[SCC] No longer able to create attachments for IBM Cloud Framework for Financial Services profile

[jor2]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

1.9.5

Affected Resource(s)

• ibm_scc_profile_attachment

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

main.tf

##############################################################################
# Variable validation
##############################################################################

locals {
  # tflint-ignore: terraform_unused_declarations
  validate_attachment_parameters = var.custom_attachment_parameters == null && !var.use_profile_default_parameters ? tobool("A value must be passed for 'custom_attachment_parameters' if 'use_profile_default_parameters' is set to false.") : true
}

##############################################################################
# SCC profile attachment
##############################################################################

data "ibm_scc_profiles" "scc_profiles" {
  instance_id = var.scc_instance_id
}

locals {
  # Get profile and its various versions by name matching that provided in var.profile_name
  relevant_profile_versions = [
    for profile in data.ibm_scc_profiles.scc_profiles.profiles : profile if profile.profile_name == var.profile_name
  ]

  # Sort profile versions from lowest to highest
  sorted_profile_versions = sort(local.relevant_profile_versions[*].profile_version)

  # Create sorted list of profiles, ordered from lowest to highest profile version
  sorted_list = flatten(
    [
      for version in local.sorted_profile_versions :
      [
        for profile in local.relevant_profile_versions :
        profile if version == profile.profile_version
      ]
    ]
  )

  # Retrieve profile with the latest version by getting last element in sorted list
  latest_profile = local.sorted_list[length(local.sorted_list) - 1]

  profile_map = var.profile_version == "latest" ? {
    (var.profile_name) = local.latest_profile
    } : {
    for profile in data.ibm_scc_profiles.scc_profiles.profiles :
    var.profile_name => profile if profile.profile_name == var.profile_name && profile.profile_version == var.profile_version
  }

  # tflint-ignore: terraform_unused_declarations
  validate_profile = lookup(local.profile_map, var.profile_name, null) == null ? tobool("Could not find a valid profile name ${var.profile_name} and matching version ${var.profile_version}") : true

  profile = local.validate_profile ? local.profile_map[var.profile_name] : null
}

data "ibm_scc_profile" "scc_profile" {
  instance_id = var.scc_instance_id
  profile_id  = local.profile.id
}

locals {
  attachment_parameters = var.use_profile_default_parameters ? data.ibm_scc_profile.scc_profile.default_parameters : var.custom_attachment_parameters
}

# Create the attachment
resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
  profile_id  = local.profile.id
  instance_id = var.scc_instance_id
  name        = var.attachment_name
  description = var.attachment_description
  # To workaround https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5207 we set schedule to 'daily' here even though 'none' was passed in.
  # The end result will be the schedule being set to none since the 'status' option below sets that.
  schedule = var.attachment_schedule == "none" ? "daily" : var.attachment_schedule
  status   = var.attachment_schedule == "none" ? "disabled" : "enabled"

  scope {
    environment = "ibm-cloud"
    properties {
      name = "scope_id"
      value = "123_placeholder_123"
    }
    properties {
      name = "scope_type"
      value = "account"
    }
  }

  dynamic "attachment_parameters" {
    for_each = local.attachment_parameters
    content {
      parameter_name         = attachment_parameters.value["parameter_name"]
      parameter_display_name = attachment_parameters.value["parameter_display_name"]
      parameter_type         = attachment_parameters.value["parameter_type"]
      parameter_value        = attachment_parameters.value["parameter_default_value"]
      assessment_type        = attachment_parameters.value["assessment_type"]
      assessment_id          = attachment_parameters.value["assessment_id"]
    }
  }
}

variables.tf

variable "ibmcloud_api_key" {
  type        = string
  description = "The IBM Cloud API Key"
  sensitive   = true
}

variable "region" {
  type        = string
  description = "Region to provision all resources created by this example"
  default     = "us-south"
}

variable "profile_name" {
  type        = string
  description = "Name of the SCC profile that is used for the attachment."
  default     = "IBM Cloud Framework for Financial Services"
}

variable "profile_version" {
  type        = string
  description = "Version of the SCC profile that is used for the attachment. Defaults to the latest profile version if value is not provided."
  default     = "latest"
}

variable "scc_instance_id" {
  type        = string
  description = "ID of the SCC instance in which to create the attachment."
  default     = "5cd64d4e-8e80-40c6-b25a-5669c69f9a0f"
}

variable "attachment_name" {
  type        = string
  description = "The name to give to SCC profile attachment."
  default     = "scc-test"
}

variable "attachment_description" {
  type        = string
  description = "The description for the SCC profile attachment."
  default = "test-desc"
}

variable "attachment_schedule" {
  type        = string
  description = "The schedule of an attachment. Allowable values are: daily, every_7_days, every_30_days, none."
  default     = "every_30_days"

  validation {
    condition     = contains(["daily", "every_7_days", "every_30_days", "none"], var.attachment_schedule)
    error_message = "Allowed schedule can be - daily, every_7_days, every_30_days, none."
  }
}

variable "scope" {
  description = "The scope to set for the SCC profile attachment."
  type = list(object({
    environment = optional(string, "ibm-cloud")
    properties = list(object({
      name  = string
      value = string
    }))
  }))
  default = [{
    environment = "ibm-cloud"
    properties = [
      {
        name  = "scope_type"
        value = "account"
      },
      {
        name  = "scope_id"
        value = "123_placeholder_123"
      },
    ]
  }]
}

variable "use_profile_default_parameters" {
  description = "A boolean indicating whether to use the profiles default parameters. If set to false, a value must be passed for the `custum_attachment_parameters` input variable."
  type        = bool
  default     = true
}

variable "custom_attachment_parameters" {
  description = "A list of custom attachement parameters to use. Only used if 'use_profile_default_parameters' is set to false."
  type = list(object({
    parameter_name          = string
    parameter_display_name  = string
    parameter_type          = string
    parameter_default_value = string
    assessment_type         = string
    assessment_id           = string
  }))
  default = null
}

variable "enable_notification" {
  type        = bool
  description = "To enable notifications."
  default     = false
}

variable "notify_failed_control_ids" {
  type        = list(string)
  description = "A list of control IDs to send notifcations for when they fail."
  default     = []
}

variable "notification_threshold_limit" {
  type        = number
  description = "The threshold limit for notifications."
  default     = 14
}

provider.tf

########################################################################################################################
# Provider config
########################################################################################################################

provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
  region           = var.region
}

version.tf

terraform {
  required_version = ">= 1.3.0"

  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = ">=1.64.1, <2.0.0"
    }
  }
}

