IBM Cloud Docs
Limiting instance access to only private endpoints

Limiting instance access to only private endpoints

You can limit access to an IBM® Log Analysis instance to private endpoints only.

As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025. For information about IBM Cloud Logs, see the IBM Cloud Logs documentation.

You can configure your IBM Log Analysis instance so it is accessible through private endpoints only.

If you configure your instance to use private endpoints only, this will block the public endpoints. All ingestion and API usage that may be in progress on the public endpoints will be blocked when the configuration change is made.

Unless otherwise specified when provisioning an instance, the default is for the instance to be accessible by both public and private endpoints.

Limiting instances while provisioning

You can configure your instance to only use private endpoints when you provision your instance.

Limiting an existing instance

If you have an exising instance you can change it to use private endpoints only.

Limiting the instance using the Observability dashboard

If you have an existing IBM Log Analysis instance and need to change it to be accessible by private endpoints only, do the following using the Observability dashboard:

  1. Log in to your IBM Cloud account.

    After you log in with your user ID and password, the IBM Cloud dashboard opens.

  2. Click the Menu icon Menu icon > Observability.

  3. Select Logging.

    The list of IBM Log Analysis instances is displayed.

  4. Select the instance in the region where you want to view events. Then, click Open Dashboard.

  5. Select the settings icon.

  6. Click Organization > General.

  7. For Private endpoints only select on to limit access to the instance to only private endpoints. Select off to allow the instance to be accessed by both public and private endpoints.

Limiting the instance using the CLI

If you have an existing IBM Log Analysis instance and need to change it to be accessible by private endpoints only, do the following using the CLI:

  1. Install the IBM Cloud CLI. Learn more.

  2. Log in to the location in the IBM Cloud where the instance is provisioned. Run the following command: ibmcloud login

    To get the latest list of locations that are available for the IBM Log Analysis service, see Locations.

  3. Set the resource group where the instance is available. Run the following command: ibmcloud target

    By default, the default resource group is set.

  4. Change your instance to accept access from private endpoints only. Run the ibmcloud resource service-instance-update command:

    ibmcloud resource service-instance-update NAME -p '{"private_endpoints_only": PRIVATE_ENDPOINT}'

    Where:

    • NAME is the name of the instance.

    • PRIVATE_ENDPOINT is either true or false. If true only private endpoints can be used to access the instance.

    For example, to change the instance named my-instance to be accessible by both public and private endpoints, run the following command:

    ibmcloud resource service-instance-update my-instance -p '{"private_endpoints_only": false}'