diff --git a/modules/config-posture/README.md b/modules/config-posture/README.md
index 6abfb3f..735bcb0 100644
--- a/modules/config-posture/README.md
+++ b/modules/config-posture/README.md
@@ -13,11 +13,11 @@ The following resources will be created in each instrumented compartment/tenancy
## Requirements
-| Name | Version |
-|---------------------------------------------------------------------------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| Name | Version |
+|---------------------------------------------------------------------------|-----------|
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [oci](#requirement\_oci) | >= 6.19.0 |
-| [sysdig](#requirement\_sysdig) | ~> 1.42 |
+| [sysdig](#requirement\_sysdig) | ~> 1.42 |
## Providers
@@ -42,12 +42,12 @@ resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|------------------|:--------:|
-| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
-| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes |
-| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no |
-| [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a | yes |
+| Name | Description | Type | Default | Required |
+|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|----------|---------|:--------:|
+| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
+| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes |
+| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no |
+| [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account) | `string` | n/a | yes |
## Outputs
diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf
index 531986d..7b3412e 100644
--- a/modules/config-posture/main.tf
+++ b/modules/config-posture/main.tf
@@ -45,6 +45,7 @@ resource "sysdig_secure_cloud_auth_account_component" "oracle_service_principal"
oci = {
api_key = {
user_id = data.sysdig_secure_trusted_oracle_app.config_posture.user_ocid
+ region = var.region
}
policy = {
policy_id = oci_identity_policy.admit_cspm_policy.id
diff --git a/modules/config-posture/variables.tf b/modules/config-posture/variables.tf
index 8c8bc7d..ef92443 100644
--- a/modules/config-posture/variables.tf
+++ b/modules/config-posture/variables.tf
@@ -18,4 +18,9 @@ variable "compartment_ocid" {
variable "sysdig_secure_account_id" {
type = string
description = "(Required) ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
+}
+
+variable "region" {
+ type = string
+ description = "(Required) Customer home region"
}
\ No newline at end of file
diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md
index 0b33807..1394262 100644
--- a/modules/onboarding/README.md
+++ b/modules/onboarding/README.md
@@ -20,11 +20,11 @@ Note:
## Requirements
-| Name | Version |
-|---------------------------------------------------------------------------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| Name | Version |
+|---------------------------------------------------------------------------|-----------|
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [oci](#requirement\_oci) | >= 6.19.0 |
-| [sysdig](#requirement\_sysdig) | ~> 1.42 |
+| [sysdig](#requirement\_sysdig) | ~> 1.42 |
## Providers
@@ -51,11 +51,11 @@ resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|------------------|:--------:|
-| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
-| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes |
-| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no |
+| Name | Description | Type | Default | Required |
+|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|----------|---------|:--------:|
+| [is\_organizational](#input\_is\_organizational) | (Optional) True/False whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
+| [tenancy\_ocid](#input\_tenancy\_ocid) | (Required) Customer tenant OCID | `string` | n/a | yes |
+| [compartment\_ocid](#input\_compartment\_ocid) | (Optional) Customer compartment OCID | `string` | `""` | no |
## Outputs
diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf
index bf97f0e..d1fb4b0 100644
--- a/modules/onboarding/main.tf
+++ b/modules/onboarding/main.tf
@@ -1,3 +1,11 @@
+locals {
+ home_region = [
+ for subscription in data.oci_identity_region_subscriptions.test_region_subscriptions.region_subscriptions :
+ subscription.region_name
+ if subscription.is_home_region == true
+ ]
+}
+
#-----------------------------------------------------------------------------------------
# Fetch the data sources
#-----------------------------------------------------------------------------------------
@@ -18,6 +26,11 @@ data "oci_identity_tenancy" "tenancy" {
tenancy_id = var.tenancy_ocid
}
+// tenancy region data
+data "oci_identity_region_subscriptions" "test_region_subscriptions" {
+ tenancy_id = var.tenancy_ocid
+}
+
// random suffix for policy name
resource "random_id" "suffix" {
@@ -61,6 +74,7 @@ resource "sysdig_secure_cloud_auth_account" "oracle_account" {
oci = {
api_key = {
user_id = data.sysdig_secure_trusted_oracle_app.onboarding.user_ocid
+ region = local.home_region[0]
}
policy = {
policy_id = oci_identity_policy.admit_onboarding_policy.id
diff --git a/modules/onboarding/outputs.tf b/modules/onboarding/outputs.tf
index 333e42c..fa0f399 100644
--- a/modules/onboarding/outputs.tf
+++ b/modules/onboarding/outputs.tf
@@ -17,3 +17,8 @@ output "is_organizational" {
value = var.is_organizational
description = "Boolean value to indicate if secure-for-cloud is deployed to an entire Oracle organization or not"
}
+
+output "region" {
+ value = local.home_region[0]
+ description = "Customer home region"
+}
diff --git a/tests/examples/modular_organization/onboarding_cspm_compartment.tf b/tests/examples/modular_organization/onboarding_cspm_compartment.tf
index c4c6e02..08ebc5b 100644
--- a/tests/examples/modular_organization/onboarding_cspm_compartment.tf
+++ b/tests/examples/modular_organization/onboarding_cspm_compartment.tf
@@ -36,6 +36,7 @@ module "config-posture" {
tenancy_ocid = module.onboarding.tenancy_ocid
compartment_ocid = module.onboarding.compartment_ocid
is_organizational = module.onboarding.is_organizational
+ region = module.onboarding.region
}
resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
diff --git a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf
index 92baa33..d6531db 100644
--- a/tests/examples/modular_organization/onboarding_cspm_tenancy.tf
+++ b/tests/examples/modular_organization/onboarding_cspm_tenancy.tf
@@ -35,6 +35,7 @@ module "config-posture" {
tenancy_ocid = module.onboarding.tenancy_ocid
compartment_ocid = module.onboarding.compartment_ocid
is_organizational = module.onboarding.is_organizational
+ region = module.onboarding.region
}
resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {