revert bootstrap-qs

better password
2023-06-02 12:19:20 +02:00 · 2023-06-02 11:56:32 +02:00 · 2023-06-02 11:52:56 +02:00 · 2023-06-02 11:46:49 +02:00 · 2023-06-02 11:41:45 +02:00 · 2023-06-02 11:31:33 +02:00
125 changed files with 615 additions and 58852 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/adls/main.tf
+++ b/adls/main.tf
@@ -7,19 +7,16 @@ resource "random_id" "randomMachineId" {
    byte_length = 5
 }

-
 resource "azurerm_storage_account" "saccount" {

  name = var.storage_account_name != null? var.storage_account_name : "qmiadlsgen2${random_id.randomMachineId.hex}"

  resource_group_name       = var.resource_group_name
  location                  = var.location
-
  account_kind              = "StorageV2"
-  account_replication_type  = var.account_replication_type != null? var.account_replication_type : "RAGRS"
  account_tier              = "Standard"
  access_tier               = "Hot"
-
+  account_replication_type  = "RAGRS"
  is_hns_enabled            = "true"

  tags = var.tags
--- a/adls/outputs.tf
+++ b/adls/outputs.tf
@@ -31,5 +31,5 @@ output "Azure_Application_Registration_Client_ID" {
 }

 output "Azure_Application_Registration_Secret" {
-  value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
+  value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
 }
--- a/adls/variable.tf
+++ b/adls/variable.tf
@@ -35,12 +35,4 @@ variable "dbricks_app_registration_application_id" {

 variable "principal_id_storage_blob_contributor" {
  default = null
-}
-
-variable "sa_config_type" {
-  default = "1"
-}
-
-variable "account_replication_type" {
-  default = null
 }
--- a/appgateways/appgw-443-only/logs.tf
+++ b/appgateways/appgw-443-only/logs.tf
@@ -1,23 +0,0 @@
-resource "azurerm_monitor_diagnostic_setting" "example" {
-
-    name               = "${local.appgw_name}-${var.provision_id}-diagsettings"
-    target_resource_id = azurerm_application_gateway.qmi-app-gw.id
-
-    log_analytics_workspace_id = var.log_analytics_workspace_id
-
-    enabled_log {
-        category = "ApplicationGatewayAccessLog"
-
-        retention_policy {
-            enabled = true
-        }
-    }
-
-    enabled_log {
-        category = "ApplicationGatewayFirewallLog"
-
-        retention_policy {
-            enabled = true
-        }
-    }
-}
--- a/appgateways/appgw-443-only/main.tf
+++ b/appgateways/appgw-443-only/main.tf
@@ -30,7 +30,6 @@ resource "azurerm_public_ip" "appgw-ip" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
 }

@@ -49,7 +48,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  sku {
--- a/appgateways/appgw-443-only/variables.tf
+++ b/appgateways/appgw-443-only/variables.tf
@@ -38,7 +38,3 @@ variable "user_id" {
 variable "probe_path" {
  default = "/"
 }
-
-variable "log_analytics_workspace_id" {
-  default = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/appgw_rg/providers/Microsoft.OperationalInsights/workspaces/qmi-log-analytics"
-}
--- a/appgateways/appgw-e2e/logs.tf
+++ b/appgateways/appgw-e2e/logs.tf
@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {

    log_analytics_workspace_id = var.log_analytics_workspace_id

-    enabled_log {
+    log {
        category = "ApplicationGatewayAccessLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }

-    enabled_log {
+    log {
        category = "ApplicationGatewayFirewallLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }
 }
--- a/appgateways/appgw-e2e/main.tf
+++ b/appgateways/appgw-e2e/main.tf
@@ -62,7 +62,6 @@ resource "azurerm_public_ip" "appgw-ip" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
 }

@@ -81,7 +80,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  sku {
--- a/appgateways/appgw-qdc-qs/logs.tf
+++ b/appgateways/appgw-qdc-qs/logs.tf
@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {

    log_analytics_workspace_id = var.log_analytics_workspace_id

-    enabled_log {
+    log {
        category = "ApplicationGatewayAccessLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }

-    enabled_log {
+    log {
        category = "ApplicationGatewayFirewallLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }
 }
--- a/appgateways/appgw-qdc-qs/main.tf
+++ b/appgateways/appgw-qdc-qs/main.tf
@@ -54,7 +54,6 @@ resource "azurerm_public_ip" "appgw-ip" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
  
 }
@@ -74,7 +73,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  sku {
--- a/appgateways/appgw-qdc/logs.tf
+++ b/appgateways/appgw-qdc/logs.tf
@@ -5,19 +5,23 @@ resource "azurerm_monitor_diagnostic_setting" "example" {

    log_analytics_workspace_id = var.log_analytics_workspace_id

-    enabled_log {
+    log {
        category = "ApplicationGatewayAccessLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }

-    enabled_log {
+    log {
        category = "ApplicationGatewayFirewallLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }
 }
--- a/appgateways/appgw-qdc/main.tf
+++ b/appgateways/appgw-qdc/main.tf
@@ -28,7 +28,6 @@ resource "azurerm_public_ip" "appgw-ip" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
 }

@@ -47,7 +46,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  sku {
--- a/appgateways/appgw-qs/logs.tf
+++ b/appgateways/appgw-qs/logs.tf
@@ -7,17 +7,21 @@ resource "azurerm_monitor_diagnostic_setting" "example" {

    enabled_log {
        category = "ApplicationGatewayAccessLog"
+        enabled= true

        retention_policy {
            enabled = true
+            days = 7
        }
    }

    enabled_log {
        category = "ApplicationGatewayFirewallLog"
+        enabled  = true

        retention_policy {
            enabled = true
+            days = 7
        }
    }
 }
--- a/appgateways/appgw-qs/main.tf
+++ b/appgateways/appgw-qs/main.tf
@@ -52,7 +52,6 @@ resource "azurerm_public_ip" "appgw-ip" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
 }

@@ -71,7 +70,6 @@ resource "azurerm_application_gateway" "qmi-app-gw" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  sku {
--- a/aws-olh-prereqs/kinesis.tf
+++ b/aws-olh-prereqs/kinesis.tf
@@ -1,9 +0,0 @@
-resource "aws_kinesis_stream" "qlik_stream" {
-  name             = "qlik-data-stream-${var.provision_id}"  # Change the name as needed
-  shard_count      = 1
-  stream_mode_details {
-    stream_mode = "PROVISIONED"
-  }
-
-  retention_period = 24  # Optional: Retain records for 24 hours (default)
-}
--- a/aws-olh-prereqs/kms.tf
+++ b/aws-olh-prereqs/kms.tf
@@ -1,14 +0,0 @@
-resource "aws_kms_key" "qlik_key" {
-  description             = "QMIOpenLakehouse - Customer managed key for Qlik resources"
-  deletion_window_in_days = 10
-  enable_key_rotation     = true
-
-  tags = {
-    Alias = "kms-for-qmi-olh-${var.provision_id}"
-  }
-}
-
-resource "aws_kms_alias" "qlik_key_alias" {
-  name          = "alias/kms-for-qmi-olh-${var.provision_id}"
-  target_key_id = aws_kms_key.qlik_key.key_id
-}
--- a/aws-olh-prereqs/main.tf
+++ b/aws-olh-prereqs/main.tf
@@ -1,8 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 6.0.0"
-    }
-  }
-}
--- a/aws-olh-prereqs/output.tf
+++ b/aws-olh-prereqs/output.tf
@@ -1,71 +0,0 @@
-output "AWS_ACCOUNT_ID" {
-  value = var.aws_account_id
-}
-
-output "VPC_ID" {
-  value = aws_vpc.main.id
-  
-}
-
-output "VPC_CIDR" {
-  value = var.vpc_cidr
-}
-
-output "PUBLIC_SUBNET_CIDRS" {
-  value = var.public_subnet_cidrs
-}
-
-output "SUBNETS_IDS" {
-  value = aws_subnet.public[*].id
-  
-}
-
-output "PUBLIC_SUBNET_AZS" {
-  value = [
-    for subnet in aws_subnet.public : subnet.availability_zone
-  ]
-}
-
-output "KMS_KEY_ARN" {
-  value = aws_kms_key.qlik_key.arn
-}
-
-output "KINESIS_STREAM_NAME" {
-  value = aws_kinesis_stream.qlik_stream.name
-}
-
-output "SECURITY_GROUP_ID" {
-  value = aws_security_group.allow_tls.id
-}
-
-output "MANAGEMENT_ROLE_ARN" {
-  value = aws_iam_role.olh_mgmt_role.arn
-}
-
-output "EC2_INTANCE_ROLE_ARN" {
-  value = aws_iam_role.olh_ec2_role.arn
-}
-
-output "EC2_INTANCE_PROFILE_ARN" {
-  value = aws_iam_instance_profile.ec2_instance_profile.arn
-}
-
-output "S3_BUCKET_NAME" {
-  value = module.qmi-s3-bucket.bucket.s3_bucket_id    
-}
-
-output "S3_BUCKET_REGION" {
-  value = module.qmi-s3-bucket.bucket.s3_bucket_region 
-}
-
-output "S3_BUCKET_ACCESS_KEY" {
-  value = module.qmi-s3-bucket.iam_access_key   
-}
-
-output "S3_BUCKET_ACCESS_SECRET" {
-  value = module.qmi-s3-bucket.iam_access_secret
-}
-
-output "TAGS" {
-  value = "Environment = QMI-${var.provision_id}"
-}
--- a/aws-olh-prereqs/role-ec2.tf
+++ b/aws-olh-prereqs/role-ec2.tf
@@ -1,156 +0,0 @@
-resource "aws_iam_role" "olh_ec2_role" {  
-    name = "qmi_olh_ec2_${var.provision_id}"
-
-    assume_role_policy = jsonencode({
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Principal": {
-                    "Service" : "ec2.amazonaws.com"
-                }
-            }
-        ]
-    })
-
-}
-
-
-resource "aws_iam_role_policy" "server_policy" {
-
-  name = "qmi-olh-${var.provision_id}_s3_policy"
-  role = aws_iam_role.olh_ec2_role.id
-
-  policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "ec2:AttachVolume",
-                "ec2:DetachVolume",
-                "autoscaling:SetInstanceHealth"
-            ],
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/qlik_cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "cloudwatch:PutMetricData"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:kinesis:*:*:stream/${aws_kinesis_stream.qlik_stream.name}"
-            ],
-            "Action": [
-                "kinesis:PutRecord",
-                "kinesis:DescribeStreamSummary",
-                "kinesis:ListShards",
-                "kinesis:PutRecords",
-                "kinesis:GetShardIterator",
-                "kinesis:GetRecords",
-                "kinesis:DescribeStream",
-                "kinesis:ListStreamConsumers"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "s3:ListBucket",
-                "s3:GetBucketLocation"
-            ],
-            "Resource": "arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}"
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}",
-                "arn:aws:s3:::${module.qmi-s3-bucket.bucket.s3_bucket_id}/*"
-            ],
-            "Action": [
-                "s3:PutObject",
-                "s3:GetObject",
-                "s3:AbortMultipartUpload",
-                "s3:DeleteObjectVersion",
-                "s3:ListBucket",
-                "s3:DeleteObject",
-                "s3:GetObjectVersion"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:ssm:*:*:parameter/qlik/*"
-            ],
-            "Action": [
-                "ssm:GetParameter",
-                "ssm:PutParameter"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "${aws_kms_key.qlik_key.arn}"
-            ],
-            "Action": [
-                "kms:*"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "sts:AssumeRole"
-            ],
-            "Condition": {
-                "StringEquals": {
-                    "sts:ExternalId": "6b69f9c3c8f502f2ddfc8434d443f172ebe4c032f4ef1a3c51215d27a58ca799"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Action": [
-                "glue:CreateTable",
-                "glue:UpdateTable",
-                "glue:DeleteTable",
-                "glue:BatchDeleteTable",
-                "glue:GetTable",
-                "glue:GetTables",
-                "glue:CreateDatabase",
-                "glue:UpdateDatabase",
-                "glue:GetDatabase",
-                "glue:GetDatabases",
-                "glue:GetUserDefinedFunction"
-            ],
-            "Resource": [
-                "arn:aws:glue:us-east-1:*:catalog",
-                "arn:aws:glue:us-east-1:*:database/*",
-                "arn:aws:glue:us-east-1:*:table/*/*"
-            ]
-        }
-    ]
-}
-  )
-}
-
-
-resource "aws_iam_instance_profile" "ec2_instance_profile" {
-  name = "qmi-olh-instance-profile-${var.provision_id}"
-  role = aws_iam_role.olh_ec2_role.name
-}
--- a/aws-olh-prereqs/role-mgmt.tf
+++ b/aws-olh-prereqs/role-mgmt.tf
@@ -1,233 +0,0 @@
-resource "aws_iam_role" "olh_mgmt_role" {  
-    name = "qmi_olh_mgmt_${var.provision_id}"
-
-    assume_role_policy = jsonencode({
-        "Version": "2012-10-17",
-        "Statement": [
-              {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::072398622971:role/upsolver-proxy-assume-role"
-                },
-                "Action": [
-                    "sts:AssumeRole"
-                ],
-                "Condition": {
-                    "StringEquals": {
-                        "sts:ExternalId": "6b69f9c3c8f502f2ddfc8434d443f172ebe4c032f4ef1a3c51215d27a58ca799"
-                    }
-                }
-            },
-            {
-                "Effect": "Allow",
-                "Action": "sts:AssumeRole",
-                "Principal": {
-                    "Service" : "ec2.amazonaws.com"
-                }
-            }
-        ]
-    })
-
-}
-
-resource "aws_iam_role_policy" "inline_policy" {
-
-  name = "qmi-olh-role-policy-${var.provision_id}"
-  role = aws_iam_role.olh_mgmt_role.id
-
-  policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "ec2:CancelSpotInstanceRequests",
-                "ec2:CreateLaunchTemplate",
-                "ec2:CreateTags",
-                "ec2:CreateVolume",
-                "ec2:DescribeAddresses",
-                "ec2:DescribeImageAttribute",
-                "ec2:DescribeImages",
-                "ec2:DescribeInstanceStatus",
-                "ec2:DescribeInstanceTypeOfferings",
-                "ec2:DescribeInstanceTypes",
-                "ec2:DescribeInstances",
-                "ec2:DescribeLaunchTemplateVersions",
-                "ec2:DescribeLaunchTemplates",
-                "ec2:DescribeSecurityGroups",
-                "ec2:DescribeSpotInstanceRequests",
-                "ec2:DescribeSpotPriceHistory",
-                "ec2:DescribeTags",
-                "ec2:DescribeRegions",
-                "ec2:DescribeSubnets",
-                "ec2:DescribeRouteTables",
-                "ec2:DescribeSecurityGroups",
-                "ec2:RequestSpotInstances",
-                "ec2:DescribeVolumes"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:ec2:*::image/*",
-                "arn:aws:ec2:*:*:instance/*",
-                "arn:aws:ec2:*:*:key-pair/*",
-                "arn:aws:ec2:*:*:launch-template/*",
-                "arn:aws:ec2:*:*:network-interface/*",
-                "arn:aws:ec2:*:*:security-group/*",
-                "arn:aws:ec2:*:*:subnet/*",
-                "arn:aws:ec2:*:*:volume/*"
-            ],
-            "Action": [
-                "ec2:RunInstances"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "ec2:AttachVolume",
-                "ec2:DeleteVolume",
-                "ec2:DetachVolume",
-                "ec2:DeleteLaunchTemplate",
-                "ec2:TerminateInstances",
-                "ec2:StartInstances",
-                "ec2:ModifyLaunchTemplate",
-                "ec2:DeleteLaunchTemplateVersions",
-                "ec2:CreateLaunchTemplateVersion"
-            ],
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/qlik_cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "autoscaling:DeleteAutoScalingGroup",
-                "autoscaling:DeletePolicy",
-                "autoscaling:PutScalingPolicy",
-                "autoscaling:StartInstanceRefresh",
-                "autoscaling:TerminateInstanceInAutoScalingGroup",
-                "autoscaling:UpdateAutoScalingGroup"
-            ],
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/qlik_cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "autoscaling:CreateAutoScalingGroup",
-                "autoscaling:CreateOrUpdateTags",
-                "autoscaling:DescribeAutoScalingGroups",
-                "autoscaling:DescribeInstanceRefreshes",
-                "autoscaling:DescribePolicies",
-                "autoscaling:DescribeScalingActivities"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "ec2:DescribeRegions",
-                "ec2:DescribeSubnets",
-                "ec2:DescribeRouteTables",
-                "ec2:DescribeSecurityGroups"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "cloudwatch:DescribeAlarmHistory",
-                "cloudwatch:DescribeAlarms",
-                "cloudwatch:DescribeAlarmsForMetric",
-                "cloudwatch:GetMetricStatistics",
-                "cloudwatch:ListMetrics",
-                "cloudwatch:PutMetricData"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "cloudwatch:PutMetricAlarm",
-                "cloudwatch:DeleteAlarms"
-            ],
-            "Condition": {
-                "Null": {
-                    "aws:ResourceTag/qlik_cluster": "false"
-                }
-            }
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "iam:AddRoleToInstanceProfile",
-                "iam:CreateServiceLinkedRole",
-                "iam:GetPolicy",
-                "iam:GetPolicyVersion",
-                "iam:ListAccountAliases",
-                "iam:ListAttachedRolePolicies",
-                "iam:ListInstanceProfiles",
-                "iam:ListInstanceProfilesForRole",
-                "iam:ListPolicies",
-                "iam:ListRoles",
-                "iam:PassRole"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "*"
-            ],
-            "Action": [
-                "sts:DecodeAuthorizationMessage"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:ssm:*:${var.aws_account_id}:parameter/qlik/*"
-            ],
-            "Action": [
-                "ssm:PutParameter"
-            ]
-        },
-        {
-            "Effect": "Allow",
-            "Resource": [
-                "${aws_kms_key.qlik_key.arn}"
-            ],
-            "Action": [
-                "kms:GenerateDataKeyPairWithoutPlaintext",
-                "kms:Encrypt"
-            ]
-        }
-    ]
-  })
-}
--- a/aws-olh-prereqs/s3.tf
+++ b/aws-olh-prereqs/s3.tf
@@ -1,10 +0,0 @@
-module "qmi-s3-bucket" {          
-
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
-  
-  bucket_name                   = "qmi-olh-bucket-${var.provision_id}"
-  provision_id                  = var.provision_id
-  user_id                       = var.user_id
-  forced_destroy                = var.forced_destroy
-  
-}
--- a/aws-olh-prereqs/variables.tf
+++ b/aws-olh-prereqs/variables.tf
@@ -1,30 +0,0 @@
-
-variable "aws_account_id" {
-    description = "AWS account ID"
-}
-
-variable "region" {
-    description = "AWS region"
-    default     = "us-east-1"
-}
-
-variable "provision_id" {
-}
-
-variable "user_id" {
-}
-
-variable "vpc_cidr" {
-  default = "10.0.0.0/16"
-}
-
-variable "public_subnet_cidrs" {
-  default = ["10.0.1.0/24", "10.0.2.0/24"]
-}
-
-variable "forced_destroy" {
-  default = null
-}
-
-
-
--- a/aws-olh-prereqs/vpc.tf
+++ b/aws-olh-prereqs/vpc.tf
@@ -1,74 +0,0 @@
-resource "aws_vpc" "main" {
-  cidr_block           = var.vpc_cidr
-  enable_dns_support   = true
-  enable_dns_hostnames = true
-
-  tags = {
-    Name = "qmi-olh-vpc-${var.provision_id}"
-  }
-}
-
-resource "aws_internet_gateway" "igw" {
-  vpc_id = aws_vpc.main.id
-
-  tags = {
-    Name = "qmi-olh-igw-${var.provision_id}"
-  }
-}
-
-data "aws_availability_zones" "available" {
-  state = "available"
-}
-
-resource "aws_subnet" "public" {
-  count                   = length(var.public_subnet_cidrs)
-  vpc_id                  = aws_vpc.main.id
-  cidr_block              = var.public_subnet_cidrs[count.index]
-  availability_zone       = data.aws_availability_zones.available.names[count.index]
-  map_public_ip_on_launch = true
-
-  tags = {
-    Name = "qmi-olh-subnet-${var.provision_id}-${count.index + 1}"
-  }
-}
-
-resource "aws_route_table" "public" {
-  vpc_id = aws_vpc.main.id
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.igw.id
-  }
-}
-
-resource "aws_route_table_association" "public_assoc" {
-  count          = length(var.public_subnet_cidrs)
-  subnet_id      = aws_subnet.public[count.index].id
-  route_table_id = aws_route_table.public.id
-}
-
-
-resource "aws_security_group" "allow_tls" {
-  name        = "olh-${var.provision_id}-SG"
-  description = "olh-${var.provision_id}-SG"
-  vpc_id      = aws_vpc.main.id
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {  
-    security_group_id = aws_security_group.allow_tls.id
-
-    cidr_ipv4         = var.vpc_cidr
-    ip_protocol           = "tcp"
-    from_port          = 0
-    to_port            = 65535
-
-    description = "olh-${var.provision_id}-ingress-rule"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
-
-  security_group_id = aws_security_group.allow_tls.id
-  cidr_ipv4          = "0.0.0.0/0"
-  ip_protocol       = "-1"
-  description = "olh-${var.provision_id}-egress-rule"
-}
--- a/compose-install/scripts/compose-license.txt
+++ b/compose-install/scripts/compose-license.txt
@@ -1,14 +1,14 @@
 {
  "$type": "ComposeLicense",
  "product": "QlikCompose",
-  "issued_to": "Qlik Internal",
+  "issued_to": "Attunity Americas",
  "issued_by": "Attunity US",
  "license_type": "EVALUATION",
-  "serial_no": "85011700",
-  "expiration_date": "2025-12-31",
+  "serial_no": "85008595",
+  "expiration_date": "2023-12-31",
  "hosts": "",
-  "product_version": "2024.12",
-  "notes": "",
+  "product_version": "2022.5",
+  "notes": "Qlik internal use only ",
  "host_role": "",
  "source_db_types": "",
  "dwh_type": "*",
@@ -16,6 +16,6 @@
  "number_of_dms": "0",
  "number_of_developers": "0",
  "managed_dwh_size": "0",
-  "issue_time": "12/18/2024 8:31:25 PM",
-  "signature": "bMVg+X1Saxvcux5I96eU+oHndPWHv4E1QzxYwgo/cGpfVltneqGgBrVPmjotMGxp705aj29jGQLHNSx/0bBlwJd9DcfLAKaS/mH9mfph50KWRV1+ZLgPVQmmDHv/vFYLoIQLoyV2RqhMGN2rbVEXrQLzXRa+FWQEbulVa05Uvog="
+  "issue_time": "12/15/2022 7:06:16 PM",
+  "signature": "iDk5NujmAcxcI80BSt4JaOEaSj35u0vzoRXvRcYXy4NpWJLFVvCRJ67LfVcA1WuLwHmarnYWYA+RWT0CyqpH1e4n3nZPaJAwBgnU5Z074rIUrHZi+Z5Hmgux2ptNqXJIr7S1JNc6+fBMHuG//hxYppf9Knmk+5cx5rafxNpCYUU="
 }
--- a/compose-install/scripts/di-compose-install.ps1
+++ b/compose-install/scripts/di-compose-install.ps1
@@ -46,19 +46,17 @@ If ((Test-Path $bin\$fileName))
    $fileNoExtension = [IO.Path]::GetFileNameWithoutExtension("$bin\$fileName")
 	Expand-Archive $bin\$fileName -DestinationPath $bin\$fileNoExtension -Force

