From 94d1ea0ebf3d545dadc319f262e340ff3d1d5614 Mon Sep 17 00:00:00 2001 From: Matthieu Bourgain Date: Thu, 19 Sep 2024 10:43:50 +0200 Subject: [PATCH] Add backup vault and recovery services vault monitors (#58) * Add backup vault and recovery services vault monitors * adjust no data timeframe to max allowed value * update READMEs --- README.md | 2 + cloud/azure/backup-vault/README.md | 91 ++++++++++++++ cloud/azure/backup-vault/common-inputs.tf | 1 + cloud/azure/backup-vault/common-locals.tf | 1 + cloud/azure/backup-vault/inputs.tf | 117 ++++++++++++++++++ cloud/azure/backup-vault/modules.tf | 20 +++ .../backup-vault/monitors-backup-vault.tf | 49 ++++++++ cloud/azure/backup-vault/outputs.tf | 10 ++ cloud/azure/backup-vault/versions.tf | 9 ++ cloud/azure/recovery-services-vault/README.md | 91 ++++++++++++++ .../recovery-services-vault/common-inputs.tf | 1 + .../recovery-services-vault/common-locals.tf | 1 + cloud/azure/recovery-services-vault/inputs.tf | 117 ++++++++++++++++++ .../azure/recovery-services-vault/modules.tf | 20 +++ .../monitors-recovery-services-vault.tf | 48 +++++++ .../azure/recovery-services-vault/outputs.tf | 10 ++ .../azure/recovery-services-vault/versions.tf | 9 ++ scripts | 2 +- 18 files changed, 598 insertions(+), 1 deletion(-) create mode 100644 cloud/azure/backup-vault/README.md create mode 120000 cloud/azure/backup-vault/common-inputs.tf create mode 120000 cloud/azure/backup-vault/common-locals.tf create mode 100644 cloud/azure/backup-vault/inputs.tf create mode 100644 cloud/azure/backup-vault/modules.tf create mode 100644 cloud/azure/backup-vault/monitors-backup-vault.tf create mode 100644 cloud/azure/backup-vault/outputs.tf create mode 100644 cloud/azure/backup-vault/versions.tf create mode 100644 cloud/azure/recovery-services-vault/README.md create mode 120000 cloud/azure/recovery-services-vault/common-inputs.tf create mode 120000 cloud/azure/recovery-services-vault/common-locals.tf create mode 100644 cloud/azure/recovery-services-vault/inputs.tf create mode 100644 cloud/azure/recovery-services-vault/modules.tf create mode 100644 cloud/azure/recovery-services-vault/monitors-recovery-services-vault.tf create mode 100644 cloud/azure/recovery-services-vault/outputs.tf create mode 100644 cloud/azure/recovery-services-vault/versions.tf diff --git a/README.md b/README.md index b9ba9a13..2bf7aaba 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,7 @@ For example, this will regenerate every READMEs thanks to [terraform-docs](https - [app-gateway](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/app-gateway/) - [app-services](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/app-services/) - [azure-search](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/azure-search/) + - [backup-vault](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/backup-vault/) - [cosmosdb](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/cosmosdb/) - [datalakestore](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/datalakestore/) - [eventgrid](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/eventgrid/) @@ -191,6 +192,7 @@ For example, this will regenerate every READMEs thanks to [terraform-docs](https - [load-balancer](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/load-balancer/) - [mysql](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/mysql/) - [postgresql](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/postgresql/) + - [recovery-services-vault](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/recovery-services-vault/) - [redis](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/redis/) - [serverfarms](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/serverfarms/) - [servicebus](https://github.com/claranet/terraform-datadog-monitors/tree/master/cloud/azure/servicebus/) diff --git a/cloud/azure/backup-vault/README.md b/cloud/azure/backup-vault/README.md new file mode 100644 index 00000000..cbc7e960 --- /dev/null +++ b/cloud/azure/backup-vault/README.md @@ -0,0 +1,91 @@ +# CLOUD AZURE BACKUP-VAULT DataDog monitors + +## How to use this module + +```hcl +module "datadog-monitors-cloud-azure-backup-vault" { + source = "claranet/monitors/datadog//cloud/azure/backup-vault" + version = "{revision}" + + environment = var.environment + message = module.datadog-message-alerting.alerting-message +} + +``` + +## Purpose + +Creates DataDog monitors with the following checks: + +- Backup Vault {{name}} has a backup unhealthy event +- Backup Vault {{name}} has a backup unhealthy event + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [datadog](#requirement\_datadog) | >= 3.1.2 | + +## Providers + +| Name | Version | +|------|---------| +| [datadog](#provider\_datadog) | >= 3.1.2 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [filter-tags](#module\_filter-tags) | ../../../common/filter-tags | n/a | +| [filter-tags-unhealthy-event](#module\_filter-tags-unhealthy-event) | ../../../common/filter-tags | n/a | + +## Resources + +| Name | Type | +|------|------| +| [datadog_monitor.backup_vault_backup_unhealthy_event](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/monitor) | resource | +| [datadog_monitor.backup_vault_restore_unhealthy_event](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/monitor) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [backup\_unhealthy\_event\_enabled](#input\_backup\_unhealthy\_event\_enabled) | Flag to enable Backup Vault Unhealthy Backup Event monitor | `string` | `"true"` | no | +| [backup\_unhealthy\_event\_extra\_tags](#input\_backup\_unhealthy\_event\_extra\_tags) | Extra tags for Backup Vault Unhealthy Backup Event monitor | `list(string)` | `[]` | no | +| [backup\_unhealthy\_event\_message](#input\_backup\_unhealthy\_event\_message) | Custom message for Backup Vault Unhealthy Backup Event monitor | `string` | `""` | no | +| [backup\_unhealthy\_event\_time\_aggregator](#input\_backup\_unhealthy\_event\_time\_aggregator) | Monitor aggregator for Backup Vault Unhealthy Backup Event [available values: min, max or avg] | `string` | `"min"` | no | +| [backup\_unhealthy\_event\_timeframe](#input\_backup\_unhealthy\_event\_timeframe) | Monitor timeframe for Backup Vault Unhealthy Backup Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | `string` | `"last_1d"` | no | +| [environment](#input\_environment) | Architecture Environment | `string` | n/a | yes | +| [evaluation\_delay](#input\_evaluation\_delay) | Delay in seconds for the metric evaluation | `number` | `900` | no | +| [filter\_tags\_custom](#input\_filter\_tags\_custom) | Tags used for custom filtering when filter\_tags\_use\_defaults is false | `string` | `"*"` | no | +| [filter\_tags\_custom\_excluded](#input\_filter\_tags\_custom\_excluded) | Tags excluded for custom filtering when filter\_tags\_use\_defaults is false | `string` | `""` | no | +| [filter\_tags\_use\_defaults](#input\_filter\_tags\_use\_defaults) | Use default filter tags convention | `string` | `"true"` | no | +| [message](#input\_message) | Message sent when a monitor is triggered | `any` | n/a | yes | +| [new\_group\_delay](#input\_new\_group\_delay) | Delay in seconds before monitor new resource | `number` | `300` | no | +| [no\_data\_timeframe](#input\_no\_data\_timeframe) | Number of minutes before reporting no data | `string` | `1440` | no | +| [notify\_no\_data](#input\_notify\_no\_data) | Will raise no data alert if set to true | `bool` | `true` | no | +| [prefix\_slug](#input\_prefix\_slug) | Prefix string to prepend between brackets on every monitors names | `string` | `""` | no | +| [restore\_unhealthy\_event\_enabled](#input\_restore\_unhealthy\_event\_enabled) | Flag to enable Backup Vault Unhealthy Restore Event monitor | `string` | `"true"` | no | +| [restore\_unhealthy\_event\_extra\_tags](#input\_restore\_unhealthy\_event\_extra\_tags) | Extra tags for Backup Vault Unhealthy Restore Event monitor | `list(string)` | `[]` | no | +| [restore\_unhealthy\_event\_message](#input\_restore\_unhealthy\_event\_message) | Custom message for Backup Vault Unhealthy Restore Event monitor | `string` | `""` | no | +| [restore\_unhealthy\_event\_time\_aggregator](#input\_restore\_unhealthy\_event\_time\_aggregator) | Monitor aggregator for Backup Vault Unhealthy Restore Event [available values: min, max or avg] | `string` | `"min"` | no | +| [restore\_unhealthy\_event\_timeframe](#input\_restore\_unhealthy\_event\_timeframe) | Monitor timeframe for Backup Vault Unhealthy Restore Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | `string` | `"last_1d"` | no | +| [tags](#input\_tags) | Global variables | `list(string)` |
[
"type:cloud",
"provider:azure",
"resource:backup_vault"
]
| no | +| [team](#input\_team) | n/a | `string` | `"claranet"` | no | +| [timeout\_h](#input\_timeout\_h) | Default auto-resolving state (in hours) | `number` | `0` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [backup\_vault\_backup\_unhealthy\_event\_id](#output\_backup\_vault\_backup\_unhealthy\_event\_id) | id for monitor backup\_vault\_backup\_unhealthy\_event | +| [backup\_vault\_restore\_unhealthy\_event\_id](#output\_backup\_vault\_restore\_unhealthy\_event\_id) | id for monitor backup\_vault\_restore\_unhealthy\_event | + +## Related documentation + +DataDog documentation : [https://docs.datadoghq.com/integrations/azure/](https://docs.datadoghq.com/integrations/azure/) +You must search `keyvault`, there is no integration for now. + +Azure metrics documentation : [https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults](https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults) diff --git a/cloud/azure/backup-vault/common-inputs.tf b/cloud/azure/backup-vault/common-inputs.tf new file mode 120000 index 00000000..063966bb --- /dev/null +++ b/cloud/azure/backup-vault/common-inputs.tf @@ -0,0 +1 @@ +../../../common/module/inputs.tf \ No newline at end of file diff --git a/cloud/azure/backup-vault/common-locals.tf b/cloud/azure/backup-vault/common-locals.tf new file mode 120000 index 00000000..355a2a7b --- /dev/null +++ b/cloud/azure/backup-vault/common-locals.tf @@ -0,0 +1 @@ +../../../common/module/locals.tf \ No newline at end of file diff --git a/cloud/azure/backup-vault/inputs.tf b/cloud/azure/backup-vault/inputs.tf new file mode 100644 index 00000000..40a67846 --- /dev/null +++ b/cloud/azure/backup-vault/inputs.tf @@ -0,0 +1,117 @@ +# Global variables +variable "tags" { + type = list(string) + default = ["type:cloud", "provider:azure", "resource:backup_vault"] +} + +# Datadog variables +variable "filter_tags_use_defaults" { + description = "Use default filter tags convention" + default = "true" +} + +variable "filter_tags_custom" { + description = "Tags used for custom filtering when filter_tags_use_defaults is false" + default = "*" +} + +variable "filter_tags_custom_excluded" { + description = "Tags excluded for custom filtering when filter_tags_use_defaults is false" + default = "" +} + +variable "message" { + description = "Message sent when a monitor is triggered" +} + +variable "evaluation_delay" { + description = "Delay in seconds for the metric evaluation" + default = 900 +} + +variable "new_group_delay" { + description = "Delay in seconds before monitor new resource" + default = 300 +} + +variable "timeout_h" { + description = "Default auto-resolving state (in hours)" + default = 0 +} + +variable "prefix_slug" { + description = "Prefix string to prepend between brackets on every monitors names" + default = "" +} + +variable "notify_no_data" { + description = "Will raise no data alert if set to true" + default = true +} + +variable "no_data_timeframe" { + description = "Number of minutes before reporting no data" + type = string + default = 1440 +} + +# Azure Backup Vault Unhealthy Backup Event monitor +variable "backup_unhealthy_event_enabled" { + description = "Flag to