terraform-ibm-modules · ocofaigh · Sep 18, 2025 · Sep 18, 2025 · Sep 18, 2025
@@ -15,8 +15,8 @@ This module is used to create an IBM Cloud Event Notifications instance to filte
 * [Submodules](./modules)
     * [fscloud](./modules/fscloud)
 * [Examples](./examples)
+    * [Advanced example with BYOK encryption and CBR rules](./examples/advanced)
     * [Basic example](./examples/basic)
-    * [Complete example with BYOK encryption and CBR rules](./examples/complete)
     * [Financial Services Cloud profile example](./examples/fscloud)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->

@@ -1,10 +1,10 @@
-# Complete example with BYOK encryption and CBR rules
+# Advanced example with BYOK encryption and CBR rules
 
 An end-to-end example that creates the following infrastructure:
 
 - A resource group, if one is not passed in.
 - A Key Protect instance with a root key.
 - An Event Notifications instance with bring-your-own-key encryption.
-- An IBM Cloud Object Storage service instance and bucket to collect events that fail delivery.
-- A Virtual Private Cloud (VPC).
 - Service credentials for the Event Notifications instance.
+- An IBM Cloud Object Storage service instance and bucket to collect events that fail delivery.
+- An Event Notifications webhook destination, topic and subscription.
@@ -70,8 +70,19 @@ module "event_notification" {
   tags                      = var.resource_tags
   access_tags               = var.access_tags
   service_endpoints         = "public"
-  service_credential_names  = var.service_credential_names
-  region                    = var.region
+  service_credential_names = {
+    "en_manager" : "Manager",
+    "en_writer" : "Writer",
+    "en_reader" : "Reader",
+    "en_channel_editor" : "Channel Editor",
+    "en_device_manager" : "Device Manager",
+    "en_event_source_manager" : "Event Source Manager",
+    "en_event_notifications_publisher" : "Event Notification Publisher",
+    "en_status_reporter" : "Status Reporter",
+    "en_email_sender" : "Email Sender",
+    "en_custom_email_status_reporter" : "Custom Email Status Reporter",
+  }
+  region = var.region
   # COS Related
   cos_integration_enabled = true
   cos_bucket_name         = module.cos.bucket_name

@@ -44,20 +44,3 @@ variable "region" {
   description = "IBM Cloud region where event notification will be created, supported regions are: us-south (Dallas), eu-gb (London), eu-de (Frankfurt), au-syd (Sydney), eu-es (Madrid)"
   default     = "us-south"
 }
-
-variable "service_credential_names" {
-  description = "Map of name, role for service credentials that you want to create for the event notification"
-  type        = map(string)
-  default = {
-    "en_manager" : "Manager",
-    "en_writer" : "Writer",
-    "en_reader" : "Reader",
-    "en_channel_editor" : "Channel Editor",
-    "en_device_manager" : "Device Manager",
-    "en_event_source_manager" : "Event Source Manager",
-    "en_event_notifications_publisher" : "Event Notification Publisher",
-    "en_status_reporter" : "Status Reporter",
-    "en_email_sender" : "Email Sender",
-    "en_custom_email_status_reporter" : "Custom Email Status Reporter",
-  }
-}
@@ -7,8 +7,7 @@ The example uses the IBM Cloud Terraform provider to create the following infras
 - A resource group, if one is not passed in.
 - An IAM authorization between all Event Notification instances in the given resource group and the KMS instance that is passed in.
 - An Event Notification instance that is encrypted with the KMS root key that is passed in.
-- A sample virtual private cloud (VPC).
-- A context-based restriction (CBR) rule to only allow Event Notification to be accessible from VPC and Schematics.
+- A context-based restriction (CBR) rule to only allow Event Notification to be accessible Schematics.
 
 :exclamation: **Important:** In this example, only the Event Notification instance complies with the IBM Cloud Framework for Financial Services. Other parts of the infrastructure do not necessarily comply.
 