-    Write-Host "Binary decompressed in folder $($bin)\$($fileNoExtension)"	
+    #Write-Host "Binary decompressed in folder $($bin)\$($fileNoExtension)"	
 	$exec = Get-ChildItem $bin\$fileNoExtension\*.exe | Select-Object -ExpandProperty Name
    #Write-Host "Exec: $($exec)"

    $silentInstall = "$($bin)\$($fileNoExtension)\$($exec) /s /f1$($PSScriptRoot)\$($issFile) /f2$($bin)\Compose_silent_x64_install.log"

-    Start-Sleep 5 
-    
 	Write-Host "Run Compose silent installation : $($silentInstall)"
    Invoke-Expression $silentInstall
    while (!(Test-Path "$($bin)\Compose_silent_x64_install.log")) { 
        Write-Host "[Waiting Compose to be installed] ..."
-        Start-Sleep 4
+        Start-Sleep 2
    }
 	$resultLogs = Get-IniFile "$($bin)\Compose_silent_x64_install.log"
 	$testResult = $resultLogs.ResponseResult.ResultCode
--- a/databases/.DS_Store
+++ b/databases/.DS_Store
--- a/databases/aws-emr/main.tf
+++ b/databases/aws-emr/main.tf
@@ -1,148 +0,0 @@
-terraform {
-
-  required_version = ">= 1.1"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-    }
-  }
-}
-
-
-module "s3_bucket" {
-  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 3.0"
-
-  bucket_prefix = "qmi-bucket-${var.provision_id}"
-
-  # Allow deletion of non-empty bucket
-  # Example usage only - not recommended for production
-  force_destroy = true
-
-  attach_deny_insecure_transport_policy = true
-  attach_require_latest_tls_policy      = true
-
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-
-  server_side_encryption_configuration = {
-    rule = {
-      apply_server_side_encryption_by_default = {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
-  tags = {
-    QMI_user = var.user_id
-    ProvID   = var.provision_id
-    Name     = "qmi-emr-${var.provision_id}"
-    Owner    = var.user_id
-  }
-}
-
-module "emr" {
-  source = "terraform-aws-modules/emr/aws"
-
-  name = var.provision_id
-
-  release_label = "emr-6.11.0"
-  applications  = ["spark", "hadoop", "hive", "hue"]
-  auto_termination_policy = {
-    idle_timeout = 3600
-  }
-
-  bootstrap_action = {
-    example = {
-      name = "Just an example",
-      path = "file:/bin/echo",
-      args = ["Hello World!"]
-    }
-  }
-
-  configurations_json = jsonencode([
-    {
-      "classification" : "spark-env",
-      "configurations" : [
-        {
-          "classification" : "export",
-          "properties" : {
-            "JAVA_HOME" : "/usr/lib/jvm/java-1.8.0"
-          }
-        }
-      ],
-      "properties" : {}
-    },
-    {
-      "classification": "hive-site",
-      "properties": {
-         "hive.support.concurrency": "true",
-         "hive.exec.dynamic.partition.mode": "nonstrict",
-         "hive.txn.manager": "org.apache.hadoop.hive.ql.lockmgr.DbTxnManager"
-      }
-    }
-  ])
-
-  master_instance_group = {
-    name           = "master-group"
-    instance_count = 1
-    instance_type  = "m5.xlarge"
-  }
-
-  core_instance_group = {
-    name           = "core-group"
-    instance_count = 1
-    instance_type  = "c4.large"
-  }
-
-  task_instance_group = {
-    name           = "task-group"
-    instance_count = 1
-    instance_type  = "c5.xlarge"
-    bid_price      = "0.1"
-
-    ebs_config = {
-      size                 = 64
-      type                 = "gp3"
-      volumes_per_instance = 1
-    }
-    ebs_optimized = true
-  }
-
-  ebs_root_volume_size = 64
-  ec2_attributes = {
-    # Instance groups only support one Subnet/AZ
-    # Subnets should be private subnets and tagged with
-    # { "for-use-with-amazon-emr-managed-policies" = true }
-    subnet_id = var.subnet_ids_us[0]
-  }
-  vpc_id = var.vpc_id_us
-
-  list_steps_states  = ["PENDING", "RUNNING", "CANCEL_PENDING", "CANCELLED", "FAILED", "INTERRUPTED", "COMPLETED"]
-  log_uri            = "s3://${module.s3_bucket.s3_bucket_id}/"
-
-  scale_down_behavior    = "TERMINATE_AT_TASK_COMPLETION"
-  step_concurrency_level = 3
-  termination_protection = false
-  visible_to_all_users   = true
-  
-  is_private_cluster = false
-  #create_service_iam_role = false
-  #service_iam_role_arn = "arn:aws:iam::192018133564:role/service-role/AmazonEMR-ServiceRole-20230622T122656"
-  #create_iam_instance_profile = false
-  #iam_instance_profile_name = "AmazonEMR-InstanceProfile-20230622T122640"
-
-  tags = {
-    Environment = "QMI-${var.provision_id}"
-    Deployment = "QMI-${var.provision_id}"
-    Terraform   = "true"
-    Environment = "dev"
-    QMI_user = var.user_id
-    Owner    = var.user_id
-    ProvID   = var.provision_id
-    Name     = "qmi-emr-${var.provision_id}"
-  }
-}
--- a/databases/aws-emr/outputs.tf
+++ b/databases/aws-emr/outputs.tf
@@ -1,15 +0,0 @@
-output "s3_bucket" {
-  value = module.qmi-s3-bucket.bucket.s3_bucket_id
-}
-
-output "s3_iam_name" {
-  value = module.qmi-s3-bucket.iam_name
-}
-
-output "s3_iam_access_key" {
-  value = module.qmi-s3-bucket.iam_access_key
-}
-
-output "s3_iam_access_secret" {
-  value =  module.qmi-s3-bucket.iam_access_secret
-}
--- a/databases/aws-emr/variables.tf
+++ b/databases/aws-emr/variables.tf
@@ -1,34 +0,0 @@
-variable "region" {
-  default = "us-east-1"
-}
-
-variable "provision_id" {
-  
-}
-
-variable "user_id" {
-}
-
-variable "vpc_id_ap" {
-  default = "vpc-22ee2844"
-}
-
-variable "vpc_id_eu" {
-  default = "vpc-73f0500a"
-}
-
-variable "vpc_id_us" {
-  default = "vpc-c079f5bd"
-}
-
-variable "subnet_ids_ap" {
-  default = ["subnet-658aec3c", "subnet-e030eba8", "subnet-94309bf2"]
-}
-
-variable "subnet_ids_eu" {
-  default = ["subnet-4d441b17", "subnet-95c22fde", "subnet-70938116"]
-}
-
-variable "subnet_ids_us" {
-  default = ["subnet-4d26552b", "subnet-0414685b", "subnet-c97f7c84", "subnet-7f695c71", "subnet-96acd2b7", "subnet-88ab2cb9"]
-}
--- a/databases/aws-kinesis/main.tf
+++ b/databases/aws-kinesis/main.tf
@@ -23,11 +23,9 @@ locals {
  scnamelower = "${local.container_n1}${local.container_n2}${local.container_n3}"

  tags = {
-    Deployment = "QMI-${var.provision_id}"
-    Environment = "QMI-${var.provision_id}"
+    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
  }
--- a/databases/aws-rds/main.tf
+++ b/databases/aws-rds/main.tf
@@ -5,22 +5,11 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
+      version = "3.74.0"
    }
  }
 }

-resource "random_password" "password" {
-  length = 16
-  special = true
-  override_special = "_!"
-  upper = true
-  lower = true
-  min_numeric = 2
-  min_lower = 2
-  min_upper = 2
-  min_special = 2
-}
-
 locals {
  provid5              = substr(var.provision_id, 0, 5)
  aurora               = (var.engine == "aurora-mysql") ? true : (var.engine == "aurora-postgresql") ? true : false
@@ -36,23 +25,65 @@ locals {
  family               = var.family[var.engine]

  tags = {
-    Deployment = "QMI-${var.provision_id}"
-    Environment = "QMI-${var.provision_id}"
+    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
-    Owner    = var.user_id
  }
-
-  is_postgres = length(regexall("postgres", local.family)) > 0 ? true : false
-  is_mysql = length(regexall("mysql", local.family)) > 0 ? true : false
 }


+module "fw-ips" {
+    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
+}
+
+module "security_group" {
+  
+  # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.3"
+
+  name        = "${var.provision_id}-SG"
+  description = "${var.provision_id}-SG"
+  vpc_id      = local.vpc_id
+
+
+  # ingress
+
+  ingress_cidr_blocks = module.fw-ips.cidr_blocks
+  
+
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "RDS"
+
+    },
+  ]
+
+  # egress
+
+  egress_cidr_blocks = module.fw-ips.cidr_blocks
+
+  egress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "RDS"
+
+    },
+  ]
+
+  tags = local.tags
+}
+
 module "common_rds_instance" {
  source  = "terraform-aws-modules/rds/aws"
-  version = "= 6.1.1"
+  version = "~> 3.3"

  count = local.aurora? 0 : 1

@@ -64,172 +95,58 @@ module "common_rds_instance" {
  major_engine_version = local.major_engine_version # DB option group
  instance_class       = var.instance_size
  allocated_storage    = var.storage
-  storage_encrypted    = (var.engine == "sqlserver-ex")? false : true

  license_model = local.license

-  db_name                = local.name
+  name                   = local.name
  username               = "qmirdsuser"
-  password               = random_password.password.result
-  manage_master_user_password = false
+  create_random_password = true
+  random_password_length = 12
  port                   = local.port

  multi_az               = false
  subnet_ids             = local.subnet_ids
-  vpc_security_group_ids = [
-    aws_security_group.allow_tls.id,
-    aws_security_group.allow_tls_2.id
-  ]
+  vpc_security_group_ids = [module.security_group.security_group_id]
  publicly_accessible    = true

  maintenance_window = "Mon:00:00-Mon:03:00"
  backup_window      = "03:00-06:00"

