Merge pull request #6 from oozou/feat/support-alarm

Feat/support alarm

Author: lycbrian

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 All notable changes to this module will be documented in this file.
 
+## [v1.0.2] - 2022-12-22
+
+### Added
+
+- Add alarm.tf with default and custom elasticache alarms
+- Add following vars
+    - is_enable_default_alarms
+    - default_alarm_actions
+    - default_ok_actions
+    - custom_elasticache_alarms_configure
+
 ## [1.0.1] - 2022-05-24
 
 Here we would have the update steps for 1.0.1 for people to follow.

README.md

@@ -58,3 +58,67 @@ module "elasticache_cluster" {
   multi_az_enabled = var.multi_az_enabled
 }
 ```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.1 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_custom_elasticache_alarms"></a> [custom\_elasticache\_alarms](#module\_custom\_elasticache\_alarms) | oozou/cloudwatch-alarm/aws | 1.0.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_cloudwatch_metric_alarm.redis_cpu_alarm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_cloudwatch_metric_alarm.redis_memory_alarm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
+| [aws_elasticache_replication_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group) | resource |
+| [aws_elasticache_subnet_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
+| [aws_security_group.client](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.additional_cluster_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_additional_cluster_security_group_ingress_rules"></a> [additional\_cluster\_security\_group\_ingress\_rules](#input\_additional\_cluster\_security\_group\_ingress\_rules) | Additional ingress rule for cluster security group. | <pre>list(object({<br>    from_port                = number<br>    to_port                  = number<br>    protocol                 = string<br>    cidr_blocks              = list(string)<br>    source_security_group_id = string<br>    description              = string<br>  }))</pre> | `[]` | no |
+| <a name="input_auth_token"></a> [auth\_token](#input\_auth\_token) | Auth token for the Elasticache redis auth. Reference: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html | `string` | n/a | yes |
+| <a name="input_custom_elasticache_alarms_configure"></a> [custom\_elasticache\_alarms\_configure](#input\_custom\_elasticache\_alarms\_configure) | custom\_elasticache\_alarms\_configure = {<br>      cpu\_utilization\_too\_high = {<br>        metric\_name         = "EngineCPUUtilization"<br>        statistic           = "Average"<br>        comparison\_operator = ">="<br>        threshold           = "85"<br>        period              = "300"<br>        evaluation\_periods  = "1"<br>        alarm\_actions       = [sns\_topic\_arn]<br>        ok\_actions       = [sns\_topic\_arn]<br>      }<br>    } | `any` | `{}` | no |
+| <a name="input_default_alarm_actions"></a> [default\_alarm\_actions](#input\_default\_alarm\_actions) | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | `list(string)` | `[]` | no |
+| <a name="input_default_ok_actions"></a> [default\_ok\_actions](#input\_default\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN). | `list(string)` | `[]` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
+| <a name="input_is_enable_default_alarms"></a> [is\_enable\_default\_alarms](#input\_is\_enable\_default\_alarms) | if enable the default alarms | `bool` | `false` | no |
+| <a name="input_maintenance_window"></a> [maintenance\_window](#input\_maintenance\_window) | Snapshot Retention Limit | `string` | `"mon:00:00-mon:03:00"` | no |
+| <a name="input_multi_az_enabled"></a> [multi\_az\_enabled](#input\_multi\_az\_enabled) | Specifies whether to enable Multi-AZ Support for the replication group | `bool` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
+| <a name="input_redis_cluster_config"></a> [redis\_cluster\_config](#input\_redis\_cluster\_config) | Configuration for redis cluster | <pre>object({<br>    port           = number<br>    instance_type  = string<br>    engine_version = string<br>    node_count     = number<br>  })</pre> | n/a | yes |
+| <a name="input_snapshot_config"></a> [snapshot\_config](#input\_snapshot\_config) | (optional) Snapshot config to retain and create backup | <pre>object({<br>    snapshot_window          = string<br>    snapshot_retention_limit = number<br>  })</pre> | <pre>{<br>  "snapshot_retention_limit": 3,<br>  "snapshot_window": "03:00-05:00"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys. | `map(string)` | `{}` | no |
+| <a name="input_vpc_config"></a> [vpc\_config](#input\_vpc\_config) | VPC ID and private subnets for ElastiCache cluster | <pre>object({<br>    vpc_id          = string<br>    private_subnets = list(string)<br>  })</pre> | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_client_security_group_id"></a> [client\_security\_group\_id](#output\_client\_security\_group\_id) | Security group id for the elasticache clients. |
+| <a name="output_redis_host"></a> [redis\_host](#output\_redis\_host) | Hostname of the redis host in the replication group. |
+| <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | Security group id for the elasticache. |
+<!-- END_TF_DOCS -->

alarms.tf

@@ -0,0 +1,79 @@
+module "custom_elasticache_alarms" {
+  source  = "oozou/cloudwatch-alarm/aws"
+  version = "1.0.0"
+
+  for_each =  var.custom_elasticache_alarms_configure
+  depends_on = [aws_elasticache_replication_group.elasticache]
+
+  prefix      = var.prefix
+  environment = var.environment
+  name        = format("%s-%s-alarm", local.service_name, each.key)
+
+  alarm_description = format(
+    "%s's %s %s %s in period %ss with %s datapoint",
+    lookup(each.value, "metric_name", null),
+    lookup(each.value, "statistic", "Average"),
+    lookup(each.value, "comparison_operator", null),
