[feature/PI-550-billing] billing alert

Author: jaklinger

.github/workflows/_deploy.yml

@@ -73,6 +73,9 @@ jobs:
     needs: [get-branch-from-workflow-file, build]
     runs-on: [self-hosted, ci]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
       - uses: ./.github/actions/terraform/
         with:
           command: init
@@ -87,6 +90,9 @@ jobs:
     needs: [get-branch-from-workflow-file, terraform--init]
     runs-on: [self-hosted, ci]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
       - uses: ./.github/actions/terraform/
         with:
           command: plan
@@ -102,6 +108,9 @@ jobs:
     environment: ${{ inputs.account }}
     runs-on: [self-hosted, ci]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
       - uses: ./.github/actions/terraform/
         with:
           command: apply
@@ -116,6 +125,9 @@ jobs:
     needs: [get-branch-from-workflow-file, terraform--apply]
     runs-on: [self-hosted, ci]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
       - uses: ./.github/actions/make/
         if: ${{ env.SCOPE == 'per_workspace'}}
         with:
@@ -137,6 +149,9 @@ jobs:
     needs: [get-branch-from-workflow-file, apigee--deploy]
     runs-on: [self-hosted, ci]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.get-branch-from-workflow-file.outputs.branch_name }}
       - if: ${{ env.ACCOUNT != 'mgmt'}}
         uses: ./.github/actions/make/
         with:

.gitignore

@@ -85,3 +85,4 @@ cpm.cdx.json
 # test output files
 test_failure.json
 test_success_*.json
+pyrightconfig.json

infrastructure/terraform/per_account/dev/main.tf

@@ -101,3 +101,16 @@ module "vpc" {
 resource "aws_route53_zone" "dev-ns" {
   name = "api.cpm.dev.national.nhs.uk"
 }
+
+module "billing-alert" {
+  source                              = "../modules/billing-alert"
+  prefix                              = "${local.project}--${terraform.workspace}"
+  metric_name                         = "EstimatedCharges"
+  metric_statistic                    = "Maximum"
+  metric_number_of_evaluation_periods = 1
+  threshold_dollars                   = 20
+  recipients                          = [] # get from secrets
+  tags = {
+    Name = "${local.project}--${replace(terraform.workspace, "_", "-")}"
+  }
+}

infrastructure/terraform/per_account/modules/billing-alert/main.tf

@@ -0,0 +1,33 @@
+resource "aws_cloudwatch_metric_alarm" "account_billing_alarm" {
+  alarm_name        = "${var.prefix}--billing-alarm--${var.threshold_dollars}--${var.metric_name}"
+  alarm_description = "Billing Alarm of ${var.threshold_dollars} USD (${var.metric_name})"
+  namespace         = "AWS/Billing"
+  tags              = var.tags
+
+  # If statistic(metric) >= threshold in dollars then trigger topic
+  metric_name         = var.metric_name
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  threshold           = var.threshold_dollars
+  alarm_actions       = [aws_sns_topic.sns_alert_topic.arn]
+
+  # Evaluate a new statistic(metric) every 6 hours
+  period = 6 * 60 * 60 # seconds
+
+  # Calculate statistic(metric) over the specified number evaluation periods
+  statistic           = var.metric_statistic
+  evaluation_periods  = var.metric_number_of_evaluation_periods
+  datapoints_to_alarm = 1
+}
+
+
+resource "aws_sns_topic" "sns_alert_topic" {
+  name = "${var.prefix}--billing-alarm-${var.threshold_dollars}--${var.metric_name}"
+  tags = var.tags
+}
+
+resource "aws_sns_topic_subscription" "email_target" {
+  count     = length(var.recipients)
+  topic_arn = aws_sns_topic.sns_alert_topic.arn
+  protocol  = "email"
+  endpoint  = var.recipients[count.index]
+}

infrastructure/terraform/per_account/modules/billing-alert/vars.tf

@@ -0,0 +1,26 @@
+variable "prefix" {
+  type = string
+}
+
+variable "threshold_dollars" {
+  type = number
+}
+variable "recipients" {
+  type = list(string)
+}
+
+variable "metric_name" {
+  type = string
+}
+
+variable "metric_number_of_evaluation_periods" {
+  type = number
+}
+
+variable "metric_statistic" {
+  type = string
+}
+
+variable "tags" {
+
+}