The azure-native:monitor:ActivityLogAlert resource, part of the Pulumi Azure Native provider, defines Activity Log Alert rules that monitor Azure platform events and trigger notifications based on condition logic. This guide focuses on three capabilities: condition operators (allOf, anyOf, containsAny), Activity Log field filtering, and action group integration.
Activity Log Alerts reference existing action groups for notifications and apply to subscription, resource group, or resource scopes. The examples are intentionally small. Combine them with your own action groups and scope definitions.
Alert on administrative errors at subscription scope
Operations teams monitoring Azure subscriptions need visibility into administrative actions that fail, allowing them to respond quickly to configuration issues or permission problems.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRule",
condition: {
allOf: [
{
equals: "Administrative",
field: "category",
},
{
equals: "Error",
field: "level",
},
],
},
description: "Description of sample Activity Log Alert rule.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["/subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRule",
condition={
"all_of": [
{
"equals": "Administrative",
"field": "category",
},
{
"equals": "Error",
"field": "level",
},
],
},
description="Description of sample Activity Log Alert rule.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["/subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRule"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("Administrative"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("Error"),
Field: pulumi.String("level"),
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRule",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "Administrative",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "Error",
Field = "level",
},
},
},
Description = "Description of sample Activity Log Alert rule.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"/subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRule")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("Administrative")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("Error")
.field("level")
.build())
.build())
.description("Description of sample Activity Log Alert rule.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("/subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRule
condition:
allOf:
- equals: Administrative
field: category
- equals: Error
field: level
description: Description of sample Activity Log Alert rule.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- /subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
The condition property defines what triggers the alert. The allOf array requires all conditions to match: category must equal “Administrative” AND level must equal “Error”. When both conditions are met, the alert fires and notifies the action groups listed in the actions property. The scopes array determines which resources the alert monitors; here, it watches the entire subscription.
Monitor service health for multiple incident types
Service Health events notify teams about Azure platform issues that might affect their workloads. Teams often want to track specific incident categories without creating separate alerts for each type.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRuleWithAnyOfCondition",
condition: {
allOf: [
{
equals: "ServiceHealth",
field: "category",
},
{
anyOf: [
{
equals: "Incident",
field: "properties.incidentType",
},
{
equals: "Maintenance",
field: "properties.incidentType",
},
],
},
],
},
description: "Description of sample Activity Log Alert rule with 'anyOf' condition.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRuleWithAnyOfCondition",
condition={
"all_of": [
{
"equals": "ServiceHealth",
"field": "category",
},
{
"any_of": [
{
"equals": "Incident",
"field": "properties.incidentType",
},
{
"equals": "Maintenance",
"field": "properties.incidentType",
},
],
},
],
},
description="Description of sample Activity Log Alert rule with 'anyOf' condition.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRuleWithAnyOfCondition"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("ServiceHealth"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
AnyOf: monitor.AlertRuleLeafConditionArray{
&monitor.AlertRuleLeafConditionArgs{
Equals: pulumi.String("Incident"),
Field: pulumi.String("properties.incidentType"),
},
&monitor.AlertRuleLeafConditionArgs{
Equals: pulumi.String("Maintenance"),
Field: pulumi.String("properties.incidentType"),
},
},
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule with 'anyOf' condition."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRuleWithAnyOfCondition",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "ServiceHealth",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
AnyOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleLeafConditionArgs
{
Equals = "Incident",
Field = "properties.incidentType",
},
new AzureNative.Monitor.Inputs.AlertRuleLeafConditionArgs
{
Equals = "Maintenance",
Field = "properties.incidentType",
},
},
},
},
},
Description = "Description of sample Activity Log Alert rule with 'anyOf' condition.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRuleWithAnyOfCondition")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("ServiceHealth")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.anyOf(
AlertRuleLeafConditionArgs.builder()
.equals("Incident")
.field("properties.incidentType")
.build(),
AlertRuleLeafConditionArgs.builder()
.equals("Maintenance")
.field("properties.incidentType")
.build())
.build())
.build())
.description("Description of sample Activity Log Alert rule with 'anyOf' condition.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRuleWithAnyOfCondition
condition:
allOf:
- equals: ServiceHealth
field: category
- anyOf:
- equals: Incident
field: properties.incidentType
- equals: Maintenance
field: properties.incidentType
description: Description of sample Activity Log Alert rule with 'anyOf' condition.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
The anyOf operator within the condition allows matching multiple values for a single field. This alert fires when the category is “ServiceHealth” AND the incident type is either “Incident” OR “Maintenance”. The properties.incidentType field uses dot notation to access nested properties in Activity Log events.
