terraform-ibm-modules · jor2 · Nov 28, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024
@@ -197,6 +197,7 @@ No resources.
 | <a name="input_cloud_monitoring_tags"></a> [cloud\_monitoring\_tags](#input\_cloud\_monitoring\_tags) | Tags associated with the IBM Cloud Monitoring instance (Optional, array of strings). | `list(string)` | `[]` | no |
 | <a name="input_enable_platform_logs"></a> [enable\_platform\_logs](#input\_enable\_platform\_logs) | Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. To send platform logs from other regions, you can explicitially specify a list of regions using the `logs_routing_tenant_regions` input. NOTE: You can only have 1 tenant per region in an account. | `bool` | `true` | no |
 | <a name="input_enable_platform_metrics"></a> [enable\_platform\_metrics](#input\_enable\_platform\_metrics) | Receive platform metrics in the provisioned IBM Cloud Monitoring instance. | `bool` | `true` | no |
+| <a name="input_existing_cl_instance"></a> [existing\_cl\_instance](#input\_existing\_cl\_instance) | (Optional) CRN of existing cloud logs instance. Set `cloud_logs_provision` to false if you wish to pass an existing cloud logs instance. | `string` | `null` | no |
 | <a name="input_global_event_routing_settings"></a> [global\_event\_routing\_settings](#input\_global\_event\_routing\_settings) | Global settings for event routing | <pre>object({<br/>    default_targets           = optional(list(string), [])<br/>    metadata_region_primary   = string<br/>    metadata_region_backup    = optional(string)<br/>    permitted_target_regions  = list(string)<br/>    private_api_endpoint_only = optional(bool, false)<br/>  })</pre> | `null` | no |
 | <a name="input_logs_routing_tenant_regions"></a> [logs\_routing\_tenant\_regions](#input\_logs\_routing\_tenant\_regions) | Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants. | `list(any)` | `[]` | no |
 | <a name="input_metrics_router_routes"></a> [metrics\_router\_routes](#input\_metrics\_router\_routes) | List of routes for IBM Metrics Router. | <pre>list(object({<br/>    name = string<br/>    rules = list(object({<br/>      action = optional(string, "send")<br/>      targets = optional(list(object({<br/>        id = string<br/>      })))<br/>      inclusion_filters = list(object({<br/>        operand  = string<br/>        operator = string<br/>        values   = list(string)<br/>      }))<br/>    }))<br/>  }))</pre> | `[]` | no |

@@ -45,10 +45,11 @@ module "cloud_monitoring" {
 
 # IBM Cloud Logs
 module "cloud_logs" {
-  count                         = var.cloud_logs_provision ? 1 : 0
+  count                         = var.cloud_logs_provision || var.existing_cl_instance != null ? 1 : 0
   source                        = "./modules/cloud_logs"
   region                        = var.region
   resource_group_id             = var.resource_group_id
+  existing_cl_instance          = var.existing_cl_instance
   instance_name                 = var.cloud_logs_instance_name
   plan                          = var.cloud_logs_plan
   resource_tags                 = var.cloud_logs_tags

@@ -95,6 +95,7 @@ You need the following permissions to run this module.
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_cloud_logs_crn_parser"></a> [cloud\_logs\_crn\_parser](#module\_cloud\_logs\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
 | <a name="module_cos_bucket_crn_parser"></a> [cos\_bucket\_crn\_parser](#module\_cos\_bucket\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
 
 ### Resources
@@ -112,6 +113,7 @@ You need the following permissions to run this module.
 | [random_string.random_tenant_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [time_sleep.wait_for_cos_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [time_sleep.wait_for_en_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [ibm_resource_instance.cloud_logs_instance](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/resource_instance) | data source |
 
