/terraform-azurerm-alerting

Terraform module for Azure Alerting

Primary LanguageHCLApache License 2.0Apache-2.0

Azure Alerting

Changelog Notice Apache V2 License TF Registry

Azure module to create some Azure Monitor Alerts with an Action Group for notifications destination. This module handles alerts of type:

Global versioning rule for Claranet Azure modules

Module version Terraform version AzureRM version
>= 5.x.x 0.15.x & 1.0.x >= 2.0
>= 4.x.x 0.13.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

module "azure_region" {
  source  = "claranet/regions/azurerm"
  version = "x.x.x"

  azure_region = var.azure_region
}

module "rg" {
  source  = "claranet/rg/azurerm"
  version = "x.x.x"

  location    = module.azure_region.location
  client_name = var.client_name
  environment = var.environment
  stack       = var.stack
}

module "alerting" {
  source  = "claranet/alerting/azurerm"
  version = "x.x.x"

  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name     = module.rg.resource_group_name
  action_group_short_name = "Alerting"

  action_group_webhooks = {
    PagerDuty = "https://events.pagerduty.com/integration/{integration-UID}/enqueue"
    Slack     = "https://hooks.slack.com/services/{azerty}/XXXXXXXXXXXXXXx/{hook-key}"
  }

  activity_log_alerts = {
    "service-health" = {
      description         = "ServiceHealth global Subscription alerts"
      resource_group_name = module.rg.resource_group_name
      scopes              = [format("/subscriptions/%s", var.azure_subscription_id)]
      criteria = {
        category = "ServiceHealth"
      }
    }

    "security-center" = {
      custom_name         = "${var.stack}-global-security-center"
      description         = "Security Center global Subscription alerts"
      resource_group_name = module.rg.resource_group_name
      scopes              = [format("/subscriptions/%s", var.azure_subscription_id)]
      criteria = {
        category = "Security"
        level    = "Error"
      }
    }

    "advisor" = {
      custom_name         = "${var.stack}-global-advisor-alerts"
      description         = "Advisor global Subscription alerts"
      resource_group_name = module.rg.resource_group_name
      scopes              = [format("/subscriptions/%s", var.azure_subscription_id)]
      criteria = {
        category = "Recommendation"
        level    = "Informational"
      }
    }
  }

  extra_tags = {
    purpose = "alerting testing"
  }
}

Providers

Name Version
azurecaf ~> 1.1
azurerm >= 2.56

Modules

No modules.

Resources

Name Type
azurecaf_name.action_group resource
azurecaf_name.alert resource
azurerm_monitor_action_group.action_group_notification resource
azurerm_monitor_activity_log_alert.activity_log_alert resource

Inputs

Name Description Type Default Required
action_group_emails Map of Emails to notify. Example: { ml-devops = devops@contoso.com } map(string) {} no
action_group_short_name Action Group short name string n/a yes
action_group_webhooks Map of Webhooks to notify. Example: { PagerDuty = 'https://events.pagerduty.com/integration/abcdefgh12345azerty/enqueue' } map(string) {} no
activity_log_alerts Map of Activity log Alerts any {} no
client_name Client name/account used in naming string n/a yes
custom_action_group_name Optional custom Action Group name string null no
default_tags_enabled Option to enable or disable default tags. bool true no
environment Project environment string n/a yes
extra_tags Extra tags to set on each created resource. map(string) {} no
location_short Short string for Azure location. string n/a yes
name_prefix Optional prefix for the generated name string "" no
name_suffix Optional suffix for the generated name string "" no
resource_group_name Resource group name string n/a yes
service_health A block supports the following: events, locations and services. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_activity_log_alert"
{
events = "Incident"
locations = "Global"
service = null
}
map(string) null no
stack Project stack name string n/a yes
use_caf_naming Use the Azure CAF naming provider to generate default resource name. custom_action_group_name override this if set. Legacy default name is used if this is set to false. bool true no

Outputs

Name Description
action_group_id Notification Action Group ID
action_group_name Notification Action Group name
activity_log_alerts Activity log alerts attributes

Related documentation

Microsoft Azure documentation:

Github issues

Additional fields for Service Health (Regions and Services): hashicorp/terraform-provider-azurerm#2996

This is fixed now with AzureRM provider v2.56.0: azurerm_monitor_activity_log_alert - support for service_health (#10978)