Develop Reference

Terraform Alerts for Azure Functions

I am trying to research if it is possible to create alerts for azure functions via terraform.
My goal is to create a general rule that can be setup for on going functions that would alert us if an automated/timed function fails for x amount of times

I tried to reproduce the same in my environment to create the Alerts in Function app using Terraform:
Terraform code.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "thejesh-rg" {
name = "Thejesh-RG-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "thejeshstorage" {
name = "thejeshstorageaccount"
resource_group_name = azurerm_resource_group.thejesh-rg.name
location = azurerm_resource_group.thejesh-rg.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_service_plan" "thejeshsp" {
name = "thejeshsp-app-service-plan"
resource_group_name = azurerm_resource_group.thejesh-rg.name
location = azurerm_resource_group.thejesh-rg.location
os_type = "Linux"
sku_name = "P1v2"
}
resource "azurerm_linux_function_app" "thejesh" {
name = "thejesh-linux-function-app"
resource_group_name = azurerm_resource_group.thejesh-rg.name
location = azurerm_resource_group.thejesh-rg.location
storage_account_name = azurerm_storage_account.thejeshstorage.name
storage_account_access_key = azurerm_storage_account.thejeshstorage.primary_access_key
service_plan_id = azurerm_service_plan.thejeshsp.id
site_config {}
}
resource "azurerm_monitor_action_group" "actiongroup" {
name = "thejesh-actiongroup"
resource_group_name = azurerm_resource_group.thejesh-rg.name
short_name = "exampleact"
email_receiver{
email_address = "Email-ID"
name = "sendtoadmin"
}
}
resource "azurerm_monitor_metric_alert" "metrics" {
name = "theja-metricalert"
resource_group_name = azurerm_resource_group.thejesh-rg.name
scopes = [azurerm_linux_function_app.thejesh.id]
description = "Action will be triggered when Transactions count is greater than 1."
criteria {
metric_namespace = "Microsoft.Web/sites"
metric_name = "Requests"
aggregation = "Total"
operator = "GreaterThan"
threshold = "1"
}
action {
action_group_id = azurerm_monitor_action_group.actiongroup.id
}
}
Terraform Plan:
Terraform Apply
Once ran the code resources are created.
Alert notification.
Successfully received email.

Yes it's possible. See the documentation here.
Sample taken from the docs is creating a metric alert:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "to_monitor" {
name = "examplestorageaccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_monitor_action_group" "main" {
name = "example-actiongroup"
resource_group_name = azurerm_resource_group.example.name
short_name = "exampleact"
webhook_receiver {
name = "callmyapi"
service_uri = "http://example.com/alert"
}
}
resource "azurerm_monitor_metric_alert" "example" {
name = "example-metricalert"
resource_group_name = azurerm_resource_group.example.name
scopes = [azurerm_storage_account.to_monitor.id]
description = "Action will be triggered when Transactions count is greater than 50."
criteria {
metric_namespace = "Microsoft.Storage/storageAccounts"
metric_name = "Transactions"
aggregation = "Total"
operator = "GreaterThan"
threshold = 50
dimension {
name = "ApiName"
operator = "Include"
values = ["*"]
}
}
action {
action_group_id = azurerm_monitor_action_group.main.id
}
}

How can I enable notifications for upcoming scheduled maintenance events using terraform for azure postgresql flexible server using terraform

I have deployed a postgreesql server using terraform. I have configured schedule maintenance.
maintenance_window {
day_of_week = 0 // Sunday
start_hour = 21
start_minute = 0
}
Now i want to enable notifications through mail address for upcoming scheduled maintenance events using terraform for azure postgresql flexible server..could you please guide me how can i configure it through the terraform.is it possible to send a test event notification right after the configuration to check whether is it enabled or not ?. I really appreciate any positive reply and thanks in advance.

I tried to add the monitoring and email notifications for the postgresssql flexible server and got the below output
I have added the following script to get the email and notifications for flexible server
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "RG_NAME"
location = "EASTUS"
}
resource "azurerm_virtual_network" "example" {
name = "example-vn"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "example" {
name = "example-sn"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
delegation {
name = "fs"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}
resource "azurerm_private_dns_zone" "example" {
name = "example.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "example" {
name = "exampleVnetZone.com"
private_dns_zone_name = azurerm_private_dns_zone.example.name
virtual_network_id = azurerm_virtual_network.example.id
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_postgresql_flexible_server" "example" {
name = "example-psqlflexibleserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12"
delegated_subnet_id = azurerm_subnet.example.id
private_dns_zone_id = azurerm_private_dns_zone.example.id
administrator_login = "psqladmin"
administrator_password = "H#Sh1CoR3!"
zone = "1"
storage_mb = 32768
backup_retention_days = 30
geo_redundant_backup_enabled = true
sku_name = "GP_Standard_D4s_v3"
depends_on = [azurerm_private_dns_zone_virtual_network_link.example]
}
resource "azurerm_postgresql_flexible_server" "examplez" {
administrator_login = "psqladmin"
administrator_password = "H#Sh1CoR3!"
name = "dbserverex"
resource_group_name= "RG_NAME"
location = "eastus"
storage_mb = 32768
backup_retention_days = 30
geo_redundant_backup_enabled = true
sku_name = "GP_Standard_D4s_v3"
depends_on = [azurerm_private_dns_zone_virtual_network_link.example]
}
resource "azurerm_postgresql_flexible_server" "dbtomonitor" {
resource_group_name = "RG_NAME"
name = "testdb"
location = "eastus"
geo_redundant_backup_enabled = true
sku_name = "GP_Standard_D4s_v3"
depends_on = [azurerm_private_dns_zone_virtual_network_link.example]
}
resource "azurerm_monitor_metric_alert" "example" {
name = "example-metricalert"
resource_group_name = azurerm_postgresql_flexible_server.examplez.resource_group_name
scopes = [azurerm_postgresql_flexible_server.dbtomonitor.id]
description = "action will be triggered when cpu percent is greater than 80."
criteria {
metric_namespace = "Microsoft.Sql/servers/databases"
metric_name = "cpu_percent"
aggregation = "Average"
operator = "GreaterThan"
threshold = 80
}
action {
action_group_id = azurerm_monitor_action_group.example.id
}
}
resource "azurerm_monitor_action_group" "example" {
name = "CriticalAlertsAction"
resource_group_name = data.azurerm_mssql_server.example.resource_group_name
short_name = "p0action"
email_receiver {
name = "komaliXXXXXX#.com"
email_address = "youremailid"
use_common_alert_schema = true
}
}
After adding the above script run the below steps to execute the terraform file
terraform init
This will initialise the file
Terraform plan
This will creates an execution plan and it will preview the changes that terraform plans to make the infrastructure
it will show the monitoring and email notification rules
terraform apply
This will creates or updates the infrastructure depending on the configuration and also creates the metric rules for the flexible server
For more information use this reference link
NOTE:
Please make sure while writing the script, resource group , version, sku_name, admin credentials, location, storage_mb, email should be given

How to create alert rule in terraform for SQL DB

I can't seem to find any examples and I am running into different errors depending on what I'm doing.
I'm trying to get this to work and it's just not happening... any thoughts?
resource "azurerm_monitor_metric_alert" "example" {
name = "example-metricalert"
resource_group_name = azurerm_resource_group.example.name
scopes = [azurerm_mssql_database.test.server_id]
description = "Action will be triggered when cpu is greater than 80%."
criteria {
metric_namespace = "Microsoft.Sql/servers/databases"
metric_name = "CPU_percentage"
aggregation = "Average"
operator = "GreaterThan"
threshold = 80
}
}

You can use the below code to create an metrics alert for SQL DB. I have tested it for an existing SQL DB, so used data blocks.
Main.tf
provider "azurerm" {
features {}
}
data "azurerm_mssql_server" "example" {
name = "ztestansumanserver"
resource_group_name = "yourresourcegroup"
}
data "azurerm_mssql_database" "dbtomonitor" {
name = "testansumandb"
server_id = data.azurerm_mssql_server.example.id
}
resource "azurerm_monitor_action_group" "example" {
name = "CriticalAlertsAction"
resource_group_name = data.azurerm_mssql_server.example.resource_group_name
short_name = "p0action"
email_receiver {
name = "sendtoadmin"
email_address = "youremailid"
use_common_alert_schema = true
}
}
resource "azurerm_monitor_metric_alert" "example" {
name = "example-metricalert"
resource_group_name = data.azurerm_mssql_server.example.resource_group_name
scopes = [data.azurerm_mssql_database.dbtomonitor.id]
description = "Action will be triggered when cpu percent is greater than 80."
criteria {
metric_namespace = "Microsoft.Sql/servers/databases"
metric_name = "cpu_percent"
aggregation = "Average"
operator = "GreaterThan"
threshold = 80
}
action {
action_group_id = azurerm_monitor_action_group.example.id
}
}
output:
Note: As per the above script alert is created successfully and it will also trigger a mail to you when the cpu_percent > 80 .
Reference:
Azure Monitor supported metrics by resource type - Azure Monitor | Microsoft Docs

How to create different metric type alerts for multiple resources of same resource type

I am working on to create the alerts in azure with Terraform scripts. I am trying to create different metric type alerts for different resources. (For example: functionapp01, functionapp02, logicapp01 and logicapp02 etc.)
This is the script:
terraform {
required_version = ">=0.12"
}
resource "azurerm_monitor_metric_alert" "metric_alert" {
name = var.metric_alert_name
resource_group_name = var.rg_name
scopes = [var.resource_id_01,var.resource_id_02]
description = var.metric_alert_description
tags = var.tags
frequency = var.frequency
severity = var.severity
window_size = var.window_size
enabled = var.is_enabled
criteria {
metric_namespace = var.metric_namespace
metric_name = var.metric_name
aggregation = var.aggregation
operator = var.operator
threshold = var.threshold
}
action {
action_group_id = var.action_group_id
}
}
Whenever I run the above script, then I am getting the below error:
Service returned an error. Status=400 Code="BadRequest" Message="Alerts are currently not supported with multi resource level for microsoft.web/sites
Reference Links:
azurerm_monitor_metric_alert
Metrics and Dimensions Supported
So, can anyone suggest me on this issue?

As the error show, the microsoft.web/sites resource type does not support Multi-resource alerts, refer to https://learn.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric-near-real-time#metrics-and-dimensions-supported
In this case, you have to create each monitor_metric_alert on each resource level.
For example, if you have created two functions, functionapp01, functionapp02. You can do it like this.
variable "function_apps" {
default = ["functionapp01","functionapp02"]
}
data "azurerm_function_app" "example" {
for_each = toset(var.function_apps)
name = each.value
resource_group_name = "funtions_rg"
}
resource "azurerm_monitor_metric_alert" "metric_alert" {
for_each = toset(var.function_apps)
name = "${each.value}-example-metricalert"
resource_group_name = var.rg_name
scopes = [data.azurerm_function_app.example[each.value].id]
description = var.metric_alert_description
tags = var.tags
frequency = var.frequency
severity = var.severity
window_size = var.window_size
enabled = var.is_enabled
criteria {
metric_namespace = var.metric_namespace
metric_name = var.metric_name
aggregation = var.aggregation
operator = var.operator
threshold = var.threshold
}
action {
action_group_id = var.action_group_id
}
}
Update
If you have function app resources is being created with Terraform, you can use them like this:
variable "function_apps" {
default = ["functionapp01","functionapp02"]
}
resource "azurerm_function_app" "example" {
for_each = toset(var.function_apps)
name = "${each.value}-example-funapp"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
app_settings = { }
version = "~3"
}
resource "azurerm_monitor_metric_alert" "test" {
for_each = toset(var.function_apps)
name = "${each.value}-example-metricalert"
resource_group_name = azurerm_resource_group.example.name
scopes = [azurerm_function_app.example[each.value].id]
description = var.metric_alert_description
severity = var.severity
window_size = var.window_size
enabled = var.is_enabled
criteria {
metric_namespace = var.metric_namespace
metric_name = var.metric_name
aggregation = var.aggregation
operator = var.operator
threshold = var.threshold
}
action {
action_group_id = var.action_group_id
}
}

specifying in terraform that the OS is linux for azurerm_function_app

I have the following azurerm_function_app terrform section:
resource "azurerm_function_app" "main" {
name = "${var.storage_function_name}"
location = "${azurerm_resource_group.main.location}"
resource_group_name = "${azurerm_resource_group.main.name}"
app_service_plan_id = "${azurerm_app_service_plan.main.id}"
storage_connection_string = "${azurerm_storage_account.main.primary_connection_string}"
https_only = true
app_settings {
"APPINSIGHTS_INSTRUMENTATIONKEY" = "${azurerm_application_insights.main.instrumentation_key}"
}
}
How can I specify the OS is linux?

