From 324a9498aa1be99a7a58dc72b12cfca49320aa65 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 14 Aug 2025 10:46:45 +0100 Subject: [PATCH 01/35] consume fully configurable --- ibm_catalog.json | 2 +- stack_definition.json | 78 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 64 insertions(+), 16 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 9622ea8..1119385 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -237,7 +237,7 @@ { "key": "enable_platform_metrics", "type": "boolean", - "default_value": true, + "default_value": false, "description": "Setting this to true will enable platform metrics for the Cloud Monitoring instance. NOTE: You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location.", "required": false }, diff --git a/stack_definition.json b/stack_definition.json index 41f8302..73feb91 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -140,7 +140,7 @@ } ], "name": "1a - Key management", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.93bf5d12-a435-4510-8888-1c32db20b82b-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.466c0738-68d1-4b8d-8854-f85e01853f10-global" }, { "inputs": [ @@ -162,7 +162,7 @@ } ], "name": "1b - Object storage", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.fef2dae0-dc1a-4e7f-a663-dba29dfbc01a-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.79a61ce0-d4fa-4f1a-b6c5-5ca23b13ff06-global" }, { "inputs": [ @@ -200,18 +200,14 @@ } ], "name": "1c - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.c160fa36-fd40-42de-8553-1233e0c5e971-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.dfa78503-d833-49dd-9140-dbde8124d734-global" }, { "inputs": [ { - "name": "resource_group_name", + "name": "existing_resource_group_name", "value": "ref:../../inputs/existing_resource_group_name" }, - { - "name": "use_existing_resource_group", - "value": true - }, { "name": "region", "value": "ref:../../inputs/region" @@ -220,6 +216,10 @@ "name": "prefix", "value": "ref:../../inputs/prefix" }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_crn" + }, { "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" @@ -239,14 +239,62 @@ { "name": "enable_platform_metrics", "value": "ref:../../inputs/enable_platform_metrics" + } + ], + "name": "2a - Cloud Logs", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" + }, + { + "inputs": [ + { + "name": "existing_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" }, { - "name": "existing_en_instance_crn", - "value": "ref:../../members/3 - Event Notifications/outputs/crn" + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_metrics" + } + ], + "name": "2b - Cloud Monitoring", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e8444cee-432d-4af3-9211-d19cb739f4a3-global" + }, + { + "inputs": [ + { + "name": "existing_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" } ], - "name": "2 - Observability", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.39562a8a-1b92-4342-b990-1944ae583df9-global" + "name": "2c - Activity Tracker Event Routing", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f5984196-27e2-418d-a0d3-2b6cbcda537c-global" }, { "inputs": [ @@ -296,7 +344,7 @@ } ], "name": "3 - Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b02f9aa4-b40f-41d5-8039-8e87742d756e-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7a066de3-c8bd-4068-9044-6132e95cad6f-global" }, { "inputs": [ @@ -330,7 +378,7 @@ } ], "name": "4a - Security and Compliance Center Workload Protection", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e436bb10-8b6c-4b3b-b4c5-523929d13686-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.66462c31-0922-43f6-9b26-4f9fb1b69c83-global" }, { "inputs": [ @@ -392,7 +440,7 @@ } ], "name": "4b - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.db823650-3010-4482-b807-45145f273553-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e204ceb9-6339-4c6f-b627-c648ae45cd97-global" } ], "outputs": [ From a4589efb8fdee80e92b62da9e91cafd35e2aa1ba Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Tue, 2 Sep 2025 10:10:00 +0100 Subject: [PATCH 02/35] consume fully configurable --- stack_definition.json | 48 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index 73feb91..490eb4d 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -280,6 +280,10 @@ "name": "prefix", "value": "ref:../../inputs/prefix" }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_crn" + }, { "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" @@ -291,9 +295,51 @@ { "name": "existing_cos_instance_crn", "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" + }, + { + "name": "logs_routing_tenant_regions", + "value": "ref:../../inputs/logs_routing_tenant_regions" + }, + { + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_metrics" + } + ], + "name": "2c - Cloud Logs for Activity Tracker Event Routing", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" + }, + { + "inputs": [ + { + "name": "existing_resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "region", + "value": "ref:../../inputs/region" + }, + { + "name": "prefix", + "value": "ref:../../inputs/prefix" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" + }, + { + "name": "existing_cloud_logs_instance_crn", + "value": "ref:../../members/2c - Cloud Logs for Activity Tracker Event Routing/outputs/cloud_logs_crn" } ], - "name": "2c - Activity Tracker Event Routing", + "name": "2d - Activity Tracker Event Routing", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f5984196-27e2-418d-a0d3-2b6cbcda537c-global" }, { From d0da1106684493e4674664552411b2c781ae4942 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Tue, 2 Sep 2025 15:19:31 +0100 Subject: [PATCH 03/35] consume fully configurable --- stack_definition.json | 218 +++++++++++++++++++++--------------------- 1 file changed, 109 insertions(+), 109 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index 490eb4d..135c479 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -179,28 +179,62 @@ "value": "ref:../../inputs/prefix" }, { - "name": "app_config_plan", - "value": "ref:../../inputs/app_config_service_plan" + "name": "enable_platform_metrics", + "value": "ref:../../inputs/enable_platform_metrics" + } + ], + "name": "1c - Cloud Monitoring", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e8444cee-432d-4af3-9211-d19cb739f4a3-global" + }, + { + "inputs": [ + { + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" }, { - "name": "enable_config_aggregator", + "name": "existing_en_instance_crn", + "value": "ref:../../inputs/existing_en_instance_crn" + }, + { + "name": "skip_cos_kms_auth_policy", + "value": false + }, + { + "name": "kms_endpoint_url", + "value": "ref:../../members/1a - Key management/outputs/kms_private_endpoint" + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" + }, + { + "name": "kms_endpoint_type", + "value": "private" + }, + { + "name": "resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" + }, + { + "name": "use_existing_resource_group", "value": true }, { - "name": "config_aggregator_enterprise_id", - "value": "ref:../../inputs/enterprise_id" + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "config_aggregator_enterprise_account_group_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { - "name": "config_aggregator_enterprise_account_ids_to_assign", - "value": "ref:../../inputs/enterprise_account_ids_to_assign" + "name": "existing_monitoring_crn", + "value": "__NULL__" } ], - "name": "1c - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.dfa78503-d833-49dd-9140-dbde8124d734-global" + "name": "2 - Event Notifications", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7a066de3-c8bd-4068-9044-6132e95cad6f-global" }, { "inputs": [ @@ -241,31 +275,9 @@ "value": "ref:../../inputs/enable_platform_metrics" } ], - "name": "2a - Cloud Logs", + "name": "3a - Cloud Logs for logging", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" }, - { - "inputs": [ - { - "name": "existing_resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" - }, - { - "name": "region", - "value": "ref:../../inputs/region" - }, - { - "name": "prefix", - "value": "ref:../../inputs/prefix" - }, - { - "name": "enable_platform_metrics", - "value": "ref:../../inputs/enable_platform_metrics" - } - ], - "name": "2b - Cloud Monitoring", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e8444cee-432d-4af3-9211-d19cb739f4a3-global" - }, { "inputs": [ { @@ -305,7 +317,7 @@ "value": "ref:../../inputs/enable_platform_metrics" } ], - "name": "2c - Cloud Logs for Activity Tracker Event Routing", + "name": "3b - Cloud Logs for activity tracking", "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" }, { @@ -323,74 +335,90 @@ "value": "ref:../../inputs/prefix" }, { - "name": "existing_kms_instance_crn", - "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" + "name": "app_config_plan", + "value": "ref:../../inputs/app_config_service_plan" }, { - "name": "kms_endpoint_type", - "value": "private" + "name": "enable_config_aggregator", + "value": true }, { - "name": "existing_cos_instance_crn", - "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" + "name": "config_aggregator_enterprise_id", + "value": "ref:../../inputs/enterprise_id" }, { - "name": "existing_cloud_logs_instance_crn", - "value": "ref:../../members/2c - Cloud Logs for Activity Tracker Event Routing/outputs/cloud_logs_crn" + "name": "config_aggregator_enterprise_account_group_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_group_ids_to_assign" + }, + { + "name": "config_aggregator_enterprise_account_ids_to_assign", + "value": "ref:../../inputs/enterprise_account_ids_to_assign" } ], - "name": "2d - Activity Tracker Event Routing", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f5984196-27e2-418d-a0d3-2b6cbcda537c-global" + "name": "3c - App Configuration", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.dfa78503-d833-49dd-9140-dbde8124d734-global" }, { "inputs": [ { - "name": "existing_cos_instance_crn", - "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" + "name": "resource_group_name", + "value": "ref:../../inputs/existing_resource_group_name" }, { - "name": "existing_en_instance_crn", - "value": "ref:../../inputs/existing_en_instance_crn" + "name": "use_existing_resource_group", + "value": true }, { - "name": "skip_cos_kms_auth_policy", - "value": false + "name": "region", + "value": "ref:../../inputs/region" }, { - "name": "kms_endpoint_url", - "value": "ref:../../members/1a - Key management/outputs/kms_private_endpoint" + "name": "prefix", + "value": "ref:../../inputs/prefix" }, { "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, { - "name": "kms_endpoint_type", - "value": "private" + "name": "existing_event_notifications_instance_crn", + "value": "ref:../../members/2 - Event Notifications/outputs/crn" }, { - "name": "resource_group_name", - "value": "ref:../../inputs/existing_resource_group_name" + "name": "existing_secrets_manager_crn", + "value": "ref:../../inputs/existing_secrets_manager_crn" }, { - "name": "use_existing_resource_group", + "name": "service_plan", + "value": "ref:../../inputs/sm_service_plan" + }, + { + "name": "enable_event_notifications", "value": true }, { - "name": "region", - "value": "ref:../../inputs/region" + "name": "kms_key_ring_name", + "value": "sm-cos-key-ring" }, { - "name": "prefix", - "value": "ref:../../inputs/prefix" + "name": "kms_key_name", + "value": "sm-cos-key" }, { - "name": "existing_monitoring_crn", - "value": "__NULL__" + "name": "secrets_manager_instance_name", + "value": "base-security-services-sm" + }, + { + "name": "skip_iam_authorization_policy", + "value": "ref:../../inputs/skip_iam_authorization_policy" + }, + { + "name": "iam_engine_enabled", + "value": false } ], - "name": "3 - Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7a066de3-c8bd-4068-9044-6132e95cad6f-global" + "name": "3d - Secrets Manager", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e204ceb9-6339-4c6f-b627-c648ae45cd97-global" }, { "inputs": [ @@ -416,11 +444,11 @@ }, { "name": "app_config_crn", - "value": "ref:../../members/1c - App Configuration/outputs/app_config_crn" + "value": "ref:../../members/3c - App Configuration/outputs/app_config_crn" }, { "name": "existing_monitoring_crn", - "value": "ref:../../members/2 - Observability/outputs/cloud_monitoring_crn" + "value": "ref:../../members/1c - Cloud Monitoring/outputs/cloud_monitoring_crn" } ], "name": "4a - Security and Compliance Center Workload Protection", @@ -429,13 +457,9 @@ { "inputs": [ { - "name": "resource_group_name", + "name": "existing_resource_group_name", "value": "ref:../../inputs/existing_resource_group_name" }, - { - "name": "use_existing_resource_group", - "value": true - }, { "name": "region", "value": "ref:../../inputs/region" @@ -449,44 +473,20 @@ "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, { - "name": "existing_event_notifications_instance_crn", - "value": "ref:../../members/3 - Event Notifications/outputs/crn" - }, - { - "name": "existing_secrets_manager_crn", - "value": "ref:../../inputs/existing_secrets_manager_crn" - }, - { - "name": "service_plan", - "value": "ref:../../inputs/sm_service_plan" - }, - { - "name": "enable_event_notifications", - "value": true - }, - { - "name": "kms_key_ring_name", - "value": "sm-cos-key-ring" - }, - { - "name": "kms_key_name", - "value": "sm-cos-key" - }, - { - "name": "secrets_manager_instance_name", - "value": "base-security-services-sm" + "name": "kms_endpoint_type", + "value": "private" }, { - "name": "skip_iam_authorization_policy", - "value": "ref:../../inputs/skip_iam_authorization_policy" + "name": "existing_cos_instance_crn", + "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" }, { - "name": "iam_engine_enabled", - "value": false + "name": "existing_cloud_logs_instance_crn", + "value": "ref:../../members/3b - Cloud Logs for activity tracking/outputs/cloud_logs_crn" } ], - "name": "4b - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e204ceb9-6339-4c6f-b627-c648ae45cd97-global" + "name": "4b - Activity Tracker Event Routing", + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f5984196-27e2-418d-a0d3-2b6cbcda537c-global" } ], "outputs": [ @@ -496,11 +496,11 @@ }, { "name": "secrets_manager_crn", - "value": "ref:../../members/4b - Secrets Manager/outputs/secrets_manager_crn" + "value": "ref:../../members/3d - Secrets Manager/outputs/secrets_manager_crn" }, { "name": "monitoring_crn", - "value": "ref:../../members/2 - Observability/outputs/cloud_monitoring_crn" + "value": "ref:../../members/1c - Cloud Monitoring/outputs/cloud_monitoring_crn" }, { "name": "cos_instance_crn", @@ -508,11 +508,11 @@ }, { "name": "en_crn", - "value": "ref:../../members/3 - Event Notifications/outputs/crn" + "value": "ref:../../members/2 - Event Notifications/outputs/crn" }, { "name": "app_config_crn", - "value": "ref:../../members/1c - App Configuration/outputs/app_config_crn" + "value": "ref:../../members/3c - App Configuration/outputs/app_config_crn" }, { "name": "scc_workload_protection_crn", From 230e8de462eece045ba3127ecbec3bad504d5032 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Tue, 2 Sep 2025 15:20:43 +0100 Subject: [PATCH 04/35] consume fully configurable --- stack_definition.