Configuring Azure Monitor with Terraform

Introduction

Azure Monitor is a comprehensive monitoring solution that collects, analyzes, and acts on telemetry data from your cloud and on-premises environments. It helps you maximize the availability and performance of your applications and services by providing insights into their performance and availability. In an era where observability is paramount, Infrastructure as Code (IaC) with tools like Terraform allows developers and operations teams to automate the deployment and configuration of Azure resources, ensuring consistency and reducing human error.

In this tutorial, we will focus on configuring Azure Monitor using Terraform, specifically utilizing the azurerm_monitor_action_group resource. Action groups are a vital feature in Azure Monitor, enabling you to define who gets notified and what actions are taken when an alert is triggered. We will also explore integrating alerts and log analytics workspaces for a holistic monitoring setup.

Prerequisites

To follow along with this tutorial, you will need:

• Terraform CLI: Download and install Terraform.
• Azure Subscription: Create an Azure account if you don't have one.
• Azure CLI: Install the Azure CLI to manage Azure resources.
• Service Principal: Create a service principal for Terraform to authenticate against Azure.

You can create a service principal using the following command:

az ad sp create-for-rbac --name "terraform-sp" --role="Contributor" --scopes="/subscriptions/{subscription-id}"

Replace {subscription-id} with your actual subscription ID.

Fundamental Concepts

Before diving into the Terraform configuration, let’s understand some key terminology:

• Action Group: A collection of notification preferences and automated actions for Azure Monitor alerts.
• Alert Rule: A rule that specifies the conditions under which an alert is triggered.
• Log Analytics Workspace: A centralized repository for monitoring data collected by Azure Monitor, allowing for complex queries and analysis.

Resource Dependencies and State Management

Terraform manages infrastructure using a state file, which keeps track of resource configurations and dependencies. Ensure you are familiar with how Terraform handles state, as it is crucial for managing updates and deletions of resources.

Resource Syntax

The azurerm_monitor_action_group resource allows you to define action groups in Azure Monitor. Here’s the basic syntax:

resource "azurerm_monitor_action_group" "example" {
  name                = "example-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "example"

  email_receiver {
    name                    = "example-email"
    email_address           = "your-email@example.com"
    use_common_alert_schema = true
  }
}

Arguments Table

Argument	Description
name	The name of the action group.
resource_group_name	The name of the resource group in which to create the action group.
short_name	A short name for the action group, used in notifications.
email_receiver	Configuration block for email notifications.

Practical Examples

Example 1: Basic Action Group

resource "azurerm_monitor_action_group" "basic" {
  name                = "basic-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "basic"

  email_receiver {
    name                    = "alert-email"
    email_address           = "alert@example.com"
    use_common_alert_schema = true
  }
}

Example 2: Action Group with SMS Notifications

resource "azurerm_monitor_action_group" "sms" {
  name                = "sms-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "sms"

  sms_receiver {
    name        = "alert-sms"
    country_code = "+1"
    phone_number = "1234567890"
  }
}

Example 3: Action Group with Webhook

resource "azurerm_monitor_action_group" "webhook" {
  name                = "webhook-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "webhook"

  webhook_receiver {
    name       = "example-webhook"
    service_uri = "https://example.com/webhook"
  }
}

Example 4: Combined Action Group

resource "azurerm_monitor_action_group" "combined" {
  name                = "combined-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "combined"

  email_receiver {
    name                    = "alert-email"
    email_address           = "alert@example.com"
    use_common_alert_schema = true
  }

  sms_receiver {
    name        = "alert-sms"
    country_code = "+1"
    phone_number = "1234567890"
  }

  webhook_receiver {
    name       = "example-webhook"
    service_uri = "https://example.com/webhook"
  }
}

Example 5: Alert Rule with Action Group

resource "azurerm_monitor_metric_alert" "example" {
  name                = "example-alert"
  resource_group_name = azurerm_resource_group.example.name
  criteria {
    metric_namespace = "Microsoft.Compute/virtualMachines"
    metric_name      = "Percentage CPU"
    aggregation      = "Average"
    operator         = "GreaterThan"
    threshold        = 80
  }

  action {
    action_group_id = azurerm_monitor_action_group.combined.id
  }
}

Example 6: Log Analytics Workspace

resource "azurerm_log_analytics_workspace" "example" {
  name                = "example-log-workspace"
  location            = "West Europe"
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
}

