Skip to content

Latest commit

 

History

History
139 lines (113 loc) · 12.8 KB

File metadata and controls

139 lines (113 loc) · 12.8 KB

IBM Cloud Event Notifications module

Graduated (Supported) pre-commit latest release Renovate enabled semantic-release

This module is used to create an IBM Cloud Event Notifications instance to filter and route event notifications from IBM Cloud services like monitoring, to communication channels like email, SMS, and webhooks. Event Notifications provides you information about critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. For more information, see Getting started with Event Notifications.

Overview

terraform-ibm-event-notifications

Usage

module "event_notification" {
  source            = "terraform-ibm-modules/event-notifications/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "a8cff104f1764e98aac9ab879198230a" # pragma: allowlist secret
  name              = "event-notification"
  tags              = ["dev", "qa"]
  plan              = "lite"
  service_endpoints = "public"
  service_credential_names = {
                                "en_manager" : "Manager",
                                "en_writer" : "Writer",
                                "en_reader" : "Reader",
                             }
}

Required IAM access policies

You need the following permissions to run this module:

  • Account Management
    • Event Notifications service
      • Platform Management Roles
        • Editor platform role access

To create service credentials, access the Event Notifications service, and access to call the Event Notifications API, you need the following access:

  • Service access roles
    • Reader - View Event Notifications instance data
    • Writer - View and edit an Event Notifications instance
    • Channel Editor - View, create, and delete Event Notifications subscriptions
    • Manager - View, edit, and delete data in an Event Notifications instance
    • Service Configuration Reader - Read services configuration for Governance management
    • Event Source Manager - Source integration with Event Notifications by using service to service authorization
    • Event Notifications Publisher - Create notification and view notifications count
    • Device Manager - Custom role to handle push device registration with the Event Notifications service

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.70.0, < 2.0.0
time >= 0.9.1

Modules

Name Source Version
cbr_rule terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module 1.29.0

Resources

Name Type
ibm_en_integration.en_kms_integration resource
ibm_en_integration_cos.en_cos_integration resource
ibm_iam_authorization_policy.cos_policy resource
ibm_iam_authorization_policy.kms_policy resource
ibm_resource_instance.en_instance resource
ibm_resource_key.service_credentials resource
time_sleep.wait_for_cos_authorization_policy resource
time_sleep.wait_for_kms_authorization_policy resource
ibm_en_integrations.en_integrations data source

Inputs

Name Description Type Default Required
cbr_rules The list of context-based restrictions rules to create.
list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
}))
[] no
cos_bucket_name The name of an existing IBM Cloud Object Storage bucket which will be used for storage of failed delivery events. Required if cos_integration_enabled is set to true. string null no
cos_endpoint The endpoint URL for your bucket region. For more information, see https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-endpoints. Required if cos_integration_enabled is set to true. string null no
cos_instance_id The ID of the IBM Cloud Object Storage instance in which the bucket that is defined in the cos_bucket_name variable exists. Required if cos_integration_enabled is set to true. string null no
cos_integration_enabled Set to true to connect a Cloud Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events will be captured. bool false no
existing_kms_instance_crn The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if var.kms_encryption_enabled is set to true. string null no
kms_encryption_enabled Set to true to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to false, the data is encrypted by using randomly generated keys. For more information, see Managing encryption. bool false no
kms_endpoint_url The URL of the KMS endpoint to use when configuring KMS encryption. The Hyper Protect Crypto Services endpoint URL format can be found at https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-regions#new-service-endpoints, and the Key Protect endpoint URL format can be found here https://cloud.ibm.com/docs/key-protect?topic=key-protect-regions#service-endpoints. string null no
name The name of the Event Notifications instance that is created by this module. string n/a yes
plan The pricing plan of the Event Notifications instance. Possible values: Lite, Standard string "standard" no
region The IBM Cloud region where the Event Notifications resource is created. Possible values: us-south (Dallas), eu-gb (London), eu-de (Frankfurt), au-syd (Sydney), eu-es (Madrid) string "us-south" no
resource_group_id The ID of the resource group where the Event Notifications instance is created. string n/a yes
root_key_id The key ID of a root key, existing in the KMS instance passed in var.existing_kms_instance_crn, which will be used to encrypt the data encryption keys which are then used to encrypt the data. Required only if var.kms_encryption_enabled is set to true. string null no
service_credential_names The mapping of names and roles for service credentials that you want to create for the Event Notifications instance. map(string) {} no
service_endpoints Specify whether you want to enable public, or both public and private service endpoints. Possible values: public, public-and-private string "public-and-private" no
skip_en_cos_auth_policy Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance Object Writer and Reader access to the given Object Storage bucket. Ignored if cos_integration_enabled is set to false. bool false no
skip_en_kms_auth_policy Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance to read the encryption key from the KMS instance. If set to false, a value must be passed for the KMS instance and key using inputs existing_kms_instance_crn and root_key_id. In addition, no policy is created if kms_encryption_enabled is set to false. bool false no
tags The list of tags to add to the Event Notifications instance. list(string) [] no

Outputs

Name Description
account_id The Event Notifications account ID.
crn The Event Notifications instance CRN.
event_notification_instance_name The name of the Event Notifications instance.
guid The globally unique identifier of the Event Notifications instance.
service_credentials_json The service credentials JSON map.
service_credentials_object The service credentials object.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.