Important
The IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated. IBM Cloud Logs is the replacement service. This module will be updated to provision the new services before the end of support in March 2025.
This module supports provisioning the following observability instances:
- IBM Cloud Activity Tracker
- Records events, compliant with CADF standard, triggered by user-initiated activities that change the state of a service in the cloud.
- IBM Cloud Logging with Log Analysis
- Manage operating system logs, application logs, and platform logs in IBM Cloud.
- IBM Cloud Monitoring with Cloud Monitoring
- Monitor the health of services and applications in IBM Cloud.
ℹ️ The module also creates a manager key for each instance, and supports passing COS bucket details to enable archiving for Log Analysis and Activity Tracker, it also supports activity tracker event routing to COS, Log Analysis and Event Streams.
To provision Activity Tracker, Log Analysis and IBM Cloud Monitoring
# required ibm provider config
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
}
# required logdna provider config
locals {
at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}
provider "logdna" {
alias = "at"
servicekey = module.observability_instances.activity_tracker_resource_key != null ? module.observability_instances.activity_tracker_resource_key : ""
url = local.at_endpoint
}
provider "logdna" {
alias = "ld"
servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : ""
url = local.at_endpoint
}
module "observability_instances" {
source = "terraform-ibm-modules/observability-instances/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
providers = {
logdna.at = logdna.at
logdna.ld = logdna.ld
}
resource_group_id = var.resource_group.id
region = var.ibm_region
}
To provision Log Analysis only
# required ibm provider config
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
}
# required log analysis provider config
locals {
at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}
provider "logdna" {
alias = "ld"
servicekey = module.log_analysis.resource_key
url = local.at_endpoint
}
module "log_analysis" {
source = "terraform-ibm-modules/observability-instances/ibm//modules/log_analysis"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
providers = {
logdna.ld = logdna.ld
}
resource_group_id = module.resource_group.resource_group_id
region = var.region
}
To provision Activity Tracker only
# required ibm provider config
provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
}
# required logdna provider config
locals {
at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}
provider "logdna" {
alias = "at"
servicekey = module.activity_tracker.at_resource_key
url = local.at_endpoint
}
module "activity_tracker" {
source = "terraform-ibm-modules/observability-instances/ibm//modules/activity_tracker"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
providers = {
logdna.at = logdna.at
}
resource_group_id = module.resource_group.resource_group_id
region = var.region
}
To provision IBM Cloud Monitoring only
module "cloud_monitoring" {
source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
resource_group_id = module.resource_group.resource_group_id
region = var.region
}
To provision IBM Cloud Logs only
module "cloud_logs" {
source = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_logs"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
resource_group_id = module.resource_group.resource_group_id
region = var.region
}
You need the following permissions to run this module.
- Account Management
- Resource Group service
Viewer
platform access
- Resource Group service
- IAM Services
- IBM Cloud Activity Tracker service
Editor
platform accessManager
service access
- IBM Cloud Monitoring service
Editor
platform accessManager
service access
- IBM Log Analysis service
Editor
platform accessManager
service access
- IBM Cloud Logs service
Editor
platform accessManager
service access
- IBM Cloud Activity Tracker service
To attach access management tags to resources in this module, you need the following permissions.
- IAM Services
- Tagging service
Administrator
platform access
- Tagging service
Name | Version |
---|---|
terraform | >= 1.0.0 |
ibm | >= 1.67.1, < 2.0.0 |
logdna | >= 1.14.2, < 2.0.0 |
Name | Source | Version |
---|---|---|
activity_tracker | ./modules/activity_tracker | n/a |
cloud_logs | ./modules/cloud_logs | n/a |
cloud_monitoring | ./modules/cloud_monitoring | n/a |
log_analysis | ./modules/log_analysis | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
activity_tracker_access_tags | A list of access tags to apply to the Activity Tracker instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
activity_tracker_enable_archive | Enable archive on activity tracker instances | bool |
false |
no |
activity_tracker_instance_name | The name of the Activity Tracker instance to create. Defaults to 'activity-tracker-' | string |
null |
no |
activity_tracker_manager_key_name | The name to give the Activity Tracker manager key. | string |
"AtManagerKey" |
no |
activity_tracker_manager_key_tags | Tags associated with the Activity Tracker manager key. | list(string) |
[] |
no |
activity_tracker_plan | The Activity Tracker plan to provision. Available: lite, 7-day, 14-day, 30-day, hipaa-30-day | string |
"lite" |
no |
activity_tracker_provision | Provision an Activity Tracker instance? | bool |
true |
no |
activity_tracker_routes | List of routes to be created, maximum four routes are allowed | list(object({ |
[] |
no |
activity_tracker_service_endpoints | The type of the service endpoint that will be set for the activity tracker instance. | string |
"public-and-private" |
no |
activity_tracker_tags | Tags associated with the Activity Tracker instance (Optional, array of strings). | list(string) |
[] |
no |
at_cos_bucket_endpoint | An endpoint for the COS bucket for the Activity Tracker archive. Pass either the public or private endpoint (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true) | string |
null |
no |
at_cos_bucket_name | The name of an existing COS bucket to be used for the Activity Tracker archive (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true). | string |
null |
no |
at_cos_instance_id | The ID of the cloud object storage instance containing the Activity Tracker archive bucket (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true). | string |
null |
no |
cloud_logs_access_tags | A list of access tags to apply to the IBM Cloud Logs instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
cloud_logs_data_storage | A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting. | object({ |
{ |
no |
