Generating a Trusted Profile for ingestion
You can use a Trusted Profile (TP) to send logs from a compute resource in IBM Cloud to an IBM Cloud Logs instance by using the Logging agent.
Creating a Trusted Profile for ingestion
Complete the following steps to create a Trusted Profile:
-
In the IBM Cloud console, click Manage > Access (IAM) > Trusted profiles. Then, click Create profile.
-
Describe your profile by providing a name and a description. Then, click Continue.
-
Establish trust. Select the trusted profile entity type Compute resources.
-
Create a trust relationship.
Select a Compute service type.
In the Select compute resource section, click Specific resources> Add a resource. Then, choose your resource.
-
For a Kubernetes compute service type, you must choose the Kubernetes cluster where you plan to deploy the agent; enter ibm-observe as the namespace; and enter logs-agent as the service account.
-
For a Red Hat OpenShift on IBM Cloud compute service type, you must choose the OpenShift cluster where you plan to deploy the agent; enter ibm-observe as the namespace; and enter logs-agent as the service account.
-
For a Virtual Server for VPC compute service type, you must choose an instance.
Then, click Continue.
-
-
Assign access. Select Access policy.
The role that is required for sending logs to IBM Cloud Logs is
Sender
. For more information, see Setting up IAM permissions for ingestion.Make sure the user who grants the policy has the
Sender
role permissions.-
Select the service Cloud Logs. Then, click Next.
-
In Resources, select Specific resources. Choose the IBM Cloud Logs instance where you plan to send the logs. Then, click Next.
-
In the Roles and actions, select the service access Sender. Then, click Next.
-
Click Add > Create.
-
For more information about the fields that are used to create conditions for trusted profiles, see IAM condition properties.