Module for subscription alerts and action_group: azure-alerts #449
Description
Description ✍️
We need to create a Terraform module that enables the provisioning and configuration of Azure Action Groups and the different alerts that we can use with it.
Requirements 🧾
- The module should support the creation of Azure monitor action groups
- The module should manage the creation of Azure monitor scheduled query rules alert v2
- The module should manage the creation of Azure monitor activity log alert
- The module should manage the creation of Azure monitor alert processing rule action group
- We should be able to assing a MI with reader permissions over the subscription to read the quota alert
- Each module can manage multiple actions groups
- Each module can manage multiple alert types
Resource Configurations 🔧
The module should allow for configuring the following resources:
- azurerm_monitor_action_group
- azurerm_consumption_budget_subscription
- azurerm_monitor_alert_processing_rule_action_group
- azurerm_monitor_scheduled_query_rules_alert_v2
- azurerm_monitor_activity_log_alert
Input Variables 🔢
values:
location: "centralus"
quota_alert_reader_name: "example-quota-alert-reader"
azurerm_role_assignment_scope: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
azurerm_role_assignment_role_definition_name: "Reader"
action_group_name: "alert-mail-example"
action_group_rg: "example-resource-group"
action_group_short_name: "mail-alerts"
email_receivers:
user1:
name: "User One"
email_address: "user.one@example.com"
use_common_alert_schema: true
user2:
name: "User Two"
email_address: "user.two@example.com"
use_common_alert_schema: true
user3:
name: "User Three"
email_address: "user.three@example.com"
use_common_alert_schema: true
# Budget alert
budget:
name: "PresupuestoAntiAtaque"
amount: 10000
time_grain: "Monthly"
time_period:
start_date: "2001-02-01T00:00:00Z"
notification:
- enabled: true
operator: "GreaterThan"
threshold: 100
threshold_type: "Forecasted"
contact_emails:
- "example@mail.com"
- "example2@mail.com"
# Quota Alert
quota_alert:
auto_mitigation_enabled : true
display_name : "Quota Alert"
enabled : true
evaluation_frequency : "PT15M"
location : "centralus"
name : "example-quota-alert"
scopes : ["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
severity : 2
skip_query_validation : false
target_resource_types : []
window_duration : "PT15M"
workspace_alerts_storage_enabled : false
criteria:
metric_measure_column: "usagePercent"
operator: "GreaterThanOrEqual"
query: "arg(\"\").QuotaResources \n| where subscriptionId =~ 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'\n| where type =~ 'microsoft.compute/locations/usages'\n| where isnotempty(properties)\n| mv-expand propertyJson = properties.value limit 400\n| extend\n usage = propertyJson.currentValue,\n quota = propertyJson.['limit'],\n quotaName = tostring(propertyJson.['name'].value)\n| extend usagePercent = toint(usage)*100 / toint(quota)| project-away properties| where location in~ ('centralus')| where quotaName in~ ('cores','standardDASv5Family','standardFSv2Family','standardDSv5Family','standardBSFamily')"
threshold: 80
time_aggregation_method: "Maximum"
dimension:
- name : "type"
operator : "Include"
values : [
"microsoft.compute/locations/usages",
]
- name : "location"
operator : "Include"
values : [
"centralus",
]
- name : "quotaName"
operator : "Include"
values : [
"cores",
"standardDASv5Family",
"standardFSv2Family",
"standardDSv5Family",
"standardBSFamily",
]
failing_periods:
minimum_failing_periods_to_trigger_alert : 1
number_of_evaluation_periods : 1
identity:
identity_ids: []
type: "UserAssigned"
# Log Alerts
log_alert:
- name: "Azure Service Health Central US"
description: "Alerts related to the Azure Services in the Central US region"
enabled: true
scopes: ["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
action:
action_group_id: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/example-resource-group/providers/microsoft.insights/actiongroups/alert-mail-example"
webhook_properties: {}
criteria:
category: "ServiceHealth"
levels: []
resource_groups: []
resource_ids: []
resource_providers: []
resource_types: []
statuses: []
sub_statuses: []
service_health:
events: []
locations: ["Global", "Central US"]
services: []
# Backup alert
backup_alert:
add_action_group_ids: [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/example-resource-group/providers/microsoft.insights/actionGroups/alert-mail-example",
]
name: "example-backup-alert"
scopes: [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
]
description: "Alerts for example backups"
Output Variables 🔢
- id - The ID of the action group.
Documentation 📖
Provide comprehensive documentation including examples.
Acceptance Criteria 👍
The module is tested and validated with different configurations.
Code is well-structured, following Terraform best practices.
Comprehensive documentation and usage examples are provided.
Tasklist ✔️
### Tasks
- [ ] Should manage different alert types
- [ ] Users can be alerted through different methods
- [ ] Should be able to receive MI
Metadata
Metadata
Assignees
Labels
No labels