diff --git a/src/domains/fdr-app/00_alert_fdr_fase1.tf b/src/domains/fdr-app/00_alert_fdr_fase1.tf
index 2cd15134fe..84014b6eb8 100644
--- a/src/domains/fdr-app/00_alert_fdr_fase1.tf
+++ b/src/domains/fdr-app/00_alert_fdr_fase1.tf
@@ -32,4 +32,41 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "alert-fdr-nodo-error" {
}
}
+resource "azurerm_monitor_scheduled_query_rules_alert" "pagopa-fdr-nodo-rest-availability" {
+ count = var.env_short == "p" ? 1 : 0
+
+ resource_group_name = "dashboards"
+ name = "pagopa-${var.env_short}-pagopa-fdr-nodo-rest-availability"
+ location = var.location
+
+ action {
+ action_group = concat(local.action_groups_default, [data.azurerm_monitor_action_group.opsgenie[0].id])
+ email_subject = "Email Header"
+ custom_webhook_payload = "{}"
+ }
+
+ data_source_id = data.azurerm_api_management.apim.id
+ description = "Availability of pagopa-fdr-nodo REST APIs is less than or equal to 99%"
+ enabled = true
+ query = (<<-QUERY
+let threshold = 0.99;
+AzureDiagnostics
+| where url_s matches regex "/fdr-legacy/"
+| summarize
+ Total=count(),
+ Success=count(responseCode_d < 500)
+ by bin(TimeGenerated, 5m)
+| extend availability=toreal(Success) / Total
+| where availability < threshold
+ QUERY
+ )
+ severity = 1
+ frequency = 5
+ time_window = 5
+ trigger {
+ operator = "GreaterThanOrEqual"
+ threshold = 1
+ }
+}
+
diff --git a/src/domains/fdr-app/README.md b/src/domains/fdr-app/README.md
index a300ac146a..43a417e8e9 100644
--- a/src/domains/fdr-app/README.md
+++ b/src/domains/fdr-app/README.md
@@ -86,6 +86,7 @@
| [azurerm_monitor_scheduled_query_rules_alert.alert_fdr_psp_availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.alert_fdr_xmltojson_appexception](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_monitor_scheduled_query_rules_alert.alert_fdr_xmltojson_appexception_lastretry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
+| [azurerm_monitor_scheduled_query_rules_alert.pagopa-fdr-nodo-rest-availability](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
| [azurerm_resource_group.reporting_fdr_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [helm_release.cert_mounter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
@@ -152,38 +153,38 @@
|------|-------------|------|---------|:--------:|
| [apim\_dns\_zone\_prefix](#input\_apim\_dns\_zone\_prefix) | The dns subdomain for apim. | `string` | `null` | no |
| [apim\_fdr\_nodo\_pagopa\_enable](#input\_apim\_fdr\_nodo\_pagopa\_enable) | Enable Fdr Service Nodo pagoPA side | `bool` | `false` | no |
-| [app\_service\_plan\_info](#input\_app\_service\_plan\_info) | Allows to configurate the internal service plan | object({
kind = string # The kind of the App Service Plan to create. Possible values are Windows (also available as App), Linux, elastic (for Premium Consumption) and FunctionApp (for a Consumption Plan).
sku_size = string # Specifies the plan's instance size.
maximum_elastic_worker_count = number # The maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.
worker_count = number # The number of Workers (instances) to be allocated.
zone_balancing_enabled = bool # Should the Service Plan balance across Availability Zones in the region. Changing this forces a new resource to be created.
}) | {
"kind": "Linux",
"maximum_elastic_worker_count": 0,
"sku_size": "P1v3",
"worker_count": 0,
"zone_balancing_enabled": false
} | no |
+| [app\_service\_plan\_info](#input\_app\_service\_plan\_info) | Allows to configurate the internal service plan | object({
kind = string # The kind of the App Service Plan to create. Possible values are Windows (also available as App), Linux, elastic (for Premium Consumption) and FunctionApp (for a Consumption Plan).
sku_size = string # Specifies the plan's instance size.
maximum_elastic_worker_count = number # The maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.
worker_count = number # The number of Workers (instances) to be allocated.
zone_balancing_enabled = bool # Should the Service Plan balance across Availability Zones in the region. Changing this forces a new resource to be created.
