Merge pull request #7 from companieshouse/update/alb-asg-alarms-sns

Adding ASG alarms, updating ALB alarms and adding SNS topic for delivery

Author: MartyFox

groups/adminsites-infrastructure/README.md

@@ -24,12 +24,16 @@
 | <a name="module_adminsites_asg_security_group"></a> [adminsites\_asg\_security\_group](#module\_adminsites\_asg\_security\_group) | terraform-aws-modules/security-group/aws | ~> 3.0 |
 | <a name="module_adminsites_internal_alb"></a> [adminsites\_internal\_alb](#module\_adminsites\_internal\_alb) | terraform-aws-modules/alb/aws | ~> 5.0 |
 | <a name="module_adminsites_internal_alb_security_group"></a> [adminsites\_internal\_alb\_security\_group](#module\_adminsites\_internal\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 3.0 |
+| <a name="module_cloudwatch_sns_notifications"></a> [cloudwatch\_sns\_notifications](#module\_cloudwatch\_sns\_notifications) | terraform-aws-modules/sns/aws | 3.3.0 |
 | <a name="module_ewfadmin_autoscaling_groups"></a> [ewfadmin\_autoscaling\_groups](#module\_ewfadmin\_autoscaling\_groups) | [email protected]:companieshouse/terraform-modules//aws/terraform-aws-autoscaling?ref=tags/1.0.36 |  |
+| <a name="module_ewfadmin_autoscaling_groups_alarms"></a> [ewfadmin\_autoscaling\_groups\_alarms](#module\_ewfadmin\_autoscaling\_groups\_alarms) | [email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108 |  |
 | <a name="module_ewfadmin_iam_profile"></a> [ewfadmin\_iam\_profile](#module\_ewfadmin\_iam\_profile) | [email protected]:companieshouse/terraform-modules//aws/instance_profile?ref=tags/1.0.59 |  |
-| <a name="module_internal_alb_metrics"></a> [internal\_alb\_metrics](#module\_internal\_alb\_metrics) | [email protected]:companieshouse/terraform-modules//aws/alb-metrics?ref=tags/1.0.26 |  |
+| <a name="module_internal_alb_alarms"></a> [internal\_alb\_alarms](#module\_internal\_alb\_alarms) | [email protected]:companieshouse/terraform-modules//aws/alb-cloudwatch-alarms?ref=tags/1.0.104 |  |
 | <a name="module_xmladmin_autoscaling_groups"></a> [xmladmin\_autoscaling\_groups](#module\_xmladmin\_autoscaling\_groups) | [email protected]:companieshouse/terraform-modules//aws/terraform-aws-autoscaling?ref=tags/1.0.36 |  |
+| <a name="module_xmladmin_autoscaling_groups_alarms"></a> [xmladmin\_autoscaling\_groups\_alarms](#module\_xmladmin\_autoscaling\_groups\_alarms) | [email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108 |  |
 | <a name="module_xmladmin_iam_profile"></a> [xmladmin\_iam\_profile](#module\_xmladmin\_iam\_profile) | [email protected]:companieshouse/terraform-modules//aws/instance_profile?ref=tags/1.0.59 |  |
 | <a name="module_xmloutadmin_autoscaling_groups"></a> [xmloutadmin\_autoscaling\_groups](#module\_xmloutadmin\_autoscaling\_groups) | [email protected]:companieshouse/terraform-modules//aws/terraform-aws-autoscaling?ref=tags/1.0.36 |  |
+| <a name="module_xmloutadmin_autoscaling_groups_alarms"></a> [xmloutadmin\_autoscaling\_groups\_alarms](#module\_xmloutadmin\_autoscaling\_groups\_alarms) | [email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108 |  |
 | <a name="module_xmloutadmin_iam_profile"></a> [xmloutadmin\_iam\_profile](#module\_xmloutadmin\_iam\_profile) | [email protected]:companieshouse/terraform-modules//aws/instance_profile?ref=tags/1.0.59 |  |
 
