Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: change budget alerts to alarm by forecast #1037

2 changes: 1 addition & 1 deletion 1-org/envs/shared/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
| log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `"US"` | no |
| log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br> is_locked = bool<br> retention_period_days = number<br> })</pre> | `null` | no |
| log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [1.2])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
| scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |
Expand Down
8 changes: 8 additions & 0 deletions 1-org/envs/shared/projects.tf
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ module "org_audit_logs" {
budget_alert_pubsub_topic = var.project_budget.org_audit_logs_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_audit_logs_alert_spent_percents
budget_amount = var.project_budget.org_audit_logs_budget_amount
budget_alert_spend_basis = var.project_budget.org_audit_logs_budget_alert_spend_basis
}

module "org_billing_logs" {
Expand Down Expand Up @@ -79,6 +80,7 @@ module "org_billing_logs" {
budget_alert_pubsub_topic = var.project_budget.org_billing_logs_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_billing_logs_alert_spent_percents
budget_amount = var.project_budget.org_billing_logs_budget_amount
budget_alert_spend_basis = var.project_budget.org_billing_logs_budget_alert_spend_basis
}

/******************************************
Expand Down Expand Up @@ -110,6 +112,7 @@ module "org_secrets" {
budget_alert_pubsub_topic = var.project_budget.org_secrets_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_secrets_alert_spent_percents
budget_amount = var.project_budget.org_secrets_budget_amount
budget_alert_spend_basis = var.project_budget.org_secrets_budget_alert_spend_basis
}

/******************************************
Expand Down Expand Up @@ -141,6 +144,7 @@ module "interconnect" {
budget_alert_pubsub_topic = var.project_budget.interconnect_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.interconnect_alert_spent_percents
budget_amount = var.project_budget.interconnect_budget_amount
budget_alert_spend_basis = var.project_budget.interconnect_budget_alert_spend_basis
}

/******************************************
Expand Down Expand Up @@ -172,6 +176,7 @@ module "scc_notifications" {
budget_alert_pubsub_topic = var.project_budget.scc_notifications_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.scc_notifications_alert_spent_percents
budget_amount = var.project_budget.scc_notifications_budget_amount
budget_alert_spend_basis = var.project_budget.scc_notifications_budget_alert_spend_basis
}

/******************************************
Expand Down Expand Up @@ -211,6 +216,7 @@ module "dns_hub" {
budget_alert_pubsub_topic = var.project_budget.dns_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.dns_hub_alert_spent_percents
budget_amount = var.project_budget.dns_hub_budget_amount
budget_alert_spend_basis = var.project_budget.dns_hub_budget_alert_spend_basis
}

/******************************************
Expand Down Expand Up @@ -251,6 +257,7 @@ module "base_network_hub" {
budget_alert_pubsub_topic = var.project_budget.base_net_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.base_net_hub_alert_spent_percents
budget_amount = var.project_budget.base_net_hub_budget_amount
budget_alert_spend_basis = var.project_budget.base_net_hub_budget_alert_spend_basis
}

resource "google_project_iam_member" "network_sa_base" {
Expand Down Expand Up @@ -299,6 +306,7 @@ module "restricted_network_hub" {
budget_alert_pubsub_topic = var.project_budget.restricted_net_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.restricted_net_hub_alert_spent_percents
budget_amount = var.project_budget.restricted_net_hub_budget_amount
budget_alert_spend_basis = var.project_budget.restricted_net_hub_budget_alert_spend_basis
}

resource "google_project_iam_member" "network_sa_restricted" {
Expand Down
57 changes: 33 additions & 24 deletions 1-org/envs/shared/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -115,32 +115,41 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
dns_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
base_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
interconnect_alert_pubsub_topic = optional(string, null)
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_secrets_alert_pubsub_topic = optional(string, null)
org_billing_logs_budget_amount = optional(number, 1000)
org_billing_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_billing_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_audit_logs_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
scc_notifications_alert_pubsub_topic = optional(string, null)
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [1.2])
dns_hub_alert_pubsub_topic = optional(string, null)
dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [1.2])
base_net_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [1.2])
interconnect_alert_pubsub_topic = optional(string, null)
interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [1.2])
org_secrets_alert_pubsub_topic = optional(string, null)
org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_billing_logs_budget_amount = optional(number, 1000)
org_billing_logs_alert_spent_percents = optional(list(number), [1.2])
org_billing_logs_alert_pubsub_topic = optional(string, null)
org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [1.2])
org_audit_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [1.2])
scc_notifications_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
Expand Down
2 changes: 1 addition & 1 deletion 2-environments/modules/env_baseline/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
| env | The environment to prepare (ex. development) | `string` | n/a | yes |
| environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
| monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> base_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> monitoring_budget_amount = optional(number, 1000)<br> monitoring_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> monitoring_alert_pubsub_topic = optional(string, null)<br> secret_budget_amount = optional(number, 1000)<br> secret_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> secret_alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> monitoring_budget_amount = optional(number, 1000)<br> monitoring_alert_spent_percents = optional(list(number), [1.2])<br> monitoring_alert_pubsub_topic = optional(string, null)<br> monitoring_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> secret_budget_amount = optional(number, 1000)<br> secret_alert_spent_percents = optional(list(number), [1.2])<br> secret_alert_pubsub_topic = optional(string, null)<br> secret_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |

## Outputs
Expand Down
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/monitoring.tf
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,5 @@ module "monitoring_project" {
budget_alert_pubsub_topic = var.project_budget.monitoring_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.monitoring_alert_spent_percents
budget_amount = var.project_budget.monitoring_budget_amount
budget_alert_spend_basis = var.project_budget.monitoring_budget_alert_spend_basis
}
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/networking.tf
Original file line number Diff line number Diff line change
Expand Up @@ -88,4 +88,5 @@ module "restricted_shared_vpc_host_project" {
budget_alert_pubsub_topic = var.project_budget.restricted_network_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.restricted_network_alert_spent_percents
budget_amount = var.project_budget.restricted_network_budget_amount
budget_alert_spend_basis = var.project_budget.restricted_network_budget_alert_spend_basis
}
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/secrets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -46,4 +46,5 @@ module "env_secrets" {
budget_alert_pubsub_topic = var.project_budget.secret_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.secret_alert_spent_percents
budget_amount = var.project_budget.secret_budget_amount
budget_alert_spend_basis = var.project_budget.secret_budget_alert_spend_basis
}
Loading