A Terraform provider for managing Last9 resources including alerts, log management rules, and notification channels.
- Alerts: Configure alerting rules (metric-based with thresholds/expressions, or log-based with scheduled searches)
- Notification Channels: Manage alert destinations (Slack, PagerDuty, webhooks, email, etc.)
- Drop Rules: Filter and drop logs for cost optimization
- Forward Rules: Forward logs to external destinations
Add the provider to your Terraform configuration:
terraform {
required_providers {
last9 = {
source = "last9/last9"
version = "~> 1.0"
}
}
}git clone https://github.com/last9/terraform-provider-last9
cd terraform-provider-last9
go build -o terraform-provider-last9Place the binary in your Terraform plugins directory:
- Linux/Mac:
~/.terraform.d/plugins/registry.terraform.io/last9/last9/1.0.0/linux_amd64/ - Windows:
%APPDATA%\terraform.d\plugins\registry.terraform.io\last9\last9\1.0.0\windows_amd64\
Configure the provider with your Last9 credentials. You can use either refresh tokens (recommended) or direct access tokens.
provider "last9" {
refresh_token = var.last9_refresh_token # or use LAST9_REFRESH_TOKEN env var
org = var.last9_org # or use LAST9_ORG env var
api_base_url = var.last9_api_base_url # required - or use LAST9_API_BASE_URL env var
}provider "last9" {
api_token = var.last9_api_token # or use LAST9_API_TOKEN env var
org = var.last9_org # or use LAST9_ORG env var
api_base_url = var.last9_api_base_url # required - or use LAST9_API_BASE_URL env var
}LAST9_REFRESH_TOKEN- Your Last9 refresh token (recommended)LAST9_API_TOKEN- Your Last9 API access token (legacy)LAST9_ORG- Your Last9 organization slugLAST9_API_BASE_URL- API base URL (required)
Note: Either LAST9_REFRESH_TOKEN or LAST9_API_TOKEN must be provided. Refresh tokens are recommended as they automatically handle token refresh.
See the examples directory for complete examples.
resource "last9_alert" "high_error_rate" {
entity_id = last9_entity.example.id
name = "High Error Rate"
description = "Alert when error rate exceeds 100 req/min"
indicator = "error_rate"
greater_than = 100
bad_minutes = 5
total_minutes = 10
severity = "breach"
properties {
runbook_url = "https://wiki.example.com/runbooks/high-error-rate"
annotations = {
priority = "high"
team = "platform"
}
}
}resource "last9_drop_rule" "debug_logs" {
region = "us-west-2"
name = "drop-debug-logs"
telemetry = "logs"
filters {
key = "attributes[\"severity\"]"
value = "debug"
operator = "equals"
conjunction = "and"
}
}resource "last9_forward_rule" "external_logs" {
region = "us-west-2"
name = "forward-critical-logs"
telemetry = "logs"
destination = "https://logs.external-system.com/webhook"
filters {
key = "attributes[\"severity\"]"
value = "critical"
operator = "equals"
conjunction = "and"
}
filters {
key = "attributes[\"service\"]"
value = "payment-service"
operator = "equals"
conjunction = "and"
}
}last9_entity- Create alert groups for organizing metric-based alertslast9_alert- Configure metric-based alert ruleslast9_drop_rule- Configure log drop rules for filteringlast9_forward_rule- Set up log forwarding to external destinationslast9_scheduled_search_alert- Create log-based scheduled search alertslast9_notification_channel- Manage alert notification destinations
last9_entity- Query alert group informationlast9_notification_destination- Query notification destinations for alerts
- Go 1.21 or later
- Terraform 1.0 or later
go build -o terraform-provider-last9go test ./...TF_ACC=1 go test ./... -vContributions are welcome! Please read our contributing guidelines first.
Mozilla Public License 2.0 - see LICENSE file for details
For issues and questions:
- GitHub Issues: https://github.com/last9/terraform-provider-last9/issues
- Documentation: https://docs.last9.io