 ## Resources
@@ -97,6 +101,7 @@
 | <a name="input_cw_logs"></a> [cw\_logs](#input\_cw\_logs) | Map of log file information; used to create log groups, IAM permissions and passed to the application to configure remote logging | `map(any)` | `{}` | no |
 | <a name="input_default_log_group_retention_in_days"></a> [default\_log\_group\_retention\_in\_days](#input\_default\_log\_group\_retention\_in\_days) | Total days to retain logs in CloudWatch log group if not specified for specific logs | `number` | `14` | no |
 | <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | Top level domain dame | `string` | `"companieshouse.gov.uk"` | no |
+| <a name="input_enable_sns_topic"></a> [enable\_sns\_topic](#input\_enable\_sns\_topic) | A boolean value to alter deployment of an SNS topic for CloudWatch actions | `bool` | `false` | no |
 | <a name="input_ewfadmin_custom_logs"></a> [ewfadmin\_custom\_logs](#input\_ewfadmin\_custom\_logs) | Map of log file information for EWF Admin specifically; used to create log groups, IAM permissions and passed to the application to configure remote logging | `map(any)` | `{}` | no |
 | <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | Target group health check path | `string` | `"/"` | no |
 | <a name="input_nfs_mount_destination_parent_dir"></a> [nfs\_mount\_destination\_parent\_dir](#input\_nfs\_mount\_destination\_parent\_dir) | The parent folder that all NFS shares should be mounted inside on the EC2 instance | `string` | `"/mnt"` | no |

groups/adminsites-infrastructure/alb-internal.tf

@@ -177,13 +177,27 @@ module "adminsites_internal_alb" {
 }
 
 #--------------------------------------------
-# Internal ALB CloudWatch Merics
+# Internal ALB CloudWatch Alarms
 #--------------------------------------------
-module "internal_alb_metrics" {
-  source = "[email protected]:companieshouse/terraform-modules//aws/alb-metrics?ref=tags/1.0.26"
-
-  load_balancer_id = module.adminsites_internal_alb.this_lb_id
-  target_group_ids = module.adminsites_internal_alb.target_group_arns
-
-  depends_on = [module.adminsites_internal_alb]
-}
+module "internal_alb_alarms" {
+  source = "[email protected]:companieshouse/terraform-modules//aws/alb-cloudwatch-alarms?ref=tags/1.0.104"
+
+  alb_arn_suffix            = module.adminsites_internal_alb.this_lb_arn_suffix
+  target_group_arn_suffixes = module.adminsites_internal_alb.target_group_arn_suffixes
+
+  prefix                    = "admin-sites-"
+  response_time_threshold   = "100"
+  evaluation_periods        = "3"
+  statistic_period          = "60"
+  maximum_4xx_threshold     = "2"
+  maximum_5xx_threshold     = "2"
+  unhealthy_hosts_threshold = "1"
+
+  actions_alarm = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+  actions_ok    = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+
+  depends_on = [
+    module.cloudwatch_sns_notifications,
+    module.adminsites_internal_alb
+  ]
+}

groups/adminsites-infrastructure/autoscaling_group_ewfadmin.tf

@@ -73,3 +73,35 @@ module "ewfadmin_autoscaling_groups" {
     module.adminsites_internal_alb
   ]
 }
+
+#--------------------------------------------
+# EWF Admin CloudWatch Alarms
+#--------------------------------------------
+module "ewfadmin_autoscaling_groups_alarms" {
+  source = "[email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108"
+
+  autoscaling_group_name = module.ewfadmin_autoscaling_groups.this_autoscaling_group_name
+  prefix                 = "ewfadmin-asg-alarms"
+
+  in_service_evaluation_periods      = "3"
+  in_service_statistic_period        = "120"
+  expected_instances_in_service      = var.desired_capacity
+  in_pending_evaluation_periods      = "3"
+  in_pending_statistic_period        = "120"
+  in_standby_evaluation_periods      = "3"
+  in_standby_statistic_period        = "120"
+  in_terminating_evaluation_periods  = "3"
+  in_terminating_statistic_period    = "120"
+  total_instances_evaluation_periods = "3"
+  total_instances_statistic_period   = "120"
+  total_instances_in_service         = var.desired_capacity
+
+  actions_alarm = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+  actions_ok    = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+
+
+  depends_on = [
+    module.cloudwatch_sns_notifications,
+    module.ewfadmin_autoscaling_groups
+  ]
+}

groups/adminsites-infrastructure/autoscaling_group_xmladmin.tf

@@ -72,4 +72,36 @@ module "xmladmin_autoscaling_groups" {
   depends_on = [
     module.adminsites_internal_alb
   ]
+}
+
+#--------------------------------------------
+# XML Admin CloudWatch Alarms
+#--------------------------------------------
+module "xmladmin_autoscaling_groups_alarms" {
+  source = "[email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108"
+
+  autoscaling_group_name = module.xmladmin_autoscaling_groups.this_autoscaling_group_name
+  prefix                 = "xmladmin-asg-alarms"
+
+  in_service_evaluation_periods      = "3"
+  in_service_statistic_period        = "120"
+  expected_instances_in_service      = var.desired_capacity
+  in_pending_evaluation_periods      = "3"
+  in_pending_statistic_period        = "120"
+  in_standby_evaluation_periods      = "3"
+  in_standby_statistic_period        = "120"
+  in_terminating_evaluation_periods  = "3"
+  in_terminating_statistic_period    = "120"
+  total_instances_evaluation_periods = "3"
+  total_instances_statistic_period   = "120"
+  total_instances_in_service         = var.desired_capacity
+
+  actions_alarm = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+  actions_ok    = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+
+
+  depends_on = [
+    module.cloudwatch_sns_notifications,
+    module.xmladmin_autoscaling_groups
+  ]
 }

