IBM Cloud Event Notifications module

This module is used to create an IBM Cloud Event Notifications instance to filter and route event notifications from IBM Cloud services like monitoring, to communication channels like email, SMS, and webhooks. Event Notifications provides you information about critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. For more information, see Getting started with Event Notifications.

Overview

• terraform-ibm-event-notifications
• Submodules
  • fscloud
• Examples
  • Basic example
  • Complete example with BYOK encryption and CBR rules
  • Financial Services Cloud profile example
• Contributing

terraform-ibm-event-notifications

Usage

module "event_notification" {
  source            = "terraform-ibm-modules/event-notifications/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "a8cff104f1764e98aac9ab879198230a" # pragma: allowlist secret
  name              = "event-notification"
  tags              = ["dev", "qa"]
  plan              = "lite"
  service_endpoints = "public"
  service_credential_names = {
                                "en_manager" : "Manager",
                                "en_writer" : "Writer",
                                "en_reader" : "Reader",
                             }
}

Required IAM access policies

You need the following permissions to run this module:

• Account Management
  • Event Notifications service
    • Platform Management Roles
      • Editor platform role access

To create service credentials, access the Event Notifications service, and access to call the Event Notifications API, you need the following access:

• Service access roles
  • Reader - View Event Notifications instance data
  • Writer - View and edit an Event Notifications instance
  • Channel Editor - View, create, and delete Event Notifications subscriptions
  • Manager - View, edit, and delete data in an Event Notifications instance
  • Service Configuration Reader - Read services configuration for Governance management
  • Event Source Manager - Source integration with Event Notifications by using service to service authorization
  • Event Notifications Publisher - Create notification and view notifications count
  • Device Manager - Custom role to handle push device registration with the Event Notifications service

Requirements

Name	Version
terraform	>= 1.3.0
ibm	>= 1.70.0, < 2.0.0
time	>= 0.9.1

Modules

Name	Source	Version
cbr_rule	terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module	1.29.0

Resources

Name	Type
ibm_en_integration.en_kms_integration	resource
ibm_en_integration_cos.en_cos_integration	resource
ibm_iam_authorization_policy.cos_policy	resource
ibm_iam_authorization_policy.kms_policy	resource
ibm_resource_instance.en_instance	resource
ibm_resource_key.service_credentials	resource
time_sleep.wait_for_cos_authorization_policy	resource
time_sleep.wait_for_kms_authorization_policy	resource
ibm_en_integrations.en_integrations	data source

Inputs

Name	Description	Type	Default	Required
cbr_rules	The list of context-based restrictions rules to create.	list(object({ description = string account_id = string rule_contexts = list(object({ attributes = optional(list(object({ name = string value = string }))) })) enforcement_mode = string }))	[]	no
cos_bucket_name	The name of an existing IBM Cloud Object Storage bucket which will be used for storage of failed delivery events. Required if cos_integration_enabled is set to true.	string	null	no
cos_endpoint	The endpoint URL for your bucket region. For more information, see https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-endpoints. Required if cos_integration_enabled is set to true.	string	null	no
cos_instance_id	The ID of the IBM Cloud Object Storage instance in which the bucket that is defined in the cos_bucket_name variable exists. Required if cos_integration_enabled is set to true.	string	null	no
cos_integration_enabled	Set to true to connect a Cloud Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events will be captured.	bool	false	no
existing_kms_instance_crn	The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if var.kms_encryption_enabled is set to true.	string	null	no
kms_encryption_enabled	Set to true to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to false, the data is encrypted by using randomly generated keys. For more information, see Managing encryption.	bool	false	no
kms_endpoint_url	The URL of the KMS endpoint to use when configuring KMS encryption. The Hyper Protect Crypto Services endpoint URL format can be found at https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-regions#new-service-endpoints, and the Key Protect endpoint URL format can be found here https://cloud.ibm.com/docs/key-protect?topic=key-protect-regions#service-endpoints.	string	null	no
name	The name of the Event Notifications instance that is created by this module.	string	n/a	yes
plan	The pricing plan of the Event Notifications instance. Possible values: Lite, Standard	string	"standard"	no
region	The IBM Cloud region where the Event Notifications resource is created. Possible values: us-south (Dallas), eu-gb (London), eu-de (Frankfurt), au-syd (Sydney), eu-es (Madrid)	string	"us-south"	no
resource_group_id	The ID of the resource group where the Event Notifications instance is created.	string	n/a	yes
root_key_id	The key ID of a root key, existing in the KMS instance passed in var.existing_kms_instance_crn, which will be used to encrypt the data encryption keys which are then used to encrypt the data. Required only if var.kms_encryption_enabled is set to true.	string	null	no
service_credential_names	The mapping of names and roles for service credentials that you want to create for the Event Notifications instance.	map(string)	{}	no
service_endpoints	Specify whether you want to enable public, or both public and private service endpoints. Possible values: public, public-and-private	string	"public-and-private"	no
skip_en_cos_auth_policy	Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance Object Writer and Reader access to the given Object Storage bucket. Ignored if cos_integration_enabled is set to false.	bool	false	no
skip_en_kms_auth_policy	Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance to read the encryption key from the KMS instance. If set to false, a value must be passed for the KMS instance and key using inputs existing_kms_instance_crn and root_key_id. In addition, no policy is created if kms_encryption_enabled is set to false.	bool	false	no
tags	The list of tags to add to the Event Notifications instance.	list(string)	[]	no

Outputs

Name	Description
account_id	The Event Notifications account ID.
crn	The Event Notifications instance CRN.
event_notification_instance_name	The name of the Event Notifications instance.
guid	The globally unique identifier of the Event Notifications instance.
service_credentials_json	The service credentials JSON map.
service_credentials_object	The service credentials object.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.