cloud_logs_existing_en_instances | List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs. | list(object({ |
[] |
no |
cloud_logs_instance_name | The name of the IBM Cloud Logs instance to create. Defaults to 'cloud_logs-' | string |
null |
no |
cloud_logs_plan | The IBM Cloud Logs plan to provision. Available: standard | string |
"standard" |
no |
cloud_logs_provision | Provision a IBM Cloud Logs instance? | bool |
true |
no |
cloud_logs_region | The IBM Cloud region where Cloud Logs instances will be created. | string |
null |
no |
cloud_logs_retention_period | The number of days IBM Cloud Logs will retain the logs data in Priority insights. | number |
7 |
no |
cloud_logs_service_endpoints | The type of the service endpoint that will be set for the IBM Cloud Logs instance. | string |
"public-and-private" |
no |
cloud_logs_tags | Tags associated with the IBM Cloud Logs instance (Optional, array of strings). | list(string) |
[] |
no |
cloud_monitoring_access_tags | A list of access tags to apply to the Cloud Monitoring instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
cloud_monitoring_instance_name | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud_monitoring-' | string |
null |
no |
cloud_monitoring_manager_key_name | The name to give the IBM Cloud Monitoring manager key. | string |
"SysdigManagerKey" |
no |
cloud_monitoring_manager_key_tags | Tags associated with the IBM Cloud Monitoring manager key. | list(string) |
[] |
no |
cloud_monitoring_plan | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier | string |
"lite" |
no |
cloud_monitoring_provision | Provision a IBM cloud monitoring instance? | bool |
true |
no |
cloud_monitoring_service_endpoints | The type of the service endpoint that will be set for the IBM cloud monitoring instance. | string |
"public-and-private" |
no |
cloud_monitoring_tags | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | list(string) |
[] |
no |
cos_targets | List of cos target to be created | list(object({ |
[] |
no |
enable_platform_logs | Receive platform logs in the provisioned IBM Cloud Logging instance. | bool |
true |
no |
enable_platform_metrics | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. | bool |
true |
no |
eventstreams_targets | List of event streams target to be created | list(object({ |
[] |
no |
global_event_routing_settings | Global settings for event routing | object({ |
null |
no |
ibmcloud_api_key | Restricted IBM Cloud API Key used only for writing Log Analysis archives to Cloud Object Storage | string |
null |
no |
log_analysis_access_tags | A list of access tags to apply to the Log Analysis instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | list(string) |
[] |
no |
log_analysis_cos_bucket_endpoint | An endpoint for the COS bucket for the Log Analysis archive. Pass either the public or private endpoint. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). | string |
null |
no |
log_analysis_cos_bucket_name | The name of an existing COS bucket to be used for the Log Analysis archive. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). | string |
null |
no |
log_analysis_cos_instance_id | The ID of the cloud object storage instance containing the Log Analysis archive bucket. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). | string |
null |
no |
log_analysis_enable_archive | Enable archive on log analysis instances | bool |
false |
no |
log_analysis_instance_name | The name of the IBM Cloud Logging instance to create. Defaults to 'log-analysis-' | string |
null |
no |
log_analysis_manager_key_name | The name to give the IBM Cloud Logging manager key. | string |
"LogDnaManagerKey" |
no |
log_analysis_manager_key_tags | Tags associated with the IBM Cloud Logging manager key. | list(string) |
[] |
no |
log_analysis_plan | The IBM Cloud Logging plan to provision. Available: lite, 7-day, 14-day, 30-day, hipaa-30-day | string |
"lite" |
no |
log_analysis_provision | Provision an IBM Cloud Logging instance? | bool |
true |
no |
log_analysis_resource_key_role | Role assigned to provide the IBM Cloud Logging key. | string |
"Manager" |
no |
log_analysis_service_endpoints | The type of the service endpoint that will be set for the Log Analysis instance. | string |
"public-and-private" |
no |
log_analysis_tags | Tags associated with the IBM Cloud Logging instance (Optional, array of strings). | list(string) |
[] |
no |
log_analysis_targets | List of log analysis target to be created | list(object({ |
[] |
no |
region | The IBM Cloud region where instances will be created. | string |
"us-south" |
no |
resource_group_id | The id of the IBM Cloud resource group where the instance(s) will be created. | string |
n/a | yes |
Name | Description |
---|---|
activity_tracker_crn | The id of the provisioned Activity Tracker instance. |
activity_tracker_guid | The guid of the provisioned Activity Tracker instance. |
activity_tracker_manager_key_name | The Activity Tracker manager key name |
activity_tracker_name | The name of the provisioned Activity Tracker instance. |
activity_tracker_resource_group_id | The resource group where Activity Tracker instance resides |
activity_tracker_resource_key | The resource/service key for agents to use |
activity_tracker_routes | The map of created routes |
activity_tracker_targets | The map of created targets |
cloud_logs_crn | The id of the provisioned Cloud Logs instance. |
cloud_logs_guid | The guid of the provisioned Cloud Logs instance. |
cloud_logs_name | The name of the provisioned Cloud Logs instance. |
cloud_logs_resource_group_id | The resource group where Cloud Logs instance resides. |
cloud_monitoring_access_key | IBM cloud monitoring access key for agents to use |
cloud_monitoring_crn | The id of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_guid | The guid of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_manager_key_name | The IBM cloud monitoring manager key name |
cloud_monitoring_name | The name of the provisioned IBM cloud monitoring instance. |
cloud_monitoring_resource_group_id | The resource group where IBM cloud monitoring monitor instance resides |
log_analysis_crn | The id of the provisioned Log Analysis instance. |
log_analysis_guid | The guid of the provisioned Log Analysis instance. |
log_analysis_ingestion_key | Log Analysis ingest key for agents to use |
log_analysis_manager_key_name | The Log Analysis manager key name |
log_analysis_name | The name of the provisioned Log Analysis instance. |
log_analysis_resource_group_id | The resource group where Log Analysis instance resides |
log_analysis_resource_key | Log Analysis service key for agents to use |
region | Region that instance(s) are provisioned to. |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.