feat: exposed the ability to skip COS / KMS s2s auth policy with new variable skip_cos_kms_auth_policy<br>- fixed bug where existing_cos_instance_crn was not being passed to COS module (#217)

Soaib024 · web-flow · commit 8291ed6cd4d2 · 2024-06-10T10:53:05.000+01:00
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -85,6 +85,8 @@ module "cos" {
   version                             = "8.3.2"
   create_cos_instance                 = var.existing_cos_instance_crn == null ? true : false
   create_cos_bucket                   = var.existing_cos_bucket_name == null ? true : false
+  existing_cos_instance_id            = var.existing_cos_instance_crn
+  skip_iam_authorization_policy       = var.skip_cos_kms_auth_policy
   add_bucket_name_suffix              = var.add_bucket_name_suffix
   resource_group_id                   = module.resource_group.resource_group_id
   region                              = local.cos_bucket_region
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
@@ -176,6 +176,12 @@ variable "skip_en_cos_auth_policy" {
   default     = false
 }
 
+variable "skip_cos_kms_auth_policy" {
+  type        = bool
+  description = "Whether an IAM authorization policy is created for your Cloud Object Storage instance to read the encryption key from the KMS instance. Set to `true` to use an existing policy."
+  default     = false
+}
+
 variable "cos_instance_name" {
   type        = string
   default     = "base-security-services-cos"
