This is an experimental module
Configures a basic monitoring pattern based on three thresholds:
- Alerting - send to something like PagerDuty
- Ticketing - send to something like Jira
- Notify - send to something like Slack
Currently this module only supports these targets, though we aim to make it more flexible over time to support different integrations.
You can attach currently CloudWatch Alarms and Metric Alarms.
Here's what using the module will look like
module "monitoring" {
source = "rhythmictech/terraform-aws-rhythmic-monitoring"
alert_webhook = var.pagerduty_webhook
enable_jira_integration = true
name = "Monitoring"
notify_webhook = var.slack_webhook
jira_api_token_secret_name = "jira-api-token"
jira_issue_type = "Incident"
jira_project = "JSD"
jira_url = "https://customer.atlassian.net/"
jira_username = "jira_user@customer.com"
slack_channel = var.slack_channel
slack_username = var.slack_username
}To use Jira integration, you need to save your API key in AWS Secrets Manager. Something like this would work:
aws secretsmanager create-secret \
--region us-east-1 \
--name jira-api-token \
--secret-string="JIRA_API_TOKEN" \
--tags '[{"Key":"terraform_managed","Value":"false"}]'You can read more about how to generate them on the Atlassian Docs. If yopu are unsure of what issue types or projects you have available this blog post has some useful curl calls.
To create an incoming Slack webhook you can read these docs and will end up with a webhook like this:
https://hooks.slack.com/services/T1GG3R/K1NG3YR4BW/2hWASoxAt8lHOAXizwdvsa
This module uses Pagerduty's AWS Cloudwatch integration, which you can read about on the pagerduty docs. Another helpful example is this blog post You will end up with a webhook like the one below:
https://events.pagerduty.com/integration/10101RhythmicTechDaBest200hassh/enqueue
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| archive | 1.3.0 |
| aws | >= 3.0 |
| null | 3.0.0 |
| Name | Version |
|---|---|
| archive | 1.3.0 |
| aws | >= 3.0 |
| null | 3.0.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alert_webhook | Webhook to send alerts to. Currently must be a PagerDuty webhook | string |
n/a | yes |
| name | Moniker to apply to all resources in the module | string |
n/a | yes |
| notify_webhook | Webhook to send notifications to. Currently must be a Slack webhook | string |
n/a | yes |
| slack_channel | Slack channel to route alerts to | string |
n/a | yes |
| create_jira_secret_access_policy | If true, will attach an IAM policy granting read access to the secret containing the Jira access token. Only effective if enable_jira_integration=true |
bool |
true |
no |
| enable_jira_integration | Enable Jira integration Lambda | bool |
false |
no |
| jira_api_token_secret_name | Name of Secrets Manager secret containing API Token to use for requests (see https://confluence.atlassian.com/cloud/api-tokens-938839638.html) | string |
null |
no |
| jira_issue_type | Issue Type (key) to use for all issues | string |
null |
no |
| jira_project | Jira Project Key to create issues in | string |
null |
no |
| jira_url | URL of Jira instance | string |
null |
no |
| jira_username | Jira Username (must match specified API key) | string |
null |
no |
| pip_path | Path to your pip installation (must be valid if enable_jira_integration=true) |
string |
"/usr/local/bin/pip" |
no |
| slack_username | Slack username to post alerts as (will use aws account id if not specified) | string |
"" |
no |
| tags | User-Defined tags | map(string) |
{} |
no |
| Name | Description |
|---|---|
| sns_topic_alert_arn | Alert Topic ARN |
| sns_topic_notify_arn | Notification Topic ARN |
| sns_topic_ticket_arn | Ticketing Topic ARN |