diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3bf1e5f --- /dev/null +++ b/.gitignore @@ -0,0 +1,38 @@ +#vscode +settings.json + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* +*-plan + +# Ignore shell script which may contain secrets for authN +devscript.sh +.vscode/settings.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..e897486 --- /dev/null +++ b/README.md @@ -0,0 +1,260 @@ +# AzureRM Monitor - Terraform parent module + +* Vendor reference [https://www.terraform.io/docs/providers/azurerm/index.html](https://www.terraform.io/docs/providers/azurerm/index.html) + +## Terraform resources/variables + +See child module READMEs + +### Example usage to call child modules + +```terraform + +terraform { + required_version = "~> 0.13.0" + required_providers { + azurerm = "~> 2.25.0" + } +} + +provider "azurerm" { + features { + } +} + +module "azmonitor-action-groups" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-ActionGroups?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + actionGroups = { + "group1" = { + actionGroupName = "AlertEscalationGroup" + actionGroupShortName = "alertesc" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + }, + "group2" = { + actionGroupName = "AlertOperationsGroup" + actionGroupShortName = "alertops" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + } + } +} + +module "azmonitor-metric-alerts" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-MetricAlerts?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + alertScope = { + "resource1" = { + resourceName = "azmonloadbalancer1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/loadBalancers" + }, + "resource2" = { + resourceName = "azmonappgateway1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/appGateway" + }, + "resource3" = { + resourceName = "azmonsqldb1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Sql/servers/databases" + } + } + + metricAlerts = { + "alert1" = { + alertName = "azmonloadbalancer1-DipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer health probe status per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "DipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "ProtocolType" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + { + name = "BackendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert2" = { + alertName = "azmonloadbalancer1-VipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer data path availability per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "VipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "FrontendPort" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + }, + "alert3" = { + alertName = "azmonappgateway1-UnhealthyHostcount" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Current UnhealthyHostcount of the Application Gateway" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "UnhealthyHostcount" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert4" = { + alertName = "azmonappgateway1-FailedRequests" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Count of failed requests that Application Gateway has served" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "FailedRequests" + dynCriteriaAggregation = "Total" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + } + } + + metricAlerts-noDimensions = { + "alert1" = { + alertName = "azmonsqldb1-avg_cpu_percent" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource3.resources[0].id + ] + alertDescription = "Average CPU percentage" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "3" + alertTargetResourceType = "Microsoft.Sql/managedInstances" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Sql/managedInstances" + dynCriteriaMetricName = "avg_cpu_percent" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + } + } +} +``` + +## Modifying this repository + +* If changes are made to `.tf` files it's best practice to use `terraform fmt` and `terrform validate` afterwards. + +```terraform +terraform fmt -recursive +terraform validate +``` \ No newline at end of file diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..8fd7edb --- /dev/null +++ b/examples/README.md @@ -0,0 +1,7 @@ +# AzureRM Monitor Action Groups - examples + +Example files provided can be used as a baseline to call the Azure Monitor child modules. + +* main.tf +* outputs.tf +* variables.tf diff --git a/examples/main.tf b/examples/main.tf new file mode 100644 index 0000000..a5f1ea5 --- /dev/null +++ b/examples/main.tf @@ -0,0 +1,238 @@ +terraform { + required_version = "~> 0.13.0" + required_providers { + azurerm = "~> 2.25.0" + } +} + +provider "azurerm" { + features { + } +} + +module "azmonitor-action-groups" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-ActionGroups?