 ### Inputs
 
@@ -120,6 +122,7 @@ You need the following permissions to run this module.
 | <a name="input_access_tags"></a> [access\_tags](#input\_access\_tags) | A list of access tags to apply to the IBM Cloud Logs instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no |
 | <a name="input_data_storage"></a> [data\_storage](#input\_data\_storage) | A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting. | <pre>object({<br/>    logs_data = optional(object({<br/>      enabled              = optional(bool, false)<br/>      bucket_crn           = optional(string)<br/>      bucket_endpoint      = optional(string)<br/>      skip_cos_auth_policy = optional(bool, false)<br/>    }), {})<br/>    metrics_data = optional(object({<br/>      enabled              = optional(bool, false)<br/>      bucket_crn           = optional(string)<br/>      bucket_endpoint      = optional(string)<br/>      skip_cos_auth_policy = optional(bool, false)<br/>    }), {})<br/>    }<br/>  )</pre> | <pre>{<br/>  "logs_data": null,<br/>  "metrics_data": null<br/>}</pre> | no |
 | <a name="input_enable_platform_logs"></a> [enable\_platform\_logs](#input\_enable\_platform\_logs) | Setting this to true will create a tenant in the same region that the Cloud Logs instance is provisioned to enable platform logs for that region. To send platform logs from other regions, you can explicitially specify a list of regions using the `logs_routing_tenant_regions` input. NOTE: You can only have 1 tenant per region in an account. | `bool` | `true` | no |
+| <a name="input_existing_cl_instance"></a> [existing\_cl\_instance](#input\_existing\_cl\_instance) | (Optional) CRN of existing cloud logs instance. Set `cloud_logs_provision` to false if you wish to pass an existing cloud logs instance. | `string` | `null` | no |
 | <a name="input_existing_en_instances"></a> [existing\_en\_instances](#input\_existing\_en\_instances) | List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs. | <pre>list(object({<br/>    en_instance_id      = string<br/>    en_region           = string<br/>    en_integration_name = optional(string)<br/>    skip_en_auth_policy = optional(bool, false)<br/>  }))</pre> | `[]` | no |
 | <a name="input_instance_name"></a> [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Logs instance to create. Defaults to 'cloud-logs-<region>' | `string` | `null` | no |
 | <a name="input_logs_routing_tenant_regions"></a> [logs\_routing\_tenant\_regions](#input\_logs\_routing\_tenant\_regions) | Pass a list of regions to create a tenant for that is targetted to the Cloud Logs instance created by this module. To manage platform logs that are generated by IBM Cloud® services in a region of IBM Cloud, you must create a tenant in each region that you operate. Leave the list empty if you don't want to create any tenants. NOTE: You can only have 1 tenant per region in an account. | `list(any)` | `[]` | no |

@@ -1,10 +1,21 @@
 locals {
-  instance_name = var.instance_name != null ? var.instance_name : "cloud-logs-${var.region}"
+  instance_name  = var.instance_name != null ? var.instance_name : "cloud-logs-${var.region}"
+  cloud_logs_crn = var.existing_cl_instance != null ? var.existing_cl_instance : ibm_resource_instance.cloud_logs[0].crn
 }
 
+module "cloud_logs_crn_parser" {
+  source  = "terraform-ibm-modules/common-utilities/ibm//modules/crn-parser"
+  version = "1.1.0"
+  crn     = local.cloud_logs_crn
+}
+
+data "ibm_resource_instance" "cloud_logs_instance" {
+  identifier = module.cloud_logs_crn_parser.service_instance
+}
 
 # Cloud Logs
 resource "ibm_resource_instance" "cloud_logs" {
+  count             = var.existing_cl_instance != null ? 0 : 1
   depends_on        = [time_sleep.wait_for_cos_authorization_policy]
   name              = local.instance_name
   resource_group_id = var.resource_group_id
@@ -24,7 +35,7 @@ resource "ibm_resource_instance" "cloud_logs" {
 
 resource "ibm_resource_tag" "cloud_logs_tag" {
   count       = length(var.access_tags) == 0 ? 0 : 1
-  resource_id = ibm_resource_instance.cloud_logs.crn
+  resource_id = local.cloud_logs_crn
   tags        = var.access_tags
   tag_type    = "access"
 }
@@ -94,7 +105,7 @@ resource "time_sleep" "wait_for_cos_authorization_policy" {
 resource "ibm_iam_authorization_policy" "en_policy" {
   for_each                    = { for idx, en in var.existing_en_instances : idx => en if !en.skip_en_auth_policy }
   source_service_name         = "logs"
-  source_resource_instance_id = ibm_resource_instance.cloud_logs.guid
+  source_resource_instance_id = module.cloud_logs_crn_parser.service_instance
   target_service_name         = "event-notifications"
   target_resource_instance_id = each.value.en_instance_id
   roles                       = ["Event Source Manager", "Viewer"]
@@ -109,7 +120,7 @@ resource "time_sleep" "wait_for_en_authorization_policy" {
 resource "ibm_logs_outgoing_webhook" "en_integration" {
   depends_on  = [time_sleep.wait_for_en_authorization_policy]
   for_each    = { for idx, en in var.existing_en_instances : idx => en }
-  instance_id = ibm_resource_instance.cloud_logs.guid
+  instance_id = module.cloud_logs_crn_parser.service_instance
   region      = var.region
   name        = each.value.en_integration_name == null ? "${local.instance_name}-en-integration-${each.key}" : each.value.en_integration_name
   type        = "ibm_event_notifications"
@@ -129,7 +140,7 @@ resource "ibm_iam_authorization_policy" "logs_routing_policy" {
   count               = !var.skip_logs_routing_auth_policy ? 1 : 0
   source_service_name = "logs-router"
   roles               = ["Sender"]
-  description         = "Allow Logs Routing `Sender` access to the IBM Cloud Logs with ID ${ibm_resource_instance.cloud_logs.guid}."
+  description         = "Allow Logs Routing `Sender` access to the IBM Cloud Logs with ID ${module.cloud_logs_crn_parser.service_instance}."
 
