Setup Azure Alert for Azure is down

[jherrflexion]

Setup Azure Alert for Azure is down

Added terraform for creating Azure Alert for when Azure is down.

Issue

#1397

Checklist

Note: You may remove items that are not applicable

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Configuration Logic The logic to enable or disable the alert based on the environment (non-production vs production) should be reviewed to ensure it aligns with operational requirements. Hardcoded Values The alert configuration uses hardcoded values for alert levels and event types which might need to be configurable based on the environment or specific requirements.

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible issue	Adjust the scopes attribute to monitor the correct Azure resources Ensure that the scopes attribute in the azurerm_monitor_activity_log_alert resource is correctly set to monitor the intended Azure resources. Currently, it is set to monitor only the Azure Container Registry (azurerm_container_registry.registry.id). If the intention is to monitor more resources or different types, this should be adjusted accordingly. operations/template/alert.tf [36] -scopes = [azurerm_container_registry.registry.id] +scopes = [azurerm_resource_group.group.id, azurerm_container_registry.registry.id] Suggestion importance[1-10]: 7 Why: The suggestion correctly identifies a potential issue with the scope of resources being monitored, which is crucial for the alert's effectiveness. Adjusting the scope could significantly improve monitoring coverage.	7
Possible bug	Ensure dynamic referencing in action_group_id is accurate for alert routing Ensure that the action_group_id attribute dynamically references the correct action group by verifying the indexing and conditions used. This is crucial to ensure that alerts are sent to the correct recipients. operations/template/alert.tf [49] -action_group_id = azurerm_monitor_action_group.notify_slack_email[count.index].id +action_group_id = azurerm_monitor_action_group.notify_slack_email[local.non_pr_environment ? 0 : 1].id Suggestion importance[1-10]: 7 Why: Ensuring accurate dynamic referencing in action_group_id is crucial for alert routing to the correct recipients. This suggestion addresses a potential bug that could affect the alert system's reliability.	7
Enhancement	Expand the severity levels to enhance monitoring effectiveness Consider adding more severity levels in the levels attribute within the criteria block of the azurerm_monitor_activity_log_alert resource. Currently, it only triggers on "Error". Including other levels like "Warning" might help in proactive monitoring and issue resolution. operations/template/alert.tf [40] -levels = ["Error"] +levels = ["Error", "Warning"] Suggestion importance[1-10]: 6 Why: Expanding the severity levels can indeed enhance the monitoring by catching issues before they escalate. This is a valuable enhancement for proactive monitoring.	6
Best practice	Review the ignore_changes settings to ensure critical updates are not overlooked Verify the ignore_changes lifecycle configuration to ensure it aligns with the operational requirements. Ignoring changes to many tags might lead to overlooking important updates that could affect resource management and compliance. operations/template/alert.tf [56-68] ignore_changes = [ tags["business_steward"], - ... tags["zone"] ] Suggestion importance[1-10]: 5 Why: The suggestion to review ignore_changes is valid as it could prevent overlooking important updates. However, the suggestion lacks specific improvements and mainly asks for a review, which is less actionable.	5

[halprin]

Do we need this? Do we actually customize this to anything? I feel we could just hardcode "global" in the azurerm_monitor_activity_log_alert.

[pluckyswan]

Removed variable for now as its only used in this file. If more instances pop up, will refactor later.

[halprin]

This should be data.azurerm_resource_group.group.location? For every other resource that asks for a resource_group_name and location, we've put data.azurerm_resource_group.group.location for the location.

[jherrflexion]

I agree, and the docs appear to reflect this as well:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_activity_log_alert

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[halprin]