feat: enabled COS bucket monitoring and activity tracking by default for instances DA (#143)

ocofaigh · web-flow · commit 490238556746 · 2024-07-12T15:27:24.000+01:00
diff --git a/solutions/instances/README.md b/solutions/instances/README.md
@@ -24,7 +24,7 @@ This solution supports provisioning and configuring the following infrastructure
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cos"></a> [cos](#module\_cos) | terraform-ibm-modules/cos/ibm//modules/fscloud | 8.5.3 |
+| <a name="module_cos"></a> [cos](#module\_cos) | terraform-ibm-modules/cos/ibm//modules/fscloud | 8.6.1 |
 | <a name="module_create_profile_attachment"></a> [create\_profile\_attachment](#module\_create\_profile\_attachment) | terraform-ibm-modules/scc/ibm//modules/attachment | 1.6.3 |
 | <a name="module_kms"></a> [kms](#module\_kms) | terraform-ibm-modules/kms-all-inclusive/ibm | 4.13.4 |
 | <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | terraform-ibm-modules/resource-group/ibm | 1.1.6 |
@@ -49,11 +49,11 @@ This solution supports provisioning and configuring the following infrastructure
 | <a name="input_cos_instance_name"></a> [cos\_instance\_name](#input\_cos\_instance\_name) | The name for the Object Storage instance. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format. | `string` | `"base-security-services-cos"` | no |
 | <a name="input_cos_instance_tags"></a> [cos\_instance\_tags](#input\_cos\_instance\_tags) | The list of tags to add to the Object Storage instance. Applies only if not specifying an existing instance. | `list(string)` | `[]` | no |
 | <a name="input_cos_region"></a> [cos\_region](#input\_cos\_region) | The region for the Object Storage instance. | `string` | `"us-south"` | no |
-| <a name="input_existing_activity_tracker_crn"></a> [existing\_activity\_tracker\_crn](#input\_existing\_activity\_tracker\_crn) | The CRN of an existing Activity Tracker instance. Used to send Security and Compliance Center Object Storage bucket log data and all object write events to Activity Tracker. Only used if not supplying an existing Object Storage bucket. | `string` | `null` | no |
+| <a name="input_existing_activity_tracker_crn"></a> [existing\_activity\_tracker\_crn](#input\_existing\_activity\_tracker\_crn) | The CRN of an Activity Tracker instance to send Security and Compliance Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration. Ignored if using existing Object Storage bucket. | `string` | `null` | no |
 | <a name="input_existing_cos_instance_crn"></a> [existing\_cos\_instance\_crn](#input\_existing\_cos\_instance\_crn) | The CRN of an existing Object Storage instance. If not specified, an instance is created. | `string` | `null` | no |
 | <a name="input_existing_en_crn"></a> [existing\_en\_crn](#input\_existing\_en\_crn) | The CRN of an Event Notification instance. Used to integrate with Security and Compliance Center. | `string` | `null` | no |
 | <a name="input_existing_kms_instance_crn"></a> [existing\_kms\_instance\_crn](#input\_existing\_kms\_instance\_crn) | The CRN of the existing Hyper Protect Crypto Services or Key Protect instance. Applies only if not supplying an existing KMS root key and if `skip_cos_kms_auth_policy` is true. | `string` | `null` | no |
-| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an existing IBM Cloud Monitoring instance. Used to send all Object Storage bucket request and usage metrics to, as well as Workload Protection data. Ignored if using existing Object Storage bucket and not provisioning Workload Protection. | `string` | `null` | no |
+| <a name="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance to to send Security and Compliance Object Storage bucket metrics to, as well as Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. Ignored if using existing Object Storage bucket and not provisioning Workload Protection. | `string` | `null` | no |
 | <a name="input_existing_scc_cos_bucket_name"></a> [existing\_scc\_cos\_bucket\_name](#input\_existing\_scc\_cos\_bucket\_name) | The name of an existing bucket inside the existing Object Storage instance to use for Security and Compliance Center. If not specified, a bucket is created. | `string` | `null` | no |
 | <a name="input_existing_scc_cos_kms_key_crn"></a> [existing\_scc\_cos\_kms\_key\_crn](#input\_existing\_scc\_cos\_kms\_key\_crn) | The CRN of an existing KMS key to use to encrypt the Security and Compliance Center Object Storage bucket. If no value is set for this variable, specify a value for either the `existing_kms_instance_crn` variable to create a key ring and key, or for the `existing_scc_cos_bucket_name` variable to use an existing bucket. | `string` | `null` | no |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key to deploy resources. | `string` | n/a | yes |
diff --git a/solutions/instances/main.tf b/solutions/instances/main.tf
@@ -80,17 +80,6 @@ locals {
   cos_instance_crn    = var.existing_cos_instance_crn != null ? var.existing_cos_instance_crn : module.cos[0].cos_instance_crn
   cos_bucket_name     = var.existing_scc_cos_bucket_name != null ? var.existing_scc_cos_bucket_name : module.cos[0].buckets[local.scc_cos_bucket_name].bucket_name
 
