Top / Microsoft Azure / Azure Monitor / Action Group

Azure Monitor Action Group

This page shows how to write Terraform and Azure Resource Manager for Monitor Action Group and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_monitor_action_group (Terraform)

The Action Group in Monitor can be configured in Terraform with the resource name azurerm_monitor_action_group. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

action-groups.tf#L1
resource "azurerm_monitor_action_group" "myag" {
  name                = var.name
  resource_group_name = var.resource_group_name
  short_name          = var.short_name
  email_receiver {
    name                    = var.addreser_name
monitor.tf#L40
resource "azurerm_monitor_action_group" "email" {
  name                = "PagoPA"
  resource_group_name = azurerm_resource_group.monitor_rg.name
  short_name          = "PagoPA"

  email_receiver {
monitor.tf#L26
resource "azurerm_monitor_action_group" "email" {
  name                = "EmailPagoPA"
  resource_group_name = data.azurerm_resource_group.monitor_rg.name
  short_name          = "EmailPagoPA"

  email_receiver {
RouteTableUpdateAlert.tf#L7
resource "azurerm_monitor_action_group" "TFAAlert" {
  name                = "example-actiongroup"
  resource_group_name = azurerm_resource_group.TFAAlert.name
  short_name          = "p0action"

  webhook_receiver {
main.tf#L1
resource "azurerm_monitor_action_group" "monitor" {
  name                = var.service_settings.name
  resource_group_name = var.context.resource_group_name
  short_name          = var.service_settings.short_name

### For sending an email on alert
11-action-group.tf#L1
resource "azurerm_monitor_action_group" "pip-action-group" {
  name                = "pip-support"
  resource_group_name = var.resource_group
  short_name          = "pip-support"

  email_receiver {
main.tf#L9
resource "azurerm_monitor_action_group" "action_group" {
  name                = var.action_group_name
  resource_group_name = data.azurerm_resource_group.rg.name
  short_name          = var.action_group_short_name

  email_receiver {
main.tf#L20
resource "azurerm_monitor_action_group" "monitor-action-grp" {
  name                = "CriticalAlertsAction"
  resource_group_name = azurerm_resource_group.main.name
  short_name          = "serviceissue"

  arm_role_receiver {
04_monitor.tf#L39
resource "azurerm_monitor_action_group" "email" {
  name                = "PagoPA"
  resource_group_name = azurerm_resource_group.monitor_rg.name
  short_name          = "PagoPA"

  email_receiver {
monitor-action-group.tf#L5
resource "azurerm_monitor_action_group" "main" {
  name                = var.name
  resource_group_name = data.azurerm_resource_group.rg.name
  short_name          = var.name

  email_receiver {

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Action Group within Azure Monitor.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Monitor Resources

In addition to the azurerm_monitor_log_profile, Azure Monitor has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_monitor_log_profile

Ensure to enable the activity retention log

It is better to enable the activity retention log to ensure that all the information required for an effective investigation is still available.

Review your Azure Monitor settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Insights/actionGroups (Azure Resource Manager)

The actionGroups in Microsoft.Insights can be configured in Azure Resource Manager with the resource name Microsoft.Insights/actionGroups. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

Microsoft.Insights.ActionGroup.tests.json#L7
        "type": "Microsoft.Insights/actionGroups",
        "apiVersion": "2017-04-01",
        "location": "Global",
        "name": "TEST Action Group - SMS only",
        "properties": {
          "groupShortName": "SMSOnly",
Microsoft.Insights.ActionGroup.tests.json#L7
        "type": "Microsoft.Insights/actionGroups",
        "apiVersion": "2017-03-01-preview",
        "location": "Global",
        "name": "TEST Action Group - SMS only",
        "properties": {
          "groupShortName": "SMSOnly",
Subscription.AlertActionGroup.json#L6
      "type": "Microsoft.Insights/actionGroups",
      "apiVersion": "2017-04-01",
      "name": "AzSKAlertActionGroup",
      "location": "Global",
      "properties": {
         "groupShortName": "AzSKAG",
3ActionGroups.json#L33
        "type": "Microsoft.Insights/actionGroups",
        "location": "global",
        "apiVersion": "2018-03-01",
        "properties": {
          "groupShortName": "Create Issue",
          "enabled": true,
template.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "actionGroups_health_notification_group_name": {

Parameters

  • apiVersion required - string
  • location required - string

    Resource location

  • name required - string

    The name of the action group.

