Skip to content

Latest commit

 

History

History

fscloud

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
version.tf
version.tf
 
 

README.md

Financial Services Cloud Profile

This is a profile for Event Notifications that meets Financial Services Cloud requirements. It has been scanned by IBM Code Risk Analyzer (CRA) and meets all applicable goals.

Usage

module "event_notification" {
  source                    = "terraform-ibm-modules/event-notifications//ibm/modules/fscloud"
  version                   = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id         = "a8cff104f1764e98aac9ab879198230a" # pragma: allowlist secret
  name                      = "event-notification-fs"
  existing_kms_instance_crn = "crn:v1:bluemix:public:hs-crypto:us-south:a/abac0df06b644a9cabc6e44f55b3880e:e6dce284-e80f-46e1-a3c1-830f7adff7a9::"
  root_key_id               = "76170fae-4e0c-48c3-8ebe-326059ebb533"
  kms_endpoint_url          = "https://e6dce284-e80f-46e1-a3c1-830f7adff7a9.api.private.us-south.hs-crypto.appdomain.cloud"
  tags                      = ["dev", "qa"]

  # Map of name, role for service credentials that you want to create for the event notification
  service_credential_names  = {
    "en_manager" : "Manager",
    "en_writer" : "Writer",
    "en_reader" : "Reader",
    "en_channel_editor" : "Channel Editor",
    "en_device_manager" : "Device Manager",
    "en_event_source_manager" : "Event Source Manager",
    "en_event_notifications_publisher" : "Event Notification Publisher",
    "en_status_reporter" : "Status Reporter",
    "en_email_sender" : "Email Sender",
    "en_custom_email_status_reporter" : "Custom Email Status Reporter",
  }
  region                    = "us-south"

  # COS Related
  cos_bucket_name         = "fs_cos_bucket"
  cos_instance_id         = "dhd2-2bdjd-2bdjd-asgd3"
  skip_en_cos_auth_policy = false
  cos_endpoint            = "https://s3.private.us-south.cloud-object-storage.appdomain.cloud"

  cbr_rules = [
    {
      description      = "Event notification access only from vpc"
      enforcement_mode = "enabled"
      account_id       = "defc0df06b644a9cabc6e44f55b3880s"
      rule_contexts = [{
        attributes = [
          {
            "name" : "endpointType",
            "value" : "private"
          },
          {
            name  = "networkZoneId"
            value = "93a51a1debe2674193217209601dde6f" # pragma: allowlist secret
        }]
      }]
    }
  ]
}

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.70.0, <2.0.0

Modules

Name Source Version
event_notification ../../ n/a

Resources

No resources.

Inputs

Name Description Type Default Required
cbr_rules The list of context-based restrictions rules to create. 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
  }))
 [] no
cos_bucket_name The name of an existing Object Storage bucket to use for the storage of failed delivery events. string null no
cos_endpoint The endpoint URL for your bucket region. Required if cos_integration_enabled is set to true. Learn more. string null no
cos_instance_id The ID of the IBM Cloud Object Storage instance in which the bucket that is defined in the cos_bucket_name variable exists. Required if cos_integration_enabled is set to true. string null no
cos_integration_enabled Whether to connect an Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events are captured. bool true no
existing_kms_instance_crn The CRN of the Hyper Protect Crypto Services or Key Protect instance. To ensure compliance with IBM Cloud Framework for Financial Services standards, it is required to use Hyper Protect Crypto Services only. string n/a yes
kms_endpoint_url The KMS endpoint URL to use when you configure KMS encryption. string n/a yes
name The name of the Event Notifications instance that is created by this module. string n/a yes
region The IBM Cloud region where the Event Notifications resource is created. Possible values: us-south (Dallas), eu-gb (London), eu-de (Frankfurt), au-syd (Sydney), eu-es (Madrid) string "us-south" no
resource_group_id The resource group ID to use when creating the Event Notifications instance. string n/a yes
root_key_id The key ID of a root key, existing in the KMS instance passed in var.existing_kms_instance_crn, which will be used to encrypt the data encryption keys which are then used to encrypt the data. string n/a yes
service_credential_names The mapping of names and roles for service credentials that you want to create for the Event Notifications instance. map(string) {} no
skip_en_cos_auth_policy Whether an IAM authorization policy is created for your Event Notifications instance to interact with your Object Storage bucket. Set to true to use an existing policy. Ignored if cos_integration_enabled is set to false. bool false no
skip_en_kms_auth_policy Set to true to skip the creation of an IAM authorization policy that permits all Event Notifications instances in the resource group reader access to the instance specified in the existing_kms_instance_guid variable. bool false no
tags The list of tags to add to the Event Notifications instance. list(string) [] no

Outputs

Name Description
crn Event notification instance crn
event_notification_instance_name Event Notification name
guid Event Notification guid
service_credentials_json Service credentials json map
service_credentials_object Service credentials json object