Debug Output

Panic Output

 2024/08/27 13:31:42 Terraform apply | Error: CreateAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
 2024/08/27 13:31:42 Terraform apply | {
 2024/08/27 13:31:42 Terraform apply |     "StatusCode": 400,
 2024/08/27 13:31:42 Terraform apply |     "Headers": {
 2024/08/27 13:31:42 Terraform apply |         "Cache-Control": [
 2024/08/27 13:31:42 Terraform apply |             "no-store"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Cf-Cache-Status": [
 2024/08/27 13:31:42 Terraform apply |             "DYNAMIC"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Cf-Ray": [
 2024/08/27 13:31:42 Terraform apply |             "8b9c6c3ec9716c04-DFW"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Content-Length": [
 2024/08/27 13:31:42 Terraform apply |             "176"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Content-Type": [
 2024/08/27 13:31:42 Terraform apply |             "application/json; charset=utf-8"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Date": [
 2024/08/27 13:31:42 Terraform apply |             "Tue, 27 Aug 2024 13:31:42 GMT"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Server": [
 2024/08/27 13:31:42 Terraform apply |             "cloudflare"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Strict-Transport-Security": [
 2024/08/27 13:31:42 Terraform apply |             "max-age=31536000; includeSubDomains"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "Transaction-Id": [
 2024/08/27 13:31:42 Terraform apply |             "fba981a1-6299-4398-a7e4-71f17a07b3ef"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "X-Content-Type-Options": [
 2024/08/27 13:31:42 Terraform apply |             "nosniff"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "X-Correlation-Id": [
 2024/08/27 13:31:42 Terraform apply |             "4ad4e96e-6ff4-449f-9fc5-6e2753ed05c0"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "X-Envoy-Upstream-Service-Time": [
 2024/08/27 13:31:42 Terraform apply |             "6279"
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "X-Request-Id": [
 2024/08/27 13:31:42 Terraform apply |             "8972dd58-b752-4c30-a434-c0399d4b0544"
 2024/08/27 13:31:42 Terraform apply |         ]
 2024/08/27 13:31:42 Terraform apply |     },
 2024/08/27 13:31:42 Terraform apply |     "Result": {
 2024/08/27 13:31:42 Terraform apply |         "errors": [
 2024/08/27 13:31:42 Terraform apply |             {
 2024/08/27 13:31:42 Terraform apply |                 "code": "bad_request",
 2024/08/27 13:31:42 Terraform apply |                 "message": "Necessary attachment parameters are not available to create or update attachment."
 2024/08/27 13:31:42 Terraform apply |             }
 2024/08/27 13:31:42 Terraform apply |         ],
 2024/08/27 13:31:42 Terraform apply |         "trace": "4ad4e96e-6ff4-449f-9fc5-6e2753ed05c0"
 2024/08/27 13:31:42 Terraform apply |     },
 2024/08/27 13:31:42 Terraform apply |     "RawResult": null
 2024/08/27 13:31:42 Terraform apply | }
 2024/08/27 13:31:42 Terraform apply | 
 2024/08/27 13:31:42 Terraform apply | 
 2024/08/27 13:31:42 Terraform apply |   with module.create_profile_attachment["IBM Cloud Framework for Financial Services"].ibm_scc_profile_attachment.scc_profile_attachment,
 2024/08/27 13:31:42 Terraform apply |   on .terraform/modules/create_profile_attachment/modules/attachment/main.tf line 43, in resource "ibm_scc_profile_attachment" "scc_profile_attachment":
 2024/08/27 13:31:42 Terraform apply |   43: resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
 2024/08/27 13:31:42 Terraform apply | 

Expected Behavior

It should create an SCC attachment using the 1.7.0 version of the profile but instead fails. It does not fail with the profile version 1.6.0

Actual Behavior

It fails to create an SCC attachment due to Necessary attachment parameters are not available to create or update attachment.

Steps to Reproduce

Run above code:

1. terraform apply

Important Factoids

This code works with the 1.6.0 profile version and the attachment parameters seem to be the issue.

References

• 0000

[jor2]

1.6.0 version of attachment parameters:

