IBM Cloud Logs lets you store, search, and analyze your logs. For long-term storage and metrics, integrating IBM Cloud Logs with IBM Cloud Object Storage (COS) is essential—especially for production environments.

This tutorial will walk you through:

• Creating and configuring data and metrics buckets in COS

• Setting up service-to-service (S2S) authorization

• Connecting the buckets to IBM Cloud Logs using CLI

📍 Best Practice: Use separate buckets for logs and metrics if you need different lifecycle policies.

Step 1: Create Buckets in IBM Cloud Object Storage

• Go to the IBM Cloud Console.

• Navigate to Storage > Object Storage.

• Create two buckets:

  • One for data (log storage)

  • One for metrics

• Choose Cross Region resiliency for high availability.

• Supported storage classes:

  • ✅ Smart Tier

  • ✅ Standard

  • ❌ Vault, Cold Vault (not supported for logs)

🔐 Important: Do not enable object lock, retention policies, or public access on these buckets.

Step 2: Set Up Service-to-Service (S2S) Authorization

• In IBM Cloud Console, go to Manage > Access (IAM) > Authorizations.

• Click Create.

• Source service: Cloud Logs

• Target service: Cloud Object Storage

• Select the scope:

  • Grant access to all resources or

  • Restrict to specific bucket(s)

• Under Service access, choose: Writer

• Click Authorize
  

Step 3: Connect Buckets to IBM Cloud Logs Using CLI

Prerequisites

• Install IBM Cloud CLI

• Log in and target the correct region

Option A: Basic Update Command

ibmcloud resource service-instance-update "cloud-logs-guid" -p '{"logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'

If this fails, use Option B below.

Option B: Update With Retention Period (WORKAROUND)

If the basic update fails, add a temporary retention period:

ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "14", "logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'

Tip: If your current retention is 7, set this to 14 (or vice versa).

After the update is successful, reset the retention period:

ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "ORIGINAL_RETENTION_VALUE"}'

Final Notes

• Buckets must be in the same region as your IBM Cloud Logs instance for optimal performance.

• You are responsible for bucket lifecycle policies.

• Consider enabling metrics only if you want Prometheus-style time-series analysis of log events.

Conclusion

By connecting IBM Cloud Logs to IBM Cloud Object Storage, you unlock powerful capabilities for long-term log retention, compliance, and metric analysis. Whether you're troubleshooting in real-time or auditing historical events, this integration ensures your log data is securely stored and easily accessible.

Remember:

• Use separate buckets if you require different lifecycle policies.

• Ensure buckets are in the same region for optimal performance.

• Always validate your IAM permissions and retention settings during configuration.

With this setup in place, your logging infrastructure is now more resilient, scalable, and production-read