search

terraform-ibm-modules / terraform-ibm-scc-workload-protection

Module that supports provisioning a Security and Compliance Center Workload Protection instance
Apache License 2.0
0 stars 0 forks source link
core-team ibm-cloud scc-workload-protection stable supported terraform terraform-module

readme

Security and Compliance Center Workload Protection module

Stable (With quality checks) latest release pre-commit Renovate enabled semantic-release

A module for provisioning an IBM Cloud Security and Compliance Center Workload Protection instance. The module will always create a Manager resource key that connects to the SCC WP instance.

Overview

terraform-ibm-scc-workload-protection

Usage

module "scc_wp" {
  source                        = "terraform-ibm-modules/scc-workload-protection/ibm"
  version                       = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  name                          = "my-scc-wp-service"
  region                        = "us-south"
  resource_group_id             = "65xxxxxxxxxxxxxxxa3fd"
  resource_key_tags             = ["scc-wp-tag"]
  cloud_monitoring_instance_crn = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"
}

Required IAM access policies

You need the following permissions to run this module.

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.58.1, <2.0.0

Modules

Name Source Version
cbr_rule terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module 1.24.0

Resources

Name Type
ibm_resource_instance.scc_wp resource
ibm_resource_key.scc_wp_resource_key resource
ibm_resource_tag.scc_wp_access_tag resource

Inputs

Name Description Type Default Required
access_tags A list of access tags to apply to the SCC WP instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. list(string) [] no
cbr_rules The list of context-based restriction rules to create. 
list(object({
    description = string
    account_id  = string
    tags = optional(list(object({
      name  = string
      value = string
    })), [])
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
  }))
 [] no
cloud_monitoring_instance_crn The CRN of an IBM Cloud Monitoring instance to connect to the SCC Workload Protection instance. string null no
name The name to give the SCC Workload Protection instance that will be provisioned by this module. string n/a yes
region IBM Cloud region where all resources will be deployed string "us-south" no
resource_group_id The resource group ID where resources will be provisioned. string n/a yes
resource_key_name The name to give the IBM Cloud SCC WP resource key. string "SCCWPManagerKey" no
resource_key_tags Tags associated with the IBM Cloud SCC WP resource key. list(string) [] no
resource_tags Optional list of tags to be added to created SCC WP instance. list(string) [] no
scc_wp_service_plan IBM service pricing plan. string "free-trial" no

Outputs

Name Description
access_key Workload Protection instance access key.
api_endpoint API endpoint.
crn CRN of created SCC WP instance.
guid GUID of created SCC WP instance.
id ID of created SCC WP instance.
ingestion_endpoint Ingestion endpoint.
name Name of created SCC WP instance.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.