[feature/PI-550-billing] billing alert

Author: jaklinger

infrastructure/terraform/per_account/dev/main.tf

@@ -101,3 +101,16 @@ module "vpc" {
 resource "aws_route53_zone" "dev-ns" {
   name = "api.cpm.dev.national.nhs.uk"
 }
+
+module "billing-alert" {
+  source                              = "../modules/billing-alert"
+  prefix                              = "${local.project}--${terraform.workspace}"
+  metric_name                         = "EstimatedCharges"
+  metric_statistic                    = "Maximum"
+  metric_number_of_evaluation_periods = 1
+  threshold_dollars                   = 20
+  recipients                          = [] # get from secrets
+  tags = {
+    Name = "${local.project}--${replace(terraform.workspace, "_", "-")}"
+  }
+}

infrastructure/terraform/per_account/modules/billing-alert/main.tf

@@ -0,0 +1,34 @@
+resource "aws_cloudwatch_metric_alarm" "account_billing_alarm" {
+  alarm_name         = "${var.prefix}--billing-alarm--${var.threshold_dollars}--${var.metric_name}"
+  alarm_description  = "Billing Alarm of ${var.threshold_dollars} USD (${var.metric_name})"
+  namespace          = "AWS/Billing"
+  treat_missing_data = "ignore"
+  tags               = var.tags
+
+  # If statistic(metric) >= threshold in dollars then trigger topic
+  metric_name         = var.metric_name
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  threshold           = var.threshold_dollars
+  alarm_actions       = [aws_sns_topic.sns_alert_topic.arn]
+
+  # Evaluate a new statistic(metric) every 6 hours
+  period = 6 * 60 * 60 # seconds
+
+  # Calculate statistic(metric) over the specified number evaluation periods
+  statistic           = var.metric_statistic
+  evaluation_periods  = var.metric_number_of_evaluation_periods
+  datapoints_to_alarm = 1
+}
+
+
+resource "aws_sns_topic" "sns_alert_topic" {
+  name = "${var.prefix}--billing-alarm-${var.threshold_dollars}--${var.metric_name}"
+  tags = var.tags
+}
+
+resource "aws_sns_topic_subscription" "email_target" {
+  count     = length(var.recipients)
+  topic_arn = aws_sns_topic.sns_alert_topic.arn
+  protocol  = "email"
+  endpoint  = var.recipients[count.index]
+}

infrastructure/terraform/per_account/modules/billing-alert/vars.tf

@@ -0,0 +1,26 @@
+variable "prefix" {
+  type = string
+}
+
+variable "threshold_dollars" {
+  type = number
+}
+variable "recipients" {
+  type = list(string)
+}
+
+variable "metric_name" {
+  type = string
+}
+
+variable "metric_number_of_evaluation_periods" {
+  type = number
+}
+
+variable "metric_statistic" {
+  type = string
+}
+
+variable "tags" {
+
+}

scripts/infrastructure/policies/deployment2-policy.json

@@ -259,6 +259,28 @@
         "iam:ListRoles"
       ],
       "Resource": ["*"]
+    },
+    {
+      "Sid": "BillingAlertPermissions",
+      "Effect": "Allow",
+      "Action": [
+        "sns:CreateTopic",
+        "sns:TagResource",
+        "sns:SetTopicAttributes",
+        "sns:GetTopicAttributes",
+        "sns:ListTagsForResource",
+        "sns:DeleteTopic",
+        "cloudwatch:PutMetricAlarm",
+        "cloudwatch:ListTagsForResource",
+        "cloudwatch:ListMetrics",
+        "cloudwatch:DescribeAlarms",
+        "cloudwatch:DescribeAlarmsForMetric",
+        "cloudwatch:EnableAlarmActions",
+        "cloudwatch:DisableAlarmActions",
+        "cloudwatch:PutMetricAlarm",
+        "cloudwatch:TagResource"
+      ],
+      "Resource": ["*"]
     }
   ]
 }