-  backup_retention_period = 1
+  backup_retention_period = 0
  skip_final_snapshot     = true
  deletion_protection     = false

-  parameters = local.is_postgres? [
-    {
-      apply_method = "pending-reboot"
-      name  = "rds.logical_replication"
-      value = 1
-    },
-    {
-      apply_method = "pending-reboot"
-      name  = "max_wal_senders"
-      value = 10
-    },
-    {
-      apply_method = "pending-reboot"
-      name  = "max_replication_slots"
-      value = 10
-    }
-  ] : local.is_mysql? [{
-      name  = "binlog_format"
-      value = "row"
-  }]: []
-
  tags = local.tags

 }

-
-resource "aws_rds_cluster_parameter_group" "pg-postgres" {
-
-  count =  var.engine == "aurora-postgresql"? 1 : 0
-
-  name        = "rds-cluster-pg-${var.provision_id}"
-  family      = "aurora-postgresql14"
-  description = "RDS aurora-postgresql14 cluster parameter group"
-
-  parameter {
-    apply_method = "pending-reboot"
-    name  = "rds.logical_replication"
-    value = 1
-  }
-
-  parameter {
-    apply_method = "pending-reboot"
-    name  = "max_wal_senders"
-    value = 10
-  }
-
-  parameter {
-    apply_method = "pending-reboot"
-    name  = "max_replication_slots"
-    value = 10
-  }
-
-}
-
-resource "aws_rds_cluster_parameter_group" "pg-mysql" {
-
-  count =  var.engine == "aurora-mysql"? 1 : 0
-
-  name        = "rds-cluster-pg-${var.provision_id}"
-  family      = "aurora-mysql8.0"
-  description = "RDS aurora-mysql8.0 cluster parameter group"
-
-  parameter {
-    apply_method = "pending-reboot"
-    name  = "binlog_format"
-    value = "row"
-  }
-
-}
-
 module "aurora_rds_instance" {
-
-  depends_on = [  
-    aws_rds_cluster_parameter_group.pg-postgres, 
-    aws_rds_cluster_parameter_group.pg-mysql
-  ]
-
  source  = "terraform-aws-modules/rds-aurora/aws"
-  version = "~> 8.3.1"
+  version = "~> 5.2"

  count = local.aurora? 1 : 0

  name           = local.name
  engine         = var.engine
  engine_version = local.engine_version
-  instance_class  = var.instance_size
-
-  database_name = local.name
-
-  instances       = { 1 = {} }
-
-  autoscaling_enabled      = true
-  autoscaling_min_capacity = 1
-  autoscaling_max_capacity = 3
+  instance_type  = var.instance_size

  vpc_id                 = local.vpc_id
  subnets                = local.subnet_ids
  create_security_group  = false
-  vpc_security_group_ids = [
-      aws_security_group.allow_tls.id,
-      aws_security_group.allow_tls_2.id
-  ]
+  vpc_security_group_ids = [module.security_group.security_group_id]
  port                   = local.port
  publicly_accessible    = true

-  master_username         = "qmirdsuser"
-  manage_master_user_password = false
-  master_password = random_password.password.result
-  create_db_subnet_group = true
+  username               = "qmirdsuser"
+  create_random_password = true


-  backup_retention_period = 1
+
+  backup_retention_period = 0
  skip_final_snapshot     = true
  deletion_protection     = false

  tags = local.tags

-  db_cluster_parameter_group_name = "rds-cluster-pg-${var.provision_id}"
-
-}
-
-locals {
-    
-    type      = (var.engine == "mysql" || var.engine == "mariadb")? "mysql" :  (var.engine == "postgres" || var.engine == "aurora-postgres")? "postgres" : (var.engine == "sqlserver-ex")? "mssql" : null
-    port4dummy  = (local.aurora)? module.aurora_rds_instance[0].cluster_port : module.common_rds_instance[0].db_instance_port
-    host      = (local.aurora)? "${module.aurora_rds_instance[0].cluster_endpoint}:${local.port4dummy}" : module.common_rds_instance[0].db_instance_endpoint
-    username  = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
-    password  = nonsensitive(random_password.password.result)
-    database  = (var.engine == "postgres" || var.engine == "aurora-postgres")? "postgres" : local.name
-}
-
-
-module "dummy-data" {
-
-  count = var.dummydata != null && local.type != null? 1 : 0
-
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = local.type
-  host      = local.host
-  username  = local.username
-  password  = local.password
-  database  = local.database
 }
--- a/databases/aws-rds/output.tf
+++ b/databases/aws-rds/output.tf
@@ -1,31 +1,23 @@
-output "db_username" {
+ output "db_username" {
  description = "The master username for the database"
-  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
+  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_username) : nonsensitive(module.common_rds_instance[0].db_instance_username)
 } 

 output "db_instance_password" {
  description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)"
-  value       = nonsensitive(random_password.password.result)
+  value       = (local.aurora)? nonsensitive(module.aurora_rds_instance[0].rds_cluster_master_password) : nonsensitive(module.common_rds_instance[0].db_instance_password)
 }

 output "db_instance_port" {
  description = "The database port"
-  value       = (local.aurora)? module.aurora_rds_instance[0].cluster_port : module.common_rds_instance[0].db_instance_port
+  value       = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_port : module.common_rds_instance[0].db_instance_port
 }

 output "db_instance_endpoint" {
  description = "The connection endpoint"
-  value       = (local.aurora)? module.aurora_rds_instance[0].cluster_endpoint : module.common_rds_instance[0].db_instance_endpoint
-}
-
-output "db_instance_id" {
-  value       = (local.aurora)? null : "${var.engine}${var.provision_id}"
+  value       = (local.aurora)? module.aurora_rds_instance[0].rds_cluster_endpoint : module.common_rds_instance[0].db_instance_endpoint
 }

 output "db_instance_name" {
  value       = local.name
 }
-
-output "dummy_data_databases_available" {
-   value = var.dummydata != null && local.type != null? module.dummy-data[0].dbs : null
-}
--- a/databases/aws-rds/sec_groups.tf
+++ b/databases/aws-rds/sec_groups.tf
@@ -1,69 +0,0 @@
-module "fw-ips" {
-    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
-}
-
-resource "aws_security_group" "allow_tls" {
-  name        = "${var.provision_id}-SG"
-  description = "${var.provision_id}-SG"
-  vpc_id      = local.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
-  for_each = toset(module.fw-ips.cidr_blocks)
-  
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
-
-  for_each = toset(module.fw-ips.cidr_blocks)
-
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "dbport"
-}
-
-resource "aws_security_group" "allow_tls_2" {
-  name        = "${var.provision_id}-SG2"
-  description = "${var.provision_id}-SG2"
-  vpc_id      = local.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-  
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "Others - dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
-
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "Others - dbport"
-}
--- a/databases/aws-rds/variables.tf
+++ b/databases/aws-rds/variables.tf
@@ -43,19 +43,15 @@ variable "instance_size" {
 }

 variable "storage" {
-  default = "100"
+  default = "20"
 }

 variable "engine_version" {
  type = map

  default = {
-<<<<<<< HEAD
    "mysql"  = "8.0.32"
-=======
-    "mysql"  = "8.0.36"
->>>>>>> master
-    "postgres"  = "14.12" 
+    "postgres"  = "13.3" 
    "oracle-se2"  = "19.0.0.0.ru-2023-04.rur-2023-04.r1"
    "sqlserver-ex" = "15.00.4236.7.v1"
    "mariadb" = "10.5"
@@ -70,7 +66,7 @@ variable "major_engine_version" {

  default = {
    "mysql"  = "8.0"  
-    "postgres"  = "14"
+    "postgres"  = "13"
    "oracle-se2"  = "19"
    "sqlserver-ex" = "15.00"
    "mariadb" = "10.5"
@@ -87,7 +83,7 @@ variable "family" {

  default = {
    "mysql"  = "mysql8.0"
-    "postgres"  = "postgres14"
+    "postgres"  = "postgres13"
    "oracle-se2"  = "oracle-se2-19"
    "sqlserver-ex" = "sqlserver-ex-15.0"
    "mariadb" = "mariadb10.5"
@@ -110,7 +106,3 @@ variable "port" {
    "aurora-postgresql"  = "5432"
  }
 }
-
-variable "dummydata" {
-  default = null
-}
--- a/databases/aws-redshift/main.tf
+++ b/databases/aws-redshift/main.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 6.0.0"
+      version = ">= 3.49.0"
    }
  }
 }
@@ -17,53 +17,105 @@ resource "random_password" "password" {
  min_numeric = 1
  upper = true
  lower = true
-  numeric = true
+  number = true
  min_lower = 2
  min_upper = 2
  min_special = 2
 }

 locals {
-  s3_prefix = "redshift/qmi-${var.provision_id}"
  provid5              = substr(var.provision_id, 0, 5)
  vpc_id               = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
  subnet_ids           = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
  port                 = "5439"
  tags = {
-    Deployment = "QMI-${var.provision_id}"
-    Environment = "QMI-${var.provision_id}"
+    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
-    Owner    = var.user_id
  }
 }

+module "fw-ips" {
+    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
+}
+
+module "security_group" {
+  # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.3"
+
+  name        = "${var.provision_id}-SG"
+  description = "${var.provision_id}-SG"
+  vpc_id      = local.vpc_id
+
+
+  # ingress
+
+  ingress_cidr_blocks = module.fw-ips.cidr_blocks
+
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "Redshift"
+
+    },
+  ]
+
+  # egress
+
+  egress_cidr_blocks = module.fw-ips.cidr_blocks
+
+  
+  egress_with_cidr_blocks = [
+    {
+      from_port   = local.port
+      to_port     = local.port
+      protocol    = "tcp"
+      description = "Redshift"
+
+    },
+  ]
+
+  tags = local.tags
+}
+
+module "redshift" {
+
+  source  = "terraform-aws-modules/redshift/aws"
+  version = "~> 3.0"
+
+  cluster_identifier      = "qmi-${var.provision_id}"
+  cluster_node_type       = "dc2.large" #"dc1.large"
+  cluster_number_of_nodes = 1
+
+  cluster_database_name   = var.cluster_database_name
+  cluster_master_username = var.cluster_master_username
+  cluster_master_password = random_password.password.result
+
+  # Group parameters
+  #wlm_json_configuration = "[{\"query_concurrency\": 5}]"
+
+  # DB Subnet Group Inputs
+  subnets = local.subnet_ids
+  vpc_security_group_ids = [module.security_group.security_group_id]
+  publicly_accessible = true
+
+  # IAM Roles
+  #cluster_iam_roles = ["arn:aws:iam::225367859851:role/developer"]
+
+  tags = local.tags
+
+}
+
 module "qmi-s3-bucket" {

  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//s3-bucket"
  
  provision_id                  = var.provision_id
+  region                        = var.region
  user_id                       = var.user_id
-}
-
-
-resource "aws_redshift_cluster" "qmi" {
-  cluster_identifier = "qmi-${var.provision_id}"
-  database_name      = var.cluster_database_name
-  master_username    = var.cluster_master_username
-  master_password    = random_password.password.result
-  node_type          = "ra3.large"
-  cluster_type       = "single-node"
-
-  skip_final_snapshot = true
-
-  vpc_security_group_ids = [aws_security_group.allow_tls.id, aws_security_group.allow_tls_2.id]
-
-  publicly_accessible = true
-
-  tags = local.tags
-}
-
-
+}
--- a/databases/aws-redshift/outputs.tf
+++ b/databases/aws-redshift/outputs.tf
@@ -1,20 +1,25 @@
 output "redshift_cluster_id" {
  description = "The availability zone of the RDS instance"
-  value       = aws_redshift_cluster.qmi.id
+  value       = module.redshift.redshift_cluster_id
 }

 output "redshift_cluster_endpoint" {
  description = "Redshift endpoint"
-  value       = aws_redshift_cluster.qmi.endpoint
+  value       = module.redshift.redshift_cluster_endpoint
+}
+
+output "redshift_cluster_hostname" {
+  description = "Redshift hostname"
+  value       = module.redshift.redshift_cluster_hostname
 }

 output "redshift_cluster_port" {
  description = "Redshift port"
-  value       = aws_redshift_cluster.qmi.port
+  value       = module.redshift.redshift_cluster_port
 }

 output "redshift_cluster_database_name" {
-    value = aws_redshift_cluster.qmi.database_name
+    value = module.redshift.redshift_cluster_database_name
 }

 output "redshift_cluster_master_username" {
--- a/databases/aws-redshift/sec_groups.tf
+++ b/databases/aws-redshift/sec_groups.tf
@@ -1,69 +0,0 @@
-module "fw-ips" {
-    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
-}
-
-resource "aws_security_group" "allow_tls" {
-  name        = "${var.provision_id}-SG"
-  description = "${var.provision_id}-SG"
-  vpc_id      = local.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
-  for_each = toset(module.fw-ips.cidr_blocks)
-  
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
-
-  for_each = toset(module.fw-ips.cidr_blocks)
-
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "dbport"
-}
-
-resource "aws_security_group" "allow_tls_2" {
-  name        = "${var.provision_id}-SG2"
-  description = "${var.provision_id}-SG2"
-  vpc_id      = local.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-  
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "Others - dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
-
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "Others - dbport"
-}
--- a/databases/aws-redshift/variables.tf
+++ b/databases/aws-redshift/variables.tf
@@ -38,5 +38,5 @@ variable "cluster_database_name" {
 }

 variable "cluster_master_username" {
-    default = "qmiuser"
+    default = "qmi"
 }
--- a/databases/azure-eventhub/main.tf
+++ b/databases/azure-eventhub/main.tf
@@ -22,11 +22,9 @@ resource "azurerm_eventhub_namespace" "ehbnamespace" {
  maximum_throughput_units = 2

  tags = {
-    Deployment = "QMI-${var.provision_id}"
-    Environment = "QMI-${var.provision_id}"
+    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }

  network_rulesets {
--- a/databases/azure-hdinsight-hadoop/outputs.tf
+++ b/databases/azure-hdinsight-hadoop/outputs.tf
@@ -30,11 +30,7 @@ output "Azure_Application_Registration_Client_ID" {
 }

 output "Azure_Application_Registration_Secret" {
-<<<<<<< HEAD
  value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
-=======
-  value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
->>>>>>> master
 }


@@ -59,9 +55,5 @@ output "adls_Azure_Application_Registration_Client_ID" {
 }

 output "adls_Azure_Application_Registration_Secret" {
-<<<<<<< HEAD
  value = "~qp8Q~utl~YJ3skNM9kAuq25VY~rKxxOWpaVYcnQ"
-=======
-  value = "i3F8Q~FxhoyOP1-4r9sstaohnjxXaf~ulhVJFav_"
->>>>>>> master
 }
--- a/databases/azure-rds-flexmysql/firewall.tf
+++ b/databases/azure-rds-flexmysql/firewall.tf
@@ -1,29 +1,31 @@
-module "fw-ips" {
-    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
-}
-
-resource "azurerm_mysql_flexible_server_firewall_rule" "fw_rule" {
-  for_each = module.fw-ips.ips_az_qcs
-
-  name                = each.key
+/*resource "azurerm_mysql_flexible_server_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
  resource_group_name = var.resource_group_name
  server_name         = azurerm_mysql_flexible_server.mysql-server.name
-  start_ip_address    = each.value.0
-  end_ip_address      = each.value.1
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}*/

+resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule1" {
+  name                = "a1"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  start_ip_address    = "52.249.189.38"
+  end_ip_address      = "52.249.189.38"
 }

-module "dummy-data" {
+resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule2" {
+  name                = "a2"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  start_ip_address    = "13.67.39.86"
+  end_ip_address      = "13.67.39.86"
+}

-  count = var.dummydata != null? 1 : 0
-
-  depends_on = [ azurerm_mysql_flexible_server_firewall_rule.fw_rule ]
-
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = "mysql"
-  host      = "${azurerm_mysql_flexible_server.mysql-server.fqdn}:3306"
-  username  = var.admin_login
-  password  = nonsensitive(random_password.password.result)
-  database  = ""
+resource "azurerm_mysql_flexible_server_firewall_rule" "fw-a-rule3" {
+  name                = "a3"
+  resource_group_name = var.resource_group_name
+  server_name         = azurerm_mysql_flexible_server.mysql-server.name
+  start_ip_address    = "20.67.110.207"
+  end_ip_address      = "20.67.110.207"
 }
--- a/databases/azure-rds-flexmysql/main.tf
+++ b/databases/azure-rds-flexmysql/main.tf
@@ -1,7 +1,7 @@
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
@@ -33,7 +33,6 @@ resource "azurerm_mysql_flexible_server" "mysql-server" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }
 }

