diff --git a/modules/ManagementGovernance/Monitoring.NLB/main.tf b/modules/ManagementGovernance/Monitoring.NLB/main.tf index 4ba9869..e8786c5 100644 --- a/modules/ManagementGovernance/Monitoring.NLB/main.tf +++ b/modules/ManagementGovernance/Monitoring.NLB/main.tf @@ -1,28 +1,37 @@ -data external nlb-targetgroups { - program = ["bash", "../../modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh"] +/* +data "external" "nlb-targetgroups" { + program = ["bash", "${path.module}/list-nlb-targetgroups.sh"] query = { - lb = var.load-balancer + parameter = var.load-balancer } } +*/ -resource aws_cloudwatch_metric_alarm nlb-HealthyHostCount { - for_each = toset(split(" ", data.external.nlb-targetgroups.result.result)) - alarm_name = "NLBTG:HealthyHostCount:${split("/", each.value)[1]}/${split("/", each.value)[2]}" - comparison_operator = "LessThanThreshold" - evaluation_periods = "1" - metric_name = "HealthyHostCount" - period = "300" - statistic = "Minimum" - threshold = var.threshold-HealthHostCountMin - alarm_description = "NLBTG:HealthyHostCount" - namespace = "AWS/NetworkELB" + +module "nlb-targetgroups" { + source = "../../util/resource-list" + resource-type = "nlb-targetgroups" + query-input = var.load-balancer +} + +resource "aws_cloudwatch_metric_alarm" "nlb-HealthyHostCount" { + for_each = module.nlb-targetgroups.result-set + alarm_name = "NLBTG:HealthyHostCount:${split(":", each.value)[5]}" + comparison_operator = "LessThanThreshold" + evaluation_periods = "1" + metric_name = "HealthyHostCount" + period = "300" + statistic = "Minimum" + threshold = var.threshold-HealthHostCountMin + alarm_description = "NLBTG:HealthyHostCount" + namespace = "AWS/NetworkELB" insufficient_data_actions = [] - actions_enabled = "true" - alarm_actions = [var.alarm-actions-emergency] - ok_actions = [var.alarm-actions-emergency] + actions_enabled = "true" + alarm_actions = [var.alarm-actions-emergency] + ok_actions = [var.alarm-actions-emergency] dimensions = { - TargetGroup = "targetgroup/${split("/", each.value)[1]}/${split("/", each.value)[2]}" - LoadBalancer = "net/${split("/",var.load-balancer)[2]}/${split("/",var.load-balancer)[3]}" + TargetGroup = split(":", each.value)[5] + LoadBalancer = "net/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}" } tags = var.default-tags lifecycle { diff --git a/modules/ManagementGovernance/Monitoring.RDS/main.tf b/modules/ManagementGovernance/Monitoring.RDS/main.tf index 0edf854..3af6201 100644 --- a/modules/ManagementGovernance/Monitoring.RDS/main.tf +++ b/modules/ManagementGovernance/Monitoring.RDS/main.tf @@ -90,15 +90,15 @@ resource aws_cloudwatch_metric_alarm rds-DiskQueueDepth { } } -resource aws_cloudwatch_metric_alarm rds-ReadLetency { - alarm_name = "RDS:ReadLetency:${var.rds-instance-name}" +resource aws_cloudwatch_metric_alarm rds-ReadLatency { + alarm_name = "RDS:ReadLatency:${var.rds-instance-name}" comparison_operator = "GreaterThanThreshold" evaluation_periods = "2" - metric_name = "ReadLetency" - period = "600" + metric_name = "ReadLatency" + period = "900" statistic = "Average" - threshold = var.threshold-ReadLetency - alarm_description = "RDS:ReadLetency" + threshold = var.threshold-ReadLatency + alarm_description = "RDS:ReadLatency" namespace = "AWS/RDS" insufficient_data_actions = [] actions_enabled = "true" @@ -113,15 +113,15 @@ resource aws_cloudwatch_metric_alarm rds-ReadLetency { } } -resource aws_cloudwatch_metric_alarm rds-WriteLetency { - alarm_name = "RDS:WriteLetency:${var.rds-instance-name}" +resource aws_cloudwatch_metric_alarm rds-WriteLatency { + alarm_name = "RDS:WriteLatency:${var.rds-instance-name}" comparison_operator = "GreaterThanThreshold" evaluation_periods = "2" - metric_name = "WriteLetency" - period = "600" + metric_name = "WriteLatency" + period = "900" statistic = "Average" - threshold = var.threshold-WriteLetency - alarm_description = "RDS:WriteLetency" + threshold = var.threshold-WriteLatency + alarm_description = "RDS:WriteLatency" namespace = "AWS/RDS" insufficient_data_actions = [] actions_enabled = "true" diff --git a/modules/ManagementGovernance/Monitoring.RDS/variables.tf b/modules/ManagementGovernance/Monitoring.RDS/variables.tf index 2ead58a..fb690cd 100644 --- a/modules/ManagementGovernance/Monitoring.RDS/variables.tf +++ b/modules/ManagementGovernance/Monitoring.RDS/variables.tf @@ -21,5 +21,5 @@ variable threshold-FreeableMemory {} variable threshold-CpuUtilization {} variable threshold-FreeStorageSpace {} variable threshold-DiskQueueDepth {} -variable threshold-ReadLetency {} -variable threshold-WriteLetency {} \ No newline at end of file +variable threshold-ReadLatency {} +variable threshold-WriteLatency {} \ No newline at end of file diff --git a/modules/ManagementGovernance/Monitoring.Redis/main.tf b/modules/ManagementGovernance/Monitoring.Redis/main.tf index a04a9f3..80747e7 100644 --- a/modules/ManagementGovernance/Monitoring.Redis/main.tf +++ b/modules/ManagementGovernance/Monitoring.Redis/main.tf @@ -53,9 +53,9 @@ resource aws_cloudwatch_metric_alarm redis-CacheHitRate { # for_each = toset(data.aws_elasticache_cluster.redis-cluster.cache_nodes.