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index 135c479..f8d325f 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -411,10 +411,6 @@ { "name": "skip_iam_authorization_policy", "value": "ref:../../inputs/skip_iam_authorization_policy" - }, - { - "name": "iam_engine_enabled", - "value": false } ], "name": "3d - Secrets Manager", From cf318d42fec80b12dfbb08d7632d7014a66a5470 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Fri, 5 Sep 2025 10:32:06 +0100 Subject: [PATCH 05/35] consume fully configurable --- ibm_catalog.json | 3 ++- .../core-security-services-architecture.svg | 4 ++-- reference-architectures/reference-architecture-css.md | 8 ++++---- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b4ebf5d..06fdfd8 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -71,7 +71,8 @@ "flavors": [ { "label": "Standard", - "name": "standard", + "name": "standard-fully-config", + "index": 1, "compliance": { "authority": "scc-v3", "profiles": [ diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index cf4a1de..9ac9c81 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ - + -
IBM Cloud
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%22%20style%3D%22shape%3Dimage%3Baspect%3Dfixed%3Bimage%3Ddata%3Aimage%2Fsvg%2Bxml%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjlweCIgaGVpZ2h0PSIyOHB4IiB2aWV3Qm94PSIwIDAgMjkgMjgiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BCiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDUzICg3MjUyMCkgLSBodHRwczovL3NrZXRjaGFwcC5jb20gLS0%2BCiAgICA8dGl0bGU%2BUmVzb3VyY2UgR3JvdXAgQmxhY2s8L3RpdGxlPgogICAgPGRlc2M%2BQ3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M%2BCiAgICA8ZGVmcz4KICAgICAgICA8cG9seWdvbiBpZD0icGF0aC0xIiBwb2ludHM9IjAgMCAyOCAwIDI4IDI4IDAgMjgiPjwvcG9seWdvbj4KICAgIDwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJSZXNvdXJjZS1Hcm91cC1CbGFjayIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMC4zNzUwMDAsIDAuMDAwMDAwKSI%2BCiAgICAgICAgICAgIDxtYXNrIGlkPSJtYXNrLTIiIGZpbGw9IndoaXRlIj4KICAgICAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3BhdGgtMSI%2BPC91c2U%2BCiAgICAgICAgICAgIDwvbWFzaz4KICAgICAgICAgICAgPGcgaWQ9IkNsaXAtMiI%2BPC9nPgogICAgICAgICAgICA8cGF0aCBkPSJNOCwyMCBMMjAsMjAgTDIwLDggTDgsOCBMOCwyMCBaIE0yMCwyMiBMOCwyMiBDNi44OTYsMjEuOTk5IDYuMDAxLDIxLjEwNCA2LDIwIEw2LDggQzYuMDAxLDYuODk2IDYuODk2LDYuMDAxIDgsNiBMMjAsNiBDMjEuMTA0LDYuMDAxIDIxLjk5OSw2Ljg5NiAyMiw4IEwyMiwyMCBDMjEuOTk5LDIxLjEwNCAyMS4xMDQsMjEuOTk5IDIwLDIyIEwyMCwyMiBaIiBpZD0iRmlsbC0xIiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTUuOTk5OCwyOCBMMS45OTk4LDI4IEMwLjg5NTgsMjcuOTk5IDAuMDAwOCwyNy4xMDQgLTAuMDAwMiwyNiBMLTAuMDAwMiwyIEMwLjAwMDgsMC44OTYgMC44OTU4LDAuMDAxIDEuOTk5OCwwIEw1Ljk5OTgsMCBMNS45OTk4LDIgTDEuOTk5OCwyIEwxLjk5OTgsMjYgTDUuOTk5OCwyNiBMNS45OTk4LDI4IFoiIGlkPSJGaWxsLTMiIGZpbGw9IiMwMDAwMDAiIG1hc2s9InVybCgjbWFzay0yKSI%2BPC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMjYuMDAwMywyOCBMMjIuMDAwMywyOCBMMjIuMDAwMywyNiBMMjYuMDAwMywyNiBMMjYuMDAwMywyIEwyMi4wMDAzLDIgTDIyLjAwMDMsMCBMMjYuMDAwMywwIEMyNy4xMDQzLDAuMDAxIDI3Ljk5OTMsMC44OTYgMjguMDAwMywyIEwyOC4wMDAzLDI2IEMyNy45OTkzLDI3LjEwNCAyNy4xMDQzLDI3Ljk5OSAyNi4wMDAzLDI4IiBpZD0iRmlsbC00IiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICA8L2c%2BCiAgICA8L2c%2BCjwvc3ZnPg%3D%3D%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22778%22%20y%3D%22136.84000000000006%22%20width%3D%2224%22%20height%3D%2223.17%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E       Resource Group
              Object Storage

Event Notifications bucketCloud Logs bucketCloud LogsMetrics bucketAT events bucket
Secrets Manager
Key Protect
Event Notifications
Activity Tracking Event Routing
Cloud Monitoring
App
configuration
SCC Workload Protection
IAM Engine
CloudLogs
Region
 \ No newline at end of file +
IBM Cloud
IBM Cloud
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%22%20style%3D%22shape%3Dimage%3Baspect%3Dfixed%3Bimage%3Ddata%3Aimage%2Fsvg%2Bxml%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjlweCIgaGVpZ2h0PSIyOHB4IiB2aWV3Qm94PSIwIDAgMjkgMjgiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BCiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDUzICg3MjUyMCkgLSBodHRwczovL3NrZXRjaGFwcC5jb20gLS0%2BCiAgICA8dGl0bGU%2BUmVzb3VyY2UgR3JvdXAgQmxhY2s8L3RpdGxlPgogICAgPGRlc2M%2BQ3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M%2BCiAgICA8ZGVmcz4KICAgICAgICA8cG9seWdvbiBpZD0icGF0aC0xIiBwb2ludHM9IjAgMCAyOCAwIDI4IDI4IDAgMjgiPjwvcG9seWdvbj4KICAgIDwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJSZXNvdXJjZS1Hcm91cC1CbGFjayIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMC4zNzUwMDAsIDAuMDAwMDAwKSI%2BCiAgICAgICAgICAgIDxtYXNrIGlkPSJtYXNrLTIiIGZpbGw9IndoaXRlIj4KICAgICAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3BhdGgtMSI%2BPC91c2U%2BCiAgICAgICAgICAgIDwvbWFzaz4KICAgICAgICAgICAgPGcgaWQ9IkNsaXAtMiI%2BPC9nPgogICAgICAgICAgICA8cGF0aCBkPSJNOCwyMCBMMjAsMjAgTDIwLDggTDgsOCBMOCwyMCBaIE0yMCwyMiBMOCwyMiBDNi44OTYsMjEuOTk5IDYuMDAxLDIxLjEwNCA2LDIwIEw2LDggQzYuMDAxLDYuODk2IDYuODk2LDYuMDAxIDgsNiBMMjAsNiBDMjEuMTA0LDYuMDAxIDIxLjk5OSw2Ljg5NiAyMiw4IEwyMiwyMCBDMjEuOTk5LDIxLjEwNCAyMS4xMDQsMjEuOTk5IDIwLDIyIEwyMCwyMiBaIiBpZD0iRmlsbC0xIiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTUuOTk5OCwyOCBMMS45OTk4LDI4IEMwLjg5NTgsMjcuOTk5IDAuMDAwOCwyNy4xMDQgLTAuMDAwMiwyNiBMLTAuMDAwMiwyIEMwLjAwMDgsMC44OTYgMC44OTU4LDAuMDAxIDEuOTk5OCwwIEw1Ljk5OTgsMCBMNS45OTk4LDIgTDEuOTk5OCwyIEwxLjk5OTgsMjYgTDUuOTk5OCwyNiBMNS45OTk4LDI4IFoiIGlkPSJGaWxsLTMiIGZpbGw9IiMwMDAwMDAiIG1hc2s9InVybCgjbWFzay0yKSI%2BPC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMjYuMDAwMywyOCBMMjIuMDAwMywyOCBMMjIuMDAwMywyNiBMMjYuMDAwMywyNiBMMjYuMDAwMywyIEwyMi4wMDAzLDIgTDIyLjAwMDMsMCBMMjYuMDAwMywwIEMyNy4xMDQzLDAuMDAxIDI3Ljk5OTMsMC44OTYgMjguMDAwMywyIEwyOC4wMDAzLDI2IEMyNy45OTkzLDI3LjEwNCAyNy4xMDQzLDI3Ljk5OSAyNi4wMDAzLDI4IiBpZD0iRmlsbC00IiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICA8L2c%2BCiAgICA8L2c%2BCjwvc3ZnPg%3D%3D%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22778%22%20y%3D%22136.84000000000006%22%20width%3D%2224%22%20height%3D%2223.17%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E       Resource Group
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%2...
