From f5a9cb1d3aa64e65424834dd3c5b013f13dbf770 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Mon, 29 Dec 2025 15:53:42 +0000 Subject: [PATCH 01/25] wip --- infrastructure/bootstrap/hub.bicep | 1 + .../bootstrap/modules/managedDevopsPool.bicep | 108 +++++++++--------- 2 files changed, 55 insertions(+), 54 deletions(-) diff --git a/infrastructure/bootstrap/hub.bicep b/infrastructure/bootstrap/hub.bicep index b17eaa81..6c18d65d 100644 --- a/infrastructure/bootstrap/hub.bicep +++ b/infrastructure/bootstrap/hub.bicep @@ -18,6 +18,7 @@ targetScope = 'subscription' +// param devopsInfrastructureId string param devopsSubnetAddressPrefix string param privateEndpointSubnetAddressPrefix string param hubType string // live / nonlive diff --git a/infrastructure/bootstrap/modules/managedDevopsPool.bicep b/infrastructure/bootstrap/modules/managedDevopsPool.bicep index d733b19c..c98322ee 100644 --- a/infrastructure/bootstrap/modules/managedDevopsPool.bicep +++ b/infrastructure/bootstrap/modules/managedDevopsPool.bicep @@ -47,57 +47,57 @@ resource devCenterProject 'Microsoft.DevCenter/projects@2025-02-01' = { } } -resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = { - name: poolName - location: location - properties: { - organizationProfile: { - organizations: [ - { - url: 'https://dev.azure.com/${adoOrg}' - parallelism: 1 - } - ] - permissionProfile: { - kind: 'CreatorOnly' - } - kind: 'AzureDevOps' - } - devCenterProjectResourceId: devCenterProject.id - maximumConcurrency: poolSize - agentProfile: { - kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow - maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful - // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful - resourcePredictionsProfile: { - kind: 'Automatic' // 'Manual' or 'Automatic' - predictionPreference: 'Balanced' - } - } - fabricProfile: { - sku: { - name: fabricProfileSkuName - } - images: [ - { - aliases: [ - 'ubuntu-22.04' - 'ubuntu-22.04/latest' - ] - wellKnownImageName: 'ubuntu-22.04' - } - ] - osProfile: { - logonType: 'Service' // or Interactive - } - storageProfile: { - osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium - } - // Remove if you want to use 'Isolated Virtual Network' - networkProfile: { - subnetId: devopsSubnet.id - } - kind: 'Vmss' - } - } -} +// resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = { +// name: poolName +// location: location +// properties: { +// organizationProfile: { +// organizations: [ +// { +// url: 'https://dev.azure.com/${adoOrg}' +// parallelism: 1 +// } +// ] +// permissionProfile: { +// kind: 'CreatorOnly' +// } +// kind: 'AzureDevOps' +// } +// devCenterProjectResourceId: devCenterProject.id +// maximumConcurrency: poolSize +// agentProfile: { +// kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow +// maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful +// // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful +// resourcePredictionsProfile: { +// kind: 'Automatic' // 'Manual' or 'Automatic' +// predictionPreference: 'Balanced' +// } +// } +// fabricProfile: { +// sku: { +// name: fabricProfileSkuName +// } +// images: [ +// { +// aliases: [ +// 'ubuntu-22.04' +// 'ubuntu-22.04/latest' +// ] +// wellKnownImageName: 'ubuntu-22.04' +// } +// ] +// osProfile: { +// logonType: 'Service' // or Interactive +// } +// storageProfile: { +// osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium +// } +// // Remove if you want to use 'Isolated Virtual Network' +// networkProfile: { +// subnetId: devopsSubnet.id +// } +// kind: 'Vmss' +// } +// } +// } From 807e1904a77199aa54aa4830ec278d8fe5e940e5 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Tue, 30 Dec 2025 10:32:19 +0000 Subject: [PATCH 02/25] wip --- infrastructure/bootstrap/hub.bicep | 4 + .../bootstrap/modules/managedDevopsPool.bicep | 108 +++++++++--------- 2 files changed, 58 insertions(+), 54 deletions(-) diff --git a/infrastructure/bootstrap/hub.bicep b/infrastructure/bootstrap/hub.bicep index 6c18d65d..ff9810ea 100644 --- a/infrastructure/bootstrap/hub.bicep +++ b/infrastructure/bootstrap/hub.bicep @@ -26,6 +26,10 @@ param region string = 'uksouth' param regionShortName string = 'uks' param vnetAddressPrefixes array param enableSoftDelete bool +<<<<<<< HEAD +======= + +>>>>>>> 93647fb (wip) // removed when generalised var appShortName = 'lungcs' diff --git a/infrastructure/bootstrap/modules/managedDevopsPool.bicep b/infrastructure/bootstrap/modules/managedDevopsPool.bicep index c98322ee..d733b19c 100644 --- a/infrastructure/bootstrap/modules/managedDevopsPool.bicep +++ b/infrastructure/bootstrap/modules/managedDevopsPool.bicep @@ -47,57 +47,57 @@ resource devCenterProject 'Microsoft.DevCenter/projects@2025-02-01' = { } } -// resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = { -// name: poolName -// location: location -// properties: { -// organizationProfile: { -// organizations: [ -// { -// url: 'https://dev.azure.com/${adoOrg}' -// parallelism: 1 -// } -// ] -// permissionProfile: { -// kind: 'CreatorOnly' -// } -// kind: 'AzureDevOps' -// } -// devCenterProjectResourceId: devCenterProject.id -// maximumConcurrency: poolSize -// agentProfile: { -// kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow -// maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful -// // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful -// resourcePredictionsProfile: { -// kind: 'Automatic' // 'Manual' or 'Automatic' -// predictionPreference: 'Balanced' -// } -// } -// fabricProfile: { -// sku: { -// name: fabricProfileSkuName -// } -// images: [ -// { -// aliases: [ -// 'ubuntu-22.04' -// 