how to use terraform to automatically create a trail - ActionTrail

ActionTrail lets you create a trail to continuously deliver events to Simple Log Service or Object Storage Service (OSS). You can use Terraform to automatically create a trail.

Prerequisites

Before you run the Terraform program, ensure that the following Alibaba Cloud services are enabled:

Note

You are charged for the usage of a Simple Log Service or OSS resource when the free quota is exhausted. For more information, see Billable items and Billing.

Background information

Terraform is an open source tool for automated resource orchestration. Terraform can help you automatically create, configure, and manage cloud resources. You can create a trail using a Terraform template. For more information, see Alibaba Cloud Provider.

Create a trail

You can create a trail using Terraform to deliver events to Simple Log Service, OSS, or both. For more information about how to select a storage service, see Deliver events to specified Alibaba Cloud services.

Scenario 1: Deliver events only to Simple Log Service

To create a trail to deliver events to Simple Log Service, you need to only deploy programs that are related to Simple Log Service in Cloud Shell. Then, the system can automatically create the trail.

Create an ActionTrail trail using Terraform.
In the dialog box that appears, click OK to clone code to Cloud Shell.
In the upper-right corner, click the editor icon. In the navigation pane on the left of the editor, choose tutorial-actiontrail-createdby-terraform > trail-sls > variables.tf.
Specify a value for the default field of each parameter in the variables.tf file. The following list describes the parameters.
- region: the region where the resources reside.
- trail_name: the name of the trail.
- sls_project_name: the name of the Simple Log Service project to which the trail delivers events. Note: Make sure that the name of the project is unique.
- account_id: the Alibaba Cloud account.
Click the icon.
Run the following command to go to the directory of the Terraform template that you want to use to create a trail:
```
cd ~/tutorial-actiontrail-createdby-terraform/trail-sls
```
Run the following command to load the Alibaba Cloud provider for Terraform:
```
terraform init
```

Run the following command to create a trail:

terraform apply

If the "Resources: X added" message is returned, the trail is created. In the message, X indicates the number of added resources. Example:

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

sls_project_id = [
 [
 "tutorial-terraform-actiontrail",
 ],
]
trail_id = [
 [
 "tutorial-actiontrail",
 ],
]

Scenario 2: Deliver events only to OSS

To create a trail to deliver events to OSS, you need to only deploy programs that are related to OSS in Cloud Shell. Then, the system can automatically create the trail.

For more information, see Create an ActionTrail trail using Terraform.
In the dialog box that appears, click OK to clone code to Cloud Shell.
In the upper-right corner, click the editor icon. In the navigation pane on the left of the editor, choose tutorial-actiontrail-createdby-terraform > trail-oss > variables.tf.
Set the default value for each parameter in the variables.tf file.
- region: the region where the resources reside.
- trail_name: the name of the trail.
- oss_bucket_name: the name of the OSS bucket to which the trail delivers events. Note: Make sure that the name of the bucket is unique.
- account_id: the Alibaba Cloud account.
Click the icon.
Run the following command to go to the directory of the Terraform template that you want to use to create a trail:
```
cd ~/tutorial-actiontrail-createdby-terraform/trail-oss
```
Run the following command to load the Alibaba Cloud provider for Terraform:
```
terraform init
```

Run the following command to create a trail:

terraform apply

If the "Resources: X added" message is returned, the trail is created. In the message, X indicates the number of added resources. Example:

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Outputs:

oss_bucket_id = [
 [
 "tutorial-terraform-actiontrail",
 ],
]
trail_id = [
 [
 "tutorial-actiontrail",
 ],
]

Scenario 3: Deliver events to Simple Log Service and OSS

To create a trail to deliver events to both Simple Log Service and OSS, you need to only deploy programs that are related to Simple Log Service and OSS in Cloud Shell. Then, the system can automatically create the trail.

Go to Create an ActionTrail trail using Terraform.
In the dialog box that appears, click OK to clone code to Cloud Shell.
In the upper-right corner, click the editor icon. In the navigation pane on the left of the editor, choose tutorial-actiontrail-createdby-terraform > trail > variables.tf.
In the variables.tf file, set the default value for each parameter.
- region: the region where the resources reside.
- trail_name: the name of the trail.
- oss_bucket_name: the name of the OSS bucket to which the trail delivers events. Note: Make sure that the name of the bucket is unique.
- sls_project_name: the name of the Simple Log Service project to which the trail delivers events. Note: Make sure that the name of the project is unique.
- account_id: the Alibaba Cloud account.
Click the icon.
Run the following command to go to the directory of the Terraform template that you want to use to create a trail:
```
cd ~/tutorial-actiontrail-createdby-terraform/trail
```
Run the following command to load the Alibaba Cloud provider for Terraform:
```
terraform init
```

Run the following command to create a trail:

terraform apply

If the "Resources: X added" message is returned, the trail is created. In the message, X indicates the number of added resources. Example:

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

oss_bucket_id = [
 [
 "tutorial-terraform-actiontrail",
 ],
]
sls_project_id = [
 [
 "tutorial-terraform-actiontrail",
 ],
]
trail_id = [
 [
 "tutorial-actiontrail",
 ],
]

(Optional) Delete resources

You can use different methods to delete resources based on the scenario. This action disables the automatic trail delivery program.

Scenario 1: Delete resources for a trail that delivers events only to Simple Log Service

To delete the resources of a trail that delivers events to Simple Log Service, you need to run only the deletion command.

Run the following command to delete all resources created by the program. After the resources are deleted, the automatic event delivery program becomes invalid.

terraform destroy

If the message "Resources: X destroyed" is returned, the resources are deleted. X represents the number of deleted resources. The following is a sample output:

Destroy complete! Resources: 3 destroyed.

Scenario 2: Delete only OSS and trail resources

To delete resources for a trail that delivers events to OSS, you must disable the trail, delete all objects from the OSS bucket, and then run the deletion command.

Run the following command to disable the trail:
```
aliyun actiontrail StopLogging --region cn-hangzhou --Name your_trail_name
```
Note
Replace your_trail_name with the name of the trail. In this example, tutorial-actiontrail is used.
Wait for 1 to 2 minutes and run the following command to delete all objects from the OSS bucket:
```
aliyun oss rm oss://your_bucket_name -r --region cn-hangzhou
```
Note
Replace your_bucket_name with the name of the OSS bucket. In this example, tutorial-terraform-actiontrail is used.
Run the following command to delete all resources that are created in the programs. After the resources are deleted, the programs that are deployed to deliver events become invalid.
```
terraform destroy
```
If the "Resources: X destroyed" message is returned, the resources are deleted. In the message, X indicates the number of deleted resources. Example:
```
Destroy complete! Resources: 2 destroyed.
```

Scenario 3: Delete resources for a trail that delivers events to both Simple Log Service and OSS

To delete resources for a trail that delivers events to both Simple Log Service and OSS, you must disable the trail, delete all objects from the OSS bucket, and then run the deletion command.

Run the following command to disable the trail:
```
aliyun actiontrail StopLogging --region cn-hangzhou --Name your_trail_name
```
Note
Replace your_trail_name with the name of the trail. In this example, tutorial-actiontrail is used.
Wait for 1 to 2 minutes and run the following command to delete all objects from the OSS bucket:
```
aliyun oss rm oss://your_bucket_name -r --region cn-hangzhou
```
Note
Replace your_bucket_name with the name of the OSS bucket. In this example, tutorial-terraform-actiontrail is used.
Run the following command to delete all resources that are created in the programs. After the resources are deleted, the programs that are deployed to deliver events become invalid.
```
terraform destroy
```
If the "Resources: X destroyed" message is returned, the resources are deleted. In the message, X indicates the number of deleted resources. Example:
```
Destroy complete! Resources: 3 destroyed.
```

Terraform template parameters

When you modify the code in Terraform, you can modify the Terraform template based on the parameters that are described in the following table. For example, you can set the event_rw parameter to Write to track only write events.

Parameter	Note:
trail_name	Trail name The name must be 6 to 36 characters in length. The name must start with a lowercase letter and can contain lowercase letters, digits, hyphens (-), and underscores (_). Note The name must be unique within your Alibaba Cloud account.
event_rw	The type of the events that you want to deliver. Valid values: Read: read events. A read event occurs when information about cloud resources is read. Write: write events. A write event occurs when cloud resources are added, deleted, or modified. All: Shows all events.
oss_bucket_name	The name of the OSS bucket. Note You must specify oss_bucket_name, sls_project_arn, or both.
oss_key_prefix	The prefix of an event log file in the OSS bucket. By default, this parameter is left empty.
role_name	The name of the RAM role that ActionTrail can assume. ActionTrail assumes this role to deliver events to your storage service. Default value: aliyunserviceroleforactiontrail. If this role does not exist, the system automatically creates a role. For more information, see Manage a service-linked role.
sls_project_arn	The Alibaba Cloud Resource Name (ARN) of the Simple Log Service project. The format is `acs:log:<region_id>:<account_id>:project/<project_name>`. Note You must specify oss_bucket_name, sls_project_arn, or both.
sls_write_role_arn	The ARN of the Simple Log Service role. ActionTrail assumes this role to write management events to the corresponding SLS Logstore. The format is `acs:ram::<account_id>:role/<role_name>`. By default, the service-linked role is used.
trail_region	The region to which the trail is applied. Default value: All. By default, the trail can track events in all regions. You can also specify a region ID. To specify multiple region IDs, separate them with commas (,), for example, `cn-beijing,cn-hangzhou`.
mns_topic_arn	The ARN of the Message Service (MNS) topic. If you specify this parameter, ActionTrail sends a message to the MNS topic after the trail delivers events to OSS.
status	The status of the trail. Valid values: Enable: enables the trail. This is the default value. Disable: Disables the trail.