terraform-ibm-modules
diff --git a/‎ibm_catalog.json‎
Lines changed: 3 additions & 0 deletions b/‎ibm_catalog.json‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎solutions/instances/README.md‎
Lines changed: 9 additions & 8 deletions b/‎solutions/instances/README.md‎
Lines changed: 9 additions & 8 deletions
diff --git a/‎solutions/instances/main.tf‎
Lines changed: 18 additions & 10 deletions b/‎solutions/instances/main.tf‎
Lines changed: 18 additions & 10 deletions
@@ -65,6 +65,9 @@
                         {
                           "key": "resource_group_name"
                         },
+                        {
+                          "key": "prefix"
+                        },
                         {
                           "key": "existing_monitoring_crn"
                         },
 
@@ -37,7 +37,7 @@ No resources.
 |------|-------------|------|---------|:--------:|
 | <a name="input_add_bucket_name_suffix"></a> [add\_bucket\_name\_suffix](#input\_add\_bucket\_name\_suffix) | Add random generated suffix (4 characters long) to the newly provisioned SCC COS bucket name. Only used if not passing existing bucket. set to false if you want full control over bucket naming using the 'scc\_cos\_bucket\_name' variable. | `bool` | `true` | no |
 | <a name="input_cos_instance_access_tags"></a> [cos\_instance\_access\_tags](#input\_cos\_instance\_access\_tags) | A list of access tags to apply to the Cloud Object Storage instance. Only used if not supplying an existing instance. | `list(string)` | `[]` | no |
-| <a name="input_cos_instance_name"></a> [cos\_instance\_name](#input\_cos\_instance\_name) | The name to use when creating the Cloud Object Storage instance. | `string` | `"base-security-services-cos"` | no |
+| <a name="input_cos_instance_name"></a> [cos\_instance\_name](#input\_cos\_instance\_name) | The name to use when creating the Cloud Object Storage instance. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"base-security-services-cos"` | no |
 | <a name="input_cos_instance_tags"></a> [cos\_instance\_tags](#input\_cos\_instance\_tags) | Optional list of tags to be added to Cloud Object Storage instance. Only used if not supplying an existing instance. | `list(string)` | `[]` | no |
 | <a name="input_cos_region"></a> [cos\_region](#input\_cos\_region) | The Cloud Object Storage region. | `string` | `"us-south"` | no |
 | <a name="input_existing_activity_tracker_crn"></a> [existing\_activity\_tracker\_crn](#input\_existing\_activity\_tracker\_crn) | (Optional) The CRN of an existing Activity Tracker instance. Used to send SCC COS bucket log data and all object write events to Activity Tracker. Only used if not supplying an existing COS bucket. | `string` | `null` | no |
@@ -50,21 +50,22 @@ No resources.
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The API Key to use for IBM Cloud. | `string` | n/a | yes |
 | <a name="input_kms_endpoint_type"></a> [kms\_endpoint\_type](#input\_kms\_endpoint\_type) | The type of endpoint to be used for commincating with the KMS instance. Allowed values are: 'public' or 'private' (default) | `string` | `"private"` | no |
 | <a name="input_management_endpoint_type_for_bucket"></a> [management\_endpoint\_type\_for\_bucket](#input\_management\_endpoint\_type\_for\_bucket) | The type of endpoint for the IBM terraform provider to use to manage COS buckets. (`public`, `private` or `direct`). Ensure to enable virtual routing and forwarding (VRF) in your account if using `private`, and that the terraform runtime has access to the the IBM Cloud private network. | `string` | `"private"` | no |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | (Optional) Prefix to append to all resources created by this solution. | `string` | `null` | no |
 | <a name="input_provision_scc_workload_protection"></a> [provision\_scc\_workload\_protection](#input\_provision\_scc\_workload\_protection) | Whether to provision an SCC Workload Protection instance. | `bool` | `true` | no |
-| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of a new or an existing resource group in which to provision resources to. | `string` | n/a | yes |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of a new or an existing resource group in which to provision resources to. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | n/a | yes |
