Terraform-provider-azurerm: Additional fields for azurerm_monitor_activity_log_alert "Service Health" alerts

Created on 4 Mar 2019 · 19Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It isn't possible to create useful "Service Health" type alerts using Terraform because you cannot provide affected services and regions to be monitored in the activity log. These are needed to replicate the alert that is created by going through the Azure Portal. If these are not provided, your service health alert generates alerts for all services in all regions which is probably not interesting to alert on, since I would guess that most people are only using a subset of services/regions in their applications.

New or Affected Resource(s)

azurerm_monitor_activity_log_alert

Potential Terraform Configuration

resource "azurerm_monitor_activity_log_alert" "service_health" {
  name                = "example-servicehealthalert"
  resource_group_name = "${azurerm_resource_group.main.name}"
  scopes              = ["${data.azurerm_subscription.current.id}"]
  description         = "Health alerts for specific services and regions."

  criteria {
    category = "Service Health"

    service_health_events = ["Incident", "Maintenance"]

    service_health_regions = [
      "Global",
      "West Europe",
      "East US"
    ]

    service_health_services = [
      "Backup",
      "Load Balancer",
      "Network Infrastructure",
      "Virtual Machines",
      "Virtual Network"
    ]
  }

  action {
    //...
  }
}

service_health_events is an optional array of strings. There are 4 possible values for the strings: Incident, Maintenance, Informational, and ActionRequired. In the Azure Portal, these are represented by three choices in the selection menu: Service issue (Incident), Planned maintenance (Maintenance), and Health advisories (Informational and ActionRequired). When the value is omitted, all types of service health events will be alerted upon by omitting this criteria from the API request.

service_health_regions is an optional array of strings. Each string should be the display name of an Azure location (examples: "East US" or "Australia Central 2") or "Global", which is used for some location-less services. When this value is omitted, all regions of service health events will be alerted upon.

service_health_services is an optional array of strings. Each string should be the display name of an Azure service (examples: "Azure Database for MySQL" or "Key Vault"). It is not obvious where to get this list other than the Azure portal itself, where there are currently 148 services. When this value is omitted, all services will be alerted upon.

Here is some example JSON criteria for the above:

    "condition": {
        "allOf": [
            {
                "field": "category",
                "equals": "ServiceHealth",
                "containsAny": null
            },
            {
                "anyOf": [
                    {
                        "field": "properties.incidentType",
                        "equals": "Incident",
                        "containsAny": null
                    },
                    {
                        "field": "properties.incidentType",
                        "equals": "Maintenance",
                        "containsAny": null
                    }
                ]
            },
            {
                "field": "properties.impactedServices[*].ImpactedRegions[*].RegionName",
                "equals": null,
                "containsAny": [
                    "East US",
                    "West Europe",
                    "Global"
                ]
            },
            {
                "field": "properties.impactedServices[*].ServiceName",
                "equals": null,
                "containsAny": [
                    "Backup",
                    "Load Balancer",
                    "Network Infrastructure",
                    "Virtual Machines",
                    "Virtual Network"
                ]
            }
        ]
    }

References

enhancement servicmonitor

Source

lewinski

👍46

Most helpful comment

When will this issue get attention? over 18 months with no action. Why can we not have focused alerting? When you deal with environments of multiple products, hundreds of servers spread across multiple regions with many PaaS offerings incorporated this present alert becomes DISTRACTINGLY ANNOYING WITH ALERTS.

Microsoft staff please seek focus to enhance this. I don't understand why the conditional statements leveraged by the ARM template cannot be leveraged here. Is Azure not using focused APIs to support requests regardless of platform/service? I get the suspicion that MSFT is creating unique APIs for ARM, unique APIs for PowerShell, unique APIs for Azure CLI, unique APIs for portal.azure.com. If so, I am failing to see the benefit. Why could a unified API platform not serve all of the interfaces?

k7faq on 16 Dec 2020

👍3

All 19 comments

I'm happy to work on this functionality but I want to make sure that the schema makes sense before putting in any more time on it. I also would appreciate any recommendations on whether to attempt validation of the region and service lists and how to go about that if it is be recommended.

This does also kind of beg the question of having the ability to do generic "properties.*" alert queries but that seems like a more complicated design to get correct.

lewinski on 4 Mar 2019

+1 - Would be great if we had the additional fields.

rohrerb on 13 Mar 2019

I looked at this more today but it doesn't really seem practical until the SDK has support for these fields. I opened up an issue in the SDK repository to track the need.

lewinski on 5 Apr 2019

Hi @tombuildsstuff @lewinski , off topic. I am exploring to create Log Signal alerts for application insights logs with a query. I could not find a sample to see if log alert can be done with queries ? Could you please let me know if alerts can be created for app insights logs with specific query ? If yes, then how this can be done.. much appreciate your reply .

MMalikKhan on 2 May 2019

👍1

Hi, any expectations for the availability of this feature?

ghost on 8 Jun 2019

👍1

I couldn't even get this far, for some reason it's not recognizing the fields. I'm using the exact template that OP posted. Any ideas ? I'm using Terraform v0.12.4

Error: Unsupported argument

  on alerts.tf line 31, in resource "azurerm_monitor_activity_log_alert" "service_health":
  31:     service_health_services = [

An argument named "service_health_services" is not expected here.

mariojacobo on 26 Jul 2019

👎1

This feature would be great.

cholmes12 on 1 Aug 2019

Hi , Please let me know anyone when this issue will be resolved.
I am unable to add these conditions (specific regions, specific services) in the log alerts

suman5488 on 5 Mar 2020

This feature would be great, its like theres almost no point of even having the servicehealth category in the log alert if these features are lacking.

dhaugli on 10 May 2020

Looking forward to this feature. At least adding region would be beneficial.

turbut on 21 May 2020

yes!! it is very important :)

Yanunita on 27 May 2020

Any updates on that? To add the additional attributes like "_Regions_", etc. would be great.

stefan-rapp on 18 Jun 2020

Really need this soon. Adding the region alone would be enough for my use case for now.

al-lac on 23 Jun 2020

👍1

@tombuildsstuff Is anybody actively working on this and do you have an ETA? Right now we have to manually configure those alerts, shell out and use azure cli or similar hacks which is less than ideal.

elsesiy on 16 Jul 2020

Any update on this? Maybe it's already fixed, but haven't yet figured it out ...

MaxiPalle on 28 Aug 2020

I also have the need to create complex ResourceHealth alerts. Has there been any progress on this?

nu11modem on 8 Sep 2020

This is indeed still not solved. The workaround I can think of with terraform is sending Activity Log diagnostics to a Log Analytics workspace and then setting up an alert based on a LA query.