{"id":15065529,"url":"https://github.com/terraform-ibm-modules/terraform-ibm-cloudability-onboarding","last_synced_at":"2026-01-02T09:39:22.243Z","repository":{"id":255510661,"uuid":"849970549","full_name":"terraform-ibm-modules/terraform-ibm-cloudability-onboarding","owner":"terraform-ibm-modules","description":"A deployable architecture which will fully onboard a standard or enterprise IBM Cloud account to IBM Cloudability.","archived":false,"fork":false,"pushed_at":"2024-12-22T16:47:44.000Z","size":664,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-12-26T15:04:03.714Z","etag":null,"topics":["deployable-architecture","ibm-cloud","terraform","terraform-module"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-ibm-modules.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-30T16:05:01.000Z","updated_at":"2024-12-26T14:56:33.000Z","dependencies_parsed_at":"2024-09-25T00:39:33.462Z","dependency_job_id":"cea6a5ea-e179-4d11-a08c-a0ec3110d359","html_url":"https://github.com/terraform-ibm-modules/terraform-ibm-cloudability-onboarding","commit_stats":null,"previous_names":["terraform-ibm-modules/terraform-ibm-apptio-cloudability-onboarding","terraform-ibm-modules/terraform-ibm-cloudability-onboarding"],"tags_count":30,"template":false,"template_full_name":"terraform-ibm-modules/terraform-ibm-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-ibm-modules","download_url":"https://codeload.github.com/terraform-ibm-modules/terraform-ibm-cloudability-onboarding/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243835942,"owners_count":20355611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deployable-architecture","ibm-cloud","terraform","terraform-module"],"created_at":"2024-09-25T00:40:06.132Z","updated_at":"2026-01-02T09:39:22.230Z","avatar_url":"https://github.com/terraform-ibm-modules.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- Update this title with a descriptive name. Use sentence case. --\u003e\n# IBM Cloudability onboarding Deployable Architecture (DA)\n\n\n\u003c!--\nUpdate status and \"latest release\" badges:\n  1. For the status options, see https://terraform-ibm-modules.github.io/documentation/#/badge-status\n  2. Update the \"latest release\" badge to point to the correct module's repo. Replace \"terraform-ibm-module-template\" in two places.\n--\u003e\n[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)\n[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-cloudability-onboarding?logo=GitHub\u0026sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-cloudability-onboarding/releases/latest)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n\nThis Deployable Architecture will fully onboard a standard IBM Cloud account or an entire IBM Cloud enterprise to IBM Cloudability. The DA performs the following actions:\n\n- Creates an encrypted Object Storage bucket to store billing reports\n- Enables daily Billing Report exports to the Object Storage bucket\n- Grants Cloudability access to read the billing reports from the bucket for ingestion\n    - *If the account is an enterprise*: Grants cloudability access to read the list of child accounts in the enterprise\n    - Cloudability access is controlled in a custom role so only the minimum access is given.\n- Adds the IBM Cloud account/enterprise to IBM Cloudability\n\n:exclamation: **Important:** This Deployable Architecture solutions is not intended to be called by other modules because it contains a provider configuration and is therefor not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers)\n\n\n\u003c!-- The following content is automatically populated by the pre-commit hook --\u003e\n\u003c!-- BEGIN OVERVIEW HOOK --\u003e\n## Overview\n* [terraform-ibm-cloudability-onboarding](#terraform-ibm-cloudability-onboarding)\n* [Submodules](./modules)\n    * [billing-exports](./modules/billing-exports)\n    * [cloudability-bucket-access](./modules/cloudability-bucket-access)\n    * [cloudability-enterprise-access](./modules/cloudability-enterprise-access)\n    * [cloudability-onboarding](./modules/cloudability-onboarding)\n    * [data-resource-instance-by-id](./modules/data-resource-instance-by-id)\n    * [encrypted_cos_bucket](./modules/encrypted_cos_bucket)\n    * [frontdoor-opentoken](./modules/frontdoor-opentoken)\n* [Contributing](#contributing)\n\u003c!