activity_tracker

Activity Tracker module

This module supports provisioning the following:

• IBM Cloud Activity Tracker Event Routing
  • Use IBM Cloud® Activity Tracker Event Routing to configure how to route auditing events, both global and location-based event data, in your IBM Cloud. Supports routing to the following target types: IBM Cloud Object Storage (COS), IBM Cloud Logs, and IBM® Event Streams for IBM Cloud®.

Usage

# Locals
locals {
  region      = "us-south"
}

terraform {
  required_version = ">= 1.0.0"
  required_providers {
    ibm = {
      source  = "ibm-cloud/ibm"
      version = "X.Y.Z" # lock into a supported provider version
    }
  }
}
provider "ibm" {
  ibmcloud_api_key = XXXXXXXXXXXX
  region           = local.region
}

# Create Activity Tracker target and route for Cloud Logs
module "activity_tracker" {
  source    = "terraform-ibm-modules/observability-instances/ibm//modules/activity_tracker"
  version   = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
  # Create Cloud Logs target
  cloud_logs_targets = [
    {
      # ID of the Cloud logs instance
      instance_id   = "crn:v1:bluemix:public:logs:us-south:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx::"
      target_region = "us-south"
      target_name   = "my-icl-target"
    }
  ]
  activity_tracker_routes = [
    {
      locations  = ["*", "global"]
      target_ids = [module.activity_tracker.activity_tracker_targets["my-icl-target"].id]
      route_name = "my-icl-route"
    }
  ]
}

Required IAM access policies

You need the following permissions to run this module.

• Service
  • Activity Tracker Event Routing (Required if creating AT routes and targets)
    • Editor platform access
    • Manager service access

Requirements

Name	Version
terraform	>= 1.0.0
ibm	>= 1.69.2, < 2.0.0
time	>= 0.9.1, < 1.0.0

Modules

No modules.

Resources

Name	Type
ibm_atracker_route.atracker_routes	resource
ibm_atracker_settings.atracker_settings	resource
ibm_atracker_target.atracker_cloud_logs_targets	resource
ibm_atracker_target.atracker_cos_targets	resource
ibm_atracker_target.atracker_eventstreams_targets	resource
ibm_iam_authorization_policy.atracker_cloud_logs	resource
ibm_iam_authorization_policy.atracker_cos	resource
time_sleep.wait_for_authorization_policy	resource
time_sleep.wait_for_cloud_logs_auth_policy	resource

Inputs

Name	Description	Type	Default	Required
activity_tracker_routes	List of routes to be created, maximum four routes are allowed	list(object({ locations = list(string) target_ids = list(string) route_name = string }))	[]	no
cloud_logs_targets	List of Cloud Logs targets to be created	list(object({ instance_id = string target_region = optional(string) target_name = string skip_atracker_cloud_logs_iam_auth_policy = optional(bool, false) }))	[]	no
cos_targets	List of cos target to be created	list(object({ endpoint = string bucket_name = string instance_id = string api_key = optional(string) service_to_service_enabled = optional(bool, true) target_region = optional(string) target_name = string skip_atracker_cos_iam_auth_policy = optional(bool, false) }))	[]	no
eventstreams_targets	List of event streams target to be created	list(object({ instance_id = string brokers = list(string) topic = string api_key = string # pragma: allowlist secret target_region = optional(string) target_name = string }))	[]	no
global_event_routing_settings	Global settings for event routing	object({ default_targets = optional(list(string), []) metadata_region_primary = string metadata_region_backup = optional(string) permitted_target_regions = list(string) private_api_endpoint_only = optional(bool, false) })	null	no

Outputs

Name	Description
activity_tracker_routes	The map of created routes
activity_tracker_targets	The map of created targets