|
1 | | -# Event Notification module |
| 1 | +# IBM Cloud Event Notifications module |
| 2 | + |
2 | 3 | [-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status) |
3 | 4 | [](https://github.com/pre-commit/pre-commit) |
4 | 5 | [](https://github.com/terraform-ibm-modules/terraform-ibm-event-notifications/releases/latest) |
5 | 6 | [](https://renovatebot.com/) |
6 | 7 | [](https://github.com/semantic-release/semantic-release) |
7 | 8 |
|
8 | | -A module to create IBM Cloud Event Notifications. |
| 9 | +This module is used to create an IBM Cloud Event Notifications instance to filter and route event notifications from IBM Cloud services like monitoring, to communication channels like email, SMS, and webhooks. Event Notifications provides you information about critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. For more information, see [Getting started with Event Notifications](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-getting-started). |
| 10 | + |
9 | 11 |
|
10 | 12 | <!-- BEGIN OVERVIEW HOOK --> |
11 | 13 | ## Overview |
@@ -42,24 +44,24 @@ module "event_notification" { |
42 | 44 |
|
43 | 45 | ### Required IAM access policies |
44 | 46 |
|
45 | | -You need the following permissions to run this module. |
| 47 | +You need the following permissions to run this module: |
46 | 48 |
|
47 | | -- Account Management |
48 | | - - **Event Notification** service |
| 49 | +* Account Management |
| 50 | + - **Event Notifications** service |
49 | 51 | - Platform Management Roles |
50 | 52 | - `Editor` platform role access |
51 | 53 |
|
52 | | -To create service credentials, access to Event Notifications and access to call the Event Notifications API, you need the following access. |
| 54 | +To create service credentials, access the Event Notifications service, and access to call the Event Notifications API, you need the following access: |
53 | 55 |
|
54 | | -- Service Access Roles |
55 | | - - `Reader` - View Event Notifications instance data |
56 | | - - `Writer` - View and edit an Event Notifications instance |
57 | | - - `Channel Editor` - View, create, and delete Event Notifications subscriptions |
58 | | - - `Manager` - View, edit, and delete data in an Event Notifications instance |
59 | | - - `Service Configuration Reader` - Read services configuration for Governance management |
60 | | - - `Event Source Manager` - Source integration with Event Notifications by using service to service authorization |
61 | | - - `Event Notifications Publisher` - Create notification and view notifications count |
62 | | - - `Device Manager` - Custom role to handle push device registration with the Event Notifications service |
| 56 | +* Service access roles |
| 57 | + * `Reader` - View Event Notifications instance data |
| 58 | + * `Writer` - View and edit an Event Notifications instance |
| 59 | + * `Channel Editor` - View, create, and delete Event Notifications subscriptions |
| 60 | + * `Manager` - View, edit, and delete data in an Event Notifications instance |
| 61 | + * `Service Configuration Reader` - Read services configuration for Governance management |
| 62 | + * `Event Source Manager` - Source integration with Event Notifications by using service to service authorization |
| 63 | + * `Event Notifications Publisher` - Create notification and view notifications count |
| 64 | + * `Device Manager` - Custom role to handle push device registration with the Event Notifications service |
63 | 65 |
|
64 | 66 | <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
65 | 67 | ### Requirements |
@@ -91,29 +93,29 @@ To create service credentials, access to Event Notifications and access to call |
91 | 93 |
|
92 | 94 | | Name | Description | Type | Default | Required | |
93 | 95 | |------|-------------|------|---------|:--------:| |
94 | | -| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of CBR rules to create | <pre>list(object({<br> description = string<br> account_id = string<br> rule_contexts = list(object({<br> attributes = optional(list(object({<br> name = string<br> value = string<br> }))) }))<br> enforcement_mode = string<br> }))</pre> | `[]` | no | |
95 | | -| <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if var.kms\_encryption\_enabled is set to true | `string` | `null` | no | |
96 | | -| <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set this to true to control the encryption keys used to encrypt the data that you store in Event Notification. If set to false, the data is encrypted by using randomly generated keys. For more info on Managing Encryption, see https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-managing-encryption | `bool` | `false` | no | |
97 | | -| <a name="input_kms_endpoint_url"></a> [kms\_endpoint\_url](#input\_kms\_endpoint\_url) | The KMS endpoint URL to use when configuring KMS encryption. HPCS endpoint URL format- https://api.private.<REGION>.hs-crypto.cloud.ibm.com:<port> and KP endpoint URL format- https://<REGION>.kms.cloud.ibm.com | `string` | `null` | no | |
98 | | -| <a name="input_name"></a> [name](#input\_name) | The name to give the IBM Event Notification instance created by this module. | `string` | n/a | yes | |
99 | | -| <a name="input_plan"></a> [plan](#input\_plan) | Plan for the event notification instance : lite or standard | `string` | `"standard"` | no | |
100 | | -| <a name="input_region"></a> [region](#input\_region) | IBM Cloud region where event notification will be created, supported regions are: us-south (Dallas), eu-gb (London), eu-de (Frankfurt), au-syd (Sydney), eu-es (Madrid) | `string` | `"us-south"` | no | |
101 | | -| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the Event Notification instance will be created. | `string` | n/a | yes | |
102 | | -| <a name="input_root_key_id"></a> [root\_key\_id](#input\_root\_key\_id) | The Key ID of a root key, existing in the KMS instance passed in var.existing\_kms\_instance\_crn, which will be used to encrypt the data encryption keys (DEKs) which are then used to encrypt the data. Required if var.kms\_encryption\_enabled is set to true. | `string` | `null` | no | |