-- END OVERVIEW HOOK --\u003e\n\n\u003c!--\nIf this repo contains any reference architectures, uncomment the heading below and link to them.\n(Usually in the `/reference-architectures` directory.)\nSee \"Reference architecture\" in the public documentation at\nhttps://terraform-ibm-modules.github.io/documentation/#/implementation-guidelines?id=reference-architecture\n--\u003e\n## Reference architectures\n\n![cloudability-all-inclusive-onboarding](./reference-architectures/cloudability-all-inclusive-onboarding.svg)\n\n\u003c!-- This heading should always match the name of the root level module (aka the repo name) --\u003e\n## terraform-ibm-cloudability-onboarding\n\n### Required IAM access policies\n\n\u003c!-- PERMISSIONS REQUIRED TO RUN MODULE\nIf this module requires permissions, uncomment the following block and update\nthe sample permissions, following the format.\nReplace the sample Account and IBM Cloud service names and roles with the\ninformation in the console at\nManage \u003e Access (IAM) \u003e Access groups \u003e Access policies.\n--\u003e\n\n\nYou need the following permissions to run this module:\n\n- IAM services\n    - **Cloud Object Storage** service\n        - `Administrator` platform access\n        - `Manager`, `ObjectReader` service access\n    - **Key Protect** service\n        - `Editor` platform access\n        - `Manager` service access\n- Account management services\n    - **Billing** service\n        - `Administrator` platform access\n    - **Enterprise** service (only for enterprise accounts ie. `is_enterprise_account` is true)\n        - `Administrator` platform access\n    - **IAM Access Management** service\n        - `Administrator` platform access\n    - **All Account Management** service (only if `use_existing_resource_group` is true)\n        - `Administrator` platform access\n\n\u003c!-- NO PERMISSIONS FOR MODULE\nIf no permissions are required for the module, uncomment the following\nstatement instead the previous block.\n--\u003e\n\n\u003c!-- No permissions are needed to run this module.--\u003e\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n### Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e=1.9.0 |\n| \u003ca name=\"requirement_cloudability\"\u003e\u003c/a\u003e [cloudability](#requirement\\_cloudability) | 0.0.40 |\n| \u003ca name=\"requirement_ibm\"\u003e\u003c/a\u003e [ibm](#requirement\\_ibm) | 1.79.2 |\n| \u003ca name=\"requirement_restapi\"\u003e\u003c/a\u003e [restapi](#requirement\\_restapi) | 2.0.1 |\n\n### Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_billing_exports\"\u003e\u003c/a\u003e [billing\\_exports](#module\\_billing\\_exports) | ./modules/billing-exports | n/a |\n| \u003ca name=\"module_cbr_zone_additional\"\u003e\u003c/a\u003e [cbr\\_zone\\_additional](#module\\_cbr\\_zone\\_additional) | terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module | 1.29.0 |\n| \u003ca name=\"module_cbr_zone_cloudability\"\u003e\u003c/a\u003e [cbr\\_zone\\_cloudability](#module\\_cbr\\_zone\\_cloudability) | terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module | 1.29.0 |\n| \u003ca name=\"module_cbr_zone_cos\"\u003e\u003c/a\u003e [cbr\\_zone\\_cos](#module\\_cbr\\_zone\\_cos) | terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module | 1.29.0 |\n| \u003ca name=\"module_cbr_zone_ibmcloud_billing\"\u003e\u003c/a\u003e [cbr\\_zone\\_ibmcloud\\_billing](#module\\_cbr\\_zone\\_ibmcloud\\_billing) | terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module | 1.29.0 |\n| \u003ca name=\"module_cbr_zone_schematics\"\u003e\u003c/a\u003e [cbr\\_zone\\_schematics](#module\\_cbr\\_zone\\_schematics) | terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module | 1.29.0 |\n| \u003ca name=\"module_cloudability_bucket_access\"\u003e\u003c/a\u003e [cloudability\\_bucket\\_access](#module\\_cloudability\\_bucket\\_access) | ./modules/cloudability-bucket-access | n/a |\n| \u003ca name=\"module_cloudability_enterprise_access\"\u003e\u003c/a\u003e [cloudability\\_enterprise\\_access](#module\\_cloudability\\_enterprise\\_access) | ./modules/cloudability-enterprise-access | n/a |\n| \u003ca name=\"module_cloudability_onboarding\"\u003e\u003c/a\u003e [cloudability\\_onboarding](#module\\_cloudability\\_onboarding) | ./modules/cloudability-onboarding | n/a |\n| \u003ca name=\"module_cos_bucket\"\u003e\u003c/a\u003e [cos\\_bucket](#module\\_cos\\_bucket) | ./modules/encrypted_cos_bucket | n/a |\n| \u003ca name=\"module_cos_instance\"\u003e\u003c/a\u003e [cos\\_instance](#module\\_cos\\_instance) | ./modules/data-resource-instance-by-id | n/a |\n| \u003ca name=\"module_frontdoor_auth\"\u003e\u003c/a\u003e [frontdoor\\_auth](#module\\_frontdoor\\_auth) | ./modules/frontdoor-opentoken | n/a |\n| \u003ca name=\"module_resource_group\"\u003e\u003c/a\u003e [resource\\_group](#module\\_resource\\_group) | terraform-ibm-modules/resource-group/ibm | 1.2.1 |\n\n### Resources\n\n| Name | Type |\n|------|------|\n| [ibm_enterprises.enterprises](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/enterprises) | data source |\n| [ibm_iam_account_settings.billing_exports_account](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/iam_account_settings) | data source |\n| [ibm_iam_auth_token.tokendata](https://registry.terraform.io/providers/IBM-Cloud/ibm/1.79.2/docs/data-sources/iam_auth_token) | data source |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_access_tags\"\u003e\u003c/a\u003e [access\\_tags](#input\\_access\\_tags) | A list of access tags to apply to the cos instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | `list(string)` | `[]` | no |\n| \u003ca name=\"input_activity_tracker_management_events\"\u003e\u003c/a\u003e [activity\\_tracker\\_management\\_events](#input\\_activity\\_tracker\\_management\\_events) | If set to true, all Object Storage management events will be sent to Activity Tracker. | `bool` | `true` | no |\n| \u003ca name=\"input_activity_tracker_read_data_events\"\u003e\u003c/a\u003e [activity\\_tracker\\_read\\_data\\_events](#input\\_activity\\_tracker\\_read\\_data\\_events) | If set to true, all Object Storage bucket read events (downloads) will be sent to Activity Tracker. | `bool` | `true` | no |\n| \u003ca name=\"input_activity_tracker_write_data_events\"\u003e\u003c/a\u003e [activity\\_tracker\\_write\\_data\\_events](#input\\_activity\\_tracker\\_write\\_data\\_events) | If set to true, all Object Storage bucket read events (downloads) will be sent to Activity Tracker. | `bool` | `true` | no |\n| \u003ca name=\"input_add_bucket_name_suffix\"\u003e\u003c/a\u003e [add\\_bucket\\_name\\_suffix](#input\\_add\\_bucket\\_name\\_suffix) | Add random generated suffix (4 characters long) to the newly provisioned Object Storage bucket name (Optional). | `bool` | `true` | no |\n| \u003ca name=\"input_additional_allowed_cbr_bucket_ip_addresses\"\u003e\u003c/a\u003e [additional\\_allowed\\_cbr\\_bucket\\_ip\\_addresses](#input\\_additional\\_allowed\\_cbr\\_bucket\\_ip\\_addresses) | A list of CBR zone IP addresses, which are permitted to access the bucket.  This zone typically represents the IP addresses for your company or workstation to allow access to view the contents of the bucket. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_archive_days\"\u003e\u003c/a\u003e [archive\\_days](#input\\_archive\\_days) | Specifies the number of days when the archive rule action takes effect. A value of `null` disables archiving. A value of `0` immediately archives uploaded objects to the bucket. | `number` | `null` | no |\n| \u003ca name=\"input_archive_type\"\u003e\u003c/a\u003e [archive\\_type](#input\\_archive\\_type) | Specifies the storage class or archive type to which you want the object to transition. | `string` | `\"Glacier\"` | no |\n| \u003ca name=\"input_bucket_name\"\u003e\u003c/a\u003e [bucket\\_name](#input\\_bucket\\_name) | The name to give the newly provisioned Object Storage bucket. | `string` | `\"billing-reports\"` | no |\n| \u003ca name=\"input_bucket_storage_class\"\u003e\u003c/a\u003e [bucket\\_storage\\_class](#input\\_bucket\\_storage\\_class) | The storage class of the newly provisioned Object Storage bucket. Supported values are 'standard', 'vault', 'cold', 'smart' and `onerate_active`. | `string` | `\"standard\"` | no |\n| \u003ca