attachment_parameters = tolist([
  {
    "assessment_id" = "rule-9eb7b514-5c27-43ba-83fc-26d75e0bf695"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-3027fd86-72c5-4c81-8ccd-ff556a922ec1"
    "assessment_type" = "automated"
    "parameter_default_value" = "['192.168.1.0/24']"
    "parameter_display_name" = "IP allowlist for COS"
    "parameter_name" = "allowed_ip"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-56c515ef-4d2b-42e2-aa62-df4b37eab801"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-c9dfee2f-6283-43ce-9337-4eaacaa3313c"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-315c8bb3-3eb8-4186-85bc-e66d68ba9dd0"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-c0314fad-f377-465e-9f16-fa5aa3d5ebbe"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "IBM Cloud Network Interfaces count"
    "parameter_name" = "vm_nic_count"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-7cf9deab-b418-4374-9e10-a13d217166bb"
    "assessment_type" = "automated"
    "parameter_default_value" = "['my_f5_server']"
    "parameter_display_name" = "Exclude exclude the IP spoofing"
    "parameter_name" = "exclude_floating_ip_list"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-898ff49d-1979-4b70-9a79-d303c88dea63"
    "assessment_type" = "automated"
    "parameter_default_value" = "['vm-qa-automation-prod']"
    "parameter_display_name" = "Exclude interfaces with IP-spoofing from VPC"
    "parameter_name" = "exclude_ip_spoofing_check"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-ce6dff83-7280-4d25-a032-e5ff893e2fce"
    "assessment_type" = "automated"
    "parameter_default_value" = "['public-access-load-balancer', 'public-access-edge-node-load-balancer']"
    "parameter_display_name" = "Exclude Application Load Balancers that have public access"
    "parameter_name" = "exclude_load_balancers"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-d42bbc4b-932f-4ffe-9b2b-8d64fe9cf63f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['us-south-1', 'us-south-2', 'us-south-3', 'us-east-1', 'us-east-2', 'us-east-3', 'au-syd-1', 'au-syd-2', 'au-syd-3', 'eu-de-1', 'eu-de-2', 'eu-de-3', 'eu-gb-1', 'eu-gb-2']"
    "parameter_display_name" = "IBM Cloud Public Gateway permitted zones"
    "parameter_name" = "public_gateway_permitted_zones"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-0f7e7e60-a05c-43a7-be74-70615f14a342"
    "assessment_type" = "automated"
    "parameter_default_value" = "53"
    "parameter_display_name" = "Security group rule for allowed port numbers to DNS"
    "parameter_name" = "dns_port"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-28271605-31bb-4efa-b0ef-5f51adc77d90"
    "assessment_type" = "automated"
    "parameter_default_value" = "['0.0.0.0/0']"
    "parameter_display_name" = "Enter the IP/CIDR list allowed for VPC inbound"
    "parameter_name" = "inbound_allowed_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-c981bedc-1526-448c-836c-10b0e3a2b812"
    "assessment_type" = "automated"
    "parameter_default_value" = "['0.0.0.0/0']"
    "parameter_display_name" = "Enter the IP/CIDR list allowed for VPC Outbound"
    "parameter_name" = "outbound_allowed_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-a1fff3f6-6428-4ad4-9be2-2171ce09fb8f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['Update the parameter']"
    "parameter_display_name" = "Exclude the security groups"
    "parameter_name" = "exclude_security_groups"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-c92a1ac3-6f9a-4fb1-9cb8-57d312679020"
    "assessment_type" = "automated"
    "parameter_default_value" = "['dummy-subnet-1', 'dummy-subnet-2']"
    "parameter_display_name" = "Subnet(s) name"
    "parameter_name" = "excluded_subnets"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-857646d8-23b8-4495-82a4-295ab399266e"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "At least one VPC created"
    "parameter_name" = "number_of_vpcs"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-ba79b984-ec18-4fc1-965d-82cf701eb94f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['us-south']"
    "parameter_display_name" = "Platform logs enabled locations of IBM Log Analysis instances"
    "parameter_name" = "platform_logs_enabled_locations"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-762180a3-95e1-462b-a7ca-7995ca0dfb7c"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-c26980c7-5fae-47b7-ad2a-e96e87cf28fc"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-8c28c15e-c38f-410a-a883-a5f22a839176"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "Number of transit gateways"
    "parameter_name" = "number_of_transit_gateways"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-df5ef7fa-0ded-4f18-9555-02c399227693"
    "assessment_type" = "automated"
    "parameter_default_value" = "15"
    "parameter_display_name" = "Lockout duration policy setting in minutes"
    "parameter_name" = "lockout_policy_config_minutes"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-a637949b-7e51-46c4-afd4-b96619001bf1"
    "assessment_type" = "automated"
    "parameter_default_value" = "7200"
    "parameter_display_name" = "Sign out due to inactivity in seconds"
    "parameter_name" = "session_invalidation_in_seconds"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-51e15d43-3946-4898-b593-02e16a988d8e"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Maximum number of days between vulnerability scans"
    "parameter_name" = "scan_interval_max"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-e208d1c0-8ede-49f0-b4a3-4da3da738733"
    "assessment_type" = "automated"
    "parameter_default_value" = "['artifactory', 'customtool', 'draservicebroker', 'githubconsolidated', 'gitlab', 'hashicorpvault', 'hostedgit', 'keyprotect', 'pagerduty', 'pipeline', 'private_worker', 'saucelabs', 'secretsmanager', 'security_compliance', 'slack', 'sonarqube']"
    "parameter_display_name" = "List of allowed tool integration services for toolchains"
    "parameter_name" = "allowed_tool_integration_services"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-709caded-75d6-4481-b9cd-de20851a9b19"
    "assessment_type" = "automated"
    "parameter_default_value" = "['Update the parameter']"
    "parameter_display_name" = "VPC provisioned from list of customer-defined images"
    "parameter_name" = "defined_images"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-574143f9-befe-4da1-a15e-af9437ed9ae7"
    "assessment_type" = "automated"
    "parameter_default_value" = "['au-syd', 'br-sao', 'ca-tor', 'eu-de', 'eu-gb', 'jp-osa', 'jp-tok', 'us-east', 'us-south']"
    "parameter_display_name" = "Hyper Protect Crypto Services regions"
    "parameter_name" = "fs_cloud_regions"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-88f25dca-0e62-43c1-939e-f6637d23847f"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimum number of Worker node zones"
    "parameter_name" = "worker_node_min_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-c0f15737-b451-44d0-a0b6-649013a155bc"
    "assessment_type" = "automated"
    "parameter_default_value" = "2"
    "parameter_display_name" = "Number of Direct Links"
    "parameter_name" = "number_of_direct_links"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-064d9004-8728-4988-b19a-1805710466f6"
    "assessment_type" = "automated"
    "parameter_default_value" = "['2', '3']"
    "parameter_display_name" = "Number of IBM Cloud Hyper Protect Crypto Service units"
    "parameter_name" = "hpcs_crypto_units"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-0be41446-a0e7-46fb-8cbb-37bf413e0286"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimal number of loadbalancer zones"
    "parameter_name" = "loadbalancer_min_lb_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-f47c1c7d-cead-4f21-aa71-4fe7a307ae9b"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimum number of VPC zones"
    "parameter_name" = "vpc_min_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-d8d13c3e-5ca0-46c5-a055-2475852c4ec6"
    "assessment_type" = "automated"
    "parameter_default_value" = "24"
    "parameter_display_name" = "Enough characters in pre-shared key"
    "parameter_name" = "no_pre_shared_key_characters"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-250c3e07-0d2d-48c6-9de6-cbf5ba0d22ed"
    "assessment_type" = "automated"
    "parameter_default_value" = "0"
    "parameter_display_name" = "Mininum number of hours between App ID password changes"
    "parameter_name" = "min_hours_change_password"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-caf5e45d-ccc8-4e35-b124-e1b4c8bcab71"
    "assessment_type" = "automated"
    "parameter_default_value" = "['1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11', '12']"
    "parameter_display_name" = "Hyper Protect Crypto Services key rotation policy"
    "parameter_name" = "hpcs_rotation_policy"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-88ff070b-3a8d-4d66-a943-3b2fa28630ea"
    "assessment_type" = "automated"
    "parameter_default_value" = "90"
    "parameter_display_name" = "Minimum rotation period of Secrets Manager arbitrary secrets"
    "parameter_name" = "arbitrary_secret_min_rotation_period"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-28e20137-3350-4d51-9abc-4dae8fee9e04"
    "assessment_type" = "automated"
    "parameter_default_value" = "90"
    "parameter_display_name" = "Minimum rotation period of Secrets Manager user credentials"
    "parameter_name" = "user_credential_min_rotation_period"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-91734f9f-b8ff-4bfd-afb3-db4f789ac38f"
    "assessment_type" = "automated"
    "parameter_default_value" = "120"
    "parameter_display_name" = "Expiration in minutes of App ID access tokens"
    "parameter_name" = "access_tokens_expiration_minutes"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-846058ff-dbf1-4ab6-864f-1be009618759"
    "assessment_type" = "automated"
    "parameter_default_value" = "86400"
    "parameter_display_name" = "Session expiration in seconds for the account"
    "parameter_name" = "session_expiration_in_seconds"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-a8a69cd6-a902-4144-b652-8be68600a029"
    "assessment_type" = "automated"
    "parameter_default_value" = "14"
    "parameter_display_name" = "Diffie-Hellman group number set"
    "parameter_name" = "diffie_hellman_group"
    "parameter_type" = "numeric"
  },
])
profile = {
  "attachments_count" = 0
  "control_parents_count" = 0
  "controls_count" = 565
  "created_by" = "IBM Cloud"
  "created_on" = "2024-03-13T02:46:10.000Z"
  "hierarchy_enabled" = false
  "id" = "bfacb71d-4b84-41ac-9825-e8a3a3eb7405"
  "latest" = false
  "profile_description" = "IBM Cloud Framework for Financial Services"
  "profile_name" = "IBM Cloud Framework for Financial Services"
  "profile_type" = "predefined"
  "profile_version" = "1.6.0"
  "updated_by" = "IBM Cloud"
  "updated_on" = "2024-08-27T02:13:51.000Z"
  "version_group_label" = "33fc7b80-0fa5-4f16-bbba-1f293f660f0d"
}

1.7.0 version:

attachment_parameters = tolist([
  {
    "assessment_id" = "rule-b5675539-fb0a-4464-93a3-f9c3ab1da0f8"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-61878b48-e181-455d-aed3-5730b6e27890"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-61878b48-e181-455d-aed3-5730b6e27890"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "Allowed IPs(CBR, Firewall)"
    "parameter_name" = "cos_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-3027fd86-72c5-4c81-8ccd-ff556a922ec1"
    "assessment_type" = "automated"
    "parameter_default_value" = "['192.168.1.0/24']"
    "parameter_display_name" = "IP allowlist for COS"
    "parameter_name" = "allowed_ip"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-15e9118b-2fd4-46a7-a454-7af07b2b342c"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-5c9aed4a-af5e-47e0-8a86-cac8199aa90d"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-94ca1725-f251-4cee-8c4c-280e141f194a"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-4554e868-eb89-4b18-8692-564da18e0c2d"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-4554e868-eb89-4b18-8692-564da18e0c2d"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-65627941-63ee-4f52-9248-3b5a09163965"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-0ffd34a1-3ca7-4d53-adbe-40f3980694e6"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-0ffd34a1-3ca7-4d53-adbe-40f3980694e6"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-00882b45-ee37-4dc1-b948-afa618755fbd"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-00882b45-ee37-4dc1-b948-afa618755fbd"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-8e7fd3c6-01aa-47b8-9898-ba34ebc27015"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-a534cbfa-1d2b-4b10-b405-7d6a0a969944"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-6b80be89-7c9f-472f-9ad2-363086fbcc86"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-a6843b59-7e8b-4e5f-8f45-fe98a28269e2"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-c5642f67-fb2c-4fe1-aed1-585d9215808f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-fce897fe-d572-4412-9c74-828bfab0c26a"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-4736fc5d-63e2-4673-92e5-4c1f381645f5"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-5593b5b5-dd27-45c9-b088-b40e447af5ef"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-ed883cda-bdd3-48fd-972b-bf98b085423b"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-c0314fad-f377-465e-9f16-fa5aa3d5ebbe"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "IBM Cloud Network Interfaces count"
    "parameter_name" = "vm_nic_count"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-7cf9deab-b418-4374-9e10-a13d217166bb"
    "assessment_type" = "automated"
    "parameter_default_value" = "['my_f5_server']"
    "parameter_display_name" = "Exclude exclude the IP spoofing"
    "parameter_name" = "exclude_floating_ip_list"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-898ff49d-1979-4b70-9a79-d303c88dea63"
    "assessment_type" = "automated"
    "parameter_default_value" = "['vm-qa-automation-prod']"
    "parameter_display_name" = "Exclude interfaces with IP-spoofing from VPC"
    "parameter_name" = "exclude_ip_spoofing_check"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-b6b7e67f-e7c2-4435-a883-80ab3d835d0e"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-dce07761-8ffd-4beb-a7cc-d38a17fffd4e"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-7cbf96ea-a032-4bc0-aae7-21d088965ef4"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-b96fdad1-c2d5-4399-861f-49adecfd3485"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-ce6dff83-7280-4d25-a032-e5ff893e2fce"
    "assessment_type" = "automated"
    "parameter_default_value" = "['public-access-load-balancer', 'public-access-edge-node-load-balancer']"
    "parameter_display_name" = "Exclude Application Load Balancers that have public access"
    "parameter_name" = "exclude_load_balancers"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-10b28c5d-27aa-4d03-b863-2e770090df74"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-9a64c779-5744-4bcc-a5ac-e4ad04b0f59c"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-fdabbd31-1b00-4a84-aca2-6c57e8404b9e"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-d42bbc4b-932f-4ffe-9b2b-8d64fe9cf63f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['us-south-1', 'us-south-2', 'us-south-3', 'us-east-1', 'us-east-2', 'us-east-3', 'au-syd-1', 'au-syd-2', 'au-syd-3', 'eu-de-1', 'eu-de-2', 'eu-de-3', 'eu-gb-1', 'eu-gb-2']"
    "parameter_display_name" = "IBM Cloud Public Gateway permitted zones"
    "parameter_name" = "public_gateway_permitted_zones"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-7758e8eb-c4d8-42a8-869f-30e3c189f6fa"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-0f7e7e60-a05c-43a7-be74-70615f14a342"
    "assessment_type" = "automated"
    "parameter_default_value" = "53"
    "parameter_display_name" = "Security group rule for allowed port numbers to DNS"
    "parameter_name" = "dns_port"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-28271605-31bb-4efa-b0ef-5f51adc77d90"
    "assessment_type" = "automated"
    "parameter_default_value" = "['0.0.0.0/0']"
    "parameter_display_name" = "Enter the IP/CIDR list allowed for VPC inbound"
    "parameter_name" = "inbound_allowed_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-c981bedc-1526-448c-836c-10b0e3a2b812"
    "assessment_type" = "automated"
    "parameter_default_value" = "['0.0.0.0/0']"
    "parameter_display_name" = "Enter the IP/CIDR list allowed for VPC Outbound"
    "parameter_name" = "outbound_allowed_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-a1fff3f6-6428-4ad4-9be2-2171ce09fb8f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['Update the parameter']"
    "parameter_display_name" = "Exclude the security groups"
    "parameter_name" = "exclude_security_groups"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-2b0fc034-063b-47a7-86e9-5a96c8ca9f23"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-af1c19bb-a40e-4798-92ad-57d4e9d540ba"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-c92a1ac3-6f9a-4fb1-9cb8-57d312679020"
    "assessment_type" = "automated"
    "parameter_default_value" = "['dummy-subnet-1', 'dummy-subnet-2']"
    "parameter_display_name" = "Subnet(s) name"
    "parameter_name" = "excluded_subnets"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-8b014ee6-2fcf-4e78-9412-d290251ff2a1"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-3d843573-0a71-44cc-926a-330fbcf80ec6"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-857646d8-23b8-4495-82a4-295ab399266e"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "At least one VPC created"
    "parameter_name" = "number_of_vpcs"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-29286737-f65b-41fb-8ba7-30e81f0f9dd8"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-a4cc268c-9c97-4dbb-b02f-bf74d5a5aa93"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-9d0ae8c0-7332-4b65-858c-56fe9875789f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-23850407-cbf6-42cf-8985-f90b2c966d04"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-23850407-cbf6-42cf-8985-f90b2c966d04"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-553bdee0-a3c4-4ff9-a2f2-7903cc98ca2f"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-21fd1a1e-7909-48a4-949a-ada1785a34cf"
