Create Azure service health alert in Terraform

Question

I just found out, if we create an Azure service health alert with Terraform, with the below code:

resource "azurerm_monitor_activity_log_alert" "servicehealth" {
  name                = "${var.client_initial}-MCS Maintain Service Health"
  description         = "${var.client_initial}-MCS Maintain Service Health Alerts"
  resource_group_name = var.resource_group_name
  scopes              = [var.scopes]
  criteria {
    category = "ServiceHealth"
  }
  tags = var.tags
  action {
    action_group_id = var.action_group_id
  }
}

When I do terraform apply, it applies fine, but when I check on the portal, no region is selected. You can't do the same via a portal, if you do via the portal, you have to select the region or select all regions.

So if deploy via Terraform and no region is selected, does that mean it applies to all regions?

Edureka · Answer 1 · Apr 12, 2022

Had a similar challenge when setting up Azure monitor Service Health Alert using Terraform.

Here's how I did it:

Module Main File

resource "azurerm_monitor_activity_log_alert" "main" {
  name                = var.monitor_activity_log_alert
  resource_group_name = var.resource_group_name
  scopes              = var.monitor_activity_log_alert_scope
  description         = var.monitor_activity_log_alert_description
  enabled             = var.monitor_activity_log_alert_enabled

  criteria {
    category = var.criteria_category

    service_health {
      events    = var.service_health_events
      locations = var.service_health_locations
      services  = var.service_health_services
    }
  }

  action {
    action_group_id = var.action_group_id
  }

  tags = {
    Environment  = var.tag_environment
    BillingGroup = var.tag_billing_group
  }
}

Module Variable File

variable "monitor_activity_log_alert" {
  type        = string
  description = "The name of the activity log alert"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the resource group in which to create the activity log alert instance."
}

variable "monitor_activity_log_alert_scope" {
  type        = list(string)
  description = "The Scope at which the Activity Log should be applied, for example a the Resource ID of a Subscription or a Resource (such as a Storage Account)."
}

variable "monitor_activity_log_alert_description" {
  type        = string
  description = "The description of this activity log alert."
}

variable "monitor_activity_log_alert_enabled" {
  type        = bool
  description = "Should this Activity Log Alert be enabled? Defaults to true."
}

variable "criteria_category" {
  type        = string
  description = "The category of the operation. Possible values are Administrative, Autoscale, Policy, Recommendation, ResourceHealth, Security and ServiceHealth."
}

variable "service_health_events" {
  type        = list(string)
  description = "Events this alert will monitor Possible values are Incident, Maintenance, Informational, ActionRequired and Security. Defaults to all Events"
}

variable "service_health_locations" {
  type        = list(string)
  description = "Locations this alert will monitor. For example, West Europe. Defaults to Global."
}

variable "service_health_services" {
  type        = list(string)
  description = "Services this alert will monitor. For example, Activity Logs & Alerts, Action Groups. Defaults to all Services."
}

variable "action_group_id" {
  type        = string
  description = "The ID of the Action Group can be sourced from the azurerm_monitor_action_group resource"
}

variable "tag_environment" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
}

variable "tag_billing_group" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
}

Module Main File for Creating Resource

terraform {
  required_version = "~> 1.0.8"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.81.0"
    }
  }

  backend "azurerm" {
    resource_group_name  = "MyGlobalRG"
    storage_account_name = "myterraform"
    container_name       = "terraform-state-files"
    key                  = "azure-resources/global/monitor-activity-log-alert/terraform.tfstate"
  }
}

provider "azurerm" {
  features {}
}

data "azurerm_subscription" "current" {
}

data "azurerm_resource_group" "main" {
  name = var.resource_group_name
}

data "azurerm_monitor_action_group" "main" {
  name                = var.monitor_action_group_name
  resource_group_name = data.azurerm_resource_group.main.name
}

module "monitor_activity_log_alert" {
  source = "../../../modules/azure/monitor-activity-log-alert"

  monitor_activity_log_alert             = var.monitor_activity_log_alert
  resource_group_name                    = data.azurerm_resource_group.main.name
  monitor_activity_log_alert_scope       = ["/subscriptions/${data.azurerm_subscription.current.subscription_id}"]
  monitor_activity_log_alert_description = var.monitor_activity_log_alert_description
  monitor_activity_log_alert_enabled     = var.monitor_activity_log_alert_enabled
  criteria_category                      = var.criteria_category
  service_health_events                  = var.service_health_events
  service_health_locations               = var.service_health_locations
  service_health_services                = var.service_health_services
  action_group_id                        = data.azurerm_monitor_action_group.main.id
  tag_environment                        = var.tag_environment
  tag_billing_group                      = var.tag_billing_group
}

Module Variable File for Creating Resource

variable "monitor_activity_log_alert" {
  type        = string
  description = "The name of the activity log alert"
  default     = "my-service-health-alert-global"
}

variable "resource_group_name" {
  type        = string
  description = "The name of the resource group in which to create the activity log alert instance."
  default     = "MyGlobalRG"
}

variable "monitor_action_group_name" {
  type        = string
  description = "The name of the Action Group can be sourced from the azurerm_monitor_action_group resource"
  default     = "my-global-mag"
}

variable "monitor_activity_log_alert_description" {
  type        = string
  description = "The description of this activity log alert."
  default     = "This activity log alert is to monitor the health of all services in the Global and US West 2 regions"
}

variable "monitor_activity_log_alert_enabled" {
  type        = bool
  description = "Should this Activity Log Alert be enabled? Defaults to true."
  default     = true
}

variable "criteria_category" {
  type        = string
  description = "The category of the operation. Possible values are Administrative, Autoscale, Policy, Recommendation, ResourceHealth, Security and ServiceHealth."
  default     = "ServiceHealth"
}

variable "service_health_events" {
  type        = list(string)
  description = "Events this alert will monitor Possible values are Incident, Maintenance, Informational, ActionRequired and Security. Defaults to all Events or Set to null to select all Events"
  default     = null
}

variable "service_health_locations" {
  type        = list(string)
  description = "Locations this alert will monitor. For example, West Europe. Defaults to Global."
  default     = ["global", "westus2"]
}

variable "service_health_services" {
  type        = list(string)
  description = "Services this alert will monitor. For example, Activity Logs & Alerts, Action Groups. Defaults to all Services or Set to null to select all Services."
  default     = null
}

variable "tag_environment" {
  type        = string
  description = "A mapping of tags which should be assigned to the resource."
  default     = "global"
}

That's all