fscloud

Profile for IBM Cloud Framework for Financial Services

This code is a version of the parent root module that includes a default configuration that complies with the relevant controls from the IBM Cloud Framework for Financial Services. See the Example for IBM Cloud Framework for Financial Services for logic that uses this module.

The default values in this profile were scanned by IBM Code Risk Analyzer (CRA) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center. The scan passed for all applicable goals.

Requirements

Name	Version
terraform	>= 1.3.0

Modules

Name	Source	Version
fscloud_vsi	../../	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access tags to apply to the VSI resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.	list(string)	[]	no
allow_ip_spoofing	Allow IP spoofing on the primary network interface	bool	false	no
block_storage_volumes	List describing the block storage volumes that will be attached to each vsi	list( object({ name = string profile = string capacity = optional(number) iops = optional(number) encryption_key = optional(string) snapshot_id = optional(string) # set if you would like to base volume on a snapshot }) )	[]	no
boot_volume_encryption_key	CRN of boot volume encryption key	string	n/a	yes
boot_volume_snapshot_id	The snapshot id of the volume to be used for creating boot volume attachment (if specified, the image_id parameter will not be used)	string	null	no
create_security_group	Create security group for VSI. If this is passed as false, the default will be used	bool	n/a	yes
enable_floating_ip	Create a floating IP for each virtual server created	bool	false	no
existing_kms_instance_guid	The GUID of the Hyper Protect Crypto Services or Key Protect instance in which the key specified in var.kms_key_crn and var.backup_encryption_key_crn is coming from. Required only if var.skip_iam_authorization_policy is set to false.	string	null	no
image_id	Image ID used for VSI. Run 'ibmcloud is images' to find available images in a region	string	n/a	yes
load_balancers	Load balancers to add to VSI	list( object({ name = string type = string listener_port = number listener_protocol = string connection_limit = number idle_connection_timeout = optional(number) algorithm = string protocol = string health_delay = number health_retries = number health_timeout = number health_type = string pool_member_port = string profile = optional(string) dns = optional( object({ instance_crn = string zone_id = string }) ) security_group = optional( object({ name = string rules = list( object({ name = string direction = string source = string tcp = optional( object({ port_max = number port_min = number }) ) udp = optional( object({ port_max = number port_min = number }) ) icmp = optional( object({ type = number code = number }) ) }) ) }) ) }) )	[]	no
machine_type	VSI machine type. Run 'ibmcloud is instance-profiles' to get a list of regional profiles	string	n/a	yes
manage_reserved_ips	Set to true if you want this terraform module to manage the reserved IP addresses that are assigned to VSI instances. If this option is enabled, when any VSI is recreated it should retain its original IP.	bool	false	no
prefix	The prefix that you would like to append to your resources	string	n/a	yes
resource_group_id	ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block_storage_volumes' variable.	string	n/a	yes
security_group	Security group created for VSI	object({ name = string rules = list( object({ name = string direction = string source = string tcp = optional( object({ port_max = number port_min = number }) ) udp = optional( object({ port_max = number port_min = number }) ) icmp = optional( object({ type = number code = number }) ) }) ) })	n/a	yes
security_group_ids	IDs of additional security groups to be added to VSI deployment primary interface. A VSI interface can have a maximum of 5 security groups.	list(string)	[]	no
skip_iam_authorization_policy	Set to true to skip the creation of an IAM authorization policy that permits all Storage Blocks to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable.	bool	false	no
snapshot_consistency_group_id	The snapshot consistency group Id. If supplied, the group will be queried for snapshots that are matched with both boot volume and attached (attached are matched based on name suffix). You can override specific snapshot Ids by setting the appropriate input variables as well.	string	null	no
ssh_key_ids	ssh key ids to use in creating vsi	list(string)	n/a	yes
subnets	A list of subnet IDs where VSI will be deployed	list( object({ name = string id = string zone = string cidr = string }) )	n/a	yes
tags	List of tags to apply to resources created by this module.	list(string)	[]	no
use_boot_volume_key_as_default	Set to true to use the key specified in the boot_volume_encryption_key input as default for all volumes, overriding any key value that may be specified in the encryption_key option of the block_storage_volumes input variable. If set to false, the value passed for the encryption_key option of the block_storage_volumes will be used instead.	bool	false	no
use_static_boot_volume_name	Sets the boot volume name for each VSI to a static name in the format {hostname}_boot, instead of a random name. Set this to true to have a consistent boot volume name even when VSIs are recreated.	bool	false	no
user_data	User data to initialize VSI deployment	string	n/a	yes
vpc_id	ID of VPC	string	n/a	yes
vsi_per_subnet	Number of VSI instances for each subnet	number	n/a	yes

Outputs

Name	Description
slz_vsi	VSI module values