terraform-ibm-modules
diff --git a/‎README.md‎
Lines changed: 12 additions & 14 deletions b/‎README.md‎
Lines changed: 12 additions & 14 deletions
diff --git a/‎ibm_catalog.json‎
Lines changed: 45 additions & 25 deletions b/‎ibm_catalog.json‎
Lines changed: 45 additions & 25 deletions
diff --git a/‎main.tf‎
Lines changed: 2 additions & 5 deletions b/‎main.tf‎
Lines changed: 2 additions & 5 deletions
@@ -75,9 +75,11 @@ You need the following permissions to run this module:
 - Account management services
     - **Billing** service
         - `Administrator` platform access
-    - **Enterprise** service (only for enterprise accounts)
-        - `Viewer` platform access
-    - **IAM Access Management** service (only for enterprise accounts)
+    - **Enterprise** service (only for enterprise accounts ie. `is_enterprise_account` is true)
+        - `Administrator` platform access
+    - **IAM Access Management** service
+        - `Administrator` platform access
+    - **All Account Management** service (only if `use_existing_resource_group` is true)
         - `Administrator` platform access
 
 <!-- NO PERMISSIONS FOR MODULE
@@ -125,11 +127,11 @@ statement instead the previous block.
 | <a name="input_activity_tracker_read_data_events"></a> [activity\_tracker\_read\_data\_events](#input\_activity\_tracker\_read\_data\_events) | If set to true, all Object Storage bucket read events (i.e. downloads) will be sent to Activity Tracker. | `bool` | `true` | no |
 | <a name="input_activity_tracker_write_data_events"></a> [activity\_tracker\_write\_data\_events](#input\_activity\_tracker\_write\_data\_events) | If set to true, all Object Storage bucket write events (i.e. uploads) will be sent to Activity Tracker. | `bool` | `true` | no |
 | <a name="input_add_bucket_name_suffix"></a> [add\_bucket\_name\_suffix](#input\_add\_bucket\_name\_suffix) | Add random generated suffix (4 characters long) to the newly provisioned COS bucket name (Optional). | `bool` | `true` | no |
-| <a name="input_archive_days"></a> [archive\_days](#input\_archive\_days) | Specifies the number of days when the archive rule action takes effect. Only used if 'create\_cos\_bucket' is true. This must be set to null when when using var.cross\_region\_location as archive data is not supported with this feature. | `number` | `null` | no |
-| <a name="input_archive_type"></a> [archive\_type](#input\_archive\_type) | Specifies the storage class or archive type to which you want the object to transition. Only used if 'create\_cos\_bucket' is true. | `string` | `"Glacier"` | no |
+| <a name="input_archive_days"></a> [archive\_days](#input\_archive\_days) | Specifies the number of days when the archive rule action takes effect. This must be set to null when when using var.cross\_region\_location as archive data is not supported with this feature. | `number` | `null` | no |
+| <a name="input_archive_type"></a> [archive\_type](#input\_archive\_type) | Specifies the storage class or archive type to which you want the object to transition. | `string` | `"Glacier"` | no |
 | <a name="input_bucket_cbr_rules"></a> [bucket\_cbr\_rules](#input\_bucket\_cbr\_rules) | (Optional, list) List of CBR rules to create for the bucket | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
-| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name to give the newly provisioned COS bucket. Only required if 'create\_cos\_bucket' is true. | `string` | `"apptio-cldy-billing-snapshots"` | no |
-| <a name="input_bucket_storage_class"></a> [bucket\_storage\_class](#input\_bucket\_storage\_class) | the storage class of the newly provisioned COS bucket. Only required if 'create\_cos\_bucket' is true. Supported values are 'standard', 'vault', 'cold', 'smart' and `onerate_active`. | `string` | `"standard"` | no |
+| <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | The name to give the newly provisioned COS bucket. | `string` | `"apptio-cldy-billing-snapshots"` | no |
+| <a name="input_bucket_storage_class"></a> [bucket\_storage\_class](#input\_bucket\_storage\_class) | the storage class of the newly provisioned COS bucket. Supported values are 'standard', 'vault', 'cold', 'smart' and `onerate_active`. | `string` | `"standard"` | no |
 | <a name="input_cloudability_api_key"></a> [cloudability\_api\_key](#input\_cloudability\_api\_key) | Cloudability API Key. Retrieve your Api Key from https://app.apptio.com/cloudability#/settings/preferences under the section **Cloudability API** select **Enable API** which will generate an api key. Setting this value to __NULL__ will skip adding the IBM Cloud account to Cloudability and only configure IBM Cloud so that the IBM Cloud Account can be added to Cloudability manually | `string` | `null` | no |
 | <a name="input_cloudability_custom_role_name"></a> [cloudability\_custom\_role\_name](#input\_cloudability\_custom\_role\_name) | name of the custom role created access granted to cloudability service id to read from the billing reports cos bucket | `string` | `"CloudabilityStorageCustomRole"` | no |
 | <a name="input_cloudability_enterprise_custom_role_name"></a> [cloudability\_enterprise\_custom\_role\_name](#input\_cloudability\_enterprise\_custom\_role\_name) | name of the custom role to granting access to a cloudability service id to read the enterprise information. Only used of var.is\_enterprise\_account is set. | `string` | `"CloudabilityListAccCustomRole"` | no |
@@ -145,7 +147,7 @@ statement instead the previous block.
