feat: cloudwatch alarms ok and insufficient_data state actions (#56)

Author: abhinavkumarsph

README.md

@@ -41,7 +41,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_policies"></a> [access\_policies](#input\_access\_policies) | IAM policy document specifying the access policies for the domain | `string` | `""` | no |
-| <a name="input_admin_identifiers"></a> [admin\_identifiers](#input\_admin\_identifiers) | Admin Identifiers to be allowed in the Access Policy of Opensearch Cluster | `list(string)` | <pre>[<br>  "*"<br>]</pre> | no |
+| <a name="input_admin_identifiers"></a> [admin\_identifiers](#input\_admin\_identifiers) | Admin Identifiers to be allowed in the Access Policy of Opensearch Cluster | `list(string)` | <pre>[<br/>  "*"<br/>]</pre> | no |
 | <a name="input_advanced_options"></a> [advanced\_options](#input\_advanced\_options) | Note that the values for these configuration options must be strings (wrapped in quotes) or they may be wrong and cause a perpetual diff, causing Terraform to want to recreate your OpenSearch domain on every apply. | `map(string)` | `{}` | no |
 | <a name="input_advanced_security_options_enabled"></a> [advanced\_security\_options\_enabled](#input\_advanced\_security\_options\_enabled) | Whether advanced security is enabled | `bool` | `false` | no |
 | <a name="input_alarm_actions"></a> [alarm\_actions](#input\_alarm\_actions) | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN) | `list(string)` | `[]` | no |
@@ -75,8 +75,9 @@
 | <a name="input_engine_version"></a> [engine\_version](#input\_engine\_version) | Specify the engine version for the Amazon OpenSearch Service domain | `string` | `"OpenSearch_1.3"` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | The number of dedicated hot nodes in the cluster. | `number` | `3` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The type of EC2 instances to run for each hot node. A list of available instance types can you find at https://aws.amazon.com/en/opensearch-service/pricing/#On-Demand_instance_pricing | `string` | `"t3.small.search"` | no |
+| <a name="input_insufficient_data_actions"></a> [insufficient\_data\_actions](#input\_insufficient\_data\_actions) | The list of actions to execute when this alarm transitions into an INSUFFICIENT\_DATA state from any other state | `list(string)` | `[]` | no |
 | <a name="input_internal_user_database_enabled"></a> [internal\_user\_database\_enabled](#input\_internal\_user\_database\_enabled) | Whether the internal user database is enabled | `bool` | `false` | no |
-| <a name="input_log_publishing_options"></a> [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. | <pre>map(object({<br>    enabled                  = optional(bool, true)<br>    cloudwatch_log_group_arn = optional(string, "")<br>  }))</pre> | <pre>{<br>  "audit_logs": {<br>    "enabled": false<br>  },<br>  "index_slow_logs": {<br>    "enabled": true<br>  }<br>}</pre> | no |
+| <a name="input_log_publishing_options"></a> [log\_publishing\_options](#input\_log\_publishing\_options) | Configuration block for publishing slow and application logs to CloudWatch Logs. | <pre>map(object({<br/>    enabled                  = optional(bool, true)<br/>    cloudwatch_log_group_arn = optional(string, "")<br/>  }))</pre> | <pre>{<br/>  "audit_logs": {<br/>    "enabled": false<br/>  },<br/>  "index_slow_logs": {<br/>    "enabled": true<br/>  }<br/>}</pre> | no |
 | <a name="input_maintenance_schedule"></a> [maintenance\_schedule](#input\_maintenance\_schedule) | configuration for auto tune maintenance schedule | `map(any)` | `{}` | no |
 | <a name="input_master_instance_count"></a> [master\_instance\_count](#input\_master\_instance\_count) | The number of dedicated master nodes in the cluster. | `number` | `3` | no |
 | <a name="input_master_instance_enabled"></a> [master\_instance\_enabled](#input\_master\_instance\_enabled) | Indicates whether dedicated master nodes are enabled for the cluster. | `bool` | `true` | no |
@@ -85,7 +86,8 @@
 | <a name="input_master_user_name"></a> [master\_user\_name](#input\_master\_user\_name) | Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database | `string` | `""` | no |
 | <a name="input_master_user_password"></a> [master\_user\_password](#input\_master\_user\_password) | Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database | `string` | `""` | no |
 | <a name="input_node_to_node_encryption_enabled"></a> [node\_to\_node\_encryption\_enabled](#input\_node\_to\_node\_encryption\_enabled) | Enable node-to-node encryption. | `bool` | `true` | no |
-| <a name="input_off_peak_window_options"></a> [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration for off peak window | `map(any)` | <pre>{<br>  "hours": 14,<br>  "minutes": 0<br>}</pre> | no |
+| <a name="input_off_peak_window_options"></a> [off\_peak\_window\_options](#input\_off\_peak\_window\_options) | Configuration for off peak window | `map(any)` | <pre>{<br/>  "hours": 14,<br/>  "minutes": 0<br/>}</pre> | no |
+| <a name="input_ok_actions"></a> [ok\_actions](#input\_ok\_actions) | The list of actions to execute when this alarm transitions into an OK state from any other state | `list(string)` | `[]` | no |
 | <a name="input_rollback_on_disable"></a> [rollback\_on\_disable](#input\_rollback\_on\_disable) | whether to roll back auto tune if auto tune is disabled | `string` | `"NO_ROLLBACK"` | no |
 | <a name="input_saml_enabled"></a> [saml\_enabled](#input\_saml\_enabled) | Whether SAML authentication is enabled | `bool` | `false` | no |
 | <a name="input_saml_entity_id"></a> [saml\_entity\_id](#input\_saml\_entity\_id) | The unique Entity ID of the application in SAML Identity Provider. | `string` | `""` | no |