}) | {
"kind": "Linux",
"maximum_elastic_worker_count": 0,
"sku_size": "P1v3",
"worker_count": 0,
"zone_balancing_enabled": false
} | no |
| [cidr\_subnet\_reporting\_fdr](#input\_cidr\_subnet\_reporting\_fdr) | Address prefixes subnet reporting\_fdr function | `list(string)` | `null` | no |
| [cname\_record\_name](#input\_cname\_record\_name) | n/a | `string` | `"config"` | no |
| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no |
| [domain](#input\_domain) | n/a | `string` | n/a | yes |
| [enable\_fdr3\_features](#input\_enable\_fdr3\_features) | Feature flag that enabled FdR-Fase3 APIs | `bool` | `false` | no |
-| [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | object({
}) | `{}` | no |
+| [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | object({
}) | `{}` | no |
| [env](#input\_env) | n/a | `string` | n/a | yes |
| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| [event\_name](#input\_event\_name) | Event name related to an EventHub | `string` | `null` | no |
| [eventhub\_name](#input\_eventhub\_name) | EventHub name | `string` | `null` | no |
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
-| [fdr\_json\_to\_xml\_function](#input\_fdr\_json\_to\_xml\_function) | FdR JSON to XML function | object({
always_on = bool
kind = string
sku_size = string
sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1",
"sku_tier": "Basic"
} | no |
+| [fdr\_json\_to\_xml\_function](#input\_fdr\_json\_to\_xml\_function) | FdR JSON to XML function | object({
always_on = bool
kind = string
sku_size = string
sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1",
"sku_tier": "Basic"
} | no |
| [fdr\_json\_to\_xml\_function\_app\_image\_tag](#input\_fdr\_json\_to\_xml\_function\_app\_image\_tag) | FdR JSON to XML function app docker image tag. Defaults to 'latest' | `string` | `"latest"` | no |
-| [fdr\_json\_to\_xml\_function\_autoscale](#input\_fdr\_json\_to\_xml\_function\_autoscale) | FdR JSON to XML function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
+| [fdr\_json\_to\_xml\_function\_autoscale](#input\_fdr\_json\_to\_xml\_function\_autoscale) | FdR JSON to XML function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
| [fdr\_json\_to\_xml\_function\_network\_policies\_enabled](#input\_fdr\_json\_to\_xml\_function\_network\_policies\_enabled) | Network policies enabled | `bool` | `false` | no |
| [fdr\_json\_to\_xml\_function\_subnet](#input\_fdr\_json\_to\_xml\_function\_subnet) | Address prefixes subnet | `list(string)` | `null` | no |
-| [fdr\_re\_function](#input\_fdr\_re\_function) | FdR RE function | object({
always_on = bool
kind = string
sku_size = string
# sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1"
} | no |
+| [fdr\_re\_function](#input\_fdr\_re\_function) | FdR RE function | object({
always_on = bool
kind = string
sku_size = string
# sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1"
} | no |
| [fdr\_re\_function\_app\_image\_tag](#input\_fdr\_re\_function\_app\_image\_tag) | FdR RE to Datastore function app docker image tag. Defaults to 'latest' | `string` | `"latest"` | no |
-| [fdr\_re\_function\_autoscale](#input\_fdr\_re\_function\_autoscale) | FdR function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
+| [fdr\_re\_function\_autoscale](#input\_fdr\_re\_function\_autoscale) | FdR function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
| [fdr\_re\_function\_network\_policies\_enabled](#input\_fdr\_re\_function\_network\_policies\_enabled) | Network policies enabled | `bool` | `false` | no |
| [fdr\_re\_function\_subnet](#input\_fdr\_re\_function\_subnet) | Address prefixes subnet | `list(string)` | `null` | no |
-| [fdr\_xml\_to\_json\_function](#input\_fdr\_xml\_to\_json\_function) | FdR XML to JSON function | object({
always_on = bool
kind = string
sku_size = string
sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1",
"sku_tier": "Basic"
} | no |
+| [fdr\_xml\_to\_json\_function](#input\_fdr\_xml\_to\_json\_function) | FdR XML to JSON function | object({
