|
63 | 63 | "crn:v1:bluemix:public:iam::::role:Editor" |
64 | 64 | ], |
65 | 65 | "service_name": "kms", |
66 | | - "notes": "[Optional] Required if you are creating a new Key Protect Instance." |
| 66 | + "notes": "[Optional] Required if you are creating a new Key Protect instance or provisioning associated resources like key rings and keys." |
| 67 | + }, |
| 68 | + { |
| 69 | + "role_crns": [ |
| 70 | + "crn:v1:bluemix:public:iam::::serviceRole:Manager", |
| 71 | + "crn:v1:bluemix:public:iam::::role:Editor" |
| 72 | + ], |
| 73 | + "service_name": "hs-crypto", |
| 74 | + "notes": "[Optional] Required if you are provisioning resources like key rings and keys for an existing Hyper Protect Crypto Services (HPCS) instance." |
67 | 75 | }, |
68 | 76 | { |
69 | 77 | "role_crns": [ |
|
77 | 85 | { |
78 | 86 | "key": "ibmcloud_api_key" |
79 | 87 | }, |
80 | | - { |
81 | | - "key": "existing_resource_group_name", |
82 | | - "display_name": "resource_group", |
83 | | - "required": false, |
84 | | - "default_value": "Default", |
85 | | - "custom_config": { |
86 | | - "type": "resource_group", |
87 | | - "grouping": "deployment", |
88 | | - "original_grouping": "deployment", |
89 | | - "config_constraints": { |
90 | | - "identifier": "rg_name" |
91 | | - } |
92 | | - } |
93 | | - }, |
94 | 88 | { |
95 | 89 | "key": "region", |
96 | 90 | "required": true, |
97 | | - "default_value": "", |
98 | 91 | "options": [ |
99 | 92 | { |
100 | 93 | "displayname": "Dallas (us-south)", |
|
142 | 135 | "key": "prefix", |
143 | 136 | "required": true |
144 | 137 | }, |
| 138 | + { |
| 139 | + "key": "key_protect_plan", |
| 140 | + "required": true, |
| 141 | + "options": [ |
| 142 | + { |
| 143 | + "displayname": "Tiered Pricing", |
| 144 | + "value": "tiered-pricing" |
| 145 | + }, |
| 146 | + { |
| 147 | + "displayname": "Cross Region Resiliency", |
| 148 | + "value": "cross-region-resiliency" |
| 149 | + } |
| 150 | + ] |
| 151 | + }, |
145 | 152 | { |
146 | 153 | "key": "provider_visibility", |
147 | 154 | "options": [ |
|
161 | 168 | "hidden": true |
162 | 169 | }, |
163 | 170 | { |
164 | | - "key": "key_protect_instance_name" |
| 171 | + "key": "existing_resource_group_name", |
| 172 | + "display_name": "resource_group", |
| 173 | + "custom_config": { |
| 174 | + "type": "resource_group", |
| 175 | + "grouping": "deployment", |
| 176 | + "original_grouping": "deployment", |
| 177 | + "config_constraints": { |
| 178 | + "identifier": "rg_name" |
| 179 | + } |
| 180 | + } |
165 | 181 | }, |
166 | 182 | { |
167 | | - "key": "existing_kms_instance_crn" |
| 183 | + "key": "key_protect_instance_name" |
168 | 184 | }, |
169 | 185 | { |
170 | | - "key": "key_protect_plan", |
171 | | - "options": [ |
172 | | - { |
173 | | - "displayname": "Tiered Pricing", |
174 | | - "value": "tiered-pricing" |
175 | | - }, |
176 | | - { |
177 | | - "displayname": "Cross Region Resiliency", |
178 | | - "value": "cross-region-resiliency" |
179 | | - } |
180 | | - ] |
| 186 | + "key": "existing_kms_instance_crn" |
181 | 187 | }, |
| 188 | + |
182 | 189 | { |
183 | 190 | "key": "keys" |
184 | 191 | }, |
|
265 | 272 | "dependencies": [ |
266 | 273 | { |
267 | 274 | "name": "deploy-arch-ibm-account-infra-base", |
268 | | - "description": "This module prepares your IBM Cloud account with the necessary configurations to ensure a secure and organized environment for your architecture.", |
