Skip to content
This repository has been archived by the owner on Oct 14, 2019. It is now read-only.

Latest commit

 

History

History
235 lines (143 loc) · 13.7 KB

getting-started.md

File metadata and controls

235 lines (143 loc) · 13.7 KB
copyright lastupdated keywords subcollection
years
2016, 2019
2019-05-01
IBM Cloud, Activity Tracker, getting started
cloud-activity-tracker

{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:download: .download} {:important: .important} {:note: .note} {:deprecated: .deprecated}

Getting started tutorial

{: #getting-started}

The {{site.data.keyword.cloudaccesstrailfull}} service records user-initiated activities that change the state of a service in the {{site.data.keyword.cloud_notm}}. Learn how to use the {{site.data.keyword.cloudaccesstrailfull}} service to monitor a user's interaction with a Cloud service. {:shortdesc}

{{site.data.keyword.cloudaccesstrailfull}} is deprecated. As of 9 May 2019, you cannot provision new {{site.data.keyword.cloudaccesstrailshort}} instances. Existing premium plan instances are supported until 9 October 2019. To continue monitoring the activity of your {{site.data.keyword.cloud_notm}} account, provision an instance of the {{site.data.keyword.at_full}}. {: deprecated}

The following figure shows the different components and actions that occur when a user-initiated activity changes the state of a service:

Components and actions that occur when a user-initiated activity changes the state of a service

Note: This tutorial shows you how to get up and running to monitor Cloud activity in us-south.

Before you begin

{: #gs_prereqs}

  • Read about the {{site.data.keyword.cloudaccesstrailshort}} service. For more information, see About {{site.data.keyword.cloudaccesstrailshort}}.
  • Check the regions where the service is available. For more information, see Regions.
  • Get a user ID that is a member or an owner of an {{site.data.keyword.cloud_notm}} account. Register here External link icon{:new_window}

Step 1. Provision {{site.data.keyword.cloudaccesstrailshort}}

{: #gs_step1}

Consider the following information to choose where to provision an instance of the {{site.data.keyword.cloudaccesstrailshort}} service:

  • {{site.data.keyword.cloudaccesstrailshort}} collects events into domains. There is an account domain per region, and a space domain per Cloud Foundry (CF) space.

  • To monitor global account actions, you must provision an instance of the {{site.data.keyword.cloudaccesstrailshort}} service in a space in the us-south region. Some examples of global actions are provisioning an instance, changing a user's IAM policy, or inviting a user to the account.

  • To monitor events that are generated by a service that is provisioned in the context of a CF org and space, you must provision an instance of the {{site.data.keyword.cloudaccesstrailshort}} service in the same region and space where the service whose activity you want to monitor is provisioned.

  • To monitor events that are generated by a service that is provisioned in the context of a resource group, you must provision an instance of the {{site.data.keyword.cloudaccesstrailshort}} service in a space in the same region where the service whose activity you want to monitor is provisioned.

  • To provision an instance, your userID must have developer role in the space where you plan to provision the {{site.data.keyword.cloudaccesstrailshort}} service.

Complete the following steps to provision an instance of the {{site.data.keyword.cloudaccesstraillong_notm}} service in the {{site.data.keyword.cloud_notm}}:

  1. Log in to the {{site.data.keyword.cloud_notm}} External link icon{:new_window}.

    After you log in with your user ID and password, the {{site.data.keyword.cloud_notm}} UI opens.

  2. Click Catalog. The list of the services that are available on the {{site.data.keyword.cloud_notm}} opens.

  3. Select the Security and Identity category to filter the list of services that is displayed.

    Note: The service is also available through the Developer Tools category.

  4. Click the Activity Tracker tile.

  5. Configure the information that defines where the service is going to be provisioned.

    For example, to provision the service in the US South region, enter the data as indicated in the following table:

    Table 1. Fields that are required to provision the {{site.data.keyword.cloudaccesstrailshort}} service
    Field Value
    Select region to deploy in: US South
    Choose an organization: Select the organization where you plan to provision the {{site.data.keyword.cloudaccesstrailshort}} service.
    Choose a space: Select the space where you plan to provision the {{site.data.keyword.cloudaccesstrailshort}} service.

  6. Select a plan.

    By default, the Lite plan is selected.

    For more information, see Service plans.

  7. Click Create to provision an instance of the {{site.data.keyword.cloudaccesstrailshort}} service in the space where you are logged in.

Step 2. Grant users access to monitor events

{: #gs_step2}

To view events, you must have access permissions in the {{site.data.keyword.cloud_notm}}. Permissions vary depending on whether you want to view global account events, events for a service that is provisioned in the context of a resource group, or events for a service that is provisioned in the context of a CF org and space.

To monitor global account actions and to monitor a service that is provisioned in the context of a resource group, consider the following information:

  • You must have an IAM policy for the {{site.data.keyword.loganalysisshort}} service with reader role on the {{site.data.keyword.loganalysisshort}} service.
  • The account owner or an administrator of the {{site.data.keyword.loganalysisshort}} service can grant this policy.

