generated from ministryofjustice/template-repository
/
monitoring.tf
51 lines (45 loc) · 1.79 KB
/
monitoring.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# DDoS Alarm
resource "aws_cloudwatch_metric_alarm" "ddos_attack_external" {
alarm_name = "DDoSDetected"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "3"
metric_name = "DDoSDetected"
namespace = "AWS/DDoSProtection"
period = "60"
statistic = "Average"
threshold = "0"
alarm_description = "Triggers when AWS Shield Advanced detects a DDoS attack"
treat_missing_data = "notBreaching"
alarm_actions = [aws_sns_topic.sprinkler_ddos_alarm.arn]
dimensions = {
ResourceArn = aws_lb.external.arn
}
}
# SNS topic for monitoring to send alarms to
resource "aws_sns_topic" "sprinkler_ddos_alarm" {
name = "sprinkler_ddos_alarm"
kms_master_key_id = data.aws_kms_key.sns.id
}
## Pager duty integration
# Get the map of pagerduty integration keys from the modernisation platform account
data "aws_secretsmanager_secret" "pagerduty_integration_keys" {
provider = aws.modernisation-platform
name = "pagerduty_integration_keys"
}
data "aws_secretsmanager_secret_version" "pagerduty_integration_keys" {
provider = aws.modernisation-platform
secret_id = data.aws_secretsmanager_secret.pagerduty_integration_keys.id
}
# Add a local to get the keys
locals {
pagerduty_integration_keys = jsondecode(data.aws_secretsmanager_secret_version.pagerduty_integration_keys.secret_string)
}
# link the sns topic to the service
module "pagerduty_core_alerts" {
depends_on = [
aws_sns_topic.sprinkler_ddos_alarm
]
source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0"
sns_topics = [aws_sns_topic.sprinkler_ddos_alarm.name]
pagerduty_integration_key = local.pagerduty_integration_keys["ddos_cloudwatch"]
}