xdr-terraform-modules/base/interconnects/main.tf

resource "aws_placement_group" "interconnects" {
  # Distribute them
  name     = "interconnects"
  strategy = "spread"
}

data "aws_security_group" "aws_endpoints_sg" {
  name   = "aws_endpoints"
  vpc_id = var.security_vpc
}

module "typical_host_security_group" {
  source = "../../submodules/security_group/typical_host"

  vpc_id = var.security_vpc
  cidr_map = var.cidr_map
  tags = merge(var.standard_tags, var.tags)
  aws_region = var.aws_region
  aws_partition = var.aws_partition
  aws_endpoints_sg = data.aws_security_group.aws_endpoints_sg.id
}

resource "aws_network_interface" "interconnects" {
  count = var.interconnects_count
  subnet_id = var.subnet_id_map["untrusted"][count.index % 2]
  security_groups = [ module.typical_host_security_group.id, aws_security_group.interconnects_sg.id ]
  source_dest_check = false
  private_ips_count = 0
  description = "XDR Interconnect ${count.index}"
  tags = {
    Name = "interconnect-${count.index}"
  }
}

resource "aws_eip" "interconnects" {
  count = var.interconnects_count
  vpc = true
  tags = {
    Name = "interconnect-${count.index}"
  }
}

resource "aws_eip_association" "interconnects" {
  count = var.interconnects_count
  network_interface_id = aws_network_interface.interconnects[count.index].id
  allocation_id = aws_eip.interconnects[count.index].id
}

resource "aws_instance" "interconnects" {
  count = var.interconnects_count
  availability_zone = var.azs[count.index % 2]
  placement_group = aws_placement_group.interconnects.id
  tenancy = "default"
  ebs_optimized = true
  disable_api_termination = var.instance_termination_protection
  instance_initiated_shutdown_behavior = "stop"
  instance_type = var.interconnects_instance_type
  key_name = var.interconnects_key_name
  monitoring = false

  ami = data.aws_ami.minion.id
  lifecycle { ignore_changes = [ ami, key_name, user_data ] }

  tags = merge(
    var.standard_tags,
    var.tags,
    { 
      Name = "interconnect-${count.index}"
    }
  )
  volume_tags = merge(
    var.standard_tags,
    var.tags,
    { 
      Name = "interconnect-${count.index}"
    }
  )

  root_block_device {
      volume_type = "gp2"
      #volume_size = "60"
      delete_on_termination = true
  }

  network_interface {
    device_index = 0
    network_interface_id = aws_network_interface.interconnects[count.index].id
  }

  user_data = data.template_cloudinit_config.cloud-init[count.index].rendered
  iam_instance_profile = "msoc-default-instance-profile"

  #lifecycle {
    # This might allow us to update/replace easier?
    #create_before_destroy = true
  #}
}

# DNS Records don't support count yet! Time to migrate to 0.13 beta!
# Seriously, though, if we change the count, we will have to change
# this module, _if_ we want DNS entries.
module "private_dns_record_0" {
  source = "../../submodules/dns/private_A_record"

  name = "interconnect-0"
  ip_addresses = [ aws_instance.interconnects[0].private_ip ]
  dns_info = var.dns_info
  
  providers = {
    aws.c2 = aws.c2
  }
}

module "private_dns_record_1" {
  source = "../../submodules/dns/private_A_record"

  name = "interconnect-1"
  ip_addresses = [ aws_instance.interconnects[1].private_ip ]
  dns_info = var.dns_info
  
  providers = {
    aws.c2 = aws.c2
  }
}

module "public_dns_record_0" {
  source = "../../submodules/dns/public_A_record"

  name = "interconnect-0"
  ip_addresses = [ aws_eip.interconnects[0].public_ip ]
  dns_info = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}

module "public_dns_record_1" {
  source = "../../submodules/dns/public_A_record"

  name = "interconnect-1"
  ip_addresses = [ aws_eip.interconnects[1].public_ip ]
  dns_info = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}