 | <a name="input_scc_cos_bucket_access_tags"></a> [scc\_cos\_bucket\_access\_tags](#input\_scc\_cos\_bucket\_access\_tags) | Optional list of access tags to be added to the SCC COS bucket. | `list(string)` | `[]` | no |
 | <a name="input_scc_cos_bucket_class"></a> [scc\_cos\_bucket\_class](#input\_scc\_cos\_bucket\_class) | The storage class of the newly provisioned SCC COS bucket. Allowed values are: 'standard', 'vault', 'cold', 'smart' (default value), 'onerate\_active' | `string` | `"smart"` | no |
-| <a name="input_scc_cos_bucket_name"></a> [scc\_cos\_bucket\_name](#input\_scc\_cos\_bucket\_name) | The name to use when creating the SCC Cloud Object Storage bucket (NOTE: bucket names are globally unique). If 'add\_bucket\_name\_suffix' is set to true, a random 4 characters will be added to this name to help ensure bucket name is globally unique. | `string` | `"base-security-services-bucket"` | no |
-| <a name="input_scc_cos_key_name"></a> [scc\_cos\_key\_name](#input\_scc\_cos\_key\_name) | The name to give the Key which will be created for the SCC COS bucket. Not used if supplying an existing Key. | `string` | `"scc-cos-key"` | no |
-| <a name="input_scc_cos_key_ring_name"></a> [scc\_cos\_key\_ring\_name](#input\_scc\_cos\_key\_ring\_name) | The name to give the Key Ring which will be created for the SCC COS bucket Key. Not used if supplying an existing Key. | `string` | `"scc-cos-key-ring"` | no |
-| <a name="input_scc_instance_name"></a> [scc\_instance\_name](#input\_scc\_instance\_name) | The name to give the SCC instance that will be provisioned by this solution. | `string` | `"base-security-services-scc"` | no |
+| <a name="input_scc_cos_bucket_name"></a> [scc\_cos\_bucket\_name](#input\_scc\_cos\_bucket\_name) | The name to use when creating the SCC Cloud Object Storage bucket (NOTE: bucket names are globally unique). If 'add\_bucket\_name\_suffix' is set to true, a random 4 characters will be added to this name to help ensure bucket name is globally unique. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"base-security-services-bucket"` | no |
+| <a name="input_scc_cos_key_name"></a> [scc\_cos\_key\_name](#input\_scc\_cos\_key\_name) | The name to give the Key which will be created for the SCC COS bucket. Not used if supplying an existing Key. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"scc-cos-key"` | no |
+| <a name="input_scc_cos_key_ring_name"></a> [scc\_cos\_key\_ring\_name](#input\_scc\_cos\_key\_ring\_name) | The name to give the Key Ring which will be created for the SCC COS bucket Key. Not used if supplying an existing Key. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"scc-cos-key-ring"` | no |
+| <a name="input_scc_instance_name"></a> [scc\_instance\_name](#input\_scc\_instance\_name) | The name to give the SCC instance that will be provisioned by this solution. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"base-security-services-scc"` | no |
 | <a name="input_scc_instance_tags"></a> [scc\_instance\_tags](#input\_scc\_instance\_tags) | Optional list of tags to be added to SCC instance. | `list(string)` | `[]` | no |
 | <a name="input_scc_region"></a> [scc\_region](#input\_scc\_region) | The region in which to provision SCC resources. | `string` | `"us-south"` | no |
 | <a name="input_scc_service_plan"></a> [scc\_service\_plan](#input\_scc\_service\_plan) | The service/pricing plan to use when provisioning a new Security Compliance Center instance. Allowed values are: 'security-compliance-center-standard-plan' (default value) and 'security-compliance-center-trial-plan'. Only used if `provision_scc_instance` is set to true. | `string` | `"security-compliance-center-standard-plan"` | no |
 | <a name="input_scc_workload_protection_access_tags"></a> [scc\_workload\_protection\_access\_tags](#input\_scc\_workload\_protection\_access\_tags) | A list of access tags to apply to the SCC WP instance. | `list(string)` | `[]` | no |
-| <a name="input_scc_workload_protection_instance_name"></a> [scc\_workload\_protection\_instance\_name](#input\_scc\_workload\_protection\_instance\_name) | The name to give the SCC Workload Protection instance that will be provisioned by this solution. Must begine with a letter. Only used i 'provision\_scc\_workload\_protection' to true. | `string` | `"base-security-services-scc-wp"` | no |
