initial commit

modules/ManagementGovernance/Monitoring.NLB/README.md

@@ -0,0 +1,24 @@
+# Monitoring module 
+This module deploys the default cloudwatch metric monitoring
+
+## Notes
+Terraform lifecycle ignores tags to speed up terraform subsequent update. Cloudwatch alarm tags cannot be read on aws console anyway.
+
+## Example
+```terraform
+module "nlb-arns" {
+  source        = "../../modules/util/resource-list"
+  resource-type = "nlb"
+}
+
+module "nlb-monitoring" {
+  cw-alarm-prefix              = local.cw-alarm-prefix
+  for_each                     = module.nlb-arns.result-set
+  source                       = "../../modules/ManagementGovernance/Monitoring.NLB"
+  default-tags                 = local.default-tags
+  load-balancer                = each.value
+  threshold-HealthHostCountMin = 1
+  actions-enabled              = var.actions-enabled
+  sns-targets = var.sns-targets
+}
+```

modules/ManagementGovernance/Monitoring.NLB/main.tf

@@ -0,0 +1,105 @@
+/*
+data "external" "nlb-targetgroups" {
+  program = ["bash", "${path.module}/list-nlb-targetgroups.sh"]
+  query = {
+    parameter = var.load-balancer
+  }
+}
+*/
+locals {
+  nlb-name = "net/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
+}
+
+resource "aws_cloudwatch_metric_alarm" "nlb-TCP_Target_Reset_Count" {
+  alarm_name                = "${var.settings.TCP_Target_Reset_Count.ecccode}-NLB_${local.nlb-name}-TCP_Target_Reset_Count"
+  comparison_operator       = var.settings.TCP_Target_Reset_Count.comparison_operator
+  evaluation_periods        = var.settings.TCP_Target_Reset_Count.evaluation_periods
+  metric_name               = "TCP_Target_Reset_Count"
+  period                    = var.settings.TCP_Target_Reset_Count.period
+  statistic                 = var.settings.TCP_Target_Reset_Count.statistic
+  threshold                 = var.settings.TCP_Target_Reset_Count.threshold
+  alarm_description         = "NLB:TCP_Target_Reset_Count"
+  namespace                 = "AWS/NetworkELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.TCP_Target_Reset_Count.action]
+  ok_actions                = [var.settings.TCP_Target_Reset_Count.action]
+  dimensions = {
+    LoadBalancer = local.nlb-name
+  }
+}
+
+/*
+module "nlb-targetgroups" {
+  source        = "../../util/resource-list"
+  resource-type = "nlb-targetgroups"
+  query-input   = var.load-balancer
+  asrolearn     = var.asrolearn
+}
+*/
+
+// causes Rate exceeded error, maybe because of adaptive AWS_RETRY_MODE?
+
+/*
+module "nlb_tgs" {
+  assume_role_arn   = var.asrolearn
+  role_session_name = "terraform-resource-list"
+  source            = "../../util/terraform-aws-cli"
+  aws_cli_commands  = ["elbv2", "describe-target-groups", "--load-balancer-arn", var.load-balancer]
+  aws_cli_query     = "TargetGroups[*].TargetGroupArn"
+}
+*/
+
+module nlb_tgs {
+  source = "../../util/awscli"
+  access_key       = var.target-account-ak
+  aws_cli_commands = "elbv2 describe-target-groups --load-balancer-arn ${var.load-balancer} --query TargetGroups[*].TargetGroupArn"
+  secret_key       = var.target-account-sk
+  session_token    = var.target-account-token
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "nlb-HealthyHostCount" {
+  # for_each = module.nlb-targetgroups.result-set
+  for_each                  = toset(module.nlb_tgs.awscliout)
+  alarm_name                = "${var.settings.HealthHostCountMin.ecccode}-NLBTG_${split(":", each.value)[5]}-HealthyHostCount"
+  comparison_operator       = var.settings.HealthHostCountMin.comparison_operator
+  evaluation_periods        = var.settings.HealthHostCountMin.evaluation_periods
+  metric_name               = "HealthyHostCount"
+  period                    = var.settings.HealthHostCountMin.period
+  statistic                 = var.settings.HealthHostCountMin.statistic
+  threshold                 = var.settings.HealthHostCountMin.threshold
+  alarm_description         = "NLBTG:HealthyHostCount"
+  namespace                 = "AWS/NetworkELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.HealthHostCountMin.action]
+  ok_actions                = [var.settings.HealthHostCountMin.action]
+  dimensions = {
+    TargetGroup  = split(":", each.value)[5]
+    LoadBalancer = "net/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
+  }
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "nlb-UnHealthyHostCount" {
+  # for_each = module.nlb-targetgroups.result-set
+  for_each                  = toset(module.nlb_tgs.awscliout)
+  alarm_name                = "${var.settings.UnHealthyHostCount.ecccode}-NLBTG_${split(":", each.value)[5]}-UnHealthyHostCount"
+  comparison_operator       = var.settings.UnHealthyHostCount.comparison_operator
+  evaluation_periods        = var.settings.UnHealthyHostCount.evaluation_periods
+  metric_name               = "UnHealthyHostCount"
+  period                    = var.settings.UnHealthyHostCount.period
+  statistic                 = var.settings.UnHealthyHostCount.statistic
+  threshold                 = var.settings.UnHealthyHostCount.threshold
+  alarm_description         = "NLBTG:UnHealthyHostCount"
+  namespace                 = "AWS/NetworkELB"
+  insufficient_data_actions = []
+  actions_enabled           = var.actions-enabled
+  alarm_actions             = [var.settings.UnHealthyHostCount.action]
+  ok_actions                = [var.settings.UnHealthyHostCount.action]
+  dimensions = {
+    TargetGroup  = split(":", each.value)[5]
+    LoadBalancer = "net/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
+  }
+}

modules/ManagementGovernance/Monitoring.NLB/outputs.tf

@@ -0,0 +1,4 @@
+output nlb-tg-count {
+  # value = length(module.nlb-targetgroups.result-set)
+  value = length(flatten(module.nlb_tgs.awscliout))
+}

modules/ManagementGovernance/Monitoring.NLB/provider.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.36.1"
+    }
+  }
+}

modules/ManagementGovernance/Monitoring.NLB/variables.tf

@@ -0,0 +1,8 @@
+variable cw-alarm-prefix {}
+variable actions-enabled {}
+variable load-balancer {}
+variable settings {}
+# variable asrolearn {}
+variable target-account-ak {}
+variable target-account-sk {}
+variable target-account-token {}