Since there is not much documentation, I used following technique to construct terraform template.
Create the type of function app you want in azure portal
Import same resource using terraform import command.
terraform import azurerm_function_app.functionapp1
/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Web/sites/functionapp1
following information will be retrieved
id = /subscriptions/xxxx/resourceGroups/xxxxxx/providers/Microsoft.Web/sites/xxxx
app_service_plan_id = /subscriptions/xxx/resourceGroups/xxxx/providers/Microsoft.Web/serverfarms/xxxx
app_settings.% = 3
app_settings.FUNCTIONS_WORKER_RUNTIME = node
app_settings.MACHINEKEY_DecryptionKey = xxxxx
app_settings.WEBSITE_NODE_DEFAULT_VERSION = 10.14.1
client_affinity_enabled = false
connection_string.# = 0
default_hostname = xxxx.azurewebsites.net
enable_builtin_logging = false
enabled = true
https_only = false
identity.# = 0
kind = functionapp,linux,container
location = centralus
name = xxxxx
outbound_ip_addresses = xxxxxx
resource_group_name = xxxx
site_config.# = 1
site_config.0.always_on = true
site_config.0.linux_fx_version = DOCKER|microsoft/azure-functions-node8:2.0
site_config.0.use_32_bit_worker_process = true
site_config.0.websockets_enabled = false
site_credential.# = 1
site_credential.0.password =xxxxxx
site_credential.0.username = xxxxxx
storage_connection_string = xxxx
tags.% = 0
version = ~2
From this I build following terraform template
provider "azurerm" {
}
resource "azurerm_resource_group" "linuxnodefunction" {
name = "azure-func-linux-node-rg"
location = "westus2"
}
resource "azurerm_storage_account" "linuxnodesa" {
name = "azurefunclinuxnodesa"
resource_group_name = "${azurerm_resource_group.linuxnodefunction.name}"
location = "${azurerm_resource_group.linuxnodefunction.location}"
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_app_service_plan" "linuxnodesp" {
name = "azure-func-linux-node-sp"
location = "${azurerm_resource_group.linuxnodefunction.location}"
resource_group_name = "${azurerm_resource_group.linuxnodefunction.name}"
kind = "Linux"
reserved = true
sku {
capacity = 1
size = "P1v2"
tier = "PremiunV2"
}
}
resource "azurerm_function_app" "linuxnodefuncapp" {
name = "azure-func-linux-node-function-app"
location = "${azurerm_resource_group.linuxnodefunction.location}"
resource_group_name = "${azurerm_resource_group.linuxnodefunction.name}"
app_service_plan_id = "${azurerm_app_service_plan.linuxnodesp.id}"
storage_connection_string = "${azurerm_storage_account.linuxnodesa.primary_connection_string}"
app_settings {
FUNCTIONS_WORKER_RUNTIME = "node"
WEBSITE_NODE_DEFAULT_VERSION = "10.14.1"
}
site_config {
always_on = true
linux_fx_version = "DOCKER|microsoft/azure-functions-node8:2.0"
use_32_bit_worker_process = true
websockets_enabled = false
}
}
Let us know your experience with this. I will try to test few things with this.

I think you need to specify that in app_service_plan block
Kind = "Linux"
kind - (Optional) The kind of the App Service Plan to create. Possible values are Windows (also available as App), Linux and FunctionApp (for a Consumption Plan). Defaults to Windows. Changing this forces a new resource to be created.
NOTE: When creating a Linux App Service Plan, the reserved field must be set to true.
Example from Terraform doc
resource "azurerm_resource_group" "test" {
name = "azure-functions-cptest-rg"
location = "westus2"
}
resource "azurerm_storage_account" "test" {
name = "functionsapptestsa"
resource_group_name = "${azurerm_resource_group.test.name}"
location = "${azurerm_resource_group.test.location}"
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_app_service_plan" "test" {
name = "azure-functions-test-service-plan"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
kind = "Linux"
sku {
tier = "Dynamic"
size = "Y1"
}
properties {
reserved = true
}
}
resource "azurerm_function_app" "test" {
name = "test-azure-functions"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
app_service_plan_id = "${azurerm_app_service_plan.test.id}"
storage_connection_string = "${azurerm_storage_account.test.primary_connection_string}"
}