Skip to content

terraform-ibm-modules/terraform-ibm-scc

BranchesTags

Repository files navigation

IBM Security and Compliance Center module

Graduated (Supported) latest release pre-commit Renovate enabled semantic-release

This module configures an IBM Cloud Security and Compliance instance.

Overview

terraform-ibm-scc

Usage

module "create_scc_instance" {
  source            = "terraform-ibm-modules/scc/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  instance_name     = "my-scc-instance"
  plan              = "security-compliance-center-standard-plan"
  region            = "us-south"
  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • Security and Compliance Center service
      • Administrator platform access
  • IAM Services
    • Event Notifications service
      • Manager service access

Requirements

Name Version
terraform >= 1.3.0
ibm >=1.64.1, <2.0.0
time >= 0.9.1, <1.0.0

Modules

Name Source Version
cbr_rule terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module 1.28.1

Resources

Name Type
ibm_iam_authorization_policy.scc_cos_s2s_access resource
ibm_iam_authorization_policy.scc_wp_s2s_access resource
ibm_resource_instance.scc_instance resource
ibm_resource_tag.access_tags resource
ibm_scc_instance_settings.scc_instance_settings resource
ibm_scc_provider_type_instance.scc_provider_type_instance resource
time_sleep.wait_for_scc_cos_authorization_policy resource
time_sleep.wait_for_scc_wp_authorization_policy resource
ibm_iam_account_settings.iam_account_settings data source
ibm_resource_instance.scc_instance data source
ibm_scc_provider_types.scc_provider_types data source

Inputs

Name Description Type Default Required
access_tags A list of access tags applied to the resource instance created by the module list(string) [] no
attach_wp_to_scc_instance When set to true, a value must be passed for the wp_instance_crn input variable. bool false no
cbr_rules (Optional, list) List of CBR rules to create 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
  }))
 [] no
cos_bucket The name of the Cloud Object Storage bucket to be used in SCC instance. Required when creating a new SCC instance. string null no
cos_instance_crn CRN of the Cloud Object Storage to store SCC data. Required when creating a new SCC instance. string null no
en_instance_crn The CRN of Event Notifications instance to be used with SCC. If no value is provided, Event Notifications will not be enabled for this SCC instance string null no
existing_scc_instance_crn The CRN of an existing Security and Compliance Center instance. If not supplied, a new instance will be created. string null no
instance_name Name of the security and compliance instance that will be provisioned by this module string n/a yes
plan Pricing plan to create SCC instance. Options include security-compliance-center-standard-plan or security-compliance-center-trial-plan string "security-compliance-center-standard-plan" no
region Region where SCC instance will be created string "us-south" no
resource_group_id The id of the resource group to create the SCC instance string n/a yes
resource_tags A list of tags applied to the resources created by the module list(string) [] no
skip_cos_iam_authorization_policy Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this module to write access to the provided COS instance. This value will get ignored if an existing SCC instance is passed. bool false no
skip_scc_wp_auth_policy Set to true to skip the creation of an IAM authorization policy that permits the SCC instance created by this solution read access to the workload protection instance. Only used if attach_wp_to_scc_instance is set to true. bool false no
wp_instance_crn Optionally pass the CRN of an existing SCC Workload Protection instance to attach it to the SCC instance. string null no

Outputs

Name Description
crn The CRN of the SCC instance.
guid The GUID of the SCC instance.
id The id of the SCC instance.
location The location of the SCC instance.
name The name of the SCC instance.
plan The pricing plan of the SCC instance.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

Configures an IBM Cloud Security and Compliance instance

Topics

security scc terraform stable compliance core-team ibm-cloud terraform-module supported

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

17 watching

Forks

0 forks
Report repository

Releases 39

v1.8.19 Latest
Nov 10, 2024
+ 38 releases

Packages

No packages published

Contributors 11

Languages