For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.
Bicep resource definition
The activityLogAlerts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Insights/activityLogAlerts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Insights/activityLogAlerts@2023-01-01-preview' = {
scope: resourceSymbolicName or scope
location: 'string'
name: 'string'
properties: {
actions: {
actionGroups: [
{
actionGroupId: 'string'
actionProperties: {
{customized property}: 'string'
}
webhookProperties: {
{customized property}: 'string'
}
}
]
}
condition: {
allOf: [
{
anyOf: [
{
containsAny: [
'string'
]
equals: 'string'
field: 'string'
}
]
containsAny: [
'string'
]
equals: 'string'
field: 'string'
}
]
}
description: 'string'
enabled: bool
scopes: [
'string'
]
tenantScope: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Insights/activityLogAlerts
| Name |
Description |
Value |
| location |
The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. |
string |
| name |
The resource name |
string
Constraints:
Pattern = ^[-\w\._\(\)]+$ (required) |
| properties |
The Activity Log Alert rule properties of the resource. |
AlertRuleProperties |
| scope |
Use when creating a resource at a scope that is different than the deployment scope. |
Set this property to the symbolic name of a resource to apply the extension resource. |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
ActionGroup
| Name |
Description |
Value |
| actionGroupId |
The resource ID of the Action Group. This cannot be null or empty. |
string (required) |
| actionProperties |
Predefined list of properties and configuration items for the action group. |
ActionGroupActionProperties |
| webhookProperties |
the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. |
ActionGroupWebhookProperties |
ActionGroupActionProperties
ActionGroupWebhookProperties
ActionList
| Name |
Description |
Value |
| actionGroups |
The list of the Action Groups. |
ActionGroup[] |
AlertRuleAllOfCondition
AlertRuleAnyOfOrLeafCondition
| Name |
Description |
Value |
| anyOf |
An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. |
AlertRuleLeafCondition[] |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleLeafCondition
| Name |
Description |
Value |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleProperties
| Name |
Description |
Value |
| actions |
The actions that will activate when the condition is met. |
ActionList (required) |
| condition |
The condition that will cause this alert to activate. |
AlertRuleAllOfCondition (required) |
| description |
A description of this Activity Log Alert rule. |
string |
| enabled |
Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. |
bool |
| scopes |
A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. |
string[] |
| tenantScope |
The tenant GUID. Must be provided for tenant-level and management group events rules. |
string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
ARM template resource definition
The activityLogAlerts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Insights/activityLogAlerts resource, add the following JSON to your template.
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2023-01-01-preview",
"name": "string",
"location": "string",
"properties": {
"actions": {
"actionGroups": [
{
"actionGroupId": "string",
"actionProperties": {
"{customized property}": "string"
},
"webhookProperties": {
"{customized property}": "string"
}
}
]
},
"condition": {
"allOf": [
{
"anyOf": [
{
"containsAny": [ "string" ],
"equals": "string",
"field": "string"
}
],
"containsAny": [ "string" ],
"equals": "string",
"field": "string"
}
]
},
"description": "string",
"enabled": "bool",
"scopes": [ "string" ],
"tenantScope": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Insights/activityLogAlerts
| Name |
Description |
Value |
| apiVersion |
The api version |
'2023-01-01-preview' |
| location |
The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. |
string |
| name |
The resource name |
string
Constraints:
Pattern = ^[-\w\._\(\)]+$ (required) |
| properties |
The Activity Log Alert rule properties of the resource. |
AlertRuleProperties |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
| type |
The resource type |
'Microsoft.Insights/activityLogAlerts' |
ActionGroup
| Name |
Description |
Value |
| actionGroupId |
The resource ID of the Action Group. This cannot be null or empty. |
string (required) |
| actionProperties |
Predefined list of properties and configuration items for the action group. |
ActionGroupActionProperties |
| webhookProperties |
the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. |
ActionGroupWebhookProperties |
ActionGroupActionProperties
ActionGroupWebhookProperties
ActionList
| Name |
Description |
Value |
| actionGroups |
The list of the Action Groups. |
ActionGroup[] |
AlertRuleAllOfCondition
AlertRuleAnyOfOrLeafCondition
| Name |
Description |
Value |
| anyOf |
An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. |
AlertRuleLeafCondition[] |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleLeafCondition
| Name |
Description |
Value |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleProperties
| Name |
Description |
Value |
| actions |
The actions that will activate when the condition is met. |
ActionList (required) |
| condition |
The condition that will cause this alert to activate. |
AlertRuleAllOfCondition (required) |
| description |
A description of this Activity Log Alert rule. |
string |
| enabled |
Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. |
bool |
| scopes |
A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. |
string[] |
| tenantScope |
