DTOSS-11103: Create alerts for the postgres db

A PR to setup technical tools and alerting to allow us to monitor our live infrastructure.
This PR is to alert on the Postgres database on Azure (not the container version)

Author: mrlockstar

infrastructure/environments/preprod/variables.tfvars

@@ -1,3 +1,4 @@
+alert_window_size                     = "PT15M"
 api_oauth_token_url                   = "https://int.api.service.nhs.uk/oauth2/token"
 dns_zone_name                         = "manage-breast-screening.screening.nhs.uk"
 enable_auth                           = false
@@ -11,3 +12,5 @@ vnet_address_space                    = "10.10.0.0/16"
 nhs_notify_api_message_batch_url      = "https://int.api.service.nhs.uk/comms/v1/message-batches"
 seed_demo_data                        = false
 allowed_paths                         = ["/notifications/message-status/create"]
+enable_monitoring                     = true
+monitoring_email_address              = "[email protected]"

infrastructure/modules/container-apps/postgres.tf

@@ -45,6 +45,11 @@ module "postgres" {
     private_service_connection_is_manual = false
   }
 
+  # alerts
+  action_group_id   = var.action_group_id
+  enable_monitoring = var.enable_monitoring
+
+
   databases = {
     db1 = {
       collation   = "en_US.utf8"

infrastructure/modules/container-apps/variables.tf

@@ -145,6 +145,27 @@ variable "use_apex_domain" {
   type        = bool
 }
 
+variable "enable_monitoring" {
+  description = "Whether monitoring and alerting is enabled for the PostgreSQL Flexible Server."
+  type        = bool
+}
+
+
+variable "alert_window_size" {
+  type     = string
+  nullable = false
+  validation {
+    condition     = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size)
+    error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H"
+  }
+  description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly."
+}
+
+variable "action_group_id" {
+  type        = string
+  description = "ID of the action group to notify."
+}
+
 
 locals {
   resource_group_name = "rg-${var.app_short_name}-${var.environment}-container-app-uks"
@@ -162,8 +183,8 @@ locals {
   common_env = merge(
     local.env_vars_from_yaml,
     {
-      SSL_MODE         = "require"
-      DJANGO_ENV       = var.env_config
+      SSL_MODE   = "require"
+      DJANGO_ENV = var.env_config
     }
   )
 

infrastructure/modules/infra/monitor_action_group.tf

@@ -1,27 +1,14 @@
 module "monitor_action_group" {
-  for_each = local.monitor_action_group_map
-
   source = "../dtos-devops-templates/infrastructure/modules/monitor-action-group"
 
   name                = module.shared_config.names.monitor-action-group
   resource_group_name = azurerm_resource_group.main.name
   location            = var.region
-  short_name          = each.value.short_name
-  email_receiver      = each.value.email_receiver
-  event_hub_receiver  = each.value.event_hub_receiver
-  sms_receiver        = each.value.sms_receiver
-  voice_receiver      = each.value.voice_receiver
-  webhook_receiver    = each.value.webhook_receiver
-}
-
-locals {
-  monitor_action_group_map = {
-    for action_group_key, action_group_details in var.monitor_action_group :
-    action_group_key => merge(
-      {
-        action_group_key = action_group_key
-      },
-      action_group_details
-    )
+  short_name          = "ag-${var.environment}"
+  email_receiver = {
+    email = {
+      name          = "email"
+      email_address = var.monitoring_email_address
+    }
   }
 }

infrastructure/modules/infra/output.tf

@@ -25,3 +25,7 @@ output "postgres_subnet_id" {
 output "main_subnet_id" {
   value = module.main_subnet.id
 }
+
+output "monitor_action_group_id" {
+  value = module.monitor_action_group.monitor_action_group.id
+}

