mizzy · February 26, 2025 01:40
diff --git a/sidekiq_stats.tf b/sidekiq_stats.tf
 resource "aws_cloudwatch_log_group" "sidekiq_stats" {
  name              = "/aws/lambda/sidekiq-stats"
  retention_in_days = 7
 }

 resource "aws_iam_role" "sidekiq_stats" {
  name               = "sidekiq-stats"
  assume_role_policy = data.aws_iam_policy_document.sidekiq_stats_assume_role.json
 }

 data "aws_iam_policy_document" "sidekiq_stats_assume_role" {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
 }

 data "aws_iam_policy_document" "sidekiq_stats" {
  statement {
    effect = "Allow"
    actions = [
      "ecs:ListTasks",
      "ecs:DescribeTasks",
    ]
    resources = ["*"]
  }

  statement {
    effect    = "Allow"
    actions   = ["cloudwatch:PutMetricData"]
    resources = ["*"]
  }
 }

 resource "aws_iam_policy" "sidekiq_stats" {
  name   = "sidekiq-stats"
  policy = data.aws_iam_policy_document.sidekiq_stats.json
 }

 resource "aws_iam_role_policy_attachment" "sidekiq_stats" {
  role       = aws_iam_role.sidekiq_stats.name
  policy_arn = aws_iam_policy.sidekiq_stats.arn

 }

 resource "aws_iam_role_policy_attachment" "sidekiq_stats_lambda_vpc_access_execution" {
  role       = aws_iam_role.sidekiq_stats.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
 }

 data "aws_lambda_function" "sidekiq_stats" {
  function_name = "sidekiq-stats"
 }

 resource "aws_cloudwatch_event_rule" "sidekiq_stats" {
  name                = "sidekiq-stats"
  schedule_expression = "cron(* * ? * * *)"
 }

 resource "aws_cloudwatch_event_target" "sidekiq_stats" {
  arn  = data.aws_lambda_function.sidekiq_stats.arn
  rule = aws_cloudwatch_event_rule.sidekiq_stats.name
 }

 resource "aws_lambda_permission" "sidekiq_stats" {
  action        = "lambda:InvokeFunction"
  function_name = data.aws_lambda_function.sidekiq_stats.function_name
  source_arn    = aws_cloudwatch_event_rule.sidekiq_stats.arn
  principal     = "events.amazonaws.com"
 }

 locals {
  sidekiq_enqueued_threshold         = 600
  sidekiq_enqueued_evaluation_period = 2
 }

 resource "aws_cloudwatch_metric_alarm" "sidekiq_stats_enqueued" {
  alarm_name          = "SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}以上です"
  comparison_operator = "GreaterThanOrEqualToThreshold"

  dimensions = {
    SidekiqStats = "Enqueued"
  }

  evaluation_periods  = local.sidekiq_enqueued_evaluation_period
  datapoints_to_alarm = local.sidekiq_enqueued_evaluation_period
  namespace           = "Sidekiq"
  metric_name         = "Stats"
  period              = 60
  statistic           = "Minimum"
  threshold           = local.sidekiq_enqueued_threshold
  treat_missing_data  = "notBreaching"
 }

 resource "aws_cloudwatch_event_rule" "sidekiq_stats_enqueued_in_alarm" {
  name = "sidekiq-enqueued-in-alarm"

  event_pattern = jsonencode({
    source      = ["aws.cloudwatch"]
    detail-type = ["CloudWatch Alarm State Change"]
    resources   = [aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn]
    detail = {
      state = {
        value = ["ALARM"]
      }
    }
  })
 }

 resource "aws_cloudwatch_event_rule" "sidekiq_stats_enqueued_in_ok" {
  name = "sidekiq-enqueued-in-ok"

  event_pattern = jsonencode({
    source      = ["aws.cloudwatch"]
    detail-type = ["CloudWatch Alarm State Change"]
    resources   = [aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn]
    detail = {
      state = {
        value = ["OK"]
      }
    }
  })
 }

 resource "aws_cloudwatch_event_target" "sidekiq_stats_enqueued_in_alarm" {
  rule = aws_cloudwatch_event_rule.sidekiq_stats_enqueued_in_alarm.name
  arn  = aws_sns_topic.slack_alert_notification.arn

  input_transformer {
    input_template = jsonencode({
      version = "1.0"
      source  = "custom"
      content = {
        textType    = "client-markdown"
        title       = ":x: SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}を超えました"
        description = "<@mizzy> <!subteam^SB96QBVFS>\nhttps://console.aws.amazon.com/go/view?arn=${aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn}"
      }
    })
  }
 }

 resource "aws_cloudwatch_event_target" "sidekiq_stats_enqueued_in_ok" {
  rule = aws_cloudwatch_event_rule.sidekiq_stats_enqueued_in_ok.name
  arn  = aws_sns_topic.slack_alert_notification.arn

  input_transformer {
    input_template = jsonencode({
      version = "1.0"
      source  = "custom"
      content = {
        textType    = "client-markdown"
        title       = ":white_check_mark: SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}を下回りました"
        description = "<@mizzy> <!subteam^SB96QBVFS>\nhttps://console.aws.amazon.com/go/view?arn=${aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn}"
      }
    })
  }
 }
	resource "aws_cloudwatch_log_group" "sidekiq_stats" {
	name = "/aws/lambda/sidekiq-stats"
	retention_in_days = 7
	}

