diff --git a/terraform/wifi-289708231103/tip-wifi-vpn/alerts.tf b/terraform/wifi-289708231103/tip-wifi-vpn/alerts.tf new file mode 100644 index 0000000..79243f8 --- /dev/null +++ b/terraform/wifi-289708231103/tip-wifi-vpn/alerts.tf @@ -0,0 +1,128 @@ +resource "aws_cloudwatch_metric_alarm" "vpn_state" { + for_each = { for vpn in [aws_vpn_connection.tunnel_tip_wifi_nrg, aws_vpn_connection.tunnel-perfecto] : vpn.id => vpn } + alarm_name = "vpn-state-${each.key}" + comparison_operator = "LessThanOrEqualToThreshold" + evaluation_periods = "1" + namespace = "AWS/VPN" + dimensions = { + "VpnId" = each.key + } + metric_name = "TunnelState" + period = "60" + statistic = "Maximum" + threshold = "0" + alarm_description = "VPN Tunnel State" +} + +resource "aws_cloudwatch_metric_alarm" "vpn_outgoing_data" { + for_each = { for vpn in [aws_vpn_connection.tunnel_tip_wifi_nrg, aws_vpn_connection.tunnel-perfecto] : vpn.id => vpn } + alarm_name = "vpn-outgoing-data-${each.key}" + comparison_operator = "GreaterThanThreshold" + evaluation_periods = "1" + namespace = "AWS/VPN" + dimensions = { + "VpnId" = each.key + } + metric_name = "TunnelDataOut" + period = "3600" + statistic = "Sum" + threshold = "100000000000" # 100GB + unit = "Bytes" + alarm_description = "VPN Outgoing Data" +} + +resource "aws_cloudwatch_metric_alarm" "tgw_incoming" { + alarm_name = "tgw-incoming-data-${module.tgw_main.this_ec2_transit_gateway_id}" + comparison_operator = "GreaterThanThreshold" + evaluation_periods = "1" + namespace = "AWS/TransitGateway" + dimensions = { + "TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id + } + metric_name = "BytesIn" + period = "3600" + statistic = "Sum" + threshold = "100000000000" # 100GB + unit = "Bytes" + alarm_description = "Transit Gateway Incoming Data" +} + +resource "aws_cloudwatch_metric_alarm" "tgw_outgoing_data" { + alarm_name = "tgw-outgoing-data-${module.tgw_main.this_ec2_transit_gateway_id}" + comparison_operator = "GreaterThanThreshold" + evaluation_periods = "1" + namespace = "AWS/TransitGateway" + dimensions = { + "TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id + } + metric_name = "BytesOut" + period = "3600" + statistic = "Sum" + threshold = "100000000000" # 100GB + unit = "Bytes" + alarm_description = "Transit Gateway Outgoing Data" +} + +resource "aws_cloudwatch_metric_alarm" "tgw_packet_drops" { + alarm_name = "tgw-packet-drops-${module.tgw_main.this_ec2_transit_gateway_id}" + comparison_operator = "GreaterThanThreshold" + evaluation_periods = "1" + threshold = "0" + alarm_description = "Transit Gateway Packet Drops" + + metric_query { + id = "total_drops" + expression = "pd_blackhole + pd_no_route" + label = "Total packet drops" + return_data = "true" + } + + metric_query { + id = "pd_blackhole" + metric { + namespace = "AWS/TransitGateway" + dimensions = { + "TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id + } + metric_name = "PacketDropCountBlackhole" + period = "360" + stat = "Sum" + unit = "Dropped Packets" + } + } + + metric_query { + id = "pd_no_route" + metric { + namespace = "AWS/TransitGateway" + dimensions = { + "TransitGateway" = module.tgw_main.this_ec2_transit_gateway_id + } + metric_name = "PacketDropCountNoRoute" + period = "360" + stat = "Sum" + unit = "Dropped Packets" + } + } +} + +resource "aws_sns_topic" "vpn_cloudwatch_alarms" { + name = "VPN cloudwatch alarms" +} + +resource "aws_cloudformation_stack" "atlassian_cloud_backup_email_notification" { + name = "atlassian-cloud-backup" + template_body = <