generated from terraform-ibm-modules/stack-ibm-template
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathibm_catalog.json
325 lines (325 loc) · 12.3 KB
/
ibm_catalog.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
{
"products": [
{
"label": "IBM Cloud Essential Security and Observability Services",
"name": "deploy-arch-ibm-core-security-svcs",
"product_kind": "solution",
"tags": [
"solution",
"support_ibm",
"target_terraform",
"security",
"ibm_created"
],
"keywords": [
"kms",
"scc",
"secrets manager",
"security-compliance-center",
"keyprotect",
"IaC",
"infrastructure as code",
"security and compliance center",
"terraform",
"solution",
"secrets",
"key protect",
"compliance"
],
"short_description": "Deploy core security and other supporting services to get set up to manage the security compliance of the resources in your account.",
"long_description": "Get IBM Cloud’s suite of core security services with a single deployment enabling you to securely manage keys and secrets and run security and compliance scans so that you always know the posture of the resources in your account. You can also take advantage of an event notification routing service that notifies you to critical events that occur in your IBM Cloud account and observability services that provide enterprise-grade monitoring and logging giving you operational visibility into the performance and health of your apps, services, and infrastructure.",
"provider_name": "IBM",
"offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-ibm-core-security-services/main/reference-architectures/light-theme.svg",
"offering_docs_url": "https://cloud.ibm.com/docs/security-hub?topic=security-hub-cloud-security",
"support_details": "If you’re experiencing issues with this product, review the troubleshooting information available from the “Docs” link in the Related links section. If you can’t resolve your problem, click “Get help” in the related links and create a case.",
"features": [
{
"title": "Creates an IBM Key Protect instance",
"description": "Creates and configures an IBM Key Protect instance and creates root keys for IBM Cloud Object Storage, Event Notifications, and Secrets Manager."
},
{
"title": "Creates an IBM Secrets Manager instance",
"description": "Creates and configures an IBM Secrets Manager instance."
},
{
"title": "Creates an IBM Security and Compliance Center instance",
"description": "Creates and configures an IBM Security Compliance Center instance."
},
{
"title": "Creates an Security and Compliance Center Workload Protection instance",
"description": "Creates and configures an Security and Compliance Center Workload Protection instance."
},
{
"title": "Creates an IBM Cloud Object Storage instance",
"description": "Creates and configures an IBM Cloud Object Storage instance and multiple Object Storage buckets that is encrypted by Key Protect."
},
{
"title": "Creates an IBM Cloud Event Notifications instance",
"description": "Creates and configures an IBM Cloud Event Notifications instance with topics for Secrets Manager and Security and Compliance Center events."
},
{
"title": "Creates service-to-service authorizations",
"description": "Creates and configures service-to-service authorizations for the following services: KMS, Event Notifications, Object Storage, Secrets Manager, and Security and Compliance Center."
}
],
"flavors": [
{
"label": "Standard",
"name": "standard",
"compliance": {
"authority": "scc-v3",
"profiles": [
{
"profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0",
"profile_version": "1.1.0"
}
]
},
"iam_permissions": [
{
"service_name": "cloud-object-storage",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
]
},
{
"service_name": "secrets-manager",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Editor",
"crn:v1:bluemix:public:iam::::role:Operator"
]
},
{
"service_name": "kms",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
]
},
{
"service_name": "compliance",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Operator",
"crn:v1:bluemix:public:iam::::role:Editor"
]
},
{
"service_name": "event-notifications",
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Operator",
"crn:v1:bluemix:public:iam::::role:Editor"
]
}
],
"architecture": {
"features": [
{
"title": "Creates IBM Cloud core security services in a resource group.",
"description": "Creates IBM Cloud core security services in an existing resource group."
},
{
"title": "Creates an IBM Key Protect instance",
"description": "Creates and configures an IBM Key Protect instance and creates root keys for IBM Cloud Object Storage, Event Notifications, and Secrets Manager."
},
{
"title": "Creates an IBM Secrets Manager instance ",
"description": "Creates and configures an IBM Secrets Manager instance."
},
{
"title": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance.",
"description": "Optionally configure an IBM Secrets Manager IAM credentials engine to an IBM Secrets Manager instance."
},
{
"title": "Creates an IBM Security and Compliance Center instance",
"description": "Creates and configures an IBM Security Compliance Center instance."
},
{
"title": "Creates a Security and Compliance Center Workload Protection instance",
"description": "Creates and configures a Security and Compliance Center Workload Protection instance."
},
{
"title": "Creates an IBM Event Notification instance",
"description": "Creates and configures an Event Notifications instance."