    "assessment_type" = "automated"
    "parameter_default_value" = "['cbr', 'service']"
    "parameter_display_name" = "check for cbr enforcement"
    "parameter_name" = "check_enforced"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-21fd1a1e-7909-48a4-949a-ada1785a34cf"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-8c28c15e-c38f-410a-a883-a5f22a839176"
    "assessment_type" = "automated"
    "parameter_default_value" = "1"
    "parameter_display_name" = "Number of transit gateways"
    "parameter_name" = "number_of_transit_gateways"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-ca36ff5d-003b-4b21-b584-061a2ac5268a"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-e54063a9-379f-4cdf-a00c-2fd02c8d9eda"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },
  {
    "assessment_id" = "rule-df5ef7fa-0ded-4f18-9555-02c399227693"
    "assessment_type" = "automated"
    "parameter_default_value" = "15"
    "parameter_display_name" = "Lockout duration policy setting in minutes"
    "parameter_name" = "lockout_policy_config_minutes"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-a637949b-7e51-46c4-afd4-b96619001bf1"
    "assessment_type" = "automated"
    "parameter_default_value" = "7200"
    "parameter_display_name" = "Sign out due to inactivity in seconds"
    "parameter_name" = "session_invalidation_in_seconds"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-51e15d43-3946-4898-b593-02e16a988d8e"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Maximum number of days between vulnerability scans"
    "parameter_name" = "scan_interval_max"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-e208d1c0-8ede-49f0-b4a3-4da3da738733"
    "assessment_type" = "automated"
    "parameter_default_value" = "['artifactory', 'customtool', 'draservicebroker', 'githubconsolidated', 'gitlab', 'hashicorpvault', 'hostedgit', 'keyprotect', 'pagerduty', 'pipeline', 'private_worker', 'saucelabs', 'secretsmanager', 'security_compliance', 'slack', 'sonarqube']"
    "parameter_display_name" = "List of allowed tool integration services for toolchains"
    "parameter_name" = "allowed_tool_integration_services"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-709caded-75d6-4481-b9cd-de20851a9b19"
    "assessment_type" = "automated"
    "parameter_default_value" = "['Update the parameter']"
    "parameter_display_name" = "VPC provisioned from list of customer-defined images"
    "parameter_name" = "defined_images"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-574143f9-befe-4da1-a15e-af9437ed9ae7"
    "assessment_type" = "automated"
    "parameter_default_value" = "['au-syd', 'br-sao', 'ca-tor', 'eu-de', 'eu-gb', 'jp-osa', 'jp-tok', 'us-east', 'us-south']"
    "parameter_display_name" = "Hyper Protect Crypto Services regions"
    "parameter_name" = "fs_cloud_regions"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-88f25dca-0e62-43c1-939e-f6637d23847f"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimum number of Worker node zones"
    "parameter_name" = "worker_node_min_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-c0f15737-b451-44d0-a0b6-649013a155bc"
    "assessment_type" = "automated"
    "parameter_default_value" = "2"
    "parameter_display_name" = "Number of Direct Links"
    "parameter_name" = "number_of_direct_links"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-064d9004-8728-4988-b19a-1805710466f6"
    "assessment_type" = "automated"
    "parameter_default_value" = "['2', '3']"
    "parameter_display_name" = "Number of IBM Cloud Hyper Protect Crypto Service units"
    "parameter_name" = "hpcs_crypto_units"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-0be41446-a0e7-46fb-8cbb-37bf413e0286"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimal number of loadbalancer zones"
    "parameter_name" = "loadbalancer_min_lb_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-f47c1c7d-cead-4f21-aa71-4fe7a307ae9b"
    "assessment_type" = "automated"
    "parameter_default_value" = "3"
    "parameter_display_name" = "Minimum number of VPC zones"
    "parameter_name" = "vpc_min_zones"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-d8d13c3e-5ca0-46c5-a055-2475852c4ec6"
    "assessment_type" = "automated"
    "parameter_default_value" = "24"
    "parameter_display_name" = "Enough characters in pre-shared key"
    "parameter_name" = "no_pre_shared_key_characters"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-250c3e07-0d2d-48c6-9de6-cbf5ba0d22ed"
    "assessment_type" = "automated"
    "parameter_default_value" = "0"
    "parameter_display_name" = "Mininum number of hours between App ID password changes"
    "parameter_name" = "min_hours_change_password"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-caf5e45d-ccc8-4e35-b124-e1b4c8bcab71"
    "assessment_type" = "automated"
    "parameter_default_value" = "['1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11', '12']"
    "parameter_display_name" = "Hyper Protect Crypto Services key rotation policy"
    "parameter_name" = "hpcs_rotation_policy"
    "parameter_type" = "string_list"
  },
  {
    "assessment_id" = "rule-88ff070b-3a8d-4d66-a943-3b2fa28630ea"
    "assessment_type" = "automated"
    "parameter_default_value" = "90"
    "parameter_display_name" = "Minimum rotation period of Secrets Manager arbitrary secrets"
    "parameter_name" = "arbitrary_secret_min_rotation_period"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-28e20137-3350-4d51-9abc-4dae8fee9e04"
    "assessment_type" = "automated"
    "parameter_default_value" = "90"
    "parameter_display_name" = "Minimum rotation period of Secrets Manager user credentials"
    "parameter_name" = "user_credential_min_rotation_period"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-91734f9f-b8ff-4bfd-afb3-db4f789ac38f"
    "assessment_type" = "automated"
    "parameter_default_value" = "120"
    "parameter_display_name" = "Expiration in minutes of App ID access tokens"
    "parameter_name" = "access_tokens_expiration_minutes"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-846058ff-dbf1-4ab6-864f-1be009618759"
    "assessment_type" = "automated"
    "parameter_default_value" = "86400"
    "parameter_display_name" = "Session expiration in seconds for the account"
    "parameter_name" = "session_expiration_in_seconds"
    "parameter_type" = "numeric"
  },
  {
    "assessment_id" = "rule-a8a69cd6-a902-4144-b652-8be68600a029"
    "assessment_type" = "automated"
    "parameter_default_value" = "14"
    "parameter_display_name" = "Diffie-Hellman group number set"
    "parameter_name" = "diffie_hellman_group"
    "parameter_type" = "numeric"
  },
])
profile = {
  "attachments_count" = 1
  "control_parents_count" = 0
  "controls_count" = 565
  "created_by" = "IBM Cloud"
  "created_on" = "2024-08-27T02:13:51.000Z"
  "hierarchy_enabled" = false
  "id" = "fe96bd4d-9b37-40f2-b39f-a62760e326a3"
  "latest" = true
  "profile_description" = "IBM Cloud Framework for Financial Services"
  "profile_name" = "IBM Cloud Framework for Financial Services"
  "profile_type" = "predefined"
  "profile_version" = "1.7.0"
  "updated_by" = "IBM Cloud"
  "updated_on" = "2024-08-27T02:13:51.000Z"
  "version_group_label" = "33fc7b80-0fa5-4f16-bbba-1f293f660f0d"
}

