terraform-ibm-modules / terraform-ibm-observability-instances

Deploys services for Log Analysis, Activity Tracker, Monitoring, and Cloud Logs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Terraform IBM Observability instances module

Graduated (Supported) semantic-release pre-commit latest release Renovate enabled

Important

The IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated. IBM Cloud Logs is the replacement service. This module will be updated to provision the new services before the end of support in March 2025.

This module supports provisioning the following observability instances:

  • IBM Cloud Activity Tracker
    • Records events, compliant with CADF standard, triggered by user-initiated activities that change the state of a service in the cloud.
  • IBM Cloud Logging with Log Analysis
    • Manage operating system logs, application logs, and platform logs in IBM Cloud.
  • IBM Cloud Monitoring with Cloud Monitoring
    • Monitor the health of services and applications in IBM Cloud.

ℹ️ The module also creates a manager key for each instance, and supports passing COS bucket details to enable archiving for Log Analysis and Activity Tracker, it also supports activity tracker event routing to COS, Log Analysis and Event Streams.

Overview

terraform-ibm-observability-instances

Usage

To provision Activity Tracker, Log Analysis and IBM Cloud Monitoring

# required ibm provider config
provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
}

# required logdna provider config
locals {
  at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}

provider "logdna" {
  alias      = "at"
  servicekey = module.observability_instances.activity_tracker_resource_key != null ? module.observability_instances.activity_tracker_resource_key : ""
  url        = local.at_endpoint
}

provider "logdna" {
  alias      = "ld"
  servicekey = module.observability_instances.log_analysis_resource_key != null ? module.observability_instances.log_analysis_resource_key : ""
  url        = local.at_endpoint
}

module "observability_instances" {
  source  = "terraform-ibm-modules/observability-instances/ibm"
  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  providers = {
    logdna.at  = logdna.at
    logdna.ld  = logdna.ld
  }
  resource_group_id  = var.resource_group.id
  region             = var.ibm_region
}

To provision Log Analysis only

# required ibm provider config
provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
}

# required log analysis provider config
locals {
  at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}

provider "logdna" {
  alias      = "ld"
  servicekey = module.log_analysis.resource_key
  url        = local.at_endpoint
}

module "log_analysis" {
  source  = "terraform-ibm-modules/observability-instances/ibm//modules/log_analysis"
  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  providers = {
    logdna.ld = logdna.ld
  }
  resource_group_id = module.resource_group.resource_group_id
  region = var.region
}

To provision Activity Tracker only

# required ibm provider config
provider "ibm" {
  ibmcloud_api_key = var.ibmcloud_api_key
}

# required logdna provider config
locals {
  at_endpoint = "https://api.${var.region}.logging.cloud.ibm.com"
}

provider "logdna" {
  alias      = "at"
  servicekey = module.activity_tracker.at_resource_key
  url        = local.at_endpoint
}

module "activity_tracker" {
  source  = "terraform-ibm-modules/observability-instances/ibm//modules/activity_tracker"
  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  providers = {
    logdna.at = logdna.at
  }
  resource_group_id = module.resource_group.resource_group_id
  region = var.region
}

To provision IBM Cloud Monitoring only

module "cloud_monitoring" {
  source  = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_monitoring"
  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = module.resource_group.resource_group_id
  region = var.region
}

To provision IBM Cloud Logs only

module "cloud_logs" {
  source  = "terraform-ibm-modules/observability-instances/ibm//modules/cloud_logs"
  version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  resource_group_id = module.resource_group.resource_group_id
  region = var.region
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • Resource Group service
      • Viewer platform access
  • IAM Services
    • IBM Cloud Activity Tracker service
      • Editor platform access
      • Manager service access
    • IBM Cloud Monitoring service
      • Editor platform access
      • Manager service access
    • IBM Log Analysis service
      • Editor platform access
      • Manager service access
    • IBM Cloud Logs service
      • Editor platform access
      • Manager service access

To attach access management tags to resources in this module, you need the following permissions.

  • IAM Services
    • Tagging service
      • Administrator platform access

Requirements

Name Version
terraform >= 1.0.0
ibm >= 1.67.1, < 2.0.0
logdna >= 1.14.2, < 2.0.0

Modules

Name Source Version
activity_tracker ./modules/activity_tracker n/a
cloud_logs ./modules/cloud_logs n/a
cloud_monitoring ./modules/cloud_monitoring n/a
log_analysis ./modules/log_analysis n/a

Resources

No resources.

