All Products
Search
Document Center

Simple Log Service:Use Terraform to create a Logtail configuration

Last Updated:Dec 23, 2024

Terraform is an open source tool that you can use to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. This topic describes how to use Terraform to create a Logtail configuration.

Note

You can run the sample code in this topic with a few clicks. For more information, visit Terraform Explorer.

Prerequisites

  • Simple Log Service (SLS) is activated. For more information, see Resource management overview.

  • We recommend that you use a Resource Access Management (RAM) user that has the minimum required permissions to perform the operations in this topic. This reduces the risk of leaking the AccessKey pair of your Alibaba Cloud account. For information about how to attach the minimum required policy to the RAM user, see Create a RAM user and Grant permissions to a RAM user. The following policy is provided for this topic:

    {
      "Version": "1",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "log:GetProject",
            "log:ListProject",
            "log:CreateProject",
            "log:DeleteProject",
            "log:UpdateProject",
            "log:GetAppliedMachineGroups",
            "log:GetMachineGroup",
            "log:ListMachineGroup",
            "log:CreateMachineGroup",
            "log:GetLogStore",
            "log:GetLogStoreLogs",
            "log:GetLogStoreMeteringMode",
            "log:ListLogStores",
            "log:CreateLogStore",
            "log:PostLogStoreLogs",
            "log:UpdateLogStore",
            "log:GetLogtailPipelineConfig",
            "log:UpdateLogtailPipelineConfig",
            "log:ListTagResources",
            "log:ListShards",
            "log:ListSavedSearch",
            "log:GetIndex",
            "log:ListDashboard",
            "log:ListConfig",
            "log:CreateConfig",
            "log:GetConfig",
            "log:ApplyConfigToGroup",
            "log:DeleteConfig",
            "log:DeleteMachineGroup",
            "log:GetProjectPolicy",
            "log:DeleteLogStore"
          ],
          "Resource": "*"
        }
      ]
    }
  • The runtime environment for Terraform is prepared by using one of the following methods:

    • Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment to use Terraform without the need to install Terraform. This method is suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.

    • Use Terraform in Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. This method is suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.

    • Install and configure Terraform on your on-premises machine: This method is suitable for scenarios where network connections are unstable or a custom development environment is needed.

Note

You are charged for specific resources. If you no longer require the resources, you must release or unsubscribe from the resources at the earliest opportunity.

Required resources

Step 1: Create a project

  1. Create a working directory. Then, create a configuration file named main.tf in the directory. Copy the following code to the main.tf configuration file.

    variable "region" {
      default = "cn-hangzhou"
    }
    
    variable "identify_list" {
      type        = list(string)
      description = "IP addresses of machines included in the machine group"
      default     = ["10.0.0.1", "10.0.0.2"]
    }
    
    provider "alicloud" {
      region = var.region
    }
    
    resource "random_integer" "default" {
      min = 10000
      max = 99999
    }
    
    # The project.
    resource "alicloud_log_project" "example" {
      project_name = "project-name-${random_integer.default.result}"
      description  = "tf actiontrail example"
    }
  2. Run the following command to initialize the Terraform runtime environment:

    terraform init

    If the following information is returned, Terraform is initialized:

    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.
  3. Run the following command to apply the execution plan that is generated:

    terraform apply

    During the process, enter yes as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the execution plan is applied.

    You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
    
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value: yes
    
    
    Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.
  4. Verify the result.

    View the result by running the terraform show command

    Run the following command in the working directory to query the details of the project that is created by using Terraform:

    terraform show

    image

    View the result in the SLS console

    Log on to the SLS console and view the project that is created.

    image

Step 2: Create a machine group and a Logstore

  1. Add the following code to the main.tf configuration file:

    # The machine group.
    resource "alicloud_log_machine_group" "example" {
      project     = alicloud_log_project.example.project_name
      name          = "terraform-example-${random_integer.default.result}"
      identify_type = "ip"
      topic         = "terraform"
      identify_list = var.identify_list
    }
    
    # The Logstore.
    resource "alicloud_log_store" "example" {
      project_name = alicloud_log_project.example.project_name
      logstore_name = "logstore_example_${random_integer.default.result}"
      retention_period = 3
    }
  2. Create an execution plan and preview the changes.

    terraform plan
  3. Run the following command to apply the execution plan:

    terraform apply

    During the process, enter yes as prompted and press the Enter key. Wait until the command is complete. If the following information is returned, the execution plan is applied.

    Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.
  4. Verify the result.