@@ -18,38 +18,9 @@ data "ibm_iam_account_settings" "iam_account_settings" {
 }
 
 ##############################################################################
-# VPC
-##############################################################################
-resource "ibm_is_vpc" "example_vpc" {
-  name           = "${var.prefix}-vpc"
-  resource_group = module.resource_group.resource_group_id
-  tags           = var.resource_tags
-}
-
-resource "ibm_is_subnet" "testacc_subnet" {
-  name                     = "${var.prefix}-subnet"
-  vpc                      = ibm_is_vpc.example_vpc.id
-  zone                     = "${var.region}-1"
-  total_ipv4_address_count = 256
-  resource_group           = module.resource_group.resource_group_id
-}
-
-##############################################################################
-# Create CBR Zone
+# Create CBR Zone for Schematics
 ##############################################################################
 
-module "cbr_vpc_zone" {
-  source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
-  version          = "1.33.2"
-  name             = "${var.prefix}-VPC-network-zone"
-  zone_description = "CBR Network zone representing VPC"
-  account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
-  addresses = [{
-    type  = "vpc",
-    value = ibm_is_vpc.example_vpc.crn
-  }]
-}
-
 module "cbr_zone_schematics" {
   source           = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
   version          = "1.33.2"
@@ -132,20 +103,10 @@ module "event_notification" {
   cos_endpoint            = "https://${module.cos.buckets[local.bucket_name].s3_endpoint_direct}"
   cbr_rules = [
     {
-      description      = "${var.prefix}-event notification access from vpc and schematics"
+      description      = "${var.prefix}-event notification access from schematics"
       enforcement_mode = "enabled"
       account_id       = data.ibm_iam_account_settings.iam_account_settings.account_id
       rule_contexts = [{
-        attributes = [
-          {
-            name  = "endpointType",
-            value = "private"
-          },
-          {
-            name  = "networkZoneId"
-            value = module.cbr_vpc_zone.zone_id
-        }]
-        }, {
         attributes = [
           {
             name  = "endpointType",

@@ -696,7 +696,7 @@
               ],
               "optional": true,
               "on_by_default": false,
-              "version": "v3.0.7"
+              "version": "v3.0.23"
             },
             {
               "name": "deploy-arch-ibm-cloud-monitoring",
@@ -729,7 +729,7 @@
               ],
               "optional": true,
               "on_by_default": true,
-              "version": "v1.6.4"
+              "version": "v1.7.2"
             },
             {
               "name": "deploy-arch-ibm-kms",
@@ -765,7 +765,7 @@
               ],
               "optional": true,
               "on_by_default": true,
-              "version": "v5.1.19"
+              "version": "v5.1.27"
             },
             {
               "name": "deploy-arch-ibm-cos",
@@ -797,7 +797,7 @@
               ],
               "optional": true,
               "on_by_default": true,
-              "version": "v10.2.1"
+              "version": "v10.2.21"
             }
           ],
           "dependency_version_2": true,

@@ -2,17 +2,44 @@
 package test
 
 import (
+	"math/rand"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testhelper"
 )
 
-const basicExampleDir = "examples/basic"
+func setupExampleOptions(t *testing.T, prefix string, dir string) *testhelper.TestOptions {
+
+	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
+		Testing:      t,
+		TerraformDir: dir,
+		Prefix:       prefix,
+		/*
+		 Comment out the 'ResourceGroup' input to force this tests to create a unique resource group. This is because
+		 there is a restriction with the Event Notification service, which allows only one Lite plan instance per resource group.
+		*/
+		// ResourceGroup:      resourceGroup,
+		Region: validRegions[rand.Intn(len(validRegions))],
+	})
+
+	return options
+}
 
 func TestRunBasicExample(t *testing.T) {
 	t.Parallel()
 
-	options := setupOptions(t, "en-basic", basicExampleDir)
+	options := setupExampleOptions(t, "en-basic", basicExampleDir)
+
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}
+
+func TestRunAdvancedExample(t *testing.T) {
+	t.Parallel()
+
+	options := setupExampleOptions(t, "en-adv", advancedExampleDir)
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")
+9 −1		.secrets.baseline
+4 −0		common-go-assets/common-permanent-resources.yaml
+3 −1		module-assets/.pre-commit-config.yaml
+1 −1		stack-assets/.pre-commit-config.yaml