always_on = bool
kind = string
sku_size = string
sku_tier = string
maximum_elastic_worker_count = number
}) | {
"always_on": true,
"kind": "Linux",
"maximum_elastic_worker_count": 1,
"sku_size": "B1",
"sku_tier": "Basic"
} | no |
| [fdr\_xml\_to\_json\_function\_app\_image\_tag](#input\_fdr\_xml\_to\_json\_function\_app\_image\_tag) | FdR XML to JSON function app docker image tag. Defaults to 'latest' | `string` | `"latest"` | no |
-| [fdr\_xml\_to\_json\_function\_autoscale](#input\_fdr\_xml\_to\_json\_function\_autoscale) | FdR function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
+| [fdr\_xml\_to\_json\_function\_autoscale](#input\_fdr\_xml\_to\_json\_function\_autoscale) | FdR function autoscaling parameters | object({
default = number
minimum = number
maximum = number
}) | n/a | yes |
| [fdr\_xml\_to\_json\_function\_network\_policies\_enabled](#input\_fdr\_xml\_to\_json\_function\_network\_policies\_enabled) | Network policies enabled | `bool` | `false` | no |
| [fdr\_xml\_to\_json\_function\_subnet](#input\_fdr\_xml\_to\_json\_function\_subnet) | Address prefixes subnet | `list(string)` | `null` | no |
| [fn\_app\_runtime\_version](#input\_fn\_app\_runtime\_version) | Function app runtime version. | `string` | `"~4"` | no |
| [ftp\_organization](#input\_ftp\_organization) | Organization configured with FTP | `string` | `null` | no |
| [function\_app\_storage\_account\_replication\_type](#input\_function\_app\_storage\_account\_replication\_type) | (Optional) Storage account replication type used for function apps | `string` | `"ZRS"` | no |
| [gh\_runner\_job\_location](#input\_gh\_runner\_job\_location) | (Optional) The GH runner container app job location. Consistent with the container app environment location | `string` | `"westeurope"` | no |
-| [github](#input\_github) | n/a | object({
org = string
}) | {
"org": "pagopa"
} | no |
+| [github](#input\_github) | n/a | object({
org = string
}) | {
"org": "pagopa"
} | no |
| [image\_name](#input\_image\_name) | The image name to use with a function app | `string` | `null` | no |
| [image\_tag](#input\_image\_tag) | The image tag to use with a function app | `string` | `null` | no |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
@@ -195,7 +196,7 @@
| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
| [nodo\_pagamenti\_subkey\_required](#input\_nodo\_pagamenti\_subkey\_required) | Enabled subkeys for nodo dei pagamenti api | `bool` | `false` | no |
-| [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | map(object({
name = optional(string, null)
minAvailable = optional(number, null)
matchLabels = optional(map(any), {})
})) | `{}` | no |
+| [pod\_disruption\_budgets](#input\_pod\_disruption\_budgets) | Pod disruption budget for domain namespace | map(object({
name = optional(string, null)
minAvailable = optional(number, null)
matchLabels = optional(map(any), {})
})) | `{}` | no |
| [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| [private\_endpoint\_network\_policies\_enabled](#input\_private\_endpoint\_network\_policies\_enabled) | Enables or network policies for private endpoints in Azure. | `bool` | n/a | yes |
| [reporting\_fdr\_function\_always\_on](#input\_reporting\_fdr\_function\_always\_on) | Always on property | `bool` | `false` | no |
@@ -205,10 +206,10 @@
| [reporting\_fdr\_function\_kind](#input\_reporting\_fdr\_function\_kind) | App service plan kind | `string` | `null` | no |
| [reporting\_fdr\_function\_sku\_size](#input\_reporting\_fdr\_function\_sku\_size) | App service plan sku size | `string` | `null` | no |
| [reporting\_fdr\_function\_sku\_tier](#input\_reporting\_fdr\_function\_sku\_tier) | App service plan sku tier | `string` | `null` | no |
-| [reporting\_fdr\_storage\_account\_info](#input\_reporting\_fdr\_storage\_account\_info) | Storage account | object({
account_kind = string
account_tier = string
account_replication_type = string
access_tier = string
advanced_threat_protection_enable = bool
use_legacy_defender_version = bool
