Merge branch 'azure-log-alert' into dev

CDCgov · Oct 23, 2024 · 7d63ecb · 7d63ecb
2 parents 95b4ef4 + bb5eb32
commit 7d63ecb
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/operations/template/alert.tf b/operations/template/alert.tf
@@ -120,3 +120,55 @@ resource "azurerm_monitor_scheduled_query_rules_alert" "database_token_expired_a
     ]
   }
 }
+resource "azurerm_monitor_scheduled_query_rules_alert" "ti-log-errors-alert" {
+  count               = local.non_pr_environment ? 1 : 0
+  name                = "cdcti-${var.environment}-log-errors-alert"
+  location            = data.azurerm_resource_group.group.location
+  resource_group_name = data.azurerm_resource_group.group.name
+
+  action {
+    action_group  = [azurerm_monitor_action_group.notify_slack_email[count.index].id]
+    email_subject = "${var.environment}: TI log errors detected!"
+  }
+
+  data_source_id = azurerm_linux_web_app.api.id
+  description    = "Alert when total errors cross threshold"
+  enabled        = true
+
+  query = <<-QUERY
+      AppServiceConsoleLogs
+      | project JsonResult = parse_json(ResultDescription) | evaluate bag_unpack(JsonResult)
+      | where level == 'ERROR'
+      and TimeGenerated >= ago(30m)
+      and TimeGenerated <= now()
+      | summarize count()
+    QUERY
+
+  severity                = 3
+  frequency               = 10
+  time_window             = 30
+  auto_mitigation_enabled = true
+
+  trigger {
+    operator  = "GreaterThan"
+    threshold = 1
+  }
+
+  #   below tags are managed by CDC
+  lifecycle {
+    ignore_changes = [
+      tags["business_steward"],
+      tags["center"],
+      tags["environment"],
+      tags["escid"],
+      tags["funding_source"],
+      tags["pii_data"],
+      tags["security_compliance"],
+      tags["security_steward"],
+      tags["support_group"],
+      tags["system"],
+      tags["technical_steward"],
+      tags["zone"]
+    ]
+  }
+}