--- a/databases/azure-rds-flexmysql/output.tf
+++ b/databases/azure-rds-flexmysql/output.tf
@@ -8,8 +8,4 @@ output "root_username" {

 output "root_username_password" {
  value = nonsensitive(random_password.password.result)
-}
-
-output "dummy_data_databases_available" {
-  value = var.dummydata != null? module.dummy-data[0].dbs : null
 }
--- a/databases/azure-rds-flexmysql/variables.tf
+++ b/databases/azure-rds-flexmysql/variables.tf
@@ -25,23 +25,15 @@ variable "admin_login" {
 variable "mysql-version" {
  type = string
  description = "MySQL Server version to deploy"
-  default = "8.0.21"
+  default = "5.7"
 }
 variable "mysql-sku-name" {
  type = string
  description = "MySQL SKU Name"
-<<<<<<< HEAD
-  default = "GP_Standard_D4ds_v4"
-=======
-  default = "B_Standard_B2s"
->>>>>>> master
+  default = "GP_Standard_D2ds_v4"
 }
 variable "mysql-storage" {
  type = string
  description = "MySQL Storage in MB"
  default = "20"
-}
-
-variable "dummydata" {
-  default = null
-}
+  }
--- a/databases/azure-rds-flexpostgres/firewall.tf
+++ b/databases/azure-rds-flexpostgres/firewall.tf
@@ -1,13 +1,28 @@
-module "fw-ips" {
-    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
+/*resource "azurerm_postgresql_flexible_server_firewall_rule" "all-azure-services" {
+  name                = "AllAzureServices"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "0.0.0.0"
+}*/
+
+
+resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule1" {
+  name                = "a1"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  start_ip_address    = "52.249.189.38"
+  end_ip_address      = "52.249.189.38"
 }

-resource "azurerm_postgresql_flexible_server_firewall_rule" "fw_rule" {
-  for_each = module.fw-ips.ips_az_qcs
-
-  name                = each.key
+resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule2" {
+  name                = "a2"
  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
-  start_ip_address    = each.value.0
-  end_ip_address      = each.value.1
+  start_ip_address    = "13.67.39.86"
+  end_ip_address      = "13.67.39.86"
+}

+resource "azurerm_postgresql_flexible_server_firewall_rule" "fw-a-rule3" {
+  name                = "a3"
+  server_id = azurerm_postgresql_flexible_server.postgresql-server.id
+  start_ip_address    = "20.67.110.207"
+  end_ip_address      = "20.67.110.207"
 }
--- a/databases/azure-rds-flexpostgres/main.tf
+++ b/databases/azure-rds-flexpostgres/main.tf
@@ -1,7 +1,7 @@
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!)"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
@@ -29,7 +29,6 @@ resource "azurerm_postgresql_flexible_server" "postgresql-server" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }

 }
--- a/databases/azure-rds-flexpostgres/variables.tf
+++ b/databases/azure-rds-flexpostgres/variables.tf
@@ -23,12 +23,12 @@ variable "admin_login" {
 variable "postgresql-version" {
  type        = string
  description = "PostgreSQL Server version to deploy"
-  default     = "14"
+  default     = "12"
 }
 variable "postgresql-sku-name" {
  type        = string
  description = "PostgreSQL SKU Name"
-  default     = "B_Standard_B2s"
+  default     = "GP_Standard_D2s_v3"
 }
 variable "postgresql-storage" {
  type        = string
--- a/databases/azure-rds-mariadb/main.tf
+++ b/databases/azure-rds-mariadb/main.tf
@@ -1,7 +1,7 @@
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_!"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
@@ -35,7 +35,6 @@ resource "azurerm_mariadb_server" "mariadb-server" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }
 }

@@ -45,17 +44,4 @@ resource "azurerm_mariadb_database" "mariadb-db" {
  server_name         = azurerm_mariadb_server.mariadb-server.name
  charset             = "utf8"
  collation           = "utf8_unicode_ci"
-}
-
-/*
-module "dummy-data" {
-
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = "mysql"
-  host      = "${azurerm_mariadb_server.mariadb-server.fqdn}:3306"
-  username  = var.admin_login
-  password  = nonsensitive(random_password.password.result)
-  database  = ""
-}
-*/
+}
--- a/databases/azure-rds-mssql/firewall.tf
+++ b/databases/azure-rds-mssql/firewall.tf
@@ -1,5 +1,4 @@

-
 resource "azurerm_mssql_virtual_network_rule" "sqlvnetrule" {

  count = var.subnet_id != null? 1 : 0
@@ -9,15 +8,6 @@ resource "azurerm_mssql_virtual_network_rule" "sqlvnetrule" {
  subnet_id           = var.subnet_id
 }

-resource "azurerm_mssql_virtual_network_rule" "sqlvnet_qmiinfra" {
-
-  count = var.envbranch == "master" && var.location == "eastus" ? 1 : 0
-  
-  name                = "vnet-qmiinfra-${local.provision_id}"
-  server_id           = azurerm_mssql_server.sqlserver.id
-  subnet_id           = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-Infrastructure"
-}
-
 module "fw-ips" {
    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
 }
@@ -31,19 +21,4 @@ resource "azurerm_mssql_firewall_rule" "fw_rule" {
  start_ip_address    = each.value.0
  end_ip_address      = each.value.1

-}
-
-module "dummy-data" {
-
-  count = var.dummydata != null? 1 : 0
-
-  depends_on = [ azurerm_mssql_firewall_rule.fw_rule ]
-  
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = "mssql"
-  host      = azurerm_mssql_server.sqlserver.fully_qualified_domain_name
-  username  = var.sql_administrator_login
-  password  = nonsensitive(local.sql_administrator_login_password)
-  database  = ""
 }
--- a/databases/azure-rds-mssql/main.tf
+++ b/databases/azure-rds-mssql/main.tf
@@ -10,7 +10,7 @@ resource "random_id" "randomServerId" {
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_)"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
@@ -37,7 +37,6 @@ resource "azurerm_mssql_server" "sqlserver" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }

  identity {
@@ -54,7 +53,6 @@ resource "azurerm_mssql_database" "db" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }
 }

@@ -68,7 +66,6 @@ resource "azurerm_mssql_database" "dbname_source" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }
 }

@@ -81,6 +78,5 @@ resource "azurerm_mssql_database" "dbname_target" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner = var.user_id
  }
 }
--- a/databases/azure-rds-mssql/outputs.tf
+++ b/databases/azure-rds-mssql/outputs.tf
@@ -26,8 +26,4 @@ output "principal_id" {
  value = azurerm_mssql_server.sqlserver.identity.0.principal_id
 }

-output "dummy_data_databases_available" {
-  value = var.dummydata != null? module.dummy-data[0].dbs : null
-}
-

--- a/databases/azure-rds-mssql/variables.tf
+++ b/databases/azure-rds-mssql/variables.tf
@@ -23,12 +23,4 @@ variable "sql_administrator_login" {

 variable "sql_administrator_login_password" {
    default = null
-}
-
-variable "dummydata" {
-  default = null
-}
-
-variable "envbranch" {
-  default = "master"
-}
+}
--- a/databases/azure-rds-mysql/firewall.tf
+++ b/databases/azure-rds-mysql/firewall.tf
@@ -9,16 +9,6 @@ resource "azurerm_mysql_virtual_network_rule" "vnetrule" {

 }

-resource "azurerm_mysql_virtual_network_rule" "vnetrule_qmiinfra" {
-
-  count = var.envbranch == "master" && var.location == "eastus" ? 1 : 0
-  
-  name                  = "vnet-qmiinfra-${var.provision_id}"
-  resource_group_name   = var.resource_group_name
-  server_name           = azurerm_mysql_server.mysql-server.name
-  subnet_id             = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-Infrastructure"
-}
-
 module "fw-ips" {
    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
 }
@@ -33,23 +23,4 @@ resource "azurerm_mysql_firewall_rule" "fw_rule" {
  start_ip_address    = each.value.0
  end_ip_address      = each.value.1

-}
-
-module "dummy-data" {
-
-  count = var.dummydata != null? 1 : 0
-
-  depends_on = [ 
-    azurerm_mysql_virtual_network_rule.vnetrule,
-    azurerm_mysql_virtual_network_rule.vnetrule_qmiinfra,
-    azurerm_mysql_firewall_rule.fw_rule 
-  ]
-
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = "mysql"
-  host      = "${azurerm_mysql_server.mysql-server.fqdn}:3306"
-  username  = var.admin_login
-  password  = nonsensitive(random_password.password.result)
-  database  = ""
 }
--- a/databases/azure-rds-mysql/main.tf
+++ b/databases/azure-rds-mysql/main.tf
@@ -1,7 +1,18 @@
+
+/*resource "azurerm_resource_group" "mysql-rg" {
+  name     = "mysql-${var.provision_id}"
+  location = var.location
+  tags = {
+    Deployment = "QMI PoC"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+  }
+}*/
+
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_)"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
@@ -44,12 +55,4 @@ resource "azurerm_mysql_database" "mysql-db" {
  server_name         = azurerm_mysql_server.mysql-server.name
  charset             = "utf8"
  collation           = "utf8_unicode_ci"
-}
-
-
-resource "azurerm_mysql_configuration" "example" {
-  name                = "binlog_row_image"
-  resource_group_name = var.resource_group_name
-  server_name         = azurerm_mysql_server.mysql-server.name
-  value               = "full"
-}
+}
--- a/databases/azure-rds-mysql/output.tf
+++ b/databases/azure-rds-mysql/output.tf
@@ -8,8 +8,4 @@ output "root_username" {

 output "root_username_password" {
  value = nonsensitive(random_password.password.result)
-}
-
-output "dummy_data_databases_available" {
-  value = var.dummydata != null? module.dummy-data[0].dbs : null
 }
--- a/databases/azure-rds-mysql/variables.tf
+++ b/databases/azure-rds-mysql/variables.tf
@@ -29,7 +29,7 @@ variable "admin_login" {
 variable "mysql-version" {
  type = string
  description = "MySQL Server version to deploy"
-  default = "8.0"
+  default = "5.7"
 }
 variable "mysql-sku-name" {
  type = string
@@ -41,11 +41,3 @@ variable "mysql-storage" {
  description = "MySQL Storage in MB"
  default = "5120"
  }
-
-variable "dummydata" {
-  default = null
-}
-
-variable "envbranch" {
-  default = "master"
-}
--- a/databases/azure-rds-postgres/firewall.tf
+++ b/databases/azure-rds-postgres/firewall.tf
@@ -8,17 +8,6 @@ resource "azurerm_postgresql_virtual_network_rule" "vnetrule" {
  subnet_id           = var.subnet_id
 }

-resource "azurerm_postgresql_virtual_network_rule" "vnetrule_qmiinfra" {
-
-  count = var.envbranch == "master" && var.location == "eastus" ? 1 : 0
-
-  name                = "vnet-qmiinfra-${var.provision_id}"
-  resource_group_name = var.resource_group_name
-  server_name         = azurerm_postgresql_server.postgresql-server.name
-  subnet_id           = "/subscriptions/62ebff8f-c40b-41be-9239-252d6c0c8ad9/resourceGroups/QMI-infra-vnet/providers/Microsoft.Network/virtualNetworks/QMI-Automation-Vnet/subnets/QMI-Infrastructure"
-
-}
-
 module "fw-ips" {
    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
 }
@@ -33,23 +22,4 @@ resource "azurerm_postgresql_firewall_rule" "fw_rule" {
  start_ip_address    = each.value.0
  end_ip_address      = each.value.1

-}
-
-module "dummy-data" {
-
-  count = var.dummydata != null? 1 : 0
-
-  depends_on = [ 
-    azurerm_postgresql_firewall_rule.fw_rule, 
-    azurerm_postgresql_virtual_network_rule.vnetrule,
-    azurerm_postgresql_virtual_network_rule.vnetrule_qmiinfra 
-  ]
-  
-  source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/dummy"
-
-  type      = "postgres"
-  host      = azurerm_postgresql_server.postgresql-server.fqdn
-  username  = "${var.admin_login}@qmi-postgresql-${var.provision_id}"
-  password  = nonsensitive(random_password.password.result)
-  database  = "postgres"
 }
--- a/databases/azure-rds-postgres/main.tf
+++ b/databases/azure-rds-postgres/main.tf
@@ -1,7 +1,7 @@
 resource "random_password" "password" {
  length = 16
  special = true
-  override_special = "_)"
+  override_special = "_!@"
  upper = true
  lower = true
  min_numeric = 2
--- a/databases/azure-rds-postgres/output.tf
+++ b/databases/azure-rds-postgres/output.tf
@@ -13,7 +13,3 @@ output "root_username" {
 output "root_username_password" {
  value = nonsensitive(random_password.password.result)
 }
-
-output "dummy_data_databases_available" {
-  value = var.dummydata != null? module.dummy-data[0].dbs : null
-}
--- a/databases/azure-rds-postgres/variables.tf
+++ b/databases/azure-rds-postgres/variables.tf
@@ -21,7 +21,7 @@ variable "subnet_id" {
 variable "admin_login" {
  type = string
  description = "Login to authenticate to PostgreSQL Server"
-  default = "qmirdsuser"
+  default = "qmi"
 }

 variable "postgresql-version" {
@@ -42,12 +42,4 @@ variable "postgresql-storage" {

 variable "user_id" {

-}
-
-variable "dummydata" {
-  default = null
-}
-
-variable "envbranch" {
-  default = "master"
 }
--- a/databases/dbricks/main.tf
+++ b/databases/dbricks/main.tf
@@ -21,7 +21,39 @@ locals {
    "enableIpAccessLists" : true
  }
 }
-*/
+
+resource "databricks_ip_access_list" "allowed-list" {
+
+  label     = "allow_in"
+  list_type = "ALLOW"
+  ip_addresses = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32"
+  ]
+
+}*/


