fscloud

Profile for IBM Cloud Framework for Financial Services

This code is a version of the parent root module that includes a default configuration that complies with the relevant controls from the IBM Cloud Framework for Financial Services. See the Example for IBM Cloud Framework for Financial Services for logic that uses this module.

Manual Actions

After this module runs successfully, the status of the domain that is configured in the CIS instance is set to pending. You need to configure the name servers that are assigned to the domain at the DNS provider and then the status of the domain will be changed to active. This manual step must be taken after deploying and configuring the instance to ensure compliance with the IBM Cloud Framework for Financial Services.

For more information, read here.

Requirements

Name	Version
terraform	>= 1.3.0
ibm	>= 1.63.0, < 2.0.0
time	0.10.0

Modules

Name	Source	Version
cis_dns_records	../../modules/dns	n/a
cis_domain_settings	../../modules/waf	n/a
cis_glb	../../modules/glb	n/a
cis_instance	../../	n/a

Resources

Name	Type
time_sleep.wait_for_cis_instance	resource

Inputs

Name	Description	Type	Default	Required
add_dns_records	Set to true if dns records to be added to the CIS instance	bool	false	no
add_glb	Set to true if global load balancer(glb) to be added to the CIS instance	bool	false	no
default_pool_ids	List of default pool IDs.	list(string)	null	no
dns_record_set	List of DNS records to be added for the CIS Instance.	list(object({ name = string type = string ttl = optional(number) # in unit seconds, starts with value 120 content = optional(string) priority = optional(number) # mandatory for SRV type of record proxied = optional(bool) # default value is false data = optional(object({ altitude = optional(number) # mandatory for LOC type of record lat_degrees = optional(number) # mandatory for LOC type of record lat_direction = optional(string) # mandatory for LOC type of record lat_minutes = optional(number) # mandatory for LOC type of record lat_seconds = optional(number) # mandatory for LOC type of record long_degrees = optional(number) # mandatory for LOC type of record long_direction = optional(string) # mandatory for LOC type of record long_minutes = optional(number) # mandatory for LOC type of record long_seconds = optional(number) # mandatory for LOC type of record precision_horz = optional(number) # mandatory for LOC type of record precision_vert = optional(number) # mandatory for LOC type of record size = optional(number) # mandatory for LOC type of record tag = optional(string) # required for CAA type of record value = optional(string) # required for CAA type of record target = optional(string) # required for SRV type of record priority = optional(number) # required for SRV type of record port = optional(number) # mandatory for SRV type of record proto = optional(string) # mandatory for SRV type of record service = optional(string) # mandatory for SRV type of record, starts with an '_' weight = optional(number) # mandatory for SRV type of record })) }))	[]	no
domain_name	The domain name to be added to the CIS instance.	string	n/a	yes
fallback_pool_id	ID of the fallback pool. Required if fallback_pool_name is not provided.	string	null	no
fallback_pool_name	FallBack Pool Name. Required if fallback_pool_id is not provided.	string	null	no
glb_description	Description of the CIS global load balancer.	string	null	no
glb_enabled	Whether the CIS global load balancer is enabled. If set to true, the load balancer is enabled and can receive network traffic.	bool	null	no
glb_name	The DNS name to associate with CIS global load balancer. It can be a hostname.	string	null	no
health_checks	List of health checks to be created for the CIS global load balancer.	list(object({ name = string description = optional(string) path = optional(string) type = optional(string) port = optional(number) expected_body = string expected_codes = string method = optional(string) timeout = optional(number) follow_redirects = optional(bool) allow_insecure = optional(bool) interval = optional(number) retries = optional(number) }))	[]	no
origin_pools	List of origins with an associated health check to be created for the CIS global load balancer.	list(object({ name = string origins = list(object({ name = string address = string enabled = optional(bool) weight = optional(number) })) enabled = bool # if set to true, the pool is enabled and can receive incoming network traffic description = optional(string) check_regions = list(string) # list of region codes minimum_origins = optional(number) health_check_name = optional(string) notification_email = optional(string) }))	[]	no
plan	The type of plan for the CIS instance: standard-next or trial.	string	"trial"	no
pop_pools	Pop pools of the CIS global load balancer.	list(object({ pop = string pool_ids = list(string) }))	[]	no
region_pools	Region pools of the CIS global load balancer.	list(object({ region = string pool_ids = list(string) }))	[]	no
resource_group_id	The resource group ID to provision the CIS instance.	string	n/a	yes
service_name	Name of the CIS instance.	string	n/a	yes
session_affinity	Session Affinity of the CIS global load balancer. To make use of session affinity, glb_proxied has to be true.	string	null	no
steering_policy	Steering Policy of the CIS global load balancer.	string	"off"	no
tags	List of tags to be associated to the CIS instance.	list(string)	[]	no

Outputs

Name	Description
cis_dns_records	DNS records of CIS instance
cis_domain	CIS Domain details
cis_glb_id	ID of CIS GLB
cis_instance_guid	GUID of CIS instance
cis_instance_id	CRN of CIS instance
cis_instance_name	CIS instance name
cis_instance_status	Status of CIS instance