-brightgreen){kind=icon}
This module supports configuring an IBM Cloud Monitoring instance, metrics routing target, routes and settings.
terraform {
required_version = ">= 1.9.0"
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "X.Y.Z" # Lock into a provider version that satisfies the module constraints
}
}
}
locals {
region = "us-south"
default_operations = [{
api_types = [
{
"api_type_id" : "crn:v1:bluemix:public:context-based-restrictions::::api-type:"
}
]
}]
}
provider "ibm" {
ibmcloud_api_key = "XXXXXXXXXX" # replace with apikey value
region = local.region
}
# IBM Cloud Monitoring
module "cloud_monitoring" {
source = "terraform-ibm-modules/cloud-monitoring/ibm"
version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
region = local.region
resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
# CBR
cbr_rules = [{
description = "Rules for cloud monitoring access"
account_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
enforcement_mode = "report"
rule_contexts = [{
attributes = [
{
"name" : "endpointType",
"value" : "private"
},
{
name = "networkZoneId"
value = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
}
]
}]
operations = local.default_operations
}]
}
# IBM Cloud Metrics Routing
module "metric_router" {
source = "terraform-ibm-modules/cloud_monitoring/ibm//modules/metrics_routing"
version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release
metrics_router_targets = [
{
# ID of the Cloud Monitoring instance
destination_crn = "crn:v1:bluemix:public:sysdig-monitor:eu-de:a/xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX:xxxxxx-XXXX-XXXX-XXXX-xxxxxx::"
target_region = "us-south"
target_name = "cloud-monitoring-target"
}
]
metrics_router_routes = [
{
name = "my-mr-route"
rules = [
{
action = "send"
targets = [{
id = module.metric_router.metric_router_targets["cloud-monitoring-target"].id
}]
inclusion_filters = [{
operand = "location"
operator = "is"
values = ["us-east"]
}]
}
]
}
]
metrics_router_settings = {
default_targets = [{
id = module.metrics_routing.metrics_router_targets["cloud-monitoring-target"].id
}]
permitted_target_regions = ["us-south", "eu-de", "us-east", "eu-es", "eu-gb"]
primary_metadata_region = "us-south" # To configure metrics routing, the account must have a `primary_metadata_region` set.
private_api_endpoint_only = false # You will be unable to view the metrics routing account settings in the UI if `private_api_endpoint_only` is set to true.
# For more information, see https://cloud.ibm.com/docs/metrics-router?topic=metrics-router-settings-about&interface=ui.
}
}
You need the following permissions to run this module.
- Service
- Resource group only
Vieweraccess on the specific resource group
- Cloud Monitoring
Editorplatform accessManagerservice access
- IBM Cloud Metrics Routing (Required if creating metrics routing routes & target)
Editorplatform accessManagerservice access
- Resource group only
| Name | Version |
|---|---|
| terraform | >= 1.9.0 |
| ibm | >= 1.76.1, < 2.0.0 |
| Name | Source | Version |
|---|---|---|
| cbr_rule | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.31.0 |
| Name | Type |
|---|---|
| ibm_resource_instance.cloud_monitoring | resource |
| ibm_resource_key.resource_key | resource |
| ibm_resource_tag.cloud_monitoring_tag | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_tags | Access Management Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | list(string) |
[] |
no |
| cbr_rules | (Optional, list) List of context-based restrictions rules to create | list(object({ |
[] |
no |
| enable_platform_metrics | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. Only 1 instance in a given region can be enabled for platform metrics. | bool |
false |
no |
| instance_name | The name of the IBM Cloud Monitoring instance to create. Defaults to 'cloud-monitoring-' | string |
null |
no |
| manager_key_name | The name to give the IBM Cloud Monitoring manager key. | string |
"SysdigManagerKey" |
no |
| manager_key_tags | Tags associated with the IBM Cloud Monitoring manager key. | list(string) |
[] |
no |
| plan | The IBM Cloud Monitoring plan to provision. Available: lite, graduated-tier and graduated-tier-sysdig-secure-plus-monitor (available in region eu-fr2 only) | string |
"lite" |
no |
| region | The IBM Cloud region where Cloud Monitoring instance will be created. | string |
"us-south" |
no |
| resource_group_id | The id of the IBM Cloud resource group where the Cloud Monitoring instance will be created. | string |
n/a | yes |
| resource_tags | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | list(string) |
[] |
no |
| service_endpoints | The type of the service endpoint that will be set for the Sisdig instance. | string |
"public-and-private" |
no |
| Name | Description |
|---|---|
| access_key | The cloud monitoring access key for agents to use |
| account_id | The account id where cloud monitoring instance is provisioned. |
| crn | The id of the provisioned cloud monitoring instance. |
| guid | The guid of the provisioned cloud monitoring instance. |
| ingestion_endpoint_private | The Cloud Monitoring private ingestion endpoint. |
| ingestion_endpoint_public | The Cloud Monitoring public ingestion endpoint. |
| manager_key_name | The cloud monitoring manager key name |
| name | The name of the provisioned cloud monitoring instance. |
| resource_group_id | The resource group where cloud monitoring monitor instance resides |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.