You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -129,7 +129,7 @@ statement instead the previous block.
129
129
| <aname="input_access_tags"></a> [access\_tags](#input\_access\_tags)| A list of access tags to apply to the SCC WP instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.|`list(string)`|`[]`| no |
130
130
| <aname="input_app_config_crn"></a> [app\_config\_crn](#input\_app\_config\_crn)| The CRN of an existing App Config instance to use with the SCC Workload Protection instance. Required if `cspm_enabled` is true. NOTE: Ensure the App Config instance has configuration aggregator enabled. |`string`|`null`| no |
131
131
| <aname="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules)| The list of context-based restriction rules to create. | <pre>list(object({<br/> description = string<br/> account_id = string<br/> tags = optional(list(object({<br/> name = string<br/> value = string<br/> })), [])<br/> rule_contexts = list(object({<br/> attributes = optional(list(object({<br/> name = string<br/> value = string<br/> }))) }))<br/> enforcement_mode = string<br/> }))</pre> |`[]`| no |
132
-
| <aname="input_cloud_monitoring_instance_crn"></a> [cloud\_monitoring\_instance\_crn](#input\_cloud\_monitoring\_instance\_crn)|The CRN of an IBM Cloud Monitoring instance to connect to the SCC Workload Protection instance. |`string`|`null`| no |
132
+
| <aname="input_cloud_monitoring_instance_crn"></a> [cloud\_monitoring\_instance\_crn](#input\_cloud\_monitoring\_instance\_crn)|To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create a connection between instances. Both instances must be in the same region. |`string`|`null`| no |
133
133
| <aname="input_cspm_enabled"></a> [cspm\_enabled](#input\_cspm\_enabled)| Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about). |`bool`|`true`| no |
134
134
| <aname="input_name"></a> [name](#input\_name)| The name to give the SCC Workload Protection instance that will be provisioned by this module. |`string`| n/a | yes |
135
135
| <aname="input_region"></a> [region](#input\_region)| IBM Cloud region where all resources will be deployed |`string`|`"us-south"`| no |
Copy file name to clipboardExpand all lines: solutions/fully-configurable/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ There is currently a [known issue](https://github.com/terraform-ibm-modules/terr
42
42
| <aname="input_app_config_crn"></a> [app\_config\_crn](#input\_app\_config\_crn)| The CRN of an existing App Config instance to use with the SCC Workload Protection instance. Required if `cspm_enabled` is true. NOTE: Ensure the App Config instance has configuration aggregator enabled. |`string`|`null`| no |
43
43
| <aname="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules)| The list of context-based restriction rules to create for the instance.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-scc-workload-protection/blob/main/solutions/fully-configurable/cbr-rules.md)| <pre>list(object({<br/> description = string<br/> account_id = string<br/> rule_contexts = list(object({<br/> attributes = optional(list(object({<br/> name = string<br/> value = string<br/> }))) }))<br/> enforcement_mode = string<br/> tags = optional(list(object({<br/> name = string<br/> value = string<br/> })), [])<br/> operations = optional(list(object({<br/> api_types = list(object({<br/> api_type_id = string<br/> }))<br/> })))<br/> }))</pre> |`[]`| no |
44
44
| <aname="input_cspm_enabled"></a> [cspm\_enabled](#input\_cspm\_enabled)| Enable Cloud Security Posture Management (CSPM) for the Workload Protection instance. This will create a trusted profile associated with the SCC Workload Protection instance that has viewer / reader access to the App Config service and viewer access to the Enterprise service. [Learn more](https://cloud.ibm.com/docs/workload-protection?topic=workload-protection-about). |`bool`|`true`| no |
45
-
| <aname="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn)|The CRN of an IBM Cloud Monitoring instance to to send Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. |`string`|`null`| no |
45
+
| <aname="input_existing_monitoring_crn"></a> [existing\_monitoring\_crn](#input\_existing\_monitoring\_crn)|To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create a connection between instances. Both instances must be in the same region. |`string`|`null`| no |
46
46
| <aname="input_existing_resource_group_name"></a> [existing\_resource\_group\_name](#input\_existing\_resource\_group\_name)| The name of a an existing resource group in which to provision resources to. |`string`|`"Default"`| no |
47
47
| <aname="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key)| The IBM Cloud API key to deploy resources. |`string`| n/a | yes |
48
48
| <aname="input_ibmcloud_resource_controller_api_endpoint"></a> [ibmcloud\_resource\_controller\_api\_endpoint](#input\_ibmcloud\_resource\_controller\_api\_endpoint)| The IBM Cloud [resource controller endpoint](https://cloud.ibm.com/apidocs/resource-controller/resource-controller#endpoint-url) to use. This is used to update the Workload Protection instance to enable CSPM once the trusted profiles have been created. |`string`|`"https://private.us-south.resource-controller.cloud.ibm.com"`| no |
description="The CRN of an IBM Cloud Monitoring instance to to send Workload Protection data. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration."
21
+
description="To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create a connection between instances. Both instances must be in the same region."
error_message="The provided Monitoring instance CRN in the input 'existing_monitoring_crn' in not valid. Please also ensure it is in the same region specified the 'region' input."
Copy file name to clipboardExpand all lines: variables.tf
+9-1Lines changed: 9 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -69,8 +69,16 @@ variable "access_tags" {
69
69
70
70
variable"cloud_monitoring_instance_crn" {
71
71
type=string
72
-
description="The CRN of an IBM Cloud Monitoring instance to connect to the SCC Workload Protection instance."
72
+
description="To collect and analyze metrics and security data on hosts using both Monitoring and Workload Protection, pass the CRN of an existing IBM Cloud Monitoring instance to create a connection between instances. Both instances must be in the same region."
error_message="The provided Monitoring instance CRN in the input 'cloud_monitoring_instance_crn' in not valid. Please also ensure it is in the same region specified the 'region' input."
0 commit comments