Inputs

Name Description Type Default Required
activity_tracker_access_tags A list of access tags to apply to the Activity Tracker instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. list(string) [] no
activity_tracker_enable_archive Enable archive on activity tracker instances bool false no
activity_tracker_instance_name The name of the Activity Tracker instance to create. Defaults to 'activity-tracker-' string null no
activity_tracker_manager_key_name The name to give the Activity Tracker manager key. string "AtManagerKey" no
activity_tracker_manager_key_tags Tags associated with the Activity Tracker manager key. list(string) [] no
activity_tracker_plan The Activity Tracker plan to provision. Available: lite, 7-day, 14-day, 30-day, hipaa-30-day string "lite" no
activity_tracker_provision Provision an Activity Tracker instance? bool true no
activity_tracker_routes List of routes to be created, maximum four routes are allowed
list(object({
locations = list(string)
target_ids = list(string)
route_name = string
}))
[] no
activity_tracker_service_endpoints The type of the service endpoint that will be set for the activity tracker instance. string "public-and-private" no
activity_tracker_tags Tags associated with the Activity Tracker instance (Optional, array of strings). list(string) [] no
at_cos_bucket_endpoint An endpoint for the COS bucket for the Activity Tracker archive. Pass either the public or private endpoint (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true) string null no
at_cos_bucket_name The name of an existing COS bucket to be used for the Activity Tracker archive (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true). string null no
at_cos_instance_id The ID of the cloud object storage instance containing the Activity Tracker archive bucket (Only required when var.activity_tracker_enable_archive and var.activity_tracker_provision are true). string null no
cloud_logs_access_tags A list of access tags to apply to the IBM Cloud Logs instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. list(string) [] no
cloud_logs_data_storage A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting.
object({
logs_data = optional(object({
enabled = optional(bool, false)
bucket_crn = optional(string)
bucket_endpoint = optional(string)
skip_cos_auth_policy = optional(bool, false)
}), {})
metrics_data = optional(object({
enabled = optional(bool, false)
bucket_crn = optional(string)
bucket_endpoint = optional(string)
skip_cos_auth_policy = optional(bool, false)
}), {})
}
)
{
"logs_data": null,
"metrics_data": null
}
no
cloud_logs_existing_en_instances List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs.
list(object({
en_instance_id = string
en_region = string
en_instance_name = optional(string)
source_id = optional(string)
source_name = optional(string)
skip_en_auth_policy = optional(bool, false)
}))
[] no
cloud_logs_instance_name The name of the IBM Cloud Logs instance to create. Defaults to 'cloud_logs-' string null no
cloud_logs_plan The IBM Cloud Logs plan to provision. Available: standard string "standard" no
cloud_logs_provision Provision a IBM Cloud Logs instance? bool true no
cloud_logs_region The IBM Cloud region where Cloud Logs instances will be created. string null no
cloud_logs_retention_period The number of days IBM Cloud Logs will retain the logs data in Priority insights. number 7 no
cloud_logs_service_endpoints The type of the service endpoint that will be set for the IBM Cloud Logs instance. string "public-and-private" no
cloud_logs_tags Tags associated with the IBM Cloud Logs instance (Optional, array of strings). list(string) [] no
cloud_monitoring_access_tags A list of access tags to apply to the Cloud Monitoring instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. list(string) [] no
cloud_monitoring_instance_name The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud_monitoring-' string null no
cloud_monitoring_manager_key_name The name to give the IBM Cloud Monitoring manager key. string "SysdigManagerKey" no
cloud_monitoring_manager_key_tags Tags associated with the IBM Cloud Monitoring manager key. list(string) [] no
cloud_monitoring_plan The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier string "lite" no
cloud_monitoring_provision Provision a IBM cloud monitoring instance? bool true no
cloud_monitoring_service_endpoints The type of the service endpoint that will be set for the IBM cloud monitoring instance. string "public-and-private" no
cloud_monitoring_tags Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). list(string) [] no
cos_targets List of cos target to be created
list(object({
endpoint = string
bucket_name = string
instance_id = string
api_key = optional(string)
service_to_service_enabled = optional(bool, true)
target_region = optional(string)
target_name = string
skip_atracker_cos_iam_auth_policy = optional(bool, false)
}))
[] no
enable_platform_logs Receive platform logs in the provisioned IBM Cloud Logging instance. bool true no
enable_platform_metrics Receive platform metrics in the provisioned IBM Cloud Monitoring instance. bool true no
eventstreams_targets List of event streams target to be created
list(object({
instance_id = string
brokers = list(string)
topic = string
api_key = string
target_region = optional(string)
target_name = string
}))
[] no
global_event_routing_settings Global settings for event routing
object({
default_targets = optional(list(string), [])
metadata_region_primary = string
metadata_region_backup = optional(string)
permitted_target_regions = list(string)
private_api_endpoint_only = optional(bool, false)
})
null no
ibmcloud_api_key Restricted IBM Cloud API Key used only for writing Log Analysis archives to Cloud Object Storage string null no
log_analysis_access_tags A list of access tags to apply to the Log Analysis instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. list(string) [] no
log_analysis_cos_bucket_endpoint An endpoint for the COS bucket for the Log Analysis archive. Pass either the public or private endpoint. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). string null no
log_analysis_cos_bucket_name The name of an existing COS bucket to be used for the Log Analysis archive. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). string null no
log_analysis_cos_instance_id The ID of the cloud object storage instance containing the Log Analysis archive bucket. (Only required when var.log_analysis_enable_archive and var.log_analysis_provision are true). string null no
log_analysis_enable_archive Enable archive on log analysis instances bool false no
log_analysis_instance_name The name of the IBM Cloud Logging instance to create. Defaults to 'log-analysis-' string null no
log_analysis_manager_key_name The name to give the IBM Cloud Logging manager key. string "LogDnaManagerKey" no
log_analysis_manager_key_tags Tags associated with the IBM Cloud Logging manager key. list(string) [] no
log_analysis_plan The IBM Cloud Logging plan to provision. Available: lite, 7-day, 14-day, 30-day, hipaa-30-day string "lite" no
log_analysis_provision Provision an IBM Cloud Logging instance? bool true no
log_analysis_resource_key_role Role assigned to provide the IBM Cloud Logging key. string "Manager" no
log_analysis_service_endpoints The type of the service endpoint that will be set for the Log Analysis instance. string "public-and-private" no
log_analysis_tags Tags associated with the IBM Cloud Logging instance (Optional, array of strings). list(string) [] no
log_analysis_targets List of log analysis target to be created
list(object({
instance_id = string
ingestion_key = string
target_region = optional(string)
target_name = string
}))
[] no
region The IBM Cloud region where instances will be created. string "us-south" no
resource_group_id The id of the IBM Cloud resource group where the instance(s) will be created. string n/a yes

