Add AWS spending alerts (#12050)

Closes https://github.com/fleetdm/confidential/issues/2700 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2026-05-24 09:28:54 +00:00 · 2023-05-30 20:10:14 -04:00 · 2023-05-30 20:10:14 -04:00 · 1974783585
commit 1974783585
parent f13444540c
1 changed files with 86 additions and 0 deletions
--- a/infrastructure/infrastructure/spend_alerts/main.tf
+++ b/infrastructure/infrastructure/spend_alerts/main.tf
@ -0,0 +1,86 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.59.0"
+    }
+  }
+  backend "s3" {
+    bucket               = "fleet-terraform-state20220408141538466600000002"
+    key                  = "root/spend-alerts/terraform.tfstate" # This should be set to account_alias/unique_key/terraform.tfstate
+    workspace_key_prefix = "root"                                # This should be set to the account alias
+    region               = "us-east-2"
+    encrypt              = true
+    kms_key_id           = "9f98a443-ffd7-4dbe-a9c3-37df89b2e42a"
+    dynamodb_table       = "tf-remote-state-lock"
+    role_arn             = "arn:aws:iam::353365949058:role/terraform-root"
+  }
+}
+
+provider "aws" {
+  default_tags {
+    tags = {
+      environment = "spend-alerts"
+      terraform   = "https://github.com/fleetdm/fleet/tree/main/infrastructure/infrastructure/spend_alerts"
+      state       = "s3://fleet-terraform-state20220408141538466600000002/root/spend-alerts/terraform.tfstate"
+    }
+  }
+}
+
+variable "slack_webhook" {
+  type = string
+}
+
+locals {
+  prefix = "aws-spend-alerts"
+}
+
+module "notify_slack" {
+  source  = "terraform-aws-modules/notify-slack/aws"
+  version = "5.5.0"
+
+  sns_topic_name = local.prefix
+
+  slack_webhook_url = var.slack_webhook
+  slack_channel     = "#g-infra"
+  slack_username    = "monitoring"
+}
+
+output "slack_topic_arn" {
+  value = module.notify_slack.slack_topic_arn
+}
+
+resource "aws_cloudwatch_metric_alarm" "total_charge" {
+  alarm_name                = "total_charge"
+  alarm_description         = "total estimated charge"
+  comparison_operator       = "LessThanLowerOrGreaterThanUpperThreshold"
+  evaluation_periods        = "1"
+  threshold_metric_id       = "ad1"
+  alarm_actions             = [module.notify_slack.slack_topic_arn]
+  ok_actions                = [module.notify_slack.slack_topic_arn]
+  insufficient_data_actions = []
+
+  metric_query {
+    id          = "m1"
+    period      = 0
+    return_data = true
+
+    metric {
+      dimensions = {
+        "Currency" = "USD"
+      }
+      metric_name = "EstimatedCharges"
+      namespace   = "AWS/Billing"
+      period      = 86400
+      stat        = "Maximum"
+    }
+  }
+
+  metric_query {
+    expression  = "ANOMALY_DETECTION_BAND(m1, 2)"
+    id          = "ad1"
+    label       = "EstimatedCharges (expected)"
+    period      = 0
+    return_data = true
+  }
+}