fix: diagram updates (#297)

Author: ocofaigh

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-03-21T18:27:02Z",
+  "generated_at": "2023-03-23T08:47:18Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -82,7 +82,7 @@
         "hashed_secret": "83b1c425484475e97934007eccb2277e9bdbd203",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 296,
+        "line_number": 689,
         "type": "Secret Keyword",
         "verified_result": null
       }

examples/no-compute-example/README.md

@@ -1,5 +1,7 @@
 # No compute example
 
+![vpc](../../reference-architectures/vpc.drawio.svg)
+
 This example shows how you can use the landing zone module to create a networking infrastructure layer without any compute resources (no VSI, nor OpenShift cluster).
 
 The example deploys all the network components and associated compliance services that are defined in the [mixed](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/patterns/mixed) pattern, but does not deploy any compute resource (no VSI or any OpenShift cluster).

examples/no-compute-example/catalogValidationValues.json.template

@@ -0,0 +1 @@
+{"ibmcloud_api_key": $VALIDATION_APIKEY, "region": "us-south", "resource_tags": $TAGS, "prefix": $PREFIX}

examples/quickstart/README.md

@@ -1,5 +1,7 @@
 # Quick start example
 
+![vsi-quickstart](../../reference-architectures/vsi-quickstart.drawio.svg)
+
 This example deploys the following infrastructure:
 
 - An edge VPC with 1 VSI in one of the three subnets and a VPC load balancer in the edge VPC, exposing the VSI publicly.

ibm_catalog.json

@@ -2,7 +2,7 @@
 
 This template allows a user to create a landing zone
 
-![roks](../../.docs/images/roks.png)
+![roks](../../reference-architectures/roks.drawio.svg)
 
 ## Module Variables
 

patterns/roks/README.md

@@ -2,8 +2,7 @@
 
 This template allows a user to create a landing zone
 
-
-![vsi](../../.docs/images/vsi.png)
+![vsi](../../reference-architectures/vsi-vsi.drawio.svg)
 
