Skip to content

Latest commit

 

History

History

fscloud

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
version.tf
version.tf
 
 

README.md

Profile for IBM Cloud Framework for Financial Services

This code is a version of the parent root module that includes a default configuration that complies with the relevant controls from the IBM Cloud Framework for Financial Services. See the Example for IBM Cloud Framework for Financial Services for logic that uses this module. The profile assumes you are deploying into an account that is in compliance with the framework.

The default values in this profile were scanned by IBM Code Risk Analyzer (CRA) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center.

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  region           = "us-south"
}

module "appid" {
  source            = "terraform-ibm-modules/appid/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
  appid_name        = "my-appid"
  region            = "us-south"
  skip_iam_authorization_policy = false
  kms_encryption_enabled        = true
  existing_kms_instance_guid = "<hpcs-instance-guid>"
  kms_key_crn                = "<hpcs-key-crn>"
}

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.49.0, < 2.0.0
random >= 3.6.0, <4.0.0
time >= 0.8.0, <1.0.0

Modules

Name Source Version
appid ../.. n/a

Resources

No resources.

Inputs

Name Description Type Default Required
appid_name The name of the IBM AppID instance. string n/a yes
existing_kms_instance_guid The GUID of the Hyper Protect instance in which the key specified in kms_key_crn is coming from. string n/a yes
identity_confirm_access_mode Identity confirm access mode for Cloud Directory (CD). Allowed values are FULL, RESTRICTIVE and OFF. string "OFF" no
identity_field Identity field for Cloud Directory (CD). Allowed values are email and userName. string "email" no
is_idp_cloud_directory_active Set this to true to set IDP Cloud Directory active. bool true no
is_mfa_active Set this to true to set MFA in IDP Cloud Directory active. bool true no
kms_key_crn The root key CRN of a Hyper Protect Crypto Service (HPCS) that you want to use for disk encryption. string n/a yes
region Region to provision all the resources. string "us-south" no
reset_password_enabled Set this to true to enable password resets. bool false no
reset_password_notification_enabled Set this to true to enable password notifications. bool false no
resource_group_id ID of resource group to use when creating the AppID instance. string n/a yes
resource_keys The definition of any resource keys to be generated. 
list(object({
    name           = string
    role           = optional(string, "Reader")
    service_id_crn = optional(string)
  }))
 [] no
resource_tags Optional list of tags to be added to created resources list(string) [] no
self_service_enabled Set this to true to allow users to change password and edit user details. bool false no
signup_enabled Set this to true to allow users to signup. bool false no
skip_iam_authorization_policy Set to true to skip the creation of an IAM authorization policy that permits AppID instance in the given resource group to read the encryption key from the Hyper Protect or Key Protect instance passed in var.existing_kms_instance_guid. If set to 'false', a value must be passed for var.existing_kms_instance_guid. bool false no
users List of users to add. list(string) [] no
welcome_enabled Set this to true to send welcome emails to the new users. bool false no

Outputs

Name Description
appid_crn AppID instance CRN.
appid_name AppID instance name.
dashboard_url AppID dashboard url.
id AppID instance ID.
tenant_id Tenant ID of the AppID resource
user_subjects The user's identifier.