'ubuntu-22.04/latest' -// ] -// wellKnownImageName: 'ubuntu-22.04' -// } -// ] -// osProfile: { -// logonType: 'Service' // or Interactive -// } -// storageProfile: { -// osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium -// } -// // Remove if you want to use 'Isolated Virtual Network' -// networkProfile: { -// subnetId: devopsSubnet.id -// } -// kind: 'Vmss' -// } -// } -// } +resource pool 'microsoft.devopsinfrastructure/pools@2025-09-20' = { + name: poolName + location: location + properties: { + organizationProfile: { + organizations: [ + { + url: 'https://dev.azure.com/${adoOrg}' + parallelism: 1 + } + ] + permissionProfile: { + kind: 'CreatorOnly' + } + kind: 'AzureDevOps' + } + devCenterProjectResourceId: devCenterProject.id + maximumConcurrency: poolSize + agentProfile: { + kind: 'Stateful' // or 'Stateless' - VM creation for each job, which tends to be too slow + maxAgentLifetime: agentProfileMaxAgentLifetime // Only allowed if kind is Stateful + // gracePeriodTimeSpan: '00:30:00' // Only allowed if kind is Stateful + resourcePredictionsProfile: { + kind: 'Automatic' // 'Manual' or 'Automatic' + predictionPreference: 'Balanced' + } + } + fabricProfile: { + sku: { + name: fabricProfileSkuName + } + images: [ + { + aliases: [ + 'ubuntu-22.04' + 'ubuntu-22.04/latest' + ] + wellKnownImageName: 'ubuntu-22.04' + } + ] + osProfile: { + logonType: 'Service' // or Interactive + } + storageProfile: { + osDiskStorageAccountType: 'StandardSSD' // StandardSSD, Standard, or Premium + } + // Remove if you want to use 'Isolated Virtual Network' + networkProfile: { + subnetId: devopsSubnet.id + } + kind: 'Vmss' + } + } +} From e5b7ab5f11fc013ecbdd9b256c0eeae518a6076d Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 14:46:29 +0000 Subject: [PATCH 03/25] Add alerting --- .../environments/dev/variables.tfvars | 2 + .../environments/preprod/variables.tfvars | 2 + .../environments/prod/variables.tfvars | 2 + .../modules/container-apps/alerts.tf | 38 +++++++++++++++++ infrastructure/modules/container-apps/main.tf | 10 +++++ .../modules/container-apps/postgres.tf | 7 ++++ .../modules/container-apps/variables.tf | 24 +++++++++++ infrastructure/modules/infra/alerts.tf | 41 +++++++++++++++++++ infrastructure/modules/infra/variables.tf | 10 +++++ 9 files changed, 136 insertions(+) create mode 100644 infrastructure/modules/container-apps/alerts.tf create mode 100644 infrastructure/modules/infra/alerts.tf diff --git a/infrastructure/environments/dev/variables.tfvars b/infrastructure/environments/dev/variables.tfvars index 65187411..8501529d 100644 --- a/infrastructure/environments/dev/variables.tfvars +++ b/infrastructure/environments/dev/variables.tfvars @@ -15,3 +15,5 @@ postgres_geo_redundant_backup_enabled = false protect_keyvault = false vnet_address_space = "10.12.0.0/16" seed_demo_data = true +enable_alerting = true +min_replicas = 1 diff --git a/infrastructure/environments/preprod/variables.tfvars b/infrastructure/environments/preprod/variables.tfvars index c9becadf..9830c809 100644 --- a/infrastructure/environments/preprod/variables.tfvars +++ b/infrastructure/environments/preprod/variables.tfvars @@ -15,3 +15,5 @@ postgres_geo_redundant_backup_enabled = false protect_keyvault = true vnet_address_space = "10.14.0.0/16" seed_demo_data = true +enable_alerting = true +min_replicas = 2 diff --git a/infrastructure/environments/prod/variables.tfvars b/infrastructure/environments/prod/variables.tfvars index dae1de65..2dbdb1c6 100644 --- a/infrastructure/environments/prod/variables.tfvars +++ b/infrastructure/environments/prod/variables.tfvars @@ -15,3 +15,5 @@ protect_keyvault = true vnet_address_space = "10.15.0.0/16" use_apex_domain = true cae_zone_redundancy_enabled = true +enable_alerting = true +min_replicas = 2 diff --git a/infrastructure/modules/container-apps/alerts.tf b/infrastructure/modules/container-apps/alerts.tf new file mode 100644 index 00000000..a9ea412b --- /dev/null +++ b/infrastructure/modules/container-apps/alerts.tf @@ -0,0 +1,38 @@ +resource "azurerm_monitor_scheduled_query_rules_alert_v2" "failure_event" { + count = var.enable_alerting ? 1 : 0 + + auto_mitigation_enabled = false + description = "An alert triggered by a custom event batch_marked_as_failed logged in code" + enabled = var.enable_alerting + evaluation_frequency = "PT5M" + location = var.region + name = "${var.app_short_name}-batch-failed-alert" + resource_group_name = azurerm_resource_group.main.name + scopes = [var.app_insights_id] + severity = 2 + skip_query_validation = false + target_resource_types = ["microsoft.insights/components"] + window_duration = "PT5M" + workspace_alerts_storage_enabled = false + + action { + action_groups = [var.action_group_id] + } + + criteria { + operator = "GreaterThan" + query = <<-QUERY + customEvents + | where name == "batch_marked_as_failed" + | project timestamp, name + | project-rename TimeGenerated=timestamp + QUERY + threshold = 0 + time_aggregation_method = "Count" + + failing_periods { + minimum_failing_periods_to_trigger_alert = 1 + number_of_evaluation_periods = 1 + } + } +} diff --git a/infrastructure/modules/container-apps/main.tf b/infrastructure/modules/container-apps/main.tf index 0b481ed5..6059d738 100644 --- a/infrastructure/modules/container-apps/main.tf +++ b/infrastructure/modules/container-apps/main.tf @@ -13,6 +13,13 @@ module "webapp" { name = "${var.app_short_name}-web-${var.environment}" container_app_environment_id = var.container_app_environment_id + + # alerts + action_group_id = var.action_group_id + enable_alerting = var.enable_alerting + alert_memory_threshold = 80 + alert_cpu_threshold = 90 + resource_group_name = azurerm_resource_group.main.name fetch_secrets_from_app_key_vault = var.fetch_secrets_from_app_key_vault infra_key_vault_name = "kv-${var.app_short_name}-${var.env_config}-inf" @@ -31,4 +38,7 @@ module "webapp" { secret_variables = var.deploy_database_as_container ? { DATABASE_PASSWORD = resource.random_password.admin_password[0].result } : {} is_web_app = true port = 8000 + probe_path = "/healthcheck" + min_replicas = var.min_replicas + memory = var.container_memory } diff --git a/infrastructure/modules/container-apps/postgres.tf b/infrastructure/modules/container-apps/postgres.tf index 7939db25..27e2e0dd 100644 --- a/infrastructure/modules/container-apps/postgres.tf +++ b/infrastructure/modules/container-apps/postgres.tf @@ -94,6 +94,13 @@ module "database_container" { POSTGRES_USER = local.database_user POSTGRES_DB = local.database_name } + + # alerts + action_group_id = var.action_group_id + enable_alerting = var.enable_alerting + alert_memory_threshold = 80 + alert_cpu_threshold = 90 + resource_group_name = azurerm_resource_group.main.name is_tcp_app = true # postgres has a port of 5432 diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 44274627..34c0338b 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -144,6 +144,30 @@ variable "use_apex_domain" { type = bool } +variable "enable_alerting" { + description = "Whether monitoring and alerting is enabled." + type = bool +} + +variable "target_url" { + description = "The external url" + type = string +} + +variable "alert_window_size" { + type = string + nullable = false + validation { + condition = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size) + error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H" + } + description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly." +} + +variable "action_group_id" { + type = string + description = "ID of the action group to notify." +} locals { resource_group_name = "rg-${var.app_short_name}-${var.environment}-container-app-uks" diff --git a/infrastructure/modules/infra/alerts.tf b/infrastructure/modules/infra/alerts.tf new file mode 100644 index 00000000..fafc3c5b --- /dev/null +++ b/infrastructure/modules/infra/alerts.tf @@ -0,0 +1,41 @@ +module "service_health_alert" { + source = "../dtos-devops-templates/infrastructure/modules/monitor-activity-log-alert" + + name = "service-health-alerts-${var.app_short_name}-${var.environment}" + location = "global" + resource_group_name = azurerm_resource_group.main.name + description = "Azure Service Health alert for services impacting ${var.app_short_name} in ${var.environment}" + + scopes = [data.azurerm_subscription.current.id] + + criteria = { + category = "ServiceHealth" + level = null + + service_health = { + events = ["Incident", "Maintenance", "Informational", "ActionRequired", "Security"] + locations = [var.region] + + # Only monitor Azure services used by this application + # This reduces noise from unrelated service health events + services = [ + "Application Insights", + "Azure Container Apps", + "Azure Container Service", + "Azure Container Storage", + "Azure Database for PostgreSQL flexible servers", + "Azure DNS", + "Azure Frontdoor", + "Azure Monitor", + "Azure Private Link", + "Key Vault", + "Log Analytics", + "Storage", + "Virtual Network", + "Windows Virtual Desktop" + ] + } + } + + action_group_id = module.monitor_action_group.monitor_action_group.id +} diff --git a/infrastructure/modules/infra/variables.tf b/infrastructure/modules/infra/variables.tf index 68bf1a18..ed696cb9 100644 --- a/infrastructure/modules/infra/variables.tf +++ b/infrastructure/modules/infra/variables.tf @@ -58,6 +58,16 @@ variable "protect_keyvault" { default = true } +variable "enable_alerting" { + description = "Whether monitoring and alerting is enabled." + type = bool +} + +variable "action_group_id" { + type = string + description = "ID of the action group to notify." +} + locals { hub_vnet_rg_name = "rg-hub-${var.hub}-uks-bootstrap" hub_vnet_name = "vnet-hub-${var.hub}-uks" From f71965a6aff0685564a121ce20f40007dea7992a Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 14:54:44 +0000 Subject: [PATCH 04/25] wip --- infrastructure/terraform/spoke/main.tf | 4 ++++ infrastructure/terraform/spoke/variables.tf | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 203b36d7..d7f8785c 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -19,6 +19,8 @@ module "infra" { protect_keyvault = var.protect_keyvault vnet_address_space = var.vnet_address_space cae_zone_redundancy_enabled = var.cae_zone_redundancy_enabled + enable_alerting = var.enable_alerting + action_group_id = var.deploy_infra ? module.infra[0].monitor_action_group_id : data.azurerm_monitor_action_group.main[0].id } module "container-apps" { @@ -33,6 +35,8 @@ module "container-apps" { region = local.region app_key_vault_id = var.deploy_infra ? module.infra[0].app_key_vault_id : data.azurerm_key_vault.app_key_vault[0].id + alert_window_size = var.alert_window_size + enable_alerting = var.enable_alerting app_short_name = var.app_short_name container_app_environment_id = var.deploy_infra ? module.infra[0].container_app_environment_id : data.azurerm_container_app_environment.this[0].id default_domain = var.deploy_infra ? module.infra[0].default_domain : data.azurerm_container_app_environment.this[0].default_domain diff --git a/infrastructure/terraform/spoke/variables.tf b/infrastructure/terraform/spoke/variables.tf index fd5ff666..93885dd2 100644 --- a/infrastructure/terraform/spoke/variables.tf +++ b/infrastructure/terraform/spoke/variables.tf @@ -152,6 +152,22 @@ variable "vnet_address_space" { type = string } +variable "alert_window_size" { + type = string + nullable = false + default = "PT15M" + validation { + condition = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size) + error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H" + } + description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly." +} + +variable "enable_alerting" { + description = "Whether monitoring and alerting is enabled." + type = bool + default = false +} locals { region = "uksouth" From bc0322fdb10f3358390e4e1ae5ee439533c84298 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:01:38 +0000 Subject: [PATCH 05/25] wip --- infrastructure/modules/container-apps/postgres.tf | 7 +++++++ infrastructure/terraform/spoke/main.tf | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/container-apps/postgres.tf b/infrastructure/modules/container-apps/postgres.tf index 27e2e0dd..20125b12 100644 --- a/infrastructure/modules/container-apps/postgres.tf +++ b/infrastructure/modules/container-apps/postgres.tf @@ -48,6 +48,13 @@ module "postgres" { public_network_access_enabled = !var.features.private_networking + # alerts + action_group_id = var.action_group_id + enable_alerting = var.enable_alerting + alert_memory_threshold = 80 + alert_cpu_threshold = 90 + alert_storage_threshold = 80 + databases = { db1 = { collation = "en_US.utf8" diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index d7f8785c..70149bee 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -34,9 +34,10 @@ module "container-apps" { } region = local.region - app_key_vault_id = var.deploy_infra ? module.infra[0].app_key_vault_id : data.azurerm_key_vault.app_key_vault[0].id + action_group_id = var.deploy_infra ? module.infra[0].monitor_action_group_id : data.azurerm_monitor_action_group.main[0].id alert_window_size = var.alert_window_size enable_alerting = var.enable_alerting + app_key_vault_id = var.deploy_infra ? module.infra[0].app_key_vault_id : data.azurerm_key_vault.app_key_vault[0].id app_short_name = var.app_short_name container_app_environment_id = var.deploy_infra ? module.infra[0].container_app_environment_id : data.azurerm_container_app_environment.this[0].id default_domain = var.deploy_infra ? module.infra[0].default_domain : data.azurerm_container_app_environment.this[0].default_domain From 69ef2bb8737e5e6f68430ec4dee3c5e65c2553f0 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:06:20 +0000 Subject: [PATCH 06/25] wip --- infrastructure/environments/dev/variables.tfvars | 1 + infrastructure/environments/preprod/variables.tfvars | 1 + infrastructure/environments/prod/variables.tfvars | 1 + infrastructure/terraform/spoke/main.tf | 3 +++ infrastructure/terraform/spoke/variables.tf | 6 ++++++ 5 files changed, 12 insertions(+) diff --git a/infrastructure/environments/dev/variables.tfvars b/infrastructure/environments/dev/variables.tfvars index 8501529d..eccf7295 100644 --- a/infrastructure/environments/dev/variables.tfvars +++ b/infrastructure/environments/dev/variables.tfvars @@ -17,3 +17,4 @@ vnet_address_space = "10.12.0.0/16" seed_demo_data = true enable_alerting = true min_replicas = 1 +container_memory = "1" diff --git a/infrastructure/environments/preprod/variables.tfvars b/infrastructure/environments/preprod/variables.tfvars index 9830c809..ee760594 100644 --- a/infrastructure/environments/preprod/variables.tfvars +++ b/infrastructure/environments/preprod/variables.tfvars @@ -17,3 +17,4 @@ vnet_address_space = "10.14.0.0/16" seed_demo_data = true enable_alerting = true min_replicas = 2 +container_memory = "1" diff --git a/infrastructure/environments/prod/variables.tfvars b/infrastructure/environments/prod/variables.tfvars index 2dbdb1c6..36ded45b 100644 --- a/infrastructure/environments/prod/variables.tfvars +++ b/infrastructure/environments/prod/variables.tfvars @@ -17,3 +17,4 @@ use_apex_domain = true cae_zone_redundancy_enabled = true enable_alerting = true min_replicas = 2 +container_memory = "1" diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 70149bee..167df974 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -62,4 +62,7 @@ module "container-apps" { main_subnet_id = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id seed_demo_data = var.seed_demo_data use_apex_domain = var.use_apex_domain + target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null + container_memory = var.container_memory + min_replicas = var.min_replicas } diff --git a/infrastructure/terraform/spoke/variables.tf b/infrastructure/terraform/spoke/variables.tf index 93885dd2..5872d53d 100644 --- a/infrastructure/terraform/spoke/variables.tf +++ b/infrastructure/terraform/spoke/variables.tf @@ -169,6 +169,12 @@ variable "enable_alerting" { default = false } +variable "container_memory" { + description = "Memory allocated to the webapp container in Gi. CPU is automatically set to half the memory value by the container-app module." + type = string + default = "0.5" +} + locals { region = "uksouth" resource_group_name = "rg-${var.app_short_name}-${var.env_config}-uks" From 51c4bdc40d8a5cd57d17018ea4f44ced4a91dd9c Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:08:24 +0000 Subject: [PATCH 07/25] wip --- infrastructure/modules/container-apps/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/modules/container-apps/main.tf b/infrastructure/modules/container-apps/main.tf index 6059d738..6b5cc6f6 100644 --- a/infrastructure/modules/container-apps/main.tf +++ b/infrastructure/modules/container-apps/main.tf @@ -39,6 +39,6 @@ module "webapp" { is_web_app = true port = 8000 probe_path = "/healthcheck" - min_replicas = var.min_replicas + # min_replicas = var.min_replicas memory = var.container_memory } From af20c16268a8767781ddfaef95c1c9a9041967f4 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:12:14 +0000 Subject: [PATCH 08/25] wip --- infrastructure/modules/container-apps/main.tf | 2 +- infrastructure/modules/container-apps/variables.tf | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/container-apps/main.tf b/infrastructure/modules/container-apps/main.tf index 6b5cc6f6..6059d738 100644 --- a/infrastructure/modules/container-apps/main.tf +++ b/infrastructure/modules/container-apps/main.tf @@ -39,6 +39,6 @@ module "webapp" { is_web_app = true port = 8000 probe_path = "/healthcheck" - # min_replicas = var.min_replicas + min_replicas = var.min_replicas memory = var.container_memory } diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 34c0338b..6d0138de 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -40,6 +40,7 @@ variable "enable_entra_id_authentication" { type = bool } + variable "env_config" { description = "Environment configuration. Different environments may share the same environment config and the same infrastructure" type = string @@ -128,6 +129,12 @@ variable "main_subnet_id" { type = string } +variable "min_replicas" { + description = "Minimum number of container replicas" + type = number +} + + variable "region" { description = "The region to deploy in" type = string From ba16dd54e700606db3eca18b8e981f384a2f13c1 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:15:00 +0000 Subject: [PATCH 09/25] wip --- infrastructure/modules/container-apps/variables.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 6d0138de..7a401109 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -171,6 +171,11 @@ variable "alert_window_size" { description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly." } +variable "container_memory" { + description = "Memory allocated to the webapp container in Gi. CPU is automatically set to half the memory value by the container-app module." + type = string +} + variable "action_group_id" { type = string description = "ID of the action group to notify." From 6c869123bfd729dacfdc51e848a063c7b4477846 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:17:56 +0000 Subject: [PATCH 10/25] wip --- infrastructure/terraform/spoke/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 167df974..1b18eee1 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -62,7 +62,7 @@ module "container-apps" { main_subnet_id = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id seed_demo_data = var.seed_demo_data use_apex_domain = var.use_apex_domain - target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null + target_url = var.deploy_infra ? "${module.container-apps[0].external_url}healthcheck" : null container_memory = var.container_memory min_replicas = var.min_replicas } From 27bdf12f726ea4f04454d46f47968e47547dfba8 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:33:03 +0000 Subject: [PATCH 11/25] wip --- infrastructure/terraform/spoke/data.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/infrastructure/terraform/spoke/data.tf b/infrastructure/terraform/spoke/data.tf index 4f0a60ea..72a5d324 100644 --- a/infrastructure/terraform/spoke/data.tf +++ b/infrastructure/terraform/spoke/data.tf @@ -35,3 +35,10 @@ data "azurerm_subnet" "main" { virtual_network_name = "vnet-${var.env_config}-uks-${var.app_short_name}" resource_group_name = local.resource_group_name } + +data "azurerm_monitor_action_group" "main" { + count = var.deploy_infra ? 0 : 1 + + name = "ag-${var.env_config}-uks-${var.application}-${var.env_config}" + resource_group_name = local.resource_group_name +} From dfb4efa779ff461089dd538817f4e483c42460e7 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:57:33 +0000 Subject: [PATCH 12/25] wip --- infrastructure/bootstrap/hub.bicep | 4 ---- .../modules/infra/monitor_action_group.tf | 14 ++++++++++++++ infrastructure/modules/infra/output.tf | 4 ++++ infrastructure/terraform/spoke/main.tf | 1 - 4 files changed, 18 insertions(+), 5 deletions(-) create mode 100644 infrastructure/modules/infra/monitor_action_group.tf diff --git a/infrastructure/bootstrap/hub.bicep b/infrastructure/bootstrap/hub.bicep index ff9810ea..6c18d65d 100644 --- a/infrastructure/bootstrap/hub.bicep +++ b/infrastructure/bootstrap/hub.bicep @@ -26,10 +26,6 @@ param region string = 'uksouth' param regionShortName string = 'uks' param vnetAddressPrefixes array param enableSoftDelete bool -<<<<<<< HEAD -======= - ->>>>>>> 93647fb (wip) // removed when generalised var appShortName = 'lungcs' diff --git a/infrastructure/modules/infra/monitor_action_group.tf b/infrastructure/modules/infra/monitor_action_group.tf new file mode 100644 index 00000000..93abb275 --- /dev/null +++ b/infrastructure/modules/infra/monitor_action_group.tf @@ -0,0 +1,14 @@ +module "monitor_action_group" { + source = "../dtos-devops-templates/infrastructure/modules/monitor-action-group" + + name = "ag-${var.environment}-uks-${var.application}-${var.environment}" + resource_group_name = azurerm_resource_group.main.name + location = var.region + short_name = "ag-${var.environment}" + email_receiver = { + email = { + name = "email" + email_address = data.azurerm_key_vault_secret.infra.value + } + } +} diff --git a/infrastructure/modules/infra/output.tf b/infrastructure/modules/infra/output.tf index 10baa0b4..8bbb11e0 100644 --- a/infrastructure/modules/infra/output.tf +++ b/infrastructure/modules/infra/output.tf @@ -14,6 +14,10 @@ output "log_analytics_workspace_audit_id" { value = module.log_analytics_workspace_audit.id } +output "monitor_action_group_id" { + value = module.monitor_action_group.monitor_action_group.id +} + output "default_domain" { value = module.container-app-environment.default_domain } diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 1b18eee1..009472cb 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -20,7 +20,6 @@ module "infra" { vnet_address_space = var.vnet_address_space cae_zone_redundancy_enabled = var.cae_zone_redundancy_enabled enable_alerting = var.enable_alerting - action_group_id = var.deploy_infra ? module.infra[0].monitor_action_group_id : data.azurerm_monitor_action_group.main[0].id } module "container-apps" { From f59be5078604ef249d93daa56694da2ec10fc109 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 15:59:33 +0000 Subject: [PATCH 13/25] wip --- infrastructure/modules/infra/variables.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/infrastructure/modules/infra/variables.tf b/infrastructure/modules/infra/variables.tf index ed696cb9..81c9ed18 100644 --- a/infrastructure/modules/infra/variables.tf +++ b/infrastructure/modules/infra/variables.tf @@ -63,11 +63,6 @@ variable "enable_alerting" { type = bool } -variable "action_group_id" { - type = string - description = "ID of the action group to notify." -} - locals { hub_vnet_rg_name = "rg-hub-${var.hub}-uks-bootstrap" hub_vnet_name = "vnet-hub-${var.hub}-uks" From 932d71f2b0254fe0c5c09c33c2e0c9d1c5c27565 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:02:40 +0000 Subject: [PATCH 14/25] wip --- infrastructure/terraform/spoke/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 009472cb..b69c441b 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -61,7 +61,7 @@ module "container-apps" { main_subnet_id = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id seed_demo_data = var.seed_demo_data use_apex_domain = var.use_apex_domain - target_url = var.deploy_infra ? "${module.container-apps[0].external_url}healthcheck" : null + target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null container_memory = var.container_memory min_replicas = var.min_replicas } From 4c6685a7778494e352b75cbe3ec4bb9399855503 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:17:03 +0000 Subject: [PATCH 15/25] wip --- infrastructure/terraform/spoke/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index b69c441b..5f68a771 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -61,7 +61,7 @@ module "container-apps" { main_subnet_id = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id seed_demo_data = var.seed_demo_data use_apex_domain = var.use_apex_domain - target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null + # target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null container_memory = var.container_memory min_replicas = var.min_replicas } From 9b8e83b3ec7ac9fa21d33a63fc6e13f165bb167d Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:18:29 +0000 Subject: [PATCH 16/25] wip --- infrastructure/modules/container-apps/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 7a401109..6e978da7 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -156,10 +156,10 @@ variable "enable_alerting" { type = bool } -variable "target_url" { - description = "The external url" - type = string -} +# variable "target_url" { +# description = "The external url" +# type = string +# } variable "alert_window_size" { type = string From 0155a5b380ca8e24ee1d5f058f0b60dc9f9d492a Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:21:51 +0000 Subject: [PATCH 17/25] wip --- infrastructure/modules/infra/data.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/infrastructure/modules/infra/data.tf b/infrastructure/modules/infra/data.tf index 227dd1e7..16f4f2de 100644 --- a/infrastructure/modules/infra/data.tf +++ b/infrastructure/modules/infra/data.tf @@ -7,3 +7,8 @@ data "azuread_group" "kv_officers" { display_name = each.value } + +data "azurerm_key_vault_secret" "infra" { + name = "monitoring-email-address" + key_vault_id = data.azurerm_key_vault.infra.id +} From 94eba281b3a54f2e40e09b066668552620ef4cac Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:38:44 +0000 Subject: [PATCH 18/25] wip --- infrastructure/modules/infra/data.tf | 7 +++++++ infrastructure/modules/infra/monitor_action_group.tf | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/infra/data.tf b/infrastructure/modules/infra/data.tf index 16f4f2de..20ec94c4 100644 --- a/infrastructure/modules/infra/data.tf +++ b/infrastructure/modules/infra/data.tf @@ -8,6 +8,13 @@ data "azuread_group" "kv_officers" { display_name = each.value } +data "azurerm_key_vault" "infra" { + provider = azurerm.hub + + name = var.infra_key_vault_name + resource_group_name = var.infra_key_vault_rg +} + data "azurerm_key_vault_secret" "infra" { name = "monitoring-email-address" key_vault_id = data.azurerm_key_vault.infra.id diff --git a/infrastructure/modules/infra/monitor_action_group.tf b/infrastructure/modules/infra/monitor_action_group.tf index 93abb275..cafeb383 100644 --- a/infrastructure/modules/infra/monitor_action_group.tf +++ b/infrastructure/modules/infra/monitor_action_group.tf @@ -1,7 +1,7 @@ module "monitor_action_group" { source = "../dtos-devops-templates/infrastructure/modules/monitor-action-group" - name = "ag-${var.environment}-uks-${var.application}-${var.environment}" + name = "ag-${var.environment}-uks-${var.app_short_name}-${var.environment}" resource_group_name = azurerm_resource_group.main.name location = var.region short_name = "ag-${var.environment}" From 7cc807d6cdd005db41b0ce7b62e1b28ca27fa8da Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:44:58 +0000 Subject: [PATCH 19/25] wip --- infrastructure/modules/container-apps/variables.tf | 10 ++++++++++ infrastructure/modules/infra/variables.tf | 10 ++++++++++ infrastructure/terraform/spoke/main.tf | 4 ++++ infrastructure/terraform/spoke/variables.tf | 2 ++ 4 files changed, 26 insertions(+) diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 6e978da7..48664407 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -181,6 +181,16 @@ variable "action_group_id" { description = "ID of the action group to notify." } +variable "infra_key_vault_name" { + description = "Name of the infra key vault" + type = string +} + +variable "infra_key_vault_rg" { + description = "Name of the infra key vault resource group" + type = string +} + locals { resource_group_name = "rg-${var.app_short_name}-${var.environment}-container-app-uks" diff --git a/infrastructure/modules/infra/variables.tf b/infrastructure/modules/infra/variables.tf index 81c9ed18..36726480 100644 --- a/infrastructure/modules/infra/variables.tf +++ b/infrastructure/modules/infra/variables.tf @@ -58,6 +58,16 @@ variable "protect_keyvault" { default = true } +variable "infra_key_vault_name" { + description = "Name of the infra key vault" + type = string +} + +variable "infra_key_vault_rg" { + description = "Name of the infra key vault resource group" + type = string +} + variable "enable_alerting" { description = "Whether monitoring and alerting is enabled." type = bool diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index 5f68a771..edc4edaa 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -10,6 +10,8 @@ module "infra" { region = local.region resource_group_name = local.resource_group_name + infra_key_vault_name = local.infra_key_vault_name + infra_key_vault_rg = local.infra_key_vault_rg app_short_name = var.app_short_name environment = var.env_config features = var.features @@ -60,6 +62,8 @@ module "container-apps" { postgres_subnet_id = var.deploy_infra ? module.infra[0].postgres_subnet_id : data.azurerm_subnet.postgres[0].id main_subnet_id = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id seed_demo_data = var.seed_demo_data + infra_key_vault_name = local.infra_key_vault_name + infra_key_vault_rg = local.infra_key_vault_rg use_apex_domain = var.use_apex_domain # target_url = var.deploy_container_apps ? "${module.container-apps[0].external_url}healthcheck" : null container_memory = var.container_memory diff --git a/infrastructure/terraform/spoke/variables.tf b/infrastructure/terraform/spoke/variables.tf index 5872d53d..3b94c28e 100644 --- a/infrastructure/terraform/spoke/variables.tf +++ b/infrastructure/terraform/spoke/variables.tf @@ -178,4 +178,6 @@ variable "container_memory" { locals { region = "uksouth" resource_group_name = "rg-${var.app_short_name}-${var.env_config}-uks" + infra_key_vault_name = "kv-${var.app_short_name}-${var.env_config}-inf" + infra_key_vault_rg = "rg-${var.app_short_name}-${var.env_config}-infra" } From 376f7c1cf8fde2fdaa7479526de304a771c0b648 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:48:19 +0000 Subject: [PATCH 20/25] wip --- infrastructure/modules/container-apps/main.tf | 4 ++-- infrastructure/modules/infra/data.tf | 2 ++ infrastructure/terraform/spoke/data.tf | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/infrastructure/modules/container-apps/main.tf b/infrastructure/modules/container-apps/main.tf index 6059d738..11629b7d 100644 --- a/infrastructure/modules/container-apps/main.tf +++ b/infrastructure/modules/container-apps/main.tf @@ -39,6 +39,6 @@ module "webapp" { is_web_app = true port = 8000 probe_path = "/healthcheck" - min_replicas = var.min_replicas - memory = var.container_memory + # min_replicas = var.min_replicas + # memory = var.container_memory } diff --git a/infrastructure/modules/infra/data.tf b/infrastructure/modules/infra/data.tf index 20ec94c4..7e9605eb 100644 --- a/infrastructure/modules/infra/data.tf +++ b/infrastructure/modules/infra/data.tf @@ -1,3 +1,5 @@ +data "azurerm_subscription" "current" {} + data "azuread_service_principal" "github-mi" { display_name = var.github_mi_name } diff --git a/infrastructure/terraform/spoke/data.tf b/infrastructure/terraform/spoke/data.tf index 72a5d324..f0148fb8 100644 --- a/infrastructure/terraform/spoke/data.tf +++ b/infrastructure/terraform/spoke/data.tf @@ -39,6 +39,6 @@ data "azurerm_subnet" "main" { data "azurerm_monitor_action_group" "main" { count = var.deploy_infra ? 0 : 1 - name = "ag-${var.env_config}-uks-${var.application}-${var.env_config}" + name = "ag-${var.env_config}-uks-${var.app_short_name}-${var.env_config}" resource_group_name = local.resource_group_name } From ebd1e5dc5009e508600ccd10442be11a7082a4cb Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 16:51:27 +0000 Subject: [PATCH 21/25] wip --- infrastructure/terraform/spoke/variables.