-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
210 lines (178 loc) · 11.3 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
/**
* # monitor
*
* This module manages Azure Monitor and Diagnostic.
*
*/
resource "azurerm_monitor_diagnostic_setting" "monitor_diagnostic_setting" {
for_each = var.monitor_diagnostic_setting
name = local.monitor_diagnostic_setting[each.key].name == "" ? each.key : local.monitor_diagnostic_setting[each.key].name
target_resource_id = local.monitor_diagnostic_setting[each.key].target_resource_id
eventhub_name = local.monitor_diagnostic_setting[each.key].eventhub_name
eventhub_authorization_rule_id = local.monitor_diagnostic_setting[each.key].eventhub_authorization_rule_id
log_analytics_workspace_id = local.monitor_diagnostic_setting[each.key].log_analytics_workspace_id
log_analytics_destination_type = local.monitor_diagnostic_setting[each.key].log_analytics_destination_type
storage_account_id = local.monitor_diagnostic_setting[each.key].storage_account_id
dynamic "log" {
for_each = local.monitor_diagnostic_setting[each.key].log.category
content {
category = local.monitor_diagnostic_setting[each.key].log.category[log.key]
enabled = local.monitor_diagnostic_setting[each.key].log.enabled
retention_policy {
days = local.monitor_diagnostic_setting[each.key].log.retention_policy.days
enabled = local.monitor_diagnostic_setting[each.key].log.retention_policy.enabled
}
}
}
dynamic "metric" {
for_each = local.monitor_diagnostic_setting[each.key].metric.category
content {
category = local.monitor_diagnostic_setting[each.key].metric.category[metric.key]
enabled = local.monitor_diagnostic_setting[each.key].metric.enabled
retention_policy {
days = local.monitor_diagnostic_setting[each.key].metric.retention_policy.days
enabled = local.monitor_diagnostic_setting[each.key].metric.retention_policy.enabled
}
}
}
/** disable all other available categories */
dynamic "log" {
for_each = setsubtract(data.azurerm_monitor_diagnostic_categories.monitor_diagnostic_categories[each.key].logs, local.monitor_diagnostic_setting[each.key].log.category)
content {
category = log.key
enabled = false
retention_policy {
days = 0
enabled = false
}
}
}
dynamic "metric" {
for_each = setsubtract(data.azurerm_monitor_diagnostic_categories.monitor_diagnostic_categories[each.key].metrics, local.monitor_diagnostic_setting[each.key].metric.category)
content {
category = metric.key
enabled = false
retention_policy {
days = 0
enabled = false
}
}
}
}
resource "azurerm_monitor_action_group" "monitor_action_group" {
for_each = var.monitor_action_group
name = local.monitor_action_group[each.key].name == "" ? each.key : local.monitor_action_group[each.key].name
resource_group_name = local.monitor_action_group[each.key].resource_group_name
short_name = local.monitor_action_group[each.key].short_name == "" ? each.key : local.monitor_action_group[each.key].short_name
enabled = local.monitor_action_group[each.key].enabled
# dynamic "arm_role_receiver" {
# for_each = local.monitor_action_group[each.key].arm_role_receiver
# content {
# name = local.monitor_action_group[each.key].arm_role_receiver[arm_role_receiver.key].name == "" ? arm_role_receiver.key : local.monitor_action_group[each.key].arm_role_receiver[arm_role_receiver.key].name
# role_id = local.monitor_action_group[each.key].arm_role_receiver[arm_role_receiver.key].role_id
# use_common_alert_schema = local.monitor_action_group[each.key].arm_role_receiver[arm_role_receiver.key].use_common_alert_schema
# }
# }
dynamic "email_receiver" {
for_each = local.monitor_action_group[each.key].email_receiver
content {
name = local.monitor_action_group[each.key].email_receiver[email_receiver.key].name == "" ? email_receiver.key : local.monitor_action_group[each.key].email_receiver[email_receiver.key].name
email_address = local.monitor_action_group[each.key].email_receiver[email_receiver.key].email_address
use_common_alert_schema = local.monitor_action_group[each.key].email_receiver[email_receiver.key].use_common_alert_schema
}
}
# dynamic "event_hub_receiver" {
# for_each = local.monitor_action_group[each.key].event_hub_receiver
# content {
# name = local.monitor_action_group[each.key].event_hub_receiver[event_hub_receiver.key].name == "" ? event_hub_receiver.key : local.monitor_action_group[each.key].event_hub_receiver[event_hub_receiver.key].name
# event_hub_id = local.monitor_action_group[each.key].event_hub_receiver[event_hub_receiver.key].event_hub_id
# tenant_id = local.monitor_action_group[each.key].event_hub_receiver[event_hub_receiver.key].tenant_id
# use_common_alert_schema = local.monitor_action_group[each.key].event_hub_receiver[event_hub_receiver.key].use_common_alert_schema
# }
# }
tags = local.monitor_action_group[each.key].tags
}
resource "azurerm_monitor_activity_log_alert" "monitor_activity_log_alert" {
for_each = var.monitor_activity_log_alert
name = local.monitor_activity_log_alert[each.key].name == "" ? each.key : local.monitor_activity_log_alert[each.key].name
