# MSR2 Infrastructure Project

# Managed Services Evaluation Round 2

# Requirements

Name Version
terraform >=1.1.0
aws ~> 5.29.0

# Providers

Name Version
aws 5.29.0

# Modules

Name Source Version
a-ad-srv1 ../../modules/aws/base-vm-win n/a
a-desk1 ../../modules/aws/base-vm n/a
a-desk2 ../../modules/aws/base-vm n/a
a-desk3 ../../modules/aws/base-vm n/a
a-ex-srv1 ../../modules/aws/base-vm-win n/a
a-iis-srv1 ../../modules/aws/base-vm-win n/a
b-ad-srv1 ../../modules/aws/base-vm-win n/a
b-desk1 ../../modules/aws/base-vm n/a
b-desk2 ../../modules/aws/base-vm n/a
b-desk3 ../../modules/aws/base-vm n/a
b-ex-srv1 ../../modules/aws/base-vm-win n/a
b-file-srv1 ../../modules/aws/base-vm-win n/a
b-kvm-srv1 ../../modules/aws/base-vm n/a
b-sql-srv1 ../../modules/aws/base-vm-win n/a
c-desk1 ../../modules/aws/base-vm n/a
defaults ../../modules/aws/defaults n/a
openvpn-client ../../modules/aws/vpn-client n/a
red-kali1 ../../modules/aws/base-vm n/a
support-dns-srv1 ../../modules/aws/base-vm n/a
support-jumpbox-srv1 ../../modules/aws/base-vm-win n/a
support-pf-srv1 ../../modules/aws/base-vm n/a
support-redirect-srv1 ../../modules/aws/base-vm n/a
support-redirect-srv2 ../../modules/aws/base-vm n/a
support-redirect-srv3 ../../modules/aws/base-vm n/a

# Resources

Name Type
aws_default_route_table.alpha-rtb resource
aws_default_route_table.beta-rtb resource
aws_dynamodb_table.dynamodb-terraform-state-lock resource
aws_eip.alpha-nat-eip resource
aws_eip.beta-nat-eip resource
aws_internet_gateway.alpha-igw resource
aws_internet_gateway.beta-igw resource
aws_key_pair.ssh-key-pair resource
aws_nat_gateway.alpha-nat-gw resource
aws_nat_gateway.beta-nat-gw resource
aws_route_table.alpha-public-rtb resource
aws_route_table.beta-public-rtb resource
aws_route_table_association.rtba_a_desk resource
aws_route_table_association.rtba_a_nat resource
aws_route_table_association.rtba_a_srv resource
aws_route_table_association.rtba_a_vpn resource
aws_route_table_association.rtba_b_combined resource
aws_route_table_association.rtba_c_desk resource
aws_route_table_association.rtba_red resource
aws_route_table_association.rtba_redirect_a resource
aws_route_table_association.rtba_redirect_b resource
aws_route_table_association.rtba_support_nat resource
aws_s3_object.msr2 resource
aws_security_group.alpha resource
aws_security_group.beta resource
aws_subnet.a_desk resource
aws_subnet.a_srv resource
aws_subnet.a_vpn resource
aws_subnet.alpha_nat resource
aws_subnet.b_combined resource
aws_subnet.beta_nat resource
aws_subnet.c_desk resource
aws_subnet.support_a resource
aws_subnet.support_b resource
aws_subnet.support_red resource
aws_vpc.alpha resource
aws_vpc.beta resource
aws_vpc_ipv4_cidr_block_association.alpha-a resource
aws_vpc_ipv4_cidr_block_association.alpha-b resource
aws_vpc_ipv4_cidr_block_association.alpha-c resource
aws_vpc_ipv4_cidr_block_association.alpha-nat resource
aws_vpc_ipv4_cidr_block_association.beta-nat resource
aws_vpc_ipv4_cidr_block_association.redirect-a-cidr resource
aws_vpc_ipv4_cidr_block_association.redirect-b-cidr resource
aws_vpc_peering_connection.range-to-red-pcx resource
aws_vpc_security_group_ingress_rule.main resource
aws_s3_bucket.vendors data source

# Inputs

Name Description Type Default Required
aws-bucket-name Name of S3 bucket for managing Terraform state across vendor ranges string "msr2-vendor-resources" no
aws-region AWS region to use, defaults to us-east-1 string "us-east-1" no
aws-region-az AWS availability zone to use, defaults to us-east-1a string "us-east-1a" no
category (Optional) Category of resource group, (similar to name, used for ansible automation) string "" no
description Description for the resource group string "MSR2" no
dev_linux_password Password for dev Linux hosts string n/a yes
dev_linux_username Username for Linux hosts string n/a yes
dev_win_admin_password Password for Windows 10 desktop dev boxes string n/a yes
dev_win_admin_username Username for Windows 10 desktop dev boxes string "devadmin" no
environment (Optional) Environment tag of resource group string "Development" no
local_domain_admin_password Local admin password to workstation 1 string "localAdmin1" no
local_domain_admin_username Local admin password to workstation 1 string "localadmin" no
name-prefix String prefix for resource names string "" no
shutdown_ok Whether the resource can be safely disabled or shutdown string "vendor-schedule" no
ssh_private_key_path Path to SSH private key to use for Linux ssh systems (public and private key must be matching pair) string n/a yes
ssh_public_key_path Path to SSH public key to use for Linux ssh systems (public and private key must be matching pair) string n/a yes
win_a_domain_name Domain name for A string n/a yes
win_a_netbios_name Netbios name for A string n/a yes
win_b_domain_name Domain name for B string n/a yes
win_b_netbios_name Netbios name for B string n/a yes
win_c_domain_name Domain name for C string n/a yes
win_c_netbios_name Netbios name for C string n/a yes
win_desk_password Local admin password to workstation 1 string "winDesk1" no
win_desk_username Local admin password to workstation 1 string "windesk" no
win_domain_name Domain name for AD string n/a yes
win_netbios_name Netbios name for AD, e.g. reddev string n/a yes
win_srv_admin_password Windows Server admin password string n/a yes
win_srv_admin_username Windows Server admin username string n/a yes

# Outputs

Name Description
cacert output cert and key separately to simplify redirecting to file used to generate vpn profiles
cakey n/a
endpointid n/a
rdp_data n/a
vpn n/a
windows-credentials n/a