name=\"input_cbr_additional_zone_name\"\u003e\u003c/a\u003e [cbr\\_additional\\_zone\\_name](#input\\_cbr\\_additional\\_zone\\_name) | Name of the CBR zone that corresponds to the ip address range set in `additional_allowed_cbr_bucket_ip_addresses`. | `string` | `\"additional-billing-reports-bucket-access\"` | no |\n| \u003ca name=\"input_cbr_billing_zone_name\"\u003e\u003c/a\u003e [cbr\\_billing\\_zone\\_name](#input\\_cbr\\_billing\\_zone\\_name) | Name of the CBR zone which represents IBM Cloud billing. See [What are CBRs?](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis) | `string` | `\"billing-reports-bucket-writer\"` | no |\n| \u003ca name=\"input_cbr_cloudability_zone_name\"\u003e\u003c/a\u003e [cbr\\_cloudability\\_zone\\_name](#input\\_cbr\\_cloudability\\_zone\\_name) | Name of the CBR zone which represents IBM Cloudability. See [What are CBRs?](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis) | `string` | `\"cldy-reports-bucket-reader\"` | no |\n| \u003ca name=\"input_cbr_cos_zone_name\"\u003e\u003c/a\u003e [cbr\\_cos\\_zone\\_name](#input\\_cbr\\_cos\\_zone\\_name) | Name of the CBR zone which represents Cloud Object Storage service. See [What are CBRs?](https://cloud.ibm.com/docs/account?topic=account-context-restrictions-whatis) | `string` | `\"cldy-reports-object-storage\"` | no |\n| \u003ca name=\"input_cbr_enforcement_mode\"\u003e\u003c/a\u003e [cbr\\_enforcement\\_mode](#input\\_cbr\\_enforcement\\_mode) | The rule enforcement mode: * enabled - The restrictions are enforced and reported. This is the default. * disabled - The restrictions are disabled. Nothing is enforced or reported. * report - The restrictions are evaluated and reported, but not enforced. | `string` | `\"enabled\"` | no |\n| \u003ca name=\"input_cbr_schematics_zone_name\"\u003e\u003c/a\u003e [cbr\\_schematics\\_zone\\_name](#input\\_cbr\\_schematics\\_zone\\_name) | Name of the CBR zone which represents Schematics. The schematics zone allows Projects to access and manage the Object Storage bucket. | `string` | `\"schematics-reports-bucket-management\"` | no |\n| \u003ca name=\"input_cloudability_api_key\"\u003e\u003c/a\u003e [cloudability\\_api\\_key](#input\\_cloudability\\_api\\_key) | Cloudability API Key. Retrieve your Api Key from https://app.apptio.com/cloudability#/settings/preferences under the section **Cloudability API** select **Enable API** which will generate an api key. Setting this value to __NULL__ will skip adding the IBM Cloud account to Cloudability and only configure IBM Cloud so that the IBM Cloud Account can be added to Cloudability manually | `string` | `null` | no |\n| \u003ca name=\"input_cloudability_auth_type\"\u003e\u003c/a\u003e [cloudability\\_auth\\_type](#input\\_cloudability\\_auth\\_type) | Select Cloudability authentication mode. Options are:\u003cbr/\u003e\u003cbr/\u003e* `none`: no connection to Cloudability\u003cbr/\u003e* `manual`: manually enter in the credentials in the Cloudability UI\u003cbr/\u003e* `api_key`: use Cloudability API Keys\u003cbr/\u003e* `frontdoor`: Frontdoor Access Administration | `string` | `\"api_key\"` | no |\n| \u003ca name=\"input_cloudability_environment_id\"\u003e\u003c/a\u003e [cloudability\\_environment\\_id](#input\\_cloudability\\_environment\\_id) | An ID corresponding to your FrontDoor environment. Required if `cloudability_auth_type` = `frontdoor` | `string` | `null` | no |\n| \u003ca name=\"input_cloudability_host\"\u003e\u003c/a\u003e [cloudability\\_host](#input\\_cloudability\\_host) | IBM Cloudability host name as described in https://help.apptio.com/en-us/cloudability/api/v3/getting%20started%20with%20the%20cloudability.htm | `string` | `\"api.cloudability.com\"` | no |\n| \u003ca name=\"input_cloudability_iam_custom_role_name\"\u003e\u003c/a\u003e [cloudability\\_iam\\_custom\\_role\\_name](#input\\_cloudability\\_iam\\_custom\\_role\\_name) | Name of the custom role which grants access to the Cloudability service id to read the billing reports from the object storage bucket | `string` | `\"CloudabilityStorageCustomRole\"` | no |\n| \u003ca name=\"input_cloudability_iam_enterprise_custom_role_name\"\u003e\u003c/a\u003e [cloudability\\_iam\\_enterprise\\_custom\\_role\\_name](#input\\_cloudability\\_iam\\_enterprise\\_custom\\_role\\_name) | Name of the custom role which grants access to the Cloudability service ID to read the enterprise information. Only used if `is_enterprise_account` is `true`. | `string` | `\"CloudabilityListAccCustomRole\"` | no |\n| \u003ca name=\"input_cos_folder\"\u003e\u003c/a\u003e [cos\\_folder](#input\\_cos\\_folder) | Folder in the Object Storage bucket to store the account data | `string` | `\"IBMCloud-Billing-Reports\"` | no |\n| \u003ca name=\"input_cos_instance_name\"\u003e\u003c/a\u003e [cos\\_instance\\_name](#input\\_cos\\_instance\\_name) | The name to give the Cloud Object Storage instance that will be provisioned by this module. Only required if 'create\\_cos\\_instance' is true. | `string` | `\"billing-report-exports\"` | no |\n| \u003ca name=\"input_cos_plan\"\u003e\u003c/a\u003e [cos\\_plan](#input\\_cos\\_plan) | Plan to be used for creating Cloud Object Storage instance. Only used if 'create\\_cos\\_instance' is true. | `string` | `\"cos-one-rate-plan\"` | no |\n| \u003ca name=\"input_cross_region_location\"\u003e\u003c/a\u003e [cross\\_region\\_location](#input\\_cross\\_region\\_location) | Specify the cross-regional bucket location. Supported values are 'us', 'eu', and 'ap'. If you pass a value for this, ensure to set the value of var.region to null. | `string` | `null` | no |\n| \u003ca name=\"input_enable_billing_exports\"\u003e\u003c/a\u003e [enable\\_billing\\_exports](#input\\_enable\\_billing\\_exports) | Whether billing exports should be enabled | `bool` | `true` | no |\n| \u003ca name=\"input_enable_cloudability_access\"\u003e\u003c/a\u003e [enable\\_cloudability\\_access](#input\\_enable\\_cloudability\\_access) | Whether to grant cloudability access to read the billing reports | `bool` | `true` | no |\n| \u003ca name=\"input_enterprise_id\"\u003e\u003c/a\u003e [enterprise\\_id](#input\\_enterprise\\_id) | The ID of the enterprise. If `__NULL__` then it is automatically retrieved if `is_enterprise_account` is `true`. Providing this value reduces the access policies that are required to run the DA. | `string` | `null` | no |\n| \u003ca name=\"input_existing_allowed_cbr_bucket_zone_id\"\u003e\u003c/a\u003e [existing\\_allowed\\_cbr\\_bucket\\_zone\\_id](#input\\_existing\\_allowed\\_cbr\\_bucket\\_zone\\_id) | An extra CBR zone ID which is permitted to access the bucket.  This zone typically represents the ip addresses for your company or workstation to allow access to view the contents of the bucket. It can be used as an alternative to `additional_allowed_cbr_bucket_ip_addresses` in the case that a zone exists. | `string` | `null` | no |\n| \u003ca name=\"input_existing_cos_instance_id\"\u003e\u003c/a\u003e [existing\\_cos\\_instance\\_id](#input\\_existing\\_cos\\_instance\\_id) | The ID of an existing Cloud Object Storage instance. Required if 'var.create\\_cos\\_instance' is false. | `string` | `null` | no |\n| \u003ca name=\"input_existing_kms_instance_crn\"\u003e\u003c/a\u003e [existing\\_kms\\_instance\\_crn](#input\\_existing\\_kms\\_instance\\_crn) | The CRN of an existing Key Protect or Hyper Protect Crypto Services instance. Required if 'create\\_key\\_protect\\_instance' is false. | `string` | `null` | no |\n| \u003ca name=\"input_expire_days\"\u003e\u003c/a\u003e [expire\\_days](#input\\_expire\\_days) | Specifies the number of days when the expire rule action takes effect. | `number` | `3` | no |\n| \u003ca name=\"input_frontdoor_public_key\"\u003e\u003c/a\u003e [frontdoor\\_public\\_key](#input\\_frontdoor\\_public\\_key) | The public key that is used along with the `frontdoor_secret_key` to authenticate requests to Cloudability. Only required if `cloudability_auth_type` is `frontdoor`. See [acquiring an Access Administration API key](/docs/track-spend-with-cloudability?topic=track-spend-with-cloudability-planning#frontdoor-api-key) for steps to create your credentials. | `string` | `null` | no |\n| \u003ca name=\"input_frontdoor_secret_key\"\u003e\u003c/a\u003e [frontdoor\\_secret\\_key](#input\\_frontdoor\\_secret\\_key) | The secret key that is used along with the `frontdoor_public_key` to authenticate requests to Cloudability. Only required if `cloudability_auth_type` is `frontdoor`.  