 data "databricks_group" "admins" {
--- a/databases/dummy/main.tf
+++ b/databases/dummy/main.tf
@@ -1,21 +0,0 @@
-resource "null_resource" "dummy-data" {
-    
-  provisioner "local-exec" {
-      command = "chmod +x ${path.module}/scripts/*.sh"
-      interpreter = ["/bin/bash", "-c"]
-  }
-
-  provisioner "local-exec" {
-      command = "${path.module}/scripts/dummy-${var.type}.sh \"$username\" \"$password\" \"$host\" \"$db\""
-      interpreter = ["/bin/bash", "-c"]
-
-      environment = {
-          
-          username  = var.username
-          password  = var.password
-          host      = var.host 
-          db        = var.database
-      }
-  }
-
-}
--- a/databases/dummy/outputs.tf
+++ b/databases/dummy/outputs.tf
@@ -1,3 +0,0 @@
-output "dbs" {
-  value       = var.type == "postgres"? "'AdventureWorks' and 'dvdrental'": (var.type == "mysql")? "'sakila', 'employees' and 'classicmodels'" : (var.type == "mssql")? "'BikeStores' and 'Northwind'" : null
-}
--- a/databases/dummy/scripts/dummy-mssql.sh
+++ b/databases/dummy/scripts/dummy-mssql.sh
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-
-IN="$3"
-arrIN=(${IN//:/ })
-host=`echo ${arrIN[0]}`
-
-echo "---- Load Dummy Data -----"
-echo "Username: $1"
-echo "Password: $2"
-echo "Host: $host"
-echo "DB: $4"
-echo "--------------------------"
-
-
-
-echo "---- Loading BikeStore sample database -----"
-cd /tmp
-curl https://gitlab.com/qmi/qmi-cloud-tf-modules/-/archive/master/qmi-cloud-tf-modules-master.zip?path=databases/dummy/scripts -o qmi-cloud-tf-modules-master-databases-dummy-scripts.zip
-
-unzip qmi-cloud-tf-modules-master-databases-dummy-scripts.zip
-cd qmi-cloud-tf-modules-master-databases-dummy-scripts/databases/dummy/scripts
-
-sqlcmd -C -S "$host" -U "$1" -P "$2" -Q "CREATE DATABASE BikeStores"
-sqlcmd -C -S "$host" -d "BikeStores" -U "$1" -P "$2" -i ./mssql/createbike.sql
-sqlcmd -C -S "$host" -d "BikeStores" -U "$1" -P "$2" -i ./mssql/Bikeloaddata.sql > /tmp/bikestore_load.logs
-
-echo "---- Loading Northwind sample database -----"
-cd /tmp
-curl https://raw.githubusercontent.com/microsoft/sql-server-samples/master/samples/databases/northwind-pubs/instnwnd.sql -o instnwnd.sql
-sqlcmd -C -S "$host" -U "$1" -P "$2" -Q "CREATE DATABASE Northwind"
-sqlcmd -C -S "$host" -d "Northwind" -U "$1" -P "$2" -i instnwnd.sql > /tmp/northwind_load.logs
-
-rm -fr /tmp/qmi-cloud-tf-modules-*
--- a/databases/dummy/scripts/dummy-mysql.sh
+++ b/databases/dummy/scripts/dummy-mysql.sh
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-IN="$3"
-arrIN=(${IN//:/ })
-host=`echo ${arrIN[0]}` 
-
-echo "---- Load Dummy Data -----"
-echo "Username: $1"
-echo "Password: $2"
-echo "Host: $host"
-echo "DB: $4" 
-echo "--------------------------"    
-
-
-cd /tmp
-git clone https://github.com/datacharmer/test_db.git
-cd test_db
-echo "-------- Loading Mysql Employees sample database -----------"  
-mysql -h $host -u$1 -p$2 --ssl=TRUE < employees.sql
-cd ..
-wget -q https://downloads.mysql.com/docs/sakila-db.tar.gz
-tar xvfz sakila-db.tar.gz
-cd sakila-db
-
-echo "-------- Loading Mysql Sakila sample database -----------"  
-
-mysql -h $host -u$1 -p$2 --ssl=TRUE < sakila-schema.sql 
-mysql -h $host -u$1 -p$2 --ssl=TRUE < sakila-data.sql 
-
-cd /tmp
-
-curl https://www.mysqltutorial.org/wp-content/uploads/2018/03/mysqlsampledatabase.zip -o mysqlsampledatabase.zip
-unzip mysqlsampledatabase.zip
-echo "-------- Loading Mysql ClassicModels sample database -----------"  
-
-mysql -h $host -u$1 -p$2 --ssl=TRUE < mysqlsampledatabase.sql
-
-
-rm -fr /tmp/*
-
--- a/databases/dummy/scripts/dummy-postgres.sh
+++ b/databases/dummy/scripts/dummy-postgres.sh
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-IN="$3"
-arrIN=(${IN//:/ })
-host=`echo ${arrIN[0]}` 
-
-echo "---- Load Dummy Data -----"
-echo "Username: $1"
-echo "Password: $2"
-echo "Host: $host"
-echo "DB: $4"
-echo "--------------------------"
-
-echo "---- Install Adventureworks for Postgres ----"
-cd /tmp
-wget -q https://github.com/lorint/AdventureWorks-for-Postgres/archive/master.zip
-unzip master.zip
-cd AdventureWorks-for-Postgres-master/
-wget -q https://github.com/microsoft/sql-server-samples/releases/download/adventureworks/AdventureWorks-oltp-install-script.zip
-unzip AdventureWorks-oltp-install-script.zip
-
-ruby update_csvs.rb
-
-export PGPASSWORD=$2
-
-psql -h $host -U $1 -d $4 -c "CREATE DATABASE \"AdventureWorks\";" 
-psql -h $host -U $1 -d "AdventureWorks" < ./install.sql > /tmp/AdventureWorks_load.log
-
-
-echo "---- Install DvdRental sample database for Postgres ----"
-cd /tmp
-curl https://gitlab.com/qmi/qmi-cloud-tf-modules/-/archive/master/qmi-cloud-tf-modules-master.zip?path=databases/dummy/scripts -o qmi-cloud-tf-modules-master-databases-dummy-scripts.zip
-unzip -o qmi-cloud-tf-modules-master-databases-dummy-scripts.zip
-cd qmi-cloud-tf-modules-master-databases-dummy-scripts/databases/dummy/scripts
-
-psql -h $host -U $1 -d $4 -c "CREATE DATABASE \"dvdrental\";" 
-psql -h $host -U $1 -d "dvdrental" < ./postgres/dump_dvdrental.sql > /tmp/dvdrental_load.log
-
-
-rm -fr /tmp/*
-
-
--- a/databases/dummy/scripts/mssql/Bikeloaddata.sql
+++ b/databases/dummy/scripts/mssql/Bikeloaddata.sql
--- a/databases/dummy/scripts/mssql/createbike.sql
+++ b/databases/dummy/scripts/mssql/createbike.sql
@@ -1,109 +0,0 @@
-/*
--------------------------------------------------------------------
-© 2017 sqlservertutorial.net All Rights Reserved
--------------------------------------------------------------------
-Name   : BikeStores
-Link   : http://www.sqlservertutorial.net/load-sample-database/
-Version: 1.0
--------------------------------------------------------------------
-*/
-- create schemas
-CREATE SCHEMA production;
-go
-
-CREATE SCHEMA sales;
-go
-
-- create tables
-CREATE TABLE production.categories (
-	category_id INT IDENTITY (1, 1) PRIMARY KEY,
-	category_name VARCHAR (255) NOT NULL
-);
-
-CREATE TABLE production.brands (
-	brand_id INT IDENTITY (1, 1) PRIMARY KEY,
-	brand_name VARCHAR (255) NOT NULL
-);
-
-CREATE TABLE production.products (
-	product_id INT IDENTITY (1, 1) PRIMARY KEY,
-	product_name VARCHAR (255) NOT NULL,
-	brand_id INT NOT NULL,
-	category_id INT NOT NULL,
-	model_year SMALLINT NOT NULL,
-	list_price DECIMAL (10, 2) NOT NULL,
-	FOREIGN KEY (category_id) REFERENCES production.categories (category_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (brand_id) REFERENCES production.brands (brand_id) ON DELETE CASCADE ON UPDATE CASCADE
-);
-
-CREATE TABLE sales.customers (
-	customer_id INT IDENTITY (1, 1) PRIMARY KEY,
-	first_name VARCHAR (255) NOT NULL,
-	last_name VARCHAR (255) NOT NULL,
-	phone VARCHAR (25),
-	email VARCHAR (255) NOT NULL,
-	street VARCHAR (255),
-	city VARCHAR (50),
-	state VARCHAR (25),
-	zip_code VARCHAR (5)
-);
-
-CREATE TABLE sales.stores (
-	store_id INT IDENTITY (1, 1) PRIMARY KEY,
-	store_name VARCHAR (255) NOT NULL,
-	phone VARCHAR (25),
-	email VARCHAR (255),
-	street VARCHAR (255),
-	city VARCHAR (255),
-	state VARCHAR (10),
-	zip_code VARCHAR (5)
-);
-
-CREATE TABLE sales.staffs (
-	staff_id INT IDENTITY (1, 1) PRIMARY KEY,
-	first_name VARCHAR (50) NOT NULL,
-	last_name VARCHAR (50) NOT NULL,
-	email VARCHAR (255) NOT NULL UNIQUE,
-	phone VARCHAR (25),
-	active tinyint NOT NULL,
-	store_id INT NOT NULL,
-	manager_id INT,
-	FOREIGN KEY (store_id) REFERENCES sales.stores (store_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (manager_id) REFERENCES sales.staffs (staff_id) ON DELETE NO ACTION ON UPDATE NO ACTION
-);
-
-CREATE TABLE sales.orders (
-	order_id INT IDENTITY (1, 1) PRIMARY KEY,
-	customer_id INT,
-	order_status tinyint NOT NULL,
-	-- Order status: 1 = Pending; 2 = Processing; 3 = Rejected; 4 = Completed
-	order_date DATE NOT NULL,
-	required_date DATE NOT NULL,
-	shipped_date DATE,
-	store_id INT NOT NULL,
-	staff_id INT NOT NULL,
-	FOREIGN KEY (customer_id) REFERENCES sales.customers (customer_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (store_id) REFERENCES sales.stores (store_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (staff_id) REFERENCES sales.staffs (staff_id) ON DELETE NO ACTION ON UPDATE NO ACTION
-);
-
-CREATE TABLE sales.order_items (
-	order_id INT,
-	item_id INT,
-	product_id INT NOT NULL,
-	quantity INT NOT NULL,
-	list_price DECIMAL (10, 2) NOT NULL,
-	discount DECIMAL (4, 2) NOT NULL DEFAULT 0,
-	PRIMARY KEY (order_id, item_id),
-	FOREIGN KEY (order_id) REFERENCES sales.orders (order_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (product_id) REFERENCES production.products (product_id) ON DELETE CASCADE ON UPDATE CASCADE
-);
-
-CREATE TABLE production.stocks (
-	store_id INT,
-	product_id INT,
-	quantity INT,
-	PRIMARY KEY (store_id, product_id),
-	FOREIGN KEY (store_id) REFERENCES sales.stores (store_id) ON DELETE CASCADE ON UPDATE CASCADE,
-	FOREIGN KEY (product_id) REFERENCES production.products (product_id) ON DELETE CASCADE ON UPDATE CASCADE
-);
--- a/databases/dummy/scripts/postgres/dump_dvdrental.sql
+++ b/databases/dummy/scripts/postgres/dump_dvdrental.sql
--- a/databases/dummy/variables.tf
+++ b/databases/dummy/variables.tf
@@ -1,15 +0,0 @@
-variable "host" { 
-}
-
-variable "username" {
-}
-
-variable "password" {
-}
-
-variable "database" {
-}
-
-variable "type" {
-    description = "mysql | postgres | mssql"
-}
--- a/databases/firewall_ips/output.tf
+++ b/databases/firewall_ips/output.tf
@@ -1,42 +1,23 @@
 locals {

  az = {
-      #az1          = ["52.249.189.38","52.249.189.38"] # OLD USA
-      #az2          = ["13.67.39.86", "13.67.39.86"]    # OLD APAC
-      #az3          = ["20.67.110.207", "20.67.110.207"] # OLD EUROPE
-      azeurope          = ["20.160.170.99", "20.160.170.99"] # NEW EUROPE
-      azusa          = ["20.169.241.157", "20.169.241.157"] # NEW USA
-      azapac          = ["52.163.112.12", "52.163.112.12"] # NEW APAC
+      az1          = ["52.249.189.38","52.249.189.38"]
+      az2          = ["13.67.39.86", "13.67.39.86"]
+      az3          = ["20.67.110.207", "20.67.110.207"]
  }

  q_routes = {
+    AMER_FULLVPN1   = ["144.121.57.103", "144.121.57.103"]
+    AMER_FULLVPN2   = ["50.239.179.6", "50.239.179.6"]
+    EMEA_FULLVPN   = ["193.15.228.246", "193.15.228.246"]
    ITG         = ["188.65.156.32", "188.65.156.47"]
    ITG1        = ["212.73.252.96", "212.73.252.103"]
-    USDC4       = ["155.204.23.130","155.204.23.130"]
    kfar_saba   = ["194.90.96.176", "194.90.96.183"]
    kfar_saba1  = ["213.57.84.160", "213.57.84.167"]
    peak_10     = ["4.4.97.104", "4.4.97.111"]
    peak_101    = ["206.196.17.32", "206.196.17.63"]
    Bangalore   = ["14.98.59.168", "14.98.59.175"]
    Bangalore1  = ["182.74.33.8", "182.74.33.15"]
-    T_Beijing   = ["60.247.114.145","60.247.114.158"]
-    T_Nantes    = ["81.255.115.33","81.255.115.38"]
-    T_PA7_1     = ["217.117.156.85","217.117.156.86"]
-    T_PA7_2     = ["217.117.156.141","217.117.156.142"]
-    T_PA7_3     = ["217.117.156.161","217.117.156.190"]
-    T_Sanmateo  = ["12.202.47.153","12.202.47.158"]
-    T_Suresnes  = ["62.23.50.121","62.23.50.126"]
-    T_SV2_1     = ["4.31.193.69","4.31.193.70"]
-    T_SV2_2     = ["4.79.217.1","4.79.217.126"]
-    T_SV2_3     = ["149.97.160.217","149.97.160.218"]
-    T_SV2_4     = ["149.97.160.221","149.97.160.222"]
-    T_SV2_5     = ["149.97.185.1","149.97.185.30"]
-  }
-
-  fullvpn = {
-    AMER_FULLVPN1   = ["144.121.57.103", "144.121.57.103"]
-    AMER_FULLVPN2   = ["50.239.179.6", "50.239.179.6"]
-    EMEA_FULLVPN    = ["193.15.228.246", "193.15.228.246"]
  }

  qcs = {
@@ -46,25 +27,12 @@ locals {
      QCS_eu1          = ["34.247.21.179", "34.247.21.179"]  
      QCS_eu2          = ["52.31.212.214", "52.31.212.214"]  
      QCS_eu3          = ["54.154.95.18", "54.154.95.18"]  
-      QCS_ap1          = ["13.210.43.241", "13.210.43.241"] 
-      QCS_ap2          = ["13.236.104.42", "13.236.104.42"]  
-      QCS_ap3          = ["13.236.206.172", "13.236.206.172"] 
-      QCS_sg1          = ["18.138.163.172", "18.138.163.172"]
-      QCS_sg2          = ["18.142.157.182", "18.142.157.182"]
-      QCS_sg3          = ["54.179.13.251", "54.179.13.251"]
-      QCS_de1          = ["3.76.162.169", "3.76.162.169"]
-      QCS_de2          = ["3.77.162.68", "3.77.162.68"]
-      QCS_de3          = ["3.122.137.91", "3.122.137.91"]
-      QCS_uk1          = ["13.42.141.246", "13.42.141.246"]
-      QCS_uk2          = ["18.135.245.97", "18.135.245.97"]
-      QCS_uk3          = ["35.179.0.171", "35.179.0.171"]
-      QCS_jp1          = ["54.238.168.131", "54.238.168.131"]
-      QCS_jp2          = ["3.113.68.20", "3.113.68.20"]
-      QCS_jp3          = ["35.73.207.58", "35.73.207.58"]
-      QCS_in1          = ["52.66.18.8", "52.66.18.8"]
-      QCS_in2          = ["13.201.250.59", "13.201.250.59"]
-      QCS_in3          = ["15.207.252.34", "15.207.252.34"]
-
+      QCS_apac1        = ["13.210.43.241", "13.210.43.241"] 
+      QCS_apac2        = ["13.236.104.42", "13.236.104.42"]  
+      QCS_apac3        = ["13.236.206.172", "13.236.206.172"] 
+      QCS_sing1        = ["18.138.163.172", "18.138.163.172"]
+      QCS_sing2        = ["18.142.157.182", "18.142.157.182"]
+      QCS_sing3        = ["54.179.13.251", "54.179.13.251"]
  }

  qcs_qaa = {
@@ -74,51 +42,23 @@ locals {
      QCS_QAA_us1     = ["18.235.133.252", "18.235.133.252"]
      QCS_QAA_us2     = ["3.217.244.242", "3.217.244.242"]
      QCS_QAA_us3     = ["18.214.8.201", "18.214.8.201"]
-      QCS_QAA_ap1     = ["54.206.158.27", "54.206.158.27"]
-      QCS_QAA_ap2     = ["3.104.137.20", "3.104.137.20"]
-      QCS_QAA_ap3     = ["3.24.52.178", "3.24.52.178"]
-      QCS_QAA_sg1     = ["54.169.84.213", "54.169.84.213"]
-      QCS_QAA_sg2     = ["13.213.173.37", "13.213.173.37"]
-      QCS_QAA_sg3     = ["13.213.113.162", "13.213.113.162"]
-      QCS_QAA_de1     = ["3.69.132.138", "3.69.132.138"]
-      QCS_QAA_de2     = ["3.69.222.86", "3.69.222.86"]
-      QCS_QAA_de3     = ["3.72.136.160", "3.72.136.160"]
-      QCS_QAA_uk1     = ["18.168.120.199", "18.168.120.199"]
-      QCS_QAA_uk2     = ["18.169.91.38", "18.169.91.38"]
-      QCS_QAA_uk3     = ["13.42.135.168", "13.42.135.168"]
-      QCS_QAA_jp1     = ["35.77.238.13", "35.77.238.13"]
-      QCS_QAA_jp2     = ["13.115.58.233", "13.115.58.233"]
-      QCS_QAA_jp3     = ["35.74.220.230", "35.74.220.230"]
-      QCS_QAA_in1     = ["3.109.34.226", "3.109.34.226"]
-      QCS_QAA_in2     = ["15.206.64.196", "15.206.64.196"]
-      QCS_QAA_in3     = ["3.6.11.209", "3.6.11.209"]
-    
-  }
-
-  stitch = {
-      STITCH_1 = ["52.23.137.21", "52.23.137.21"]
-      STITCH_2 = ["52.204.223.208", "52.204.223.208"]
-      STITCH_3 = ["52.204.228.32", "52.204.228.32"]
-      STITCH_4 = ["52.204.230.227", "52.204.230.227"]
-      STITCH_5 = ["3.126.102.29", "3.126.102.29"]
-      STITCH_6 = ["18.158.16.164", "18.158.16.164"]
-      STITCH_7 = ["18.158.251.55", "18.158.251.55"]
-      STITCH_8 = ["52.57.235.168", "52.57.235.168"]
+      QCS_QAA_apac1     = ["54.206.158.27", "54.206.158.27"]
+      QCS_QAA_apac2     = ["3.104.137.20", "3.104.137.20"]
+      QCS_QAA_apac3     = ["3.24.52.178", "3.24.52.178"]
+      QCS_QAA_sing1     = ["54.169.84.213", "54.169.84.213"]
+      QCS_QAA_sing2     = ["13.213.173.37", "13.213.173.37"]
+      QCS_QAA_sing3     = ["13.213.113.162", "13.213.113.162"]
  }

