In this blog post, I will show you how to monitor your Azure resources using a PowerShell script that is scheduled in Azure DevOps. The script creates the Azure Monitor Alert Rules based on a CSV configuration and Azure resource tags to identify exceptions. The Azure DevOps pipeline runs on a schedule so that the alert rules are updated based on tags that have been created with the new threshold for the alert rule.
Why use PowerShell and Azure DevOps for monitoring?
You can use PowerShell to create, modify, and delete Azure Monitor Alert Rules, which are the rules that define the conditions and actions for monitoring your Azure resources. Azure Monitor Alert Rules can be based on metrics, logs, or activity logs, and can trigger notifications, runbooks, logic apps, or webhooks when the conditions are met. In my environment I have them triggering an action-group which has an email notification.
Azure DevOps is a cloud-based platform that provides various tools and services for software development and delivery. You can use Azure DevOps to create pipelines, which are workflows that automate the steps of building, testing, and deploying your code. You can also use Azure DevOps to schedule your pipelines to run at specific times or intervals, or to trigger them based on events or changes in your code.
By combining PowerShell and Azure DevOps, you can create a solution that automates the creation and update of your Azure Monitor Alert Rules based on your configuration and tags. This way, you can ensure that your monitoring settings are consistent and up-to-date across your Azure resources.
The PowerShell script
The script I am using is one I co-authored while I’ve been working at https://cubesys.com.au. The [https://github.com/cloudclarity-app/Azure-Monitoring](Azure Monitor Automation Script) is a powershell script that is used to automatically set monitoring threshold on Azure resources. By default, the script applies to all metrics enabled for monitoring accross the entire subscription. You can restrict the scope by defining either a specific resource group, using the rgazresources variable, and/or a specific resource type, using the azrestype variable.
DevOps Repo Setup
Clone the repo into your devops repo
Create folders for each subscription, in this example i have 4 subscriptions I am monitoring
Modify your Azure Monitor CSV to enable the relevant alerts for your subscription
Create the Azure DevOps Pipeline for deployment, I created a pipeline for each subscription under monitoring
- Create DevOps scheudling, I have two schedules configured
Execution based on commit to the subscription folder within the Repo
Execution based on a schedule to look for Tags, you can have multiple time based schedules to suit your needs
Now that the pipeline has executed we can now see the alert rules it has created for my virtual machines
Based on the script it has created these alert rules, and associated the relevant action group which will then send me an email in the event that any of these alert rules are triggered.