Important
The IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and no longer supported in this module. IBM Cloud Logs is the replacement service and is now the default service created with this module.
This module supports provisioning the following observability services:
- IBM Cloud Logs
- IBM® Cloud Logs is a scalable logging service that persists logs and provides users with capabilities for querying, tailing, and visualizing logs.
- IBM Cloud Activity Tracker Event Routing
- Use IBM Cloud® Activity Tracker Event Routing to configure how to route auditing events, both global and location-based event data, in your IBM Cloud. Supports routing to the following target types:
IBM Cloud Object Storage (COS)
,IBM Cloud Logs
, andIBM® Event Streams for IBM Cloud®
.
- Use IBM Cloud® Activity Tracker Event Routing to configure how to route auditing events, both global and location-based event data, in your IBM Cloud. Supports routing to the following target types:
- IBM Cloud Monitoring with Cloud Monitoring
- Monitor the health of services and applications in IBM Cloud.
# Locals
locals {
region = "us-south"
}
terraform {
required_version = ">= 1.0.0"
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = "X.Y.Z" # lock into a supported provider version
}
}
}
provider "ibm" {
ibmcloud_api_key = XXXXXXXXXXXX
region = local.region
}
# Below config will provision:
# - Cloud Logs instance
# - Monitoring instance
# - Activity Tracker route to the Cloud Logs target
# - Metrics Routing to Cloud Monitoring target
module "observability_instances" {
source = "terraform-ibm-modules/observability-instances/ibm"
version = "X.Y.Z" # Replace "X.X.X" with a release version to lock into a specific release
resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
region = local.region
cloud_logs_data_storage = {
# logs and metrics buckets must be different
logs_data = {
enabled = true
bucket_crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/......"
bucket_endpoint = "s3.direct.us-south.cloud-object-storage.appdomain.cloud"
},
metrics_data = {
enabled = true
bucket_crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/......"
bucket_endpoint = "s3.direct.us-south.cloud-object-storage.appdomain.cloud"
}
}
at_cloud_logs_targets = [
{
instance_id = module.observability_instances.cloud_logs_crn
target_region = local.region
target_name = "my-icl-target"
}
]
activity_tracker_routes = [
{
locations = ["*", "global"]
target_ids = [module.observability_instances.activity_tracker_targets["my-icl-target"].id]
route_name = "my-icl-route"
}
]
metric_router_targets = [
{
# ID of the Cloud logs instance
destination_crn = module.observability_instances.cloud_monitoring_crn
target_region = "us-south"
target_name = "my-mr-target"
}
]
metric_router_routes = [
{
name = "my-mr-route"
rules = [
{
action = "send"
targets = [{
id = module.observability_instances.metrics_router_targets["my-mr-target].id
}]
inclusion_filters = [{
operand = "location"
operator = "is"
values = ["us-south"]
}]
}
]
}
]
}
You need the following permissions to run this module.
- Service
- Resource group only
Viewer
access on the specific resource group
- Activity Tracker Event Routing (Required if creating AT routes and targets)
Editor
platform accessManager
service access
- Cloud Logs
Editor
platform accessManager
service access
- IBM Cloud Logs Routing (Required if creating tenants, which are required to enable platform logs)
Editor
platform accessManager
service access
- Cloud Monitoring
Editor
platform accessManager
service access
- Tagging service (Required if attaching access tags)
Editor
platform access
- Resource group only
Name | Version |
---|---|
terraform | >= 1.0.0 |
ibm | >= 1.70.0, < 2.0.0 |
Name | Source | Version |
---|---|---|
activity_tracker | ./modules/activity_tracker | n/a |
cloud_logs | ./modules/cloud_logs | n/a |
cloud_monitoring | ./modules/cloud_monitoring | n/a |
metric_routing | ./modules/metrics_routing | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
activity_tracker_routes | List of routes to be created, maximum four routes are allowed | list(object({ |
[] |
no |
at_cloud_logs_targets | List of Cloud Logs targets to be created | list(object({ |
[] |
no |
at_cos_targets | List of cos target to be created | list(object({ |
[] |
no |
at_eventstreams_targets | List of event streams target to be created | list(object({ |
[] |
no |
cloud_logs_access_tags | A list of access tags to apply to the IBM Cloud Logs instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
cloud_logs_data_storage | A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting. | object({ |
{ |
no |