              Object Storage

              Object Storage Event Notifications bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogs
Region
RegionText is not SVG - cannot display \ No newline at end of file diff --git a/reference-architectures/reference-architecture-css.md b/reference-architectures/reference-architecture-css.md index 2c554e5..695f68c 100644 --- a/reference-architectures/reference-architecture-css.md +++ b/reference-architectures/reference-architecture-css.md @@ -1,8 +1,8 @@ --- copyright: - years: 2024 -lastupdated: "2024-12-05" + years: 2025 +lastupdated: "2025-09-05" subcollection: deployable-reference-architectures @@ -11,7 +11,7 @@ authors: email: bhakta@ibm.com # The release that the reference architecture describes -version: 3.0.0 +version: 4.0.0 # Use if the reference architecture has deployable code. # Value is the URL to land the user in the IBM Cloud catalog details page for the deployable architecture. @@ -52,7 +52,7 @@ https://test.cloud.ibm.com/docs/solution-as-code?topic=solution-as-code-naming-g # Cloud foundation for security and observability {: #core-security-services-pattern} {: toc-content-type="reference-architecture"} -{: toc-version="3.0.0"} +{: toc-version="4.0.0"} + -
IBM Cloud
IBM Cloud
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%22%20style%3D%22shape%3Dimage%3Baspect%3Dfixed%3Bimage%3Ddata%3Aimage%2Fsvg%2Bxml%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjlweCIgaGVpZ2h0PSIyOHB4IiB2aWV3Qm94PSIwIDAgMjkgMjgiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BCiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDUzICg3MjUyMCkgLSBodHRwczovL3NrZXRjaGFwcC5jb20gLS0%2BCiAgICA8dGl0bGU%2BUmVzb3VyY2UgR3JvdXAgQmxhY2s8L3RpdGxlPgogICAgPGRlc2M%2BQ3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M%2BCiAgICA8ZGVmcz4KICAgICAgICA8cG9seWdvbiBpZD0icGF0aC0xIiBwb2ludHM9IjAgMCAyOCAwIDI4IDI4IDAgMjgiPjwvcG9seWdvbj4KICAgIDwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJSZXNvdXJjZS1Hcm91cC1CbGFjayIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMC4zNzUwMDAsIDAuMDAwMDAwKSI%2BCiAgICAgICAgICAgIDxtYXNrIGlkPSJtYXNrLTIiIGZpbGw9IndoaXRlIj4KICAgICAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3BhdGgtMSI%2BPC91c2U%2BCiAgICAgICAgICAgIDwvbWFzaz4KICAgICAgICAgICAgPGcgaWQ9IkNsaXAtMiI%2BPC9nPgogICAgICAgICAgICA8cGF0aCBkPSJNOCwyMCBMMjAsMjAgTDIwLDggTDgsOCBMOCwyMCBaIE0yMCwyMiBMOCwyMiBDNi44OTYsMjEuOTk5IDYuMDAxLDIxLjEwNCA2LDIwIEw2LDggQzYuMDAxLDYuODk2IDYuODk2LDYuMDAxIDgsNiBMMjAsNiBDMjEuMTA0LDYuMDAxIDIxLjk5OSw2Ljg5NiAyMiw4IEwyMiwyMCBDMjEuOTk5LDIxLjEwNCAyMS4xMDQsMjEuOTk5IDIwLDIyIEwyMCwyMiBaIiBpZD0iRmlsbC0xIiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTUuOTk5OCwyOCBMMS45OTk4LDI4IEMwLjg5NTgsMjcuOTk5IDAuMDAwOCwyNy4xMDQgLTAuMDAwMiwyNiBMLTAuMDAwMiwyIEMwLjAwMDgsMC44OTYgMC44OTU4LDAuMDAxIDEuOTk5OCwwIEw1Ljk5OTgsMCBMNS45OTk4LDIgTDEuOTk5OCwyIEwxLjk5OTgsMjYgTDUuOTk5OCwyNiBMNS45OTk4LDI4IFoiIGlkPSJGaWxsLTMiIGZpbGw9IiMwMDAwMDAiIG1hc2s9InVybCgjbWFzay0yKSI%2BPC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMjYuMDAwMywyOCBMMjIuMDAwMywyOCBMMjIuMDAwMywyNiBMMjYuMDAwMywyNiBMMjYuMDAwMywyIEwyMi4wMDAzLDIgTDIyLjAwMDMsMCBMMjYuMDAwMywwIEMyNy4xMDQzLDAuMDAxIDI3Ljk5OTMsMC44OTYgMjguMDAwMywyIEwyOC4wMDAzLDI2IEMyNy45OTkzLDI3LjEwNCAyNy4xMDQzLDI3Ljk5OSAyNi4wMDAzLDI4IiBpZD0iRmlsbC00IiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICA8L2c%2BCiAgICA8L2c%2BCjwvc3ZnPg%3D%3D%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22778%22%20y%3D%22136.84000000000006%22%20width%3D%2224%22%20height%3D%2223.17%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E       Resource Group
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%2...
              Object Storage

              Object Storage Event Notifications bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogs
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%22%20style%3D%22shape%3Dimage%3Baspect%3Dfixed%3Bimage%3Ddata%3Aimage%2Fsvg%2Bxml%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjlweCIgaGVpZ2h0PSIyOHB4IiB2aWV3Qm94PSIwIDAgMjkgMjgiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BCiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDUzICg3MjUyMCkgLSBodHRwczovL3NrZXRjaGFwcC5jb20gLS0%2BCiAgICA8dGl0bGU%2BUmVzb3VyY2UgR3JvdXAgQmxhY2s8L3RpdGxlPgogICAgPGRlc2M%2BQ3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M%2BCiAgICA8ZGVmcz4KICAgICAgICA8cG9seWdvbiBpZD0icGF0aC0xIiBwb2ludHM9IjAgMCAyOCAwIDI4IDI4IDAgMjgiPjwvcG9seWdvbj4KICAgIDwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJSZXNvdXJjZS1Hcm91cC1CbGFjayIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMC4zNzUwMDAsIDAuMDAwMDAwKSI%2BCiAgICAgICAgICAgIDxtYXNrIGlkPSJtYXNrLTIiIGZpbGw9IndoaXRlIj4KICAgICAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3BhdGgtMSI%2BPC91c2U%2BCiAgICAgICAgICAgIDwvbWFzaz4KICAgICAgICAgICAgPGcgaWQ9IkNsaXAtMiI%2BPC9nPgogICAgICAgICAgICA8cGF0aCBkPSJNOCwyMCBMMjAsMjAgTDIwLDggTDgsOCBMOCwyMCBaIE0yMCwyMiBMOCwyMiBDNi44OTYsMjEuOTk5IDYuMDAxLDIxLjEwNCA2LDIwIEw2LDggQzYuMDAxLDYuODk2IDYuODk2LDYuMDAxIDgsNiBMMjAsNiBDMjEuMTA0LDYuMDAxIDIxLjk5OSw2Ljg5NiAyMiw4IEwyMiwyMCBDMjEuOTk5LDIxLjEwNCAyMS4xMDQsMjEuOTk5IDIwLDIyIEwyMCwyMiBaIiBpZD0iRmlsbC0xIiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTUuOTk5OCwyOCBMMS45OTk4LDI4IEMwLjg5NTgsMjcuOTk5IDAuMDAwOCwyNy4xMDQgLTAuMDAwMiwyNiBMLTAuMDAwMiwyIEMwLjAwMDgsMC44OTYgMC44OTU4LDAuMDAxIDEuOTk5OCwwIEw1Ljk5OTgsMCBMNS45OTk4LDIgTDEuOTk5OCwyIEwxLjk5OTgsMjYgTDUuOTk5OCwyNiBMNS45OTk4LDI4IFoiIGlkPSJGaWxsLTMiIGZpbGw9IiMwMDAwMDAiIG1hc2s9InVybCgjbWFzay0yKSI%2BPC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMjYuMDAwMywyOCBMMjIuMDAwMywyOCBMMjIuMDAwMywyNiBMMjYuMDAwMywyNiBMMjYuMDAwMywyIEwyMi4wMDAzLDIgTDIyLjAwMDMsMCBMMjYuMDAwMywwIEMyNy4xMDQzLDAuMDAxIDI3Ljk5OTMsMC44OTYgMjguMDAwMywyIEwyOC4wMDAzLDI2IEMyNy45OTkzLDI3LjEwNCAyNy4xMDQzLDI3Ljk5OSAyNi4wMDAzLDI4IiBpZD0iRmlsbC00IiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICA8L2c%2BCiAgICA8L2c%2BCjwvc3ZnPg%3D%3D%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22778%22%20y%3D%22136.84000000000006%22%20width%3D%2224%22%20height%3D%2223.17%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E       Resource Group
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%2...
