Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection

Module that supports provisioning a Security and Compliance Center Workload Protection instance
https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection

core-team ibm-cloud scc-workload-protection stable supported terraform terraform-module

Last synced: 24 days ago
JSON representation

Module that supports provisioning a Security and Compliance Center Workload Protection instance

Host: GitHub
URL: https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection
Owner: terraform-ibm-modules
License: apache-2.0
Created: 2023-11-02T16:03:27.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-10-21T16:01:36.000Z (2 months ago)
Last Synced: 2024-10-22T05:40:03.514Z (2 months ago)
Topics: core-team, ibm-cloud, scc-workload-protection, stable, supported, terraform, terraform-module
Language: HCL
Size: 255 KB
Stars: 0
Watchers: 15
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
# Security and Compliance Center Workload Protection module

[![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)

[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-scc-workload-protection?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/releases/latest)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)

[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)

A module for provisioning an [IBM Cloud Security and Compliance Center Workload Protection instance](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-getting-started). The module will always create a Manager resource key that connects to the SCC WP instance.

## Overview

* [terraform-ibm-scc-workload-protection](#terraform-ibm-scc-workload-protection)

* [Examples](./examples)

    * [Advanced example](./examples/advanced)

    * [Basic example](./examples/basic)

* [Contributing](#contributing)

## terraform-ibm-scc-workload-protection

### Usage

```hcl

module "scc_wp" {

  source                        = "terraform-ibm-modules/scc-workload-protection/ibm"

  version                       = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release

  name                          = "my-scc-wp-service"

  region                        = "us-south"

  resource_group_id             = "65xxxxxxxxxxxxxxxa3fd"

  resource_key_tags             = ["scc-wp-tag"]

  cloud_monitoring_instance_crn = "crn:v1:bluemix:public:sysdig-monitor:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX::"

}

```

### Required IAM access policies

You need the following permissions to run this module.

- IAM Services

    - **IBM Cloud Security and Compliance Center Workload Protection** service

        - `Editor` platform access

        - `Writer` service access

### Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |

### Modules

| Name | Source | Version |

|------|--------|---------|

|  [cbr\_rule](#module\_cbr\_rule) | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.29.0 |

### Resources

| Name | Type |

|------|------|

| [ibm_resource_instance.scc_wp](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_instance) | resource |

| [ibm_resource_key.scc_wp_resource_key](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_key) | resource |

| [ibm_resource_tag.scc_wp_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource |

### Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [access\_tags](#input\_access\_tags) | A list of access tags to apply to the SCC WP instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |

|  [cbr\_rules](#input\_cbr\_rules) | The list of context-based restriction rules to create. | 
list(object({
    description = string
    account_id  = string
    tags = optional(list(object({
      name  = string
      value = string
    })), [])
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
  })) | `[]` | no |

|  [cloud\_monitoring\_instance\_crn](#input\_cloud\_monitoring\_instance\_crn) | The CRN of an IBM Cloud Monitoring instance to connect to the SCC Workload Protection instance. | `string` | `null` | no |

|  [name](#input\_name) | The name to give the SCC Workload Protection instance that will be provisioned by this module. | `string` | n/a | yes |

|  [region](#input\_region) | IBM Cloud region where all resources will be deployed | `string` | `"us-south"` | no |

|  [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where resources will be provisioned. | `string` | n/a | yes |

|  [resource\_key\_name](#input\_resource\_key\_name) | The name to give the IBM Cloud SCC WP resource key. | `string` | `"SCCWPManagerKey"` | no |

|  [resource\_key\_tags](#input\_resource\_key\_tags) | Tags associated with the IBM Cloud SCC WP resource key. | `list(string)` | `[]` | no |

|  [resource\_tags](#input\_resource\_tags) | Optional list of tags to be added to created SCC WP instance. | `list(string)` | `[]` | no |

|  [scc\_wp\_service\_plan](#input\_scc\_wp\_service\_plan) | IBM service pricing plan. | `string` | `"free-trial"` | no |

### Outputs

| Name | Description |

|------|-------------|

|  [access\_key](#output\_access\_key) | Workload Protection instance access key. |

|  [api\_endpoint](#output\_api\_endpoint) | API endpoint. |

|  [crn](#output\_crn) | CRN of created SCC WP instance. |

|  [guid](#output\_guid) | GUID of created SCC WP instance. |

|  [id](#output\_id) | ID of created SCC WP instance. |

|  [ingestion\_endpoint](#output\_ingestion\_endpoint) | Ingestion endpoint. |

|  [name](#output\_name) | Name of created SCC WP instance. |

## Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).

To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.