 ## Module Variables
 

patterns/vsi/README.md

@@ -0,0 +1,91 @@
+"profilename","SLZ ROKS Custom v0.2.0"
+"profilemnemonic",
+"profiledescription",""
+"##METAINFO ENDS##"
+"ExternalControlId","Description","Parent","ControlId","Tags"
+"AC","Access Control","","",""
+"AC-2","Account Management","AC","",""
+"AC-2(4)","Account Management | Automated Audit Actions","AC-2","3000118","IBM,COS"
+"AC-2(7)","Account Management | Role Based Schemes","AC-2","",""
+"AC-2(7)(b)","Monitors privileged role assignments","AC-2(7)","3000118","IBM,COS"
+"AC-2(a)","The organization: Identifies and selects the following types of information system accounts to support organizational missions or business functions: [Assignment: organization-defined information system account types]","AC-2","3000059","IBM,IAM"
+"AC-2(g)","The organization: Monitors the use of information system accounts","AC-2","3000118","IBM,COS"
+"AC-6","Least Privilege","AC","",""
+"AC-6(9)","Least Privilege | Auditing Use of Privileged Functions","AC-6","3000118","IBM,COS"
+"AC-7","Unsuccessful Logon Attempts","AC","",""
+"AC-7(a)","The information system: Enforce a limit of [Assignment: organization-defined number] consecutive invalid logon attempts by a user during a [Assignment: organization-defined time period]","AC-7","3000716,3000053","IBM,IAM,APPID"
+"AC-11","Session Lock","AC","",""
+"AC-11(1)","Session Lock | Pattern-Hiding Displays","AC-11","3000055","IBM,IAM"
+"AC-11(a)","The information system: Prevents further access to the system by initiating a session lock after [Assignment: organization-defined time period] of inactivity or upon receiving a request from a user","AC-11","3000049","IBM,IAM"
+"AC-11(b)","The information system: Retains the session lock until the user reestablishes access using established identification and authentication procedures.","AC-11","3000056","IBM,IAM"
+"AC-14","Permitted Actions Without Identification or Authentication","AC","",""
+"AC-14(a)","The organization: Identifies [Assignment: organization-defined user actions] that can be performed on the information system without identification or authentication consistent ...","AC-14","3000052,3000712,3000022","IBM,IAM,APPID"
+"AC-16","Security Attributes","AC","",""
+"AC-16(a)"," The organization: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and or in transmission","AC-16","3000057","IBM,IAM"
+"AC-17","Remote Access","AC","",""
+"AC-17(9)","Remote Access | Disconnect / Disable Access","AC-17","3000058","IBM,IAM"
+"AU","Audit and Accountability(AU)","","",""
+"AU-2","Audit Events","AU","",""
+"AU-2(a)","The organization: Determines that the information system is capable of auditing the following events: [Assignment: organization-defined auditable events]","AU-2","3000118,3000710","IBM,COS,APPID"
+"AU-2(d)","The organization: Determines that the following events are to be audited within The information system:  [Assignment: organization-defined audited event...","AU-2","3000118,3000710","IBM,COS,APPID"
+"AU-3","Content of Audit Records","AU","3000118","IBM,COS"
+"AU-4","Audit Storage Capacity","AU","3000282,3000283","IBM,COS"
+"AU-8","Time stamps","AU","",""
+"AU-8(1)","Time Stamps | Synchronization with Authoritative Time Source","AU-8","",""
+"AU-8(1)(a)","The information system: Compares the internal information system clocks [Assignment: organization-defined frequency] with [Assignment: organization-defined authoritative time source]","AU-8(1)","3000118","IBM,COS"
+"AU-8(1)(b)","The information system: Synchronizes the internal system clocks to the authoritative time source when the time difference is greater than [Assignment: organization-defined time period]","AU-8(1)","3000118","IBM,COS"
+"AU-8(a)","The information system: Use internal system clocks to generate time stamps for audit records","AU-8","3000118","IBM,COS"
+"AU-8(b)","The information system: Records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) and meets [Assignment: organization-defined granularity of time measurement]","AU-8","3000118","IBM,COS"
+"AU-12","Audit generation","AU","",""
+"AU-12(a)","The information system: Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components]","AU-12","3000118","IBM,COS"
+"AU-12(b)","The information system: Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system","AU-12","3000118","IBM,COS"
+"AU-12(c)","The information system: Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.","AU-12","3000118","IBM,COS"
+"CA","Security Assessment and Authorization(CA)","","",""
+"CA-2","Security Assessment","CA","",""
+"CA-2(2)","Control Assessments | Specialized Assessments","CA-2","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"CA-7","Continuous Monitoring","CA","",""
+"CA-7(d)","The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: d. Ongoing security status ...","CA-7","3000611,3000118,3000601","IBM,TOOLCHAIN,COS,VULNERABILITY_ADVISOR"
+"CM","Configuration Management(CM)","","",""
+"CM-2","Baseline Configuration","CM","3000478","CIS,IBM"
+"CM-8","Information System Component Inventory","CM","",""