    View the result by running the terraform show command

    Run the following command in the working directory to query the details of the machine group and Logstore that are created by using Terraform:

    terraform show

    image

    View the result in the SLS console

    1. Log on to the SLS console. In the Projects section, find the project created in Step 1 and click the project name to go to the project details page. In the left-side navigation pane, click the Log Storage icon. In the Logstores list, view the Logstore that is created.

      image

    2. In the left-side navigation pane, move the pointer over the Resources icon and select Machine Groups. In the Machine Groups list, view the machine group that is created.

      image

Step 3: Create a Logtail configuration

  1. Add the following code to the main.tf configuration file:

    # The Logtail configuration.
    resource "alicloud_logtail_config" "example" {
      project     = alicloud_log_project.example.project_name
      logstore    = alicloud_log_store.example.logstore_name
      name        = "config-sample-${random_integer.default.result}"
      input_type  = "file"
      output_type = "LogService"
      input_detail = jsonencode(
      	{
    		"logPath": "/logPath",
    		"filePattern": "access.log",
    		"logType": "json_log",
    		"topicFormat": "default",
    		"discardUnmatch": false,
    		"enableRawLog": true,
    		"fileEncoding": "gbk",
    		"maxDepth": 10
    	}
      )
    }
    
    # Apply the Logtail configuration to the machine group.
    resource "alicloud_logtail_attachment" "example" {
      project     = alicloud_log_project.example.project_name
      logtail_config_name = alicloud_logtail_config.example.name
      machine_group_name  = alicloud_log_machine_group.example.name
    }
  2. Create an execution plan and preview the changes.

    terraform plan
  3. Run the following command to apply the execution plan:

    terraform apply

    During the process, enter yes as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the execution plan is applied.

    Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.
  4. Verify the result.

    View the result by running the terraform show command

    Run the following command in the working directory to query the details of the Logtail configuration that is created by using Terraform:

    terraform show

    image

    View the result in the SLS console

    1. Log on to the SLS console. In the Projects section, find the project created in Step 1 and click the project name to go to the project details page. In the left-side navigation pane, click the Log Storage icon. In the Logstores list, find the Logstore created in Step 2 and click the Logstore. Then, choose Data Collection > Logtail Configuration to view the Logtail configuration of the Logstore.

      image

    2. On the Logtail Configuration page, click the name of a Logtail configuration. Then, click the Manage Machine Groups tab. On this tab, view the machine group that is applied with the Logtail configuration.

      image

Release resources

If you no longer require the preceding resources that are created or managed by using Terraform, run the following command to release the resources: For more information about the terraform destroy command, see Common commands.

terraform destroy

Example

Note

You can run the sample code in this topic with a few clicks.

Sample code

variable "region" {
  default = "cn-hangzhou"
}

variable "identify_list" {
  type        = list(string)
  description = "IP addresses of machines included in the machine group"
  default     = ["10.0.0.1", "10.0.0.2"]
}

provider "alicloud" {
  region = var.region
}

resource "random_integer" "default" {
  min = 10000
  max = 99999
}

# The project.
resource "alicloud_log_project" "example" {
  project_name = "project-name-${random_integer.default.result}"
  description  = "tf actiontrail example"
}

# The machine group.
resource "alicloud_log_machine_group" "example" {
  project     = alicloud_log_project.example.project_name
  name          = "terraform-example-${random_integer.default.result}"
  identify_type = "ip"
  topic         = "terraform"
  identify_list = var.identify_list
}

# The Logstore.
resource "alicloud_log_store" "example" {
  project_name = alicloud_log_project.example.project_name
  logstore_name = "logstore_example_${random_integer.default.result}"
  retention_period = 3
}

# The Logtail configuration.
resource "alicloud_logtail_config" "example" {
  project     = alicloud_log_project.example.project_name
  logstore    = alicloud_log_store.example.logstore_name
  name        = "config-sample-${random_integer.default.result}"
  input_type  = "file"
  output_type = "LogService"
  input_detail = jsonencode(
  	{
		"logPath": "/logPath",
		"filePattern": "access.log",
		"logType": "json_log",
		"topicFormat": "default",
		"discardUnmatch": false,
		"enableRawLog": true,
		"fileEncoding": "gbk",
		"maxDepth": 10
	}
  )
}

# Apply the Logtail configuration to the machine group.
resource "alicloud_logtail_attachment" "example" {
  project     = alicloud_log_project.example.project_name
  logtail_config_name = alicloud_logtail_config.example.name
  machine_group_name  = alicloud_log_machine_group.example.name
}

To view more examples, visit the Log_Service(SLS) folder at GitHub.

References