Use Terraform to create a Logtail configuration - Simple Log Service

Terraform is an open source tool that you can use to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. This topic describes how to use Terraform and its CLI to create a Logtail configuration.

Prerequisites

Terraform is installed.

Use Terraform in Cloud Shell: By default, Terraform is installed and configured in Cloud Shell. An Alibaba Cloud account is also configured for Cloud Shell. For more information, see Use Terraform in Cloud Shell.
Install and configure Terraform on your on-premises machine: Make sure that the version of registry.terraform.io/aliyun/alicloud is 1.219.0 or later. For more information, see Install and configure Terraform in the local PC.

Procedure

Use Terraform in Cloud Shell

Step 1: Configure the region of the central Simple Log Service project

# Region ID
export ALICLOUD_REGION="cn-shanghai"

Important

You do not need to configure identity information when you use Cloud Shell. We recommend that you use a Resource Access Management (RAM) user to log on to the Alibaba Cloud Management Console. This helps reduce security risks that are caused by AccessKey pair leaks.

Parameter	Description
ALICLOUD_REGION	The region where the Simple Log Service project resides. For more information, see Supported regions.

Step 2: Create a Simple Log Service project

Run the following command to create a Terraform working directory named sls:
```
mkdir sls
```
Run the following command to switch to the sls directory:
```
cd sls
```
Run the following command to create a file named terraform.tf in the sls directory:
```
touch terraform.tf
```

Add the following content to the terraform.tf file:

resource "alicloud_log_project" "project_example" {
  project_name = "terraform-example"
  description = "terraform-example"
}

alicloud_log_project indicates the resource type. The following table describes other parameters. For more information about all parameters related to a project, see Terraform-Alicloud Log Project.

Parameter	Required	Description
project_example	Yes	The name of the resource.
project_name	Yes	The name of the Simple Log Service project. The name must be unique.
description	No	The description of the project.

Press the Esc key to exit the insert mode and enter :wq to save and close the file.
Run the following command in the sls directory to initialize the directory:
```
terraform init
```
If the following output is returned, the initialization is successful:
```
Terraform has been successfully initialized!
```

Run the following command in the sls directory to create a Simple Log Service project:

terraform apply

If the following output is returned, the project is created:

alicloud_log_project.project_example: Creating...
alicloud_log_project.project_example: Creation complete after 2s [id=terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 3: Create a Logstore

Add the following content to the terraform.tf file:

resource "alicloud_log_store" "logstore_example" {
  project_name = alicloud_log_project.project_example.project_name
  logstore_name = "logstore_example"
  retention_period = 3
}

alicloud_log_store indicates the resource type. The following table describes other parameters. For more information about all parameters related to a Logstore, see Terraform-Alicloud Log Store.

Parameter	Required	Description
logstore_example	Yes	The name of the resource.
project_name	Yes	The name of the project to which the Logstore belongs. In this example, the value of the project_name parameter that is specified for the project_example resource of the alicloud_log_project type is used.
logstore_name	Yes	The name of the Logstore.
retention_period	No	The data retention period. Unit: days. Default value: 30.

Run the following command in the sls directory to create a Logstore:

terraform apply

If the following output is returned, the Logstore is created:

alicloud_log_project.project_example: Creating...
alicloud_log_project.project_example: Creation complete after 2s [id=terraform-example]
alicloud_log_store.logstore_example: Creating...
alicloud_log_store.logstore_example: Creation complete after 1s [id=terraform-example:logstore_example]

Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.

Step 4: Create a Logtail configuration

Add the following content to the terraform.tf file:

resource "alicloud_logtail_config" "config_test" {
  project     = alicloud_log_store.logstore_example.project_name
  logstore    = alicloud_log_store.logstore_example.logstore_name
  name        = "config-sample"
  input_type  = "file"
  output_type = "LogService"
  input_detail = jsonencode(
  	{
		"logPath": "/logPath",
		"filePattern": "access.log",
		"logType": "json_log",
		"topicFormat": "default",
		"discardUnmatch": false,
		"enableRawLog": true,
		"fileEncoding": "gbk",
		"maxDepth": 10
	}
  )
}

alicloud_logtail_config indicates the resource type. The following table describes other parameters. For more information about all parameters related to a Logtail configuration, see Terraform-Alicloud Logtail Config.