public_network_access_enabled = bool
}) | {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection_enable": true,
"public_network_access_enabled": false,
"use_legacy_defender_version": false
} | no |
-| [storage\_account\_info](#input\_storage\_account\_info) | Storage account | object({
account_kind = string
account_tier = string
account_replication_type = string
access_tier = string
advanced_threat_protection_enable = bool
use_legacy_defender_version = bool
public_network_access_enabled = bool
}) | {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection_enable": true,
"public_network_access_enabled": false,
"use_legacy_defender_version": false
} | no |
-| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
-| [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | object({
chart_version = string,
image_name = string,
image_tag = string
}) | n/a | yes |
+| [reporting\_fdr\_storage\_account\_info](#input\_reporting\_fdr\_storage\_account\_info) | Storage account | object({
account_kind = string
account_tier = string
account_replication_type = string
access_tier = string
advanced_threat_protection_enable = bool
use_legacy_defender_version = bool
public_network_access_enabled = bool
}) | {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection_enable": true,
"public_network_access_enabled": false,
"use_legacy_defender_version": false
} | no |
+| [storage\_account\_info](#input\_storage\_account\_info) | Storage account | object({
account_kind = string
account_tier = string
account_replication_type = string
access_tier = string
advanced_threat_protection_enable = bool
use_legacy_defender_version = bool
public_network_access_enabled = bool
}) | {
"access_tier": "Hot",
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection_enable": true,
"public_network_access_enabled": false,
"use_legacy_defender_version": false
} | no |
+| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
+| [tls\_cert\_check\_helm](#input\_tls\_cert\_check\_helm) | tls cert helm chart configuration | object({
chart_version = string,
image_name = string,
image_tag = string
}) | n/a | yes |
## Outputs
diff --git a/src/domains/fdr-common/03_postgresql_replica.tf b/src/domains/fdr-common/03_postgresql_replica.tf
index fa189ddf70..bbf7915f8d 100644
--- a/src/domains/fdr-common/03_postgresql_replica.tf
+++ b/src/domains/fdr-common/03_postgresql_replica.tf
@@ -49,6 +49,8 @@ module "postgresql_fdr_replica_db" {
log_analytics_workspace_id = data.azurerm_log_analytics_workspace.log_analytics.id
zone = 2
tags = var.tags
+
+ alerts_enabled = var.pgres_flex_params.alerts_enabled
}
resource "azurerm_postgresql_flexible_server_virtual_endpoint" "virtual_endpoint" {
diff --git a/src/domains/fdr-common/README.md b/src/domains/fdr-common/README.md
index a362e389fe..5240be09d6 100644
--- a/src/domains/fdr-common/README.md
+++ b/src/domains/fdr-common/README.md
@@ -143,9 +143,9 @@
| [cidr\_subnet\_cosmosdb\_fdr](#input\_cidr\_subnet\_cosmosdb\_fdr) | Cosmos DB address space for fdr. | `list(string)` | n/a | yes |
| [cidr\_subnet\_flex\_dbms](#input\_cidr\_subnet\_flex\_dbms) | Postgresql network address space. | `list(string)` | n/a | yes |
| [cidr\_subnet\_storage\_account](#input\_cidr\_subnet\_storage\_account) | Storage account network address space. | `list(string)` | n/a | yes |
-| [cosmos\_mongo\_db\_fdr\_params](#input\_cosmos\_mongo\_db\_fdr\_params) | n/a | object({
enabled = bool
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
enable_serverless = bool
enable_autoscaling = bool
throughput = number
max_throughput = number
container_default_ttl = number
}) | n/a | yes |
-| [cosmos\_mongo\_db\_fdr\_re\_params](#input\_cosmos\_mongo\_db\_fdr\_re\_params) | n/a | object({
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
enable_serverless = bool
enable_autoscaling = bool
throughput = number
max_throughput = number
container_default_ttl = number
}) | n/a | yes |
-| [custom\_metric\_alerts](#input\_custom\_metric\_alerts) | Map of name = criteria objects | map(object({
# criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
aggregation = string
metric_name = string
# "Insights.Container/pods" "Insights.Container/nodes"
metric_namespace = string
# criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
operator = string
threshold = number
# Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
frequency = string
# Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
window_size = string
# severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3.
severity = number
})) | {
"active_connections": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "active_connections",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"connections_failed": {
"aggregation": "Total",
"frequency": "PT5M",
"metric_name": "connections_failed",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"cpu_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "cpu_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 4500,
"window_size": "PT30M"
},
"memory_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "memory_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"storage_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "storage_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
}
} | no |
+| [cosmos\_mongo\_db\_fdr\_params](#input\_cosmos\_mongo\_db\_fdr\_params) | n/a | object({
enabled = bool
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
enable_serverless = bool
enable_autoscaling = bool
throughput = number
max_throughput = number
container_default_ttl = number
}) | n/a | yes |
+| [cosmos\_mongo\_db\_fdr\_re\_params](#input\_cosmos\_mongo\_db\_fdr\_re\_params) | n/a | object({
capabilities = list(string)
offer_type = string
server_version = string
kind = string
consistency_policy = object({
consistency_level = string
max_interval_in_seconds = number
max_staleness_prefix = number
})
main_geo_location_zone_redundant = bool
enable_free_tier = bool
additional_geo_locations = list(object({
location = string
failover_priority = number
zone_redundant = bool
}))
private_endpoint_enabled = bool
public_network_access_enabled = bool
is_virtual_network_filter_enabled = bool
backup_continuous_enabled = bool
enable_serverless = bool
enable_autoscaling = bool
throughput = number
max_throughput = number
container_default_ttl = number
}) | n/a | yes |
+| [custom\_metric\_alerts](#input\_custom\_metric\_alerts) | Map of name = criteria objects | map(object({
