Full chain of deploy added

examples/complete/README.md

@@ -0,0 +1,43 @@
+# Complete Example: SCC-WP with App Config and Trusted Profiles
+
+This example demonstrates the full deployment of:
+
+- IBM Cloud App Configuration
+- IBM Cloud Security and Compliance Center Workload Protection (SCC-WP)
+- IAM Trusted Profile Template with 3 Trusted Profiles
+- Template assignment to account groups
+- Configuration Aggregator to link SCC-WP with App Config
+
+---
+
+## Flow Overview
+
+1. Create or reuse a resource group  
+   A resource group is created.
+
+2. Deploy App Config  
+   App Config is deployed along with a collection for organizing features and properties.
+
+3. Deploy SCC Workload Protection  
+   SCC-WP is deployed with the `graduated-tier` plan (customizable via variable).
+
+4. Create a Trusted Profile Template with 3 profiles
+   - App Config - Enterprise  
+     For IAM template management across the enterprise.
+   - App Config - General  
+     For reading platform and IAM services.
+   - SCC-WP Profile  
+     For integrating SCC-WP with App Config and enterprise usage.
+
+5. Assign the template to account groups  
+
+6. Create SCC-WP Config Aggregator  
+   The aggregator connects SCC-WP to App Config and uses the enterprise trusted profile and template ID to enforce secure access.
+
+---
+
+## Usage
+
+terraform init
+terraform apply
+

examples/complete/main.tf

@@ -0,0 +1,60 @@
+provider "ibm" {
+   region           = var.region
+   ibmcloud_api_key = var.ibmcloud_api_key
+ }
+
+ module "resource_group" {
+   source  = "terraform-ibm-modules/resource-group/ibm"
+   version = "1.1.6"
+   resource_group_name = var.resource_group == null ? "${var.prefix}-rg" : null
+   existing_resource_group_name = var.resource_group
+ }
+
+ data "ibm_iam_account_settings" "iam_account_settings" {}
+
+ module "scc_wp" {
+   source            = "terraform-ibm-modules/scc-workload-protection/ibm"
+   name              = var.prefix
+   region            = var.region
+   resource_group_id = module.resource_group.resource_group_id
+   resource_tags     = var.resource_tags
+   access_tags       = var.access_tags
+   scc_wp_service_plan  = "graduated-tier"
+ }
+
+ module "app_config" {
+   source            = "terraform-ibm-modules/app-configuration/ibm"
+   region            = var.region
+   resource_group_id = module.resource_group.resource_group_id
+   app_config_name   = "${var.prefix}-app-config"
+   app_config_tags   = var.resource_tags
+
+   app_config_collections = [
+     {
+       name          = "${var.prefix}-collection"
+       collection_id = "${var.prefix}-collection"
+       description   = "Collection for ${var.prefix}"
+     }
+   ]
+ }
+
+ module "trusted_profiles" {
+   source              = "terraform-ibm-modules/trusted-profile-enterprise/ibm"
+   region              = var.region
+   app_config_crn      = module.app_config.app_config_crn
+   scc_wp_crn          = module.scc_wp.wp_instance_crn
+   ibmcloud_api_key    = var.ibmcloud_api_key
+ }
+
+ module "scc_wp_config_aggregator" {
+   source = "terraform-ibm-modules/scc-wp-config-aggregator/ibm"
+
+   app_config_instance_guid        = module.app_config.app_config_guid
+   region                          = var.region
+   enterprise_id                   = var.enterprise_id
+   template_id                     = module.trusted_profiles.trusted_profile_template_id
+   enterprise_trusted_profile_id  = module.trusted_profiles.trusted_profile_app_config_enterprise.profile_id
+   general_trusted_profile_id = module.trusted_profiles.trusted_profile_app_config_general.profile_id
+
+   depends_on = [module.trusted_profiles]
+ }

examples/complete/outputs.tf

@@ -0,0 +1,23 @@
+output "scc_wp_crn" {
+  description = "CRN of the SCC Workload Protection instance"
+  value       = module.scc_wp.wp_instance_crn
+}
+output "scc_wp_config_aggregator_id" {
+  value = module.scc_wp_config_aggregator.scc_wp_config_aggregator_id
+}
+output "trusted_profile_template_id" {
+  value = module.trusted_profiles.trusted_profile_template_id
+}
+
+output "trusted_profile_enterprise_id" {
+  value = module.trusted_profiles.trusted_profile_app_config_enterprise.profile_id
+}
+
+output "app_config_guid" {
+  value = module.app_config.app_config_guid
+}
+
+output "app_config_crn" {
+  value = module.app_config.app_config_crn
+}
+

examples/complete/variables.tf

@@ -0,0 +1,55 @@
+
+variable "region" {
+  type = string
+}
+
+variable "prefix" {
+  type = string
+}
+
+
+variable "onboard_account_groups" {
+  type        = bool
+  default     = true
+  description = "Whether to onboard all account groups to the template."
+}
+
+variable "account_group_ids" {
+  type        = list(string)
+  default     = [] # ✅ ← IMPORTANT : éviter les prompts inutiles
+  description = "Liste des ID de groupes de comptes à assigner au modèle. Utilisé uniquement si onboard_account_groups est false."
+}
+
+
+variable "resource_group" {
+  type    = string
+  default = null
+}
+
+variable "resource_tags" {
+  type = list(string)
+  default = []
+}
+
+variable "access_tags" {
+  type = list(string)
+  default = []
+}
+
+variable "enterprise_id" {
+  type        = string
+  description = "Enterprise ID for App Configuration aggregator"
+}
+
+variable "template_id" {
+  description = "The ID of the trusted profile template (optional if created later)"
+  type        = string
+  default     = null
+}
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "IBM Cloud API key"
+  sensitive   = true
+}
+

examples/complete/version.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = ">= 1.65.0, < 2.0.0"
+    }
+  }
+}
+

outputs.tf

@@ -1,6 +1,9 @@
 ########################################################################################################################
 # Outputs
 ########################################################################################################################
+output "wp_instance_crn" {
+  value = ibm_resource_instance.scc_wp.crn
+}
 
 output "name" {
   description = "Name of created SCC WP instance."