enable Backup Vault Unhealthy Backup Event monitor" + type = string + default = "true" +} + +variable "backup_unhealthy_event_message" { + description = "Custom message for Backup Vault Unhealthy Backup Event monitor" + type = string + default = "" +} + +variable "backup_unhealthy_event_time_aggregator" { + description = "Monitor aggregator for Backup Vault Unhealthy Backup Event [available values: min, max or avg]" + type = string + default = "min" +} + +variable "backup_unhealthy_event_timeframe" { + description = "Monitor timeframe for Backup Vault Unhealthy Backup Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]" + default = "last_1d" +} + +variable "backup_unhealthy_event_extra_tags" { + description = "Extra tags for Backup Vault Unhealthy Backup Event monitor" + type = list(string) + default = [] +} + + +# Azure Backup Vault Unhealthy Restore Event monitor +variable "restore_unhealthy_event_enabled" { + description = "Flag to enable Backup Vault Unhealthy Restore Event monitor" + type = string + default = "true" +} + +variable "restore_unhealthy_event_message" { + description = "Custom message for Backup Vault Unhealthy Restore Event monitor" + type = string + default = "" +} + +variable "restore_unhealthy_event_time_aggregator" { + description = "Monitor aggregator for Backup Vault Unhealthy Restore Event [available values: min, max or avg]" + type = string + default = "min" +} + +variable "restore_unhealthy_event_timeframe" { + description = "Monitor timeframe for Backup Vault Unhealthy Restore Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]" + default = "last_1d" +} + +variable "restore_unhealthy_event_extra_tags" { + description = "Extra tags for Backup Vault Unhealthy Restore Event monitor" + type = list(string) + default = [] +} diff --git a/cloud/azure/backup-vault/modules.tf b/cloud/azure/backup-vault/modules.tf new file mode 100644 index 00000000..b92c8d59 --- /dev/null +++ b/cloud/azure/backup-vault/modules.tf @@ -0,0 +1,20 @@ +module "filter-tags" { + source = "../../../common/filter-tags" + + environment = var.environment + resource = "azure_backup_vault" + filter_tags_use_defaults = var.filter_tags_use_defaults + filter_tags_custom = var.filter_tags_custom + filter_tags_custom_excluded = var.filter_tags_custom_excluded +} + +module "filter-tags-unhealthy-event" { + source = "../../../common/filter-tags" + + environment = var.environment + resource = "azure_backup_vault" + filter_tags_use_defaults = var.filter_tags_use_defaults + filter_tags_custom = var.filter_tags_custom + filter_tags_custom_excluded = var.filter_tags_custom_excluded + extra_tags = ["!health_status:healthy "] +} diff --git a/cloud/azure/backup-vault/monitors-backup-vault.tf b/cloud/azure/backup-vault/monitors-backup-vault.tf new file mode 100644 index 00000000..61c5c7e1 --- /dev/null +++ b/cloud/azure/backup-vault/monitors-backup-vault.tf @@ -0,0 +1,49 @@ +resource "datadog_monitor" "backup_vault_backup_unhealthy_event" { + count = var.backup_unhealthy_event_enabled == "true" ? 1 : 0 + name = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] Backup Vault {{name}} has a backup unhealthy event" + message = coalesce(var.backup_unhealthy_event_message, var.message) + type = "query alert" + + query = < 0 +EOQ + + evaluation_delay = var.evaluation_delay + new_group_delay = var.new_group_delay + notify_no_data = var.notify_no_data + no_data_timeframe = var.no_data_timeframe + renotify_interval = 0 + notify_audit = false + timeout_h = var.timeout_h + include_tags = true + require_full_window = false + + tags = concat(local.common_tags, var.tags, var.backup_unhealthy_event_extra_tags) +} + +resource "datadog_monitor" "backup_vault_restore_unhealthy_event" { + count = var.restore_unhealthy_event_enabled == "true" ? 1 : 0 + name = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] Backup Vault {{name}} has a backup unhealthy event" + message = coalesce(var.restore_unhealthy_event_message, var.message) + type = "query alert" + + query = < 0 +EOQ + + evaluation_delay = var.evaluation_delay + new_group_delay = var.new_group_delay + notify_no_data = false + renotify_interval = 0 + notify_audit = false + timeout_h = var.timeout_h + include_tags = true + require_full_window = false + + tags = concat(local.common_tags, var.tags, var.restore_unhealthy_event_extra_tags) +} + diff --git a/cloud/azure/backup-vault/outputs.tf b/cloud/azure/backup-vault/outputs.tf new file mode 100644 index 00000000..02b1b0a9 --- /dev/null +++ b/cloud/azure/backup-vault/outputs.tf @@ -0,0 +1,10 @@ +output "backup_vault_backup_unhealthy_event_id" { + description = "id for monitor backup_vault_backup_unhealthy_event" + value = datadog_monitor.backup_vault_backup_unhealthy_event.*.id +} + +output "backup_vault_restore_unhealthy_event_id" { + description = "id for monitor backup_vault_restore_unhealthy_event" + value = datadog_monitor.backup_vault_restore_unhealthy_event.*.id +} + diff --git a/cloud/azure/backup-vault/versions.tf b/cloud/azure/backup-vault/versions.tf new file mode 100644 index 00000000..ed7bb399 --- /dev/null +++ b/cloud/azure/backup-vault/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = ">= 3.1.2" + } + } + required_version = ">= 0.12.31" +} diff --git a/cloud/azure/recovery-services-vault/README.md b/cloud/azure/recovery-services-vault/README.md new file mode 100644 index 00000000..5adcdc9b --- /dev/null +++ b/cloud/azure/recovery-services-vault/README.md @@ -0,0 +1,91 @@ +# CLOUD AZURE RECOVERY-SERVICES-VAULT DataDog monitors + +## How to use this module + +```hcl +module "datadog-monitors-cloud-azure-recovery-services-vault" { + source = "claranet/monitors/datadog//cloud/azure/recovery-services-vault" + version = "{revision}" + + environment = var.environment + message = module.datadog-message-alerting.alerting-message +} + +``` + +## Purpose + +Creates DataDog monitors with the following checks: + +- Recovery Services Vault {{name}} has a backup unhealthy event +- Recovery Services Vault {{name}} has a restore unhealthy event + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12.31 | +| [datadog](#requirement\_datadog) | >= 3.1.2 | + +## Providers + +| Name | Version | +|------|---------| +| [datadog](#provider\_datadog) | >= 3.1.2 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [filter-tags](#module\_filter-tags) | ../../../common/filter-tags | n/a | +| [filter-tags-unhealthy-event](#module\_filter-tags-unhealthy-event) | ../../../common/filter-tags | n/a | + +## Resources + +| Name | Type | +|------|------| +| [datadog_monitor.recovery_services_vault_backup_unhealthy_event](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/monitor) | resource | +| [datadog_monitor.recovery_services_vault_restore_unhealthy_event](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/monitor) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [backup\_unhealthy\_event\_enabled](#input\_backup\_unhealthy\_event\_enabled) | Flag to enable Recovery Services Vault Backup Unhealthy Event monitor | `string` | `"true"` | no | +| [backup\_unhealthy\_event\_extra\_tags](#input\_backup\_unhealthy\_event\_extra\_tags) | Extra tags for Recovery Services Vault Backup Unhealthy Event monitor | `list(string)` | `[]` | no | +| [backup\_unhealthy\_event\_message](#input\_backup\_unhealthy\_event\_message) | Custom message for Recovery Services Vault Backup Unhealthy Event monitor | `string` | `""` | no | +| [backup\_unhealthy\_event\_time\_aggregator](#input\_backup\_unhealthy\_event\_time\_aggregator) | Monitor aggregator for Recovery Services Vault Backup Unhealthy Event [available values: min, max or avg] | `string` | `"min"` | no | +| [backup\_unhealthy\_event\_timeframe](#input\_backup\_unhealthy\_event\_timeframe) | Monitor timeframe for Recovery Services Vault Backup Unhealthy Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | `string` | `"last_1d"` | no | +| [environment](#input\_environment) | Architecture Environment | `string` | n/a | yes | +| [evaluation\_delay](#input\_evaluation\_delay) | Delay in seconds for the metric evaluation | `number` | `900` | no | +| [filter\_tags\_custom](#input\_filter\_tags\_custom) | Tags used for custom filtering when filter\_tags\_use\_defaults is false | `string` | `"*"` | no | +| [filter\_tags\_custom\_excluded](#input\_filter\_tags\_custom\_excluded) | Tags excluded for custom filtering when filter\_tags\_use\_defaults is false | `string` | `""` | no | +| [filter\_tags\_use\_defaults](#input\_filter\_tags\_use\_defaults) | Use default filter tags convention | `string` | `"true"` | no | +| [message](#input\_message) | Message sent when a monitor is triggered | `any` | n/a | yes | +| [new\_group\_delay](#input\_new\_group\_delay) | Delay in seconds before monitor new resource | `number` | `300` | no | +| [no\_data\_timeframe](#input\_no\_data\_timeframe) | Number of minutes before reporting no data on Backup Unhealthy Event monitor | `string` | `1440` | no | +| [notify\_no\_data](#input\_notify\_no\_data) | Will raise no data alert if set to true | `bool` | `true` | no | +| [prefix\_slug](#input\_prefix\_slug) | Prefix string to prepend between brackets on every monitors names | `string` | `""` | no | +| [restore\_unhealthy\_event\_enabled](#input\_restore\_unhealthy\_event\_enabled) | Flag to enable Recovery Services Vault Restore Unhealthy Event monitor | `string` | `"true"` | no | +| [restore\_unhealthy\_event\_extra\_tags](#input\_restore\_unhealthy\_event\_extra\_tags) | Extra tags for Recovery Services Vault Restore Unhealthy Event monitor | `list(string)` | `[]` | no | +| [restore\_unhealthy\_event\_message](#input\_restore\_unhealthy\_event\_message) | Custom message for Recovery Services Vault Restore Unhealthy Event monitor | `string` | `""` | no | +| [restore\_unhealthy\_event\_time\_aggregator](#input\_restore\_unhealthy\_event\_time\_aggregator) | Monitor aggregator for Recovery Services Vault Restore Unhealthy Event [available values: min, max or avg] | `string` | `"min"` | no | +| [restore\_unhealthy\_event\_timeframe](#input\_restore\_unhealthy\_event\_timeframe) | Monitor timeframe for Recovery Services Vault Restore Unhealthy Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`] | `string` | `"last_1d"` | no | +| [tags](#input\_tags) | Global variables | `list(string)` |
[
"type:cloud",
"provider:azure",
"resource:recovery_services_vault"
]
| no | +| [team](#input\_team) | n/a | `string` | `"claranet"` | no | +| [timeout\_h](#input\_timeout\_h) | Default auto-resolving state (in hours) | `number` | `0` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [recovery\_services\_vault\_backup\_unhealthy\_event\_id](#output\_recovery\_services\_vault\_backup\_unhealthy\_event\_id) | id for monitor recovery\_services\_vault\_backup\_unhealthy\_event | +| [recovery\_services\_vault\_restore\_unhealthy\_event\_id](#output\_recovery\_services\_vault\_restore\_unhealthy\_event\_id) | id for monitor recovery\_services\_vault\_restore\_unhealthy\_event | + +## Related documentation + +DataDog documentation : [https://docs.datadoghq.com/integrations/azure/](https://docs.datadoghq.com/integrations/azure/) +You must search `keyvault`, there is no integration for now. + +Azure metrics documentation : [https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults](https://docs.microsoft.com/fr-fr/azure/monitoring-and-diagnostics/monitoring-supported-metrics#microsoftkeyvaultvaults) diff --git a/cloud/azure/recovery-services-vault/common-inputs.tf b/cloud/azure/recovery-services-vault/common-inputs.tf new file mode 120000 index 00000000..063966bb --- /dev/null +++ b/cloud/azure/recovery-services-vault/common-inputs.tf @@ -0,0 +1 @@ +../../../common/module/inputs.tf \ No newline at end of file diff --git a/cloud/azure/recovery-services-vault/common-locals.tf b/cloud/azure/recovery-services-vault/common-locals.tf