UPD: created util/resource-list module and moved shell scripts there

2022-10-25 19:51:04 +08:00 · 2022-10-25 19:51:04 +08:00 · 2af0ff1b1a
commit 2af0ff1b1a
parent f9b80bd6d2
13 changed files with 86 additions and 37 deletions
--- a/modules/ManagementGovernance/Monitoring.NLB/main.tf
+++ b/modules/ManagementGovernance/Monitoring.NLB/main.tf
@ -1,28 +1,37 @@
-data external nlb-targetgroups {
+/*
-  program = ["bash", "../../modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh"]
+data "external" "nlb-targetgroups" {
  program = ["bash", "${path.module}/list-nlb-targetgroups.sh"]
  query = {
-    lb = var.load-balancer
+    parameter = var.load-balancer
  }
 }
 */
-resource aws_cloudwatch_metric_alarm nlb-HealthyHostCount {
+
-  for_each = toset(split(" ", data.external.nlb-targetgroups.result.result))
+module "nlb-targetgroups" {
-  alarm_name = "NLBTG:HealthyHostCount:${split("/", each.value)[1]}/${split("/", each.value)[2]}"
+  source        = "../../util/resource-list"
-  comparison_operator = "LessThanThreshold"
+  resource-type = "nlb-targetgroups"
-  evaluation_periods = "1"
+  query-input   = var.load-balancer
-  metric_name = "HealthyHostCount"
+}
-  period = "300"
+
-  statistic = "Minimum"
+resource "aws_cloudwatch_metric_alarm" "nlb-HealthyHostCount" {
-  threshold = var.threshold-HealthHostCountMin
+  for_each                  = module.nlb-targetgroups.result-set
-  alarm_description = "NLBTG:HealthyHostCount"
+  alarm_name                = "NLBTG:HealthyHostCount:${split(":", each.value)[5]}"
-  namespace = "AWS/NetworkELB"
+  comparison_operator       = "LessThanThreshold"
  evaluation_periods        = "1"
  metric_name               = "HealthyHostCount"
  period                    = "300"
  statistic                 = "Minimum"
  threshold                 = var.threshold-HealthHostCountMin
  alarm_description         = "NLBTG:HealthyHostCount"
  namespace                 = "AWS/NetworkELB"
  insufficient_data_actions = []
-  actions_enabled = "true"
+  actions_enabled           = "true"
-  alarm_actions = [var.alarm-actions-emergency]
+  alarm_actions             = [var.alarm-actions-emergency]
-  ok_actions = [var.alarm-actions-emergency]
+  ok_actions                = [var.alarm-actions-emergency]
  dimensions = {
-    TargetGroup = "targetgroup/${split("/", each.value)[1]}/${split("/", each.value)[2]}"
+    TargetGroup  = split(":", each.value)[5]
-    LoadBalancer = "net/${split("/",var.load-balancer)[2]}/${split("/",var.load-balancer)[3]}"
+    LoadBalancer = "net/${split("/", var.load-balancer)[2]}/${split("/", var.load-balancer)[3]}"
  }
  tags = var.default-tags
  lifecycle {
--- a/modules/ManagementGovernance/Monitoring.RDS/main.tf
+++ b/modules/ManagementGovernance/Monitoring.RDS/main.tf
@ -90,15 +90,15 @@ resource aws_cloudwatch_metric_alarm rds-DiskQueueDepth {
  }
 }
-resource aws_cloudwatch_metric_alarm rds-ReadLetency {
+resource aws_cloudwatch_metric_alarm rds-ReadLatency {
-  alarm_name = "RDS:ReadLetency:${var.rds-instance-name}"
+  alarm_name = "RDS:ReadLatency:${var.rds-instance-name}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods = "2"
-  metric_name = "ReadLetency"
+  metric_name = "ReadLatency"
-  period = "600"
+  period = "900"
  statistic = "Average"
-  threshold = var.threshold-ReadLetency
+  threshold = var.threshold-ReadLatency
-  alarm_description = "RDS:ReadLetency"
+  alarm_description = "RDS:ReadLatency"
  namespace = "AWS/RDS"
  insufficient_data_actions = []
  actions_enabled = "true"
@ -113,15 +113,15 @@ resource aws_cloudwatch_metric_alarm rds-ReadLetency {
  }
 }
-resource aws_cloudwatch_metric_alarm rds-WriteLetency {
+resource aws_cloudwatch_metric_alarm rds-WriteLatency {
-  alarm_name = "RDS:WriteLetency:${var.rds-instance-name}"
+  alarm_name = "RDS:WriteLatency:${var.rds-instance-name}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods = "2"
-  metric_name = "WriteLetency"
+  metric_name = "WriteLatency"
-  period = "600"
+  period = "900"
  statistic = "Average"
-  threshold = var.threshold-WriteLetency
+  threshold = var.threshold-WriteLatency
-  alarm_description = "RDS:WriteLetency"
+  alarm_description = "RDS:WriteLatency"