}
],
"diagrams": [
{
"diagram": {
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-ibm-core-security-services/main/reference-architectures/core-security-services-architecture.svg",
"caption": "IBM Cloud Essential Security and Observability Services Stack Architecture",
"type": "image/svg+xml",
"thumbnail_url": "https://raw.githubusercontent.com/terraform-ibm-modules/stack-ibm-core-security-services/main/reference-architecture/core-security-services-architecture.svg"
},
"description": "The architecture of IBM Cloud Essential Security and Observability Services stack."
}
]
},
"configuration": [
{
"key": "prefix",
"type": "string",
"default_value": "",
"description": "The prefix to add to all resources created by this solution. Used to make sure that names are unique when you deploy the solution more than one time. This should start with a lower case letter and not include '--' or end in '-'.",
"required": true
},
{
"key": "region",
"type": "string",
"default_value": "us-south",
"description": "The region where the resources are created.",
"required": true,
"options": [
{
"displayname": "us-south",
"value": "us-south"
},
{
"displayname": "eu-de",
"value": "eu-de"
},
{
"displayname": "eu-es",
"value": "eu-es"
}
]
},
{
"key": "existing_resource_group_name",
"type": "string",
"default_value": "Default",
"description": "The name of an existing resource group to provision all resources to.",
"display_name": "Existing resource group name",
"required": true,
"custom_config": {
"type": "resource_group",
"grouping": "deployment",
"original_grouping": "deployment",
"config_constraints": {
"identifier": "rg_name"
}
}
},
{
"key": "enable_platform_logs_metrics",
"type": "boolean",
"default_value": true,
"description": "Setting this to true will create a tenant in the same region where the Cloud Logs instance is provisioned, enabling platform logs for that region. Note: You can have only one tenant per region in an account. This variable will also enable platform logs for the Log Analysis instance and platform metrics for Cloud Monitoring instance.",
"required": false
},
{
"key": "existing_kms_instance_crn",
"type": "string",
"default_value": "__NULL__",
"description": "The CRN of an existing KMS instance to use in this solution. If not set, a new Key Protect instance is provisioned.",
"required": false
},
{
"key": "en_email_list",
"type": "array",
"default_value": [],
"description": "List of emails to configure event notifications.",
"required": false
},
{
"key" : "existing_en_instance_crn",
"type": "string",
"default_value": "__NULL__",
"description": "The CRN of existing event notification instance. If not supplied, a new instance is created.",
"required": false
},
{
"key": "existing_secrets_manager_crn",
"type": "string",
"default_value": "__NULL__",
"description": "The CRN of an existing Secrets Manager instance to use in this solution. If not set, a new Secrets Manager instance is provisioned.",
"required": false
},
{
"key": "sm_service_plan",
"type": "string",
"default_value": "standard",
"description": "The pricing plan to use for Secrets Manager. Not used if `existing_secrets_manager_crn` is specified.",
"required": false,
"options": [
{
"displayname": "standard",
"value": "standard"
},
{
"displayname": "trial",
"value": "trial"
}
]
},
{
"key": "secret_manager_iam_engine_enabled",
"type": "boolean",
"default_value": false,
"description": "Set this to true to to configure a Secrets Manager IAM credentials engine. If set to false, no IAM engine will be configured for your instance.",
"required": false
},
{
"key": "scc_service_plan",
"type": "string",
"default_value": "security-compliance-center-standard-plan",
"description": "The pricing plan to use for the IBM Cloud Security and Compliance Center.",
"required": false,
"options": [
{
"displayname": "standard",
"value": "security-compliance-center-standard-plan"
},
{
"displayname": "trial",
"value": "security-compliance-center-trial-plan"
}
]
}
],
"outputs": [
{
"key": "key_management_service_instance_crn",
"description": "The CRN of the Hyper Protect Crypto Service instance or Key Protect instance."
},
{
"key": "secrets_manager_crn",
"description": "The CRN of the Secrets Manager instance."
},
{
"key": "scc_crn",
"description": "The CRN of the Security and Compliance Center instance."
},
{
"key": "monitoring_crn",
"description": "The CRN of the IBM Cloud Monitoring instance."
},
{
"key": "cos_instance_crn",
"description": "The CRN of the Cloud Object Storage instance."
},
{
"key": "en_crn",
"description": "The CRN of the Event Notifications instance."
},
{
"key": "log_analysis_crn",
"description": "The CRN of the provisioned Log Analysis instance."
},
{
"key": "cloud_logs_crn",
"description": "The CRN of the provisioned Cloud Logs instance."
},
{
"key": "scc_workload_protection_crn",
"description": "Security and Compliance Center Workload Protection instance CRN."
}
],
"install_type": "fullstack",
"release_notes_url": "https://cloud.ibm.com/docs/security-hub?topic=security-hub-release-notes"
}
]
}
]
}