The azure-native:monitor:ActivityLogAlert resource, part of the Pulumi Azure Native provider, defines Activity Log Alert rules that monitor Azure Activity Log events and trigger Action Groups when conditions match. This guide focuses on three capabilities: condition logic for event filtering, Service Health event monitoring, and region-based filtering.
Activity Log Alerts reference Action Groups for notifications and monitor events at subscription or resource scope. The examples are intentionally small. Combine them with your own Action Groups and scope definitions.
Alert on administrative errors at subscription scope
Operations teams monitoring Azure subscriptions need visibility into administrative actions that fail, allowing them to respond quickly to configuration issues or permission problems.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRule",
condition: {
allOf: [
{
equals: "Administrative",
field: "category",
},
{
equals: "Error",
field: "level",
},
],
},
description: "Description of sample Activity Log Alert rule.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["/subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRule",
condition={
"all_of": [
{
"equals": "Administrative",
"field": "category",
},
{
"equals": "Error",
"field": "level",
},
],
},
description="Description of sample Activity Log Alert rule.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["/subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRule"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("Administrative"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("Error"),
Field: pulumi.String("level"),
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRule",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "Administrative",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "Error",
Field = "level",
},
},
},
Description = "Description of sample Activity Log Alert rule.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"/subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRule")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("Administrative")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("Error")
.field("level")
.build())
.build())
.description("Description of sample Activity Log Alert rule.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("/subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRule
condition:
allOf:
- equals: Administrative
field: category
- equals: Error
field: level
description: Description of sample Activity Log Alert rule.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- /subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
The condition property defines matching logic using allOf to require all criteria. Each condition specifies a field (like “category” or “level”) and an equals value. The actions property lists Action Groups to notify when the alert fires. The scopes property determines which resources the alert monitors; here, it watches an entire subscription.
Monitor service health for specific incident types
Service Health events notify you about Azure platform issues that might affect your resources. Teams often filter for specific incident types to reduce alert noise.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRuleWithAnyOfCondition",
condition: {
allOf: [
{
equals: "ServiceHealth",
field: "category",
},
{
anyOf: [
{
equals: "Incident",
field: "properties.incidentType",
},
{
equals: "Maintenance",
field: "properties.incidentType",
},
],
},
],
},
description: "Description of sample Activity Log Alert rule with 'anyOf' condition.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRuleWithAnyOfCondition",
condition={
"all_of": [
{
"equals": "ServiceHealth",
"field": "category",
},
{
"any_of": [
{
"equals": "Incident",
"field": "properties.incidentType",
},
{
"equals": "Maintenance",
"field": "properties.incidentType",
},
],
},
],
},
description="Description of sample Activity Log Alert rule with 'anyOf' condition.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRuleWithAnyOfCondition"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("ServiceHealth"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
AnyOf: monitor.AlertRuleLeafConditionArray{
&monitor.AlertRuleLeafConditionArgs{
Equals: pulumi.String("Incident"),
Field: pulumi.String("properties.incidentType"),
},
&monitor.AlertRuleLeafConditionArgs{
Equals: pulumi.String("Maintenance"),
Field: pulumi.String("properties.incidentType"),
},
},
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule with 'anyOf' condition."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRuleWithAnyOfCondition",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "ServiceHealth",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
AnyOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleLeafConditionArgs
{
Equals = "Incident",
Field = "properties.incidentType",
},
new AzureNative.Monitor.Inputs.AlertRuleLeafConditionArgs
{
Equals = "Maintenance",
Field = "properties.incidentType",
},
},
},
},
},
Description = "Description of sample Activity Log Alert rule with 'anyOf' condition.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRuleWithAnyOfCondition")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("ServiceHealth")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.anyOf(
AlertRuleLeafConditionArgs.builder()
.equals("Incident")
.field("properties.incidentType")
.build(),
AlertRuleLeafConditionArgs.builder()
.equals("Maintenance")
.field("properties.incidentType")
.build())
.build())
.build())
.description("Description of sample Activity Log Alert rule with 'anyOf' condition.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRuleWithAnyOfCondition
condition:
allOf:
- equals: ServiceHealth
field: category
- anyOf:
- equals: Incident
field: properties.incidentType
- equals: Maintenance
field: properties.incidentType
description: Description of sample Activity Log Alert rule with 'anyOf' condition.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
This configuration extends the basic example by introducing nested anyOf logic within the allOf array. The first condition requires category “ServiceHealth”, while the second uses anyOf to match either “Incident” or “Maintenance” incident types. The anyOf array contains AlertRuleLeafCondition objects that check the properties.incidentType field.