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + actionGroups = { + "group1" = { + actionGroupName = "AlertEscalationGroup" + actionGroupShortName = "alertesc" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + }, + "group2" = { + actionGroupName = "AlertOperationsGroup" + actionGroupShortName = "alertops" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + } + } +} + +module "azmonitor-metric-alerts" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-MetricAlerts?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + alertScope = { + "resource1" = { + resourceName = "azmonloadbalancer1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/loadBalancers" + }, + "resource2" = { + resourceName = "azmonappgateway1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/appGateway" + }, + "resource3" = { + resourceName = "azmonsqldb1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Sql/servers/databases" + } + } + + metricAlerts = { + "alert1" = { + alertName = "azmonloadbalancer1-DipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer health probe status per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "DipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "ProtocolType" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + { + name = "BackendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert2" = { + alertName = "azmonloadbalancer1-VipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer data path availability per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "VipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "FrontendPort" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + }, + "alert3" = { + alertName = "azmonappgateway1-UnhealthyHostcount" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Current UnhealthyHostcount of the Application Gateway" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "UnhealthyHostcount" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert4" = { + alertName = "azmonappgateway1-FailedRequests" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Count of failed requests that Application Gateway has served" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "FailedRequests" + dynCriteriaAggregation = "Total" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + } + } + + metricAlerts-noDimensions = { + "alert1" = { + alertName = "azmonsqldb1-avg_cpu_percent" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource3.resources[0].id + ] + alertDescription = "Average CPU percentage" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "3" + alertTargetResourceType = "Microsoft.Sql/managedInstances" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Sql/managedInstances" + dynCriteriaMetricName = "avg_cpu_percent" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + } + } +} \ No newline at end of file diff --git a/examples/outputs.tf b/examples/outputs.tf new file mode 100644 index 0000000..c238d72 --- /dev/null +++ b/examples/outputs.tf @@ -0,0 +1,15 @@ +output "azmonitor-actiongroups" { + value = module.azmonitor-action-groups.ag +} + +output "azmonitor-alert-scope" { + value = module.azmonitor-metric-alerts.alert-scope +} + +output "azmonitor-metric-alerts" { + value = module.azmonitor-metric-alerts.metric-alerts +} + +output "metric-alerts-nodimensions" { + value = module.azmonitor-metric-alerts.metric-alerts-nodimensions +} \ No newline at end of file diff --git a/examples/variables.tf b/examples/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/AzMonitor-ActionGroups/README.md b/modules/AzMonitor-ActionGroups/README.md new file mode 100644 index 0000000..cb01651 --- /dev/null +++ b/modules/AzMonitor-ActionGroups/README.md @@ -0,0 +1,75 @@ +# AzureRM Monitor Action Groups - Terraform child module + +* Vendor reference [https://www.terraform.io/docs/providers/azurerm/r/monitor_action_group.html](https://www.terraform.io/docs/providers/azurerm/r/monitor_action_group.html) + +## Child module files + +* `main.tf` +* `outputs.tf` +* `variables.tf` + +## Terraform resources (main.tf) + +Resource Type|Resource name| Deployment Count +|:--------- |:------------|:------------ +azurerm_monitor_action_group|actiongroup|count varies according to `actionGroups` variable inputs + +## Input variables (variables.tf) + +Name|Description|Type|Default Value +|:-- |:---- |:---|:-------------- +|`actionGroups`|key=value arguments for Azure Monitor Action Groups|`map of objects`| N/A + +## Output variables (outputs.tf) + +Name|Description|Value +|:--|:--------- |:---- +|`ag`|The Azure Monitor Action Groups created|azurerm_monitor_action_group.actiongroup.