Build Activity Tracker event routing configurations with COS archiving, filters, and security alerts.
Last verified: May 2026
Build Activity Tracker event routing configurations with COS archiving, event filters, and security alerts.
Required Fields
instanceNametargetOutput will appear here...The builder collects target configuration (COS bucket for archive, Log Analysis instance for real-time), event filters (include/exclude patterns), and routing rules. Filters use IBM Cloud's event filter syntax (eventName, resourceName, severity). Output is `ibm_atracker_target` and `ibm_atracker_route` Terraform resources defining the routing.
IBM Cloud Activity Tracker records management and data events from IBM Cloud services — IAM actions, resource creation/deletion, configuration changes — for security monitoring and audit. The Activity Tracker Config Builder generates event routing configurations including Cloud Object Storage archiving, Log Analysis delivery, and event filters that focus storage on the events that matter. Output is Terraform-ready.
An auditor asks for evidence that no IAM policies were modified outside change-management windows over the past year. Activity Tracker has the events, but they've rolled off the default retention. You configure Activity Tracker to archive all management events to COS with 7-year retention, set up a Log Analysis route for real-time alerting on IAM changes outside business hours, and over the next 12 months accumulate the audit trail you should have had from day one.
Always archive to COS for production accounts. Activity Tracker's in-service retention is too short for most compliance requirements, and the archive cost is small compared to the regulatory exposure of losing audit history.
Filter aggressively. A typical IBM Cloud account generates tens of millions of read events per month that have no security value. Filtering them out at the source saves both Activity Tracker storage cost and downstream SIEM ingestion cost.
Management events are control-plane operations: provisioning a VPC, attaching a policy, creating a key. Data events are data-plane operations: reading an object from Cloud Object Storage, querying a database. Management events are always recorded; data events for some services are optional because they're high-volume and most workloads don't need them in real time.
Events are retained in the service per the plan you choose (typically up to 90 days). For longer retention, archive to Cloud Object Storage — COS storage is dramatically cheaper than Activity Tracker storage for cold data, and you can keep events for years at compliance-tier cost.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.