+| <a name="input_scc_workload_protection_instance_name"></a> [scc\_workload\_protection\_instance\_name](#input\_scc\_workload\_protection\_instance\_name) | The name to give the SCC Workload Protection instance that will be provisioned by this solution. Must begine with a letter. Only used i 'provision\_scc\_workload\_protection' to true. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"base-security-services-scc-wp"` | no |
 | <a name="input_scc_workload_protection_instance_tags"></a> [scc\_workload\_protection\_instance\_tags](#input\_scc\_workload\_protection\_instance\_tags) | Optional list of tags to be added to SCC Workload Protection instance. | `list(string)` | `[]` | no |
-| <a name="input_scc_workload_protection_resource_key_name"></a> [scc\_workload\_protection\_resource\_key\_name](#input\_scc\_workload\_protection\_resource\_key\_name) | The name to give the IBM Cloud SCC Workload Protection manager resource key. | `string` | `"SCCWPManagerKey"` | no |
+| <a name="input_scc_workload_protection_resource_key_name"></a> [scc\_workload\_protection\_resource\_key\_name](#input\_scc\_workload\_protection\_resource\_key\_name) | The name to give the IBM Cloud SCC Workload Protection manager resource key. If prefix input variable is passed then it will get prefixed infront of the value in the format of '<prefix>-value'. | `string` | `"SCCWPManagerKey"` | no |
 | <a name="input_scc_workload_protection_resource_key_tags"></a> [scc\_workload\_protection\_resource\_key\_tags](#input\_scc\_workload\_protection\_resource\_key\_tags) | Tags associated with the IBM Cloud SCC WP resource key. | `list(string)` | `[]` | no |
 | <a name="input_scc_workload_protection_service_plan"></a> [scc\_workload\_protection\_service\_plan](#input\_scc\_workload\_protection\_service\_plan) | SCC Workload Protection instance service pricing plan. Allowed values are: `free-trial` or `graduated-tier`. | `string` | `"graduated-tier"` | no |
 | <a name="input_skip_cos_kms_auth_policy"></a> [skip\_cos\_kms\_auth\_policy](#input\_skip\_cos\_kms\_auth\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the COS instance created to read the encryption key from the KMS instance. WARNING: An authorization policy must exist before an encrypted bucket can be created | `bool` | `false` | no |
 
@@ -18,7 +18,7 @@ locals {
 module "resource_group" {
   source                       = "terraform-ibm-modules/resource-group/ibm"
   version                      = "1.1.5"
-  resource_group_name          = var.use_existing_resource_group == false ? var.resource_group_name : null
+  resource_group_name          = var.use_existing_resource_group == false ? (var.prefix != null ? "${var.prefix}-${var.resource_group_name}" : var.resource_group_name) : null
   existing_resource_group_name = var.use_existing_resource_group == true ? var.resource_group_name : null
 }
 
@@ -30,6 +30,14 @@ locals {
   parsed_existing_kms_instance_crn = var.existing_kms_instance_crn != null ? split(":", var.existing_kms_instance_crn) : []
   kms_region                       = length(local.parsed_existing_kms_instance_crn) > 0 ? local.parsed_existing_kms_instance_crn[5] : null
   existing_kms_guid                = length(local.parsed_existing_kms_instance_crn) > 0 ? local.parsed_existing_kms_instance_crn[7] : null
+
+  scc_cos_key_ring_name                     = var.prefix != null ? "${var.prefix}-${var.scc_cos_key_ring_name}" : var.scc_cos_key_ring_name
+  scc_cos_key_name                          = var.prefix != null ? "${var.prefix}-${var.scc_cos_key_name}" : var.scc_cos_key_name
+  cos_instance_name                         = var.prefix != null ? "${var.prefix}-${var.cos_instance_name}" : var.cos_instance_name
+  scc_instance_name                         = var.prefix != null ? "${var.prefix}-${var.scc_instance_name}" : var.scc_instance_name
+  scc_workload_protection_instance_name     = var.prefix != null ? "${var.prefix}-${var.scc_workload_protection_instance_name}" : var.scc_workload_protection_instance_name
+  scc_workload_protection_resource_key_name = var.prefix != null ? "${var.prefix}-${var.scc_workload_protection_resource_key_name}" : var.scc_workload_protection_resource_key_name
+  scc_cos_bucket_name                       = var.prefix != null ? "${var.prefix}-${var.scc_cos_bucket_name}" : var.scc_cos_bucket_name
 }
 
 # KMS root key for SCC COS bucket
@@ -47,12 +55,12 @@ module "kms" {
   key_endpoint_type           = var.kms_endpoint_type
   keys = [
     {
-      key_ring_name         = var.scc_cos_key_ring_name
