IBM Security and Compliance Center module
-brightgreen){kind=icon}
This module configures an IBM Cloud Security and Compliance instance.
Overview
terraform-ibm-scc
Usage
module "create_scc_instance" {
source = "terraform-ibm-modules/scc/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
instance_name = "my-scc-instance"
plan = "security-compliance-center-standard-plan"
region = "us-south"
resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
}Required IAM access policies
You need the following permissions to run this module.
- Account Management
- Security and Compliance Center service
Administratorplatform access
- Security and Compliance Center service
- IAM Services
- Event Notifications service
Managerservice access
- Event Notifications service
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.3.0 |
| ibm | >=1.64.1, <2.0.0 |
| time | >= 0.9.1, <1.0.0 |
Modules
| Name | Source | Version |
|---|---|---|
| cbr_rule | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.27.0 |
Resources
| Name | Type |
|---|---|
| ibm_iam_authorization_policy.scc_cos_s2s_access | resource |
| ibm_iam_authorization_policy.scc_wp_s2s_access | resource |
| ibm_resource_instance.scc_instance | resource |
| ibm_resource_tag.access_tags | resource |
| ibm_scc_instance_settings.scc_instance_settings | resource |
| ibm_scc_provider_type_instance.scc_provider_type_instance | resource |
| time_sleep.wait_for_scc_cos_authorization_policy | resource |
| time_sleep.wait_for_scc_wp_authorization_policy | resource |
| ibm_iam_account_settings.iam_account_settings | data source |
| ibm_resource_instance.scc_instance | data source |
| ibm_scc_provider_types.scc_provider_types | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_tags | A list of access tags applied to the resource instance created by the module | list(string) |
[] |
no |
| attach_wp_to_scc_instance | When set to true, a value must be passed for the wp_instance_crn input variable. |
bool |
false |
no |
| cbr_rules | (Optional, list) List of CBR rules to create | list(object({ |
[] |
no |
| cos_bucket | The name of the Cloud Object Storage bucket to be used in SCC instance. Required when creating a new SCC instance. | string |
null |
no |
| cos_instance_crn | CRN of the Cloud Object Storage to store SCC data. Required when creating a new SCC instance. | string |
null |
no |
| en_instance_crn | The CRN of Event Notifications instance to be used with SCC. If no value is provided, Event Notifications will not be enabled for this SCC instance | string |
null |
no |
| existing_scc_instance_crn | The CRN of an existing Security and Compliance Center instance. If not supplied, a new instance will be created. | string |
null |
no |
| instance_name | Name of the security and compliance instance that will be provisioned by this module | string |
n/a | yes |
| plan | Pricing plan to create SCC instance. Options include security-compliance-center-standard-plan or security-compliance-center-trial-plan | string |
"security-compliance-center-standard-plan" |
no |
| region | Region where SCC instance will be created | string |
"us-south" |
no |
| resource_group_id | The id of the resource group to create the SCC instance | string |
n/a | yes |
| resource_tags | A list of tags applied to the resources created by the module | list(string) |
[] |
no |
| skip_cos_iam_authorization_policy | Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this module to write access to the provided COS instance | bool |
false |
no |
| skip_scc_wp_auth_policy | Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this solution read access to the workload protection instance. Only used if attach_wp_to_scc_instance is set to true. |
bool |
false |
no |
| wp_instance_crn | Optionally pass the CRN of an existing SCC Workload Protection instance to attach it to the SCC instance. | string |
null |
no |
Outputs
| Name | Description |
|---|---|
| crn | The CRN of the SCC instance. |
| guid | The GUID of the SCC instance. |
| id | The id of the SCC instance. |
| location | The location of the SCC instance. |
| name | The name of the SCC instance. |
| plan | The pricing plan of the SCC instance. |
Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.