              Object Storage

              Object Storage Event Notifications bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketAT events bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogs
Region
RegionText is not SVG - cannot display \ No newline at end of file From 92ba9c8db8ec578cd197bc9fec03b7131128c886 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 11:08:29 +0100 Subject: [PATCH 09/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index fd2dae2..543b36e 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22%22%20style%3D%22shape%3Dimage%3Baspect%3Dfixed%3Bimage%3Ddata%3Aimage%2Fsvg%2Bxml%2CPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjlweCIgaGVpZ2h0PSIyOHB4IiB2aWV3Qm94PSIwIDAgMjkgMjgiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BCiAgICA8IS0tIEdlbmVyYXRvcjogU2tldGNoIDUzICg3MjUyMCkgLSBodHRwczovL3NrZXRjaGFwcC5jb20gLS0%2BCiAgICA8dGl0bGU%2BUmVzb3VyY2UgR3JvdXAgQmxhY2s8L3RpdGxlPgogICAgPGRlc2M%2BQ3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M%2BCiAgICA8ZGVmcz4KICAgICAgICA8cG9seWdvbiBpZD0icGF0aC0xIiBwb2ludHM9IjAgMCAyOCAwIDI4IDI4IDAgMjgiPjwvcG9seWdvbj4KICAgIDwvZGVmcz4KICAgIDxnIGlkPSJQYWdlLTEiIHN0cm9rZT0ibm9uZSIgc3Ryb2tlLXdpZHRoPSIxIiBmaWxsPSJub25lIiBmaWxsLXJ1bGU9ImV2ZW5vZGQiPgogICAgICAgIDxnIGlkPSJSZXNvdXJjZS1Hcm91cC1CbGFjayIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMC4zNzUwMDAsIDAuMDAwMDAwKSI%2BCiAgICAgICAgICAgIDxtYXNrIGlkPSJtYXNrLTIiIGZpbGw9IndoaXRlIj4KICAgICAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3BhdGgtMSI%2BPC91c2U%2BCiAgICAgICAgICAgIDwvbWFzaz4KICAgICAgICAgICAgPGcgaWQ9IkNsaXAtMiI%2BPC9nPgogICAgICAgICAgICA8cGF0aCBkPSJNOCwyMCBMMjAsMjAgTDIwLDggTDgsOCBMOCwyMCBaIE0yMCwyMiBMOCwyMiBDNi44OTYsMjEuOTk5IDYuMDAxLDIxLjEwNCA2LDIwIEw2LDggQzYuMDAxLDYuODk2IDYuODk2LDYuMDAxIDgsNiBMMjAsNiBDMjEuMTA0LDYuMDAxIDIxLjk5OSw2Ljg5NiAyMiw4IEwyMiwyMCBDMjEuOTk5LDIxLjEwNCAyMS4xMDQsMjEuOTk5IDIwLDIyIEwyMCwyMiBaIiBpZD0iRmlsbC0xIiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICAgICAgPHBhdGggZD0iTTUuOTk5OCwyOCBMMS45OTk4LDI4IEMwLjg5NTgsMjcuOTk5IDAuMDAwOCwyNy4xMDQgLTAuMDAwMiwyNiBMLTAuMDAwMiwyIEMwLjAwMDgsMC44OTYgMC44OTU4LDAuMDAxIDEuOTk5OCwwIEw1Ljk5OTgsMCBMNS45OTk4LDIgTDEuOTk5OCwyIEwxLjk5OTgsMjYgTDUuOTk5OCwyNiBMNS45OTk4LDI4IFoiIGlkPSJGaWxsLTMiIGZpbGw9IiMwMDAwMDAiIG1hc2s9InVybCgjbWFzay0yKSI%2BPC9wYXRoPgogICAgICAgICAgICA8cGF0aCBkPSJNMjYuMDAwMywyOCBMMjIuMDAwMywyOCBMMjIuMDAwMywyNiBMMjYuMDAwMywyNiBMMjYuMDAwMywyIEwyMi4wMDAzLDIgTDIyLjAwMDMsMCBMMjYuMDAwMywwIEMyNy4xMDQzLDAuMDAxIDI3Ljk5OTMsMC44OTYgMjguMDAwMywyIEwyOC4wMDAzLDI2IEMyNy45OTkzLDI3LjEwNCAyNy4xMDQzLDI3Ljk5OSAyNi4wMDAzLDI4IiBpZD0iRmlsbC00IiBmaWxsPSIjMDAwMDAwIiBtYXNrPSJ1cmwoI21hc2stMikiPjwvcGF0aD4KICAgICAgICA8L2c%2BCiAgICA8L2c%2BCjwvc3ZnPg%3D%3D%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22778%22%20y%3D%22136.84000000000006%22%20width%3D%2224%22%20height%3D%2223.17%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E       Resource Group
%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%2...
              Object Storage

              Object Storage Event Notifications bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketAT events bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogs
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
out
out
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity Tr...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From bec8c27482e57d6dcf624ef20c621fee172b726c Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 14:34:44 +0100 Subject: [PATCH 10/35] fully configurable --- ibm_catalog.json | 1 + 1 file changed, 1 insertion(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 5b84f8f..8fd89ac 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -73,6 +73,7 @@ "label": "Standard", "name": "standard-fully-config", "index": 1, + "working_directory": "./", "compliance": { "authority": "scc-v3", "profiles": [ From 1e7828d5c4a874d632dcb0549ead9161cf5a5961 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 15:06:57 +0100 Subject: [PATCH 11/35] fully configurable --- stack_definition.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index ce96d00..d993a6f 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -192,6 +192,10 @@ "name": "skip_cos_kms_auth_policy", "value": false }, + { + "name": "kms_encryption_enabled", + "value": true + }, { "name": "kms_endpoint_url", "value": "ref:../../members/1a - Key management/outputs/kms_private_endpoint" @@ -246,6 +250,10 @@ "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, + { + "name": "kms_encryption_enabled_buckets", + "value": true + }, { "name": "kms_endpoint_type", "value": "private" @@ -276,6 +284,10 @@ "name": "existing_cos_instance_crn", "value": "ref:../../members/1b - Object storage/outputs/cos_instance_crn" }, + { + "name": "kms_encryption_enabled_buckets", + "value": true + }, { "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" From de892ee7ec96c378be87178d22c9d398e7b924c3 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 15:37:50 +0100 Subject: [PATCH 12/35] fully configurable --- stack_definition.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index d993a6f..c9206f3 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -184,6 +184,10 @@ "name": "existing_cos_instance_crn", "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" }, + { + "name": "cos_integration_enabled", + "value": true + }, { "name": "existing_event_notifications_instance_crn", "value": "ref:../../inputs/existing_event_notifications_instance_crn" From 317c02b5fb723f2b3c04b6ac273c1056339a3ecf Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 16:39:34 +0100 Subject: [PATCH 13/35] fully configurable --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index c9206f3..ddb7575 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -185,7 +185,7 @@ "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" }, { - "name": "cos_integration_enabled", + "name": "enable_collecting_failed_events", "value": true }, { From a83205665ef02d221312f41476edb905ec04acab Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 17:09:27 +0100 Subject: [PATCH 14/35] fully configurable --- stack_definition.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index ddb7575..09ba4ee 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -368,6 +368,10 @@ "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, + { + "name": "kms_encryption_enabled", + "value": true + }, { "name": "existing_event_notifications_instance_crn", "value": "ref:../../members/2 - Event Notifications/outputs/crn" @@ -448,6 +452,10 @@ "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, + { + "name": "kms_encryption_enabled_buckets", + "value": true + }, { "name": "kms_endpoint_type", "value": "private" From febce29fb234ea796ffb2be3eec473cd3af73e75 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Mon, 22 Sep 2025 18:41:04 +0100 Subject: [PATCH 15/35] fully configurable --- stack_definition.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/stack_definition.json b/stack_definition.json index 09ba4ee..a3785ea 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -467,6 +467,10 @@ { "name": "existing_cloud_logs_instance_crn", "value": "ref:../../members/3b - Cloud Logs for activity tracking/outputs/cloud_logs_crn" + }, + { + "name": "enable_activity_tracker_event_routing_to_cos_bucket", + "value": true } ], "name": "4b - Activity Tracker Event Routing", From b3cc3f243af46fd2686e4791e92666536274d28c Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 10:48:39 +0100 Subject: [PATCH 16/35] fully configurable --- stack_definition.json | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index a3785ea..ee956a3 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -265,6 +265,10 @@ { "name": "logs_routing_tenant_regions", "value": "ref:../../inputs/logs_routing_tenant_regions" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3a - Cloud Logs for logging", @@ -304,9 +308,21 @@ "name": "logs_routing_tenant_regions", "value": [] }, + { + "name": "cloud_logs_data_cos_bucket_name", + "value": "at-cloud-logs-logs-bucket" + }, + { + "name": "cloud_logs_metrics_cos_bucket_name", + "value": "at-cloud-logs-metrics-bucket" + }, { "name": "cloud_logs_instance_name", "value": "at-cloud-logs" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3b - Cloud Logs for activity tracking", @@ -345,10 +361,26 @@ { "name": "config_aggregator_enterprise_account_ids_to_assign", "value": "ref:../../inputs/enterprise_account_ids_to_assign" + }, + { + "name": "kms_encryption_enabled", + "value": true + }, + { + "name": "existing_kms_instance_crn", + "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" + }, + { + "name": "enable_event_notifications", + "value": true + }, + { + "name": "existing_event_notifications_instance_crn", + "value": "ref:../../members/2 - Event Notifications/outputs/crn" } ], "name": "3c - App Configuration", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.dfa78503-d833-49dd-9140-dbde8124d734-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b61bd179-3aa9-4763-9f0b-02815398b76e-global" }, { "inputs": [ From 80a80c6fbc478ad7e1b993e9324965e303dc9ff7 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 11:01:39 +0100 Subject: [PATCH 17/35] fully configurable --- stack_definition.