# criteria.*.aggregation to be one of [Average Count Minimum Maximum Total]
aggregation = string
metric_name = string
# "Insights.Container/pods" "Insights.Container/nodes"
metric_namespace = string
# criteria.0.operator to be one of [Equals NotEquals GreaterThan GreaterThanOrEqual LessThan LessThanOrEqual]
operator = string
threshold = number
# Possible values are PT1M, PT5M, PT15M, PT30M and PT1H
frequency = string
# Possible values are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H and P1D.
window_size = string
# severity: The severity of this Metric Alert. Possible values are 0, 1, 2, 3 and 4. Defaults to 3.
severity = number
})) | {
"active_connections": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "active_connections",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"connections_failed": {
"aggregation": "Total",
"frequency": "PT5M",
"metric_name": "connections_failed",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"cpu_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "cpu_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 4500,
"window_size": "PT30M"
},
"memory_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "memory_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
},
"storage_percent": {
"aggregation": "Average",
"frequency": "PT5M",
"metric_name": "storage_percent",
"metric_namespace": "Microsoft.DBforPostgreSQL/flexibleServers",
"operator": "GreaterThan",
"severity": 2,
"threshold": 80,
"window_size": "PT30M"
}
} | no |
| [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no |
| [domain](#input\_domain) | n/a | `string` | n/a | yes |
| [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no |
@@ -153,15 +153,15 @@
| [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
| [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
| [fdr\_convertion\_delete\_retention\_days](#input\_fdr\_convertion\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no |
-| [fdr\_history\_storage\_account](#input\_fdr\_history\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"advanced_threat_protection_enabled": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
+| [fdr\_history\_storage\_account](#input\_fdr\_history\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"advanced_threat_protection_enabled": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
| [fdr\_re\_advanced\_threat\_protection](#input\_fdr\_re\_advanced\_threat\_protection) | Enable contract threat advanced protection | `bool` | `false` | no |
| [fdr\_re\_delete\_retention\_days](#input\_fdr\_re\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no |
-| [fdr\_re\_storage\_account](#input\_fdr\_re\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"advanced_threat_protection_enabled": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
+| [fdr\_re\_storage\_account](#input\_fdr\_re\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"advanced_threat_protection_enabled": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
| [fdr\_re\_versioning](#input\_fdr\_re\_versioning) | Enable sa versioning | `bool` | `false` | no |
-| [fdr\_storage\_account](#input\_fdr\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
+| [fdr\_storage\_account](#input\_fdr\_storage\_account) | n/a | object({
account_kind = string
account_tier = string
account_replication_type = string
advanced_threat_protection = bool
blob_versioning_enabled = bool
public_network_access_enabled = bool
blob_delete_retention_days = number
enable_low_availability_alert = bool
backup_enabled = optional(bool, false)
backup_retention = optional(number, 0)
}) | {
"account_kind": "StorageV2",
"account_replication_type": "LRS",
"account_tier": "Standard",
"advanced_threat_protection": true,
"backup_enabled": false,
"backup_retention": 0,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false,
"enable_low_availability_alert": false,
"public_network_access_enabled": false
} | no |
| [geo\_replica\_cidr\_subnet\_postgresql](#input\_geo\_replica\_cidr\_subnet\_postgresql) | Address prefixes replica subnet postgresql | `list(string)` | `null` | no |
| [geo\_replica\_enabled](#input\_geo\_replica\_enabled) | (Optional) True if geo replica should be active for key data components i.e. PostgreSQL Flexible servers | `bool` | `false` | no |
-| [github](#input\_github) | n/a | object({
org = string
}) | {
"org": "pagopa"
} | no |
+| [github](#input\_github) | n/a | object({
org = string
}) | {
"org": "pagopa"
} | no |
| [ingress\_load\_balancer\_ip](#input\_ingress\_load\_balancer\_ip) | n/a | `string` | n/a | yes |
| [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
| [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
@@ -173,13 +173,13 @@
| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
| [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
