| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- locals {
- # Supernet(s) for the environment, see IP Address Allocation in wiki
- supernets = {
- prod = [
- "10.1.0.0/16", # Common Services (gov and commercial) supernet
- "10.32.0.0/12", # Prod (gov and commercial) supernet
- ],
- test = [
- "10.1.0.0/16", # Common Services (gov and commercial) supernet
- "10.16.0.0/12", # Test (gov and commercial) supernet
- ],
- common = []
- }[var.environment]
- # When there are multiples, put govcloud first, then commercial, and alternate if there are more than 2.
- # Put any standalone IPs at the end.
- #
- # See infrastructure_notes/Architecture_Notes.md and https://github.mdr.defpoint.com/mdr-engineering/msoc-infrastructure/wiki/IP-Address-Allocation for more information
- cidr_map = {
- prod = {
- "vpc-splunk" = ["10.40.16.0/22"], # Splunk -- **MOOSE**
- "vpc-access" = ["10.40.20.0/22"], # VPN, bastions (if any), etc.
- "vpc-public" = ["10.40.24.0/22"], # Public sites (github, ghe-backup, jira, ...)
- "vpc-scanners" = ["10.40.12.0/22"], # Qualys, etc.
- "vpc-system-services" = ["10.32.0.0/22", "10.40.0.0/22"], # Internal services such as dns, mailrelay, etc.
- "vpc-private-services" = ["10.40.28.0/22"], # Private Services - fm-shared-search, qcompliance, phantom, etc.
- # "old" mappings before architecture planning... we should eliminate these.
- "bastions" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov
- "vpns" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov
- "scanners" = ["10.40.12.0/22"], # vpc-qualys
- "dns" = ["10.40.0.0/22", "10.32.0.0/22"], # vpc-system-services in commercial nad gov
- "monitoring" = ["10.40.0.0/22"], # legacy sensu, and vpc-system-services in gov
- "salt" = ["10.40.0.0/22"], # legacy salt-master, and vpc-system-services in gov
- "web" = ["10.40.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov
- "moose" = ["10.40.16.0/22"], # legacy vpc, and vpc-system-services in gov
- },
- test = {
- "vpc-splunk" = ["10.20.16.0/22"], # Splunk -- **MOOSE**
- "vpc-access" = ["10.20.20.0/22"], # VPN, bastions (if any), etc.
- "vpc-public" = ["10.20.24.0/22"], # Public sites (github, ghe-backup, jira, ...)
- "vpc-scanners" = ["10.20.12.0/22"], # Qualys, etc.
- "vpc-system-services" = ["10.16.0.0/22", "10.20.0.0/22"], # Internal services such as dns, mailrelay, etc.
- "vpc-private-services" = ["10.20.28.0/22"], # Private Services - fm-shared-search, qcompliance, phantom, etc.
- # "old" mappings before architecture planning... we should eliminate these.
- "bastions" = ["10.20.20.0/22"], # vpc-access in mdr-test-c2-gov
- "vpns" = ["10.20.20.0/22"], # vpc-access in mdr-test-c2-gov
- "scanners" = ["10.20.12.0/22"], # vpc-qualys
- "dns" = ["10.20.0.0/22", "10.16.0.0/22"], # vpc-system-services in commercial nad gov
- "monitoring" = ["10.20.0.0/22"], # legacy sensu, and vpc-system-services in gov
- "salt" = ["10.20.0.0/22"], # legacy salt-master, and vpc-system-services in gov
- "web" = ["10.20.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov
- "moose" = ["10.20.16.0/22"], # legacy vpc and vpc-splunk in gov
- },
- common = {
- "bastions" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov
- "vpns" = ["10.40.20.0/22"], # vpc-access in mdr-prod-c2-gov
- "scanners" = ["10.40.12.0/22"], # vpc-qualys
- "dns" = ["10.40.0.0/22", "10.32.0.0/22"], # vpc-system-services in commercial nad gov
- "monitoring" = ["10.40.0.0/22"], # legacy sensu, and vpc-system-services in gov
- "salt" = ["10.40.0.0/22"], # legacy salt-master, and vpc-system-services in gov
- "web" = ["10.40.0.0/22"], # legacy proxy/repo, and vpc-system-services in gov
- "smtp" = ["10.20.0.0/22"], # legacy relay, and vpc-system-services in gov
- "moose" = ["10.40.16.0/22"], # legacy vpc, and vpc-system-services in gov
- }
- }[var.environment]
- }
|
