add site composite

vpn-transit-gateway/README.md

@@ -71,6 +71,7 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [aws_cloudwatch_composite_alarm.tgw_vpn_site](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_composite_alarm) | resource |
 | [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_cloudwatch_metric_alarm.tgw_vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |
 | [aws_customer_gateway.vpn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/customer_gateway) | resource |

vpn-transit-gateway/cloudwatch_alarms.tf

@@ -52,11 +52,11 @@ locals {
 
 resource "aws_cloudwatch_metric_alarm" "tgw_vpn" {
   for_each            = var.enable_cloudwatch_alarms && var.cloudwatch_alarm_topic_arn != null ? local.vpn_details : {}
+  alarm_name          = each.value.name
   actions_enabled     = true
   alarm_actions       = [var.cloudwatch_alarm_topic_arn]
   ok_actions          = [var.cloudwatch_alarm_topic_arn]
   alarm_description   = templatefile("${path.module}/templates/vpn_tunnel_status.alarm.tpl", merge(tomap(each.value), { "module_name" = local.base_tags["boc:tf_module_name"], "module_version" = local._module_version }))
-  alarm_name          = each.value.name
   comparison_operator = "LessThanThreshold"
   datapoints_to_alarm = 5
   dimensions = {
@@ -75,3 +75,23 @@ resource "aws_cloudwatch_metric_alarm" "tgw_vpn" {
     var.tags,
   )
 }
+
+resource "aws_cloudwatch_composite_alarm" "tgw_vpn_site" {
+  for_each        = var.enable_cloudwatch_alarms && var.cloudwatch_alarm_topic_arn != null ? toset(distinct([for k, v in local.vpn_details : v.site])) : toset([])
+  alarm_name      = format("%v-%v-site-tunnels.%v.%v", each.key, var.tgw_environment, local.account_alias, local.region)
+  actions_enabled = true
+  alarm_actions   = [var.cloudwatch_alarm_topic_arn]
+  ok_actions      = [var.cloudwatch_alarm_topic_arn]
+  alarm_description = templatefile("${path.module}/templates/vpn_tunnel_status_composite_site.alarm.tpl", {
+    "site"           = each.key,
+    "site_details"   = [for k, v in local.vpn_details : merge(v, { "key" = k }) if v.site == each.key]
+    "module_name"    = local.base_tags["boc:tf_module_name"],
+    "module_version" = local._module_version
+  })
+  alarm_rule = join(" AND ", [for k, v in local.vpn_details : format("ALARM(%v)", aws_cloudwatch_metric_alarm.tgw_vpn[k].arn) if v.site == each.key])
+
+  tags = merge(
+    local.base_tags,
+    var.tags,
+  )
+}

vpn-transit-gateway/templates/vpn_tunnel_status_composite_site.alarm.tpl

@@ -0,0 +1,25 @@
+
+# VPN Site Tunnel Status Change
+
+## ${site_details[0].account_alias} ${site_details[0].region}
+
+* account = ${site_details[0].account_alias} ${site_details[0].account_id}
+* region  = ${site_details[0].region}
+* label   = ${site_details[0].full_label}
+* vpc
+  * id         = ${site_details[0].vpc_id}
+  * cidr_block = ${site_details[0].cidr_block}
+  * name       = ${site_details[0].vpc_short_name}-${site_details.[0].vpc_name}
+  * environment = ${site_details[0].vpn_environment} 
+* tunnels
+  * loopback         = ${site_details[0].loopback}
+  * endpoint         = ${site_details[0].customer_address}
+%{ for t in site_details }
+  **${t.name}**
+    * vpn_connection   = ${t.vpn_connection_id}
+    * tunnel_number    = ${t.tunnel_number}
+    * tunnel_address   = ${t.tunnel_address}
+    * tunnel_label     = ${t.tunnel_label}
+%{ endfor }
+
+_version = ${module_name} ${module_version}_