Azure Monitor Action Group
This page shows how to write Terraform and Azure Resource Manager for Monitor Action Group and write them securely.
azurerm_monitor_action_group (Terraform)
The Action Group in Monitor can be configured in Terraform with the resource name azurerm_monitor_action_group
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_monitor_action_group" "myag" {
name = var.name
resource_group_name = var.resource_group_name
short_name = var.short_name
email_receiver {
name = var.addreser_name
resource "azurerm_monitor_action_group" "email" {
name = "PagoPA"
resource_group_name = azurerm_resource_group.monitor_rg.name
short_name = "PagoPA"
email_receiver {
resource "azurerm_monitor_action_group" "email" {
name = "EmailPagoPA"
resource_group_name = data.azurerm_resource_group.monitor_rg.name
short_name = "EmailPagoPA"
email_receiver {
resource "azurerm_monitor_action_group" "TFAAlert" {
name = "example-actiongroup"
resource_group_name = azurerm_resource_group.TFAAlert.name
short_name = "p0action"
webhook_receiver {
resource "azurerm_monitor_action_group" "monitor" {
name = var.service_settings.name
resource_group_name = var.context.resource_group_name
short_name = var.service_settings.short_name
### For sending an email on alert
resource "azurerm_monitor_action_group" "pip-action-group" {
name = "pip-support"
resource_group_name = var.resource_group
short_name = "pip-support"
email_receiver {
resource "azurerm_monitor_action_group" "action_group" {
name = var.action_group_name
resource_group_name = data.azurerm_resource_group.rg.name
short_name = var.action_group_short_name
email_receiver {
resource "azurerm_monitor_action_group" "monitor-action-grp" {
name = "CriticalAlertsAction"
resource_group_name = azurerm_resource_group.main.name
short_name = "serviceissue"
arm_role_receiver {
resource "azurerm_monitor_action_group" "email" {
name = "PagoPA"
resource_group_name = azurerm_resource_group.monitor_rg.name
short_name = "PagoPA"
email_receiver {
resource "azurerm_monitor_action_group" "main" {
name = var.name
resource_group_name = data.azurerm_resource_group.rg.name
short_name = var.name
email_receiver {
Parameters
-
enabled
optional - bool -
id
optional computed - string -
name
required - string -
resource_group_name
required - string -
short_name
required - string -
tags
optional - map from string to string -
arm_role_receiver
list block-
name
required - string -
role_id
required - string -
use_common_alert_schema
optional - bool
-
-
automation_runbook_receiver
list block-
automation_account_id
required - string -
is_global_runbook
required - bool -
name
required - string -
runbook_name
required - string -
service_uri
required - string -
use_common_alert_schema
optional - bool -
webhook_resource_id
required - string
-
-
azure_app_push_receiver
list block-
email_address
required - string -
name
required - string
-
-
azure_function_receiver
list block-
function_app_resource_id
required - string -
function_name
required - string -
http_trigger_url
required - string -
name
required - string -
use_common_alert_schema
optional - bool
-
-
email_receiver
list block-
email_address
required - string -
name
required - string -
use_common_alert_schema
optional - bool
-
-
itsm_receiver
list block-
connection_id
required - string -
name
required - string -
region
required - string -
ticket_configuration
required - string -
workspace_id
required - string
-
-
logic_app_receiver
list block-
callback_url
required - string -
name
required - string -
resource_id
required - string -
use_common_alert_schema
optional - bool
-
-
sms_receiver
list block-
country_code
required - string -
name
required - string -
phone_number
required - string
-
-
timeouts
single block -
voice_receiver
list block-
country_code
required - string -
name
required - string -
phone_number
required - string
-
-
webhook_receiver
list block-
name
required - string -
service_uri
required - string -
use_common_alert_schema
optional - bool -
aad_auth
list block-
identifier_uri
optional computed - string -
object_id
required - string -
tenant_id
optional computed - string
-
-
Explanation in Terraform Registry
Manages an Action Group within Azure Monitor.
Tips: Best Practices for The Other Azure Monitor Resources
In addition to the azurerm_monitor_log_profile, Azure Monitor has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_monitor_log_profile
Ensure to enable the activity retention log
It is better to enable the activity retention log to ensure that all the information required for an effective investigation is still available.