| [pgres\_flex\_fdr\_db\_name](#input\_pgres\_flex\_fdr\_db\_name) | FdR DB name | `string` | `"fdr"` | no |
-| [pgres\_flex\_params](#input\_pgres\_flex\_params) | Postgres Flexible | object({
sku_name = string
db_version = string
storage_mb = string
zone = number
standby_zone = optional(number, 1)
backup_retention_days = number
geo_redundant_backup_enabled = bool
create_mode = string
pgres_flex_private_endpoint_enabled = bool
pgres_flex_ha_enabled = bool
pgres_flex_pgbouncer_enabled = bool
pgres_flex_diagnostic_settings_enabled = bool
alerts_enabled = bool
max_connections = number
pgbouncer_min_pool_size = number
max_worker_process = number
wal_level = string
shared_preoload_libraries = string
public_network_access_enabled = bool
}) | n/a | yes |
+| [pgres\_flex\_params](#input\_pgres\_flex\_params) | Postgres Flexible | object({
sku_name = string
db_version = string
storage_mb = string
zone = number
standby_zone = optional(number, 1)
backup_retention_days = number
geo_redundant_backup_enabled = bool
create_mode = string
pgres_flex_private_endpoint_enabled = bool
pgres_flex_ha_enabled = bool
pgres_flex_pgbouncer_enabled = bool
pgres_flex_diagnostic_settings_enabled = bool
alerts_enabled = bool
max_connections = number
pgbouncer_min_pool_size = number
max_worker_process = number
wal_level = string
shared_preoload_libraries = string
public_network_access_enabled = bool
}) | n/a | yes |
| [postgres\_dns\_registration\_enabled](#input\_postgres\_dns\_registration\_enabled) | (Optional) If true, adds a CNAME record for the database FQDN in the db private dns | `bool` | `false` | no |
| [postgres\_dns\_registration\_virtual\_endpoint\_enabled](#input\_postgres\_dns\_registration\_virtual\_endpoint\_enabled) | (Optional) If true, adds a CNAME record for the database VE in the db private dns | `bool` | `false` | no |
| [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
| [reporting\_fdr\_blobs\_retention\_days](#input\_reporting\_fdr\_blobs\_retention\_days) | The number of day for storage\_management\_policy | `number` | `30` | no |
-| [reporting\_fdr\_storage\_account](#input\_reporting\_fdr\_storage\_account) | n/a | object({
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
blob_delete_retention_days = number
account_replication_type = string
}) | {
"account_replication_type": "LRS",
"advanced_threat_protection": false,
"advanced_threat_protection_enabled": false,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false
} | no |
-| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
+| [reporting\_fdr\_storage\_account](#input\_reporting\_fdr\_storage\_account) | n/a | object({
advanced_threat_protection = bool
advanced_threat_protection_enabled = bool
blob_versioning_enabled = bool
blob_delete_retention_days = number
account_replication_type = string
}) | {
"account_replication_type": "LRS",
"advanced_threat_protection": false,
"advanced_threat_protection_enabled": false,
"blob_delete_retention_days": 30,
"blob_versioning_enabled": false
} | no |
+| [tags](#input\_tags) | n/a | `map(any)` | {
"CreatedBy": "Terraform"
} | no |
## Outputs
diff --git a/src/domains/fdr-common/env/weu-prod/terraform.tfvars b/src/domains/fdr-common/env/weu-prod/terraform.tfvars
index 9997dbbf60..84a0d87f03 100644
--- a/src/domains/fdr-common/env/weu-prod/terraform.tfvars
+++ b/src/domains/fdr-common/env/weu-prod/terraform.tfvars
@@ -50,7 +50,7 @@ pgres_flex_params = {
pgres_flex_pgbouncer_enabled = true
standby_availability_zone = 2
pgres_flex_diagnostic_settings_enabled = false
- alerts_enabled = false
+ alerts_enabled = true
max_connections = 5000
pgbouncer_min_pool_size = 10
max_worker_process = 32
@@ -195,7 +195,7 @@ fdr_storage_account = {
advanced_threat_protection_enabled = false
public_network_access_enabled = false
blob_delete_retention_days = 90
- enable_low_availability_alert = false
+ enable_low_availability_alert = true
backup_enabled = true
backup_retention = 30
}
@@ -209,7 +209,7 @@ fdr_re_storage_account = {
advanced_threat_protection_enabled = false
public_network_access_enabled = false
blob_delete_retention_days = 90
- enable_low_availability_alert = false
+ enable_low_availability_alert = true
backup_enabled = true
backup_retention = 30
}
@@ -223,7 +223,7 @@ fdr_history_storage_account = {
advanced_threat_protection_enabled = false
public_network_access_enabled = false
blob_delete_retention_days = 90
- enable_low_availability_alert = false
+ enable_low_availability_alert = true
backup_enabled = true
backup_retention = 30
}
@@ -237,7 +237,7 @@ fdr_flow_storage_account = {
advanced_threat_protection_enabled = false
public_network_access_enabled = false
blob_delete_retention_days = 90
- enable_low_availability_alert = false
+ enable_low_availability_alert = true
}
#