infrastructure/modules/infra/variables.tf

@@ -34,38 +34,9 @@ variable "protect_keyvault" {
   default     = true
 }
 
-variable "monitor_action_group" {
-  description = "Default configuration for the monitor action groups."
-  type = map(object({
-    short_name = string
-    email_receiver = optional(map(object({
-      name                    = string
-      email_address           = string
-      use_common_alert_schema = optional(bool, false)
-    })))
-    event_hub_receiver = optional(map(object({
-      name                    = string
-      event_hub_namespace     = string
-      event_hub_name          = string
-      subscription_id         = string
-      use_common_alert_schema = optional(bool, false)
-    })))
-    sms_receiver = optional(map(object({
-      name         = string
-      country_code = string
-      phone_number = string
-    })))
-    voice_receiver = optional(map(object({
-      name         = string
-      country_code = string
-      phone_number = string
-    })))
-    webhook_receiver = optional(map(object({
-      name                    = string
-      service_uri             = string
-      use_common_alert_schema = optional(bool, false)
-    })))
-  }))
+variable "monitoring_email_address" {
+  description = "monitoring email address"
+  type        = string
 }
 
 locals {

infrastructure/terraform/data.tf

@@ -35,3 +35,10 @@ data "azurerm_subnet" "main" {
   virtual_network_name = module.shared_config.names.virtual-network-lowercase
   resource_group_name  = local.resource_group_name
 }
+
+data "azurerm_monitor_action_group" "main" {
+  count = var.deploy_infra ? 0 : 1
+
+  name                = module.shared_config.names.monitor-action-group
+  resource_group_name = local.resource_group_name
+}

infrastructure/terraform/main.tf

@@ -8,13 +8,14 @@ module "infra" {
     azurerm.hub = azurerm.hub
   }
 
-  region              = local.region
-  resource_group_name = local.resource_group_name
-  app_short_name      = var.app_short_name
-  environment         = var.env_config
-  hub                 = var.hub
-  protect_keyvault    = var.protect_keyvault
-  vnet_address_space  = var.vnet_address_space
+  monitoring_email_address = var.monitoring_email_address
+  region                   = local.region
+  resource_group_name      = local.resource_group_name
+  app_short_name           = var.app_short_name
+  environment              = var.env_config
+  hub                      = var.hub
+  protect_keyvault         = var.protect_keyvault
+  vnet_address_space       = var.vnet_address_space
 }
 
 module "shared_config" {
@@ -36,6 +37,9 @@ module "container-apps" {
   }
 
   region                                = local.region
+  action_group_id                       = var.deploy_infra ? module.infra[0].monitor_action_group_id : data.azurerm_monitor_action_group.main[0].id
+  alert_window_size                     = var.alert_window_size
+  enable_monitoring                     = var.enable_monitoring
   app_key_vault_id                      = var.deploy_infra ? module.infra[0].app_key_vault_id : data.azurerm_key_vault.app_key_vault[0].id
   app_short_name                        = var.app_short_name
   allowed_paths                         = var.allowed_paths

infrastructure/terraform/variables.tf

@@ -89,11 +89,13 @@ variable "postgres_sku_name" {
   default     = "B_Standard_B1ms"
   type        = string
 }
+
 variable "postgres_storage_mb" {
   description = "Value of the PostgreSQL Flexible Server storage in MB"
   default     = 32768
   type        = number
 }
+
 variable "postgres_storage_tier" {
   description = "Value of the PostgreSQL Flexible Server storage tier"
   default     = "P4"
@@ -128,6 +130,29 @@ variable "seed_demo_data" {
   default     = false
 }
 
+variable "alert_window_size" {
+  type     = string
+  nullable = false
+  default  = "PT5M"
+  validation {
+    condition     = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size)
+    error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H"
+  }
+  description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly."
+}
+
+variable "enable_monitoring" {
+  description = "Whether monitoring and alerting is enabled for the PostgreSQL Flexible Server."
+  type        = bool
+  default     = false
+}
+
+variable "monitoring_email_address" {
+  description = "monitoring email address"
+  type        = string
+  default     = null
+}
+
 locals {
   region = "uksouth"