/terraform-ibm-icse-cos

Creates Cloud Object Storage instances, buckets, and resource keys

Primary LanguageHCLApache License 2.0Apache-2.0

Terraform IBM ICSE Cloud Object Storage Module

Module archived

🕸️ This repo is no longer maintained and is archived. Use the following supported public module instead:

semantic-release pre-commit latest release Renovate enabled

This module creates Cloud Object Storage instances, buckets, and resource keys. It also supports can create service-to-service authorizations dynamically to allow encryption of Cloud Object Storage instances by IBM Key Protect or Hyper Protect Crypto Services.

Usage

module cos {
  source                      = "github.com/terraform-ibm-modules/terraform-ibm-icse-cos"
  region                      = "us-south"
  prefix                      = "my-prefix"
  tags                        = var.tags
  use_random_suffix           = ["icse", "cloud-services"]
  service_endpoints           = "public"
  cos                         = [
    {
        name = "my-cos-instance"
    }
  ]
}

Examples

Requirements

Name Version
terraform >=1.3.0
ibm >=1.43.0
random 3.4.3

Modules

Name Source Version
cos_bucket_map ./config_modules/nested_list_to_map_and_merge n/a
cos_key_map ./config_modules/nested_list_to_map_and_merge n/a
cos_to_key_management ./config_modules/list_to_map n/a
encryption_key_map ./config_modules/list_to_map n/a

Resources

Name Type
ibm_cos_bucket.bucket resource
ibm_iam_authorization_policy.policy resource
ibm_resource_instance.cos resource
ibm_resource_key.key resource
random_string.random_cos_suffix resource
ibm_resource_instance.cos data source

Inputs

Name Description Type Default Required
cos Object describing the cloud object storage instance, buckets, and keys. Set use_data to false to create instance 
list(
    object({
      name              = string
      use_data          = optional(bool)
      resource_group_id = optional(string)
      plan              = optional(string)
      buckets = list(object({
        name                  = string
        storage_class         = string
        endpoint_type         = string
        force_delete          = bool
        single_site_location  = optional(string)
        region_location       = optional(string)
        cross_region_location = optional(string)
        kms_key               = optional(string)
        allowed_ip            = optional(list(string))
        hard_quota            = optional(number)
        archive_rule = optional(object({
          days    = number
          enable  = bool
          rule_id = optional(string)
          type    = string
        }))
        activity_tracking = optional(object({
          activity_tracker_crn = string
          read_data_events     = bool
          write_data_events    = bool
        }))
        metrics_monitoring = optional(object({
          metrics_monitoring_crn  = string
          request_metrics_enabled = optional(bool)
          usage_metrics_enabled   = optional(bool)
        }))
      }))
      keys = optional(
        list(object({
          name        = string
          role        = string
          enable_HMAC = bool
        }))
      )

    })
  )
 
[
  {
    "buckets": [
      {
        "endpoint_type": "public",
        "force_delete": true,
        "kms_key": "at-test-atracker-key",
        "name": "atracker-bucket",
        "storage_class": "standard"
      }
    ],
    "keys": [
      {
        "enable_HMAC": false,
        "name": "cos-bind-key",
        "role": "Writer"
      }
    ],
    "name": "atracker-cos",
    "plan": "standard",
    "random_suffix": true,
    "resource_group": "at-test-service-rg",
    "use_data": false
  },
  {
    "buckets": [
      {
        "endpoint_type": "public",
        "force_delete": true,
        "kms_key": "at-test-slz-key",
        "name": "management-bucket",
        "storage_class": "standard"
      },
      {
        "endpoint_type": "public",
        "force_delete": true,
        "kms_key": "at-test-slz-key",
        "name": "workload-bucket",
        "storage_class": "standard"
      },
      {
        "endpoint_type": "public",
        "force_delete": true,
        "kms_key": "at-test-slz-key",
        "name": "bastion-bucket",
        "storage_class": "standard"
      }
    ],
    "keys": [
      {
        "enable_HMAC": true,
        "name": "bastion-key",
        "role": "Writer"
      }
    ],
    "name": "cos",
    "plan": "standard",
    "random_suffix": true,
    "resource_group": "at-test-service-rg",
    "use_data": false
  }
]
 no
key_management_keys List of key management keys from key_management module 
list(
    object({
      shortname = string
      name      = string
      id        = string
      crn       = string
      key_id    = string
    })
  )
 [] no
key_management_service_guid OPTIONAL - GUID of the Key Management Service to use for COS bucket encryption. string null no
key_management_service_name OPTIONAL - Type of key management service to use for COS bucket encryption. Service authorizations will be added only if the GUID is not null. string null no
prefix The prefix that you would like to append to your resources string n/a yes
region The region to which to deploy the VPC string n/a yes
service_endpoints Service endpoints. Can be public, private, or public-and-private string "private" no
tags List of Tags for the resource created list(string) null no
use_random_suffix Add a randomize suffix to the end of each resource created in this module. bool true no

Outputs

Name Description
cos_buckets List of COS bucket instances with shortname, instance_shortname, name, id, crn, and instance id.
cos_instances List of COS resource instances with shortname, name, id, and crn.
cos_keys List of COS bucket instances with shortname, instance_shortname, name, id, crn, and instance id.
cos_suffix Random suffix appended to the end of COS resources

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.