[hkantare]

@pavanm87 Can you look into the issue

[jor2]

Could these new attachment parameters introduced have something to do with it?

  {
    "assessment_id" = "rule-b5675539-fb0a-4464-93a3-f9c3ab1da0f8"
    "assessment_type" = "automated"
    "parameter_default_value" = "['255.255.255.255/32']"
    "parameter_display_name" = "IP allowlist for CBR"
    "parameter_name" = "cbr_endpoints_allowed_ip_list"
    "parameter_type" = "ip_list"
  },

[hkantare]

@jor2 Posting a comment on behalf of SCC team (technical login issues the user is facing)

There is a new FS version released in last 24 hrs.. Here are the details .. https://cloud.ibm.com/docs/security-compliance?topic=security-compliance-release-notes Last observation/comment added is a valid observation

[ocofaigh]

@hkantare a new profile version should not break the provider - it seems that is what has happened here

[hkantare]

Yes I do agree SCC team is looking into it .

[ocofaigh]

Also impacts the AI Security Guardrails 2.0 profile:

 2024/08/29 13:01:29 Terraform plan | Terraform will perform the following actions:
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |   # module.create_profile_attachment["AI Security Guardrails 2.0"].ibm_scc_profile_attachment.scc_profile_attachment will be created
2024/08/29 13:01:29 Terraform plan |   + resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
2024/08/29 13:01:29 Terraform plan |       + account_id            = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + attachment_id         = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + created_by            = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + created_on            = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + description           = "SCC profile attachment scoped to your specific IBM Cloud account id 85fbf4a5a3d148b1b75b59c610ecc811 with a daily attachment schedule."
2024/08/29 13:01:29 Terraform plan |       + id                    = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + instance_id           = "ef71ef26-0e3f-400a-b0ee-0e879ef2d29d"
2024/08/29 13:01:29 Terraform plan |       + last_scan             = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + name                  = "1 daily full account attachment"
2024/08/29 13:01:29 Terraform plan |       + next_scan_time        = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + profile_attachment_id = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + profile_id            = "7e09c417-238b-4dca-b086-22170bcf13ea"
2024/08/29 13:01:29 Terraform plan |       + schedule              = "daily"
2024/08/29 13:01:29 Terraform plan |       + status                = "enabled"
2024/08/29 13:01:29 Terraform plan |       + updated_by            = (known after apply)
2024/08/29 13:01:29 Terraform plan |       + updated_on            = (known after apply)
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-045ae3bc-9f3a-46ac-b4e9-7bec574f66d0"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "check_enforced"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-064d9004-8728-4988-b19a-1805710466f6"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Number of IBM Cloud Hyper Protect Crypto Service units"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "hpcs_crypto_units"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['2', '3']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-0be41446-a0e7-46fb-8cbb-37bf413e0286"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Minimal number of loadbalancer zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "loadbalancer_min_lb_zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "3"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-0f7e7e60-a05c-43a7-be74-70615f14a342"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Security group rule for allowed port numbers to DNS"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "dns_port"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "53"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-11425765-ea68-47e7-b4e0-c443ec0cbd19"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "IP allowlist for Event Streams"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "allowed_ip"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "ip_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['192.168.1.0/24']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-115d9567-067d-48c0-80b5-71642e0217fb"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "check_enforced"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-28271605-31bb-4efa-b0ef-5f51adc77d90"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Enter the IP/CIDR list allowed for VPC inbound"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "inbound_allowed_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "ip_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['0.0.0.0/0']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-51e15d43-3946-4898-b593-02e16a988d8e"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Maximum number of days between vulnerability scans"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "scan_interval_max"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "3"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-574143f9-befe-4da1-a15e-af9437ed9ae7"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Hyper Protect Crypto Services regions"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "fs_cloud_regions"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['au-syd', 'br-sao', 'ca-tor', 'eu-de', 'eu-gb', 'jp-osa', 'jp-tok', 'us-east', 'us-south']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-61878b48-e181-455d-aed3-5730b6e27890"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "check_enforced"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-857646d8-23b8-4495-82a4-295ab399266e"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "At least one VPC created"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "number_of_vpcs"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "1"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-88f25dca-0e62-43c1-939e-f6637d23847f"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Minimum number of Worker node zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "worker_node_min_zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "3"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-898ff49d-1979-4b70-9a79-d303c88dea63"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Exclude interfaces with IP-spoofing from VPC"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "exclude_ip_spoofing_check"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['vm-qa-automation-prod']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-8c28c15e-c38f-410a-a883-a5f22a839176"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Number of transit gateways"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "number_of_transit_gateways"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "1"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-97b65986-fd31-459c-9a97-eaa6ad78944b"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "IP allowlist for COS"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "allowed_ip"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "ip_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['192.168.1.0/24']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-a61e9ad4-1c26-4998-8862-502f0b1c20f5"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "check_enforced"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-c0314fad-f377-465e-9f16-fa5aa3d5ebbe"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "IBM Cloud Network Interfaces count"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "vm_nic_count"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "1"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-c0f15737-b451-44d0-a0b6-649013a155bc"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Number of Direct Links"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "number_of_direct_links"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "2"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-c981bedc-1526-448c-836c-10b0e3a2b812"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Enter the IP/CIDR list allowed for VPC Outbound"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "outbound_allowed_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "ip_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['0.0.0.0/0']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-d42bbc4b-932f-4ffe-9b2b-8d64fe9cf63f"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "IBM Cloud Public Gateway permitted zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "public_gateway_permitted_zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['us-south-1', 'us-south-2', 'us-south-3', 'us-east-1', 'us-east-2', 'us-east-3', 'au-syd-1', 'au-syd-2', 'au-syd-3', 'eu-de-1', 'eu-de-2', 'eu-de-3', 'eu-gb-1', 'eu-gb-2']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-e17c4755-6cef-4e22-84aa-26cfa03b9559"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "check_enforced"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-e208d1c0-8ede-49f0-b4a3-4da3da738733"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "List of allowed tool integration services for toolchains"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "allowed_tool_integration_services"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "string_list"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "['artifactory', 'customtool', 'draservicebroker', 'githubconsolidated', 'gitlab', 'hashicorpvault', 'hostedgit', 'keyprotect', 'pagerduty', 'pipeline', 'private_worker', 'saucelabs', 'secretsmanager', 'security_compliance', 'slack', 'sonarqube']"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-f47c1c7d-cead-4f21-aa71-4fe7a307ae9b"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Minimum number of VPC zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "vpc_min_zones"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "3"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |       + attachment_parameters {
2024/08/29 13:01:29 Terraform plan |           + assessment_id          = "rule-fbaab096-6c43-4f7e-9655-5bc6b988b933"
2024/08/29 13:01:29 Terraform plan |           + assessment_type        = "automated"
2024/08/29 13:01:29 Terraform plan |           + parameter_display_name = "Count of admin users role in IBM watsonx project."
2024/08/29 13:01:29 Terraform plan |           + parameter_name         = "no_of_admin_users"
2024/08/29 13:01:29 Terraform plan |           + parameter_type         = "numeric"
2024/08/29 13:01:29 Terraform plan |           + parameter_value        = "2"
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |       + notifications {
2024/08/29 13:01:29 Terraform plan |           + enabled = false
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |           + controls {
