How to create an alert rule using PowerShell and Azure CLI

How to create an alert rule using PowerShell and Azure CLI

Introduction

I found it rather difficult to create an alert rule using PowerShell as opossed to using Azure CLI. That's why I thought its worth a post. I assume there exists a resource-group called rg-training and a VM named VM1.

In general an alert rule consists of the following components:

Component Description
Scope The resource(s) you want to monitor
Condition Configures when the alert rule should trigger the action
Action Group A list of actions to invoke when the alert rule triggers (optional)
Alert Rule Details Some identififaction information

Azure CLI

First we need to create an action group that we later are going to use with the alert rule. This rule will send an email to defined recipient upon rule trigger.

# Create an action group
az monitor action-group create \
    --name notify-admins \
    --resource-group rg-training \
    --action email my-action-name adminaddress@host.org

Have a look at "az monitor action-group create -h" for further actions that are available. For example you also can send out an SMS, trigger a webhook and so on.

Then we need to retrieve the VM's id and store it for later use...

# Retrieve VM identifier used for scope parameter
$scope = az vm show \
    --name vm1 \
    --output tsv \
    --query id 

Finally we create a metric alert, that will trigger when the average CPU load stays above 90% on a duration of 5 minutes (measured once per minute).

# Create the actual alert
az monitor metrics alert create \
    --name alert2 \
    --resource-group rg-training \
    --scopes $scope \
    --condition "avg Percentage CPU > 90" \
    --window-size 5m \
    --evaluation-frequency 1m \
    --action notify-admins \
    --description "High CPU"

That was easy. Now lets have a look at the PowerShell-way, where things are a bit more complicated and long winded.

Azure PowerShell

First we need to create the action group.

$receiver = New-AzActionGroupReceiver `
    -Name "Admin" `
    -EmailReceiver `
    -EmailAddress "adminaddress@host.org"

Set-AzActionGroup `
    -Name "notify-admins" `
    -ShortName "ActionGroup1" `
    -ResourceGroupName "rg-training" `
    -Receiver $receiver

Have a look at the offical documentation for further receivers that can be configured: New-AzActionGroupReceiver

Now let's read back the action group and store it.

$actionGroup = Get-AzActionGroup `
    -Name "my-action-group" `
    -ResourceGroupName "rg-training" 

$actionGroupId = New-AzActionGroup `
    -ActionGroupId $actionGroup.Id

$actionGroupId will hold and object of type ActivityLogAlertActionGroup thats later required for the Add-AzMetricAlertRuleV2 cmdlet.

Okay great! Now we need a condition

$condition = New-AzMetricAlertRuleV2Criteria `
    -MetricName "Percentage CPU" `
    -TimeAggregation Average `
    -Operator GreaterThan `
    -Threshold 0.1

Now we are ready to call Add-AzMetricAlertRuleV2 as follows.

$windowSize = New-TimeSpan -Minutes 1
$frequency = New-TimeSpan -Minutes 1 
$targetResourceId = (Get-AzResource -Name VM1).ResourceId

Add-AzMetricAlertRuleV2 `
    -Name "metricRule" `
    -ResourceGroupName "rg-training" `
    -WindowSize $windowSize `
    -Frequency $frequency `
    -TargetResourceId $targetResourceId `
    -Condition $condition `
    -ActionGroup $actionGroupId `
    -Severity 3

Happy hacking, Matthias!

Show Comments