You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -86,11 +86,11 @@ To attach access management tags to resources in this module, you need the follo
86
86
| <aname="input_admin_pass"></a> [admin\_pass](#input\_admin\_pass)| The password for the database administrator. If the admin password is null then the admin user ID cannot be accessed. More users can be specified in a user block. |`string`|`null`| no |
87
87
| <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://ibm.biz/autoscaling-considerations in the IBM Cloud Docs. | <pre>object({<br> disk = object({<br> capacity_enabled = optional(bool, false)<br> free_space_less_than_percent = optional(number, 10)<br> io_above_percent = optional(number, 90)<br> io_enabled = optional(bool, false)<br> io_over_period = optional(string, "15m")<br> rate_increase_percent = optional(number, 10)<br> rate_limit_mb_per_member = optional(number, 3670016)<br> rate_period_seconds = optional(number, 900)<br> rate_units = optional(string, "mb")<br> })<br> memory = object({<br> io_above_percent = optional(number, 90)<br> io_enabled = optional(bool, false)<br> io_over_period = optional(string, "15m")<br> rate_increase_percent = optional(number, 10)<br> rate_limit_mb_per_member = optional(number, 114688)<br> rate_period_seconds = optional(number, 900)<br> rate_units = optional(string, "mb")<br> })<br> })</pre> | `null` | no |
88
88
| <aname="input_backup_crn"></a> [backup\_crn](#input\_backup\_crn)| The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. |`string`|`null`| no |
89
-
| <aname="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn)| The CRN of a Key Protect key that you want to use for encrypting the disk that holds deployment backups. Only used if var.kms\_encryption\_enabled is set to true. BYOK for backups is available only in US regions us-south and us-east, and in eu-de. Only keys in the us-south and eu-de are durable to region failures. To ensure that your backups are available even if a region failure occurs, use a key from us-south or eu-de. Hyper Protect Crypto Services for IBM Cloud Databases backups is not currently supported. If no value is passed here, the value passed for the 'kms\_key\_crn' variable is used, unless 'use\_default\_backup\_encryption\_key' is set to 'true'. And if a HPCS value is passed for var.kms\_key\_crn, the database backup encryption uses the default encryption keys.|`string`|`null`| no |
89
+
| <aname="input_backup_encryption_key_crn"></a> [backup\_encryption\_key\_crn](#input\_backup\_encryption\_key\_crn)| The CRN of a KMS (Key Protect or Hyper Protect Crypto Service) key to use for encrypting the disk that holds deployment backups. Only used if var.kms\_encryption\_enabled is set to true. There are limitation per region on the type of KMS service (Key Protect or Hyper Protect Crypto Services) and region for those services. See https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok and https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups|`string`|`null`| no |
90
90
| <aname="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules)| (Optional, list) List of CBR rules to create | <pre>list(object({<br> description = string<br> account_id = string<br> rule_contexts = list(object({<br> attributes = optional(list(object({<br> name = string<br> value = string<br> }))) }))<br> enforcement_mode = string<br> }))</pre> |`[]`| no |
| <aname="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid)| The GUID of the Hyper Protect Crypto Services or Key Protect instance in which the key specified in var.kms\_key\_crn and var.backup\_encryption\_key\_crn is coming from. Required only if var.kms\_encryption\_enabled is set to true, var.skip\_iam\_authorization\_policy is set to false, and you pass a value for var.kms\_key\_crn, var.backup\_encryption\_key\_crn, or both. |`string`|`null`| no |
93
-
| <aname="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled)| Set this to true to control the encryption keys used to encrypt the data that you store in IBM Cloud® Databases. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect. For more info on HPCS integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs|`bool`|`false`| no |
93
+
| <aname="input_kms_encryption_enabled"></a> [kms\_encryption\_enabled](#input\_kms\_encryption\_enabled)| Set this to true to control the encryption keys used to encrypt the data that you store in IBM Cloud Databases. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect. For more info on HPCS integration, see https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs|`bool`|`false`| no |
94
94
| <aname="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn)| The root key CRN of a Key Management Services like Key Protect or Hyper Protect Crypto Services (HPCS) that you want to use for disk encryption. Only used if var.kms\_encryption\_enabled is set to true. |`string`|`null`| no |
95
95
| <aname="input_member_cpu_count"></a> [member\_cpu\_count](#input\_member\_cpu\_count)| Allocated dedicated CPU per member. For shared CPU, set to 0. For more information, see https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling|`number`|`0`| no |
96
96
| <aname="input_member_disk_mb"></a> [member\_disk\_mb](#input\_member\_disk\_mb)| Allocated disk per member. For more information, see https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling|`number`|`5120`| no |
# Example of setting configuration - none of the below is mandatory - those settings are set in this example for illustation purpose and ensure path is exercised in automated test using this example.
Copy file name to clipboardExpand all lines: modules/fscloud/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ No resources.
35
35
| <a name="input_auto_scaling"></a> [auto\_scaling](#input\_auto\_scaling) | Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. See https://ibm.biz/autoscaling-considerations in the IBM Cloud Docs. | <pre>object({<br> disk = object({<br> capacity_enabled = optional(bool, false)<br> free_space_less_than_percent = optional(number, 10)<br> io_above_percent = optional(number, 90)<br> io_enabled = optional(bool, false)<br> io_over_period = optional(string, "15m")<br> rate_increase_percent = optional(number, 10)<br> rate_limit_mb_per_member = optional(number, 3670016)<br> rate_period_seconds = optional(number, 900)<br> rate_units = optional(string, "mb")<br> })<br> memory = object({<br> io_above_percent = optional(number, 90)<br> io_enabled = optional(bool, false)<br> io_over_period = optional(string, "15m")<br> rate_increase_percent = optional(number, 10)<br> rate_limit_mb_per_member = optional(number, 114688)<br> rate_period_seconds = optional(number, 900)<br> rate_units = optional(string, "mb")<br> })<br> })</pre> | `null` | no |
36
36
| <aname="input_backup_crn"></a> [backup\_crn](#input\_backup\_crn)| The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty. |`string`|`null`| no |
37
37
| <aname="input_cbr_rules"></a> [cbr\_rules](#input\_cbr\_rules)| (Optional, list) List of CBR rules to create | <pre>list(object({<br> description = string<br> account_id = string<br> rule_contexts = list(object({<br> attributes = optional(list(object({<br> name = string<br> value = string<br> }))) }))<br> enforcement_mode = string<br> }))</pre> |`[]`| no |
| <aname="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid)| The GUID of the Hyper Protect Crypto Services instance. |`string`| n/a | yes |
40
40
| <aname="input_kms_key_crn"></a> [kms\_key\_crn](#input\_kms\_key\_crn)| The root key CRN of the Hyper Protect Crypto Service (HPCS) to use for disk encryption. |`string`| n/a | yes |
41
41
| <aname="input_member_cpu_count"></a> [member\_cpu\_count](#input\_member\_cpu\_count)| Allocated dedicated CPU per member. For shared CPU, set to 0. For more information, see https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling|`number`|`3`| no |
0 commit comments