13/14: cdn: Add billing alarms.

[Chris Marusich]

marusich pushed a commit to branch master
in repository maintenance.

commit a84019c5943119ca461ed0d339ab80099e07eb35
Author: Chris Marusich <address@hidden>
Date:   Fri Dec 28 22:28:32 2018 -0800

    cdn: Add billing alarms.
    
    * cdn/README.org: Mention that Terraform does not support email
    subscriptions to SNS topics.
    * cdn/terraform/main.tf (guix-billing-alarms): New SNS topic.
    (alarm-estimated-charges-150-usd, alarm-estimated-charges-140-usd)
    (alarm-estimated-charges-100-usd): New alarms.
---
 cdn/README.org        | 19 ++++++++++------
 cdn/terraform/main.tf | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/cdn/README.org b/cdn/README.org
index 3cd4fdb..3756492 100644
--- a/cdn/README.org
+++ b/cdn/README.org
@@ -972,8 +972,6 @@ Currently, we have all the IAM configuration in Terraform 
config.  That's great!
 - Use origin failover to serve requests via the CDN from berlin first,
   and hydra second?
   
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html
-- Set a billing alarm (or perhaps a "budget"):
-  
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-what-is.html
 
 ** Setting up a budget
 I haven't actually set up a "budget".  But this guide explains how to
@@ -1019,11 +1017,6 @@ Management Console for ad-hoc investigation.
 - Is it OK to ignore query parameters, headers, and cookies when
   deciding whether or not to cache?
 
-** CloudFront
-
-- Do we need a "default root object"?  Probably not, but try making a
-  request to the distribution, and see what happens:
-  
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html
 ** Terraform
 - What does Terraform store in its "state"?  Does it store anything
   sensitive, like secrets?
@@ -1339,3 +1332,15 @@ Rollback as follows:
 Initial validation of the ACM certificate requires manual creation of
 DNS records.  See the comment next to berlin-mirror-certificate in the
 file "main.tf" for details.
+** Alarm Notifications via Email (i.e., SNS Topic Email Subscriptions)
+CloudWatch can send alerts via email.  It does this by sending a
+notification to an SNS topic.  To receive an email from a topic, you
+must subscribe to the topic.  To do that, you must follow this
+procedure:
+
+https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html#SubscribeTopic
+
+Terraform doesn't support the creation of email subscriptions to SNS
+topics, and it probably won't ever.  See here for details:
+
+https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html
diff --git a/cdn/terraform/main.tf b/cdn/terraform/main.tf
index e249437..93b9936 100644
--- a/cdn/terraform/main.tf
+++ b/cdn/terraform/main.tf
@@ -359,3 +359,66 @@ resource "aws_acm_certificate" "berlin-mirror-certificate" 
{
     create_before_destroy = true
   }
 }
+
+# SNS
+
+# Email subscriptions cannot be managed via Terraform.  Therefore, any
+# email subscriptions must be configured manually.  See:
+# https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html
+# 
https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html#SubscribeTopic
+resource "aws_sns_topic" "guix-billing-alarms" {
+  name = "guix-billing-alarms"
+}
+
+# CloudWatch
+
+resource "aws_cloudwatch_metric_alarm" "alarm-estimated-charges-150-usd" {
+  alarm_name = "alarm-estimated-charges-150-usd"
+  alarm_description = "Estimated charges have exceeded 150 USD"
+  namespace = "AWS/Billing"
+  metric_name = "EstimatedCharges"
+  statistic = "Maximum"
+  period = "21600" # 6 hours
+  evaluation_periods = "1"
+  comparison_operator = "GreaterThanThreshold"
+  threshold = "150"
+  actions_enabled = true
+  alarm_actions = ["${aws_sns_topic.guix-billing-alarms.arn}"]
+  dimensions {
+    Currency = "USD"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "alarm-estimated-charges-140-usd" {
+  alarm_name = "alarm-estimated-charges-140-usd"
+  alarm_description = "Estimated charges have exceeded 140 USD"
+  namespace = "AWS/Billing"
+  metric_name = "EstimatedCharges"
+  statistic = "Maximum"
+  period = "21600" # 6 hours
+  evaluation_periods = "1"
+  comparison_operator = "GreaterThanThreshold"
+  threshold = "140"
+  actions_enabled = true
+  alarm_actions = ["${aws_sns_topic.guix-billing-alarms.arn}"]
+  dimensions {
+    Currency = "USD"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "alarm-estimated-charges-100-usd" {
+  alarm_name = "alarm-estimated-charges-100-usd"
+  alarm_description = "Estimated charges have exceeded 100 USD"
+  namespace = "AWS/Billing"
+  metric_name = "EstimatedCharges"
+  statistic = "Maximum"
+  period = "21600" # 6 hours
+  evaluation_periods = "1"
+  comparison_operator = "GreaterThanThreshold"
+  threshold = "100"
+  actions_enabled = true
+  alarm_actions = ["${aws_sns_topic.guix-billing-alarms.arn}"]
+  dimensions {
+    Currency = "USD"
+  }
+}