitoring" = ["10.40.0.0/22"], # legacy sensu, and vpc-system-services in gov "salt" = ["10.40.0.0/22"], # legacy salt-master, and vpc-system-services in gov "web" = ["10.40.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov "moose" = ["10.40.16.0/22"], # legacy vpc, and vpc-system-services in gov }, test = { "vpc-splunk" = ["10.20.16.0/22"], # Splunk -- **MOOSE** "vpc-access" = ["10.20.20.0/22"], # VPN, bastions (if any), etc. "vpc-public" = ["10.20.24.0/22"], # Public sites (github, ghe-backup, jira, ...) "vpc-scanners" = ["10.20.12.0/22"], # Qualys, etc. "vpc-system-services" = ["10.16.0.0/22", "10.20.0.0/22"], # Internal services such as dns, mailrelay, etc. "vpc-private-services" = ["10.20.28.0/22"], # Private Services - fm-shared-search, qcompliance, phantom, etc. # "old" mappings before architecture planning... we should eliminate these. "bastions" = ["10.20.20.0/22"], # vpc-access in mdr-test-c2-gov "vpns" = ["10.20.20.0/22"], # vpc-access in mdr-test-c2-gov "scanners" = ["10.20.12.0/22"], # vpc-qualys "dns" = ["10.20.0.0/22", "10.16.0.0/22"], # vpc-system-services in commercial nad gov "monitoring" = ["10.20.0.0/22"], # legacy sensu, and vpc-system-services in gov "salt" = ["10.20.0.0/22"], # legacy salt-master, and vpc-system-services in gov "web" = ["10.20.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov "moose" = ["10.20.16.0/22"], # legacy vpc and vpc-splunk in gov }, common = { "bastions" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov "vpns" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov "scanners" = ["10.40.12.0/22"], # vpc-qualys "dns" = ["10.40.0.0/22", "10.32.0.0/22"], # vpc-system-services in commercial nad gov "monitoring" = ["10.40.0.0/22"], # legacy sensu, and vpc-system-services in gov "salt" = ["10.40.0.0/22"], # legacy salt-master, and vpc-system-services in gov "web" = ["10.40.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov "smtp" = ["10.20.0.0/22"], # legacy relay, and vpc-system-services in gov "moose" = ["10.40.16.0/22"], # legacy vpc, and vpc-system-services in gov } }[var.environment] }