  namespace = "AWS/RDS"
  insufficient_data_actions = []
  actions_enabled = "true"
--- a/modules/ManagementGovernance/Monitoring.RDS/variables.tf
+++ b/modules/ManagementGovernance/Monitoring.RDS/variables.tf
@ -21,5 +21,5 @@ variable threshold-FreeableMemory {}
 variable threshold-CpuUtilization {}
 variable threshold-FreeStorageSpace {}
 variable threshold-DiskQueueDepth {}
-variable threshold-ReadLetency {}
+variable threshold-ReadLatency {}
-variable threshold-WriteLetency {}
+variable threshold-WriteLatency {}
--- a/modules/ManagementGovernance/Monitoring.Redis/main.tf
+++ b/modules/ManagementGovernance/Monitoring.Redis/main.tf
@ -53,9 +53,9 @@ resource aws_cloudwatch_metric_alarm redis-CacheHitRate {
  # for_each = toset(data.aws_elasticache_cluster.redis-cluster.cache_nodes.*.id)
  alarm_name = "Redis:CacheHitRate:${var.redis-cluster-id}"
  comparison_operator = "LessThanThreshold"
-  evaluation_periods = "1"
+  evaluation_periods = "4"
  metric_name = "CacheHitRate"
-  period = "1800"
+  period = "900"
  statistic = "Average"
  threshold = var.threshold-CacheHitRate
  alarm_description = "Redis:CacheHitRate"
--- a/modules/util/resource-list/list-alb.sh
+++ b/modules/util/resource-list/list-alb.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 RESULTS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`application`].LoadBalancerArn' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/util/resource-list/list-ec2.sh
+++ b/modules/util/resource-list/list-ec2.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 # exclude ASG instances
 RESULTS=$(aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key == `aws:autoscaling:groupName`].Value)].InstanceId' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/util/resource-list/list-emr.sh
+++ b/modules/util/resource-list/list-emr.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 RESULTS=$(aws emr list-clusters --active --query Clusters[*].ClusterArn --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh
+++ b/modules/ManagementGovernance/Monitoring.NLB/list-nlb-targetgroups.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-eval "$(jq -r '@sh "lb=\(.lb)"')"
+eval "$(jq -r '@sh "lb=\(.input)"')"
 RESULTS=$(aws elbv2 describe-target-groups --load-balancer-arn $lb --query TargetGroups[*].TargetGroupArn --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
-jq -n --arg result "$RESULTS" '{"result":$result}'
+jq -n --arg result "$RESULTS" '{"result":$result}' | tee -a /tmp/log.txt
--- a/modules/util/resource-list/list-nlb.sh
+++ b/modules/util/resource-list/list-nlb.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 RESULTS=$(aws elbv2 describe-load-balancers --query 'LoadBalancers[?Type==`network`].LoadBalancerArn' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/util/resource-list/list-rds.sh
+++ b/modules/util/resource-list/list-rds.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 RESULTS=$(aws rds describe-db-instances --query 'DBInstances[*].DBInstanceIdentifier' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/util/resource-list/list-redis.sh
+++ b/modules/util/resource-list/list-redis.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 RESULTS=$( aws elasticache describe-cache-clusters --query 'CacheClusters[*].CacheClusterId' --output text --no-cli-pager | sed 's/\t/\n/g' | sort | xargs)
 jq -n --arg result "$RESULTS" '{"result":$result}'
--- a/modules/util/resource-list/main.tf
+++ b/modules/util/resource-list/main.tf
@ -0,0 +1,13 @@
 data "external" "instances" {
  # program = ["bash", "../../modules/util/resource-list/list-${var.resource-type}.sh"]
  program = ["bash", "${path.module}/list-${var.resource-type}.sh"]
  query = {
    input = var.query-input
  }
 }
 output result-set {
  # value = toset(split(" ", data.external.instances.result.result))
  # prevents terraform from returning [""]
  value = length(data.external.instances.result.result) > 0 ? toset(split(" ", data.external.instances.result.result)) : []
 }
--- a/modules/util/resource-list/variables.tf
+++ b/modules/util/resource-list/variables.tf
@ -0,0 +1,8 @@
 variable resource-type {
  type = string
 }
 variable query-input {
  type = string
  default = null
 }