	resource "aws_iam_role" "sidekiq_stats" {
	name = "sidekiq-stats"
	assume_role_policy = data.aws_iam_policy_document.sidekiq_stats_assume_role.json
	}

	data "aws_iam_policy_document" "sidekiq_stats_assume_role" {
	statement {
	effect = "Allow"
	actions = ["sts:AssumeRole"]
	principals {
	type = "Service"
	identifiers = ["lambda.amazonaws.com"]
	}
	}
	}

	data "aws_iam_policy_document" "sidekiq_stats" {
	statement {
	effect = "Allow"
	actions = [
	"ecs:ListTasks",
	"ecs:DescribeTasks",
	]
	resources = ["*"]
	}

	statement {
	effect = "Allow"
	actions = ["cloudwatch:PutMetricData"]
	resources = ["*"]
	}
	}

	resource "aws_iam_policy" "sidekiq_stats" {
	name = "sidekiq-stats"
	policy = data.aws_iam_policy_document.sidekiq_stats.json
	}

	resource "aws_iam_role_policy_attachment" "sidekiq_stats" {
	role = aws_iam_role.sidekiq_stats.name
	policy_arn = aws_iam_policy.sidekiq_stats.arn

	}

	resource "aws_iam_role_policy_attachment" "sidekiq_stats_lambda_vpc_access_execution" {
	role = aws_iam_role.sidekiq_stats.name
	policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
	}

	data "aws_lambda_function" "sidekiq_stats" {
	function_name = "sidekiq-stats"
	}

	resource "aws_cloudwatch_event_rule" "sidekiq_stats" {
	name = "sidekiq-stats"
	schedule_expression = "cron(* * ? * * *)"
	}

	resource "aws_cloudwatch_event_target" "sidekiq_stats" {
	arn = data.aws_lambda_function.sidekiq_stats.arn
	rule = aws_cloudwatch_event_rule.sidekiq_stats.name
	}

	resource "aws_lambda_permission" "sidekiq_stats" {
	action = "lambda:InvokeFunction"
	function_name = data.aws_lambda_function.sidekiq_stats.function_name
	source_arn = aws_cloudwatch_event_rule.sidekiq_stats.arn
	principal = "events.amazonaws.com"
	}

	locals {
	sidekiq_enqueued_threshold = 600
	sidekiq_enqueued_evaluation_period = 2
	}

	resource "aws_cloudwatch_metric_alarm" "sidekiq_stats_enqueued" {
	alarm_name = "SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}以上です"
	comparison_operator = "GreaterThanOrEqualToThreshold"

	dimensions = {
	SidekiqStats = "Enqueued"
	}

	evaluation_periods = local.sidekiq_enqueued_evaluation_period
	datapoints_to_alarm = local.sidekiq_enqueued_evaluation_period
	namespace = "Sidekiq"
	metric_name = "Stats"
	period = 60
	statistic = "Minimum"
	threshold = local.sidekiq_enqueued_threshold
	treat_missing_data = "notBreaching"
	}

	resource "aws_cloudwatch_event_rule" "sidekiq_stats_enqueued_in_alarm" {
	name = "sidekiq-enqueued-in-alarm"

	event_pattern = jsonencode({
	source = ["aws.cloudwatch"]
	detail-type = ["CloudWatch Alarm State Change"]
	resources = [aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn]
	detail = {
	state = {
	value = ["ALARM"]
	}
	}
	})
	}

	resource "aws_cloudwatch_event_rule" "sidekiq_stats_enqueued_in_ok" {
	name = "sidekiq-enqueued-in-ok"

	event_pattern = jsonencode({
	source = ["aws.cloudwatch"]
	detail-type = ["CloudWatch Alarm State Change"]
	resources = [aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn]
	detail = {
	state = {
	value = ["OK"]
	}
	}
	})
	}

	resource "aws_cloudwatch_event_target" "sidekiq_stats_enqueued_in_alarm" {
	rule = aws_cloudwatch_event_rule.sidekiq_stats_enqueued_in_alarm.name
	arn = aws_sns_topic.slack_alert_notification.arn

	input_transformer {
	input_template = jsonencode({
	version = "1.0"
	source = "custom"
	content = {
	textType = "client-markdown"
	title = ":x: SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}を超えました"
	description = "<@mizzy> <!subteam^SB96QBVFS>\nhttps://console.aws.amazon.com/go/view?arn=${aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn}"
	}
	})
	}
	}

	resource "aws_cloudwatch_event_target" "sidekiq_stats_enqueued_in_ok" {
	rule = aws_cloudwatch_event_rule.sidekiq_stats_enqueued_in_ok.name
	arn = aws_sns_topic.slack_alert_notification.arn

	input_transformer {
	input_template = jsonencode({
	version = "1.0"
	source = "custom"
	content = {
	textType = "client-markdown"
	title = ":white_check_mark: SidekiqのEnqueuedが${local.sidekiq_enqueued_threshold}を下回りました"
	description = "<@mizzy> <!subteam^SB96QBVFS>\nhttps://console.aws.amazon.com/go/view?arn=${aws_cloudwatch_metric_alarm.sidekiq_stats_enqueued.arn}"
	}
	})
	}
	}