* + +### Child module example usage + +```terraform + +module "azmonitor-action-groups" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-ActionGroups?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + actionGroups = { + "group1" = { + actionGroupName = "AlertEscalationGroup" + actionGroupShortName = "alertesc" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + }, + "group2" = { + actionGroupName = "AlertOperationsGroup" + actionGroupShortName = "alertops" + actionGroupRGName = "AzMonitorAlertGroups" + actionGroupEnabled = "true" + actionGroupEmailReceiver = [ + { + name = "jloudon" + email_address = "gitbao@outlook.com" + use_common_alert_schema = "true" + } + ] + } + } +} + +``` \ No newline at end of file diff --git a/modules/AzMonitor-ActionGroups/main.tf b/modules/AzMonitor-ActionGroups/main.tf new file mode 100644 index 0000000..044ab94 --- /dev/null +++ b/modules/AzMonitor-ActionGroups/main.tf @@ -0,0 +1,19 @@ +resource "azurerm_monitor_action_group" "group" { + for_each = var.actionGroups + + name = each.value.actionGroupName + resource_group_name = each.value.actionGroupRGName + short_name = each.value.actionGroupShortName + enabled = each.value.actionGroupEnabled + + dynamic "email_receiver" { + for_each = each.value.actionGroupEmailReceiver + content { + name = email_receiver.value["name"] + email_address = email_receiver.value["email_address"] + use_common_alert_schema = email_receiver.value["use_common_alert_schema"] + } + } + + tags = var.tags +} \ No newline at end of file diff --git a/modules/AzMonitor-ActionGroups/outputs.tf b/modules/AzMonitor-ActionGroups/outputs.tf new file mode 100644 index 0000000..7aa3dc8 --- /dev/null +++ b/modules/AzMonitor-ActionGroups/outputs.tf @@ -0,0 +1,3 @@ +output "ag" { + value = azurerm_monitor_action_group.group.* +} \ No newline at end of file diff --git a/modules/AzMonitor-ActionGroups/variables.tf b/modules/AzMonitor-ActionGroups/variables.tf new file mode 100644 index 0000000..a614f0f --- /dev/null +++ b/modules/AzMonitor-ActionGroups/variables.tf @@ -0,0 +1,21 @@ +variable "actionGroups" { + type = map(object({ + actionGroupName = string + actionGroupShortName = string + actionGroupRGName = string + actionGroupEnabled = string + actionGroupEmailReceiver = list(map(string)) + })) +} + +variable "tags" { + type = map + default = { + Application = "tbc" + CostCentre = "tbc" + Environment = "tbc" + ManagedBy = "tbc" + Owner = "tbc" + Support = "tbc" + } +} \ No newline at end of file diff --git a/modules/AzMonitor-MetricAlerts/README.md b/modules/AzMonitor-MetricAlerts/README.md new file mode 100644 index 0000000..0d4a2a6 --- /dev/null +++ b/modules/AzMonitor-MetricAlerts/README.md @@ -0,0 +1,223 @@ +# AzureRM Monitor Metric Alerts Load Balancer - Terraform child module + +* Vendor reference [https://www.terraform.io/docs/providers/azurerm/r/monitor_metric_alert.html](https://www.terraform.io/docs/providers/azurerm/r/monitor_metric_alert.html) + +## Child module files + +* `main.tf` +* `outputs.tf` +* `variables.tf` + +## Terraform resources (main.tf) + +Resource Type| Resource name| Deployment Count +:------------|:-------------|:----- +azurerm_monitor_metric_alert|alert|count varies according to `metricAlerts` variable inputs +azurerm_monitor_metric_alert|alert-nodimensions|count varies according to `metricAlerts-nodimensions` variable inputs + + +## Input variables (variables.tf) + +Name|Description|Type|Default Value +|:--|:----------|:---|:-------------- +|`alertScope`|key=value arguments for Azure Monitor Metric Alerts|`map of objects`| N/A +|`metricAlerts`|key=value arguments for Azure Monitor Metric Alerts|`map of objects`| N/A +|`metricAlerts-noDimensions`|key=value arguments for Azure Monitor Metric Alerts with no criteria dimensions|`map of objects`| N/A + +## Output variables (outputs.tf) + +Name|Description|Value +|:--|:--------- |:---- +|`alert-scope`|The Load Balancers to scope the alerts to|data.azurerm_lb.lb.