Filter service health by impacted regions
Global deployments need to filter service health notifications by geographic region, alerting only when issues affect specific Azure regions where resources are deployed.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const activityLogAlert = new azure_native.monitor.ActivityLogAlert("activityLogAlert", {
actions: {
actionGroups: [{
actionGroupId: "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
webhookProperties: {
sampleWebhookProperty: "SamplePropertyValue",
},
}],
},
activityLogAlertName: "SampleActivityLogAlertRuleWithContainsAny",
condition: {
allOf: [
{
equals: "ServiceHealth",
field: "category",
},
{
containsAny: [
"North Europe",
"West Europe",
],
field: "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
],
},
description: "Description of sample Activity Log Alert rule with 'containsAny'.",
enabled: true,
location: "Global",
resourceGroupName: "MyResourceGroup",
scopes: ["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags: {},
});
import pulumi
import pulumi_azure_native as azure_native
activity_log_alert = azure_native.monitor.ActivityLogAlert("activityLogAlert",
actions={
"action_groups": [{
"action_group_id": "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
"webhook_properties": {
"sampleWebhookProperty": "SamplePropertyValue",
},
}],
},
activity_log_alert_name="SampleActivityLogAlertRuleWithContainsAny",
condition={
"all_of": [
{
"equals": "ServiceHealth",
"field": "category",
},
{
"contains_any": [
"North Europe",
"West Europe",
],
"field": "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
],
},
description="Description of sample Activity Log Alert rule with 'containsAny'.",
enabled=True,
location="Global",
resource_group_name="MyResourceGroup",
scopes=["subscriptions/187f412d-1758-44d9-b052-169e2564721d"],
tags={})
package main
import (
monitor "github.com/pulumi/pulumi-azure-native-sdk/monitor/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := monitor.NewActivityLogAlert(ctx, "activityLogAlert", &monitor.ActivityLogAlertArgs{
Actions: &monitor.ActionListArgs{
ActionGroups: monitor.ActionGroupTypeArray{
&monitor.ActionGroupTypeArgs{
ActionGroupId: pulumi.String("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup"),
WebhookProperties: pulumi.StringMap{
"sampleWebhookProperty": pulumi.String("SamplePropertyValue"),
},
},
},
},
ActivityLogAlertName: pulumi.String("SampleActivityLogAlertRuleWithContainsAny"),
Condition: &monitor.AlertRuleAllOfConditionArgs{
AllOf: monitor.AlertRuleAnyOfOrLeafConditionArray{
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
Equals: pulumi.String("ServiceHealth"),
Field: pulumi.String("category"),
},
&monitor.AlertRuleAnyOfOrLeafConditionArgs{
ContainsAny: pulumi.StringArray{
pulumi.String("North Europe"),
pulumi.String("West Europe"),
},
Field: pulumi.String("properties.impactedServices[*].ImpactedRegions[*].RegionName"),
},
},
},
Description: pulumi.String("Description of sample Activity Log Alert rule with 'containsAny'."),
Enabled: pulumi.Bool(true),
Location: pulumi.String("Global"),
ResourceGroupName: pulumi.String("MyResourceGroup"),
Scopes: pulumi.StringArray{
pulumi.String("subscriptions/187f412d-1758-44d9-b052-169e2564721d"),
},
Tags: pulumi.StringMap{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var activityLogAlert = new AzureNative.Monitor.ActivityLogAlert("activityLogAlert", new()
{
Actions = new AzureNative.Monitor.Inputs.ActionListArgs
{
ActionGroups = new[]
{
new AzureNative.Monitor.Inputs.ActionGroupArgs
{
ActionGroupId = "/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup",
WebhookProperties =
{
{ "sampleWebhookProperty", "SamplePropertyValue" },
},
},
},
},
ActivityLogAlertName = "SampleActivityLogAlertRuleWithContainsAny",
Condition = new AzureNative.Monitor.Inputs.AlertRuleAllOfConditionArgs
{
AllOf = new[]
{
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
Equals = "ServiceHealth",
Field = "category",
},
new AzureNative.Monitor.Inputs.AlertRuleAnyOfOrLeafConditionArgs
{
ContainsAny = new[]
{
"North Europe",
"West Europe",
},
Field = "properties.impactedServices[*].ImpactedRegions[*].RegionName",
},
},
},
Description = "Description of sample Activity Log Alert rule with 'containsAny'.",
Enabled = true,
Location = "Global",
ResourceGroupName = "MyResourceGroup",
Scopes = new[]
{
"subscriptions/187f412d-1758-44d9-b052-169e2564721d",
},
Tags = null,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.monitor.ActivityLogAlert;
import com.pulumi.azurenative.monitor.ActivityLogAlertArgs;
import com.pulumi.azurenative.monitor.inputs.ActionListArgs;
import com.pulumi.azurenative.monitor.inputs.AlertRuleAllOfConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var activityLogAlert = new ActivityLogAlert("activityLogAlert", ActivityLogAlertArgs.builder()
.actions(ActionListArgs.builder()
.actionGroups(ActionGroupArgs.builder()
.actionGroupId("/subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup")
.webhookProperties(Map.of("sampleWebhookProperty", "SamplePropertyValue"))
.build())
.build())
.activityLogAlertName("SampleActivityLogAlertRuleWithContainsAny")
.condition(AlertRuleAllOfConditionArgs.builder()
.allOf(
AlertRuleAnyOfOrLeafConditionArgs.builder()
.equals("ServiceHealth")
.field("category")
.build(),
AlertRuleAnyOfOrLeafConditionArgs.builder()
.containsAny(
"North Europe",
"West Europe")
.field("properties.impactedServices[*].ImpactedRegions[*].RegionName")
.build())
.build())
.description("Description of sample Activity Log Alert rule with 'containsAny'.")