See [acquiring an Access Administration API key](/docs/track-spend-with-cloudability?topic=track-spend-with-cloudability-planning#frontdoor-api-key) for steps to create your credentials. | `string` | `null` | no |\n| \u003ca name=\"input_ibmcloud_api_key\"\u003e\u003c/a\u003e [ibmcloud\\_api\\_key](#input\\_ibmcloud\\_api\\_key) | The IBM Cloud API key corresponding to the cloud account that will be added to Cloudability. For enterprise accounts this should be the primary enterprise account | `string` | n/a | yes |\n| \u003ca name=\"input_is_enterprise_account\"\u003e\u003c/a\u003e [is\\_enterprise\\_account](#input\\_is\\_enterprise\\_account) | Whether the account corresponding to the `ibmcloud_api_key` is an enterprise account and, if so, is the primary account within the enterprise | `bool` | `false` | no |\n| \u003ca name=\"input_key_name\"\u003e\u003c/a\u003e [key\\_name](#input\\_key\\_name) | Name of the Object Storage bucket encryption key | `string` | `null` | no |\n| \u003ca name=\"input_key_protect_allowed_network\"\u003e\u003c/a\u003e [key\\_protect\\_allowed\\_network](#input\\_key\\_protect\\_allowed\\_network) | The type of the allowed network to be set for the Key Protect instance. Possible values are 'private-only', or 'public-and-private'. Only used if 'create\\_key\\_protect\\_instance' is true. | `string` | `\"public-and-private\"` | no |\n| \u003ca name=\"input_key_protect_instance_name\"\u003e\u003c/a\u003e [key\\_protect\\_instance\\_name](#input\\_key\\_protect\\_instance\\_name) | Key Protect instance name | `string` | `\"cloudability-bucket-encryption\"` | no |\n| \u003ca name=\"input_key_ring_name\"\u003e\u003c/a\u003e [key\\_ring\\_name](#input\\_key\\_ring\\_name) | Name of the key ring to group keys | `string` | `\"bucket-encryption\"` | no |\n| \u003ca name=\"input_kms_endpoint_type\"\u003e\u003c/a\u003e [kms\\_endpoint\\_type](#input\\_kms\\_endpoint\\_type) | The type of endpoint to be used for management of key protect. | `string` | `\"public\"` | no |\n| \u003ca name=\"input_kms_rotation_enabled\"\u003e\u003c/a\u003e [kms\\_rotation\\_enabled](#input\\_kms\\_rotation\\_enabled) | If set to true, Key Protect enables a rotation policy on the Key Protect instance. Only used if 'create\\_key\\_protect\\_instance' is true. | `bool` | `true` | no |\n| \u003ca name=\"input_kms_rotation_interval_month\"\u003e\u003c/a\u003e [kms\\_rotation\\_interval\\_month](#input\\_kms\\_rotation\\_interval\\_month) | Specifies the number of months for the encryption key to be rotated.. Must be between 1 and 12 inclusive. | `number` | `1` | no |\n| \u003ca name=\"input_management_endpoint_type_for_bucket\"\u003e\u003c/a\u003e [management\\_endpoint\\_type\\_for\\_bucket](#input\\_management\\_endpoint\\_type\\_for\\_bucket) | The type of endpoint for the IBM terraform provider to use to manage the bucket. (public, private, or direct) | `string` | `\"public\"` | no |\n| \u003ca name=\"input_monitoring_crn\"\u003e\u003c/a\u003e [monitoring\\_crn](#input\\_monitoring\\_crn) | The CRN of an IBM Cloud Monitoring instance to send Object Storage bucket metrics to. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. | `string` | `null` | no |\n| \u003ca name=\"input_object_versioning_enabled\"\u003e\u003c/a\u003e [object\\_versioning\\_enabled](#input\\_object\\_versioning\\_enabled) | Enable [object versioning](/docs/cloud-object-storage?topic=cloud-object-storage-versioning) to keep multiple versions of an object in a bucket. | `bool` | `false` | no |\n| \u003ca name=\"input_overwrite_existing_reports\"\u003e\u003c/a\u003e [overwrite\\_existing\\_reports](#input\\_overwrite\\_existing\\_reports) | A new version of report is created or the existing report version is overwritten with every update. | `bool` | `true` | no |\n| \u003ca name=\"input_policy_granularity\"\u003e\u003c/a\u003e [policy\\_granularity](#input\\_policy\\_granularity) | Whether access to the Object Storage bucket is controlled at the bucket (resource), cos instance (serviceInstance), or resource-group (resourceGroup). | `string` | `\"resource\"` | no |\n| \u003ca name=\"input_region\"\u003e\u003c/a\u003e [region](#input\\_region) | Region where resources are created | `string` | `\"us-south\"` | no |\n| \u003ca name=\"input_request_metrics_enabled\"\u003e\u003c/a\u003e [request\\_metrics\\_enabled](#input\\_request\\_metrics\\_enabled) | If set to `true`, all Object Storage bucket request metrics will be sent to the monitoring service. | `bool` | `true` | no |\n| \u003ca name=\"input_resource_group_name\"\u003e\u003c/a\u003e [resource\\_group\\_name](#input\\_resource\\_group\\_name) | The name of a new or existing resource group where resources are created | `string` | `\"cloudability-enablement\"` | no |\n| \u003ca name=\"input_resource_tags\"\u003e\u003c/a\u003e [resource\\_tags](#input\\_resource\\_tags) | Optional list of tags to be added to created resources | `list(string)` | `[]` | no |\n| \u003ca name=\"input_skip_cloudability_billing_policy\"\u003e\u003c/a\u003e [skip\\_cloudability\\_billing\\_policy](#input\\_skip\\_cloudability\\_billing\\_policy) | Whether policy which grants cloudability access to view the billing service. This may be true if the policy already exists because it was created by a previous run. | `bool` | `false` | no |\n| \u003ca name=\"input_skip_iam_authorization_policy\"\u003e\u003c/a\u003e [skip\\_iam\\_authorization\\_policy](#input\\_skip\\_iam\\_authorization\\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the Object Storage instance created to read the encryption key from the KMS instance in `existing_kms_instance_crn`. WARNING: An authorization policy must exist before an encrypted bucket can be created | `bool` | `false` | no |\n| \u003ca name=\"input_skip_verification\"\u003e\u003c/a\u003e [skip\\_verification](#input\\_skip\\_verification) | Whether to verify that the IBM Cloud account is successfully integrated with Cloudability. This step is not strictly necessary for adding the account to Cloudability. Only applicable when `cloudability_auth_type` is `api_key`. | `bool` | `false` | no |\n| \u003ca name=\"input_usage_metrics_enabled\"\u003e\u003c/a\u003e [usage\\_metrics\\_enabled](#input\\_usage\\_metrics\\_enabled) | If set to `true`, all Object Storage bucket usage metrics will be sent to the monitoring service. | `bool` | `true` | no |\n| \u003ca name=\"input_use_existing_iam_custom_role\"\u003e\u003c/a\u003e [use\\_existing\\_iam\\_custom\\_role](#input\\_use\\_existing\\_iam\\_custom\\_role) | Whether the iam\\_custom\\_roles should be created or if they already exist and they should be linked with a datasource | `bool` | `false` | no |\n| \u003ca name=\"input_use_existing_key_ring\"\u003e\u003c/a\u003e [use\\_existing\\_key\\_ring](#input\\_use\\_existing\\_key\\_ring) | Whether the `key_ring_name` corresponds to an existing key ring or a new key ring for storing the encryption key | `string` | `false` | no |\n| \u003ca name=\"input_use_existing_resource_group\"\u003e\u003c/a\u003e [use\\_existing\\_resource\\_group](#input\\_use\\_existing\\_resource\\_group) | Whether `resource_group_name` input represents the name of an existing resource group or a new resource group should be created | `bool` | `false` | no |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_bucket_account_cloudability_custom_role_display_name\"\u003e\u003c/a\u003e [bucket\\_account\\_cloudability\\_custom\\_role\\_display\\_name](#output\\_bucket\\_account\\_cloudability\\_custom\\_role\\_display\\_name) | Display name of the custom role that grants cloudability access to read the billing reports from the Object Storage bucket |\n| \u003ca name=\"output_bucket_cbr_rules\"\u003e\u003c/a\u003e [bucket\\_cbr\\_rules](#output\\_bucket\\_cbr\\_rules) | Object Storage bucket rules |\n| \u003ca name=\"output_bucket_crn\"\u003e\u003c/a\u003e [bucket\\_crn](#output\\_bucket\\_crn) | CRN of the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_bucket_id\"\u003e\u003c/a\u003e [bucket\\_id](#output\\_bucket\\_id) | ID of the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_bucket_name\"\u003e\u003c/a\u003e [bucket\\_name](#output\\_bucket\\_name) | Name of the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_bucket_region\"\u003e\u003c/a\u003e [bucket\\_region](#output\\_bucket\\_region) | CRN