*.id) alarm_name = "Redis:CacheHitRate:${var.redis-cluster-id}" comparison_operator = "LessThanThreshold" - evaluation_periods = "1" + evaluation_periods = "4" metric_name = "CacheHitRate" - period = "1800" + period = "900" statistic = "Average" threshold = var.threshold-CacheHitRate alarm_description = "Redis:CacheHitRate" diff --git a/modules/util/resource-list/list-alb.sh b/modules/util/resource-list/list-alb.sh new file mode 100755 index 0000000..a6f5920 --- /dev/null +++ b/modules/util/resource-list/list-alb.sh @@ -0,0 +1,3 @@ +#!/bin/bash +RESULTS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`].LoadBalancerArn' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' diff --git a/modules/util/resource-list/list-ec2.sh b/modules/util/resource-list/list-ec2.sh new file mode 100755 index 0000000..b0e9a9b --- /dev/null +++ b/modules/util/resource-list/list-ec2.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# exclude ASG instances +RESULTS=$(aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key == `aws:autoscaling:groupName`].Value)].InstanceId' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' diff --git a/modules/util/resource-list/list-emr.sh b/modules/util/resource-list/list-emr.sh new file mode 100755 index 0000000..6a6bef2 --- /dev/null +++ b/modules/util/resource-list/list-emr.sh @@ -0,0 +1,3 @@ +#!/bin/bash +RESULTS=$(aws emr list-clusters --active --query Clusters[*].ClusterArn --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' diff --git a/modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh b/modules/util/resource-list/list-nlb-targetgroups.sh similarity index 62% rename from modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh rename to modules/util/resource-list/list-nlb-targetgroups.sh index 6c7c5a8..014de08 100755 --- a/modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh +++ b/modules/util/resource-list/list-nlb-targetgroups.sh @@ -1,6 +1,6 @@ #!/bin/bash -eval "$(jq -r '@sh "lb=\(.lb)"')" +eval "$(jq -r '@sh "lb=\(.input)"')" RESULTS=$(aws elbv2 describe-target-groups --load-balancer-arn $lb --query TargetGroups[*].TargetGroupArn --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) -jq -n --arg result "$RESULTS" '{"result":$result}' +jq -n --arg result "$RESULTS" '{"result":$result}' | tee -a /tmp/log.txt diff --git a/modules/util/resource-list/list-nlb.sh b/modules/util/resource-list/list-nlb.sh new file mode 100755 index 0000000..7ecc5e3 --- /dev/null +++ b/modules/util/resource-list/list-nlb.sh @@ -0,0 +1,3 @@ +#!/bin/bash +RESULTS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`network`].LoadBalancerArn' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' \ No newline at end of file diff --git a/modules/util/resource-list/list-rds.sh b/modules/util/resource-list/list-rds.sh new file mode 100755 index 0000000..7b031ca --- /dev/null +++ b/modules/util/resource-list/list-rds.sh @@ -0,0 +1,3 @@ +#!/bin/bash +RESULTS=$(aws rds describe-db-instances --query 'DBInstances[*].DBInstanceIdentifier' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' diff --git a/modules/util/resource-list/list-redis.sh b/modules/util/resource-list/list-redis.sh new file mode 100644 index 0000000..981b00a --- /dev/null +++ b/modules/util/resource-list/list-redis.sh @@ -0,0 +1,3 @@ +#!/bin/bash +RESULTS=$( aws elasticache describe-cache-clusters --query 'CacheClusters[*].CacheClusterId' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs) +jq -n --arg result "$RESULTS" '{"result":$result}' diff --git a/modules/util/resource-list/main.tf b/modules/util/resource-list/main.tf new file mode 100644 index 0000000..e0a0ac7 --- /dev/null +++ b/modules/util/resource-list/main.tf @@ -0,0 +1,13 @@ +data "external" "instances" { + # program = ["bash", "../../modules/util/resource-list/list-${var.resource-type}.sh"] + program = ["bash", "${path.module}/list-${var.resource-type}.sh"] + query = { + input = var.query-input + } +} + +output result-set { + # value = toset(split(" ", data.external.instances.result.result)) + # prevents terraform from returning [""] + value = length(data.external.instances.result.result) > 0 ? toset(split(" ", data.external.instances.result.result)) : [] +} \ No newline at end of file diff --git a/modules/util/resource-list/variables.tf b/modules/util/resource-list/variables.tf new file mode 100644 index 0000000..6a21820 --- /dev/null +++ b/modules/util/resource-list/variables.tf @@ -0,0 +1,8 @@ +variable resource-type { + type = string +} + +variable query-input { + type = string + default = null +} \ No newline at end of file