.enabled(true)
.location("Global")
.resourceGroupName("MyResourceGroup")
.scopes("subscriptions/187f412d-1758-44d9-b052-169e2564721d")
.tags(Map.ofEntries(
))
.build());
}
}
resources:
activityLogAlert:
type: azure-native:monitor:ActivityLogAlert
properties:
actions:
actionGroups:
- actionGroupId: /subscriptions/187f412d-1758-44d9-b052-169e2564721d/resourceGroups/MyResourceGroup/providers/Microsoft.Insights/actionGroups/SampleActionGroup
webhookProperties:
sampleWebhookProperty: SamplePropertyValue
activityLogAlertName: SampleActivityLogAlertRuleWithContainsAny
condition:
allOf:
- equals: ServiceHealth
field: category
- containsAny:
- North Europe
- West Europe
field: properties.impactedServices[*].ImpactedRegions[*].RegionName
description: Description of sample Activity Log Alert rule with 'containsAny'.
enabled: true
location: Global
resourceGroupName: MyResourceGroup
scopes:
- subscriptions/187f412d-1758-44d9-b052-169e2564721d
tags: {}
The containsAny operator checks whether a field contains any value from a list. The field path uses array notation ([*]) to traverse nested arrays in the Activity Log event structure. This alert fires when a Service Health event impacts either North Europe or West Europe, filtering out events affecting other regions.
Beyond these examples
These snippets focus on specific Activity Log Alert features: condition logic (allOf, anyOf, containsAny), Activity Log field filtering, and action group integration. They’re intentionally minimal rather than full monitoring solutions.
The examples reference pre-existing infrastructure such as action groups for notifications, and Azure subscriptions and resource groups. They focus on configuring the alert rule rather than provisioning the notification infrastructure.
To keep things focused, common alert patterns are omitted, including:
- Webhook properties and custom payloads
- Multiple action groups per alert
- Resource-specific scoping (resource group or resource level)
- Alert rule disabling (enabled property)
These omissions are intentional: the goal is to illustrate how each alert condition is wired, not provide drop-in monitoring modules. See the Activity Log Alert resource reference for all available configuration options.
Let's create Azure Activity Log Alerts
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Alert Conditions & Filtering
How do I create complex alert conditions with multiple criteria?
Use the condition.allOf array to combine multiple conditions that all must match. You have three operators:
- Simple equality - Use
fieldandequals(e.g.,field: "category", equals: "Administrative") - OR logic - Nest an
anyOfarray to match any of several values (e.g., match “Incident” OR “Maintenance” incident types) - Array matching - Use
containsAnyto check if a field contains any values from an array (e.g., match multiple regions)
How do I create alerts for Azure Service Health incidents?
Set
field: "category" with equals: "ServiceHealth", then add a nested anyOf condition to filter specific incident types. For example, to alert on incidents or maintenance, use anyOf with conditions for field: "properties.incidentType" matching “Incident” or “Maintenance”.How do I filter alerts by severity level?
Add a condition with
field: "level" and set equals to your desired severity (e.g., “Error”, “Warning”, “Informational”). This is commonly combined with category filters in the allOf array.How do I create alerts that trigger for multiple Azure regions?
Use the
containsAny operator with a field path like properties.impactedServices[*].ImpactedRegions[*].RegionName and provide an array of region names (e.g., ["North Europe", "West Europe"]). The alert triggers if any of the specified regions are affected.Configuration & Setup
What's required to create an Activity Log Alert?
You must provide three required properties:
actions- At least one action group to triggercondition- Alert trigger conditions with anallOfarrayscopes- At least one resource ID prefix (e.g., subscription ID)
What should I include in the scopes array?
The
scopes array must contain at least one resource ID prefix. Alerts only apply to Activity Log events with resource IDs under these prefixes. Common patterns include subscription-level scopes (e.g., /subscriptions/187f412d-1758-44d9-b052-169e2564721d) or resource group scopes.How do I configure action groups for my alert?
Set the
actions.actionGroups array with at least one action group. Each entry requires an actionGroupId (the full resource ID of your action group) and optionally webhookProperties for custom webhook data.Constraints & Limitations
What properties can't be changed after creating an Activity Log Alert?
Three properties are immutable after creation:
activityLogAlertName, location, and resourceGroupName. Changing any of these requires recreating the alert rule.What Azure regions support Activity Log Alerts?
Activity Log Alerts are only supported in Global (the default), West Europe, and North Europe regions. The
location property defaults to “global” if not specified.Can I disable an alert without deleting it?
Yes, set
enabled: false to disable the alert rule. When disabled, none of the configured actions will be activated, but the rule configuration is preserved. The default is true.