1. Monitoring multiple subscriptions with cross-subscription Activity Log Alerts

    TypeScript

    To monitor multiple subscriptions with cross-subscription Activity Log Alerts in Azure, you can use the azure-native.insights.ActivityLogAlert resource offered by Pulumi. This resource permits you to create an Activity Log Alert that monitors the activity logs of all the subscriptions provided in the scopes property.

    Activity Log Alerts are Azure resource manager resources that allow you to get a notification when new events occur that match a given condition. You can send these notifications to an Azure Monitor Action Group, which can execute various actions such as sending an email, SMS, calling a webhook, or integrating with ITSM tools.

    First, you need to define an Azure Monitor Action Group with the necessary actions. Then you create the Activity Log Alert, referencing the Action Group and specifying the conditions for the alerts, plus the scopes property with the list of all the Azure subscription IDs you want to monitor.

    Let's walk through a TypeScript program that sets up cross-subscription Activity Log Alerts with Pulumi.

    import * as insights from "@pulumi/azure-native/insights"; import * as resources from "@pulumi/azure-native/resources"; // Create a resource group const resourceGroup = new resources.ResourceGroup("myResourceGroup"); // Create an action group where alerts will be sent. This is where you specify the action type like email, SMS, etc. const actionGroup = new insights.ActionGroup("myActionGroup", { resourceGroupName: resourceGroup.name, groupShortName: "myactions", enabled: true, // Add Email/SMS/Push/Voice/Webhook receivers as per your need emailReceivers: [ { emailAddress: "alert-email@example.com", name: "sendToAdmin", useCommonAlertSchema: true, }, ], }); // Create an Activity Log Alert for monitoring multiple subscriptions const activityLogAlert = new insights.ActivityLogAlert("myActivityLogAlert", { resourceGroupName: resourceGroup.name, scopes: [ // List all subscription IDs you want to monitor "/subscriptions/00000000-0000-0000-0000-000000000000", "/subscriptions/11111111-1111-1111-1111-111111111111", // Add more subscriptions as needed ], actions: { actionGroups: [ { actionGroupId: actionGroup.id, }, ], }, condition: { allOf: [ { field: "category", equals: "Administrative", }, // Add more conditions as needed ], }, enabled: true, }); // Export the names of the resources export const resourceGroupName = resourceGroup.name; export const actionGroupName = actionGroup.name; export const activityLogAlertName = activityLogAlert.name;

    In this program:

    • We start by importing the necessary Pulumi packages for deploying the resources.
    • We create a new resource group which will contain our Activity Log Alert and Action Group.
    • We then define an Action Group (insights.ActionGroup) which acts as a collection point for the actions that will happen once the alert is triggered. We specify an example email receiver, but you can customize this with other types of receivers, such as SMS, webhook, etc.
    • Next, we define the Activity Log Alert (insights.ActivityLogAlert) itself. We set its scopes to the list of subscription IDs we want to monitor. You need to replace the placeholder subscription IDs with actual IDs you're monitoring.
    • The condition specifies the criteria for generating alerts; in this example, we're looking for "Administrative" events, but you can adjust to your needs by adding or changing conditions.
    • We enable the alert by setting enabled to true.
    • Lastly, we export the resource names for easy retrieval later on.

    Make sure you replace the placeholder values for email addresses and subscription IDs with your actual values.

    This Pulumi program defines the infrastructure as code, making it easy to version, share, and manage. To apply this configuration, save the code to a file with a .ts extension, and run the pulumi up command in the same directory to create the resources in Azure.