Skip to content

App config Gaps fixed - Config aggregator module added #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 13 commits into from
Closed

App config Gaps fixed - Config aggregator module added #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
794fc62
service config gap first step correction
RiadhJouini Mar 29, 2025
e7c2137
service config working with central account cspm aggregation
RiadhJouini Mar 29, 2025
8a8a3d7
add repo appconfig module
RiadhJouini Mar 30, 2025
4a9663a
corrected the appconfig crn output
RiadhJouini Apr 2, 2025
59d700f
corrected the appconfig crn output in the root module
RiadhJouini Apr 2, 2025
2b958db
output templateID generated correclty
RiadhJouini Apr 4, 2025
91af9ba
corrected the enterprise_id issue
RiadhJouini Apr 4, 2025
c14aff8
trusted profile general correction
RiadhJouini Apr 4, 2025
bd88369
cleaning and adjusting
RiadhJouini Apr 8, 2025
abc6bdd
adjusting as per IBM standards
RiadhJouini Apr 10, 2025
551a8df
added README.md
RiadhJouini Apr 12, 2025
03b82d6
Update README.md
RiadhJouini Apr 12, 2025
823d4c5
deleting the appconfig folder
RiadhJouini Apr 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions modules/config_aggregator/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@

# Config Aggregator Submodule for IBM Cloud App Configuration

This submodule provisions an IBM Cloud Config Aggregator that collects and centralizes configuration data across an enterprise. It integrates with App Configuration and uses IBM IAM trusted profiles and templates to enable secure, scoped access to configuration insights across regions and accounts.

## Purpose

The `config_aggregator` module is designed to set up a configuration aggregator for your App Configuration instance, scoped either to a single account or to an IBM Cloud Enterprise. It helps consolidate resources and enforce policies across a multi-account environment by leveraging IAM Trusted Profiles and Templates.

## Use Case

Use this module when you want to:

- Enable centralized collection of resource metadata.
- Apply IAM templates and trusted profiles to configure access.
- Scope configuration insights to your enterprise.
- Automatically enable resource collection across all regions.

## Example Usage

```hcl
module "config_aggregator" {
source = "../../modules/config_aggregator"

app_config_instance_guid = module.app_config.app_config_guid
region = var.region
enterprise_id = var.enterprise_id
general_trusted_profile_id = module.trusted_profiles.trusted_profile_app_config_general.profile_id
enterprise_trusted_profile_id = module.trusted_profiles.trusted_profile_app_config_enterprise.profile_id
trusted_profile_template_id = module.trusted_profiles.trusted_profile_template_id
}
```

## Inputs

| Name | Description | Type | Required |
|------------------------------|-----------------------------------------------------------------------------|--------|----------|
| `app_config_instance_guid` | GUID of the IBM App Configuration instance | string | yes |
| `region` | IBM Cloud region where the App Config and aggregator are deployed | string | yes |
| `enterprise_id` | Enterprise ID used to scope the aggregator and profile templates | string | yes |
| `general_trusted_profile_id`| Trusted profile ID for general collection access | string | yes |
| `enterprise_trusted_profile_id` | Trusted profile ID used for enterprise-level scoped access | string | yes |
| `trusted_profile_template_id`| Template ID used to assign profiles to account groups | string | yes |

## Outputs

None currently.

## Resources Created

- `ibm_config_aggregator_settings` — The main resource that defines configuration aggregation settings.

## Behavior

This submodule enables the following behavior:

- **Resource collection** is enabled by default.
- **All regions** are included in the resource collection.
- **Enterprise scope** is configured through `additional_scope`, using the provided `enterprise_id`, `trusted_profile_template_id`, and `enterprise_trusted_profile_id`.

## Related Documentation

- [IBM Cloud App Configuration Documentation](https://cloud.ibm.com/docs/app-configuration)
- [Terraform IBM Provider](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/config_aggregator_settings)

## Notes

- Ensure that the `trusted_profile_template_id` and both trusted profile IDs are correctly created and propagated before using this module.
- This submodule should be used as part of a larger stack that includes trusted profile and App Configuration provisioning.

---

© IBM Corporation 2024
19 changes: 19 additions & 0 deletions modules/config_aggregator/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@

resource "ibm_config_aggregator_settings" "scc_wp_aggregator" {
instance_id = var.app_config_instance_guid
region = var.region
resource_collection_enabled = true
resource_collection_regions = ["all"]
trusted_profile_id = var.general_trusted_profile_id

additional_scope {
type = "Enterprise"
enterprise_id = var.enterprise_id

profile_template {
id = var.trusted_profile_template_id
trusted_profile_id = var.enterprise_trusted_profile_id
}
}
}

9 changes: 9 additions & 0 deletions modules/config_aggregator/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
output "config_aggregator_instance_id" {
description = "App Config instance ID used for aggregation"
value = var.app_config_instance_guid
}
output "scc_wp_config_aggregator_id" {
description = "ID of the SCC-WP Config Aggregator"
value = ibm_config_aggregator_settings.scc_wp_aggregator.id
}

29 changes: 29 additions & 0 deletions modules/config_aggregator/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
variable "app_config_instance_guid" {
type = string
description = "GUID of the App Configuration instance"
}

variable "region" {
type = string
description = "Region where the Config Aggregator will be deployed"
}

variable "enterprise_id" {
type = string
description = "Enterprise ID to scope the Config Aggregator"
}

variable "trusted_profile_template_id" {
type = string
description = "Trusted Profile Template ID used for additional scope"
}

variable "enterprise_trusted_profile_id" {
type = string
description = "Trusted Profile ID used to authorize resource collection scoping"
}

variable "general_trusted_profile_id" {
type = string
description = "Trusted Profile ID used to authorize resource collection"
}
9 changes: 9 additions & 0 deletions modules/config_aggregator/version.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = ">= 1.65.0, < 2.0.0"
}
}
}

4 changes: 4 additions & 0 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
########################################################################################################################
# Outputs
########################################################################################################################
output "app_config_crn" {
description = "The CRN of the App Configuration instance"
value = ibm_resource_instance.app_config.crn
}

output "app_config_guid" {
description = "GUID of the App Configuration instance"
Expand Down