  • properties required
      • armRoleReceivers optional array
          • name required - string

            The name of the arm role receiver. Names must be unique across all receivers within an action group.

          • roleId required - string

            The arm role id.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

      • automationRunbookReceivers optional array
          • automationAccountId required - string

            The Azure automation account Id which holds this runbook and authenticate to Azure resource.

          • isGlobalRunbook required - boolean

            Indicates whether this instance is global runbook.

          • name optional - string

            Indicates name of the webhook.

          • runbookName required - string

            The name for this runbook.

          • serviceUri optional - string

            The URI where webhooks should be sent.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

          • webhookResourceId required - string

            The resource id for webhook linked to this runbook.

      • azureAppPushReceivers optional array
          • emailAddress required - string

            The email address registered for the Azure mobile app.

          • name required - string

            The name of the Azure mobile app push receiver. Names must be unique across all receivers within an action group.

      • azureFunctionReceivers optional array
          • functionAppResourceId required - string

            The azure resource id of the function app.

          • functionName required - string

            The function name in the function app.

          • httpTriggerUrl required - string

            The http trigger url where http request sent to.

          • name required - string

            The name of the azure function receiver. Names must be unique across all receivers within an action group.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

      • emailReceivers optional array
          • emailAddress required - string

            The email address of this receiver.

          • name required - string

            The name of the email receiver. Names must be unique across all receivers within an action group.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

      • enabled required - boolean

        Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications.

      • eventHubReceivers optional array
          • eventHubName required - string

            The name of the specific Event Hub queue

          • eventHubNameSpace required - string

            The Event Hub namespace

          • name required - string

            The name of the Event hub receiver. Names must be unique across all receivers within an action group.

          • subscriptionId required - string

            The Id for the subscription containing this event hub

          • tenantId optional - string

            The tenant Id for the subscription containing this event hub

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

      • groupShortName required - string

        The short name of the action group. This will be used in SMS messages.

      • itsmReceivers optional array
          • connectionId required - string

            Unique identification of ITSM connection among multiple defined in above workspace.

          • name required - string

            The name of the Itsm receiver. Names must be unique across all receivers within an action group.

          • region required - string

            Region in which workspace resides. Supported values:'centralindia','japaneast','southeastasia','australiasoutheast','uksouth','westcentralus','canadacentral','eastus','westeurope'

          • ticketConfiguration required - string

            JSON blob for the configurations of the ITSM action. CreateMultipleWorkItems option will be part of this blob as well.

          • workspaceId required - string

            OMS LA instance identifier.

      • logicAppReceivers optional array
          • callbackUrl required - string

            The callback url where http request sent to.

          • name required - string

            The name of the logic app receiver. Names must be unique across all receivers within an action group.

          • resourceId required - string

            The azure resource id of the logic app receiver.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

      • smsReceivers optional array
          • countryCode required - string

            The country code of the SMS receiver.

          • name required - string

            The name of the SMS receiver. Names must be unique across all receivers within an action group.

          • phoneNumber required - string

            The phone number of the SMS receiver.

      • voiceReceivers optional array
          • countryCode required - string

            The country code of the voice receiver.

          • name required - string

            The name of the voice receiver. Names must be unique across all receivers within an action group.

          • phoneNumber required - string

            The phone number of the voice receiver.

      • webhookReceivers optional array
          • identifierUri optional - string

            Indicates the identifier uri for aad auth.

          • name required - string

            The name of the webhook receiver. Names must be unique across all receivers within an action group.

          • objectId optional - string

            Indicates the webhook app object Id for aad auth.

          • serviceUri required - string

            The URI where webhooks should be sent.

          • tenantId optional - string

            Indicates the tenant id for aad auth.

          • useAadAuth optional - boolean

            Indicates whether or not use AAD authentication.

          • useCommonAlertSchema optional - boolean

            Indicates whether to use common alert schema.

  • tags optional - string

    Resource tags

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Monitor Resources

Frequently asked questions

What is Azure Monitor Action Group?

Azure Monitor Action Group is a resource for Monitor of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Monitor Action Group?

For Terraform, the ukpillai89/terrform, pagopa/selfcare-infra and pagopa/io-infra source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the chironconsulting/ARM-Schema-Templates, chironconsulting/ARM-Schema-Templates and arvindsingh-cloud/azsk source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents