This module creates commonly used cloud resources in a single resource group in a single region.
- Endpoints
- Certificate Manager
- Key Protect
- Cloud Object Storage
- Databases For PostgreSQL
- Activity Tracker
- LogDNA
- Sysdig
- Module Variables
- Outputs
- As a Module in a Larger Architecture
This module creates all resources with either public
or private
endpoints. These endpoints are used for all resource instances
Creates a certificiate manager instance with HMAC parameters.
IBM Cloud™ Certificate Manager helps you to obtain, store and manage SSL/TLS certificates that you use for IBM Cloud deployments, or other Cloud and on-prem deployments.1
You can import SSL/TLS certificates that you obtain for your apps and services, store them securely, and get a central view of the certificates that you are using. Or, you can order public certificates through Certificate Manager from supported CAs.2
For more about certificate manager read the documentation here
Creates an instance of Ket Protect and a Key Protect Root Key to encrypt the Cloud Object Storage and Databases For PostgreSQL instances.
IBM® Key Protect for IBM Cloud™ helps you provision encrypted keys for apps across IBM Cloud services. As you manage the lifecycle of your keys, you can benefit from knowing that your keys are secured by FIPS 140-2 Level 3 certified cloud-based hardware security modules (HSMs) that protect against the theft of information.3
For more about Key Protect read the documentation here
Creates a Cloud Object Storange instance encrypted with the Key Protect root key. This also creates a service-to-service authorization policy with Key Protect to allow the COS instance to read from Key Protect for encryption.
Optionally wil create a Cloud Object Storage bucket.
Read more about Cloud Object Storage here.
Creates an instance of Databases for PostgreSQL encrypted with the Key Protect root key. This also creates a service-to-service authorization policy with Key Protect to allow the Postgres instance to read from Key Protect for encryption.
Read more about Databases for PostgreSQL here.
Optionally provisions an instance of Activity Tracker. There can only be one instance of Activity Tracker per account per region.
Provisions an instance of IBM Log Analysis with LogDNA.
Use IBM® Log Analysis with LogDNA to add log management capabilities to your IBM Cloud architecture. IBM Log Analysis with LogDNA is operated by LogDNA in partnership with IBM.4
Read more about IBM Log Analysis with LogDNA here.
Provisions an instance of IBM Cloud Monitoring with Sysdig.
IBM Cloud Monitoring with Sysdig is a third-party cloud-native, and container-intelligence management system that you can include as part of your IBM Cloud architecture. Use it to gain operational visibility into the performance and health of your applications, services, and platforms. It offers administrators, DevOps teams and developers full stack telemetry with advanced features to monitor and troubleshoot, define alerts, and design custom dashboards. IBM Cloud Monitoring with Sysdig is operated by Sysdig in partnership with IBM.5
Read more about IBM Cloud Monitoring with Sysdig here.
Variable | Type | Description | Default |
---|---|---|---|
ibmcloud_apikey |
String | The IBM Cloud platform API key needed to deploy IAM enabled resources | |
ibm_region |
String | IBM Cloud region where all resources will be deployed | us-south |
resource_group |
String | Name of resource group to provision resources | default |
unique_id |
String | Prefix for all resources created in the module. Must begin with a letter. | resources-module |
tags |
List | List of tags for resources | ["resources-module"] |
end_points |
String | Sets the endpoints for the resources provisioned. Can be public or private |
public |
cms_plan |
String | Service plan for Certificate Manager | free |
kms_plan |
String | Plan to use for provisioning Key Protect | tiered-pricing |
kms_root_key_name |
String | Name for the root key to be created in the Key Protect instance | root_key |
cos_plan |
String | Plan for Cloud Object Storage | standard |
create_cos_bucket |
String | Allows for optional creation of a COS bucket. Can be true or false | true |
cos_bucket_name |
String | Bucket name for COS. Must be unique within account | cloud-resources-demo-bucket |
cos_bucket_storage_class |
String | COS bucket storage class. Accepted values: standard , vault , cold , flex |
standard |
postgres_plan |
String | Plan for PostgreSQL instance | standard |
activity_tracker |
Boolean | Provision activity tracker, true or false. Accounts can only have one instance of Activity Tracker per region | false |
logging_plan |
String | Service plan for LogDNA and Activity Tracker. | 7-day |
monitor_plan |
String | Service plan for Sysdig | graduated-tier |
logdna_id
: GUID of LogDNA Instancesysdig_id
: GUID of Sysdig Instancecos_id
: GUID of COS Instancepsql_id
: GUID of PSQL Instancekms_id
: GUID of KMS Instancecms_id
: CRN of CMS instance
Use the ./module
folder to include this in a larger architecture
Declaring this Module:
data ibm_resource_group resource_group {
name = "<your resource group name>"
}
module resources {
source = "./<path to your code>"
ibmcloud_apikey = "<your ibm cloud api key>"
ibm_region = "<your value or reference>"
resource_group_id = "${data.ibm_resource_group.resource_group.id}"
unique_id = "<your value or reference>"
}
data ibm_resource_group resource_group {
name = "<your resource group name>"
}
module resources {
source = "./<path to your code>"
ibmcloud_apikey = "<your ibm cloud api key>"
ibm_region = "<your value or reference>"
resource_group_id = "${data.ibm_resource_group.resource_group.id}"
unique_id = "<your value or reference>"
tags = "<your value or reference>"
end_points = "<your value or reference>"
cms_plan = "<your value or reference>"
kms_plan = "<your value or reference>"
kms_root_key_name = "<your value or reference>"
cos_plan = "<your value or reference>"
create_cos_bucket = "<your value or reference>"
cos_bucket_name = "<your value or reference>"
cos_bucket_storage_class = "<your value or reference>"
postgres_plan = "<your value or reference>"
activity_tracker = "<your value or reference>"
logging_plan = "<your value or reference>"
monitor_plan = "<your value or reference>"
}