2024/08/29 13:01:29 Terraform plan |               + failed_control_ids = []
2024/08/29 13:01:29 Terraform plan |               + threshold_limit    = 14
2024/08/29 13:01:29 Terraform plan |             }
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |       + scope {
2024/08/29 13:01:29 Terraform plan |           + environment = "ibm-cloud"
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan |           + properties {
2024/08/29 13:01:29 Terraform plan |               + name  = "scope_type"
2024/08/29 13:01:29 Terraform plan |               + value = "account"
2024/08/29 13:01:29 Terraform plan |             }
2024/08/29 13:01:29 Terraform plan |           + properties {
2024/08/29 13:01:29 Terraform plan |               + name  = "scope_id"
2024/08/29 13:01:29 Terraform plan |               + value = "85fbf4a5a3d148b1b75b59c610ecc811"
2024/08/29 13:01:29 Terraform plan |             }
2024/08/29 13:01:29 Terraform plan |         }
2024/08/29 13:01:29 Terraform plan |     }
2024/08/29 13:01:29 Terraform plan |
 2024/08/29 13:01:29 Terraform plan | Plan: 1 to add, 0 to change, 0 to destroy.
2024/08/29 13:01:29 Command finished successfully.
 2024/08/29 13:01:29 [34mStarting command: terraform1.6 show -no-color -json tfplan.binary[39m[0m
2024/08/29 13:01:29 Starting command: terraform1.6 show -no-color -json tfplan.binary
2024/08/29 13:01:33 Command finished successfully.
 2024/08/29 13:01:33 [34mStarting command: terraform1.6 apply -state=terraform.tfstate -var-file=schematics.tfvars -auto-approve -no-color[39m[0m
2024/08/29 13:01:33 Starting command: terraform1.6 apply -state=terraform.tfstate -var-file=schematics.tfvars -auto-approve -no-color
2024/08/29 13:01:44 Terraform apply | module.scc[0].data.ibm_iam_account_settings.iam_account_settings: Reading...
2024/08/29 13:01:44 Terraform apply | data.ibm_en_destinations.en_destinations[0]: Reading...
2024/08/29 13:01:44 Terraform apply | module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Reading...
2024/08/29 13:01:44 Terraform apply | data.ibm_iam_account_settings.iam_account_settings: Reading...
2024/08/29 13:01:44 Terraform apply | module.kms[0].module.kms_key_rings["scc-cos-key-ring"].ibm_kms_key_rings.key_ring: Refreshing state... [id=scc-cos-key-ring:keyRing:crn:v1:bluemix:public:kms:us-south:a/85fbf4a5a3d148b1b75b59c610ecc811:c01fb421-74d0-49d5-bda2-e2be1f31cbe9::]
2024/08/29 13:01:45 Terraform apply | data.ibm_iam_account_settings.iam_account_settings: Read complete after 0s [id=85fbf4a5a3d148b1b75b59c610ecc811]
2024/08/29 13:01:45 Terraform apply | module.scc[0].data.ibm_iam_account_settings.iam_account_settings: Read complete after 0s [id=85fbf4a5a3d148b1b75b59c610ecc811]
2024/08/29 13:01:45 Terraform apply | module.resource_group.data.ibm_resource_group.existing_resource_group[0]: Read complete after 0s [id=4f52d93cc67646a8bbde21c8fd4ed1c4]
2024/08/29 13:01:45 Terraform apply | module.cos[0].module.cos_instance[0].ibm_resource_instance.cos_instance[0]: Refreshing state... [id=crn:v1:bluemix:public:cloud-object-storage:global:a/85fbf4a5a3d148b1b75b59c610ecc811:935bb1c1-2bc1-4365-8b15-ec470335bb90::]
2024/08/29 13:01:45 Terraform apply | module.scc[0].ibm_resource_instance.scc_instance: Refreshing state... [id=crn:v1:bluemix:public:compliance:us-south:a/85fbf4a5a3d148b1b75b59c610ecc811:ef71ef26-0e3f-400a-b0ee-0e879ef2d29d::]
2024/08/29 13:01:45 Terraform apply | data.ibm_en_destinations.en_destinations[0]: Read complete after 0s [id=destinations/a32b0edb-ae37-488e-8fdc-69006089f50e]
2024/08/29 13:01:45 Terraform apply | module.kms[0].module.kms_keys["scc-cos-key-ring.scc-cos-key"].ibm_kms_key.key: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/85fbf4a5a3d148b1b75b59c610ecc811:c01fb421-74d0-49d5-bda2-e2be1f31cbe9:key:c57bea05-a1cd-4844-8bfa-338e7e006700]
2024/08/29 13:01:46 Terraform apply | module.scc[0].time_sleep.wait_for_scc_wp_authorization_policy: Refreshing state... [id=2024-08-28T17:45:04Z]
2024/08/29 13:01:46 Terraform apply | module.scc[0].ibm_iam_authorization_policy.scc_cos_s2s_access[0]: Refreshing state... [id=a0ce404e-068a-40ef-b2b7-701ec11b1bf0]
2024/08/29 13:01:46 Terraform apply | module.kms[0].module.kms_keys["scc-cos-key-ring.scc-cos-key"].ibm_kms_key_policies.root_key_policy[0]: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/85fbf4a5a3d148b1b75b59c610ecc811:c01fb421-74d0-49d5-bda2-e2be1f31cbe9:key:c57bea05-a1cd-4844-8bfa-338e7e006700]
2024/08/29 13:01:47 Terraform apply | module.scc[0].time_sleep.wait_for_scc_cos_authorization_policy: Refreshing state... [id=2024-08-28T17:45:05Z]
2024/08/29 13:01:47 Terraform apply | module.cos[0].module.buckets.ibm_iam_authorization_policy.policy[0]: Refreshing state... [id=c4ddc683-3fb6-4681-a771-12a234b46b6e]
2024/08/29 13:01:48 Terraform apply | module.cos[0].module.buckets.time_sleep.wait_for_authorization_policy[0]: Refreshing state... [id=2024-08-28T17:45:04Z]
2024/08/29 13:01:48 Terraform apply | module.cos[0].module.buckets.module.buckets["base-security-services-bucket"].random_string.bucket_name_suffix[0]: Refreshing state... [id=ogq6]
2024/08/29 13:01:49 Terraform apply | module.cos[0].module.buckets.module.buckets["base-security-services-bucket"].ibm_cos_bucket.cos_bucket[0]: Refreshing state... [id=crn:v1:bluemix:public:cloud-object-storage:global:a/85fbf4a5a3d148b1b75b59c610ecc811:935bb1c1-2bc1-4365-8b15-ec470335bb90:bucket:base-security-services-bucket-ogq6:meta:rl:us-south:private]
2024/08/29 13:01:50 Terraform apply | module.scc[0].ibm_scc_instance_settings.scc_instance_settings: Refreshing state... [id=ef71ef26-0e3f-400a-b0ee-0e879ef2d29d]
2024/08/29 13:01:51 Terraform apply | ibm_en_topic.en_topic[0]: Refreshing state... [id=a32b0edb-ae37-488e-8fdc-69006089f50e/fcc69347-6e50-4e2b-8b14-91f5998580a8]
2024/08/29 13:01:51 Terraform apply | module.create_profile_attachment["AI Security Guardrails 2.0"].data.ibm_scc_profiles.scc_profiles: Reading...
2024/08/29 13:01:55 Terraform apply | module.create_profile_attachment["AI Security Guardrails 2.0"].data.ibm_scc_profiles.scc_profiles: Read complete after 3s [id=ef71ef26-0e3f-400a-b0ee-0e879ef2d29d/profiles]
2024/08/29 13:01:55 Terraform apply | module.create_profile_attachment["AI Security Guardrails 2.0"].data.ibm_scc_profile.scc_profile: Reading...
2024/08/29 13:01:59 Terraform apply | module.create_profile_attachment["AI Security Guardrails 2.0"].data.ibm_scc_profile.scc_profile: Read complete after 4s [id=7e09c417-238b-4dca-b086-22170bcf13ea]
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply | Terraform used the selected providers to generate the following execution
2024/08/29 13:02:00 Terraform apply | plan. Resource actions are indicated with the following symbols:
2024/08/29 13:02:00 Terraform apply |   + create
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply | Terraform will perform the following actions:
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |   # module.create_profile_attachment["AI Security Guardrails 2.0"].ibm_scc_profile_attachment.scc_profile_attachment will be created
2024/08/29 13:02:00 Terraform apply |   + resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
2024/08/29 13:02:00 Terraform apply |       + account_id            = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + attachment_id         = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + created_by            = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + created_on            = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + description           = "SCC profile attachment scoped to your specific IBM Cloud account id 85fbf4a5a3d148b1b75b59c610ecc811 with a daily attachment schedule."
2024/08/29 13:02:00 Terraform apply |       + id                    = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + instance_id           = "ef71ef26-0e3f-400a-b0ee-0e879ef2d29d"
2024/08/29 13:02:00 Terraform apply |       + last_scan             = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + name                  = "1 daily full account attachment"
2024/08/29 13:02:00 Terraform apply |       + next_scan_time        = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + profile_attachment_id = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + profile_id            = "7e09c417-238b-4dca-b086-22170bcf13ea"
2024/08/29 13:02:00 Terraform apply |       + schedule              = "daily"
2024/08/29 13:02:00 Terraform apply |       + status                = "enabled"
2024/08/29 13:02:00 Terraform apply |       + updated_by            = (known after apply)
2024/08/29 13:02:00 Terraform apply |       + updated_on            = (known after apply)
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-045ae3bc-9f3a-46ac-b4e9-7bec574f66d0"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "check_enforced"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-064d9004-8728-4988-b19a-1805710466f6"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Number of IBM Cloud Hyper Protect Crypto Service units"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "hpcs_crypto_units"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['2', '3']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-0be41446-a0e7-46fb-8cbb-37bf413e0286"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Minimal number of loadbalancer zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "loadbalancer_min_lb_zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "3"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-0f7e7e60-a05c-43a7-be74-70615f14a342"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Security group rule for allowed port numbers to DNS"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "dns_port"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "53"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-11425765-ea68-47e7-b4e0-c443ec0cbd19"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "IP allowlist for Event Streams"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "allowed_ip"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "ip_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['192.168.1.0/24']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-115d9567-067d-48c0-80b5-71642e0217fb"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "check_enforced"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-28271605-31bb-4efa-b0ef-5f51adc77d90"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Enter the IP/CIDR list allowed for VPC inbound"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "inbound_allowed_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "ip_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['0.0.0.0/0']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-51e15d43-3946-4898-b593-02e16a988d8e"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Maximum number of days between vulnerability scans"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "scan_interval_max"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "3"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-574143f9-befe-4da1-a15e-af9437ed9ae7"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Hyper