 
 }

 output "ips2" {
-  value = merge(local.q_routes, local.fullvpn, local.qcs, local.stitch)
+  value = merge(local.q_routes, local.qcs)
 }

 output "ips" {
-  value = merge(local.az, local.qcs, local.qcs_qaa, local.q_routes, local.fullvpn, local.stitch)
-}
-
-output "ips_az_qcs" {
-  value = merge(local.az, local.qcs, local.fullvpn, local.stitch)
+  value = merge(local.az, local.qcs, local.qcs_qaa, local.q_routes)
 }

 output "cidr_blocks" {
@@ -128,14 +68,10 @@ output "cidr_blocks" {
    "193.15.228.246/32",
    "50.239.179.6/32",
    # Azure QMI machines
-    #"52.249.189.38/32", # OLD USA
-    #"13.67.39.86/32",   # OLD APAC
-    #"20.67.110.207/32", # OLD EUROPE
-    "20.160.170.99/32", # NEW EUROPE
-    "20.169.241.157/32", # NEW USA
-    "52.163.112.12/32", # NEW APAC
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
    # Qlik network routers
-    "155.204.23.130/32",
    "14.98.59.168/29", 
    "182.74.33.8/29", 
    "188.65.156.32/28", 
@@ -144,97 +80,32 @@ output "cidr_blocks" {
    "213.57.84.160/29", 
    "4.4.97.104/29", 
    "206.196.17.32/27", 
-    # T Beijing
-    "60.247.114.144/28",
-    # T Nantes
-    "81.255.115.32/29",
-    "84.14.92.152/29",
-    # T PA7
-    "217.117.156.84/30",
-    "217.117.156.140/30",
-    "217.117.156.160/27",
-    # T San Mateo
-    "12.202.47.152/29",
-    # T Suresnes
-    "62.23.50.120/29",
-    # T SV2
-    "4.31.193.68/30",
-    "4.79.217.0/25",
-    "149.97.160.216/30",
-    "149.97.160.220/30",
-    "149.97.185.0/27",
-    # QCS Amercias (us)
+    # QCS
    "18.205.71.36/32", 
    "18.232.32.199/32", 
-    "34.237.68.254/32",
-    # QCS Ireland (eu) 
+    "34.237.68.254/32", 
    "34.247.21.179/32", 
    "52.31.212.214/32", 
-    "54.154.95.18/32",
-    # QCS Australia (ap)  
+    "54.154.95.18/32", 
    "13.210.43.241/32", 
    "13.236.104.42/32", 
    "13.236.206.172/32",
-    # QCS Singapore (sg)
    "18.138.163.172/32",
    "18.142.157.182/32",
    "54.179.13.251/32",
-    # QCS Frankfurt (de)
-    "3.76.162.169/32",
-    "3.77.162.68/32",
-    "3.122.137.91/32",
-    # QCS Sweden (se)
-    "13.51.129.105/32",
-    "16.170.33.251/32",
-    "16.170.27.83/32",
-    # QCS Japan (jp)
-    "54.238.168.131/32",
-    "3.113.68.20/32",
-    "35.73.207.58/32",
-    # QCS India (in)
-    "52.66.18.8/32", 
-    "13.201.250.59/32",
-    "15.207.252.34/32",
-    # QCS London (uk)
-    "13.42.141.246/32",
-    "18.135.245.97/32",
-    "35.179.0.171/32",
-    # QCS-QAA Ireland (eu)
+    # QCS-QAA
    "54.216.156.88/32",
    "3.248.156.131/32",
    "52.213.44.55/32",
-    # QCS-QAA Americas (us)
    "18.235.133.252/32",
    "3.217.244.242/32",
    "18.214.8.201/32",
-    # QCS-QAA Australia (ap)
    "54.206.158.27/32",
    "3.104.137.20/32",
    "3.24.52.178/32",
-    # QCS-QAA Singapore (sg)
    "54.169.84.213/32",
    "13.213.173.37/32",
    "13.213.113.162/32",
-    # QCS-QAA Frankfurt (de)
-    "3.69.132.138/32",
-    "3.69.222.86/32",
-    "3.72.136.160/32",
-    # QCS-QAA London (uk)
-    "18.168.120.199/32",
-    "18.169.91.38/32",
-    "13.42.135.168/32",
-    # QCS-QAA Japan (jp)
-    "35.77.238.13/32",
-    "13.115.58.233/32",
-    "35.74.220.230/32",
-    # QCS-QAA India (in)
-    "3.109.34.226/32",
-    "15.206.64.196/32",
-    "3.6.11.209/32",
-    # QCS-QAA Sweden (se)
-    "13.53.211.145/32",
-    "13.50.63.235/32",
-    "13.60.101.12/32",
    # QCS STAGING
    "18.233.22.130/32",
    "18.205.135.40/32",
@@ -242,22 +113,6 @@ output "cidr_blocks" {
    "18.155.181.46/32",
    "18.155.181.25/32",
    "18.155.181.128/32",
-    "18.155.181.76/32",
-    "52.16.133.167/32",
-    "34.248.105.199/32", # europe
-  ]
-}
-
-output "cidr_blocks_others" {
-  value = [
-    # Stitch
-    "52.23.137.21/32",
-    "52.204.223.208/32",
-    "52.204.228.32/32",
-    "52.204.230.227/32",
-    "3.126.102.29/32",
-    "18.158.16.164/32",
-    "18.158.251.55/32",
-    "52.57.235.168/32",
+    "18.155.181.76/32"
  ]
 }
--- a/databases/synapse-ws/firewall.tf
+++ b/databases/synapse-ws/firewall.tf
@@ -6,18 +6,16 @@ resource "azurerm_synapse_firewall_rule" "azureservices" {
  end_ip_address       = "0.0.0.0"
 }

-/*
-# OLD USA
+
 resource "azurerm_synapse_firewall_rule" "fw-a-rule1" {

-  name                = "az1" 
+  name                = "az1"
  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
  start_ip_address    = "52.249.189.38"
  end_ip_address      = "52.249.189.38"

 }

-# OLD APAC
 resource "azurerm_synapse_firewall_rule" "fw-a-rule2" {

  name                = "az2"
@@ -27,7 +25,6 @@ resource "azurerm_synapse_firewall_rule" "fw-a-rule2" {

 }

-# OLD EUROPE
 resource "azurerm_synapse_firewall_rule" "fw-a-rule3" {

  name                = "az3"
@@ -35,35 +32,6 @@ resource "azurerm_synapse_firewall_rule" "fw-a-rule3" {
  start_ip_address    = "20.67.110.207"
  end_ip_address      = "20.67.110.207"

-}
-*/
-
-# NEW EUROPE
-resource "azurerm_synapse_firewall_rule" "fw-a-rule1" {
-
-  name                = "azeurope"
-  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
-  start_ip_address    = "20.160.170.99"
-  end_ip_address      = "20.160.170.99"
-
-}
-
-# NEW USA
-resource "azurerm_synapse_firewall_rule" "fw-a-rule2" {
-  name                = "azusa"
-  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
-  start_ip_address    = "20.169.241.157"
-  end_ip_address      = "20.169.241.157"
-
-}
-
-# NEW USA
-resource "azurerm_synapse_firewall_rule" "fw-a-rule3" {
-  name                = "azapac"
-  synapse_workspace_id = azurerm_synapse_workspace.synapsews.id
-  start_ip_address    = "52.163.112.12"
-  end_ip_address      = "52.163.112.12"
-
 }

 module "fw-ips" {
--- a/databases/synapse-ws/main.tf
+++ b/databases/synapse-ws/main.tf
@@ -44,7 +44,6 @@ resource "azurerm_synapse_workspace" "synapsews" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id != null? var.user_id : null
-    Owner    = var.user_id != null? var.user_id : null
    ADAAutomation = "SQLDWSuspend"
  }

@@ -61,7 +60,6 @@ resource "azurerm_synapse_sql_pool" "db" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id != null? var.user_id : null
-    Owner = var.user_id != null? var.user_id : null
    ADAAutomation = "SQLDWSuspend"
  }

--- a/linux-common/centos/common/extract-certs.sh
+++ b/linux-common/centos/common/extract-certs.sh
@@ -1,6 +1,5 @@
 #!/bin/bash

-echo "--- Executing: $0 $@"

 BASEDIR=$(dirname "$0")

--- a/linux-common/centos/common/falcon.sh
+++ b/linux-common/centos/common/falcon.sh
@@ -16,7 +16,7 @@ echo "CID=$1"
 wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$binary -O $BASEDIR/$binary

 if ! rpm -qa | grep -qw falcon-sensor; then
-    sudo dnf -y --quiet install $BASEDIR/$binary
+    sudo yum -y --quiet install $BASEDIR/$binary
 fi
 sudo /opt/CrowdStrike/falconctl -s -f --cid=$1
 sudo systemctl start falcon-sensor 
--- a/linux-common/centos/common/resizedisk.sh
+++ b/linux-common/centos/common/resizedisk.sh
@@ -2,7 +2,6 @@

 echo "--- Executing: $0 $@"

-<<<<<<< HEAD
 echo "Resizing main partition to max available disk"
 (
 echo u # Change the units to sectors
@@ -19,34 +18,6 @@ echo w # Write changes

 sudo partprobe
 sudo xfs_growfs -d /
-=======
-if  grep -Pq '/dev/(mapper/|disk/by-id/dm)' /etc/fstab  ||  mount | grep -q /dev/mapper/
-then
-    echo "LVM is in use (Oracle Linux)"
-    #work out what disk we need.  About 1 in 5 times we get sdb instead on sda
-    rootdisk=$(df --type=xfs|grep \/dev\/sd | sed -e's/[0-9].*//')
-    sudo gdisk -l $rootdisk
-    sudo growpart $rootdisk 2
-    sudo pvresize $rootdisk"2"
-    sudo lvextend -l +49%FREE /dev/rootvg/rootlv
-    sudo lvextend -l +100%FREE /dev/mapper/rootvg-crashlv
-    sudo xfs_growfs /dev/rootvg/rootlv
-    sudo xfs_growfs /dev/mapper/rootvg-crashlv
-else
-    echo "LVM not in use.  Resizing main partition to max available disk"
-    (
-    echo u # Change the units to sectors
-    echo p # List the partitions details
-    echo d # Delete  partition
-    echo 2 # Partition number
-    echo n # Add a new partition
-    echo p # Primary partition
-    echo 2 # Partition number
-    echo   # First sector (Accept default)
-    echo   # Last sector (Accept default: varies)
-    echo w # Write changes
-    ) | sudo fdisk /dev/sda
->>>>>>> master

 echo "Done resize!"
 echo ""
--- a/linux-common/centos/common/save-cert.sh
+++ b/linux-common/centos/common/save-cert.sh
@@ -1,7 +1,5 @@
 #!/bin/bash

-echo "--- Executing: $0 $@"
-
 BASEDIR=$(dirname "$0")

 echo $1 > $BASEDIR/qmicerts/myserver.crt
--- a/linux-common/centos/common/tenable.sh
+++ b/linux-common/centos/common/tenable.sh
@@ -9,18 +9,13 @@ echo "KEY=$KEY"

 cVer=`rpm -E %{rhel}`

-FILE="NessusAgent-10.8.2-el$cVer.x86_64.rpm"
+FILE="NessusAgent-10.2.1-es$cVer.x86_64.rpm"

 echo "--- Installing Tenable Nessus Agent --> $FILE"

 wget --quiet https://d7ipctdjxxii4.cloudfront.net/others/$FILE -O $BASEDIR/$FILE

-
-sudo yum-config-manager --disable mysql80-community > /dev/null 2>&1
-sudo yum-config-manager --disable mysql-connectors-community > /dev/null 2>&1
-sudo yum-config-manager --disable mysql-tools-community > /dev/null 2>&1
-
-sudo dnf -y --quiet install $BASEDIR/$FILE -y
+sudo /bin/yum -y --quiet install $BASEDIR/$FILE -y

 echo "--- Linking Tenable Nessus Agent..."
 sudo /bin/systemctl start nessusagent.service
--- a/linux-common/centos/common/update.sh
+++ b/linux-common/centos/common/update.sh
@@ -1,15 +1,2 @@
-#!/bin/bash
-
-
-cVer=`rpm -E %{rhel}`
-if [ -z "$cVer" ]; then
-    echo "Error: Unable to determine CentOS version."
-    exit 0
-fi
-if [ "$cVer" -gt 7 ]; then
-    echo "--- Executing: $0 $@"
-
-    echo 'Updating OS. This will take a around 10 minutes'
-
-    dnf -y --quiet update
-fi
+echo 'Updating OS. This will take a around 10 minutes'
+yum -y --quiet update
--- a/linux-common/main.tf
+++ b/linux-common/main.tf
@@ -34,7 +34,7 @@ resource "null_resource" "files" {
            host     = var.private_ip_address
            user     = var.admin_username
            password = var.admin_password
-            timeout  = "10m"
+            timeout  = "60s"
            #private_key = "${file("~/.ssh/id_rsa")}"   
        }
        source      = "${path.module}/${var.os_type}/common"
@@ -54,13 +54,14 @@ resource "null_resource" "post-linux-vm" {
            host     = var.private_ip_address
            user     = var.admin_username
            password = var.admin_password
-            timeout  = "3m"
+            timeout  = "60s"
            #private_key = "${file("~/.ssh/id_rsa")}"
        }

        inline = [
            "echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
            "sudo /home/${var.admin_username}/common/falcon.sh '${local.falcon_id}'",
+            "sudo /home/${var.admin_username}/common/resizedisk.sh",
            "sudo /home/${var.admin_username}/common/tenable.sh '${local.tenable_key}'",
            "sudo /home/${var.admin_username}/common/extract-certs.sh '${local.cert_password}'",
            #"sudo /home/${var.admin_username}/common/save-cert.sh '${local.cert_pem}' '${local.cert_key}'",
@@ -83,7 +84,7 @@ resource "null_resource" "update" {
            host     = var.private_ip_address
            user     = var.admin_username
            password = var.admin_password
-            timeout  = "3m"
+            timeout  = "60s"
            #private_key = "${file("~/.ssh/id_rsa")}"
        }

@@ -94,29 +95,3 @@ resource "null_resource" "update" {
  }
 }

-resource "null_resource" "resize" {
-
-  count = var.resize? 1 : 0
-
-  depends_on = [
-      null_resource.files,
-      null_resource.update
-  ]
-
-  provisioner "remote-exec" {
-        connection {
-            type     = "ssh"
-            host     = var.private_ip_address
-            user     = var.admin_username
-            password = var.admin_password
-            timeout  = "3m"
-            #private_key = "${file("~/.ssh/id_rsa")}"
-        }
-
-        inline = [
-            "echo ${var.admin_password} | sudo -S chmod u+x /home/${var.admin_username}/common/*.sh",
-            "sudo /home/${var.admin_username}/common/resizedisk.sh",
-        ]
-  }
-}
-
--- a/linux-common/ubuntu/common/extract-certs.sh
+++ b/linux-common/ubuntu/common/extract-certs.sh
@@ -1,6 +1,5 @@
 #!/bin/bash

-echo "--- Executing: $0 $@"

 BASEDIR=$(dirname "$0")

--- a/linux-common/ubuntu/common/tenable.sh
+++ b/linux-common/ubuntu/common/tenable.sh
@@ -7,7 +7,7 @@ BASEDIR=$(dirname "$0")
 KEY=$1
 echo "KEY=$KEY"

-FILE="NessusAgent-10.8.2-ubuntu1604_amd64.deb"
+FILE="NessusAgent-10.2.1-ubuntu1404_amd64.deb"

 echo "--- Installing Tenable Nessus Agent --> $FILE"

--- a/linux-common/ubuntu/common/update.sh
+++ b/linux-common/ubuntu/common/update.sh
@@ -1,7 +1,3 @@
-#!/bin/bash
-
-echo "--- Executing: $0 $@"
-
 echo 'Updating OS. This will take a around 10 minutes'
 apt -qq -y update
 apt --fix-broken -qq -y upgrade
--- a/linux-common/variables.tf
+++ b/linux-common/variables.tf
@@ -21,8 +21,3 @@ variable "update" {
  default = true
 }

-variable "resize" {
-  type = bool
-  default = true
-}
-
--- a/qmi-nic/mainf.tf
+++ b/qmi-nic/mainf.tf
@@ -98,7 +98,6 @@ resource "azurerm_network_interface" "nic" {
    Deployment = "QMI PoC"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
  }
 }

