Terraform Provider

The Last9 Terraform Provider enables Infrastructure as Code (IaC) management of Last9 resources. You can version control, review, and automate the deployment of alerts, notification channels, and ingestion rules.

Prerequisites

Terraform v1.0 or later installed
A Last9 account with access to the API Access page
API tokens generated from the API Access page (see Getting Started with API)

Installation

Add the provider to your Terraform configuration:

terraform {
  required_providers {
    last9 = {
      source  = "last9/last9"
      version = "~> 0.2"
    }
  }
}

Run terraform init to download the provider.

Configuration

Configure the provider with your Last9 credentials. You can use either refresh tokens (recommended) or direct access tokens.

Using Refresh Tokens (Recommended)

Refresh tokens automatically handle token expiration and renewal:

provider "last9" {
  refresh_token        = var.last9_refresh_token
  delete_refresh_token = var.last9_delete_refresh_token
  org                  = var.last9_org
  api_base_url         = "https://app.last9.io"
}

Using Direct Access Tokens

For simpler setups where you manage token refresh manually:

provider "last9" {
  api_token    = var.last9_api_token
  delete_token = var.last9_delete_token
  org          = var.last9_org
  api_base_url = "https://app.last9.io"
}

Environment Variables

All provider arguments can be set via environment variables:

Argument	Environment Variable	Description
`refresh_token`	`LAST9_REFRESH_TOKEN`	Refresh token for read/write operations
`delete_refresh_token`	`LAST9_DELETE_REFRESH_TOKEN`	Refresh token for delete operations
`api_token`	`LAST9_API_TOKEN`	Direct access token
`delete_token`	`LAST9_DELETE_TOKEN`	Delete access token
`org`	`LAST9_ORG`	Organization slug
`api_base_url`	`LAST9_API_BASE_URL`	API base URL

Available Resources

Resource	Description
`last9_entity`	Alert groups that contain metric-based alerts
`last9_alert`	Threshold-based alerts on metrics
`last9_drop_rule`	Drop unwanted telemetry at ingestion layer
`last9_forward_rule`	Forward telemetry to external destinations
`last9_scheduled_search_alert`	Log-based alerts using scheduled searches
`last9_notification_channel`	Notification destinations for alerts

Data Sources

Data Source	Description
`last9_entity`	Query existing alert group by ID or external_ref
`last9_notification_destination`	Query existing notification destination by ID or name

Example Usage

Here’s a basic example that creates a Slack notification channel and a drop rule for debug logs:

# Notification channel
resource "last9_notification_channel" "slack" {
  name          = "platform-alerts"
  type          = "slack"
  destination   = "https://hooks.slack.com/services/xxx/yyy/zzz"
  send_resolved = true
}

# Drop debug logs to reduce costs
resource "last9_drop_rule" "debug_logs" {
  region    = "ap-south-1"
  name      = "drop-debug-logs"
  telemetry = "logs"

  filters {
    key      = "attributes[\"level\"]"
    value    = "debug"
    operator = "equals"
  }

  action {
    name = "drop-matching"
  }
}

For detailed schema documentation and more examples, see the Terraform Registry documentation.

Troubleshooting

Please get in touch with us on Discord or Email if you have any questions.