cloud_logs_existing_en_instances | List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs. | list(object({ |
[] |
no |
cloud_logs_instance_name | The name of the IBM Cloud Logs instance to create. Defaults to 'cloud_logs-' | string |
null |
no |
cloud_logs_plan | The IBM Cloud Logs plan to provision. Available: standard | string |
"standard" |
no |
cloud_logs_policies | Configuration of Cloud Logs policies. | list(object({ |
[] |
no |
cloud_logs_provision | Provision an IBM Cloud Logs instance? | bool |
true |
no |
cloud_logs_retention_period | The number of days IBM Cloud Logs will retain the logs data in Priority insights. Allowed values: 7, 14, 30, 60, 90. | number |
7 |
no |
cloud_logs_service_endpoints | The type of the service endpoint that will be set for the IBM Cloud Logs instance. | string |
"public-and-private" |
no |
cloud_logs_tags | Tags associated with the IBM Cloud Logs instance (Optional, array of strings). | list(string) |
[] |
no |
cloud_monitoring_access_tags | A list of access tags to apply to the Cloud Monitoring instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
cloud_monitoring_instance_name | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud_monitoring-' | string |
null |
no |
cloud_monitoring_manager_key_name | The name to give the IBM Cloud Monitoring manager key. | string |
"SysdigManagerKey" |
no |
cloud_monitoring_manager_key_tags | Tags associated with the IBM Cloud Monitoring manager key. | list(string) |
[] |
no |
cloud_monitoring_plan | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier | string |
"lite" |
no |
cloud_monitoring_provision | Provision a IBM cloud monitoring instance? | bool |
true |
no |
cloud_monitoring_service_endpoints | The type of the service endpoint that will be set for the IBM Cloud Monitoring instance. Allowed values: public-and-private | string |
"public-and-private" |
no |
cloud_monitoring_tags | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | list(string) |
[] |
no |
enable_platform_logs | Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. To send platform logs from other regions, you can explicitially specify a list of regions using the logs_routing_tenant_regions input. NOTE: You can only have 1 tenant per region in an account. |
bool |
true |
no |
enable_platform_metrics | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. | bool |
true |
no |
global_event_routing_settings | Global settings for event routing | object({ |
null |
no |
logs_routing_tenant_regions | Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants. | list(any) |
[] |
no |
metrics_router_routes | List of routes for IBM Metrics Router. | list(object({ |
[] |
no |
metrics_router_settings | Global settings for Metrics Routing. | object({ |
null |
no |
metrics_router_targets | List of Metrics Router targets to be created. | list(object({ |
[] |
no |
region | The IBM Cloud region where instances will be created. | string |
"us-south" |
no |
resource_group_id | The id of the IBM Cloud resource group where the instance(s) will be created. | string |
null |
no |
skip_logs_routing_auth_policy | Whether to create an IAM authorization policy that permits Logs Routing Sender access to the IBM Cloud Logs. | bool |
false |
no |
Name | Description |
---|---|
activity_tracker_routes | The map of created routes |
activity_tracker_targets | The map of created targets |
cloud_logs_crn | The id of the provisioned Cloud Logs instance. |
cloud_logs_guid | The guid of the provisioned Cloud Logs instance. |
cloud_logs_ingress_endpoint | The public ingress endpoint of the provisioned Cloud Logs instance. |
cloud_logs_ingress_private_endpoint | The private ingress endpoint of the provisioned Cloud Logs instance. |
cloud_logs_name | The name of the provisioned Cloud Logs instance. |
cloud_logs_resource_group_id | The resource group where Cloud Logs instance resides. |
cloud_monitoring_access_key | IBM cloud monitoring access key for agents to use |
cloud_monitoring_crn | The id of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_guid | The guid of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_manager_key_name | The IBM cloud monitoring manager key name |
cloud_monitoring_name | The name of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_resource_group_id | The resource group where IBM cloud monitoring monitor instance resides |
logs_policies_details | The details of the Cloud logs policies created. |
metrics_router_routes | The created metrics routing routes. |
metrics_router_settings | The global metrics routing settings. |
metrics_router_targets | The created metrics routing targets. |
region | Region that instance(s) are provisioned to. |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.