+"CM-8(3)","System Component Inventory | Automated Unauthorized Component Detection","CM-8","",""
+"CM-8(3)(a)","The organization: Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system","CM-8(3)","3000611,3000907,3000601,3000462,3000901","ROKS,IBM,TOOLCHAIN,CLUSTER,NETWORKING,VULNERABILITY_ADVISOR"
+"IA","Identification and Authentication(IA)","","",""
+"IA-2","Identification and Authentication (Organizational Users)","IA","",""
+"IA-2-0","The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).","IA-2","3000061,3000060,3000903","IBM,IAM,CLUSTER"
+"IA-4","Identifier Management","IA","",""
+"IA-4(b)","The organization manages information system identifiers by: Selecting an identifier that identifies an individual, group, role, or device.","IA-4","3000062,3000464,3000465,3000463,3000063","IBM,IAM,NETWORKING"
+"IA-4(c)","The organization manages information system identifiers by: Assigning the identifier to the intended individual, group, role, or device.","IA-4","3000062,3000464,3000465,3000463,3000063","IBM,IAM,NETWORKING"
+"IA-4(d)","The organization manages information system identifiers by: Preventing reuse of identifiers for [Assignment: organization-defined time period].","IA-4","3000064","IBM,IAM"
+"IA-5","Authenticator Management","IA","",""
+"IA-5(1)","Authenticator Management | Password-Based Authentication","IA-5","",""
+"IA-5(1)(a)","The information system, for password-based authentication: Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers...","IA-5(1)","3000006,3000714,3000002,3000003,3000713,3000007,3000004,3000001,3000008","IBM,IAM,APPID"
+"IA-5(1)(d)","The information system, for password-based authentication: Enforces password minimum and maximum lifetime restrictions of [Assignment: organization- defined numbers for lifetime minimum, lifetime maximum].","IA-5(1)","3000071,3000719","IBM,IAM,APPID"
+"IA-5(1)(e)","The information system, for password-based authentication: Prohibits password reuse for [Assignment: organization-defined number] generations.","IA-5(1)","3000715,3000005","IBM,IAM,APPID"
+"IA-5(b)","The organization manages information system authenticators by: Establishing initial authenticator content for authenticators defined by the organization","IA-5","3000075","IBM,IAM"
+"IA-5(f)","The organization manages information system authenticators by: Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators.","IA-5","3000718,3000067,3000068","IBM,IAM,APPID"
+"IA-6","Authenticator Feedback","IA","3000074","IBM,IAM"
+"RA","Risk Assessment","","",""
+"RA-5","Vulnerability Scanning","RA","",""
+"RA-5(1)","Vulnerability Monitoring and Scanning | Update Tool Capability","RA-5","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"RA-5(2)","Vulnerability Scanning | Update by Frequency / Prior to New Scan / When Identified","RA-5","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"RA-5(a)","The organization:  Scans for vulnerabilities in the information system and hosted applications [Assignment: organization-defined frequency and/or randomly in accordance with organization-defined process] ...","RA-5","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"SA","System and Services Acquisition(SA)","","",""
+"SA-10","Developer Configuration Management","SA","",""
+"SA-10(1)","Developer Configuration Management | Software / Firmware Integrity Verification","SA-10","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"SC","System and Communication Protection(SC)","","",""
+"SC-2","Application Partitioning","SC","3000471,3000472","IBM,NETWORKING"
+"SC-3","Security Function Isolation","SC","3000471,3000472","IBM,NETWORKING"
+"SC-7-0","Boundary Protection","SC-7","3000478","CIS,IBM"
+"SC-7","Boundary Protection","SC","",""
+"SC-10","Network Disconnect","SC","3000050,3000724","IBM,IAM,APPID"
+"SI","System and Information Integrity(SI)","","",""
+"SI-2","Flaw Remediation","SI","",""
+"SI-2(2)","Flaw Remediation | Automated Flaw Remediation Status","SI-2","3000611,3000907,3000601,3000901","ROKS,IBM,TOOLCHAIN,CLUSTER,VULNERABILITY_ADVISOR"
+"SI-3","Malicious Code Protection","SI","",""
+"SI-3(a)","The organization: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code","SI-3","3000611,3000601","IBM,TOOLCHAIN,VULNERABILITY_ADVISOR"
+"SI-4","Information System Monitoring","SI","",""
+"SI-4(a)","The organization: Monitors the information system to detect:1. Attacks and indicators of potential attacks...; and 2. Unauthorized local, network, and remote connections.","SI-4","3000118,3000408","IBM,COS,NETWORKING"
+"SI-4(b)","The organization: Identifies unauthorized use of the information system through [Assignment: organization- defined techniques and methods].","SI-4","3000118,3000408","IBM,COS,NETWORKING"
+"SI-4(c)","The organization: Deploys monitoring devices: (i) strategically within the information system to collect organization-determined essential information; and (ii) at ad hoc locations ..","SI-4","3000118,3000408","IBM,COS,NETWORKING"
+"SI-12","Information Handling and Retention","SI","3000282,3000283","IBM,COS"