Parameter	Required	Description
config_test	Yes	The name of the resource.
project	Yes	The name of the project to which the Logtail configuration belongs.
logstore	Yes	The name of the Logstore to which the Logtail configuration belongs.
name	Yes	The name of the Logtail configuration. The name must be unique in the project to which the Logtail configuration belongs. After the Logtail configuration is created, you cannot change the name of the Logtail configuration. The name must meet the following requirements: The name can contain only lowercase letters, digits, hyphens (-), and underscores (_). The name must start and end with a lowercase letter or a digit. The name must be 2 to 128 characters in length.
input_type	Yes	The collection method of logs. Valid values: plugin: Logs are collected by using Logtail plug-ins. file: Text logs are collected by using existing modes, including the full regex mode and delimiter mode.
output_type	Yes	The destination to which the collected logs are uploaded. Set the value to LogService. Collected logs can be uploaded to only Simple Log Service.
input_detail	Yes	The configuration of the data source. For more information, see Logtail configurations.

Run the following command in the sls directory to create a Logtail configuration:

terraform apply

If the following output is returned, the Logtail configuration is created:

alicloud_logtail_config.config_test: Creating...
alicloud_logtail_config.config_test: Creation complete after 0s [id=terraform-example-yangfei:logstore_example:config-sample]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 5: Create a machine group

Add the following content to the terraform.tf file:

resource "alicloud_log_machine_group" "machine_group_example" {
  project     = alicloud_log_store.logstore_example.project_name
  name          = "terraform-example"
  identify_type = "ip"
  topic         = "terraform"
  identify_list = ["10.0.0.1", "10.0.0.2"]
}

alicloud_log_machine_group indicates the resource type. The following table describes other parameters. For more information about all parameters related to a machine group, see Terraform-Alicloud Log Machine Group.

Parameter	Required	Description
machine_group_example	Yes	The name of the resource. You can specify a custom name.
project	Yes	The name of the project to which the machine group belongs.
name	Yes	The name of the machine group. The name must be unique in a project.
identify_type	No	The type of the machine group identifier. Valid values: IP and userdefined. Default value: IP.
topic	No	The topic of the machine group. This parameter is empty by default.
identify_list	Yes	The list of machine group identifiers. The value can be IP addresses or custom identifiers.

Run the following command in the sls directory to create a machine group:

terraform apply

If the following output is returned, the machine group is created:

alicloud_log_machine_group.machine_group_example: Creating...
alicloud_log_machine_group.machine_group_example: Creation complete after 0s [id=terraform-example:terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 6: Apply the Logtail configuration to the machine group

Add the following content to the terraform.tf file:

resource "alicloud_logtail_attachment" "example" {
  project     = alicloud_log_store.logstore_example.project_name
  logtail_config_name = alicloud_logtail_config.config_test.name
  machine_group_name  = alicloud_log_machine_group.machine_group_example.name
}

alicloud_logtail_attachment indicates the resource type. The following table describes other parameters. For more information about all parameters related to the application of a Logtail configuration, see Terraform-Alicloud Logtail Attachment.

Parameter	Required	Description
example	Yes	The name of the resource. You can specify a custom name.
project	Yes	The name of the project.
logtail_config_name	Yes	The name of the Logtail configuration.
machine_group_name	Yes	The name of the machine group.

Run the following command in the sls directory to apply the Logtail configuration to the machine group:

terraform apply

If the following output is returned, the Logtail configuration is applied to the machine group:

alicloud_logtail_attachment.example: Creating...
alicloud_logtail_attachment.example: Creation complete after 0s [id=terraform-example:config-sample:terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Use Terraform on your on-premises machine

Step 1: Configure an AccessKey pair and the region of the central Simple Log Service project

# alicloud AK
export ALICLOUD_ACCESS_KEY="AccessKey ID"
export ALICLOUD_SECRET_KEY="AccessKey Secret"
# Region ID
export ALICLOUD_REGION="cn-shanghai"

Parameter	Description
ALICLOUD_ACCESS_KEY	The AccessKey ID of the Alibaba Cloud account. For more information, see AccessKey pair. Important We recommend that you use the AccessKey ID and AccessKey secret of a RAM user. This helps reduce security risks that are caused by AccessKey pair leaks.
ALICLOUD_SECRET_KEY	The AccessKey secret of the Alibaba Cloud account. For more information, see AccessKey pair.
ALICLOUD_REGION	The region where the Simple Log Service project resides. For more information, see Supported regions.