--- a/qmi-storage-account/main.tf
+++ b/qmi-storage-account/main.tf
@@ -11,16 +11,12 @@ resource "azurerm_storage_account" "qmi-storage-account" {
    name                = "diag${random_id.randomId.hex}"
    resource_group_name = var.resource_group_name
    location            = var.location
-    
-    account_kind              = "StorageV2"
-    account_replication_type  = "LRS"
-    account_tier              = "Standard"
-    access_tier               = "Hot"
+    account_replication_type = "LRS"
+    account_tier = "Standard"

    tags = {
        Deployment = "QMI PoC"
        "Cost Center" = "3100"
        QMI_user = var.user_id
-        Owner    = var.user_id
    }
 }
--- a/qmicerts/.DS_Store
+++ b/qmicerts/.DS_Store
--- a/qmicerts/wildcard_qmi_qlik-poc_com.pem
+++ b/qmicerts/wildcard_qmi_qlik-poc_com.pem
@@ -1,89 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIG4TCCBcmgAwIBAgIQAxAE3FY3y74JI7dXp7IdNjANBgkqhkiG9w0BAQsFADBZ
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
-aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjUw
-NDA3MDAwMDAwWhcNMjYwNDA3MjM1OTU5WjBdMQswCQYDVQQGEwJTRTENMAsGA1UE
-BxMETHVuZDEiMCAGA1UEChMZUWxpa1RlY2ggSW50ZXJuYXRpb25hbCBBQjEbMBkG
-A1UEAwwSKi5xbWkucWxpay1wb2MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAoZ8Fts4HoStfVxezUqPBPtZz9CMLHRFDd1OILtM7Fn23L13Ks+a9
-uL6wnvp1anV4z4Hx5pAEo2u5/nquLcX+raU5I7AnoOdKcyeI8pJYtTjKPqQbMX1t
-Ngbzk8Y0440sAG2FtXkqH1XLL79e/YYZ5s2QK4ueJn7Xwp1Avo1pgy9/SU+1fTHa
-Udlj7mxCyVymoOucoikqRHsV5VkTzgwnL3MAvOO6G7XMWVOpRZI++yJvEjkq/B9b
-SCVH2lp4mbYdKAtovusM217sVT8Gm7ap/AWuYvJcdqIKCsNvSqu3ZyJr1xUpf3O/
-toGzH9hHiOGsdpzSInbxVNW7Z+i4FW6rKQIDAQABo4IDnzCCA5swHwYDVR0jBBgw
-FoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFCy+ODAFw4YErvNnnnW6
-+X1Jo0CGMC8GA1UdEQQoMCaCEioucW1pLnFsaWstcG9jLmNvbYIQcW1pLnFsaWst
-cG9jLmNvbTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRw
-Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRw
-Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1
-NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9E
-aWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYB
-BQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
-UQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
-dEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAA
-MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQCWl2S/VViXrfdDh2g3CEJ36fA6
-1fak8zZuRqQ/D8qpxgAAAZYQZtz0AAAEAwBGMEQCIA9bkdnKRWyHdJKovDloGgVC
-PEayqXugtDH9ElCPjxz9AiAsK5eEF6LhU7NgxJ+kl/7VCObUOSx2BLX2KfkxBdId
-qgB2AGQRxGykEuyniRyiAi4AvKtPKAfUHjUnq+r+1QPJfc3wAAABlhBm3P0AAAQD
-AEcwRQIhAPpECY9PYjhxBITyYjFNl6gUd/94CBRd70bSqajIDEh8AiBcuBXsgM4n
-eW4OknJ/6Vp5cOstxg5+WTdbjZt3o5W4/AB2AEmcm2neHXzs/DbezYdkprhbrwqH
-gBnRVVL76esp3fjDAAABlhBm3QgAAAQDAEcwRQIgMxJ/w1C7eItarCkVKjYSs7jE
-6TVUfBohNMYsYceha5ICIQCNZGVKxi/sQuciyqyhG6AuSd8JbmSX80o+feNhSaRu
-GzANBgkqhkiG9w0BAQsFAAOCAQEAd4Os9L/h/mDXrElwbPBxY+ILysk2T4hzRrye
-yYvdGlmqB+I84bac5+eDA6HvmQX1rjNEzdybQuzdjLoUIvZN1dYeoUf66+tW+xhR
-mCZ6DWU1QOKabJlwwyxIA8wmfE9YpTxMt1SCHfRtFBazyir2nL7wAWGWiMPLc8ZX
-H5N2uJrt+jH4cLN+MnLWgvY5CsC2g3IimKfqRNLrs3L1ug2vIgzQVbfBm+5OkoCx
-JVZJ8WqoF9oPd8Kl0xWQwocjwzhhYtJ6MffmrkyFs7098OXgpYZMFnoveA/85F+b
-bQ74NzbCsXXuevhszg7tgtPyGEE4VpOA4ileC4sr0BVNgJcA9g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIEyDCCA7CgAwIBAgIQDPW9BitWAvR6uFAsI8zwZjANBgkqhkiG9w0BAQsFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
-MjAeFw0yMTAzMzAwMDAwMDBaFw0zMTAzMjkyMzU5NTlaMFkxCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxMzAxBgNVBAMTKkRpZ2lDZXJ0IEdsb2Jh
-bCBHMiBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMz3EGJPprtjb+2QUlbFbSd7ehJWivH0+dbn4Y+9lavyYEEV
-cNsSAPonCrVXOFt9slGTcZUOakGUWzUb+nv6u8W+JDD+Vu/E832X4xT1FE3LpxDy
-FuqrIvAxIhFhaZAmunjZlx/jfWardUSVc8is/+9dCopZQ+GssjoP80j812s3wWPc
-3kbW20X+fSP9kOhRBx5Ro1/tSUZUfyyIxfQTnJcVPAPooTncaQwywa8WV0yUR0J8
-osicfebUTVSvQpmowQTCd5zWSOTOEeAqgJnwQ3DPP3Zr0UxJqyRewg2C/Uaoq2yT
-zGJSQnWS+Jr6Xl6ysGHlHx+5fwmY6D36g39HaaECAwEAAaOCAYIwggF+MBIGA1Ud
-EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFHSFgMBmx9833s+9KTeqAx2+7c0XMB8G
-A1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAd
-BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQG
-CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKG
-NGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RH
-Mi5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29t
-L0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG/WwC
-ATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG
-9w0BAQsFAAOCAQEAkPFwyyiXaZd8dP3A+iZ7U6utzWX9upwGnIrXWkOH7U1MVl+t
-wcW1BSAuWdH/SvWgKtiwla3JLko716f2b4gp/DA/JIS7w7d7kwcsr4drdjPtAFVS
-slme5LnQ89/nD/7d+MS5EHKBCQRfz5eeLjJ1js+aWNJXMX43AYGyZm0pGrFmCW3R
-bpD0ufovARTFXFZkAdl9h6g4U5+LXUZtXMYnhIHUfoyMo5tS58aI7Dd8KvvwVVo4
-chDYABPPTHPbqjc1qCmBaZx2vN4Ye5DUys/vZwP9BFohFrH/6j/f3IL16/RZkiMN
-JCqVJUzKoZHm1Lesh3Sz8W2jmdv51b2EQJ8HmA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
-MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
-b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
-2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
-1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
-q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
-tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
-vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
-5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
-1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
-NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
-Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
-8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
-pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
-MrY=
-----END CERTIFICATE-----
--- a/replicate-install/scripts/Replicate_install.iss
+++ b/replicate-install/scripts/Replicate_install.iss
@@ -1,29 +1,29 @@
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-DlgOrder]
-Dlg0={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0
-Count=7
-Dlg1={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicenseAgreement-0
-Dlg2={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0
-Dlg3={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1
-Dlg4={9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0
-Dlg5={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0
-Dlg6={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicenseAgreement-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0]
-szDir=C:\Program Files\Attunity\Replicate\
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1]
-szDir=C:\Program Files\Attunity\Replicate\data
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0]
-Result=1
-Sel-0=1
-Sel-1=0
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0]
-Result=1
-bOpt1=0
-bOpt2=0
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-DlgOrder]
+Dlg0={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0
+Count=7
+Dlg1={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicense2Rtf-0
+Dlg2={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0
+Dlg3={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1
+Dlg4={9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0
+Dlg5={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0
+Dlg6={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0]
+Result=1
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicense2Rtf-0]
+Result=1
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0]
+szDir=C:\Program Files\Attunity\Replicate\
+Result=1
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1]
+szDir=C:\Program Files\Attunity\Replicate\data
+Result=1
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0]
+Result=1
+Sel-0=1
+Sel-1=0
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0]
+Result=1
+[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0]
+Result=1
+bOpt1=0
+bOpt2=0
--- a/replicate-install/scripts/Replicate_install_2022.11.0.208.iss
+++ b/replicate-install/scripts/Replicate_install_2022.11.0.208.iss
@@ -1,29 +0,0 @@
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-DlgOrder]
-Dlg0={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0
-Count=7
-Dlg1={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicense2Rtf-0
-Dlg2={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0
-Dlg3={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1
-Dlg4={9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0
-Dlg5={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0
-Dlg6={9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdWelcome-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdLicense2Rtf-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-0]
-szDir=C:\Program Files\Attunity\Replicate\
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdAskDestPath-1]
-szDir=C:\Program Files\Attunity\Replicate\data
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-AskOptions-0]
-Result=1
-Sel-0=1
-Sel-1=0
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdStartCopy-0]
-Result=1
-[{9C614355-28A0-4C2A-98DF-DB9FD674826F}-SdFinish-0]
-Result=1
-bOpt1=0
-bOpt2=0
--- a/replicate-install/scripts/di-replicate-installQMICertificate.ps1
+++ b/replicate-install/scripts/di-replicate-installQMICertificate.ps1
@@ -21,7 +21,7 @@ try {
    Write-Host "Set SSL qmi_qlik-poc_com for Replicate"

    Stop-Service AttunityReplicateConsole
-    if ( $url -Match "2022.11" -or $url -Match "2023.5" ) {  
+    if ( $url -Match "2022.11" ) {  
        Stop-Service QlikReplicateServer
    } else {
        Stop-Service AttunityReplicateServer
@@ -32,7 +32,7 @@ try {
    netsh http add sslcert ipport=0.0.0.0:443 certhash=$thumb appid='{4dc3e181-e14b-4a21-b022-59fc669b0914}'

    Start-Service AttunityReplicateConsole 
-    if ( $url -Match "2022.11" -or $url -Match "2023.5" ) {  
+    if ( $url -Match "2022.11" ) {  
        Start-Service QlikReplicateServer
    } else {
        Start-Service AttunityReplicateServer
--- a/replicate-install/scripts/replicate_license.txt
+++ b/replicate-install/scripts/replicate_license.txt
@@ -1,17 +1,17 @@
 #
 # Qlik  License
-# Generated on 18-Dec-2024 20:31:17.8585+02:00 
-# License Comment: 
+# Generated on 15-Dec-2022 19:01:15.1383+02:00 
+# License Comment: Qlik internal use only 
 #
 license_type=EVALUATION_LICENSE
-licensed_to=Qlik Internal
+licensed_to=Attunity Americas
 licensed_by=Attunity US
-serial_no=60040755
-expiration_date=2025-12-31
+serial_no=60031826
+expiration_date=2023-12-31
 hosts=
 source_types=
 target_types=
 features=
-version=2024.11
-issue_date=2024-12-18
-checksum=839RC-2FK3R-3CC7C-CK26H
+version=2022.11
+issue_date=2022-12-15
+checksum=F4CK8-H36JR-8H58Q-833KH
--- a/s3-bucket-sftp-public/main.tf
+++ b/s3-bucket-sftp-public/main.tf
@@ -6,7 +6,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 6.0.0"
+      version = "= 3.74.1"
    }
  }
 }
@@ -63,26 +63,28 @@ resource "aws_secretsmanager_secret_version" "private_key" {
 }


-resource "aws_s3_bucket" "s3_bucket" {
+module "s3_bucket" {
+  source = "terraform-aws-modules/s3-bucket/aws"
+
+  version = "~> 2.1.0"
+
  bucket = "sftp-${var.provision_id}"
+  acl    = "private"
+
+  versioning = {
+    enabled = false
+  }
+
+  force_destroy = true

  tags = local.tags

-  force_destroy = true
 }

-resource "aws_s3_bucket_versioning" "versioning" {
-  bucket = aws_s3_bucket.s3_bucket.id
-  versioning_configuration {
-    status = "Enabled"
-  }
-}
-
-
 ###

 resource "aws_s3_bucket_public_access_block" "sftp-block" {
-  bucket = aws_s3_bucket.s3_bucket.id
+  bucket = module.s3_bucket.s3_bucket_id

  block_public_acls       = true
  block_public_policy     = true
@@ -186,22 +188,9 @@ resource "aws_iam_role_policy" "user" {
      ],
      "Effect": "Allow",
      "Resource": [
-       "${join("", ["arn:aws:s3:::", aws_s3_bucket.s3_bucket.id])}"
+       "${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id])}"
      ]
    },
-    {
-      "Sid": "VisualEditor1",
-      "Effect": "Allow",
-      "Action": [
-          "s3:ListStorageLensConfigurations",
-          "s3:ListAccessPointsForObjectLambda",
-          "s3:ListAllMyBuckets",
-          "s3:ListAccessPoints",
-          "s3:ListJobs",
-          "s3:ListMultiRegionAccessPoints"
-      ],
-      "Resource": "*"
-    },
    {
      "Sid": "HomeDirObjectAccess",
      "Effect": "Allow",
@@ -212,7 +201,7 @@ resource "aws_iam_role_policy" "user" {
        "s3:DeleteObject",
        "s3:GetObjectVersion"
      ],
-      "Resource": "${join("", ["arn:aws:s3:::", aws_s3_bucket.s3_bucket.id, "/*"])}"
+      "Resource": "${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id, "/", each.value, "/*"])}"
    }
  ]
 }
@@ -223,7 +212,7 @@ resource "aws_transfer_user" "this" {
  for_each       = var.sftp_users
  server_id      = aws_transfer_server.public.id
  user_name      = each.key
-  home_directory = "/${aws_s3_bucket.s3_bucket.id}/${each.value}"
+  home_directory = "/${module.s3_bucket.s3_bucket_id}/${each.value}"
  role           = aws_iam_role.user[each.key].arn

  tags = local.tags
--- a/s3-bucket-sftp-public/outputs.tf
+++ b/s3-bucket-sftp-public/outputs.tf
@@ -17,16 +17,4 @@ output "sftp-private" {
  value = nonsensitive(aws_secretsmanager_secret_version.private_key.secret_string)
 }

-output "sftp-public" {
-  value = aws_key_pair.generated_key.public_key
-}
-
-output "host-key-fingerprint" {
-  value = aws_transfer_server.public.host_key_fingerprint
-}
-
-output "s3-bucket-name" {
-  value = aws_s3_bucket.s3_bucket.id
-}
-

--- a/s3-bucket-sftp/main.tf
+++ b/s3-bucket-sftp/main.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 6.0.0"
+      version = "= 3.74.1"
    }
  }
 }
@@ -42,9 +42,21 @@ resource "aws_secretsmanager_secret_version" "private_key" {
  secret_string = nonsensitive(tls_private_key.sftp-key.private_key_pem)
 }

-locals {

-  port                 = "22"
+module "s3_bucket" {
+  source = "terraform-aws-modules/s3-bucket/aws"
+
+  version = "~> 2.1.0"
+
+  bucket = "sftp-${var.provision_id}"
+  acl    = "private"
+
+  versioning = {
+    enabled = false
+  }
+
+  force_destroy = true
+
  tags = {
    Deployment = "QMI"
    "Cost Center" = "3100"
@@ -52,28 +64,13 @@ locals {
    ProvID   = var.provision_id
    Name     = "sftp-${var.provision_id}"
  }
-}

-
-resource "aws_s3_bucket" "s3_bucket" {
-  bucket = "qmi-bucket-${var.provision_id}"
-
-  tags = local.tags
-
-  force_destroy = true
-}
-
-resource "aws_s3_bucket_versioning" "versioning" {
-  bucket = aws_s3_bucket.s3_bucket.id
-  versioning_configuration {
-    status = "Enabled"
-  }
 }

 ###

 resource "aws_s3_bucket_public_access_block" "sftp-block" {
-  bucket = aws_s3_bucket.s3_bucket.id
+  bucket = module.s3_bucket.s3_bucket_id

  block_public_acls       = true
  block_public_policy     = true
@@ -133,21 +130,143 @@ resource "aws_transfer_server" "sftp" {
  endpoint_details {
    vpc_id             = var.vpc_id
    subnet_ids         = var.subnet_ids
-    security_group_ids = [
-      aws_security_group.allow_tls.id,
-      aws_security_group.allow_tls_2.id
-    ]
+    security_group_ids = [module.security_group.security_group_id]
  }
  tags = {
    Deployment = "QMI"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "sftp-${var.provision_id}"
  }
 }