groups/adminsites-infrastructure/autoscaling_group_xmloutadmin.tf

@@ -72,4 +72,36 @@ module "xmloutadmin_autoscaling_groups" {
   depends_on = [
     module.adminsites_internal_alb
   ]
+}
+
+#--------------------------------------------
+# XMLout Admin CloudWatch Alarms
+#--------------------------------------------
+module "xmloutadmin_autoscaling_groups_alarms" {
+  source = "[email protected]:companieshouse/terraform-modules//aws/asg-cloudwatch-alarms?ref=tags/1.0.108"
+
+  autoscaling_group_name = module.xmloutadmin_autoscaling_groups.this_autoscaling_group_name
+  prefix                 = "xmladmin-asg-alarms"
+
+  in_service_evaluation_periods      = "3"
+  in_service_statistic_period        = "120"
+  expected_instances_in_service      = var.desired_capacity
+  in_pending_evaluation_periods      = "3"
+  in_pending_statistic_period        = "120"
+  in_standby_evaluation_periods      = "3"
+  in_standby_statistic_period        = "120"
+  in_terminating_evaluation_periods  = "3"
+  in_terminating_statistic_period    = "120"
+  total_instances_evaluation_periods = "3"
+  total_instances_statistic_period   = "120"
+  total_instances_in_service         = var.desired_capacity
+
+  actions_alarm = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+  actions_ok    = var.enable_sns_topic ? [module.cloudwatch_sns_notifications[0].sns_topic_arn] : []
+
+
+  depends_on = [
+    module.cloudwatch_sns_notifications,
+    module.xmloutadmin_autoscaling_groups
+  ]
 }

groups/adminsites-infrastructure/locals.tf

@@ -6,6 +6,7 @@ locals {
   s3_releases         = data.vault_generic_secret.s3_releases.data
   adminsites_ec2_data = data.vault_generic_secret.adminsites_ec2_data.data
 
+  sns_kms_key_id              = data.vault_generic_secret.kms_keys.data["sns"]
   logs_kms_key_id             = data.vault_generic_secret.kms_keys.data["logs"]
   ssm_kms_key_id              = data.vault_generic_secret.security_kms_keys.data["session-manager-kms-key-arn"]
   session_manager_bucket_name = data.vault_generic_secret.security_s3_buckets.data["session-manager-bucket-name"]

groups/adminsites-infrastructure/profiles/heritage-development-eu-west-2/vars

@@ -18,6 +18,8 @@ min_size = 0
 max_size = 0
 desired_capacity = 0
 
+enable_sns_topic = "false"
+
 # CVO Mounts
 nfs_server = "10.104.9.145"
 nfs_mount_destination_parent_dir = "/mnt/nfs/filings"

groups/adminsites-infrastructure/profiles/heritage-live-eu-west-2/vars

@@ -18,6 +18,8 @@ min_size = 1
 max_size = 1
 desired_capacity = 1
 
+enable_sns_topic = "true"
+
 # CVO Mounts
 nfs_server = "192.168.255.35"
 nfs_mount_destination_parent_dir = "/mnt/nfs/filings"

groups/adminsites-infrastructure/profiles/heritage-staging-eu-west-2/vars

@@ -18,6 +18,8 @@ min_size = 1
 max_size = 1
 desired_capacity = 1
 
+enable_sns_topic = "false"
+
 # CVO Mounts
 nfs_server = "192.168.255.19"
 nfs_mount_destination_parent_dir = "/mnt/nfs/filings"

groups/adminsites-infrastructure/sns.tf

@@ -0,0 +1,17 @@
+module "cloudwatch_sns_notifications" {
+  count = var.enable_sns_topic ? 1 : 0
+
+  source  = "terraform-aws-modules/sns/aws"
+  version = "3.3.0"
+
+  name_prefix       = "${var.application}-cloudwatch-"
+  display_name      = "${var.application}-cloudwatch-alarms"
+  kms_master_key_id = local.sns_kms_key_id
+
+  tags = merge(
+    local.default_tags,
+    map(
+      "ServiceTeam", "${upper(var.application)}-FE-Support"
+    )
+  )
+}