Step 2: Create a Simple Log Service project

Run the following command to create a Terraform working directory named sls:
```
mkdir sls
```
Run the following command to switch to the sls directory:
```
cd sls
```
Run the following command to create a file named terraform.tf in the sls directory:
```
touch terraform.tf
```

Add the following content to the terraform.tf file:

resource "alicloud_log_project" "project_example" {
  project_name = "terraform-example"
  description = "terraform-example"
}

alicloud_log_project indicates the resource type. The following table describes other parameters. For more information about all parameters related to a project, see Terraform-Alicloud Log Project.

Parameter	Required	Description
project_example	Yes	The name of the resource.
project_name	Yes	The name of the Simple Log Service project. The name must be unique.
description	No	The description of the project.

Press the Esc key to exit the insert mode and enter :wq to save and close the file.
Run the following command in the sls directory to initialize the directory:
```
terraform init
```
If the following output is returned, the initialization is successful:
```
Terraform has been successfully initialized!
```

Run the following command in the sls directory to create a Simple Log Service project:

terraform apply

If the following output is returned, the project is created:

alicloud_log_project.project_example: Creating...
alicloud_log_project.project_example: Creation complete after 2s [id=terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 3: Create a Logstore

Add the following content to the terraform.tf file:

resource "alicloud_log_store" "logstore_example" {
  project_name = alicloud_log_project.project_example.project_name
  logstore_name = "logstore_example"
  retention_period = 3
}

alicloud_log_store indicates the resource type. The following table describes other parameters. For more information about all parameters related to a Logstore, see Terraform-Alicloud Log Store.

Parameter	Required	Description
logstore_example	Yes	The name of the resource.
project_name	Yes	The name of the project to which the Logstore belongs. In this example, the value of the project_name parameter that is specified for the project_example resource of the alicloud_log_project type is used.
logstore_name	Yes	The name of the Logstore.
retention_period	No	The data retention period. Unit: days. Default value: 30.

Run the following command in the sls directory to create a Logstore:

terraform apply

If the following output is returned, the Logstore is created:

alicloud_log_project.project_example: Creating...
alicloud_log_project.project_example: Creation complete after 2s [id=terraform-example]
alicloud_log_store.logstore_example: Creating...
alicloud_log_store.logstore_example: Creation complete after 1s [id=terraform-example:logstore_example]

Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.

Step 4: Create a Logtail configuration

Add the following content to the terraform.tf file:

resource "alicloud_logtail_config" "config_test" {
  project     = alicloud_log_store.logstore_example.project_name
  logstore    = alicloud_log_store.logstore_example.logstore_name
  name        = "config-sample"
  input_type  = "file"
  output_type = "LogService"
  input_detail = jsonencode(
  	{
		"logPath": "/logPath",
		"filePattern": "access.log",
		"logType": "json_log",
		"topicFormat": "default",
		"discardUnmatch": false,
		"enableRawLog": true,
		"fileEncoding": "gbk",
		"maxDepth": 10
	}
  )
}

Parameter	Required	Description
config_test	Yes	The name of the resource.
project	Yes	The name of the project to which the Logtail configuration belongs.
logstore	Yes	The name of the Logstore to which the Logtail configuration belongs.
name	Yes	The name of the Logtail configuration. The name must be unique in the project to which the Logtail configuration belongs. After the Logtail configuration is created, you cannot change the name of the Logtail configuration. The name must meet the following requirements: The name can contain only lowercase letters, digits, hyphens (-), and underscores (_). The name must start and end with a lowercase letter or a digit. The name must be 2 to 128 characters in length.
input_type	Yes	The collection method of logs. Valid values: plugin: Logs are collected by using Logtail plug-ins. file: Text logs are collected by using existing modes, including the full regex mode and delimiter mode.
output_type	Yes	The destination to which the collected logs are uploaded. Set the value to LogService. Collected logs can be uploaded to only Simple Log Service.
input_detail	Yes	The configuration of the data source. For more information, see Logtail configurations.