+      key_ring_name         = local.scc_cos_key_ring_name
       existing_key_ring     = false
       force_delete_key_ring = true
       keys = [
         {
-          key_name                 = var.scc_cos_key_name
+          key_name                 = local.scc_cos_key_name
           standard_key             = false
           rotation_interval_month  = 3
           dual_auth_delete_enabled = false
@@ -68,9 +76,9 @@ module "kms" {
 #######################################################################################################################
 
 locals {
-  scc_cos_kms_key_crn = var.existing_scc_cos_bucket_name != null ? null : var.existing_scc_cos_kms_key_crn != null ? var.existing_scc_cos_kms_key_crn : module.kms[0].keys[format("%s.%s", var.scc_cos_key_ring_name, var.scc_cos_key_name)].crn
+  scc_cos_kms_key_crn = var.existing_scc_cos_bucket_name != null ? null : var.existing_scc_cos_kms_key_crn != null ? var.existing_scc_cos_kms_key_crn : module.kms[0].keys[format("%s.%s", local.scc_cos_key_ring_name, local.scc_cos_key_name)].crn
   cos_instance_crn    = var.existing_cos_instance_crn != null ? var.existing_cos_instance_crn : module.cos[0].cos_instance_crn
-  cos_bucket_name     = var.existing_scc_cos_bucket_name != null ? var.existing_scc_cos_bucket_name : module.cos[0].buckets[var.scc_cos_bucket_name].bucket_name
+  cos_bucket_name     = var.existing_scc_cos_bucket_name != null ? var.existing_scc_cos_bucket_name : module.cos[0].buckets[local.scc_cos_bucket_name].bucket_name
 
   activity_tracking = var.existing_activity_tracker_crn != null ? {
     read_data_events     = true
@@ -95,15 +103,15 @@ module "cos" {
   resource_group_id        = module.resource_group.resource_group_id
   create_cos_instance      = var.existing_cos_instance_crn == null ? true : false # don't create instance if existing one passed in
   create_resource_key      = false
-  cos_instance_name        = var.cos_instance_name
+  cos_instance_name        = local.cos_instance_name
   cos_tags                 = var.cos_instance_tags
   existing_cos_instance_id = var.existing_cos_instance_crn
   access_tags              = var.cos_instance_access_tags
   cos_plan                 = "standard"
   bucket_configs = [{
     access_tags                   = var.scc_cos_bucket_access_tags
     add_bucket_name_suffix        = var.add_bucket_name_suffix
-    bucket_name                   = var.scc_cos_bucket_name
+    bucket_name                   = local.scc_cos_bucket_name
     kms_encryption_enabled        = true
     kms_guid                      = local.existing_kms_guid
     kms_key_crn                   = local.scc_cos_kms_key_crn
@@ -128,7 +136,7 @@ module "scc" {
   version                           = "1.4.1"
   resource_group_id                 = module.resource_group.resource_group_id
   region                            = var.scc_region
-  instance_name                     = var.scc_instance_name
+  instance_name                     = local.scc_instance_name
   plan                              = var.scc_service_plan
   cos_bucket                        = local.cos_bucket_name
   cos_instance_crn                  = local.cos_instance_crn
@@ -148,11 +156,11 @@ module "scc_wp" {
   count                         = var.provision_scc_workload_protection ? 1 : 0
   source                        = "terraform-ibm-modules/scc-workload-protection/ibm"
   version                       = "1.3.0"
-  name                          = var.scc_workload_protection_instance_name
+  name                          = local.scc_workload_protection_instance_name
   region                        = var.scc_region
   resource_group_id             = module.resource_group.resource_group_id
   resource_tags                 = var.scc_workload_protection_instance_tags
-  resource_key_name             = var.scc_workload_protection_resource_key_name
+  resource_key_name             = local.scc_workload_protection_resource_key_name
   resource_key_tags             = var.scc_workload_protection_resource_key_tags
   cloud_monitoring_instance_crn = var.existing_monitoring_crn
   access_tags                   = var.scc_workload_protection_access_tags
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,9 @@`
`65`	`65`	`{`
`66`	`66`	`"key": "resource_group_name"`
`67`	`67`	`},`
	`68`	`+ {`
	`69`	`+ "key": "prefix"`
	`70`	`+ },`
`68`	`71`	`{`
`69`	`72`	`"key": "existing_monitoring_crn"`
`70`	`73`	`},`