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index ee956a3..a938a21 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -136,7 +136,7 @@ } ], "name": "1a - Key management", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.466c0738-68d1-4b8d-8854-f85e01853f10-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.3820c511-3ea2-43b9-8945-5eb7772001b6-global" }, { "inputs": [ @@ -154,7 +154,7 @@ } ], "name": "1b - Object storage", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.79a61ce0-d4fa-4f1a-b6c5-5ca23b13ff06-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.30851389-2ab5-4be5-8674-7ef756cb372d-global" }, { "inputs": [ @@ -176,7 +176,7 @@ } ], "name": "1c - Cloud Monitoring", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e8444cee-432d-4af3-9211-d19cb739f4a3-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.8028a206-0824-4ad6-af24-b9fb70cce2ac-global" }, { "inputs": [ @@ -230,7 +230,7 @@ } ], "name": "2 - Event Notifications", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.7a066de3-c8bd-4068-9044-6132e95cad6f-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.fa8ebdf4-db44-4e25-9846-9278b516cd73-global" }, { "inputs": [ @@ -272,7 +272,7 @@ } ], "name": "3a - Cloud Logs for logging", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ee855d83-2f87-4d0e-bc0d-66c11ba66902-global" }, { "inputs": [ @@ -326,7 +326,7 @@ } ], "name": "3b - Cloud Logs for activity tracking", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.643fbe72-a630-43f3-8cc2-77bccb15f604-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ee855d83-2f87-4d0e-bc0d-66c11ba66902-global" }, { "inputs": [ @@ -434,7 +434,7 @@ } ], "name": "3d - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.e204ceb9-6339-4c6f-b627-c648ae45cd97-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.63d15a72-ea75-4cc9-841a-83908095eef3-global" }, { "inputs": [ @@ -468,7 +468,7 @@ } ], "name": "4a - Security and Compliance Center Workload Protection", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.66462c31-0922-43f6-9b26-4f9fb1b69c83-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.b2cd208d-f893-4e44-bc2e-b9997e3a8153-global" }, { "inputs": [ @@ -506,7 +506,7 @@ } ], "name": "4b - Activity Tracker Event Routing", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.f5984196-27e2-418d-a0d3-2b6cbcda537c-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.6cec6dd7-d4e4-4bec-8f94-da26611d42a5-global" } ], "outputs": [ From c729d90e70e9a4dd9687736a85f794194f5280c1 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 11:49:58 +0100 Subject: [PATCH 18/35] fully configurable --- stack_definition.json | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index a938a21..4551f7e 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -75,13 +75,6 @@ "type": "boolean", "hidden": false }, - { - "name": "app_config_service_plan", - "required": false, - "type": "string", - "hidden": false, - "custom_config": {} - }, { "name": "scc_workload_protection_service_plan", "required": false, @@ -344,7 +337,11 @@ }, { "name": "app_config_plan", - "value": "ref:../../inputs/app_config_service_plan" + "value": "enterprise" + }, + { + "name": "kms_endpoint_url", + "value": "ref:../../members/1a - Key management/outputs/kms_private_endpoint" }, { "name": "enable_config_aggregator", @@ -377,6 +374,10 @@ { "name": "existing_event_notifications_instance_crn", "value": "ref:../../members/2 - Event Notifications/outputs/crn" + }, + { + "name": "event_notifications_endpoint_url", + "value": "ref:../../members/2 - Event Notifications/outputs/event_notifications_private_endpoint" } ], "name": "3c - App Configuration", From 449a11fe1780a962f3bad1360c87c451b3f1739d Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 11:57:14 +0100 Subject: [PATCH 19/35] fully configurable --- stack_definition.json | 8 -------- 1 file changed, 8 deletions(-) diff --git a/stack_definition.json b/stack_definition.json index 4551f7e..d15b8c5 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -258,10 +258,6 @@ { "name": "logs_routing_tenant_regions", "value": "ref:../../inputs/logs_routing_tenant_regions" - }, - { - "name": "existing_event_notifications_instances", - "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3a - Cloud Logs for logging", @@ -312,10 +308,6 @@ { "name": "cloud_logs_instance_name", "value": "at-cloud-logs" - }, - { - "name": "existing_event_notifications_instances", - "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3b - Cloud Logs for activity tracking", From 6a7f9f8f3b728a57c3f7d4b3ddb30e96c1addff0 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 15:30:08 +0100 Subject: [PATCH 20/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index 543b36e..d30c767 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
out
out
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity Tr...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
out
out
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From 55907170927180422fb0b9cb23b3293b49aa4b87 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 15:32:25 +0100 Subject: [PATCH 21/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index d30c767..6c2eac9 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
out
out
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From a8590e7932b852d173ad35a6b486387a7dc0ed6d Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 15:33:07 +0100 Subject: [PATCH 22/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index 6c2eac9..cfa3696 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From 1d0e49227fe17d1b0b66b9684da51675e663e58b Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 15:33:53 +0100 Subject: [PATCH 23/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index cfa3696..174c4c8 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From 347874cf09a4a871308b52f4e2ca72db1c80a754 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 15:37:30 +0100 Subject: [PATCH 24/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index 174c4c8..d2097a9 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file From 97eb2364ab106aa8f8cb883b0118fbfd5e2427f3 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Wed, 24 Sep 2025 17:06:43 +0100 Subject: [PATCH 25/35] fully configurable --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 8fd89ac..9c543d0 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -225,7 +225,7 @@ "key": "existing_resource_group_name", "type": "string", "default_value": "Default", - "description": "The name of an existing resource group to provision all resources to.", + "description": "The name of an existing resource group to provision the resources.", "required": true, "custom_config": { "type": "resource_group", From 0f12b1bd8394fe13f41da03f6c6befadebebb697 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 12:27:37 +0100 Subject: [PATCH 26/35] fully configurable --- ibm_catalog.json | 42 ++++++++++++++++++++++++++-- stack_definition.json | 64 +++++++++++++++++++++++++++---------------- 2 files changed, 80 insertions(+), 26 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e524629..6ba1e11 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -258,15 +258,51 @@ "required": false }, { - "display_name": "event_notifications_email_list", - "key": "en_email_list", + "key": "key_protect_plan", + "type": "string", + "default_value": "tiered-pricing", + "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. Learn more: https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan", + "required": false, + "options": [ + { + "displayname": "tiered-pricing", + "value": "tiered-pricing" + }, + { + "displayname": "cross-region-resiliency", + "value": "cross-region-resiliency" + } + ] + }, + { + "key": "cloud_monitoring_plan", + "type": "string", + "default_value": "graduated-tier", + "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and `graduated-tier-sysdig-secure-plus-monitor` (available in region eu-fr2 only). Learn more https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans", + "required": false, + "options": [ + { + "displayname": "lite", + "value": "lite" + }, + { + "displayname": "graduated-tier", + "value": "graduated-tier" + }, + { + "displayname": "graduated-tier-sysdig-secure-plus-monitor (Available in eu-fr2 region only.)", + "value": "graduated-tier-sysdig-secure-plus-monitor" + } + ] + }, + { + "key": "event_notifications_email_list", "type": "array", "default_value": [], "description": "List of emails to configure event notifications.", "required": false }, { - "display_name": "existing_event_notifications_instance_crn", "key": "existing_event_notifications_instance_crn", "type": "string", "default_value": "__NULL__", diff --git a/stack_definition.json b/stack_definition.json index d15b8c5..0da1c18 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -43,7 +43,7 @@ "custom_config": {} }, { - "name": "en_email_list", + "name": "event_notifications_email_list", "required": false, "type": "array", "hidden": false, @@ -69,6 +69,20 @@ "hidden": false, "custom_config": {} }, + { + "name": "key_protect_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, + { + "name": "cloud_monitoring_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, { "name": "skip_secrets_manager_iam_auth_policy", "required": false, @@ -124,8 +138,8 @@ "value": "ref:../../inputs/prefix" }, { - "name": "key_protect_instance_name", - "value": "base-security-services-kms" + "name": "key_protect_plan", + "value": "ref:../../inputs/key_protect_plan" } ], "name": "1a - Key management", @@ -137,10 +151,6 @@ "name": "existing_resource_group_name", "value": "ref:../../inputs/existing_resource_group_name" }, - { - "name": "instance_name", - "value": "core-services" - }, { "name": "prefix", "value": "ref:../../inputs/prefix" @@ -166,6 +176,10 @@ { "name": "enable_platform_metrics", "value": "ref:../../inputs/enable_platform_metrics" + }, + { + "name": "cloud_monitoring_plan", + "value": "ref:../../inputs/cloud_monitoring_plan" } ], "name": "1c - Cloud Monitoring", @@ -185,10 +199,6 @@ "name": "existing_event_notifications_instance_crn", "value": "ref:../../inputs/existing_event_notifications_instance_crn" }, - { - "name": "skip_cos_kms_auth_policy", - "value": false - }, { "name": "kms_encryption_enabled", "value": true @@ -247,6 +257,10 @@ "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, + { + "name": "existing_monitoring_crn", + "value": "ref:../../members/1c - Cloud Monitoring/outputs/cloud_monitoring_crn" + }, { "name": "kms_encryption_enabled_buckets", "value": true @@ -258,6 +272,10 @@ { "name": "logs_routing_tenant_regions", "value": "ref:../../inputs/logs_routing_tenant_regions" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3a - Cloud Logs for logging", @@ -289,6 +307,10 @@ "name": "existing_kms_instance_crn", "value": "ref:../../members/1a - Key management/outputs/kms_instance_crn" }, + { + "name": "existing_monitoring_crn", + "value": "ref:../../members/1c - Cloud Monitoring/outputs/cloud_monitoring_crn" + }, { "name": "kms_endpoint_type", "value": "private" @@ -308,6 +330,10 @@ { "name": "cloud_logs_instance_name", "value": "at-cloud-logs" + }, + { + "name": "existing_event_notifications_instances", + "value": "ref:../../members/2 - Event Notifications/outputs/crn_list_object" } ], "name": "3b - Cloud Logs for activity tracking", @@ -370,6 +396,10 @@ { "name": "event_notifications_endpoint_url", "value": "ref:../../members/2 - Event Notifications/outputs/event_notifications_private_endpoint" + }, + { + "name": "event_notifications_email_list", + "value": "ref:../../inputs/event_notifications_email_list" } ], "name": "3c - App Configuration", @@ -409,18 +439,6 @@ "name": "service_plan", "value": "ref:../../inputs/sm_service_plan" }, - { - "name": "kms_key_ring_name", - "value": "sm-cos-key-ring" - }, - { - "name": "kms_key_name", - "value": "sm-cos-key" - }, - { - "name": "secrets_manager_instance_name", - "value": "base-security-services-sm" - }, { "name": "skip_secrets_manager_iam_auth_policy", "value": "ref:../../inputs/skip_secrets_manager_iam_auth_policy" From d8f3cb78612c6ee0510ae40f9f690172f45700d2 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 13:43:24 +0100 Subject: [PATCH 27/35] fully configurable --- ibm_catalog.json | 18 +++++++++--------- stack_definition.json | 9 ++++++++- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 6ba1e11..1e6134f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -70,7 +70,7 @@ ], "flavors": [ { - "label": "Standard", + "label": "Click and go", "name": "standard-fully-config", "index": 1, "working_directory": "./", @@ -261,15 +261,15 @@ "key": "key_protect_plan", "type": "string", "default_value": "tiered-pricing", - "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. Learn more: https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan", + "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. Learn more [here](https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan).", "required": false, "options": [ { - "displayname": "tiered-pricing", + "displayname": "Standard", "value": "tiered-pricing" }, { - "displayname": "cross-region-resiliency", + "displayname": "Cross-region Resiliency", "value": "cross-region-resiliency" } ] @@ -278,19 +278,19 @@ "key": "cloud_monitoring_plan", "type": "string", "default_value": "graduated-tier", - "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and `graduated-tier-sysdig-secure-plus-monitor` (available in region eu-fr2 only). Learn more https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans", + "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and `graduated-tier-sysdig-secure-plus-monitor` (available in region eu-fr2 only). Learn more [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)", "required": false, "options": [ { - "displayname": "lite", + "displayname": "Lite", "value": "lite" }, { - "displayname": "graduated-tier", + "displayname": "Graduated Tier", "value": "graduated-tier" }, { - "displayname": "graduated-tier-sysdig-secure-plus-monitor (Available in eu-fr2 region only.)", + "displayname": "Graduated Tier - Sysdig Secure + Monitor (Available in eu-fr2 region only.)", "value": "graduated-tier-sysdig-secure-plus-monitor" } ] @@ -343,7 +343,7 @@ "required": false }, { - "key": "app_config_service_plan", + "key": "app_config_plan", "type": "string", "default_value": "basic", "description": "The pricing plan to use for the IBM Cloud App Configuration instance.", diff --git a/stack_definition.json b/stack_definition.json index 0da1c18..cf522b4 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -69,6 +69,13 @@ "hidden": false, "custom_config": {} }, + { + "name": "app_config_plan", + "required": false, + "type": "string", + "hidden": false, + "custom_config": {} + }, { "name": "key_protect_plan", "required": false, @@ -355,7 +362,7 @@ }, { "name": "app_config_plan", - "value": "enterprise" + "value": "ref:../../inputs/app_config_plan" }, { "name": "kms_endpoint_url", From 94eb85ccb899e900a3bd6e37848bf6c8d39ea3b6 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 14:01:30 +0100 Subject: [PATCH 28/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index d2097a9..f3cedf3 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group
              Object Storage

              Object Storage AT events bucketCloud Logs bucketCloud LogsMetrics bucketActivity TrackerbucketActivity TrackerMetrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App
configuration
App...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloudLogsCloud Logsfor Activity Tracking
Region
RegionText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group

 AT events bucketCloud Logs bucketCloud LogsMetrics bucketCloud Logs forAT data bucketCloud Logs forAT metrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App Configuration
App Config...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloud Logsfor loggingCloud Logsfor ActivityTracking
Region
Region
Object Storage Instance
Object Storage InstanceText is not SVG - cannot display \ No newline at end of file From 28ab79bfc810b4a5a4a4169e8e5baabe414c98be Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 14:09:10 +0100 Subject: [PATCH 29/35] fully configurable --- ibm_catalog.json | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 1e6134f..b839a16 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -261,7 +261,7 @@ "key": "key_protect_plan", "type": "string", "default_value": "tiered-pricing", - "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. Learn more [here](https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan).", + "description": "The service plan of the Key Protect instance that will be provisioned by this solution. Only used if not supplying `existing_kms_instance_crn`. [Learn more](https://cloud.ibm.com/docs/key-protect?topic=key-protect-pricing-plan).", "required": false, "options": [ { @@ -278,7 +278,7 @@ "key": "cloud_monitoring_plan", "type": "string", "default_value": "graduated-tier", - "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and `graduated-tier-sysdig-secure-plus-monitor` (available in region eu-fr2 only). Learn more [here](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)", + "description": "The IBM Cloud Monitoring plan to provision. Available values are `lite` and `graduated-tier` and `graduated-tier-sysdig-secure-plus-monitor` (available in region eu-fr2 only). [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-service_plans)", "required": false, "options": [ { @@ -288,10 +288,6 @@ { "displayname": "Graduated Tier", "value": "graduated-tier" - }, - { - "displayname": "Graduated Tier - Sysdig Secure + Monitor (Available in eu-fr2 region only.)", - "value": "graduated-tier-sysdig-secure-plus-monitor" } ] }, From e033ee7816792ecee309356d4946ca7026658258 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 14:16:14 +0100 Subject: [PATCH 30/35] fully configurable --- reference-architectures/core-security-services-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-architectures/core-security-services-architecture.svg b/reference-architectures/core-security-services-architecture.svg index f3cedf3..f8dc601 100644 --- a/reference-architectures/core-security-services-architecture.svg +++ b/reference-architectures/core-security-services-architecture.svg @@ -1,4 +1,4 @@ -
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group

 AT events bucketCloud Logs bucketCloud LogsMetrics bucketCloud Logs forAT data bucketCloud Logs forAT metrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App Configuration
App Config...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloud Logsfor loggingCloud Logsfor ActivityTracking
Region
Region
Object Storage Instance
Object Storage InstanceText is not SVG - cannot display \ No newline at end of file +
IBM Cloud
IBM Cloud
     Resource Group
     Resource Group

 AT events bucketCloud Logs bucketCloud LogsMetrics bucketCloud Logs forAT data bucketCloud Logs forAT metrics bucketEvent Notifications bucket
Secrets Manager
Secrets Ma...