| 275 | + "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default—and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings.", |
269 | 276 | "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", |
270 | 277 | "flavors": [ |
271 | 278 | "resource-group-only", |
|
300 | 307 | ], |
301 | 308 | "dependency_version_2": true, |
302 | 309 | "terraform_version": "1.10.5" |
| 310 | + }, |
| 311 | + { |
| 312 | + "label": "Security-enforced", |
| 313 | + "name": "security-enforced", |
| 314 | + "install_type": "fullstack", |
| 315 | + "working_directory": "solutions/security-enforced", |
| 316 | + "compliance": { |
| 317 | + "authority": "scc-v3", |
| 318 | + "profiles": [ |
| 319 | + { |
| 320 | + "profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0", |
| 321 | + "profile_version": "1.1.0" |
| 322 | + } |
| 323 | + ] |
| 324 | + }, |
| 325 | + "iam_permissions": [ |
| 326 | + { |
| 327 | + "role_crns": [ |
| 328 | + "crn:v1:bluemix:public:iam::::serviceRole:Manager", |
| 329 | + "crn:v1:bluemix:public:iam::::role:Editor" |
| 330 | + ], |
| 331 | + "service_name": "kms", |
| 332 | + "notes": "[Optional] Required if you are creating a new Key Protect instance or provisioning associated resources like key rings and keys." |
| 333 | + }, |
| 334 | + { |
| 335 | + "role_crns": [ |
| 336 | + "crn:v1:bluemix:public:iam::::serviceRole:Manager", |
| 337 | + "crn:v1:bluemix:public:iam::::role:Editor" |
| 338 | + ], |
| 339 | + "service_name": "hs-crypto", |
| 340 | + "notes": "[Optional] Required if you are provisioning resources like key rings and keys for an existing Hyper Protect Crypto Services (HPCS) instance." |
| 341 | + }, |
| 342 | + { |
| 343 | + "role_crns": [ |
| 344 | + "crn:v1:bluemix:public:iam::::role:Administrator" |
| 345 | + ], |
| 346 | + "service_name": "iam-identity", |
| 347 | + "notes": "[Optional] Required if Cloud automation for account configuration is enabled." |
| 348 | + } |
| 349 | + ], |
| 350 | + "configuration": [ |
| 351 | + { |
| 352 | + "key": "ibmcloud_api_key" |
| 353 | + }, |
| 354 | + { |
| 355 | + "key": "region", |
| 356 | + "required": true, |
| 357 | + "options": [ |
| 358 | + { |
| 359 | + "displayname": "Dallas (us-south)", |
| 360 | + "value": "us-south" |
| 361 | + }, |
| 362 | + { |
| 363 | + "displayname": "Frankfurt (eu-de)", |
| 364 | + "value": "eu-de" |
| 365 | + }, |
| 366 | + { |
| 367 | + "displayname": "London (eu-gb)", |
| 368 | + "value": "eu-gb" |
| 369 | + }, |
| 370 | + { |
| 371 | + "displayname": "Madrid (eu-es)", |
| 372 | + "value": "eu-es" |
| 373 | + }, |
| 374 | + { |
| 375 | + "displayname": "Osaka (jp-osa)", |
| 376 | + "value": "jp-osa" |
| 377 | + }, |
| 378 | + { |
| 379 | + "displayname": "Sao Paulo (br-sao)", |
| 380 | + "value": "br-sao" |
| 381 | + }, |
| 382 | + { |
| 383 | + "displayname": "Sydney (au-syd)", |
| 384 | + "value": "au-syd" |
| 385 | + }, |
| 386 | + { |
| 387 | + "displayname": "Tokyo (jp-tok)", |
| 388 | + "value": "jp-tok" |
| 389 | + }, |
| 390 | + { |
| 391 | + "displayname": "Toronto (ca-tor)", |
| 392 | + "value": "ca-tor" |
| 393 | + }, |
| 394 | + { |
| 395 | + "displayname": "Washington (us-east)", |
| 396 | + "value": "us-east" |
| 397 | + } |
| 398 | + ] |
| 399 | + }, |
| 400 | + { |
| 401 | + "key": "prefix", |
| 402 | + "required": true |
| 403 | + }, |
| 404 | + { |
| 405 | + "key": "key_protect_plan", |