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/infrastructure/terraform/spoke/variables.tf b/infrastructure/terraform/spoke/variables.tf index 3b94c28e..8376be0c 100644 --- a/infrastructure/terraform/spoke/variables.tf +++ b/infrastructure/terraform/spoke/variables.tf @@ -175,6 +175,12 @@ variable "container_memory" { default = "0.5" } +variable "min_replicas" { + description = "Minimum number of container replicas" + type = number + default = 1 +} + locals { region = "uksouth" resource_group_name = "rg-${var.app_short_name}-${var.env_config}-uks" From 759d5f8d1a3c64a0eec34a13191f8c95e6ff599b Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Wed, 11 Mar 2026 17:01:23 +0000 Subject: [PATCH 22/25] wip --- infrastructure/modules/container-apps/variables.tf | 5 +++++ infrastructure/terraform/spoke/data.tf | 7 +++++++ infrastructure/terraform/spoke/main.tf | 1 + 3 files changed, 13 insertions(+) diff --git a/infrastructure/modules/container-apps/variables.tf b/infrastructure/modules/container-apps/variables.tf index 48664407..d7fd503f 100644 --- a/infrastructure/modules/container-apps/variables.tf +++ b/infrastructure/modules/container-apps/variables.tf @@ -134,6 +134,11 @@ variable "min_replicas" { type = number } +variable "app_insights_id" { + description = "The Application Insights id." + type = string +} + variable "region" { description = "The region to deploy in" diff --git a/infrastructure/terraform/spoke/data.tf b/infrastructure/terraform/spoke/data.tf index f0148fb8..855734fc 100644 --- a/infrastructure/terraform/spoke/data.tf +++ b/infrastructure/terraform/spoke/data.tf @@ -42,3 +42,10 @@ data "azurerm_monitor_action_group" "main" { name = "ag-${var.env_config}-uks-${var.app_short_name}-${var.env_config}" resource_group_name = local.resource_group_name } + +data "azurerm_application_insights" "app_insights" { + count = var.deploy_infra ? 0 : 1 + + name = "appi-${var.env_config}-uks-${var.app_short_name}" + resource_group_name = local.resource_group_name +} diff --git a/infrastructure/terraform/spoke/main.tf b/infrastructure/terraform/spoke/main.tf index edc4edaa..3c6b8fb5 100644 --- a/infrastructure/terraform/spoke/main.tf +++ b/infrastructure/terraform/spoke/main.tf @@ -40,6 +40,7 @@ module "container-apps" { enable_alerting = var.enable_alerting app_key_vault_id = var.deploy_infra ? module.infra[0].app_key_vault_id : data.azurerm_key_vault.app_key_vault[0].id app_short_name = var.app_short_name + app_insights_id = var.deploy_infra ? module.infra[0].app_insights_id : data.azurerm_application_insights.app_insights[0].id container_app_environment_id = var.deploy_infra ? module.infra[0].container_app_environment_id : data.azurerm_container_app_environment.this[0].id default_domain = var.deploy_infra ? module.infra[0].default_domain : data.azurerm_container_app_environment.this[0].default_domain dns_zone_name = var.dns_zone_name From 33a8ad49656702eed2e45dd8b02f1ce5b25f0c17 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Thu, 12 Mar 2026 14:20:33 +0000 Subject: [PATCH 23/25] wip --- infrastructure/modules/infra/output.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infrastructure/modules/infra/output.tf b/infrastructure/modules/infra/output.tf index 8bbb11e0..922cf5c1 100644 --- a/infrastructure/modules/infra/output.tf +++ b/infrastructure/modules/infra/output.tf @@ -14,6 +14,10 @@ output "log_analytics_workspace_audit_id" { value = module.log_analytics_workspace_audit.id } +output "app_insights_id" { + value = module.app_insights_audit.id +} + output "monitor_action_group_id" { value = module.monitor_action_group.monitor_action_group.id } From c27bb81abf2b383527721fea9caf76ce4fe8f693 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Thu, 12 Mar 2026 14:23:29 +0000 Subject: [PATCH 24/25] wip --- infrastructure/modules/infra/main.tf | 41 ++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/infrastructure/modules/infra/main.tf b/infrastructure/modules/infra/main.tf index 7490a581..46e1bf8c 100644 --- a/infrastructure/modules/infra/main.tf +++ b/infrastructure/modules/infra/main.tf @@ -70,3 +70,44 @@ module "container-app-environment" { private_dns_zone_rg_name = var.features.private_networking ? "rg-hub-${var.hub}-uks-private-dns-zones" : null zone_redundancy_enabled = var.cae_zone_redundancy_enabled } + +module "app_insights_audit" { + source = "../dtos-devops-templates/infrastructure/modules/app-insights" + + name = module.shared_config.names.app-insights + location = var.region + resource_group_name = azurerm_resource_group.main.name + appinsights_type = "web" + + log_analytics_workspace_id = module.log_analytics_workspace_audit.id + + # alerts + action_group_id = module.monitor_action_group.monitor_action_group.id + enable_alerting = var.enable_alerting +} + +module "private_link_scoped_service_law" { + source = "../dtos-devops-templates/infrastructure/modules/private-link-scoped-service" + + providers = { + azurerm = azurerm.hub + } + + name = "pls-${var.app_short_name}-${var.environment}-law" + resource_group_name = "rg-hub-${var.hub}-uks-hub-private-endpoints" + linked_resource_id = module.log_analytics_workspace_audit.id + scope_name = "ampls-${var.hub}hub" +} + +module "private_link_scoped_service_app_insights" { + source = "../dtos-devops-templates/infrastructure/modules/private-link-scoped-service" + + providers = { + azurerm = azurerm.hub + } + + name = "pls-${var.app_short_name}-${var.environment}-appinsights" + resource_group_name = "rg-hub-${var.hub}-uks-hub-private-endpoints" + linked_resource_id = module.app_insights_audit.id + scope_name = "ampls-${var.hub}hub" +} From 093425d85203243bb958bb33ac1e3bfee521130a Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Thu, 12 Mar 2026 14:26:39 +0000 Subject: [PATCH 25/25] wip --- infrastructure/modules/infra/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/modules/infra/main.tf b/infrastructure/modules/infra/main.tf index 46e1bf8c..071e06d1 100644 --- a/infrastructure/modules/infra/main.tf +++ b/infrastructure/modules/infra/main.tf @@ -74,7 +74,7 @@ module "container-app-environment" { module "app_insights_audit" { source = "../dtos-devops-templates/infrastructure/modules/app-insights" - name = module.shared_config.names.app-insights + name = "appi-${var.environment}-uks-${var.app_short_name}" location = var.region resource_group_name = azurerm_resource_group.main.name appinsights_type = "web"