+module "security_group" {
+  
+  # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
+  source  = "terraform-aws-modules/security-group/aws"
+  version = "~> 4.3"
+
+  name        = "${var.provision_id}-SG"
+  description = "${var.provision_id}-SG-SFTP"
+  vpc_id      = var.vpc_id
+
+
+  # ingress
+
+  ingress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
+
+  ingress_with_cidr_blocks = [
+    {
+      from_port   = 22
+      to_port     = 22
+      protocol    = "tcp"
+      description = "Allow SFTP Inbound"
+
+    },
+  ]
+
+  # egress
+
+  egress_cidr_blocks = [
+    "52.249.189.38/32", 
+    "13.67.39.86/32", 
+    "20.67.110.207/32", 
+    "14.98.59.168/29", 
+    "182.74.33.8/29", 
+    "188.65.156.32/28", 
+    "212.73.252.96/29", 
+    "194.90.96.176/29", 
+    "213.57.84.160/29", 
+    "4.4.97.104/29", 
+    "206.196.17.32/27", 
+    #QCS
+    "18.205.71.36/32", 
+    "18.232.32.199/32", 
+    "34.237.68.254/32", 
+    "34.247.21.179/32", 
+    "52.31.212.214/32", 
+    "54.154.95.18/32", 
+    "13.210.43.241/32", 
+    "13.236.104.42/32", 
+    "13.236.206.172/32",
+    "18.138.163.172/32",
+    "18.142.157.182/32",
+    "54.179.13.251/32",
+    #QAA
+    "54.216.156.88/32",
+    "3.248.156.131/32",
+    "52.213.44.55/32",
+    "18.235.133.252/32",
+    "3.217.244.242/32",
+    "18.214.8.201/32",
+    "54.206.158.27/32",
+    "3.104.137.20/32",
+    "3.24.52.178/32",
+    "54.169.84.213/32",
+    "13.213.173.37/32",
+    "13.213.113.162/32"
+  ]
+
+  egress_with_cidr_blocks = [
+    {
+      from_port   = 22
+      to_port     = 22
+      protocol    = "tcp"
+      description = "Allow SFTP outbound"
+
+    },
+  ]
+
+  tags = {
+    Deployment = "QMI"
+    "Cost Center" = "3100"
+    #QMI_user = var.user_id
+    ProvID   = var.provision_id
+    Name     = "sftp-${var.provision_id}"
+  }
+  
+}
+
+
 resource "aws_iam_role" "user" {
  for_each           = var.sftp_users
  name               = "${var.provision_id}-sftp-user-${each.key}"
@@ -184,7 +303,7 @@ resource "aws_iam_role_policy" "user" {
      ],
      "Effect": "Allow",
      "Resource": [
-       "${join("", ["arn:aws:s3:::", aws_s3_bucket.s3_bucket.id])}"
+       "${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id])}"
      ]
    },
    {
@@ -197,7 +316,7 @@ resource "aws_iam_role_policy" "user" {
        "s3:DeleteObject",
        "s3:GetObjectVersion"
      ],
-      "Resource": "${join("", ["arn:aws:s3:::", aws_s3_bucket.s3_bucket.id, "/", each.value, "/*"])}"
+      "Resource": "${join("", ["arn:aws:s3:::", module.s3_bucket.s3_bucket_id, "/", each.value, "/*"])}"
    }
  ]
 }
@@ -208,7 +327,7 @@ resource "aws_transfer_user" "this" {
  for_each       = var.sftp_users
  server_id      = aws_transfer_server.sftp.id
  user_name      = each.key
-  home_directory = "/${aws_s3_bucket.s3_bucket.id}/${each.value}"
+  home_directory = "/${module.s3_bucket.s3_bucket_id}/${each.value}"
  role           = aws_iam_role.user[each.key].arn
 }

--- a/s3-bucket-sftp/sec_groups.tf
+++ b/s3-bucket-sftp/sec_groups.tf
@@ -1,69 +0,0 @@
-module "fw-ips" {
-    source = "git::https://gitlab.com/qmi/qmi-cloud-tf-modules.git//databases/firewall_ips"
-}
-
-resource "aws_security_group" "allow_tls" {
-  name        = "${var.provision_id}-SG"
-  description = "${var.provision_id}-SG"
-  vpc_id      = var.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" {
-  for_each = toset(module.fw-ips.cidr_blocks)
-  
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv4" {
-
-  for_each = toset(module.fw-ips.cidr_blocks)
-
-  security_group_id = aws_security_group.allow_tls.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "dbport"
-}
-
-resource "aws_security_group" "allow_tls_2" {
-  name        = "${var.provision_id}-SG2"
-  description = "${var.provision_id}-SG2"
-  vpc_id      = var.vpc_id
-
-  tags = local.tags
-}
-
-resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4_2" {
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-  
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4         = each.key
-  from_port         = local.port
-  ip_protocol       = "tcp"
-  to_port           = local.port
-  description = "Others - dbport"
-}
-
-resource "aws_vpc_security_group_egress_rule" "allow_tls_ipv_2" {
-
-  for_each = toset(module.fw-ips.cidr_blocks_others)
-
-  security_group_id = aws_security_group.allow_tls_2.id
-
-  cidr_ipv4   = each.key
-  from_port   = local.port
-  ip_protocol = "tcp"
-  to_port     = local.port
-  description = "Others - dbport"
-}
--- a/s3-bucket/main.tf
+++ b/s3-bucket/main.tf
@@ -5,49 +5,67 @@ terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
-      version = ">= 6.0.0"
+      version = "= 3.74.1"
    }
  }
 }

-locals {
+module "iam_user" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
+
+  version = "~> 3.0"
+
+  name          = "qmi-user-${var.provision_id}"
+  force_destroy = true
+
+  create_iam_user_login_profile = false
+  #pgp_key = "keybase:test"
+
+  password_reset_required = false
+
  tags = {
    Deployment = "QMI"
    "Cost Center" = "3100"
    QMI_user = var.user_id
-    Owner    = var.user_id
    ProvID   = var.provision_id
    Name     = "qmi-${var.provision_id}"
-    forced_destroy = var.forced_destroy
  }
+
 }

-resource "aws_iam_user" "lb" {
-  name = "qmi-user-${var.provision_id}"
+module "s3_bucket" {
+  source = "terraform-aws-modules/s3-bucket/aws"
+
+  version = "~> 2.1.0"
+
+  bucket = "qmi-bucket-${var.provision_id}"
+  acl    = "private"
+
+  versioning = {
+    enabled = false
+  }
+
  force_destroy = true

-  tags = local.tags
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+
+  tags = {
+    Deployment = "QMI"
+    "Cost Center" = "3100"
+    QMI_user = var.user_id
+    ProvID   = var.provision_id
+    Name     = "qmi-${var.provision_id}"
+  }
+
 }

-resource "aws_iam_access_key" "lb" {
-  user = aws_iam_user.lb.name
-}
-
-
-resource "aws_s3_bucket" "s3_bucket" {
-  bucket = var.bucket_name!=null? var.bucket_name : "qmi-bucket-${var.provision_id}"
-
-  tags = local.tags
-
-  force_destroy = true
-}
-
-
-
 resource "aws_iam_user_policy" "lb_ro" {
    
-  name = "s3only_policy_${aws_iam_user.lb.name}"
-  user = aws_iam_user.lb.name
+  name = "s3only_policy_${module.iam_user.this_iam_user_name}"
+  user = module.iam_user.this_iam_user_name

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
@@ -66,129 +84,10 @@ resource "aws_iam_user_policy" "lb_ro" {
              "Effect": "Allow",
              "Action": "s3:*",
              "Resource": [
-                  aws_s3_bucket.s3_bucket.arn,
-                  "${aws_s3_bucket.s3_bucket.arn}/*"
+                  module.s3_bucket.s3_bucket_arn,
+                  "${module.s3_bucket.s3_bucket_arn}/*"
              ]
          }
      ]
  })
-}
-
-resource "aws_iam_role" "qmi_snowflake" {
-    
-  name = "qmi_snowflake_${var.provision_id}"
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = "arn:aws:iam::494544507972:user/n2y3-s-ssca0544"
-        }
-      },
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = ["338144066592", "494544507972"]
-        }
-        Condition = {
-           StringEquals = {
-                  "sts:ExternalId" = "iceberg_table_external_id"
-            }
-        }
-      }
-    ]
-  })
-
-  tags = local.tags
-}
-
-resource "aws_iam_role_policy" "qmi_snowflake_policy" {
-
-  name = "qmi-bucket-${var.provision_id}_policy"
-  role = aws_iam_role.qmi_snowflake.id
-
-  policy = jsonencode({
-      "Version": "2012-10-17",
-      "Statement": [
-          {
-              "Effect": "Allow",
-              "Action": [
-                          "s3:GetBucketLocation",
-                          "s3:ListAllMyBuckets"
-                        ],
-              "Resource": "arn:aws:s3:::*"
-          },
-          {
-              "Effect": "Allow",
-              "Action": "s3:*",
-              "Resource": [
-                  aws_s3_bucket.s3_bucket.arn,
-                  "${aws_s3_bucket.s3_bucket.arn}/*"
-              ]
-          }
-      ]
-  })
-}
-
-resource "aws_iam_role" "qlik_s3" {
-  
-  count = var.tenant_id != null? 1 : 0
-  
-  name = "qlik_s3_${var.tenant_id}"
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = "338144066592"
-        }
-        Condition = {
-           StringEquals = {
-                  "sts:ExternalId" = "qlik_connection_${var.tenant_id}"
-            }
-        }
-      }
-    ]
-  })
-
-  tags = local.tags
-}
-
-resource "aws_iam_role_policy" "aws_s3_bucket_policy" {
-
-  count = var.tenant_id != null? 1 : 0
-
-  name = "qmi-bucket-${var.provision_id}_policy"
-  role = aws_iam_role.qlik_s3[0].id
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Sid = ""
-        Effect   = "Allow"
-        Action = [
-          "s3:GetObject",
-          "s3:ListBucket"
-        ]
-        Resource = [
-          "arn:aws:s3:::${aws_s3_bucket.s3_bucket.id}",
-          "arn:aws:s3:::${aws_s3_bucket.s3_bucket.id}/*"
-        ]
-      },
-    ]
-  })
-}
+}
--- a/s3-bucket/main.tf_old
+++ b/s3-bucket/main.tf_old
@@ -1,209 +0,0 @@
-terraform {
-
-  required_version = ">= 0.13"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-    }
-  }
-}
-
-locals {
-  tags = {
-    Deployment = "QMI"
-    "Cost Center" = "3100"
-    QMI_user = var.user_id
-    Owner    = var.user_id
-    ProvID   = var.provision_id
-    Name     = "qmi-${var.provision_id}"
-    forced_destroy = var.forced_destroy
-  }
-}
-
-module "iam_user" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
-
-  version = "~> 3.0"
-
-  name          = "qmi-user-${var.provision_id}"
-  force_destroy = true
-
-  create_iam_user_login_profile = false
-  #pgp_key = "keybase:test"
-
-  password_reset_required = false
-
-  tags = local.tags
-
-}
-
-module "s3_bucket" {
-  source = "terraform-aws-modules/s3-bucket/aws"
-
-  bucket = "qmi-bucket-${var.provision_id}"
-
-  versioning = {
-    enabled = false
-  }
-
-  force_destroy = true
-
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-
-  tags = local.tags
-
-}
-
-
-resource "aws_iam_user_policy" "lb_ro" {
-    
-  name = "s3only_policy_${module.iam_user.this_iam_user_name}"
-  user = module.iam_user.this_iam_user_name
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  policy = jsonencode({
-      "Version": "2012-10-17",
-      "Statement": [
-          {
-              "Effect": "Allow",
-              "Action": [
-                          "s3:GetBucketLocation",
-                          "s3:ListAllMyBuckets"
-                        ],
-              "Resource": "arn:aws:s3:::*"
-          },
-          {
-              "Effect": "Allow",
-              "Action": "s3:*",
-              "Resource": [
-                  module.s3_bucket.s3_bucket_arn,
-                  "${module.s3_bucket.s3_bucket_arn}/*"
-              ]
-          }
-      ]
-  })
-}
-
-resource "aws_iam_role" "qmi_snowflake" {
-    
-  name = "qmi_snowflake_${var.provision_id}"
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = "arn:aws:iam::494544507972:user/n2y3-s-ssca0544"
-        }
-      },
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = ["338144066592", "494544507972"]
-        }
-        Condition = {
-           StringEquals = {
-                  "sts:ExternalId" = "iceberg_table_external_id"
-            }
-        }
-      }
-    ]
-  })
-
-  tags = local.tags
-}
-
-resource "aws_iam_role_policy" "qmi_snowflake_policy" {
-
-  name = "qmi-bucket-${var.provision_id}_policy"
-  role = aws_iam_role.qmi_snowflake.id
-
-  policy = jsonencode({
-      "Version": "2012-10-17",
-      "Statement": [
-          {
-              "Effect": "Allow",
-              "Action": [
-                          "s3:GetBucketLocation",
-                          "s3:ListAllMyBuckets"
-                        ],
-              "Resource": "arn:aws:s3:::*"
-          },
-          {
-              "Effect": "Allow",
-              "Action": "s3:*",
-              "Resource": [
-                  module.s3_bucket.s3_bucket_arn,
-                  "${module.s3_bucket.s3_bucket_arn}/*"
-              ]
-          }
-      ]
-  })
-}
-
-resource "aws_iam_role" "qlik_s3" {
-  
-  count = var.tenant_id != null? 1 : 0
-  
-  name = "qlik_s3_${var.tenant_id}"
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = "sts:AssumeRole"
-        Principal = {
-          AWS = "338144066592"
-        }
-        Condition = {
-           StringEquals = {
-                  "sts:ExternalId" = "qlik_connection_${var.tenant_id}"
-            }
-        }
-      }
-    ]
-  })
-
-  tags = local.tags
-}
-
-resource "aws_iam_role_policy" "aws_s3_bucket_policy" {
-
-  count = var.tenant_id != null? 1 : 0
-
-  name = "qmi-bucket-${var.provision_id}_policy"
-  role = aws_iam_role.qlik_s3[0].id
-
-  # Terraform's "jsonencode" function converts a
-  # Terraform expression result to valid JSON syntax.
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Sid = ""
-        Effect   = "Allow"
-        Action = [
-          "s3:GetObject",
-          "s3:ListBucket"
-        ]
-        Resource = [
-          "arn:aws:s3:::${module.s3_bucket.s3_bucket_id}",
-          "arn:aws:s3:::${module.s3_bucket.s3_bucket_id}/*"
-        ]
-      },
-    ]
-  })
-}
--- a/s3-bucket/outputs.tf
+++ b/s3-bucket/outputs.tf
@@ -1,35 +1,15 @@
 output "bucket" {
-  value = {
-    s3_bucket_id = aws_s3_bucket.s3_bucket.id
-    s3_bucket_region = aws_s3_bucket.s3_bucket.bucket_region
-  }
+  value = module.s3_bucket
 }

-
 output "iam_name" {
-  value = aws_iam_user.lb.name
+  value = module.iam_user.this_iam_user_name
 }

 output "iam_access_key" {
-  value = aws_iam_access_key.lb.id
+  value = module.iam_user.this_iam_access_key_id
 }

 output "iam_access_secret" {
-  value = nonsensitive(aws_iam_access_key.lb.secret)
-}
-
-output "iam_role_arn" {
-  value = var.tenant_id!=null?  aws_iam_role.qlik_s3[0].arn : null
-}
-
-output "aws_account_id" {
-  value = "192018133564"
-}
-
-output "iam_role_snowflake_arn" {
-  value = aws_iam_role.qmi_snowflake.arn
-}
-
-output "iam_role_snowflake_arn_ExternalId" {
-  value = "iceberg_table_external_id"
+  value = nonsensitive(module.iam_user.this_iam_access_key_secret)
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Manuel Romero	15f6c5b126	revert bootstrap-qs	2023-06-02 12:19:20 +02:00
Manuel Romero	4605c4f8be	better password	2023-06-02 11:56:32 +02:00
Manuel Romero	c62cb51c2d	better password	2023-06-02 11:52:56 +02:00
Manuel Romero	339530f952	better password	2023-06-02 11:46:49 +02:00
Manuel Romero	30c9966d1c	better password	2023-06-02 11:41:45 +02:00
Manuel Romero	a24792c279	better password	2023-06-02 11:31:33 +02:00
Manuel Romero	60eaba761e	better password	2023-06-02 11:29:38 +02:00
Manuel Romero	538feb10eb	better password	2023-06-02 11:23:45 +02:00
Manuel Romero	589c0bc7bb	start services	2023-06-02 11:16:23 +02:00
Manuel Romero	b1d0cad7f1	venga	2023-06-02 11:00:18 +02:00
Manuel Romero	4dd7e6a02c	test	2023-06-02 10:53:08 +02:00