new file mode 120000 index 00000000..355a2a7b --- /dev/null +++ b/cloud/azure/recovery-services-vault/common-locals.tf @@ -0,0 +1 @@ +../../../common/module/locals.tf \ No newline at end of file diff --git a/cloud/azure/recovery-services-vault/inputs.tf b/cloud/azure/recovery-services-vault/inputs.tf new file mode 100644 index 00000000..b8971769 --- /dev/null +++ b/cloud/azure/recovery-services-vault/inputs.tf @@ -0,0 +1,117 @@ +# Global variables +variable "tags" { + type = list(string) + default = ["type:cloud", "provider:azure", "resource:recovery_services_vault"] +} + +# Datadog variables +variable "filter_tags_use_defaults" { + description = "Use default filter tags convention" + default = "true" +} + +variable "filter_tags_custom" { + description = "Tags used for custom filtering when filter_tags_use_defaults is false" + default = "*" +} + +variable "filter_tags_custom_excluded" { + description = "Tags excluded for custom filtering when filter_tags_use_defaults is false" + default = "" +} + +variable "message" { + description = "Message sent when a monitor is triggered" +} + +variable "evaluation_delay" { + description = "Delay in seconds for the metric evaluation" + default = 900 +} + +variable "new_group_delay" { + description = "Delay in seconds before monitor new resource" + default = 300 +} + +variable "timeout_h" { + description = "Default auto-resolving state (in hours)" + default = 0 +} + +variable "prefix_slug" { + description = "Prefix string to prepend between brackets on every monitors names" + default = "" +} + +variable "notify_no_data" { + description = "Will raise no data alert if set to true" + default = true +} + + +variable "no_data_timeframe" { + description = "Number of minutes before reporting no data on Backup Unhealthy Event monitor" + type = string + default = 1440 +} + +# Azure Recovery Services Vault Backup Backup Unhealthy Event monitor +variable "backup_unhealthy_event_enabled" { + description = "Flag to enable Recovery Services Vault Backup Unhealthy Event monitor" + type = string + default = "true" +} + +variable "backup_unhealthy_event_message" { + description = "Custom message for Recovery Services Vault Backup Unhealthy Event monitor" + type = string + default = "" +} + +variable "backup_unhealthy_event_time_aggregator" { + description = "Monitor aggregator for Recovery Services Vault Backup Unhealthy Event [available values: min, max or avg]" + type = string + default = "min" +} + +variable "backup_unhealthy_event_timeframe" { + description = "Monitor timeframe for Recovery Services Vault Backup Unhealthy Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]" + default = "last_1d" +} + +variable "backup_unhealthy_event_extra_tags" { + description = "Extra tags for Recovery Services Vault Backup Unhealthy Event monitor" + type = list(string) + default = [] +} + +# Azure Recovery Services Vault Backup Restore Unhealthy Event monitor +variable "restore_unhealthy_event_enabled" { + description = "Flag to enable Recovery Services Vault Restore Unhealthy Event monitor" + type = string + default = "true" +} + +variable "restore_unhealthy_event_message" { + description = "Custom message for Recovery Services Vault Restore Unhealthy Event monitor" + type = string + default = "" +} + +variable "restore_unhealthy_event_time_aggregator" { + description = "Monitor aggregator for Recovery Services Vault Restore Unhealthy Event [available values: min, max or avg]" + type = string + default = "min" +} + +variable "restore_unhealthy_event_timeframe" { + description = "Monitor timeframe for Recovery Services Vault Restore Unhealthy Event [available values: `last_#m` (1, 5, 10, 15, or 30), `last_#h` (1, 2, or 4), or `last_1d`]" + default = "last_1d" +} + +variable "restore_unhealthy_event_extra_tags" { + description = "Extra tags for Recovery Services Vault Restore Unhealthy Event monitor" + type = list(string) + default = [] +} diff --git