Run the following command in the sls directory to create a Logtail configuration:

terraform apply

If the following output is returned, the Logtail configuration is created:

alicloud_logtail_config.config_test: Creating...
alicloud_logtail_config.config_test: Creation complete after 0s [id=terraform-example-yangfei:logstore_example:config-sample]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 5: Create a machine group

Add the following content to the terraform.tf file:

resource "alicloud_log_machine_group" "machine_group_example" {
  project     = alicloud_log_store.logstore_example.project_name
  name          = "terraform-example"
  identify_type = "ip"
  topic         = "terraform"
  identify_list = ["10.0.0.1", "10.0.0.2"]
}

Parameter	Required	Description
machine_group_example	Yes	The name of the resource. You can specify a custom name.
project	Yes	The name of the project to which the machine group belongs.
name	Yes	The name of the machine group. The name must be unique in a project.
identify_type	No	The type of the machine group identifier. Valid values: IP and userdefined. Default value: IP.
topic	No	The topic of the machine group. This parameter is empty by default.
identify_list	Yes	The list of machine group identifiers. The value can be IP addresses or custom identifiers.

Run the following command in the sls directory to create a machine group:

terraform apply

If the following output is returned, the machine group is created:

alicloud_log_machine_group.machine_group_example: Creating...
alicloud_log_machine_group.machine_group_example: Creation complete after 0s [id=terraform-example:terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Step 6: Apply the Logtail configuration to the machine group

Add the following content to the terraform.tf file:

resource "alicloud_logtail_attachment" "example" {
  project     = alicloud_log_store.logstore_example.project_name
  logtail_config_name = alicloud_logtail_config.config_test.name
  machine_group_name  = alicloud_log_machine_group.machine_group_example.name
}

Parameter	Required	Description
example	Yes	The name of the resource. You can specify a custom name.
project	Yes	The name of the project.
logtail_config_name	Yes	The name of the Logtail configuration.
machine_group_name	Yes	The name of the machine group.

Run the following command in the sls directory to apply the Logtail configuration to the machine group:

terraform apply

If the following output is returned, the Logtail configuration is applied to the machine group:

alicloud_logtail_attachment.example: Creating...
alicloud_logtail_attachment.example: Creation complete after 0s [id=terraform-example:config-sample:terraform-example]

Apply complete!  Resources: 1 added, 0 changed, 0 destroyed.

Use Terraform in ROS

Terraform is an open source tool for automated resource orchestration. Resource Orchestration Service (ROS) allows you to manage resources by using Terraform. You can create Terraform templates and stacks to orchestrate Alibaba Cloud, Amazon Web Services (AWS), and Microsoft Azure resources. Terraform is compatible with the ROS API. You can call ROS API operations after you create a Terraform template.

Log on to the Resource Orchestration Service (ROS) console.
In the left-side navigation pane, choose Templates > My Templates. On the My Templates page, click Create Template.

Create a Terraform template. Set the Template Type parameter to Terraform Template, enter the following content in the template, and then click Save Template in the lower part of the page. For more information about the parameters of Terraform templates, see the Use Terraform on your on-premises machine tab in this topic.

Terraform template

resource "alicloud_log_project" "project_example" {
  project_name = "terraform-example"
  description = "terraform-example"
}

resource "alicloud_log_store" "logstore_example" {
  project_name = alicloud_log_project.project_example.project_name
  logstore_name = "logstore_example"
  retention_period = 3
}

resource "alicloud_logtail_config" "config_test" {
  project     = alicloud_log_store.logstore_example.project_name
  logstore    = alicloud_log_store.logstore_example.logstore_name
  name        = "config-sample"
  input_type  = "file"
  output_type = "LogService"
  input_detail = jsonencode(
  	{
		"logPath": "/logPath",
		"filePattern": "access.log",
		"logType": "json_log",
		"topicFormat": "default",
		"discardUnmatch": false,
		"enableRawLog": true,
		"fileEncoding": "gbk",
		"maxDepth": 10
	}
  )
}
resource "alicloud_log_machine_group" "machine_group_example" {
  project     = alicloud_log_store.logstore_example.project_name
  name          = "terraform-example"
  identify_type = "ip"
  topic         = "terraform"
  identify_list = ["10.0.0.1", "10.0.0.2"]
}

resource "alicloud_logtail_attachment" "example" {
  project     = alicloud_log_store.logstore_example.project_name
  logtail_config_name = alicloud_logtail_config.config_test.name
  machine_group_name  = alicloud_log_machine_group.machine_group_example.name
}