 | <a name="input_enterprise_id"></a> [enterprise\_id](#input\_enterprise\_id) | Id of the enterprise. Can be automatically retrieved if `is_enterprise_account` is true | `string` | `null` | no |
 | <a name="input_existing_cos_instance_id"></a> [existing\_cos\_instance\_id](#input\_existing\_cos\_instance\_id) | The ID of an existing cloud object storage instance. Required if 'var.create\_cos\_instance' is false. | `string` | `null` | no |
 | <a name="input_existing_kms_instance_guid"></a> [existing\_kms\_instance\_guid](#input\_existing\_kms\_instance\_guid) | The GUID of the Key Protect or Hyper Protect instance in which the key specified in var.kms\_key\_crn is coming from. Required if var.skip\_iam\_authorization\_policy is false in order to create an IAM Access Policy to allow Key Protect or Hyper Protect to access the newly created COS instance. | `string` | `null` | no |
-| <a name="input_expire_days"></a> [expire\_days](#input\_expire\_days) | Specifies the number of days when the expire rule action takes effect. Only used if 'create\_cos\_bucket' is true. | `number` | `null` | no |
+| <a name="input_expire_days"></a> [expire\_days](#input\_expire\_days) | Specifies the number of days when the expire rule action takes effect. | `number` | `null` | no |
 | <a name="input_ibmcloud_api_key"></a> [ibmcloud\_api\_key](#input\_ibmcloud\_api\_key) | The IBM Cloud API key which will enable billing exports | `string` | n/a | yes |
 | <a name="input_instance_cbr_rules"></a> [instance\_cbr\_rules](#input\_instance\_cbr\_rules) | (Optional, list) List of CBR rules to create for the instance | <pre>list(object({<br/>    description = string<br/>    account_id  = string<br/>    rule_contexts = list(object({<br/>      attributes = optional(list(object({<br/>        name  = string<br/>        value = string<br/>    }))) }))<br/>    enforcement_mode = string<br/>    tags = optional(list(object({<br/>      name  = string<br/>      value = string<br/>    })), [])<br/>    operations = optional(list(object({<br/>      api_types = list(object({<br/>        api_type_id = string<br/>      }))<br/>    })))<br/>  }))</pre> | `[]` | no |
 | <a name="input_is_enterprise_account"></a> [is\_enterprise\_account](#input\_is\_enterprise\_account) | Whether billing exports are enabled for the enterprise account | `bool` | `false` | no |
@@ -154,17 +156,13 @@ statement instead the previous block.
 | <a name="input_key_ring_name"></a> [key\_ring\_name](#input\_key\_ring\_name) | Name of the key ring to group keys | `string` | `"bucket-encryption"` | no |
 | <a name="input_management_endpoint_type_for_bucket"></a> [management\_endpoint\_type\_for\_bucket](#input\_management\_endpoint\_type\_for\_bucket) | The type of endpoint for the IBM terraform provider to use to manage the bucket. (public, private or direct) | `string` | `"public"` | no |
 | <a name="input_monitoring_crn"></a> [monitoring\_crn](#input\_monitoring\_crn) | The CRN of an IBM Cloud Monitoring instance to to send Object Storage bucket metrics to. If no value passed, metrics are sent to the instance associated to the container's location unless otherwise specified in the Metrics Router service configuration. | `string` | `null` | no |
-| <a name="input_object_versioning_enabled"></a> [object\_versioning\_enabled](#input\_object\_versioning\_enabled) | Enable object versioning to keep multiple versions of an object in a bucket. Cannot be used with retention rule. Only used if 'create\_cos\_bucket' is true. | `bool` | `false` | no |
+| <a name="input_object_versioning_enabled"></a> [object\_versioning\_enabled](#input\_object\_versioning\_enabled) | Enable [object versioning](/docs/cloud-object-storage?topic=cloud-object-storage-versioning) to keep multiple versions of an object in a bucket. | `bool` | `false` | no |
+| <a name="input_overwrite_existing_reports"></a> [overwrite\_existing\_reports](#input\_overwrite\_existing\_reports) | A new version of report is created or the existing report version is overwritten with every update. | `bool` | `true` | no |
 | <a name="input_policy_granularity"></a> [policy\_granularity](#input\_policy\_granularity) | Whether access to the cos bucket is controlled at the bucket (resource), cos instance (serviceInstance), or resource-group (resourceGroup). | `string` | `"resource"` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region where resources will be created | `string` | `"us-south"` | no |