* +|`metric-alerts`|The Azure Monitor Metric Alerts created|azurerm_monitor_metric_alert.alert +|`metric-alerts-nodimensions`|The Azure Monitor Metric Alerts with no criteria dimensions created|azurerm_monitor_metric_alert.alert-nodimensions + +### Child module example usage + +```terraform + + module "azmonitor-metric-alerts" { + source = "git::ssh://git@https://github.com/globalbao/terraform-azurerm-monitor//modules/AzMonitor-MetricAlerts?ref=v1.0" + + tags = { + Application = "Azure Monitor Alerts" + CostCentre = "123" + Environment = "dev" + ManagedBy = "Jesse Loudon" + Owner = "Jesse Loudon" + Support = "gitbao@outlook.com" + } + + alertScope = { + "resource1" = { + resourceName = "azmonloadbalancer1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/loadBalancers" + }, + "resource2" = { + resourceName = "azmonappgateway1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Network/appGateway" + }, + "resource3" = { + resourceName = "azmonsqldb1" + resourceGroup = "DevResources" + resourceType = "Microsoft.Sql/managedInstances" + } + } + + metricAlerts = { + "alert1" = { + alertName = "azmonloadbalancer1-DipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer health probe status per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "DipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "ProtocolType" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + { + name = "BackendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert2" = { + alertName = "azmonloadbalancer1-VipAvailability" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource1.resources[0].id + ] + alertDescription = "Average Load Balancer data path availability per time duration" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/loadBalancers" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/loadBalancers" + dynCriteriaMetricName = "VipAvailability" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "LessThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "FrontendPort" + operator = "Include" + values = "*" + }, + { + name = "FrontendIPAddress" + operator = "Include" + values = "*" + }, + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + }, + "alert3" = { + alertName = "azmonappgateway1-UnhealthyHostcount" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Current UnhealthyHostcount of the Application Gateway" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "UnhealthyHostcount" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + }, + "alert4" = { + alertName = "azmonappgateway1-FailedRequests" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource2.resources[0].id + ] + alertDescription = "Count of failed requests that Application Gateway has served" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "2" + alertTargetResourceType = "Microsoft.Network/applicationGateways" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Network/applicationGateways" + dynCriteriaMetricName = "FailedRequests" + dynCriteriaAggregation = "Total" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + dynCriteriaDimensions = [ + { + name = "BackendSettingsPool" + operator = "Include" + values = "*" + } + ] + actionGroupID = module.azmonitor-action-groups.ag["0"].group1.id + } + } + + metricAlerts-noDimensions = { + "alert1" = { + alertName = "azmonsqldb1-avg_cpu_percent" + alertResourceGroupName = "DevResources" + alertScopes = [ + module.azmonitor-metric-alerts.alert-scope["0"].resource3.resources[0].id + ] + alertDescription = "Average CPU percentage" + alertEnabled = "true" + alertAutoMitigate = "true" + alertFrequency = "PT15M" + alertWindowSize = "PT1H" + alertSeverity = "3" + alertTargetResourceType = "Microsoft.Sql/managedInstances" + alertTargetResourceLoc = "australiaeast" + dynCriteriaMetricNamespace = "Microsoft.Sql/managedInstances" + dynCriteriaMetricName = "avg_cpu_percent" + dynCriteriaAggregation = "Average" + dynCriteriaOperator = "GreaterThan" + dynCriteriaAlertSensitivity = "Medium" + actionGroupID = module.azmonitor-action-groups.ag["0"].group2.id + } + } +} +``` \ No newline at end of file diff --git a/modules/AzMonitor-MetricAlerts/main.tf b/modules/AzMonitor-MetricAlerts/main.tf new file mode 100644 index 0000000..31ae5aa --- /dev/null +++ b/modules/AzMonitor-MetricAlerts/main.tf @@ -0,0 +1,62 @@ +resource "azurerm_monitor_metric_alert" "alert" { + for_each = var.metricAlerts + tags = var.tags + name = each.value.alertName + resource_group_name = each.value.alertResourceGroupName + scopes = each.value.alertScopes + description = each.value.alertDescription + enabled = each.value.alertEnabled + auto_mitigate = each.value.alertAutoMitigate + frequency = each.value.alertFrequency + window_size = each.value.alertWindowSize + severity = each.value.alertSeverity + target_resource_type = each.value.alertTargetResourceType + target_resource_location = each.value.alertTargetResourceLoc + + dynamic_criteria { + metric_namespace = each.value.dynCriteriaMetricNamespace + metric_name = each.value.dynCriteriaMetricName + aggregation = each.value.dynCriteriaAggregation + operator = each.value.dynCriteriaOperator + alert_sensitivity = each.value.dynCriteriaAlertSensitivity + + dynamic "dimension" { + for_each = each.value.dynCriteriaDimensions + content { + name = dimension.value["name"] + operator = dimension.value["operator"] + values = [dimension.value["values"]] + } + } + } + action { + action_group_id = each.value.actionGroupID + } +} + +resource "azurerm_monitor_metric_alert" "alert-nodimensions" { + for_each = var.metricAlerts-noDimensions + tags = var.tags + name = each.value.alertName + resource_group_name = each.value.alertResourceGroupName + scopes = each.value.alertScopes + description = each.value.alertDescription + enabled = each.value.alertEnabled + auto_mitigate = each.value.alertAutoMitigate + frequency = each.value.alertFrequency + window_size = each.value.alertWindowSize + severity = each.value.alertSeverity + target_resource_type = each.value.alertTargetResourceType + target_resource_location = each.value.alertTargetResourceLoc + + dynamic_criteria { + metric_namespace = each.value.dynCriteriaMetricNamespace + metric_name = each.value.dynCriteriaMetricName + aggregation = each.value.dynCriteriaAggregation + operator = each.value.dynCriteriaOperator + alert_sensitivity = each.value.dynCriteriaAlertSensitivity + } + action { + action_group_id = each.value.actionGroupID + } +} diff --git a/modules/AzMonitor-MetricAlerts/outputs.tf b/modules/AzMonitor-MetricAlerts/outputs.tf new file mode 100644 index 0000000..dd12e2b --- /dev/null +++ b/modules/AzMonitor-MetricAlerts/outputs.tf @@ -0,0 +1,11 @@ +output "alert-scope" { + value = data.azurerm_resources.existing.* +} + +output "metric-alerts" { + value = azurerm_monitor_metric_alert.alert +} + +output "metric-alerts-nodimensions" { + value = azurerm_monitor_metric_alert.alert-nodimensions +} \ No newline at end of file diff --git a/modules/AzMonitor-MetricAlerts/variables.tf b/modules/AzMonitor-MetricAlerts/variables.tf new file mode 100644 index 0000000..2a422ea --- /dev/null +++ b/modules/AzMonitor-MetricAlerts/variables.tf @@ -0,0 +1,73 @@ +data "azurerm_resources" "existing" { + for_each = var.alertScope + name = each.value.resourceName + resource_group_name = each.value.resourceGroup + type = each.value.resourceType +} + +variable "alertScope" { + type = map(object({ + resourceName = string + resourceGroup = string + resourceType = string + })) +} + +variable "metricAlerts" { + type = map(object({ + alertName = string + alertResourceGroupName = string + alertScopes = list(string) + alertDescription = string + alertEnabled = bool + alertAutoMitigate = bool + alertFrequency = string + alertWindowSize = string + alertSeverity = number + alertTargetResourceType = string + alertTargetResourceLoc = string + dynCriteriaMetricNamespace = string + dynCriteriaMetricName = string + dynCriteriaAggregation = string + dynCriteriaOperator = string + dynCriteriaAlertSensitivity = string + dynCriteriaDimensions = list(map(string)) + actionGroupID = string + })) + default = {} +} + +variable "metricAlerts-noDimensions" { + type = map(object({ + alertName = string + alertResourceGroupName = string + alertScopes = list(string) + alertDescription = string + alertEnabled = bool + alertAutoMitigate = bool + alertFrequency = string + alertWindowSize = string + alertSeverity = number + alertTargetResourceType = string + alertTargetResourceLoc = string + dynCriteriaMetricNamespace = string + dynCriteriaMetricName = string + dynCriteriaAggregation = string + dynCriteriaOperator = string + dynCriteriaAlertSensitivity = string + actionGroupID = string + })) + default = {} +} + +variable "tags" { + type = map + default = { + Application = "tbc" + CostCentre = "tbc" + Environment = "tbc" + ManagedBy = "tbc" + Owner = "tbc" + Support = "tbc" + } +} \ No newline at end of file