of the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_bucket_storage_class\"\u003e\u003c/a\u003e [bucket\\_storage\\_class](#output\\_bucket\\_storage\\_class) | Storage class of the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_cos_bucket_folder\"\u003e\u003c/a\u003e [cos\\_bucket\\_folder](#output\\_cos\\_bucket\\_folder) | Folder in the Object Storage bucket to store the account data |\n| \u003ca name=\"output_cos_cbr_rule_ids\"\u003e\u003c/a\u003e [cos\\_cbr\\_rule\\_ids](#output\\_cos\\_cbr\\_rule\\_ids) | List of all rule ids |\n| \u003ca name=\"output_cos_instance_guid\"\u003e\u003c/a\u003e [cos\\_instance\\_guid](#output\\_cos\\_instance\\_guid) | The GUID of the Cloud Object Storage instance where the billing reports bucket is created |\n| \u003ca name=\"output_cos_instance_id\"\u003e\u003c/a\u003e [cos\\_instance\\_id](#output\\_cos\\_instance\\_id) | The ID of the Cloud Object Storage instance where the billing reports bucket is created |\n| \u003ca name=\"output_cos_instance_name\"\u003e\u003c/a\u003e [cos\\_instance\\_name](#output\\_cos\\_instance\\_name) | Name of the Cloud Object Storage instance |\n| \u003ca name=\"output_enterprise_account_id\"\u003e\u003c/a\u003e [enterprise\\_account\\_id](#output\\_enterprise\\_account\\_id) | ID of the IBM Cloud account or, in the case of an enterprise, the ID of the primary account in the enterprise |\n| \u003ca name=\"output_enterprise_cloudability_custom_role_display_name\"\u003e\u003c/a\u003e [enterprise\\_cloudability\\_custom\\_role\\_display\\_name](#output\\_enterprise\\_cloudability\\_custom\\_role\\_display\\_name) | Display name of the custom role that grants cloudability access to read the enterprise accounts |\n| \u003ca name=\"output_enterprise_id\"\u003e\u003c/a\u003e [enterprise\\_id](#output\\_enterprise\\_id) | id of the enterprise if `is_enterprise_account` is enabled |\n| \u003ca name=\"output_key_protect_guid\"\u003e\u003c/a\u003e [key\\_protect\\_guid](#output\\_key\\_protect\\_guid) | ID of the Key Protect instance which contains the encryption key for the object storage bucket |\n| \u003ca name=\"output_key_protect_instance_policies\"\u003e\u003c/a\u003e [key\\_protect\\_instance\\_policies](#output\\_key\\_protect\\_instance\\_policies) | Instance Polices of the Key Protect instance |\n| \u003ca name=\"output_key_protect_name\"\u003e\u003c/a\u003e [key\\_protect\\_name](#output\\_key\\_protect\\_name) | Name of the Key Protect instance |\n| \u003ca name=\"output_key_rings\"\u003e\u003c/a\u003e [key\\_rings](#output\\_key\\_rings) | IDs of new Key Rings created by the module |\n| \u003ca name=\"output_keys\"\u003e\u003c/a\u003e [keys](#output\\_keys) | IDs of new Keys created by the module |\n| \u003ca name=\"output_kms_crn\"\u003e\u003c/a\u003e [kms\\_crn](#output\\_kms\\_crn) | CRN of the KMS instance when an instance |\n| \u003ca name=\"output_kms_key_crn\"\u003e\u003c/a\u003e [kms\\_key\\_crn](#output\\_kms\\_key\\_crn) | The CRN of the KMS key used to encrypt the object storage bucket |\n| \u003ca name=\"output_resource_group_id\"\u003e\u003c/a\u003e [resource\\_group\\_id](#output\\_resource\\_group\\_id) | ID of the resource group where all resources are deployed into |\n| \u003ca name=\"output_s3_endpoint_direct\"\u003e\u003c/a\u003e [s3\\_endpoint\\_direct](#output\\_s3\\_endpoint\\_direct) | Direct endpoint to the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_s3_endpoint_private\"\u003e\u003c/a\u003e [s3\\_endpoint\\_private](#output\\_s3\\_endpoint\\_private) | Private endpoint to the Object Storage bucket where billing reports are written to |\n| \u003ca name=\"output_s3_endpoint_public\"\u003e\u003c/a\u003e [s3\\_endpoint\\_public](#output\\_s3\\_endpoint\\_public) | Public endpoint to the Object Storage bucket where billing reports are written to |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n\n\u003c!-- Leave this section as is so that your module has a link to local development environment set-up steps for contributors to follow --\u003e\n## Contributing\n\nYou can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).\n\nTo set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-cloudability-onboarding/lists"}