 | <a name="input_request_metrics_enabled"></a> [request\_metrics\_enabled](#input\_request\_metrics\_enabled) | If set to `true`, all Object Storage bucket request metrics will be sent to the monitoring service. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of an existing resource group to provision resources in to. | `string` | `"Default"` | no |
 | <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | Optional list of tags to be added to created resources | `list(string)` | `[]` | no |
-| <a name="input_retention_default"></a> [retention\_default](#input\_retention\_default) | Specifies default duration of time an object that can be kept unmodified for COS bucket. Only used if 'create\_cos\_bucket' is true. | `number` | `90` | no |
-| <a name="input_retention_enabled"></a> [retention\_enabled](#input\_retention\_enabled) | Retention enabled for COS bucket. Only used if 'create\_cos\_bucket' is true. | `bool` | `false` | no |
-| <a name="input_retention_maximum"></a> [retention\_maximum](#input\_retention\_maximum) | Specifies maximum duration of time an object that can be kept unmodified for COS bucket. Only used if 'create\_cos\_bucket' is true. | `number` | `365` | no |
-| <a name="input_retention_minimum"></a> [retention\_minimum](#input\_retention\_minimum) | Specifies minimum duration of time an object must be kept unmodified for COS bucket. Only used if 'create\_cos\_bucket' is true. | `number` | `1` | no |
-| <a name="input_retention_permanent"></a> [retention\_permanent](#input\_retention\_permanent) | Specifies a permanent retention status either enable or disable for COS bucket. Only used if 'create\_cos\_bucket' is true. | `bool` | `false` | no |
 | <a name="input_skip_cloudability_billing_policy"></a> [skip\_cloudability\_billing\_policy](#input\_skip\_cloudability\_billing\_policy) | Whether policy which grants cloudability access to view the billing service. This may be true if the policy already exists because it was created by a previous run. | `bool` | `false` | no |
 | <a name="input_skip_iam_authorization_policy"></a> [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Set to true to skip the creation of an IAM authorization policy that permits the COS instance created to read the encryption key from the KMS instance in `existing_kms_instance_guid`. WARNING: An authorization policy must exist before an encrypted bucket can be created | `bool` | `false` | no |
 | <a name="input_skip_verification"></a> [skip\_verification](#input\_skip\_verification) | whether to verify the account after adding the account to cloudability. Requires cloudability\_auth\_header to be set. | `bool` | `false` | no |
 
@@ -4,10 +4,7 @@
 			"label": "IBM Cloudability Enablement",
 			"name": "deploy-arch-ibm-cloudability",
 			"product_kind": "solution",
-			"tags": [
-				"ibm_created",
-				"integration"
-			],
+			"tags": ["ibm_created", "integration"],
 			"keywords": [
 				"Billing",
 				"Apptio",
@@ -85,6 +82,12 @@
 								"crn:v1:bluemix:public:iam::::serviceRole:Manager",
 								"crn:v1:bluemix:public:iam::::role:Editor"
 							]
+						},
+						{
+							"service_name": "account-management",
+							"role_crns": [
+								"crn:v1:bluemix:public:iam::::role:Administrator"
+							]
 						}
 					],
 					"architecture": {
@@ -95,7 +98,7 @@
 									"type": "image/svg+xml",
 									"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-cloudability-onboarding/refs/heads/main/reference-architecture/cloudability-all-inclusive-onboarding.svg"
 								},
-								"description": "Billing exports are written to a Key Protect encrypted COS bucket. IBM Cloudability is granted access to read from this bucket to add ibm cloud billing reports daily. Key Protect and Cloud Object Storage are created in your desired region and resource group. Optionally, configure retention and archiving of the data in your bucket and enable monitoring and auditing to your cloud object storage bucket."
+								"description": "Billing exports are written to a Key Protect encrypted COS bucket. IBM Cloudability is granted access to read from this bucket to add ibm cloud billing reports daily. Key Protect and Cloud Object Storage are created in your desired region and resource group. Optionally, configure archiving of the data in your bucket and enable monitoring and auditing to your cloud object storage bucket."
