Skip to content

azurermMonitorActivityLogAlert

Manages an Activity Log Alert within Azure Monitor.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountToMonitor =
  new azurerm.storageAccount.StorageAccount(this, "to_monitor", {
    account_replication_type: "GRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "examplesa",
    resource_group_name: azurermResourceGroupExample.name,
  });
const azurermMonitorActionGroupMain =
  new azurerm.monitorActionGroup.MonitorActionGroup(this, "main", {
    name: "example-actiongroup",
    resource_group_name: azurermResourceGroupExample.name,
    short_name: "p0action",
    webhook_receiver: [
      {
        name: "callmyapi",
        service_uri: "http://example.com/alert",
      },
    ],
  });
const azurermMonitorActivityLogAlertMain =
  new azurerm.monitorActivityLogAlert.MonitorActivityLogAlert(this, "main_3", {
    action: [
      {
        action_group_id: azurermMonitorActionGroupMain.id,
        webhook_properties: [
          {
            from: "terraform",
          },
        ],
      },
    ],
    criteria: [
      {
        category: "Recommendation",
        operation_name: "Microsoft.Storage/storageAccounts/write",
        resource_id: azurermStorageAccountToMonitor.id,
      },
    ],
    description: "This alert will monitor a specific storage account updates.",
    name: "example-activitylogalert",
    resource_group_name: azurermResourceGroupExample.name,
    scopes: [azurermResourceGroupExample.id],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorActivityLogAlertMain.overrideLogicalId("main");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the activity log alert. Changing this forces a new resource to be created.
  • resourceGroupName - (Required) The name of the resource group in which to create the activity log alert instance. Changing this forces a new resource to be created.
  • scopes - (Required) The Scope at which the Activity Log should be applied. A list of strings which could be a resource group , or a subscription, or a resource ID (such as a Storage Account).
  • criteria - (Required) A criteria block as defined below.
  • action - (Optional) One or more action blocks as defined below.
  • enabled - (Optional) Should this Activity Log Alert be enabled? Defaults to true.
  • description - (Optional) The description of this activity log alert.
  • tags - (Optional) A mapping of tags to assign to the resource.

An action block supports the following:

  • actionGroupId - (Required) The ID of the Action Group can be sourced from the azurermMonitorActionGroup resource.
  • webhookProperties - (Optional) The map of custom string properties to include with the post operation. These data are appended to the webhook payload.

A criteria block supports the following:

  • category - (Required) The category of the operation. Possible values are administrative, autoscale, policy, recommendation, resourceHealth, security and serviceHealth.
  • operationName - (Optional) The Resource Manager Role-Based Access Control operation name. Supported operation should be of the form: <resourceProvider>/<resourceType>/<operation>.
  • resourceProvider - (Optional) The name of the resource provider monitored by the activity log alert.
  • resourceType - (Optional) The resource type monitored by the activity log alert.
  • resourceGroup - (Optional) The name of resource group monitored by the activity log alert.
  • resourceId - (Optional) The specific resource monitored by the activity log alert. It should be within one of the scopes.
  • caller - (Optional) The email address or Azure Active Directory identifier of the user who performed the operation.
  • level - (Optional) The severity level of the event. Possible values are verbose, informational, warning, error, and critical.
  • status - (Optional) The status of the event. For example, started, failed, or succeeded.
  • subStatus - (Optional) The sub status of the event.
  • recommendationType - (Optional) The recommendation type of the event. It is only allowed when category is recommendation.
  • recommendationCategory - (Optional) The recommendation category of the event. Possible values are cost, reliability, operationalExcellence and performance. It is only allowed when category is recommendation.
  • recommendationImpact - (Optional) The recommendation impact of the event. Possible values are high, medium and low. It is only allowed when category is recommendation.
  • resourceHealth - (Optional) A block to define fine grain resource health settings.
  • serviceHealth - (Optional) A block to define fine grain service health settings.

A resourceHealth block supports the following:

  • current - (Optional) The current resource health statuses that will log an alert. Possible values are available, degraded, unavailable and unknown.
  • previous - (Optional) The previous resource health statuses that will log an alert. Possible values are available, degraded, unavailable and unknown.
  • reason - (Optional) The reason that will log an alert. Possible values are platformInitiated (such as a problem with the resource in an affected region of an Azure incident), userInitiated (such as a shutdown request of a VM) and unknown.

A serviceHealth block supports the following:

  • events - (Optional) Events this alert will monitor Possible values are incident, maintenance, informational, actionRequired and security.
  • locations - (Optional) Locations this alert will monitor. For example, westEurope.
  • services - (Optional) Services this alert will monitor. For example, activityLogs &Alerts, actionGroups. Defaults to all Services.

Attributes Reference

The following attributes are exported:

  • id - The ID of the activity log alert.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Activity Log Alert.
  • update - (Defaults to 30 minutes) Used when updating the Activity Log Alert.
  • read - (Defaults to 5 minutes) Used when retrieving the Activity Log Alert.
  • delete - (Defaults to 30 minutes) Used when deleting the Activity Log Alert.

Import

Activity log alerts can be imported using the resourceId, e.g.

terraform import azurerm_monitor_activity_log_alert.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Insights/activityLogAlerts/myalertname