Filter service health by affected regions
When Azure service issues occur, they often affect specific regions. Teams monitoring multi-region deployments can filter alerts to only regions where they operate.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRuleWithContainsAny",
condition: {
allOf: [
{
equals: "ServiceHealth",
field: "category",
},
{
containsAny: [
"North Europe",
"West Europe",
],
field: "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
],
},
description: "Description of sample Activity Log Alert rule with 'containsAny'.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRuleWithContainsAny",
condition={
"all_of": [
{
"equals": "ServiceHealth",
"field": "category",
},
{
"contains_any": [
"North Europe",
"West Europe",
],
"field": "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
],
},
description="Description of sample Activity Log Alert rule with 'containsAny'.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRuleWithContainsAny"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("ServiceHealth"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
ContainsAny: pulumi.StringArray{
pulumi.String("North Europe"),
pulumi.String("West Europe"),
},
Field: pulumi.String("properties.impactedServices[*].ImpactedRegions[*].RegionName"),
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule with 'containsAny'."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRuleWithContainsAny",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "ServiceHealth",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
ContainsAny = new[]
{
"North Europe",
"West Europe",
},
Field = "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
},
},
Description = "Description of sample Activity Log Alert rule with 'containsAny'.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRuleWithContainsAny")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("ServiceHealth")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.containsAny(
"North Europe",
"West Europe")
.field("properties.impactedServices[*].ImpactedRegions[*].RegionName")
.build())
.build())
.description("Description of sample Activity Log Alert rule with 'containsAny'.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRuleWithContainsAny
condition:
allOf:
- equals: ServiceHealth
field: category
- containsAny:
- North Europe
- West Europe
field: properties.impactedServices[*].ImpactedRegions[*].RegionName
description: Description of sample Activity Log Alert rule with 'containsAny'.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
The containsAny operator checks whether any value in an array field matches your list. Here, it examines the properties.impactedServices[].ImpactedRegions[].RegionName field using JSONPath-style syntax to traverse nested arrays. The alert fires only when Service Health events affect North Europe or West Europe.
Beyond these examples
These snippets focus on specific Activity Log Alert features: condition logic (allOf, anyOf, containsAny), Service Health and administrative event filtering, and Action Group integration. They’re intentionally minimal rather than full monitoring solutions.
The examples reference pre-existing infrastructure such as Action Groups for notifications and Azure subscriptions with valid IDs. They focus on configuring the alert rule rather than provisioning notification infrastructure.
To keep things focused, common alert patterns are omitted, including:
- Webhook properties and custom payloads
- Multiple Action Groups per alert
- Resource-specific scopes (resource groups, individual resources)
- Alert rule disabling (enabled property)
These omissions are intentional: the goal is to illustrate how each alert feature is wired, not provide drop-in monitoring modules. See the Activity Log Alert resource reference for all available configuration options.
Let's create Azure Activity Log Alerts
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Requirements
What properties can't I change after creating an Activity Log Alert?
The
activityLogAlertName, location, and resourceGroupName properties are immutable and cannot be changed after creation.What are the location requirements for Activity Log Alerts?
Activity Log Alert rules are only supported in Global, West Europe, and North Europe regions. The default location is
global.What's required to create an Activity Log Alert?
You must provide
actions (with at least one action group), condition (with alert criteria), and scopes (with at least one resource ID prefix).Is my Activity Log Alert enabled by default?
Yes, the
enabled property defaults to true. Set it to false to create a disabled alert rule.Alert Conditions & Filtering
What's the difference between `allOf` and `anyOf` in alert conditions?
allOf requires all conditions to match (AND logic), while anyOf matches if any nested condition is true (OR logic). You can nest anyOf within allOf to create complex logic.How do I create OR conditions in my alert rule?
Use
anyOf within allOf to match any of the nested conditions. For example, to alert on either Incident OR Maintenance events, nest two conditions with anyOf.How do I match multiple values for a single field?
Use
containsAny with an array of values. For example, to match multiple regions, use containsAny with ["North Europe", "West Europe"].What fields can I filter on in alert conditions?
Examples show filtering on
category, level, properties.incidentType, and nested properties like properties.impactedServices[*].ImpactedRegions[*].RegionName.Scoping & Targeting
How do scopes work in Activity Log Alerts?
Scopes are resource ID prefixes. The alert only applies to Activity Log events with resource IDs that fall under one of these prefixes. You must provide at least one scope.
Can I monitor multiple subscriptions with one alert?
Yes,
scopes is an array, so you can include multiple subscription IDs to monitor Activity Log events across subscriptions.