resource_group_name = local.monitor_activity_log_alert[each.key].resource_group_name
scopes = local.monitor_activity_log_alert[each.key].scopes
enabled = local.monitor_activity_log_alert[each.key].enabled
description = local.monitor_activity_log_alert[each.key].description
dynamic "criteria" {
for_each = local.monitor_activity_log_alert[each.key].criteria
content {
category = local.monitor_activity_log_alert[each.key].criteria[criteria.key].category
operation_name = local.monitor_activity_log_alert[each.key].criteria[criteria.key].operation_name
resource_provider = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_provider
resource_type = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_type
resource_group = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_group
resource_id = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_id
caller = local.monitor_activity_log_alert[each.key].criteria[criteria.key].caller
level = local.monitor_activity_log_alert[each.key].criteria[criteria.key].level
status = local.monitor_activity_log_alert[each.key].criteria[criteria.key].status
sub_status = local.monitor_activity_log_alert[each.key].criteria[criteria.key].sub_status
recommendation_type = local.monitor_activity_log_alert[each.key].criteria[criteria.key].recommendation_type
recommendation_category = local.monitor_activity_log_alert[each.key].criteria[criteria.key].recommendation_category
recommendation_impact = local.monitor_activity_log_alert[each.key].criteria[criteria.key].recommendation_impact
dynamic "resource_health" {
for_each = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_health != {} ? [1] : []
content {
current = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_health.current
previous = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_health.previous
reason = local.monitor_activity_log_alert[each.key].criteria[criteria.key].resource_health.reason
}
}
dynamic "service_health" {
for_each = local.monitor_activity_log_alert[each.key].criteria[criteria.key].service_health != {} ? [1] : []
content {
events = local.monitor_activity_log_alert[each.key].criteria[criteria.key].service_health.events
locations = local.monitor_activity_log_alert[each.key].criteria[criteria.key].service_health.locations
services = local.monitor_activity_log_alert[each.key].criteria[criteria.key].service_health.services
}
}
}
}
dynamic "action" {
for_each = local.monitor_activity_log_alert[each.key].action
content {
action_group_id = local.monitor_activity_log_alert[each.key].action[action.key].action_group_id
webhook_properties = local.monitor_activity_log_alert[each.key].action[action.key].webhook_properties
}
}
tags = local.monitor_activity_log_alert[each.key].tags
}
resource "azurerm_monitor_scheduled_query_rules_alert" "monitor_scheduled_query_rules_alert" {
for_each = var.monitor_scheduled_query_rules_alert
name = local.monitor_scheduled_query_rules_alert[each.key].name == "" ? each.key : local.monitor_scheduled_query_rules_alert[each.key].name
resource_group_name = local.monitor_scheduled_query_rules_alert[each.key].resource_group_name
location = local.monitor_scheduled_query_rules_alert[each.key].location
data_source_id = local.monitor_scheduled_query_rules_alert[each.key].data_source_id
frequency = local.monitor_scheduled_query_rules_alert[each.key].frequency
query = local.monitor_scheduled_query_rules_alert[each.key].query
time_window = local.monitor_scheduled_query_rules_alert[each.key].time_window
authorized_resource_ids = local.monitor_scheduled_query_rules_alert[each.key].authorized_resource_ids
auto_mitigation_enabled = local.monitor_scheduled_query_rules_alert[each.key].auto_mitigation_enabled
description = local.monitor_scheduled_query_rules_alert[each.key].description
enabled = local.monitor_scheduled_query_rules_alert[each.key].enabled
severity = local.monitor_scheduled_query_rules_alert[each.key].severity
throttling = local.monitor_scheduled_query_rules_alert[each.key].throttling
action {
action_group = local.monitor_scheduled_query_rules_alert[each.key].action.action_group
custom_webhook_payload = local.monitor_scheduled_query_rules_alert[each.key].action.custom_webhook_payload
email_subject = local.monitor_scheduled_query_rules_alert[each.key].action.email_subject
}
trigger {
operator = local.monitor_scheduled_query_rules_alert[each.key].trigger.operator
threshold = local.monitor_scheduled_query_rules_alert[each.key].trigger.threshold
dynamic "metric_trigger" {
for_each = local.monitor_scheduled_query_rules_alert[each.key].trigger.metric_trigger != {} ? [1] : []
content {
metric_column = local.monitor_scheduled_query_rules_alert[each.key].trigger.metric_trigger.metric_column
metric_trigger_type = local.monitor_scheduled_query_rules_alert[each.key].trigger.metric_trigger.metric_trigger_type
operator = local.monitor_scheduled_query_rules_alert[each.key].trigger.metric_trigger.operator
threshold = local.monitor_scheduled_query_rules_alert[each.key].trigger.metric_trigger.threshold
}
}
}
}