Outputs

Name Description
activity_tracker_crn The id of the provisioned Activity Tracker instance.
activity_tracker_guid The guid of the provisioned Activity Tracker instance.
activity_tracker_manager_key_name The Activity Tracker manager key name
activity_tracker_name The name of the provisioned Activity Tracker instance.
activity_tracker_resource_group_id The resource group where Activity Tracker instance resides
activity_tracker_resource_key The resource/service key for agents to use
activity_tracker_routes The map of created routes
activity_tracker_targets The map of created targets
cloud_logs_crn The id of the provisioned Cloud Logs instance.
cloud_logs_guid The guid of the provisioned Cloud Logs instance.
cloud_logs_name The name of the provisioned Cloud Logs instance.
cloud_logs_resource_group_id The resource group where Cloud Logs instance resides.
cloud_monitoring_access_key IBM cloud monitoring access key for agents to use
cloud_monitoring_crn The id of the provisioned IBM cloud monitoring instance.
cloud_monitoring_guid The guid of the provisioned IBM cloud monitoring instance.
cloud_monitoring_manager_key_name The IBM cloud monitoring manager key name
cloud_monitoring_name The name of the provisioned IBM cloud monitoring instance.
cloud_monitoring_resource_group_id The resource group where IBM cloud monitoring monitor instance resides
log_analysis_crn The id of the provisioned Log Analysis instance.
log_analysis_guid The guid of the provisioned Log Analysis instance.
log_analysis_ingestion_key Log Analysis ingest key for agents to use
log_analysis_manager_key_name The Log Analysis manager key name
log_analysis_name The name of the provisioned Log Analysis instance.
log_analysis_resource_group_id The resource group where Log Analysis instance resides
log_analysis_resource_key Log Analysis service key for agents to use
region Region that instance(s) are provisioned to.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

Deploys services for Log Analysis, Activity Tracker, Monitoring, and Cloud Logs

License:Apache License 2.0


Languages

Language:HCL 94.7%Language:Go 5.3%