'Create Azure service health alert in Terraform

I just found out, if we create Azure service health alert with Terraform, with below code:

resource "azurerm_monitor_activity_log_alert" "servicehealth" {
  name                = "${var.client_initial}-MCS Maintain Service Health"
  description         = "${var.client_initial}-MCS Maintain Service Health Alerts"
  resource_group_name = var.resource_group_name
  scopes              = [var.scopes]
  criteria {
    category = "ServiceHealth"
  }
  tags = var.tags
  action {
    action_group_id = var.action_group_id
  }
}

When I do terraform apply, it applies fine, but when I check on portal, no region is selected. You can't do the same via portal, if you do via portal, you have to select region or select all regions.

So if deploy via Terraform and no region is selected, does that mean it applies to all regions?

I see on GitHub, more granular control on this is still an open issue https://github.com/terraform-providers/terraform-provider-azurerm/issues/2996

terraformterraform-provider-azureazure-monitoring


Solution 1:[1]

The region will be determined based on

resource_group_name = var.resource_group_name

where resource_group_name requires an instance of azurerm_resource_group:

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West Europe"
}

and

location - (Required) The Azure Region where the Resource Group should exist. Changing this forces a new Resource Group to be created.

Solution 2:[2]

Had a similar challenge when setting up Azure monitor Service Health Alert using Terraform.

Here's how I did it:

Module Main File

resource "azurerm_monitor_activity_log_alert" "main" {
  name                = var.monitor_activity_log_alert
  resource_group_name = var.resource_group_name
  scopes              = var.monitor_activity_log_alert_scope
  description         = var.monitor_activity_log_alert_description
  enabled             = var.monitor_activity_log_alert_enabled

  criteria {
    category = var.criteria_category

    service_health {
      events    = var.service_health_events
      locations = var.service_health_locations
      services  = var.service_health_services
    }
  }

  action {
    action_group_id = var.action_group_id
  }

  tags = {
    Environment  = var.tag_environment
    BillingGroup = var.tag_billing_group
  }
}

Module Variable File

variable "monitor_activity_log_alert" {
  type        = string
  description = "The name of the activity log alert"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the resource group in which to create the activity log alert instance."
}

variable "monitor_activity_log_alert_scope" {
  type        = list(string)
  description = "The Scope at which the Activity Log should be applied, for example a the Resource ID of a Subscription or a Resource (such as a Storage Account)."
}

variable "monitor_activity_log_alert_description" {
  type        = string
  description = "The description of this activity log alert."
}

variable "monitor_activity_log_alert_enabled" {
  type        = bool
  description = "Should this Activity Log Alert be enabled? Defaults to true."
}

variable "criteria_category" {
  type        = string
  description = "The category of the operation. Possible values are Administrative, Autoscale, Policy, Recommendation, ResourceHealth, Security and ServiceHealth."
}

variable "service_health_events" {
  type        = list(string)
  description = "Events this alert will monitor Possible values are Incident, Maintenance, Informational, ActionRequired and Security. Defaults to all Events"
}

variable "service_health_locations" {
  type        = list(string)
  description = "Locations this alert will monitor. For example, West Europe. Defaults to Global."
}

variable "service_health_services" {
  type        = list(string)
  description = "Services this alert will monitor. For example, Activity Logs & Alerts, Action Groups. Defaults to all Services."
}

variable "action_group_id" {
  type        = string
  description = "The ID of the Action Group can be sourced from the azurerm_monitor_action_group resource"
}

variable "tag_environment" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
}

variable "tag_billing_group" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
}

Module Main File for Creating Resource

terraform {
  required_version = "~> 1.0.8"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.81.0"
    }
  }

  backend "azurerm" {
    resource_group_name  = "MyGlobalRG"
    storage_account_name = "myterraform"
    container_name       = "terraform-state-files"
    key                  = "azure-resources/global/monitor-activity-log-alert/terraform.tfstate"
  }
}

provider "azurerm" {
  features {}
}

data "azurerm_subscription" "current" {
}

data "azurerm_resource_group" "main" {
  name = var.resource_group_name
}

data "azurerm_monitor_action_group" "main" {
  name                = var.monitor_action_group_name
  resource_group_name = data.azurerm_resource_group.main.name
}

module "monitor_activity_log_alert" {
  source = "../../../modules/azure/monitor-activity-log-alert"

  monitor_activity_log_alert             = var.monitor_activity_log_alert
  resource_group_name                    = data.azurerm_resource_group.main.name
  monitor_activity_log_alert_scope       = ["/subscriptions/${data.azurerm_subscription.current.subscription_id}"]
  monitor_activity_log_alert_description = var.monitor_activity_log_alert_description
  monitor_activity_log_alert_enabled     = var.monitor_activity_log_alert_enabled
  criteria_category                      = var.criteria_category
  service_health_events                  = var.service_health_events
  service_health_locations               = var.service_health_locations
  service_health_services                = var.service_health_services
  action_group_id                        = data.azurerm_monitor_action_group.main.id
  tag_environment                        = var.tag_environment
  tag_billing_group                      = var.tag_billing_group
}

Module Variable File for Creating Resource

variable "monitor_activity_log_alert" {
  type        = string
  description = "The name of the activity log alert"
  default     = "my-service-health-alert-global"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the resource group in which to create the activity log alert instance."
  default     = "MyGlobalRG"
}

variable "monitor_action_group_name" {
  type        = string
  description = "The name of the Action Group can be sourced from the azurerm_monitor_action_group resource"
  default     = "my-global-mag"
}

variable "monitor_activity_log_alert_description" {
  type        = string
  description = "The description of this activity log alert."
  default     = "This activity log alert is to monitor the health of all services in the Global and US West 2 regions"
}

variable "monitor_activity_log_alert_enabled" {
  type        = bool
  description = "Should this Activity Log Alert be enabled? Defaults to true."
  default     = true
}

variable "criteria_category" {
  type        = string
  description = "The category of the operation. Possible values are Administrative, Autoscale, Policy, Recommendation, ResourceHealth, Security and ServiceHealth."
  default     = "ServiceHealth"
}

variable "service_health_events" {
  type        = list(string)
  description = "Events this alert will monitor Possible values are Incident, Maintenance, Informational, ActionRequired and Security. Defaults to all Events or Set to null to select all Events"
  default     = null
}

variable "service_health_locations" {
  type        = list(string)
  description = "Locations this alert will monitor. For example, West Europe. Defaults to Global."
  default     = ["global", "westus2"]
}

variable "service_health_services" {
  type        = list(string)
  description = "Services this alert will monitor. For example, Activity Logs & Alerts, Action Groups. Defaults to all Services or Set to null to select all Services."
  default     = null
}

variable "tag_environment" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
  default     = "global"
}

Solution 3:[3]

According to my knowledge, the location of the activity log alert is always Global. The activity log alert can be created at three levels: Resource level, Resource Group level, and Subscription level. Both resource group and subscription can contain multiple regions' resources. And you also cannot set the location when creating it. Not sure, but it seems the activity log alert does not have a special region except the Global.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Marcin
Solution 2 halfer
Solution 3 Charles Xu

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

How to enable terraform module only with a specific workspace

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Terragrunt ignores newly added outputs in a project

tls unsigned certificate when using terraform

What is the best way to solve `EntityAlreadyExists` error in terraform?

Terraform: How to create API Gateway endpoints and methods from a list of objects?

Terraform - refactoring modules: Error: Provider configuration not present

Passing multiple provider aliases to a module in terraform 0.12.13

What is the AWS Service Principal value for stepfunction?

Terraform - Use of environment variables in TF files

Terraform : Init