Protect Crypto Services regions"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "fs_cloud_regions"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['au-syd', 'br-sao', 'ca-tor', 'eu-de', 'eu-gb', 'jp-osa', 'jp-tok', 'us-east', 'us-south']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-61878b48-e181-455d-aed3-5730b6e27890"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "check_enforced"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-857646d8-23b8-4495-82a4-295ab399266e"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "At least one VPC created"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "number_of_vpcs"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "1"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-88f25dca-0e62-43c1-939e-f6637d23847f"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Minimum number of Worker node zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "worker_node_min_zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "3"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-898ff49d-1979-4b70-9a79-d303c88dea63"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Exclude interfaces with IP-spoofing from VPC"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "exclude_ip_spoofing_check"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['vm-qa-automation-prod']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-8c28c15e-c38f-410a-a883-a5f22a839176"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Number of transit gateways"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "number_of_transit_gateways"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "1"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-97b65986-fd31-459c-9a97-eaa6ad78944b"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "IP allowlist for COS"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "allowed_ip"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "ip_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['192.168.1.0/24']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-a61e9ad4-1c26-4998-8862-502f0b1c20f5"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "check_enforced"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-c0314fad-f377-465e-9f16-fa5aa3d5ebbe"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "IBM Cloud Network Interfaces count"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "vm_nic_count"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "1"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-c0f15737-b451-44d0-a0b6-649013a155bc"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Number of Direct Links"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "number_of_direct_links"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "2"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-c981bedc-1526-448c-836c-10b0e3a2b812"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Enter the IP/CIDR list allowed for VPC Outbound"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "outbound_allowed_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "ip_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['0.0.0.0/0']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-d42bbc4b-932f-4ffe-9b2b-8d64fe9cf63f"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "IBM Cloud Public Gateway permitted zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "public_gateway_permitted_zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['us-south-1', 'us-south-2', 'us-south-3', 'us-east-1', 'us-east-2', 'us-east-3', 'au-syd-1', 'au-syd-2', 'au-syd-3', 'eu-de-1', 'eu-de-2', 'eu-de-3', 'eu-gb-1', 'eu-gb-2']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-e17c4755-6cef-4e22-84aa-26cfa03b9559"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "check for cbr enforcement"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "check_enforced"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['cbr', 'service']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-e208d1c0-8ede-49f0-b4a3-4da3da738733"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "List of allowed tool integration services for toolchains"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "allowed_tool_integration_services"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "string_list"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "['artifactory', 'customtool', 'draservicebroker', 'githubconsolidated', 'gitlab', 'hashicorpvault', 'hostedgit', 'keyprotect', 'pagerduty', 'pipeline', 'private_worker', 'saucelabs', 'secretsmanager', 'security_compliance', 'slack', 'sonarqube']"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-f47c1c7d-cead-4f21-aa71-4fe7a307ae9b"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Minimum number of VPC zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "vpc_min_zones"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "3"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |       + attachment_parameters {
2024/08/29 13:02:00 Terraform apply |           + assessment_id          = "rule-fbaab096-6c43-4f7e-9655-5bc6b988b933"
2024/08/29 13:02:00 Terraform apply |           + assessment_type        = "automated"
2024/08/29 13:02:00 Terraform apply |           + parameter_display_name = "Count of admin users role in IBM watsonx project."
2024/08/29 13:02:00 Terraform apply |           + parameter_name         = "no_of_admin_users"
2024/08/29 13:02:00 Terraform apply |           + parameter_type         = "numeric"
2024/08/29 13:02:00 Terraform apply |           + parameter_value        = "2"
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |       + notifications {
2024/08/29 13:02:00 Terraform apply |           + enabled = false
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |           + controls {
2024/08/29 13:02:00 Terraform apply |               + failed_control_ids = []
2024/08/29 13:02:00 Terraform apply |               + threshold_limit    = 14
2024/08/29 13:02:00 Terraform apply |             }
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |       + scope {
2024/08/29 13:02:00 Terraform apply |           + environment = "ibm-cloud"
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply |           + properties {
2024/08/29 13:02:00 Terraform apply |               + name  = "scope_type"
2024/08/29 13:02:00 Terraform apply |               + value = "account"
2024/08/29 13:02:00 Terraform apply |             }
2024/08/29 13:02:00 Terraform apply |           + properties {
2024/08/29 13:02:00 Terraform apply |               + name  = "scope_id"
2024/08/29 13:02:00 Terraform apply |               + value = "85fbf4a5a3d148b1b75b59c610ecc811"
2024/08/29 13:02:00 Terraform apply |             }
2024/08/29 13:02:00 Terraform apply |         }
2024/08/29 13:02:00 Terraform apply |     }
2024/08/29 13:02:00 Terraform apply |
 2024/08/29 13:02:00 Terraform apply | Plan: 1 to add, 0 to change, 0 to destroy.
2024/08/29 13:02:04 Terraform apply | module.create_profile_attachment["AI Security Guardrails 2.0"].ibm_scc_profile_attachment.scc_profile_attachment: Creating...
2024/08/29 13:02:07 Terraform apply |
 2024/08/29 13:02:07 Terraform apply | Error: CreateAttachmentWithContext failed Necessary attachment parameters are not available to create or update attachment.
2024/08/29 13:02:07 Terraform apply | {
2024/08/29 13:02:07 Terraform apply |     "StatusCode": 400,
2024/08/29 13:02:07 Terraform apply |     "Headers": {
2024/08/29 13:02:07 Terraform apply |         "Cache-Control": [
2024/08/29 13:02:07 Terraform apply |             "no-store"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Cf-Cache-Status": [
2024/08/29 13:02:07 Terraform apply |             "DYNAMIC"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Cf-Ray": [
2024/08/29 13:02:07 Terraform apply |             "8bacbbc06b958d26-DFW"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Content-Length": [
2024/08/29 13:02:07 Terraform apply |             "176"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Content-Type": [
2024/08/29 13:02:07 Terraform apply |             "application/json; charset=utf-8"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Date": [
2024/08/29 13:02:07 Terraform apply |             "Thu, 29 Aug 2024 13:02:07 GMT"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Server": [
2024/08/29 13:02:07 Terraform apply |             "cloudflare"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Strict-Transport-Security": [
2024/08/29 13:02:07 Terraform apply |             "max-age=31536000; includeSubDomains"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "Transaction-Id": [
2024/08/29 13:02:07 Terraform apply |             "3c179d2d-2ef8-4e90-98e5-7c28462ac524"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "X-Content-Type-Options": [
2024/08/29 13:02:07 Terraform apply |             "nosniff"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "X-Correlation-Id": [
2024/08/29 13:02:07 Terraform apply |             "dc2a5c3f-e60a-44d2-a68c-373e92564bf5"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "X-Envoy-Upstream-Service-Time": [
2024/08/29 13:02:07 Terraform apply |             "2270"
2024/08/29 13:02:07 Terraform apply |         ],
2024/08/29 13:02:07 Terraform apply |         "X-Request-Id": [
2024/08/29 13:02:07 Terraform apply |             "18481f9d-7683-4313-bd05-8f81f7902f77"
2024/08/29 13:02:07 Terraform apply |         ]
2024/08/29 13:02:07 Terraform apply |     },
2024/08/29 13:02:07 Terraform apply |     "Result": {
2024/08/29 13:02:07 Terraform apply |         "errors": [
2024/08/29 13:02:07 Terraform apply |             {
2024/08/29 13:02:07 Terraform apply |                 "code": "bad_request",
2024/08/29 13:02:07 Terraform apply |                 "message": "Necessary attachment parameters are not available to create or update attachment."
2024/08/29 13:02:08 Terraform apply |             }
2024/08/29 13:02:08 Terraform apply |         ],
2024/08/29 13:02:08 Terraform apply |         "trace": "dc2a5c3f-e60a-44d2-a68c-373e92564bf5"
2024/08/29 13:02:08 Terraform apply |     },
2024/08/29 13:02:08 Terraform apply |     "RawResult": null
2024/08/29 13:02:08 Terraform apply | }
2024/08/29 13:02:08 Terraform apply |
 2024/08/29 13:02:08 Terraform apply |
 2024/08/29 13:02:08 Terraform apply |   with module.create_profile_attachment["AI Security Guardrails 2.0"].ibm_scc_profile_attachment.scc_profile_attachment,
2024/08/29 13:02:08 Terraform apply |   on .terraform/modules/create_profile_attachment/modules/attachment/main.tf line 43, in resource "ibm_scc_profile_attachment" "scc_profile_attachment":
2024/08/29 13:02:08 Terraform apply |   43: resource "ibm_scc_profile_attachment" "scc_profile_attachment" {
2024/08/29 13:02:08 Terraform apply |

[ocofaigh]

This is fixed in 1.69.0 - @hkantare you can close this

[hkantare]

Closing the issue