On the Stacks page, click Create Stack and select Use Terraform from the drop-down list.
On the Create Stack page, set the Specify Template parameter to Select an Existing Template, set the Template Import Method parameter to My Templates, and then select the created template from the My Templates drop-down list. Then, complete the configuration wizard.

Complete configuration template

Terraform template

resource "alicloud_log_project" "project_example" {
  project_name = "terraform-example"
  description = "terraform-example"
}

resource "alicloud_log_store" "logstore_example" {
  project_name = alicloud_log_project.project_example.project_name
  logstore_name = "logstore_example"
  retention_period = 3
}

resource "alicloud_logtail_config" "config_test" {
  project     = alicloud_log_store.logstore_example.project_name
  logstore    = alicloud_log_store.logstore_example.logstore_name
  name        = "config-sample"
  input_type  = "file"
  output_type = "LogService"
  input_detail = jsonencode(
  	{
		"logPath": "/logPath",
		"filePattern": "access.log",
		"logType": "json_log",
		"topicFormat": "default",
		"discardUnmatch": false,
		"enableRawLog": true,
		"fileEncoding": "gbk",
		"maxDepth": 10
	}
  )
}
resource "alicloud_log_machine_group" "machine_group_example" {
  project     = alicloud_log_store.logstore_example.project_name
  name          = "terraform-example"
  identify_type = "ip"
  topic         = "terraform"
  identify_list = ["10.0.0.1", "10.0.0.2"]
}

resource "alicloud_logtail_attachment" "example" {
  project     = alicloud_log_store.logstore_example.project_name
  logtail_config_name = alicloud_logtail_config.config_test.name
  machine_group_name  = alicloud_log_machine_group.machine_group_example.name
}

Terraform-based operation result

Project, Logstore, and Logtail configuration that are created

Logtail configuration

Machine group configuration

What to do next

Update the Terraform directory

terraform init --upgrade

Import an existing Logtail configuration

If resources such as a project and a Logstore are created in Simple Log Service, you can run the terraform import commands to import an existing Logtail configuration and related resources after you configure the terraform.tf file on your on-premises machine.

terraform import alicloud_log_project.project_example terraform-example
terraform import alicloud_log_store.logstore_example terraform-example:logstore_example
terraform import alicloud_logtail_config.config_test terraform-example:logstore_example:config-sample
terraform import alicloud_log_machine_group.machine_group_example terraform-example:terraform-example
terraform import alicloud_logtail_attachment.example terraform-example:config-sample:terraform-example

After you run the commands, you can view the content of the terraform.tfstate file in the Terraform directory. The terraform.tfstate file contains the imported Logtail configuration.

Important

If you want to migrate the Logtail configuration to the terraform.tf file, you must manually copy the Logtail configuration and adjust the format of the configuration to meet the format requirements of the terraform.tf file.

If you already run the terraform apply or terraform import command in the Terraform directory, the terraform import command may fail to be run again. In this case, you must delete the terraform.tfstate file from the Terraform directory and run the terraform import command again.

View the current Logtail configuration

terraform show

View the differences between the content of the terraform.tf file and the Logtail configuration that is applied

terraform plan

FAQ

Why does an unexpected mismatch occur?

If you run the terraform plan or terraform apply command, an unexpected mismatch may occur. For example, a mismatch occurs when the discardUnmatch parameter is not modified.

In this case, we recommend that you upgrade registry.terraform.io/hashicorp/alicloud to 1.219.0 or later. After the upgrade, you can apply your Logtail configuration by using the terraform apply command. Then, the issue is resolved.

References

Logtail configurations
How to use Terraform
- Use Terraform in Cloud Shell
- Install and configure Terraform in the local PC
How to configure parameters in Terraform