search

cds-snc / forms-terraform

Infrastructure as Code for the GC Forms environment
MIT License
16 stars 7 forks source link

fix: remove OK actions from critical alarms #819

Closed patheard closed 2 months ago

patheard commented 2 months ago

Summary

Remove the ok_action from the HealthyHostCount critical alarms. The notify Slack function currently treats the SEV1 string as an indicator that an OpsGenie page should occur.

⚠️ Note that I've pre-emptively removed the ok_action from the API and IdP alarms since they will become SEV1 alarms once they go to prod.

Related

github-actions[bot] commented 2 months ago

⚠ Terrform update available

Terraform: 1.9.5 (using 1.9.2)
Terragrunt: 0.67.4 (using 0.63.2)
github-actions[bot] commented 2 months ago

Staging: alarms

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 4 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|------------------------------------------------------------------| | update | `aws_cloudwatch_metric_alarm.ELB_healthy_hosts` | | | `aws_cloudwatch_metric_alarm.api_lb_healthy_host_count[0]` | | | `aws_cloudwatch_metric_alarm.idb_lb_healthy_host_count["HTTP1"]` | | | `aws_cloudwatch_metric_alarm.idb_lb_healthy_host_count["HTTP2"]` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_cloudwatch_metric_alarm.ELB_healthy_hosts will be updated in-place ~ resource "aws_cloudwatch_metric_alarm" "ELB_healthy_hosts" { id = "App-HealthyHostCount-SEV1" ~ ok_actions = [ - "arn:aws:sns:ca-central-1:687401027353:alert-ok", ] tags = {} # (21 unchanged attributes hidden) # (3 unchanged blocks hidden) } # aws_cloudwatch_metric_alarm.api_lb_healthy_host_count[0] will be updated in-place ~ resource "aws_cloudwatch_metric_alarm" "api_lb_healthy_host_count" { id = "API-HealthyHostCount" ~ ok_actions = [ - "arn:aws:sns:ca-central-1:687401027353:alert-ok", ] tags = {} # (21 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idb_lb_healthy_host_count["HTTP1"] will be updated in-place ~ resource "aws_cloudwatch_metric_alarm" "idb_lb_healthy_host_count" { id = "IdP-HealthyHostCount-HTTP1" ~ ok_actions = [ - "arn:aws:sns:ca-central-1:687401027353:alert-ok", ] tags = {} # (21 unchanged attributes hidden) } # aws_cloudwatch_metric_alarm.idb_lb_healthy_host_count["HTTP2"] will be updated in-place ~ resource "aws_cloudwatch_metric_alarm" "idb_lb_healthy_host_count" { id = "IdP-HealthyHostCount-HTTP2" ~ ok_actions = [ - "arn:aws:sns:ca-central-1:687401027353:alert-ok", ] tags = {} # (21 unchanged attributes hidden) } Plan: 0 to add, 4 to change, 0 to destroy. Warning: Argument is deprecated with module.athena_bucket.aws_s3_bucket.this, on .terraform/modules/athena_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_server_side_encryption_configuration resource instead (and 3 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_athena_data_catalog.dynamodb"] WARN - plan.json - main - Missing Common Tags: ["aws_athena_data_catalog.rds_data_catalog"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.codedeploy_sns"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notify_slack"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_5xx_error_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ELB_healthy_hosts"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup1"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.UnHealthyHostCount-TargetGroup2"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.alb_ddos"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_cpu_utilization_high_warn[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_lb_healthy_host_count[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_lb_unhealthy_host_count[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_memory_utilization_high_warn[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.api_response_time_warn[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.audit_log_dead_letter_queue_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_login_outside_canada_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.cognito_signin_exceeded"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_forms_warn"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.ddos_detected_route53_warn[0]"] WARN - plan.json - main - Missing Common Tags:... ```