I can enable OSMH using policy advisor but we are developing terraform landing zone deployments and getting the matching rule to work is currently beyond me (and each pull request failure is driving others a bit nuts). my current attempts pass a terraform plan but fail on apply.
/*
osmh_dynamic_group = {
dynamic\_group\_name = "osmh-instances-dg"
dynamic\_group\_description = "OCI ELZ OSMH Dynamic Group"
general\_matching\_rule = \[
"ANY {instance.compartment.id='${var.tenancy\_ocid}', instance.compartment.id='ocid1.compartment.oc1..xxxxxxxxxx', instance.compartment.id='ocid1.compartment.oc1..xxxxxxxxx1xxx'}",
"ALL {resource.type='managementagent', resource.compartment.id='${var.tenancy\_ocid}'}",
"ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1..xxxxxxxxxx'}",
"ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1..xxxxxxxxx1xxx'}"
\]
}
*/
Any suggestion appreciated