IBM Cloud Event Notifications module

This module is used to create an IBM Cloud Event Notifications instance to filter and route event notifications from IBM Cloud services like monitoring, to communication channels like email, SMS, and webhooks. Event Notifications provides you information about critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. For more information, see Getting started with Event Notifications.

Overview

terraform-ibm-event-notifications

Usage

module "event_notification" {
  source            = "terraform-ibm-modules/event-notifications/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "a8cff104f1764e98aac9ab879198230a" # pragma: allowlist secret
  name              = "event-notification"
  tags              = ["dev", "qa"]
  plan              = "lite"
  service_endpoints = "public"
  service_credential_names = {
                                "en_manager" : "Manager",
                                "en_writer" : "Writer",
                                "en_reader" : "Reader",
                             }
}

Required IAM access policies

You need the following permissions to run this module:

Account Management
- Event Notifications service
  - Platform Management Roles
    - Editor platform role access

To create service credentials, access the Event Notifications service, and access to call the Event Notifications API, you need the following access:

Service access roles
- Reader - View Event Notifications instance data
- Writer - View and edit an Event Notifications instance
- Channel Editor - View, create, and delete Event Notifications subscriptions
- Manager - View, edit, and delete data in an Event Notifications instance
- Service Configuration Reader - Read services configuration for Governance management
- Event Source Manager - Source integration with Event Notifications by using service to service authorization
- Event Notifications Publisher - Create notification and view notifications count
- Device Manager - Custom role to handle push device registration with the Event Notifications service

Requirements

Name	Version
terraform	>= 1.3.0, <1.7.0
ibm	>= 1.63.0, < 2.0.0
time	>= 0.9.1

Modules

Name	Source	Version
cbr_rule	terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module	1.19.1

Resources

Name	Type
ibm_en_destination_cos.cos_en_destination	resource
ibm_en_integration.en_kms_integration	resource
ibm_iam_authorization_policy.cos_policy	resource
ibm_iam_authorization_policy.kms_policy	resource
ibm_resource_instance.en_instance	resource
ibm_resource_key.service_credentials	resource
time_sleep.wait_for_cos_authorization_policy	resource
time_sleep.wait_for_kms_authorization_policy	resource
ibm_en_integrations.en_integrations	data source
ibm_iam_account_settings.iam_account_settings	data source

Inputs

Name	Description	Type	Default	Required
cbr_rules	The list of context-based restrictions rules to create.	list(object({ description = string account_id = string rule_contexts = list(object({ attributes = optional(list(object({ name = string value = string }))) })) enforcement_mode = string }))	`[]`	no
cos_bucket_name	The name of an existing IBM Cloud Object Storage bucket which will be used for storage of failed delivery events. Required if `cos_integration_enabled` is set to true.	`string`	`null`	no
cos_destination_name	The name of the IBM Cloud Object Storage destination which will be created for the storage of failed delivery events.	`string`	`"COS Destination"`	no
cos_endpoint	The endpoint URL for your bucket region. For more information, see https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-endpoints. Required if `cos_integration_enabled` is set to true.	`string`	`null`	no
cos_instance_id	The ID of the IBM Cloud Object Storage instance in which the bucket that is defined in the `cos_bucket_name` variable exists. Required if `cos_integration_enabled` is set to true.	`string`	`null`	no
cos_integration_enabled	Set to `true` to connect a Cloud Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events will be captured.	`bool`	`false`	no
existing_kms_instance_crn	The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if `var.kms_encryption_enabled` is set to `true`.	`string`	`null`	no
kms_encryption_enabled	Set to `true` to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to `false`, the data is encrypted by using randomly generated keys. For more information, see Managing encryption.	`bool`	`false`	no
kms_endpoint_url	The URL of the KMS endpoint to use when configuring KMS encryption. The Hyper Protect Crypto Services endpoint URL format is `https://api.private.<REGION>.hs-crypto.cloud.ibm.com:<port>` and the Key Protect endpoint URL format is `https://<REGION>.kms.cloud.ibm.com`.	`string`	`null`	no
name	The name of the Event Notifications instance that is created by this module.	`string`	n/a	yes
plan	The pricing plan of the Event Notifications instance. Possible values: `Lite`, `Standard`	`string`	`"standard"`	no
region	The IBM Cloud region where the Event Notifications resource is created. Possible values: `us-south` (Dallas), `eu-gb` (London), `eu-de` (Frankfurt), `au-syd` (Sydney), `eu-es` (Madrid)	`string`	`"us-south"`	no
resource_group_id	The ID of the resource group where the Event Notifications instance is created.	`string`	n/a	yes
root_key_id	The key ID of a root key, existing in the KMS instance passed in `var.existing_kms_instance_crn`, which will be used to encrypt the data encryption keys which are then used to encrypt the data. Required only if `var.kms_encryption_enabled` is set to `true`.	`string`	`null`	no
service_credential_names	The mapping of names and roles for service credentials that you want to create for the Event Notifications instance.	`map(string)`	`{}`	no
service_endpoints	Specify whether you want to enable public, or both public and private service endpoints. Possible values: `public`, `public-and-private`	`string`	`"public-and-private"`	no
skip_en_cos_auth_policy	Whether an IAM authorization policy is created for your Event Notifications instance to interact with your Object Storage bucket. Set to `true` to use an existing policy. Ignored if `cos_integration_enabled` is set to `false`.	`bool`	`false`	no
skip_en_kms_auth_policy	Set to `true` to skip the creation of an IAM authorization policy that permits all Event Notifications instances in the resource group to read the encryption key from the KMS instance. If set to `false`, specify a value for the KMS instance in the `existing_kms_instance_guid` variable. In addition, no policy is created if `kms_encryption_enabled` is set to `false`.	`bool`	`false`	no
tags	The list of tags to add to the Event Notifications instance.	`list(string)`	`[]`	no

Outputs

Name	Description
crn	The Event Notifications instance CRN.
event_notification_instance_name	The name of the Event Notifications instance.
guid	The globally unique identifier of the Event Notifications instance.
service_credentials_json	The service credentials JSON map.
service_credentials_object	The service credentials object.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

terraform-ibm-modules / terraform-ibm-event-notifications Goto Github PK

terraform-ibm-event-notifications's Introduction

IBM Cloud Event Notifications module

Overview

terraform-ibm-event-notifications

Usage

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

terraform-ibm-event-notifications's People

Contributors

Watchers

Forkers

terraform-ibm-event-notifications's Issues

Recommend Projects

Recommend Topics

Recommend Org