initial commit

modules/ManagementGovernance/Monitoring.ALB/README.md

@@ -0,0 +1,22 @@
+# Monitoring module 
+This module deploys the default cloudwatch metric monitoring
+
+## Notes
+Terraform lifecycle ignores tags to speed up terraform subsequent update. Cloudwatch alarm tags cannot be read on aws console anyway.
+
+## Example
+```terraform
+module "alb-arns" {
+  source        = "../../modules/util/resource-list"
+  resource-type = "alb"
+}
+
+module "alb-monitoring" {
+  for_each                 = toset(split(" ", data.external.alb-arns.result.result))
+  source                   = "../../modules/ManagementGovernance/Monitoring.ALB"
+  default-tags             = local.default-tags
+  load-balancer            = each.value
+  threshold-HealthHostCountMin = 1
+}
+
+```

modules/ManagementGovernance/Monitoring.ALB/list-alb-targetgroups.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+eval "$(jq -r '@sh "lb=\(.lb)"')"
+
+RESULTS=$(aws elbv2 describe-target-groups --load-balancer-arn $lb --query TargetGroups[*].TargetGroupArn --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
+jq -n --arg result "$RESULTS" '{"result":$result}'
+

modules/ManagementGovernance/Monitoring.ALB/main.tf

@@ -0,0 +1,110 @@
+locals {
+  alb-name = "app/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
+}
+
+resource "aws_cloudwatch_metric_alarm" "alb-HTTPCode_ELB_5XX_Count" {
+  alarm_name                = "${var.settings.HTTPCode_ELB_5XX_Count.ecccode}-ALB_${local.alb-name}-HTTPCode_ELB_5XX_Count"
+  comparison_operator       = var.settings.HTTPCode_ELB_5XX_Count.comparison_operator
+  evaluation_periods        = var.settings.HTTPCode_ELB_5XX_Count.evaluation_periods
+  metric_name               = "HTTPCode_ELB_5XX_Count"
+  period                    = var.settings.HTTPCode_ELB_5XX_Count.period
+  statistic                 = var.settings.HTTPCode_ELB_5XX_Count.statistic
+  threshold                 = var.settings.HTTPCode_ELB_5XX_Count.threshold
+  alarm_description         = "ALB:HTTPCode_ELB_5XX_Count"
+  namespace                 = "AWS/ApplicationELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.HTTPCode_ELB_5XX_Count.action]
+  ok_actions                = [var.settings.HTTPCode_ELB_5XX_Count.action]
+  dimensions = {
+    LoadBalancer = local.alb-name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "alb-TargetConnectionErrorCount" {
+  alarm_name                = "${var.settings.TargetConnectionErrorCount.ecccode}-ALB_${local.alb-name}-TargetConnectionErrorCount"
+  comparison_operator       = var.settings.TargetConnectionErrorCount.comparison_operator
+  evaluation_periods        = var.settings.TargetConnectionErrorCount.evaluation_periods
+  metric_name               = "TargetConnectionErrorCount"
+  period                    = var.settings.TargetConnectionErrorCount.period
+  statistic                 = var.settings.TargetConnectionErrorCount.statistic
+  threshold                 = var.settings.TargetConnectionErrorCount.threshold
+  alarm_description         = "ALB:TargetConnectionErrorCount"
+  namespace                 = "AWS/ApplicationELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.TargetConnectionErrorCount.action]
+  ok_actions                = [var.settings.TargetConnectionErrorCount.action]
+  dimensions = {
+    LoadBalancer = local.alb-name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "alb-TargetResponseTime" {
+  alarm_name                = "${var.settings.TargetResponseTime.ecccode}-ALB_${local.alb-name}-TargetResponseTime"
+  comparison_operator       = var.settings.TargetResponseTime.comparison_operator
+  evaluation_periods        = var.settings.TargetResponseTime.evaluation_periods
+  metric_name               = "TargetResponseTime"
+  period                    = var.settings.TargetResponseTime.period
+  statistic                 = var.settings.TargetResponseTime.statistic
+  threshold                 = var.settings.TargetResponseTime.threshold
+  alarm_description         = "ALB:TargetResponseTime"
+  namespace                 = "AWS/ApplicationELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.TargetResponseTime.action]
+  ok_actions                = [var.settings.TargetResponseTime.action]
+  dimensions = {
+    LoadBalancer = local.alb-name
+  }
+}
+
+/*
+module "alb-targetgroups" {
+  source        = "../../util/resource-list"
+  resource-type = "alb-targetgroups"
+  query-input   = var.load-balancer
+  asrolearn     = var.asrolearn
+}
+*/
+// causes Rate exceeded error, maybe because of adaptive AWS_RETRY_MODE?
+
+/*
+module "alb_tgs" {
+  assume_role_arn   = var.asrolearn
+  role_session_name = "terraform-resource-list"
+  source            = "../../util/terraform-aws-cli"
+  aws_cli_commands  = ["elbv2", "describe-target-groups", "--load-balancer-arn", var.load-balancer]
+  aws_cli_query     = "TargetGroups[*].TargetGroupArn"
+}
+*/
+
+module alb_tgs {
+  source = "../../util/awscli"
+  access_key       = var.target-account-ak
+  aws_cli_commands = "elbv2 describe-target-groups --load-balancer-arn ${var.load-balancer} --query TargetGroups[*].TargetGroupArn"
+  secret_key       = var.target-account-sk
+  session_token    = var.target-account-token
+}
+
+resource "aws_cloudwatch_metric_alarm" "alb-HealthyHostCount" {
+  # for_each                  = module.alb-targetgroups.result-set
+  for_each                  = toset(module.alb_tgs.awscliout)
+  alarm_name                = "${var.settings.HealthHostCountMin.ecccode}-ALBTG_:${split(":", each.value)[5]}-HealthyHostCount"
+  comparison_operator       = var.settings.HealthHostCountMin.comparison_operator
+  evaluation_periods        = var.settings.HealthHostCountMin.evaluation_periods
+  metric_name               = "HealthyHostCount"
+  period                    = var.settings.HealthHostCountMin.period
+  statistic                 = var.settings.HealthHostCountMin.statistic
+  threshold                 = var.settings.HealthHostCountMin.threshold
+  alarm_description         = "ALBTG:HealthyHostCount"
+  namespace                 = "AWS/ApplicationELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.HealthHostCountMin.action]
+  ok_actions                = [var.settings.HealthHostCountMin.action]
+  dimensions = {
+    TargetGroup  = split(":", each.value)[5]
+    LoadBalancer = "app/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
+  }
+}

modules/ManagementGovernance/Monitoring.ALB/outputs.tf

@@ -0,0 +1,4 @@
+output alb-tg-count {
+  # value = length(module.alb-targetgroups.result-set)
+  value = length(flatten(module.alb_tgs.awscliout))
+}

modules/ManagementGovernance/Monitoring.ALB/provider.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.36.1"
+    }
+  }
+}

modules/ManagementGovernance/Monitoring.ALB/variables.tf

@@ -0,0 +1,8 @@
+variable cw-alarm-prefix {}
+variable actions-enabled {}
+variable load-balancer {}
+variable settings {}
+# variable asrolearn {}
+variable target-account-ak {}
+variable target-account-sk {}
+variable target-account-token {}