Key Protect
Key Protect
Event Notifications
Event Noti...
Activity Tracking Event Routing
Activity T...
Cloud Monitoring
Cloud Moni...
App Configuration
App Config...
SCC Workload Protection
SCC Worklo...
IAM Engine
IAM EngineCloud Logsfor loggingCloud Logsfor ActivityTracking
Region
Region
Object Storage Instance
Object Storage InstanceText is not SVG - cannot display \ No newline at end of file From ab633e7db8c25824d4d059328261b0c25101c2d4 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Thu, 25 Sep 2025 15:15:31 +0100 Subject: [PATCH 31/35] fully configurable --- ibm_catalog.json | 2 +- tests/pr_test.go | 2 +- tests/resources/main.tf | 11 +++++++++++ tests/resources/outputs.tf | 5 +++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b839a16..bf738e3 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -341,7 +341,7 @@ { "key": "app_config_plan", "type": "string", - "default_value": "basic", + "default_value": "enterprise", "description": "The pricing plan to use for the IBM Cloud App Configuration instance.", "required": false, "options": [ diff --git a/tests/pr_test.go b/tests/pr_test.go index 22030b3..f76e813 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -121,7 +121,7 @@ func TestProjectsExistingResourcesTest(t *testing.T) { "enable_platform_metrics": false, "existing_secrets_manager_crn": terraform.Output(t, existingTerraformOptions, "secrets_manager_instance_crn"), "skip_iam_authorization_policy": true, // skip as s2s auth policy was already created for existing instance - "existing_kms_instance_crn": permanentResources["hpcs_south_crn"], + "existing_kms_instance_crn": terraform.Output(t, existingTerraformOptions, "key_project_instance_crn"), "en_email_list": []string{"GoldenEye.Operations@ibm.com"}, } diff --git a/tests/resources/main.tf b/tests/resources/main.tf index 0f15212..ca6a105 100644 --- a/tests/resources/main.tf +++ b/tests/resources/main.tf @@ -38,3 +38,14 @@ module "secrets_manager" { sm_service_plan = "trial" sm_tags = var.resource_tags } + +############################################################################## +# Key Protect +############################################################################## + +module "key_protect" { + source = "terraform-ibm-modules/kms-all-inclusive/ibm" + version= "5.2.2" + resource_group_id = module.resource_group.resource_group_id + region = var.region +} diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index 567941d..c2a2523 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -27,3 +27,8 @@ output "secrets_manager_instance_crn" { value = module.secrets_manager.secrets_manager_crn description = "CRN of created secret manager instance" } + +output "key_project_instance_crn" { + value = module.key_protect.key_protect_crn + description = "CRN of created Key Protect instance" +} \ No newline at end of file From 3068224b36ef4cd64ae04265bde708eab095303a Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Fri, 26 Sep 2025 09:25:32 +0100 Subject: [PATCH 32/35] fully configurable --- .catalog-onboard-pipeline.yaml | 2 +- ibm_catalog.json | 2 +- stack_definition.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index e0c799a..e0bed0f 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -6,7 +6,7 @@ offerings: catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd offering_id: 0294f96e-7314-48d1-a710-c08a541b2119 variations: - - name: standard + - name: click-and-go mark_ready: false install_type: fullstack format_kind: stack diff --git a/ibm_catalog.json b/ibm_catalog.json index bf738e3..4f786f7 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -71,7 +71,7 @@ "flavors": [ { "label": "Click and go", - "name": "standard-fully-config", + "name": "click-and-go", "index": 1, "working_directory": "./", "compliance": { diff --git a/stack_definition.json b/stack_definition.json index cf522b4..fd0b74c 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -545,7 +545,7 @@ "value": "ref:../../members/1b - Object storage/outputs/cos_instance_id" }, { - "name": "en_crn", + "name": "event_notifications_crn", "value": "ref:../../members/2 - Event Notifications/outputs/crn" }, { From 3b693f9418e51735e0673111961f92433b6e40a9 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Fri, 26 Sep 2025 09:30:47 +0100 Subject: [PATCH 33/35] fully configurable --- tests/resources/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/resources/outputs.tf b/tests/resources/outputs.tf index c2a2523..b495961 100644 --- a/tests/resources/outputs.tf +++ b/tests/resources/outputs.tf @@ -31,4 +31,4 @@ output "secrets_manager_instance_crn" { output "key_project_instance_crn" { value = module.key_protect.key_protect_crn description = "CRN of created Key Protect instance" -} \ No newline at end of file +} From 55dd5cb671aaf5635a6fd2d08579cba3db7efee4 Mon Sep 17 00:00:00 2001 From: Rajat Agrawal Date: Fri, 26 Sep 2025 10:59:01 +0100 Subject: [PATCH 34/35] fully configurable --- ibm_catalog.json | 3 +-- stack_definition.json | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4f786f7..791bb4f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -313,8 +313,7 @@ "required": false }, { - "display_name": "secrets_manager_service_plan", - "key": "sm_service_plan", + "key": "secrets_manager_service_plan", "type": "string", "default_value": "standard", "description": "The pricing plan to use for IBM Cloud Secrets Manager. Not used if `existing_secrets_manager_crn` is specified.", diff --git a/stack_definition.json b/stack_definition.json index fd0b74c..ca91204 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -63,7 +63,7 @@ "custom_config": {} }, { - "name": "sm_service_plan", + "name": "secrets_manager_service_plan", "required": false, "type": "string", "hidden": false, @@ -444,7 +444,7 @@ }, { "name": "service_plan", - "value": "ref:../../inputs/sm_service_plan" + "value": "ref:../../inputs/secrets_manager_service_plan" }, { "name": "skip_secrets_manager_iam_auth_policy", From 8a80211cc7d1e6a4c9fd9cc171f55e26df038e8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Conall=20=C3=93=20Cofaigh?= Date: Fri, 26 Sep 2025 14:13:27 +0100 Subject: [PATCH 35/35] Update stack_definition.json --- stack_definition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_definition.json b/stack_definition.json index ca91204..747b71a 100644 --- a/stack_definition.json +++ b/stack_definition.json @@ -452,7 +452,7 @@ } ], "name": "3d - Secrets Manager", - "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.63d15a72-ea75-4cc9-841a-83908095eef3-global" + "version_locator": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3.ceff0818-e9de-45e6-b785-4c8ad786e6bb-global" }, { "inputs": [