   resource_attributes {
     name     = "serviceName"
@@ -140,13 +151,13 @@ resource "ibm_iam_authorization_policy" "logs_routing_policy" {
   resource_attributes {
     name     = "accountId"
     operator = "stringEquals"
-    value    = ibm_resource_instance.cloud_logs.account_id
+    value    = module.cloud_logs_crn_parser.account_id
   }
 
   resource_attributes {
     name     = "serviceInstance"
     operator = "stringEquals"
-    value    = ibm_resource_instance.cloud_logs.guid
+    value    = module.cloud_logs_crn_parser.service_instance
   }
 }
 
@@ -169,10 +180,14 @@ resource "ibm_logs_router_tenant" "logs_router_tenant_instances" {
   name     = "${each.key}-${random_string.random_tenant_suffix.result}"
   region   = each.key
   targets {
+    log_sink_crn = local.cloud_logs_crn
+    name         = local.instance_name
+
+
     log_sink_crn = ibm_resource_instance.cloud_logs.crn
     name         = local.logs_routing_tenant_target_name
     parameters {
-      host = ibm_resource_instance.cloud_logs.extensions.external_ingress
+      host = data.ibm_resource_instance.cloud_logs_instance.extensions.external_ingress
       port = 443
     }
   }
@@ -187,9 +202,9 @@ resource "ibm_logs_policy" "logs_policies" {
     for policy in var.policies :
     policy.logs_policy_name => policy
   }
-  instance_id   = ibm_resource_instance.cloud_logs.guid
-  region        = ibm_resource_instance.cloud_logs.location
-  endpoint_type = ibm_resource_instance.cloud_logs.service_endpoints
+  instance_id   = module.cloud_logs_crn_parser.service_instance
+  region        = module.cloud_logs_crn_parser.region
+  endpoint_type = module.cloud_logs_crn_parser.ctype == "public" ? "public-and-private" : "private"
   name          = each.value.logs_policy_name
   description   = each.value.logs_policy_description
   priority      = each.value.logs_policy_priority

@@ -1,30 +1,30 @@
 output "crn" {
-  value       = ibm_resource_instance.cloud_logs.id
+  value       = data.ibm_resource_instance.cloud_logs_instance.id
   description = "The id of the provisioned Cloud Logs instance."
 }
 
 output "guid" {
-  value       = ibm_resource_instance.cloud_logs.guid
+  value       = data.ibm_resource_instance.cloud_logs_instance.guid
   description = "The guid of the provisioned Cloud Logs instance."
 }
 
 output "name" {
-  value       = ibm_resource_instance.cloud_logs.name
+  value       = data.ibm_resource_instance.cloud_logs_instance.name
   description = "The name of the provisioned Cloud Logs instance."
 }
 
 output "resource_group_id" {
-  value       = ibm_resource_instance.cloud_logs.resource_group_id
+  value       = data.ibm_resource_instance.cloud_logs_instance.resource_group_id
   description = "The resource group where Cloud Logs instance resides."
 }
 
 output "ingress_endpoint" {
-  value       = ibm_resource_instance.cloud_logs.extensions.external_ingress
+  value       = data.ibm_resource_instance.cloud_logs_instance.extensions.external_ingress
   description = "The public ingress endpoint of the provisioned Cloud Logs instance."
 }
 
 output "ingress_private_endpoint" {
-  value       = ibm_resource_instance.cloud_logs.extensions.external_ingress_private
+  value       = data.ibm_resource_instance.cloud_logs_instance.extensions.external_ingress_private
   description = "The private ingress endpoint of the provisioned Cloud Logs instance."
 }
 

@@ -10,6 +10,12 @@ variable "resource_group_id" {
   default     = null
 }
 
+variable "existing_cl_instance" {
+  type        = string
+  description = "(Optional) CRN of existing cloud logs instance. Set `cloud_logs_provision` to false if you wish to pass an existing cloud logs instance."
+  default     = null
+}
+
 variable "instance_name" {
   type        = string
   description = "The name of the IBM Cloud Logs instance to create. Defaults to 'cloud-logs-<region>'"

@@ -170,6 +170,12 @@ variable "cloud_logs_provision" {
   default     = true
 }
 
+variable "existing_cl_instance" {
+  type        = string
+  description = "(Optional) CRN of existing cloud logs instance. Set `cloud_logs_provision` to false if you wish to pass an existing cloud logs instance."
+  default     = null
+}
+
 variable "cloud_logs_instance_name" {
   type        = string
   description = "The name of the IBM Cloud Logs instance to create. Defaults to 'cloud_logs-<region>'"