alarms.tf

@@ -20,7 +20,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     cluster_status_yellow = {
@@ -40,7 +42,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     cluster_writes_blocked = {
@@ -60,7 +64,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     unreachable_nodes = {
@@ -80,7 +86,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
     # /cluster status
 
@@ -103,7 +111,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     master_high_cpu_utilization = {
@@ -124,7 +134,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     warm_high_cpu_utilization = {
@@ -146,7 +158,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
     # /cpuutilization
 
@@ -169,7 +183,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     data_high_oldjvm_pressure = {
@@ -190,7 +206,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     master_high_jvm_pressure = {
@@ -211,7 +229,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     master_high_oldjvm_pressure = {
@@ -232,7 +252,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
     # /jvmpressure
 
@@ -256,7 +278,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     aos_key_inaccessible = {
@@ -278,7 +302,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     # 5xx errors
@@ -299,7 +325,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     # threadpool
@@ -320,7 +348,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     threadpool_high_search_avg = {
@@ -340,7 +370,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     threadpool_high_search_max = {
@@ -360,7 +392,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
 
     # Migrations
@@ -382,7 +416,9 @@ locals {
       dimensions = {
         DomainName = aws_opensearch_domain.this.domain_name
       }
-      alarm_actions = var.alarm_actions
+      alarm_actions             = var.alarm_actions
+      ok_actions                = var.ok_actions
+      insufficient_data_actions = var.insufficient_data_actions
     }
   }
 

variables.tf

@@ -413,16 +413,28 @@ variable "cloudwatch_log_group_retention_days" {
 ############
 ## Alerts ##
 ############
+variable "create_alarms" {
+  description = "Whether to create default set of alarms"
+  type        = bool
+  default     = true
+}
+
 variable "alarm_actions" {
   description = "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN)"
   type        = list(string)
   default     = []
 }
 
-variable "create_alarms" {
-  description = "Whether to create default set of alarms"
-  type        = bool
-  default     = true
+variable "ok_actions" {
+  description = "The list of actions to execute when this alarm transitions into an OK state from any other state"
+  type        = list(string)
+  default     = []
+}
+
+variable "insufficient_data_actions" {
+  description = "The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state"
+  type        = list(string)
+  default     = []
 }
 
 variable "alarm_overrides" {