Releases: terraform-ibm-modules/stack-ibm-core-security-services
Releases · terraform-ibm-modules/stack-ibm-core-security-services
v3.0.0
v3.0.0
This tag was signed with the committer’s verified signature.
terraform-ibm-modules-ops
Terraform IBM Modules Operations
3.0.0 (2025-06-05)
Features
- Migration to Security and Compliance Center Workload Protection for Cloud Security Posture Management
- This solution will no longer provision an instance of the Security and Compliance Center service as it has been deprecated and new instances cannot be provisioned after 16th June 2025.
- The solution will now provision a new instance of App Configuration and Security and Compliance Center Worklaod Protection with Cloud Security Posture Management (CSPM) enabled by default.
- If you are upgrading from a previous version of the solution, you will continue to see the member named
Essential Security - Security Compliance Centerso that you can decide when you want to delete the Security and Compliance Center instance and associated Object Storage bucket. - For more information, see Security and Compliance Center transition.
- The service to service authorization that is used to allow the ATracker service write to Object Storage has been updated so that the scope of the policy is scoped to the exact Object Storage bucket.
- If upgrading from an older version, you will see the old authorization policy being deleted, a new ones being created. The new one is created before the old one is deleted to prevent any disruption to every day services.
BREAKING CHANGES
- This solution will no longer provision an instance of the Security and Compliance Center service as it has been deprecated and new instances cannot be provisioned after 16th June 2025.
v2.2.0
v2.2.0
This tag was signed with the committer’s verified signature.
terraform-ibm-modules-ops
Terraform IBM Modules Operations
2.2.0 (2025-04-02)
| Stack | Change |
|---|---|
| 1a - Key management | v4.17.0 --> v4.21.3 |
| 1b - Object storage | v8.15.1 --> v8.21.6 |
| 2 - Observability | v2.4.1 --> v2.10.1 |
| 3 - Event Notifications | v1.15.0 --> v1.19.8 |
| 4a - Security and Compliance Center | v1.24.1 --> v1.27.4 |
| 4b - Secrets Manager | v1.19.0 --> v1.26.4 |
Release notes: https://cloud.ibm.com/docs/security-hub?topic=security-hub-release-notes
v2.1.0
v2.1.0
This tag was signed with the committer’s verified signature.
terraform-ibm-modules-ops
Terraform IBM Modules Operations
2.1.0 (2024-11-28)
| Member DA | Change |
|---|---|
| 1a - Key management | v4.16.7 --> v4.17.0 |
| 1b - Object storage | v8.14.0 --> v8.15.1 |
| 2 - Observability | v2.1.0 --> v2.4.1 |
| 3 - Event Notifications | v1.14.0 --> v1.15.0 |
| 4a - Security and Compliance Center | v1.21.0 --> v1.24.1 |
| 4b - Secrets Manager | v1.18.12 --> v1.19.0 |
Release notes: https://cloud.ibm.com/docs/security-hub?topic=security-hub-release-notes
v2.0.0
v2.0.0
This tag was signed with the committer’s verified signature.
terraform-ibm-modules-ops
Terraform IBM Modules Operations
2.0.0 (2024-11-04)
Features (#153) (a835179)
- IBM Log Analysis is now fully removed from the solution. Upgrading to this version will destroy the IBM Log Analysis instance that was provisioned with older versions. IBM Cloud Logs should now be used for managing logs. Support for Cloud Logs was added in version
1.5.0. - IBM Cloud Logs is now configured with Event Notifications by default.
- The scope of the service authorization policies that are created in the Observability, Event Notifications, and Security and Compliance Center members to allow the Object storage service to read the encryption key from the Key Protect service have all been updated to only grant access to read the exact encryption key that is being used. Previously the scope was allowing reader access to the whole Key Protect instance. If upgrading from an older version, you will see the old authorization policies being deleted, and new ones being created. The new one is created before the old one is deleted to prevent any disruption to every day services.
- The Event Notifications member has been updated to communicate with the Object storage bucket over the direct endpoint. Previously it was using the public endpoint. This result in a non disruptive update in place if upgrading from an older version.
- The Object storage bucket created by the Event Notifications member has been updated so the Monitoring instance is no longer explicitly passed to it. The bucket metrics will still be monitored, however metrics will be sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. This result in a non disruptive update in place if upgrading from an older version.
- An update in place will be done on all KMS key ring created by the member DAs as the
force_deleteoption has been deprecated by the service. This has no impact to any services as the value is not being used by the backend.
BREAKING CHANGES
- Upgrading to this version will destroy the IBM Log Analysis instance that was provisioned with older versions.
v1.5.0
v1.5.0
This tag was signed with the committer’s verified signature.
terraform-ibm-modules-ops
Terraform IBM Modules Operations
1.0.10
dev-addon-poc-v1.0.10 feat: addon poc content
1.0.9
dev-addon-poc-v1.0.9 feat: addon poc content
1.0.8
dev-addon-poc-v1.0.8 feat: addon poc content
v1.0.7-addon
dev-addon-poc-v1.0.7 feat: addon poc content
v1.0.6-addon
dev-addon-poc-v1.0.6 feat: addon poc content