IBM Cloud Event Notifications module

This module is used to create an IBM Cloud Event Notifications instance to filter and route event notifications from IBM Cloud services like monitoring, to communication channels like email, SMS, and webhooks. Event Notifications provides you information about critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. For more information, see Getting started with Event Notifications.

Overview

• terraform-ibm-event-notifications
• Submodules
  • fscloud
• Examples
  • Advanced example with BYOK encryption and CBR rules
  • Basic example
  • Financial Services Cloud profile example
• Contributing

terraform-ibm-event-notifications

Usage

module "event_notification" {
  source            = "terraform-ibm-modules/event-notifications/ibm"
  version           = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = "a8cff104f1764e98aac9ab879198230a" # pragma: allowlist secret
  name              = "event-notification"
  tags              = ["dev", "qa"]
  plan              = "lite"
  service_endpoints = "public"
  service_credential_names = {
                                "en_manager" : "Manager",
                                "en_writer" : "Writer",
                                "en_reader" : "Reader",
                             }
}

Required IAM access policies

You need the following permissions to run this module:

• Account Management
  • Event Notifications service
    • Platform Management Roles
      • Editor platform role access

To create service credentials, access the Event Notifications service, and access to call the Event Notifications API, you need the following access:

• Service access roles
  • Reader - View Event Notifications instance data
  • Writer - View and edit an Event Notifications instance
  • Channel Editor - View, create, and delete Event Notifications subscriptions
  • Manager - View, edit, and delete data in an Event Notifications instance
  • Service Configuration Reader - Read services configuration for Governance management
  • Event Source Manager - Source integration with Event Notifications by using service to service authorization
  • Event Notifications Publisher - Create notification and view notifications count
  • Device Manager - Custom role to handle push device registration with the Event Notifications service

Requirements

Name	Version
terraform	>= 1.9.0
ibm	>= 1.79.2, < 2.0.0
time	>= 0.9.1

Modules

Name	Source	Version
cbr_rule	terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module	1.33.7

Resources

Name	Type
ibm_en_integration.en_kms_integration	resource
ibm_en_integration_cos.en_cos_integration	resource
ibm_iam_authorization_policy.cos_policy	resource
ibm_iam_authorization_policy.kms_policy	resource
ibm_resource_instance.en_instance	resource
ibm_resource_key.service_credentials	resource
ibm_resource_tag.en_tag	resource
time_sleep.wait_for_cos_authorization_policy	resource
time_sleep.wait_for_kms_authorization_policy	resource
ibm_en_integrations.en_integrations	data source

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access tags to apply to the Event Notifications instance created by the module. Learn more.	list(string)	[]	no
cbr_rules	The context-based restrictions rule to create. Only one rule is allowed.	list(object({ description = string account_id = string rule_contexts = list(object({ attributes = optional(list(object({ name = string value = string }))) })) enforcement_mode = string operations = optional(list(object({ api_types = list(object({ api_type_id = string })) }))) }))	[]	no
cos_bucket_name	The name of an existing IBM Cloud Object Storage bucket to use for storing failed delivery events. Required if cos_integration_enabled is set to true.	string	null	no
cos_endpoint	The endpoint URL for your bucket region. Required if cos_integration_enabled is set to true. Learn more.	string	null	no
cos_instance_id	The ID of an existing IBM Cloud Object Storage instance that contains the bucket to use for storing failed delivery events. Required if cos_integration_enabled is set to true.	string	null	no
cos_integration_enabled	Set to true to connect an Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events are captured.	bool	false	no
existing_kms_instance_crn	The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if var.kms_encryption_enabled is set to true.	string	null	no
kms_encryption_enabled	Set to true to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to false, the data is encrypted by using randomly generated keys. For more information, see Managing encryption.	bool	false	no
kms_endpoint_url	The URL of the key management service endpoint to use for key encryption. For more information on the endpoint URL format for Hyper Protect Crypto Services, go to Instance-based endpoints. For more information on the endpoint URL format for Key Protect, go to Service endpoints.	string	null	no
name	The name of the Event Notifications instance that is created by this module.	string	n/a	yes
plan	The pricing plan of the Event Notifications instance. Possible values are Lite or Standard.	string	"standard"	no
region	The IBM Cloud region where the Event Notifications instance is created. Possible values are jp-osa (Osaka), au-syd (Sydney), jp-tok (Tokyo), eu-de (Frankfurt), eu-gb (London), eu-es (Madrid), eu-fr2 (EU), us-south (Dallas), ca-tor (Toronto), or br-sao (Sao Paulo).	string	"us-south"	no
resource_group_id	The ID of the resource group where the Event Notifications instance is created.	string	n/a	yes
root_key_id	The key ID of a root key, existing in the key management service instance passed in var.existing_kms_instance_crn, which is used to encrypt the data encryption keys which are then used to encrypt the data. Required only if var.kms_encryption_enabled is set to true.	string	null	no
service_credential_names	The mapping of names and roles for service credentials to create for the Event Notifications instance.	map(string)	{}	no
service_endpoints	Specify whether you want to enable public, private, or both public and private service endpoints. Possible values are public, private, or public-and-private.	string	"private"	no
skip_en_cos_auth_policy	Set to true to skip creating an IAM authorization policy that permits the Event Notifications instance Object Writer and Reader access to the given Object Storage bucket. Ignored if cos_integration_enabled is set to false.	bool	false	no
skip_en_kms_auth_policy	Set to true to skip the creation of an IAM authorization policy that permits the Event Notifications instance to read the encryption key from the key management service instance. If set to false, a value must be passed for the key management service instance and key using inputs existing_kms_instance_crn and root_key_id. In addition, no policy is created if kms_encryption_enabled is set to false.	bool	false	no
tags	The list of tags to add to the Event Notifications instance.	list(string)	[]	no

Outputs

Name	Description
account_id	The Event Notifications account ID.
crn	The Event Notifications instance CRN.
event_notification_instance_name	The name of the Event Notifications instance.
event_notifications_private_endpoint	Instance private endpoint URL
event_notifications_public_endpoint	Instance public endpoint URL
guid	The globally unique identifier of the Event Notifications instance.
service_credentials_json	The service credentials JSON map.
service_credentials_object	The service credentials object.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.