-  activity_tracking = var.existing_activity_tracker_crn != null ? {
-    read_data_events     = true
-    write_data_events    = true
-    activity_tracker_crn = var.existing_activity_tracker_crn
-  } : null
-
-  metrics_monitoring = var.existing_monitoring_crn != null ? {
-    usage_metrics_enabled   = true
-    request_metrics_enabled = true
-    metrics_monitoring_crn  = var.existing_monitoring_crn
-  } : null
 }
 
 module "cos" {
@@ -99,7 +88,7 @@ module "cos" {
   }
   count                    = var.existing_scc_cos_bucket_name == null ? 1 : 0 # no need to call COS module if consumer is passing existing COS bucket
   source                   = "terraform-ibm-modules/cos/ibm//modules/fscloud"
-  version                  = "8.5.3"
+  version                  = "8.6.1"
   resource_group_id        = module.resource_group.resource_group_id
   create_cos_instance      = var.existing_cos_instance_crn == null ? true : false # don't create instance if existing one passed in
   cos_instance_name        = local.cos_instance_name
@@ -120,8 +109,17 @@ module "cos" {
     resource_instance_id          = local.cos_instance_crn
     region_location               = var.cos_region
     force_delete                  = true
-    activity_tracking             = local.activity_tracking
-    metrics_monitoring            = local.metrics_monitoring
+    activity_tracking = {
+      read_data_events     = true
+      write_data_events    = true
+      management_events    = true
+      activity_tracker_crn = var.existing_activity_tracker_crn
+    }
+    metrics_monitoring = {
+      usage_metrics_enabled   = true
+      request_metrics_enabled = true
+      metrics_monitoring_crn  = var.existing_monitoring_crn
+    }
   }]
 
 }
diff --git a/solutions/instances/variables.tf b/solutions/instances/variables.tf
@@ -23,7 +23,7 @@ variable "existing_monitoring_crn" {
   type        = string
   nullable    = true
   default     = null
-  description = "The CRN of an existing IBM Cloud Monitoring instance. Used to send all Object Storage bucket request and usage metrics to, as well as Workload Protection data. Ignored if using existing Object Storage bucket and not provisioning Workload Protection."
+  description = "The CRN of an IBM Cloud Monitoring instance to to send Security and Compliance Object Storage bucket metrics to, as well as Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. Ignored if using existing Object Storage bucket and not provisioning Workload Protection."
 }
 
 variable "prefix" {
@@ -160,7 +160,7 @@ variable "existing_activity_tracker_crn" {
   type        = string
   nullable    = true
   default     = null
-  description = "The CRN of an existing Activity Tracker instance. Used to send Security and Compliance Center Object Storage bucket log data and all object write events to Activity Tracker. Only used if not supplying an existing Object Storage bucket."
+  description = "The CRN of an Activity Tracker instance to send Security and Compliance Object Storage bucket events to. If no value passed, events are sent to the instance associated to the container's location unless otherwise specified in the Activity Tracker Event Routing service configuration. Ignored if using existing Object Storage bucket."
 }
 
 ########################################################################################################################
diff --git a/tests/resources/existing-resources/agents/main.tf b/tests/resources/existing-resources/agents/main.tf
@@ -15,7 +15,7 @@ module "resource_group" {
 ##############################################################################
 
 module "landing_zone" {
-  source                 = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v5.24.7"
+  source                 = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v5.25.1"
   region                 = var.region
   prefix                 = var.prefix
   tags                   = var.resource_tags
