IBM Cloud Docs
Configuring the authentication method of a Monitoring instance

Configuring the authentication method of a Monitoring instance

You can configure the authentication token that is allowed in a Monitoring instance when you use Python scripts or the Monitoring REST API to manage resources. By default, you can use an IAM token or a Monitor API token . However, you can restrict the Monitoring instance to only allow IAM tokens.

Prereqs

Complete the following steps:

  1. Install the IBM Cloud CLI. If the CLI is installed, continue with the next step.

  2. Log in to the region and resource group in the IBM Cloud where the Monitoring instance is available. Run the following command: ibmcloud login

Step 1. Get information on the Monitoring instance

To get information about the Monitoring instance, run the following command:

ibmcloud resource service-instance MONITORING_INSTANCE_NAME --output JSON

The output includes a parameters section with the following information:

"parameters": {
    "default_receiver": false,
    "external_api_auth": "IAM_ONLY"
}

The external_api_auth field indicates the types of tokens that are allowed to work with the Monitoring instance.

  • When the value is set to IAM_ONLY, you can only use IAM tokens to authenticate.
  • When the value is set to ANY, you can use IAM tokens and Monitor API tokens to authenticate.

Check the external_api_auth to find out what tokens are allowed for authentication.

Step 2. Reset the Monitor API token for each team

Complete this step if you are configuring your monitoring instance to authenticate with IAM tokens only.

When you reset a Monitor API token , you disable the current Monitor API token that users might be using. There is 1 Monitor API token per team.

For each team in the Monitoring instance, Reset the Monitor API token.

Step 3. Configure the Monitoring instance to only allow IAM tokens

Run the following command to update a Monitoring instance so that only IAM tokens are allowed when you use Python scripts or the monitoring REST API to manage resources:

ibmcloud resource service-instance-update NAME  -p '{"external_api_auth": "IAM_ONLY"}'

Where

NAME is the name of the Monitoring instance.

API_AUTH is set to the authorization model that is enabled to authenticate with the IBM Cloud Monitoring service when you use Python scripts or the monitoring REST API. By default, it is set to ANY. Valid values are: ANY and IAM_ONLY.

For example, to modify an instance, run the following command:

ibmcloud resource service-instance-create monitoring-instance-01 -p '{"external_api_auth": "IAM_ONLY"}'