+    lookup(each.value, "threshold", null),
+    lookup(each.value, "period", 600),
+    lookup(each.value, "evaluation_periods", 1)
+  )
+
+  comparison_operator = local.comparison_operators[lookup(each.value, "comparison_operator", null)]
+  evaluation_periods  = lookup(each.value, "evaluation_periods", 1)
+  metric_name         = lookup(each.value, "metric_name", null)
+  namespace           = "AWS/ElastiCache"
+  period              = lookup(each.value, "period", 600)
+  statistic           = lookup(each.value, "statistic", "Average")
+  threshold           = lookup(each.value, "threshold", null)
+
+  dimensions = {
+    CacheClusterId = aws_elasticache_replication_group.elasticache.global_replication_group_id
+  }
+
+  alarm_actions = lookup(each.value, "alarm_actions", null)
+  ok_actions = lookup(each.value, "ok_actions", null)
+
+  tags = local.tags
+}
+
+resource "aws_cloudwatch_metric_alarm" "redis_cpu_alarm" {
+  count = var.is_enable_default_alarms ? 1 : 0
+  alarm_name          = format("%s-%s-alarm", local.service_name, "redis_high_CPU")
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "CPUUtilization"
+  namespace           = "AWS/ElastiCache"
+  period              = "600"
+  statistic           = "Average"
+  threshold           = "80"
+  alarm_description   = "This alarm will trigger if the Redis cluster's cpu usage is too high"
+  alarm_actions       = var.default_alarm_actions
+  ok_actions          = var.default_ok_actions
+
+  dimensions = {
+    CacheClusterId = aws_elasticache_replication_group.elasticache.global_replication_group_id
+  }
+  depends_on = [aws_elasticache_replication_group.elasticache]
+}
+
+resource "aws_cloudwatch_metric_alarm" "redis_memory_alarm" {
+  count = var.is_enable_default_alarms ? 1 : 0
+  alarm_name          = format("%s-%s-alarm", local.service_name, "redis_high_memory")
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "DatabaseMemoryUsagePercentage"
+  namespace           = "AWS/ElastiCache"
+  period              = "600"
+  statistic           = "Average"
+  threshold           = "80"
+  alarm_description   = "This alarm will trigger if the Redis cluster's memory usage is too high"
+  alarm_actions       = var.default_alarm_actions
+  ok_actions          = var.default_ok_actions
+
+  dimensions = {
+    CacheClusterId = aws_elasticache_replication_group.elasticache.global_replication_group_id
+  }
+  depends_on = [aws_elasticache_replication_group.elasticache]
+}
+

examples/complete/example.auto.tfvars

@@ -3,3 +3,4 @@ environment = "example"
 custom_tags = {
   "Remark" = "terraform-aws-elasticache-example"
 }
+

examples/complete/main.tf

@@ -39,4 +39,17 @@ module "redis" {
   }
 
   tags = var.custom_tags
+
+  is_enable_default_alarms = true
+
+custom_elasticache_alarms_configure = {
+  cpu_utilization_too_high = {
+    metric_name         = "EngineCPUUtilization"
+    statistic           = "Average"
+    comparison_operator = ">="
+    threshold           = "85"
+    period              = "300"
+    evaluation_periods  = "1"
+  }
+}
 }

examples/complete/vpc.tf

@@ -6,7 +6,7 @@ module "vpc" {
   private_subnets              = ["10.105.60.0/22", "10.105.64.0/22", "10.105.68.0/22"]
   public_subnets               = ["10.105.0.0/24", "10.105.1.0/24", "10.105.2.0/24"]
   database_subnets             = ["10.105.20.0/23", "10.105.22.0/23", "10.105.24.0/23"]
-  availability_zone            = ["ap-southeast-1a", "ap-southeast-1b", "ap-southeast-1c"]
+  availability_zone            = ["us-east-2a", "us-east-2b", "us-east-2c"]
   is_enable_dns_hostnames      = true
   is_enable_dns_support        = true
   is_create_nat_gateway        = true

locals.tf

@@ -13,4 +13,14 @@ locals {
   automatic_failover_enabled = var.redis_cluster_config.node_count > 1
   # To enable, automatic_failover_enabled must also be enabled
   multi_az_enabled = var.multi_az_enabled == true && local.automatic_failover_enabled == true
+
+  /* -------------------------------------------------------------------------- */
+  /*                                    Alarms                                  */
+  /* -------------------------------------------------------------------------- */
+    comparison_operators = {
+      ">=" = "GreaterThanOrEqualToThreshold",
+      ">"  = "GreaterThanThreshold",
+      "<"  = "LessThanThreshold",
+      "<=" = "LessThanOrEqualToThreshold",
+    }
 }

variables.tf

@@ -84,3 +84,45 @@ variable "additional_cluster_security_group_ingress_rules" {
   description = "Additional ingress rule for cluster security group."
   default     = []
 }
+
+/* -------------------------------------------------------------------------- */
+/*                                  alarms                                    */
+/* -------------------------------------------------------------------------- */
+
+variable "is_enable_default_alarms" {
+  description = "if enable the default alarms"
+  type        = bool
+  default     = false
+}
+
+variable "default_alarm_actions" {
+  description = "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN)."
+  type        = list(string)
+  default     = []
+}
+
+variable "default_ok_actions" {
+  description = "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN)."
+  type        = list(string)
+  default     = []
+}
+
+
+variable "custom_elasticache_alarms_configure" {
+  description = <<EOF
+    custom_elasticache_alarms_configure = {
+      cpu_utilization_too_high = {
+        metric_name         = "EngineCPUUtilization"
+        statistic           = "Average"
+        comparison_operator = ">="
+        threshold           = "85"
+        period              = "300"
+        evaluation_periods  = "1"
+        alarm_actions       = [sns_topic_arn]
+        ok_actions       = [sns_topic_arn]
+      }
+    }
+  EOF
+  type        = any
+  default     = {}
+}