Microsoft.Insights/actionGroups (Azure Resource Manager)
The actionGroups in Microsoft.Insights can be configured in Azure Resource Manager with the resource name Microsoft.Insights/actionGroups
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2017-04-01",
"location": "Global",
"name": "TEST Action Group - SMS only",
"properties": {
"groupShortName": "SMSOnly",
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2017-03-01-preview",
"location": "Global",
"name": "TEST Action Group - SMS only",
"properties": {
"groupShortName": "SMSOnly",
"type": "Microsoft.Insights/actionGroups",
"apiVersion": "2017-04-01",
"name": "AzSKAlertActionGroup",
"location": "Global",
"properties": {
"groupShortName": "AzSKAG",
"type": "Microsoft.Insights/actionGroups",
"location": "global",
"apiVersion": "2018-03-01",
"properties": {
"groupShortName": "Create Issue",
"enabled": true,
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroups_health_notification_group_name": {
Parameters
apiVersion
required - stringlocation
required - stringResource location
name
required - stringThe name of the action group.
properties
requiredarmRoleReceivers
optional arrayname
required - stringThe name of the arm role receiver. Names must be unique across all receivers within an action group.
roleId
required - stringThe arm role id.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
automationRunbookReceivers
optional arrayautomationAccountId
required - stringThe Azure automation account Id which holds this runbook and authenticate to Azure resource.
isGlobalRunbook
required - booleanIndicates whether this instance is global runbook.
name
optional - stringIndicates name of the webhook.
runbookName
required - stringThe name for this runbook.
serviceUri
optional - stringThe URI where webhooks should be sent.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
webhookResourceId
required - stringThe resource id for webhook linked to this runbook.
azureAppPushReceivers
optional arrayemailAddress
required - stringThe email address registered for the Azure mobile app.
name
required - stringThe name of the Azure mobile app push receiver. Names must be unique across all receivers within an action group.
azureFunctionReceivers
optional arrayfunctionAppResourceId
required - stringThe azure resource id of the function app.
functionName
required - stringThe function name in the function app.
httpTriggerUrl
required - stringThe http trigger url where http request sent to.
name
required - stringThe name of the azure function receiver. Names must be unique across all receivers within an action group.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
emailReceivers
optional arrayemailAddress
required - stringThe email address of this receiver.
name
required - stringThe name of the email receiver. Names must be unique across all receivers within an action group.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
enabled
required - booleanIndicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications.
eventHubReceivers
optional arrayeventHubName
required - stringThe name of the specific Event Hub queue
eventHubNameSpace
required - stringThe Event Hub namespace
name
required - stringThe name of the Event hub receiver. Names must be unique across all receivers within an action group.
subscriptionId
required - stringThe Id for the subscription containing this event hub
tenantId
optional - stringThe tenant Id for the subscription containing this event hub
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
groupShortName
required - stringThe short name of the action group. This will be used in SMS messages.
itsmReceivers
optional arrayconnectionId
required - stringUnique identification of ITSM connection among multiple defined in above workspace.
name
required - stringThe name of the Itsm receiver. Names must be unique across all receivers within an action group.
region
required - stringRegion in which workspace resides. Supported values:'centralindia','japaneast','southeastasia','australiasoutheast','uksouth','westcentralus','canadacentral','eastus','westeurope'
ticketConfiguration
required - stringJSON blob for the configurations of the ITSM action. CreateMultipleWorkItems option will be part of this blob as well.
workspaceId
required - stringOMS LA instance identifier.
logicAppReceivers
optional arraycallbackUrl
required - stringThe callback url where http request sent to.
name
required - stringThe name of the logic app receiver. Names must be unique across all receivers within an action group.
resourceId
required - stringThe azure resource id of the logic app receiver.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
smsReceivers
optional arraycountryCode
required - stringThe country code of the SMS receiver.
name
required - stringThe name of the SMS receiver. Names must be unique across all receivers within an action group.
phoneNumber
required - stringThe phone number of the SMS receiver.
voiceReceivers
optional arraycountryCode
required - stringThe country code of the voice receiver.
name
required - stringThe name of the voice receiver. Names must be unique across all receivers within an action group.
phoneNumber
required - stringThe phone number of the voice receiver.
webhookReceivers
optional arrayidentifierUri
optional - stringIndicates the identifier uri for aad auth.
name
required - stringThe name of the webhook receiver. Names must be unique across all receivers within an action group.
objectId
optional - stringIndicates the webhook app object Id for aad auth.
serviceUri
required - stringThe URI where webhooks should be sent.
tenantId
optional - stringIndicates the tenant id for aad auth.
useAadAuth
optional - booleanIndicates whether or not use AAD authentication.
useCommonAlertSchema
optional - booleanIndicates whether to use common alert schema.
tags
optional - stringResource tags
type
required - string
Frequently asked questions
What is Azure Monitor Action Group?
Azure Monitor Action Group is a resource for Monitor of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Monitor Action Group?
For Terraform, the ukpillai89/terrform, pagopa/selfcare-infra and pagopa/io-infra source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the chironconsulting/ARM-Schema-Templates, chironconsulting/ARM-Schema-Templates and arvindsingh-cloud/azsk source code examples are useful. See the Azure Resource Manager Example section for further details.