To monitor a service that is provisioned in the context of a CF org and space, consider the following information:

  • You must have developer role for the space where you provisioned an instance of the {{site.data.keyword.cloudaccesstrailshort}} service.
  • The account owner, the organization manager, or the space manager can grant you the developer role for the space.

Note: To grant a user an IAM policy, you must be the account owner or an administrator of the {{site.data.keyword.loganalysisshort}} service.

Grant users access to monitor account domain events

{: #index_acc}

Complete the following steps to grant a user an IAM policy from the {{site.data.keyword.cloud_notm}} UI:

  1. Log in to the {{site.data.keyword.cloud_notm}} console External link icon{:new_window}.
  2. From the menu bar, click Manage > Security > Identity and Access, and then select Users.
  3. From the row for the user that you want to assign access, select the Actions menu, and then click Assign access.
  4. Select Assign access to resources.
  5. Select Log Analysis.
  6. Select All regions.
  7. Select All service instances.
  8. Select the service role Reader.
  9. Click Assign.

Grant users access to monitor space domain events

{: #gs_space}

To grant a user a developer role in a space from the {{site.data.keyword.cloud_notm}} UI, complete the following steps:

  1. Log in to the {{site.data.keyword.cloud_notm}} console.

    Open a web browser and launch the {{site.data.keyword.cloud_notm}} dashboard External link icon{:new_window}

    After you log in with your user ID and password, the {{site.data.keyword.cloud_notm}} UI opens.

  2. From the menu bar, click Manage > Security > Identity and Access, and then select Users.

  3. Select the user.

  4. Select Cloud Foundry access.

  5. Expand an organization.

    The spaces that are available in that organization are listed.

  6. From the action menu, select Edit organization role. Select the Auditor role for the Organization roles field. Then, click Save role.

  7. Select a space.

  8. From the action menu, select Edit space role. Select the Developer role for the Space roles field. Then, click Save role.

  9. Click Assign.

Step 3. Generate {{site.data.keyword.cloudaccesstrailshort}} events

{: #gs_step3}

After the {{site.data.keyword.cloudaccesstrailshort}} service is provisioned, events are collected automatically from selected Cloud services. To learn more about the services that you can monitor with {{site.data.keyword.cloudaccesstrailshort}}, including information on the actions that generate an {{site.data.keyword.cloudaccesstrailshort}} event, see Cloud services.

Note: For a user to generate {{site.data.keyword.BluVirtServers_short}} and {{site.data.keyword.baremetal_short}} {{site.data.keyword.cloudaccesstrailshort}} events, the user must have access to Infrastructure resources in the IBM Cloud Console. For more information, see Monitoring {{site.data.keyword.BluVirtServers_short}} and {{site.data.keyword.baremetal_short}} activity with {{site.data.keyword.cloudaccesstrailshort}}.

To learn how to generate events, complete the tutorial Monitoring {{site.data.keyword.keymanagementserviceshort}} activity with {{site.data.keyword.cloudaccesstrailshort}}.

Step 4. Viewing events

{: #gs_step4}

You can monitor {{site.data.keyword.cloudaccesstrailshort}} events in the {{site.data.keyword.cloud_notm}} UI. You can also upgrade your plan to the premium plan to monitor events through Kibana.

To monitor global account actions and to monitor a service that is provisioned in the context of a resource group, consider the following information:

  • Events are collected in an account domain.

    There is an account domain per region.

    Global account actions are collected in the us-south account domain.

    Events for a service are collected in the account domain of the region where an instance of this service is provisioned.

  • The account owner can view events either through the {{site.data.keyword.cloud_notm}} UI or in Kibana.

  • Other users can view only account domain events through Kibana.

To monitor a service that is provisioned in the context of a CF org and space, consider the following information:

  • Events are collected in a space domain.
  • Each CF space has an {{site.data.keyword.cloudaccesstrailshort}} space domain associated.
  • You can view events either through the {{site.data.keyword.cloud_notm}} UI or in Kibana.

The following table defines the {{site.data.keyword.cloudaccesstrailshort}} domain where you must monitor events:

Monitoring {{site.data.keyword.cloudaccesstrailshort}} domain
Global account actions Us-south account domain
Services that are provisioned in the context of a resource group Account domain
Services that are provisioned in the context of a CF org and space Space domain
{: caption="Table 1. {{site.data.keyword.cloudaccesstrailshort}} domains per event source" caption-side="top"}

To view events, you can choose one of the following options:

To view events that you generate by completing the steps in the tutorial, choose Navigating to the Activity Tracker dashboard to monitor cloud activity in the account. If you are not the account owner, upgrade the service plan, and check that you have the correct access permissions to view events.

Next steps

{: #gs_next_steps}

Use the {{site.data.keyword.cloudaccesstrailshort}} CLI to manage your events from the command line. For more information, see Managing events by using the Activity Tracker CLI.