Example 7: Connecting Action Group to Log Analytics

resource "azurerm_monitor_action_group" "log_analytics" {
  name                = "log-alert-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "logalert"

  webhook_receiver {
    name       = "log-webhook"
    service_uri = "https://example.com/log-webhook"
  }
}

resource "azurerm_monitor_log_alert" "example" {
  name                = "log-alert"
  resource_group_name = azurerm_resource_group.example.name
  workspace_id        = azurerm_log_analytics_workspace.example.id

  criteria {
    query = "AzureActivity | where ActivityStatus == 'Failed'"
    time_window = "PT5M"
    frequency = "PT1M"
  }

  action {
    action_group_id = azurerm_monitor_action_group.log_analytics.id
  }
}

Example 8: Complete Monitoring Setup

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "example-log-workspace"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
}

resource "azurerm_monitor_action_group" "example" {
  name                = "example-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "example"

  email_receiver {
    name                    = "example-email"
    email_address           = "your-email@example.com"
    use_common_alert_schema = true
  }
}

resource "azurerm_monitor_metric_alert" "example" {
  name                = "example-alert"
  resource_group_name = azurerm_resource_group.example.name
  frequency          = "PT5M"
  severity           = 2
  window_size        = "PT5M"

  criteria {
    metric_namespace = "Microsoft.Compute/virtualMachines"
    metric_name      = "Percentage CPU"
    aggregation      = "Average"
    operator         = "GreaterThan"
    threshold        = 80
  }

  action {
    action_group_id = azurerm_monitor_action_group.example.id
  }
}

Real-World Use Cases

1. Website Performance Monitoring: Use Azure Monitor to track the performance of a web application, setting alerts on key metrics such as response time or CPU usage, and notify the development team via action groups when thresholds are breached.

2. Infrastructure Monitoring: Set up alerts for critical infrastructure components like virtual machines or databases, which can notify operations teams immediately if there are any performance degradation or failures.

3. Log Analysis and Alerting: Integrate Azure Monitor with Log Analytics to analyze log data from various sources, allowing the team to identify and respond rapidly to potential issues.

Best Practices

1. Use Naming Conventions: Adopt a consistent naming convention for resources to enhance manageability.

2. Modularize Your Terraform Code: Break down configurations into reusable modules, which helps in maintaining the code.

3. State Management: Use remote backends like Azure Storage for storing the Terraform state file securely.

4. Parameterize Your Configurations: Use variables for configurations that might change between environments.

5. Security: Always follow Azure security best practices, such as using least privilege for service principals and securing sensitive information.

Common Errors

1. Error: Action Group Not Found
   Cause: The specified action group does not exist.
   Solution: Check if the action group name and resource group are correct.

2. Error: Resource Group Not Found
   Cause: The resource group specified does not exist in Azure.
   Solution: Create the resource group or verify the name.

3. Error: Invalid Email Address
   Cause: The email address format is incorrect.
   Solution: Ensure the email address is valid and correctly formatted.

4. Error: Insufficient Permissions
   Cause: The service principal does not have the required permissions to create action groups.
   Solution: Assign the necessary roles to the service principal.

Related Resources

Resource Type	Resource Link
Azure Monitor Overview	Azure Monitor Overview
Terraform azurerm Provider Docs	Terraform Registry
Action Groups Documentation	Azure Action Groups

Complete Infrastructure Script

Here is a complete Terraform script that incorporates all the examples we discussed:

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "example-log-workspace"
  location            = "West Europe"
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
}

resource "azurerm_monitor_action_group" "example" {
  name                = "example-action-group"
  resource_group_name = azurerm_resource_group.example.name
  short_name          = "example"

  email_receiver {
    name                    = "example-email"
    email_address           = "your-email@example.com"
    use_common_alert_schema = true
  }
}

resource "azurerm_monitor_metric_alert" "example" {
  name                = "example-alert"
  resource_group_name = azurerm_resource_group.example.name
  frequency          = "PT5M"
  severity           = 2
  window_size        = "PT5M"

  criteria {
    metric_namespace = "Microsoft.Compute/virtualMachines"
    metric_name      = "Percentage CPU"
    aggregation      = "Average"
    operator         = "GreaterThan"
    threshold        = 80
  }

  action {
    action_group_id = azurerm_monitor_action_group.example.id
  }
}

Conclusion

In this tutorial, you have learned how to configure Azure Monitor with Terraform, focusing on action groups, alerts, and log analytics workspaces. By leveraging these tools, you can create a robust monitoring solution that enhances the observability of your applications and infrastructure. As you continue your journey with Terraform and Azure, consider exploring more advanced features like autoscaling and advanced alerting mechanisms.

References

• Azure Monitor Documentation
• Terraform azurerm Provider
• Azure Monitor Action Groups

🚀 Happy Monitoring! 💡