Add function app 4xx and 5xx alerting (#250)

Author: rfk-nc

infrastructure/modules/function-app/alerts.tf

@@ -0,0 +1,61 @@
+# 4xx Error Alert for Azure Function App - these are client errors, usually invalid requests (400) or authentication issues (401, 403)
+resource "azurerm_monitor_metric_alert" "function_4xx" {
+  count = var.enable_alerting == true ? 1 : 0
+
+  name                = "${azurerm_linux_function_app.function_app.name}-4xx-errors"
+  resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name
+  scopes              = [azurerm_linux_function_app.function_app.id]  # Point to your function app
+  description         = "Action will be triggered when 4xx errors exceed ${var.alert_4xx_threshold}"
+  window_size         = var.alert_window_size
+  frequency           = local.alert_frequency
+  severity            = 2 # Warning
+
+  criteria {
+    metric_namespace = "Microsoft.Web/sites"
+    metric_name      = "Http4xx"
+    aggregation      = "Total"  # Count total 4xx errors
+    operator         = "GreaterThan"
+    threshold        = var.alert_4xx_threshold
+  }
+
+  action {
+    action_group_id = var.action_group_id
+  }
+
+  lifecycle {
+    ignore_changes = [
+      tags
+    ]
+  }
+}
+
+# 5xx error alert - these are server errors and more serious than 4xx errors
+resource "azurerm_monitor_metric_alert" "function_5xx" {
+  count = var.enable_alerting == true ? 1 : 0
+
+  name                = "${azurerm_linux_function_app.function_app.name}-5xx-errors"
+  resource_group_name = var.resource_group_name_monitoring != null ? var.resource_group_name_monitoring : var.resource_group_name
+  scopes              = [azurerm_linux_function_app.function_app.id]  # Point to your function app
+  description         = "Action will be triggered when 5xx errors exceed ${var.alert_5xx_threshold}"
+  window_size         = var.alert_window_size
+  frequency           = local.alert_frequency
+  severity            = 2 # Warning
+
+  criteria {
+    metric_namespace = "Microsoft.Web/sites"
+    metric_name      = "Http5xx"
+    aggregation      = "Total"  # Count total 5xx errors
+    operator         = "GreaterThan"
+    threshold        = var.alert_5xx_threshold
+  }
+
+  action {
+    action_group_id = var.action_group_id
+  }
+
+  lifecycle {
+    ignore_changes = [
+      tags
+    ]
+  }
+}

infrastructure/modules/function-app/variables.tf

@@ -161,11 +161,6 @@ variable "location" {
   description = "The location/region where the Function App is created."
 }
 
-variable "log_analytics_workspace_id" {
-  type        = string
-  description = "id of the log analytics workspace to send resource logging to via diagnostic settings"
-}
-
 variable "minimum_tls_version" {
   type    = string
   default = "1.2" # Possible versions: TLS1.0", "TLS1.1", "TLS1.2
@@ -182,16 +177,6 @@ variable "http2_enabled" {
   default     = false
 }
 
-variable "monitor_diagnostic_setting_function_app_enabled_logs" {
-  type        = list(string)
-  description = "Controls what logs will be enabled for the function app"
-}
-
-variable "monitor_diagnostic_setting_function_app_metrics" {
-  type        = list(string)
-  description = "Controls what metrics will be enabled for the function app"
-}
-
 variable "private_endpoint_properties" {
   description = "Consolidated properties for the Function App Private Endpoint."
   type = object({
@@ -277,3 +262,82 @@ variable "worker_32bit" {
   type        = bool
   description = "Should the Windows Function App use a 32-bit worker process. Defaults to true"
 }
+
+
+/* --------------------------------------------------------------------------------------------------
+  Monitoring and Diagnostics Variables
+-------------------------------------------------------------------------------------------------- */
+
+variable "resource_group_name_monitoring" {
+  type        = string
+  description = "The name of the resource group in which to create the Monitoring resources for the App Service Plan. Changing this forces a new resource to be created."
+  default     = null
+}
+
+variable "action_group_id" {
+  type        = string
+  description = "The ID of the Action Group to use for alerts."
+  default     = null
+}
+
+variable "alert_4xx_threshold" {
+  type        = number
+  description = "The threshold for 4xx errors to trigger the alert."
+  default     = 10
+}
+
+variable "alert_5xx_threshold" {
+  type        = number
+  description = "The threshold for 4xx errors to trigger the alert."
+  default     = 10
+}
+
+variable "alert_window_size" {
+  type     = string
+  nullable = false
+  default  = "PT5M"
+  validation {
+    condition     = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size)
+    error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H"
+  }
+  description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly."
+}
+
+variable "enable_alerting" {
+  description = "Whether monitoring and alerting is enabled for the App Service Plan."
+  type        = bool
+  default     = false
+}
+
+variable "log_analytics_workspace_id" {
+  type        = string
+  description = "id of the log analytics workspace to send resource logging to via diagnostic settings"
+}
+
+variable "monitor_diagnostic_setting_function_app_enabled_logs" {
+  type        = list(string)
+  description = "Controls what logs will be enabled for the function app"
+}
+
+variable "monitor_diagnostic_setting_function_app_metrics" {
+  type        = list(string)
+  description = "Controls what metrics will be enabled for the function app"
+}
+
+variable "severity" {
+  type        = number
+  description = "Severity of the alert. 0 = Critical, 1 = Error, 2 = Warning, 3 = Informational, 4 = Verbose. Default is 3."
+  default     = 3
+}
+
+locals {
+  alert_frequency_map = {
+    PT5M  = "PT1M"
+    PT15M = "PT1M"
+    PT30M = "PT1M"
+    PT1H  = "PT1M"
+    PT6H  = "PT5M"
+    PT12H = "PT5M"
+  }
+  alert_frequency = local.alert_frequency_map[var.alert_window_size]
+}