Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

Themes
  1. Catalog

Cloud Object Storage module

Configures an IBM Cloud Object Storage instance and bucket

  • Date of last update: 04/13/2024
  • Docs
  • Readme file

Module overview

Use this module to provision and configure an IBM Cloud Object Storage instance and bucket.
You can configure the following aspects of your instances:

  • KMS encryption
  • Activity tracking and auditing
  • Monitoring
  • Data retention, lifecycle and archiving options

Usage

module "cos" {
  # Replace "X.X.X" with a release version to lock into a specific release
  source                 = "https://cm.globalcatalog.cloud.ibm.com/api/v1-beta/offering/source?archive=tgz&kind=terraform&name=terraform-ibm-cos&version=X.X.X"
  resource_group_id      = "199f65xxxxxxXXXXXXxxxxxxed93c497"
  region                 = "us-south" # set this to null and use 'cross_region_location' to create cross-regional bucket
  cos_instance_name      = "my-cos-instance"
  bucket_name            = "my-bucket"
  retention_enabled      = false # disable retention for test environments - enable for stage/prod
  kms_encryption_enabled = false # by default, all objects are encrypted by using randomly generated keys and an all-or-nothing-transform (AONT)
}

Features and capabilities

Create an Object Storage instance

Create an IBM Cloud Object Storage instance.

Create an Object Storage bucket

Create either a cross-regional or regional Object Storage bucket.

Create an IBM resource key

Create a resource key for the Object Storage instance.

Attach access tags

Attach access tags to the Object Storage instance.

Configure bucket retention

Configure retention policies at the IBM Cloud Object Storage bucket level.

Enable object versioning

Supports enabling object versioning to keep multiple versions of an object in a bucket.

Add archive policies

Add archive policies on the bucket.

Record Activity Tracker events

Integrate Activity Tracker to track events.

Monitor data

Integrate with the IBM Cloud Monitoring service to monitor your Object Storage data.

Encrypt data with key management services

Supports key management encryption (BYOK and KYOK), including service-to-service authorization policies with KMS.

Secure access with CBR

Create context-based restriction (CBR) rules for both instances and buckets.

    Version last updated: 04/06/2024
    Example

      Details

      • Docs
      • Content source 

      Details

      Type
      • Terraform
      Provider
      • Community
      Category
      • Developer tools
      Last updated
      • 04/13/2024
      Product version
      • v8.1.7
      Example
      • Advanced
      Copy
      Copy
      Copy
      Copy
      Copy
      Copy

      Current weekly downloads

      Count: 3

      Advanced example

      This example creates buckets that are encrypted with your own keys (BYOK). The buckets include activity tracking, monitoring, and context-based restriction (CBR) rules.

      The following resources are provisioned by this example:

      • A new resource group, if an existing one is not passed in.
      • A service ID that is used to generate resource keys.
      • An IBM Cloud Monitoring instance in the given resource group and region.
      • An IBM Cloud Activity Tracker instance, if existing ones is not passed in, in the given resource group and region.
      • A Key Protect instance (with metrics enabled), a key ring, and a root key in the given resource group and region.
      • An IBM Cloud Object Storage instance in the given resource group and region.
      • An IAM authorization policy to allow the Object Storage instance read access to the Key Protect instance.
      • A regional bucket with BYOK KMS encryption, monitoring, and activity tracking.
      • A cross-regional bucket with KMS encryption, monitoring, and activity tracking.
      • A single-site-location bucket with hard quota, monitoring, and activity tracking.
      • A basic VPC and subnet.
      • A Context-based restriction (CBR) network zone containing the VPC.
      • CBR rules that allow only the VPC to access the Object Storage instance and buckets over the private endpoint.

      Advanced example

      Focus sentinel
      Close

      Advanced example

      Focus sentinel

      This example creates buckets that are encrypted with your own keys (BYOK). The buckets include activity tracking, monitoring, and context-based restriction (CBR) rules.

      Follow these steps to download the code and configure it. Then, run the example on your local machine. Learn more.
      1. Download the source file for this example, and then extract the .tar.gz file.
      2. Change to the extracted
        Copy to clipboard
        directory.
      3. If any module in the example comes from a private catalog, run the
        Copy to clipboard
        CLI command as a user who has account access to the private catalog.
      4. Run the following Terraform commands in the same terminal instance.
        $ terraform init
        Copy to clipboard
        $ terraform plan
        Copy to clipboard
        $ terraform apply
        Copy to clipboard