a/cloud/azure/recovery-services-vault/modules.tf b/cloud/azure/recovery-services-vault/modules.tf new file mode 100644 index 00000000..e853ff47 --- /dev/null +++ b/cloud/azure/recovery-services-vault/modules.tf @@ -0,0 +1,20 @@ +module "filter-tags" { + source = "../../../common/filter-tags" + + environment = var.environment + resource = "azure_recovery_services_vault" + filter_tags_use_defaults = var.filter_tags_use_defaults + filter_tags_custom = var.filter_tags_custom + filter_tags_custom_excluded = var.filter_tags_custom_excluded +} + +module "filter-tags-unhealthy-event" { + source = "../../../common/filter-tags" + + environment = var.environment + resource = "azure_recovery_services_vault" + filter_tags_use_defaults = var.filter_tags_use_defaults + filter_tags_custom = var.filter_tags_custom + filter_tags_custom_excluded = var.filter_tags_custom_excluded + extra_tags = ["!health_status:healthy"] +} diff --git a/cloud/azure/recovery-services-vault/monitors-recovery-services-vault.tf b/cloud/azure/recovery-services-vault/monitors-recovery-services-vault.tf new file mode 100644 index 00000000..f7c71550 --- /dev/null +++ b/cloud/azure/recovery-services-vault/monitors-recovery-services-vault.tf @@ -0,0 +1,48 @@ +resource "datadog_monitor" "recovery_services_vault_backup_unhealthy_event" { + count = var.backup_unhealthy_event_enabled == "true" ? 1 : 0 + name = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] Recovery Services Vault {{name}} has a backup unhealthy event" + message = coalesce(var.backup_unhealthy_event_message, var.message) + type = "query alert" + + query = < 0 +EOQ + + evaluation_delay = var.evaluation_delay + new_group_delay = var.new_group_delay + notify_no_data = var.notify_no_data + no_data_timeframe = var.no_data_timeframe + renotify_interval = 0 + notify_audit = false + timeout_h = var.timeout_h + include_tags = true + require_full_window = false + + tags = concat(local.common_tags, var.tags, var.backup_unhealthy_event_extra_tags) +} + +resource "datadog_monitor" "recovery_services_vault_restore_unhealthy_event" { + count = var.restore_unhealthy_event_enabled == "true" ? 1 : 0 + name = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] Recovery Services Vault {{name}} has a restore unhealthy event" + message = coalesce(var.restore_unhealthy_event_message, var.message) + type = "query alert" + + query = < 0 +EOQ + + evaluation_delay = var.evaluation_delay + new_group_delay = var.new_group_delay + notify_no_data = false + renotify_interval = 0 + notify_audit = false + timeout_h = var.timeout_h + include_tags = true + require_full_window = false + + tags = concat(local.common_tags, var.tags, var.restore_unhealthy_event_extra_tags) +} diff --git a/cloud/azure/recovery-services-vault/outputs.tf b/cloud/azure/recovery-services-vault/outputs.tf new file mode 100644 index 00000000..7f7969c7 --- /dev/null +++ b/cloud/azure/recovery-services-vault/outputs.tf @@ -0,0 +1,10 @@ +output "recovery_services_vault_backup_unhealthy_event_id" { + description = "id for monitor recovery_services_vault_backup_unhealthy_event" + value = datadog_monitor.recovery_services_vault_backup_unhealthy_event.*.id +} + +output "recovery_services_vault_restore_unhealthy_event_id" { + description = "id for monitor recovery_services_vault_restore_unhealthy_event" + value = datadog_monitor.recovery_services_vault_restore_unhealthy_event.*.id +} + diff --git a/cloud/azure/recovery-services-vault/versions.tf b/cloud/azure/recovery-services-vault/versions.tf new file mode 100644 index 00000000..ed7bb399 --- /dev/null +++ b/cloud/azure/recovery-services-vault/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = ">= 3.1.2" + } + } + required_version = ">= 0.12.31" +} diff --git a/scripts b/scripts index 7487d47c..2997d947 160000 --- a/scripts +++ b/scripts @@ -1 +1 @@ -Subproject commit 7487d47ce346a82a33676f189104e583e86230b8 +Subproject commit 2997d94713b0bd5627ddcd05f503616be4b0f752