Planning the account configuration
Plan the account's Activity Tracker Event Routing configuration to manage auditing events in the IBM Cloud account.
Step | Description | Link |
---|---|---|
1 | Location & Services Identify the locations where you can configure IBM Cloud Activity Tracker Event Routing to manage auditing events. Identify which services in those locations generate events that you can manage by using IBM Cloud Activity Tracker Event Routing. |
link |
2 | Metadata Decide the location in your IBM Cloud account where the IBM Cloud Activity Tracker Event Routing metadata account configuration metadata is stored. Take into account any corporate or industry compliance requirements such as Financial Services validated locations, or EU-managed regions. |
link |
3 | Endpoints Decide whether public endpoints, private endpoints, or both are allowed to manage the IBM Cloud Activity Tracker Event Routing configuration. |
link |
4 | Target locations Define the locations where an account administrator can configure targets to collect auditing events. You can choose any of the supported locations where IBM Cloud Activity Tracker Event Routing is available. |
link |
5 | Default targets Define 1 default target for each account to configure where auditing events that are not explicitly managed in the account's routing rules are routed. Consider defining a second default target for each account when you want to collect the data in a backup location or account. |
link |
6 | Number and location of targets Define the targets where you plan to collect auditing events based on your regulatory and corporate requirements. |
link |
7 | Routing rules Define the routing rules that indicate how to route events in your account. Decide if you want to drop the collection of auditing events in 1 or more regions. Check any compliance requirements to confirm that you can. |
link |
Locations and services
Check the regions where you operate and identify how you can manage those auditing events in the account:
- Identify the locations where you can configure IBM Cloud Activity Tracker to manage auditing events. Check Locations.
- Identify which services in those locations generate events that you can manage by using IBM Cloud Activity Tracker. Check Services generating events.
You can use Activity Tracker Event Routing to manage auditing events at the account-level. Activity Tracker Event Routing can only route events that are generated in supported regions. Other regions, where Activity Tracker Event Routing is not available, continue to manage events by using Activity Tracker.
Metadata location
Decide the location in your IBM Cloud account where the Activity Tracker Event Routing account configuration metadata is stored.
You can choose any of the supported locations where Activity Tracker Event Routing is available. For more information, see Locations.
Take into account any corporate or industry compliance requirements such as Financial Services Validated locations, or EU-managed regions.
If you do not configure a metadata location before you create a target, the location where the first target is created is automatically configured as the metadata location.
You can define a primary metadata location and a backup metadata location.
Endpoints allowed
You can use public endpoints, private endpoints or both to manage the Activity Tracker Event Routing account configuration.
Decide whether public endpoints, private endpoints, or both are allowed to manage the Activity Tracker Event Routing account configuration. For more information, see Enforcing private endpoints to configure Activity Tracker Event Routing resources.
Configure private endpoints and disable pub lic endpoints when you require to be Financial Services Validated.
Target locations
Define the locations where an account administrator can configure targets to collect auditing events. You can choose any of the supported locations where Activity Tracker Event Routing is available. For more information, see Locations.
To enforce target locations in the account, you can configure the account settings and specify the locations that are allowed. See Locations.
Take into account any corporate or industry compliance requirements such as Financial Services Validated locations, or EU-managed regions.
The location of a target definition must be a supported location where Activity Tracker Event Routing is available. The target can configure a resource in the same account where the events are located or in a different account. In addition, the resource can be located in any region where that type of resource is supported in IBM Cloud.
Default targets
You can define up to 2 default targets in the account.
- Each target collects auditing events that are not explicitly managed in the account's routing rules.
- Each target must be defined in the account before you can configure it as default one in the account.
- If you define more than 1 default target, all default targets get a copy of an auditing event that does not have a clearly defined routing rule to indicate where to route events in the account.
Define 1 default target per account to configure where auditing events that are not explicitly managed in the account's routing rules are routed. Consider defining a second default target per account when you want to collect the data in a backup location or account.
Number and location of targets
Define the targets where you plan to collect auditing events based on your regulatory and corporate requirements.
-
You can have 1 target per region to collect auditing events for that region. Use this option to reduce latency and network connectivity issues.
-
You can have 1 target to collect auditing events across the entire account.
-
You can define targets within the account or in a different account.
For more information, see Targets.
Routing rules in the account
Define the routing rules that indicate how to route events in your account.
-
Routes are global.
-
You can define up to 4 routes per account.
-
You can define 1 or more routes to configure how auditing events across all regions in your account are collected and stored in 1 or more targets.
-
For each route that you define, you can configure 4 rules. These rules are applied from the beginning to the end. When a rule is identified for a region, any follow up rules withing that route definition that apply to that region are not considered.
Decide if you want to drop the collection of auditing events in 1 or more regions. Check any compliance requirements to confirm that you can.
- To drop the collection of auditing events in 1 or more regions, you can configure a route for those regions with no targets defined.
For more information, see Routes.