Terraform is an open source tool that you can use to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. This topic describes how to use Terraform to create a Logtail configuration.
You can run the sample code in this topic with a few clicks. For more information, visit Terraform Explorer.
Prerequisites
Simple Log Service (SLS) is activated. For more information, see Resource management overview.
We recommend that you use a Resource Access Management (RAM) user that has the minimum required permissions to perform the operations in this topic. This reduces the risk of leaking the AccessKey pair of your Alibaba Cloud account. For information about how to attach the minimum required policy to the RAM user, see Create a RAM user and Grant permissions to a RAM user. The following policy is provided for this topic:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "log:GetProject", "log:ListProject", "log:CreateProject", "log:DeleteProject", "log:UpdateProject", "log:GetAppliedMachineGroups", "log:GetMachineGroup", "log:ListMachineGroup", "log:CreateMachineGroup", "log:GetLogStore", "log:GetLogStoreLogs", "log:GetLogStoreMeteringMode", "log:ListLogStores", "log:CreateLogStore", "log:PostLogStoreLogs", "log:UpdateLogStore", "log:GetLogtailPipelineConfig", "log:UpdateLogtailPipelineConfig", "log:ListTagResources", "log:ListShards", "log:ListSavedSearch", "log:GetIndex", "log:ListDashboard", "log:ListConfig", "log:CreateConfig", "log:GetConfig", "log:ApplyConfigToGroup", "log:DeleteConfig", "log:DeleteMachineGroup", "log:GetProjectPolicy", "log:DeleteLogStore" ], "Resource": "*" } ] }
The runtime environment for Terraform is prepared by using one of the following methods:
Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment to use Terraform without the need to install Terraform. This method is suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.
Use Terraform in Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. This method is suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.
Install and configure Terraform on your on-premises machine: This method is suitable for scenarios where network connections are unstable or a custom development environment is needed.
You are charged for specific resources. If you no longer require the resources, you must release or unsubscribe from the resources at the earliest opportunity.
Required resources
alicloud_log_project: the project.
alicloud_log_machine_group: the machine group.
alicloud_log_store: the Logstore.
alicloud_logtail_config: the Logtail configuration.
alicloud_logtail_attachment: apply the Logtail configuration to the machine group.
Step 1: Create a project
Create a working directory. Then, create a configuration file named main.tf in the directory. Copy the following code to the main.tf configuration file.
variable "region" { default = "cn-hangzhou" } variable "identify_list" { type = list(string) description = "IP addresses of machines included in the machine group" default = ["10.0.0.1", "10.0.0.2"] } provider "alicloud" { region = var.region } resource "random_integer" "default" { min = 10000 max = 99999 } # The project. resource "alicloud_log_project" "example" { project_name = "project-name-${random_integer.default.result}" description = "tf actiontrail example" }
Run the following command to initialize the Terraform runtime environment:
terraform init
If the following information is returned, Terraform is initialized:
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Run the following command to apply the execution plan that is generated:
terraform apply
During the process, enter
yes
as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the execution plan is applied.You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Verify the result.
View the result by running the terraform show command
Run the following command in the working directory to query the details of the project that is created by using Terraform:
terraform show
View the result in the SLS console
Log on to the SLS console and view the project that is created.
Step 2: Create a machine group and a Logstore
Add the following code to the
main.tf
configuration file:# The machine group. resource "alicloud_log_machine_group" "example" { project = alicloud_log_project.example.project_name name = "terraform-example-${random_integer.default.result}" identify_type = "ip" topic = "terraform" identify_list = var.identify_list } # The Logstore. resource "alicloud_log_store" "example" { project_name = alicloud_log_project.example.project_name logstore_name = "logstore_example_${random_integer.default.result}" retention_period = 3 }
Create an execution plan and preview the changes.
terraform plan
Run the following command to apply the execution plan:
terraform apply
During the process, enter
yes
as prompted and press the Enter key. Wait until the command is complete. If the following information is returned, the execution plan is applied.Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Verify the result.
View the result by running the terraform show command
Run the following command in the working directory to query the details of the machine group and Logstore that are created by using Terraform:
terraform show
View the result in the SLS console
Log on to the SLS console. In the Projects section, find the project created in Step 1 and click the project name to go to the project details page. In the left-side navigation pane, click the Log Storage icon. In the Logstores list, view the Logstore that is created.
In the left-side navigation pane, move the pointer over the
icon and select Machine Groups. In the Machine Groups list, view the machine group that is created.
Step 3: Create a Logtail configuration
Add the following code to the
main.tf
configuration file:# The Logtail configuration. resource "alicloud_logtail_config" "example" { project = alicloud_log_project.example.project_name logstore = alicloud_log_store.example.logstore_name name = "config-sample-${random_integer.default.result}" input_type = "file" output_type = "LogService" input_detail = jsonencode( { "logPath": "/logPath", "filePattern": "access.log", "logType": "json_log", "topicFormat": "default", "discardUnmatch": false, "enableRawLog": true, "fileEncoding": "gbk", "maxDepth": 10 } ) } # Apply the Logtail configuration to the machine group. resource "alicloud_logtail_attachment" "example" { project = alicloud_log_project.example.project_name logtail_config_name = alicloud_logtail_config.example.name machine_group_name = alicloud_log_machine_group.example.name }
Create an execution plan and preview the changes.
terraform plan
Run the following command to apply the execution plan:
terraform apply
During the process, enter
yes
as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the execution plan is applied.Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Verify the result.
View the result by running the terraform show command
Run the following command in the working directory to query the details of the Logtail configuration that is created by using Terraform:
terraform show
View the result in the SLS console
Log on to the SLS console. In the Projects section, find the project created in Step 1 and click the project name to go to the project details page. In the left-side navigation pane, click the Log Storage icon. In the Logstores list, find the Logstore created in Step 2 and click the Logstore. Then, choose Data Collection > Logtail Configuration to view the Logtail configuration of the Logstore.
On the Logtail Configuration page, click the name of a Logtail configuration. Then, click the Manage Machine Groups tab. On this tab, view the machine group that is applied with the Logtail configuration.
Release resources
If you no longer require the preceding resources that are created or managed by using Terraform, run the following command to release the resources: For more information about the terraform destroy
command, see Common commands.
terraform destroy
Example
You can run the sample code in this topic with a few clicks.
Sample code
To view more examples, visit the Log_Service(SLS) folder at GitHub.
References
For more information about Terraform, see What is Terraform?