| 406 | + "required": true, |
| 407 | + "options": [ |
| 408 | + { |
| 409 | + "displayname": "Tiered Pricing", |
| 410 | + "value": "tiered-pricing" |
| 411 | + }, |
| 412 | + { |
| 413 | + "displayname": "Cross Region Resiliency", |
| 414 | + "value": "cross-region-resiliency" |
| 415 | + } |
| 416 | + ] |
| 417 | + }, |
| 418 | + { |
| 419 | + "key": "provider_visibility", |
| 420 | + "options": [ |
| 421 | + { |
| 422 | + "displayname": "private", |
| 423 | + "value": "private" |
| 424 | + }, |
| 425 | + { |
| 426 | + "displayname": "public", |
| 427 | + "value": "public" |
| 428 | + }, |
| 429 | + { |
| 430 | + "displayname": "public-and-private", |
| 431 | + "value": "public-and-private" |
| 432 | + } |
| 433 | + ], |
| 434 | + "hidden": true |
| 435 | + }, |
| 436 | + { |
| 437 | + "key": "existing_resource_group_name", |
| 438 | + "display_name": "resource_group", |
| 439 | + "custom_config": { |
| 440 | + "type": "resource_group", |
| 441 | + "grouping": "deployment", |
| 442 | + "original_grouping": "deployment", |
| 443 | + "config_constraints": { |
| 444 | + "identifier": "rg_name" |
| 445 | + } |
| 446 | + } |
| 447 | + }, |
| 448 | + { |
| 449 | + "key": "key_protect_instance_name" |
| 450 | + }, |
| 451 | + { |
| 452 | + "key": "existing_kms_instance_crn" |
| 453 | + }, |
| 454 | + { |
| 455 | + "key": "keys" |
| 456 | + }, |
| 457 | + { |
| 458 | + "key": "rotation_interval_month" |
| 459 | + }, |
| 460 | + { |
| 461 | + "key": "key_protect_resource_tags", |
| 462 | + "custom_config": { |
| 463 | + "grouping": "deployment", |
| 464 | + "original_grouping": "deployment", |
| 465 | + "config_constraints": { |
| 466 | + "type": "string" |
| 467 | + } |
| 468 | + } |
| 469 | + }, |
| 470 | + { |
| 471 | + "key": "key_protect_access_tags", |
| 472 | + "custom_config": { |
| 473 | + "grouping": "deployment", |
| 474 | + "original_grouping": "deployment", |
| 475 | + "config_constraints": { |
| 476 | + "type": "string" |
| 477 | + } |
| 478 | + } |
| 479 | + }, |
| 480 | + { |
| 481 | + "key": "key_protect_instance_cbr_rules" |
| 482 | + } |
| 483 | + ], |
| 484 | + "architecture": { |
| 485 | + "description": "This architecture supports creating and configuring a Key Protect instance.", |
| 486 | + "features": [ |
| 487 | + { |
| 488 | + "title": "Key Protect instance", |
| 489 | + "description": "Creates and configures a Key Protect instance." |
| 490 | + }, |
| 491 | + { |
| 492 | + "title": "Key Rings and Keys", |
| 493 | + "description": "Creates Key Rings and Keys for either Key Protect or Hyper Protect Crypto Services instances." |
| 494 | + }, |
| 495 | + { |
| 496 | + "title": "Context-Based Restriction rules", |
| 497 | + "description": "Creates Context-Based Restriction rules for Key Protect instance." |
| 498 | + } |
| 499 | + ], |
| 500 | + "diagrams": [ |
| 501 | + { |
| 502 | + "diagram": { |
| 503 | + "caption": "IBM Key Protect architecture", |
| 504 | + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-kms-all-inclusive/main/reference-architecture/key_protect.svg", |
| 505 | + "type": "image/svg+xml" |
| 506 | + }, |
| 507 | + "description": "This architecture supports creating and configuring IBM Key Protect resources" |
| 508 | + } |
| 509 | + ] |
| 510 | + }, |
| 511 | + "terraform_version": "1.10.5" |
303 | 512 | } |
304 | 513 | ] |
305 | 514 | } |
|
0 commit comments