103 | | -| <a name="input_service_credential_names"></a> [service\_credential\_names](#input\_service\_credential\_names) | Map of name, role for service credentials that you want to create for the event notification | `map(string)` | `{}` | no | |
104 | | -| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Specify whether you want to enable the public or both public and private service endpoints. Supported values are 'public' or 'public-and-private'. | `string` | `"public-and-private"` | no | |
105 | | -| <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits all Event Notification instances in the resource group to read the encryption key from the KMS instance. No policy is created if var.kms\_encryption\_enabled is set to false. | `bool` | `false` | no | |
106 | | -| <a name="input_tags"></a> [tags](#input\_tags) | Optional list of tags to be added to the Event Notification instance | `list(string)` | `[]` | no | |
| 96 | +| <a name="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules) | The list of context-based restrictions rules to create. | <pre>list(object({<br> description = string<br> account_id = string<br> rule_contexts = list(object({<br> attributes = optional(list(object({<br> name = string<br> value = string<br> }))) }))<br> enforcement_mode = string<br> }))</pre> | `[]` | no | |
| 97 | +| <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if `var.kms_encryption_enabled` is set to `true`. | `string` | `null` | no | |
| 98 | +| <a name="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled) | Set to `true` to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to `false`, the data is encrypted by using randomly generated keys. For more information, see [Managing encryption](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-managing-encryption). | `bool` | `false` | no | |
| 99 | +| <a name="input_kms_endpoint_url"></a> [kms\_endpoint\_url](#input\_kms\_endpoint\_url) | The URL of the KMS endpoint to use when configuring KMS encryption. The Hyper Protect Crypto Services endpoint URL format is `https://api.private.<REGION>.hs-crypto.cloud.ibm.com:<port>` and the Key Protect endpoint URL format is `https://<REGION>.kms.cloud.ibm.com`. | `string` | `null` | no | |
| 100 | +| <a name="input_name"></a> [name](#input\_name) | The name of the Event Notifications instance that is created by this module. | `string` | n/a | yes | |
| 101 | +| <a name="input_plan"></a> [plan](#input\_plan) | The pricing plan of the Event Notifications instance. Possible values: `Lite`, `Standard` | `string` | `"standard"` | no | |
| 102 | +| <a name="input_region"></a> [region](#input\_region) | The IBM Cloud region where the Event Notifications resource is created. Possible values: `us-south` (Dallas), `eu-gb` (London), `eu-de` (Frankfurt), `au-syd` (Sydney), `eu-es` (Madrid) | `string` | `"us-south"` | no | |
| 103 | +| <a name="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id) | The ID of the resource group where the Event Notifications instance is created. | `string` | n/a | yes | |
| 104 | +| <a name="input_root_key_id"></a> [root\_key\_id](#input\_root\_key\_id) | The key ID of a root key, existing in the KMS instance passed in `var.existing_kms_instance_crn`, which will be used to encrypt the data encryption keys which are then used to encrypt the data. Required only if `var.kms_encryption_enabled` is set to `true`. | `string` | `null` | no | |
| 105 | +| <a name="input_service_credential_names"></a> [service\_credential\_names](#input\_service\_credential\_names) | The mapping of names and roles for service credentials that you want to create for the Event Notifications instance. | `map(string)` | `{}` | no | |
| 106 | +| <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | Specify whether you want to enable public, or both public and private service endpoints. Possible values: `public`, `public-and-private` | `string` | `"public-and-private"` | no | |
| 107 | +| <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to `true` to skip the creation of an IAM authorization policy that permits all Event Notifications instances in the resource group to read the encryption key from the KMS instance. If set to `false`, specify a value for the KMS instance in the `existing_kms_instance_guid` variable. In addition, no policy is created if `kms_encryption_enabled` is set to `false`. | `bool` | `false` | no | |
| 108 | +| <a name="input_tags"></a> [tags](#input\_tags) | The list of tags to add to the Event Notifications instance. | `list(string)` | `[]` | no | |
107 | 109 |
|
108 | 110 | ### Outputs |
109 | 111 |
|
110 | 112 | | Name | Description | |
111 | 113 | |------|-------------| |
112 | | -| <a name="output_crn"></a> [crn](#output\_crn) | Event Notification crn | |
113 | | -| <a name="output_event_notification_instance_name"></a> [event\_notification\_instance\_name](#output\_event\_notification\_instance\_name) | Event Notification name | |
114 | | -| <a name="output_guid"></a> [guid](#output\_guid) | Event Notification guid | |
115 | | -| <a name="output_service_credentials_json"></a> [service\_credentials\_json](#output\_service\_credentials\_json) | Service credentials json map | |
116 | | -| <a name="output_service_credentials_object"></a> [service\_credentials\_object](#output\_service\_credentials\_object) | Service credentials object | |
| 114 | +| <a name="output_crn"></a> [crn](#output\_crn) | The Event Notifications instance CRN. | |
| 115 | +| <a name="output_event_notification_instance_name"></a> [event\_notification\_instance\_name](#output\_event\_notification\_instance\_name) | The name of the Event Notifications instance. | |
| 116 | +| <a name="output_guid"></a> [guid](#output\_guid) | The globally unique identifier of the Event Notifications instance. | |
| 117 | +| <a name="output_service_credentials_json"></a> [service\_credentials\_json](#output\_service\_credentials\_json) | The service credentials JSON map. | |
| 118 | +| <a name="output_service_credentials_object"></a> [service\_credentials\_object](#output\_service\_credentials\_object) | The service credentials object. | |
117 | 119 | <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
118 | 120 |
|
119 | 121 | <!-- BEGIN CONTRIBUTING HOOK --> |
|
0 commit comments