 							}
 						],
 						"features": [
@@ -175,16 +178,16 @@
 							"required": true,
 							"options": [
 								{
-								  "displayname": "Dallas (us-south) w/ kms failover",
-								  "value": "us-south"
+									"displayname": "Dallas (us-south) w/ kms failover",
+									"value": "us-south"
 								},
 								{
-								  "displayname": "Frankfurt (eu-de) w/ kms failover",
-								  "value": "eu-de"
+									"displayname": "Frankfurt (eu-de) w/ kms failover",
+									"value": "eu-de"
 								},
 								{
-								  "displayname": "Tokyo (jp-tok) w/ kms failover",
-								  "value": "jp-tok"
+									"displayname": "Tokyo (jp-tok) w/ kms failover",
+									"value": "jp-tok"
 								},
 								{
 									"displayname": "Washington DC (us-east)",
@@ -385,7 +388,7 @@
 						{
 							"key": "bucket_storage_class",
 							"type": "string",
-							"default_value": "smart",
+							"default_value": "standard",
 							"description": "The storage class of the newly provisioned COS bucket of a `standard` or `lite` plan instance. Not required for one rate instances.",
 							"required": true,
 							"options": [
@@ -407,6 +410,23 @@
 								}
 							]
 						},
+						{
+							"key": "overwrite_existing_reports",
+							"type": "boolean",
+							"default_value": "true",
+							"description": "Whether each update overwrites the existing report version or a new version of report is created leaving the existing report.",
+							"required": false,
+							"options": [
+								{
+									"displayname": "Yes",
+									"value": "true"
+								},
+								{
+									"displayname": "No",
+									"value": "false"
+								}
+							]
+						},
 						{
 							"key": "object_versioning_enabled",
 							"type": "boolean",
@@ -417,7 +437,7 @@
 						{
 							"key": "archive_days",
 							"type": "number",
-							"default_value": 62,
+							"default_value": 7,
 							"description": "Specifies the number of days when the archive rule action takes effect.",
 							"required": false
 						},
@@ -441,8 +461,8 @@
 						{
 							"key": "expire_days",
 							"type": "number",
-							"default_value": 180,
-							"description": "Specifies the number of days when the expire rule action takes effect.",
+							"default_value": 90,
+							"description": "Specifies the number of days when the expire rule action takes effect. [Learn more](/docs/cloud-object-storage?topic=cloud-object-storage-expiry)",
 							"required": false
 						},
 						{
@@ -453,8 +473,8 @@
 							"hidden": true,
 							"options": [
 								{
-								  "displayname": "Bucket",
-								  "value": "resource"
+									"displayname": "Bucket",
+									"value": "resource"
 								},
 								{
 									"displayname": "Instance",
@@ -464,7 +484,7 @@
 									"displayname": "Resource Group",
 									"value": "resourceGroup"
 								}
-							  ]
+							]
 						},
 						{
 							"key": "cloudability_custom_role_name",
@@ -489,28 +509,28 @@
 					],
 					"outputs": [
 						{
-						  "key": "resource_group_id",
-						  "description": "Resource Group ID"
+							"key": "resource_group_id",
+							"description": "Resource Group ID"
 						},
 						{
-						  "key": "s3_endpoint_public",
-						  "description": "public endpoint to the cos bucket"
+							"key": "s3_endpoint_public",
+							"description": "public endpoint to the cos bucket"
 						},
 						{
 							"key": "bucket_id",
 							"description": "id of the cos bucket"
 						},
 						{
 							"key": "bucket_crn",
-							"description": "crn of the  cos bucket"
+							"description": "crn of the cos bucket"
 						},
 						{
 							"key": "bucket_name",
-							"description": "name of the  cos bucket"
+							"description": "name of the cos bucket"
 						},
 						{
 							"key": "bucket_storage_class",
-							"description": "storage class of the  cos bucket"
+							"description": "storage class of the cos bucket"
 						},
 						{
 							"key": "kms_key_crn",
 
@@ -49,11 +49,7 @@ module "cos_bucket" {
   add_bucket_name_suffix              = var.add_bucket_name_suffix
   bucket_storage_class                = local.bucket_storage_class
   management_endpoint_type_for_bucket = var.management_endpoint_type_for_bucket
-  retention_enabled                   = var.retention_enabled
-  retention_default                   = var.retention_default
-  retention_maximum                   = var.retention_maximum
-  retention_minimum                   = var.retention_minimum
-  retention_permanent                 = var.retention_permanent
+  retention_enabled                   = false
   object_versioning_enabled           = var.object_versioning_enabled
   archive_days                        = var.archive_days
   archive_type                        = var.archive_type
@@ -97,6 +93,7 @@ module "billing_exports" {
   cos_bucket_location = var.region
   cos_folder          = var.cos_folder
   resource_group_id   = module.resource_group.resource_group_id
+  versioning          = var.overwrite_existing_reports ? "overwrite" : "new"
 }
 
 module "cloudability_onboarding" {