IBM Cloud Logs lets you store, search, and analyze your logs. For long-term storage and metrics, integrating IBM Cloud Logs with IBM Cloud Object Storage (COS) is essential—especially for production environments.
This tutorial will walk you through:
-
Creating and configuring data and metrics buckets in COS
-
Setting up service-to-service (S2S) authorization
-
Connecting the buckets to IBM Cloud Logs using CLI
📍 Best Practice: Use separate buckets for logs and metrics if you need different lifecycle policies.
Step 1: Create Buckets in IBM Cloud Object Storage
-
Go to the IBM Cloud Console.
-
Navigate to Storage > Object Storage.
-
Create two buckets:
-
Choose Cross Region resiliency for high availability.
-
Supported storage classes:
🔐 Important: Do not enable object lock, retention policies, or public access on these buckets.
Step 2: Set Up Service-to-Service (S2S) Authorization
-
In IBM Cloud Console, go to Manage > Access (IAM) > Authorizations.
-
Click Create.
-
Source service: Cloud Logs
-
Target service: Cloud Object Storage
-
Select the scope:
-
Under Service access, choose: Writer
-
Click Authorize

Step 3: Connect Buckets to IBM Cloud Logs Using CLI
Prerequisites
Option A: Basic Update Command
ibmcloud resource service-instance-update "cloud-logs-guid" -p '{"logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'


If this fails, use Option B below.
Option B: Update With Retention Period (WORKAROUND)
If the basic update fails, add a temporary retention period:
ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "14", "logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'
Tip: If your current retention is 7, set this to 14 (or vice versa).
After the update is successful, reset the retention period:
ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "ORIGINAL_RETENTION_VALUE"}'
Final Notes
-
Buckets must be in the same region as your IBM Cloud Logs instance for optimal performance.
-
You are responsible for bucket lifecycle policies.
-
Consider enabling metrics only if you want Prometheus-style time-series analysis of log events.
Conclusion
By connecting IBM Cloud Logs to IBM Cloud Object Storage, you unlock powerful capabilities for long-term log retention, compliance, and metric analysis. Whether you're troubleshooting in real-time or auditing historical events, this integration ensures your log data is securely stored and easily accessible.
Remember:
-
Use separate buckets if you require different lifecycle policies.
-
Ensure buckets are in the same region for optimal performance.
-
Always validate your IAM permissions and retention settings during configuration.
With this setup in place, your logging infrastructure is now more resilient, scalable, and production-read