This code is a version of the parent root module that includes a default configuration that complies with the relevant controls from the IBM Cloud Framework for Financial Services. See the Example for IBM Cloud Framework for Financial Services for logic that uses this module.
❗ Exception: The Databases for Enterprise DB service is not yet Financial services validated. Therefore, the infrastructure that is deployed by this module is also not validated with the Framework for Financial Services. For more information, see the list of Financial Services Validated services.
The default values in this profile were scanned by IBM Code Risk Analyzer (CRA) for compliance with the IBM Cloud Framework for Financial Services profile that is specified by the IBM Security and Compliance Center.
The IBM Cloud Framework for Financial Services mandates the application of an inbound network-based allowlist in front of the IBM Cloud Databases for (ICD) Enterprise DB instance. You can comply with this requirement by using the cbr_rules variable in the module, which can be used to create a narrow context-based restriction rule that is scoped to the Enterprise DB instance.
| Name | Version |
|---|---|
| terraform | >= 1.3.0 |
| ibm | >= 1.64.2, <2.0.0 |
| Name | Source | Version |
|---|---|---|
| enterprise_db | ../../ | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_tags | A list of access tags to apply to the Enterprise DB instance created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details | list(string) |
[] |
no |
| admin_pass | The password for the database administrator. If the admin password is null then the admin user ID cannot be accessed. More users can be specified in a user block. | string |
null |
no |
| auto_scaling | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://ibm.biz/autoscaling-considerations in the IBM Cloud Docs. | object({ |
null |
no |
| backup_crn | The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. | string |
null |
no |
| cbr_rules | (Optional, list) List of CBR rules to create | list(object({ |
[] |
no |
| configuration | Database configuration. | object({ |
null |
no |
| edb_version | Version of the Enterprise DB instance. If no value is passed, the current preferred version of IBM Cloud Databases is used. | string |
null |
no |
| existing_kms_instance_guid | The GUID of the Hyper Protect Crypto Services instance. | string |
n/a | yes |
| kms_key_crn | The root key CRN of the Hyper Protect Crypto Service (HPCS) to use for disk encryption. | string |
n/a | yes |
| member_cpu_count | Allocated dedicated CPU per member. Minimum number of CPU allowed is 3 . For more information, see https://cloud.ibm.com/docs/databases-for-enterprisedb?topic=databases-for-enterprisedb-resources-scaling | number |
3 |
no |
| member_disk_mb | Allocated disk per member. For more information, see https://cloud.ibm.com/docs/databases-for-enterprisedb?topic=databases-for-enterprisedb-resources-scaling | number |
20480 |
no |
| member_memory_mb | Allocated memory per member. For more information, see https://cloud.ibm.com/docs/databases-for-enterprisedb?topic=databases-for-enterprisedb-resources-scaling | number |
1024 |
no |
| members | Allocated number of members. Members can be scaled up but not down. | number |
3 |
no |
| name | The name given to the Enterprise DB instance. | string |
n/a | yes |
| region | The region where you want to deploy your instance. Must be the same region as the Hyper Protect Crypto Services instance. | string |
"us-south" |
no |
| resource_group_id | The resource group ID where the Enterprise DB instance will be created. | string |
n/a | yes |
| resource_tags | Optional list of tags to be added to the Enterprise DB instance. | list(string) |
[] |
no |
| service_credential_names | Map of name, role for service credentials that you want to create for the database | map(string) |
{} |
no |
| skip_iam_authorization_policy | Set to true to skip the creation of an IAM authorization policy that permits all Enterprise database instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance. The HPCS instance is passed in through the var.existing_kms_instance_guid variable. | bool |
false |
no |
| users | A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service_credential_names) is sufficient to control access to the Enterprise Db instance. This blocks creates native enterprise database users, more info on that can be found here https://cloud.ibm.com/docs/databases-for-enterprisedb?topic=databases-for-enterprisedb-user-management&interface=api | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| adminuser | Database admin user name |
| certificate_base64 | Database connection certificate |
| crn | Enterprise DB instance crn |
| guid | Enterprise DB instance guid |
| hostname | Database connection hostname |
| id | Enterprise DB instance id |
| port | Database connection port |
| version | Enterprise DB instance version |