The tenant GUID. Must be provided for tenant-level and management group events rules. |
string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
The activityLogAlerts resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Insights/activityLogAlerts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Insights/activityLogAlerts@2023-01-01-preview"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
actions = {
actionGroups = [
{
actionGroupId = "string"
actionProperties = {
{customized property} = "string"
}
webhookProperties = {
{customized property} = "string"
}
}
]
}
condition = {
allOf = [
{
anyOf = [
{
containsAny = [
"string"
]
equals = "string"
field = "string"
}
]
containsAny = [
"string"
]
equals = "string"
field = "string"
}
]
}
description = "string"
enabled = bool
scopes = [
"string"
]
tenantScope = "string"
}
}
}
Property Values
Microsoft.Insights/activityLogAlerts
| Name |
Description |
Value |
| location |
The location of the resource. Azure Activity Log Alert rules are supported on Global, West Europe and North Europe regions. |
string |
| name |
The resource name |
string
Constraints:
Pattern = ^[-\w\._\(\)]+$ (required) |
| parent_id |
The ID of the resource to apply this extension resource to. |
string (required) |
| properties |
The Activity Log Alert rule properties of the resource. |
AlertRuleProperties |
| tags |
Resource tags |
Dictionary of tag names and values. |
| type |
The resource type |
"Microsoft.Insights/activityLogAlerts@2023-01-01-preview" |
ActionGroup
| Name |
Description |
Value |
| actionGroupId |
The resource ID of the Action Group. This cannot be null or empty. |
string (required) |
| actionProperties |
Predefined list of properties and configuration items for the action group. |
ActionGroupActionProperties |
| webhookProperties |
the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. |
ActionGroupWebhookProperties |
ActionGroupActionProperties
ActionGroupWebhookProperties
ActionList
| Name |
Description |
Value |
| actionGroups |
The list of the Action Groups. |
ActionGroup[] |
AlertRuleAllOfCondition
AlertRuleAnyOfOrLeafCondition
| Name |
Description |
Value |
| anyOf |
An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. |
AlertRuleLeafCondition[] |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleLeafCondition
| Name |
Description |
Value |
| containsAny |
The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. |
string[] |
| equals |
The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. |
string |
| field |
The name of the Activity Log event's field that this condition will examine.
The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. |
string |
AlertRuleProperties
| Name |
Description |
Value |
| actions |
The actions that will activate when the condition is met. |
ActionList (required) |
| condition |
The condition that will cause this alert to activate. |
AlertRuleAllOfCondition (required) |
| description |
A description of this Activity Log Alert rule. |
string |
| enabled |
Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. |
bool |
| scopes |
A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. |
string[] |
| tenantScope |
The tenant GUID. Must be provided for tenant-level and management group events rules. |
string |
Usage Examples
A basic example of deploying Activity Log Alert within Azure Monitor.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-09-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
kind = "StorageV2"
properties = {
accessTier = "Hot"
allowBlobPublicAccess = true
allowCrossTenantReplication = true
allowSharedKeyAccess = true
defaultToOAuthAuthentication = false
encryption = {
keySource = "Microsoft.Storage"
services = {
queue = {
keyType = "Service"
}
table = {
keyType = "Service"
}
}
}
isHnsEnabled = false
isNfsV3Enabled = false
isSftpEnabled = false
minimumTlsVersion = "TLS1_2"
networkAcls = {
defaultAction = "Allow"
}
publicNetworkAccess = "Enabled"
supportsHttpsTrafficOnly = true
}
sku = {
name = "Standard_LRS"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "actionGroup" {
type = "Microsoft.Insights/actionGroups@2023-01-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = "global"
body = {
properties = {
armRoleReceivers = [
]
automationRunbookReceivers = [
]
azureAppPushReceivers = [
]
azureFunctionReceivers = [
]
emailReceivers = [
]
enabled = true
eventHubReceivers = [
]
groupShortName = "acctestag1"
itsmReceivers = [
]
logicAppReceivers = [
]
smsReceivers = [
]
voiceReceivers = [
]
webhookReceivers = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "actionGroup2" {
type = "Microsoft.Insights/actionGroups@2023-01-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = "global"
body = {
properties = {
armRoleReceivers = [
]
automationRunbookReceivers = [
]
azureAppPushReceivers = [
]
azureFunctionReceivers = [
]
emailReceivers = [
]
enabled = true
eventHubReceivers = [
]
groupShortName = "acctestag2"
itsmReceivers = [
]
logicAppReceivers = [
]
smsReceivers = [
]
voiceReceivers = [
]
webhookReceivers = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "activityLogAlert" {
type = "Microsoft.Insights/activityLogAlerts@2020-10-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = "global"
body = {
properties = {
actions = {
actionGroups = [
{
actionGroupId = azapi_resource.actionGroup.id
webhookProperties = {
}
},
{
actionGroupId = azapi_resource.actionGroup2.id
webhookProperties = {
from = "terraform test"
to = "microsoft azure"
}
},
]
}
condition = {
allOf = [
{
equals = "ResourceHealth"
field = "category"
},
{
anyOf = [
{
equals = "Unavailable"
field = "properties.currentHealthStatus"
},
{
equals = "Degraded"
field = "properties.currentHealthStatus"
},
]
},
{
anyOf = [
{
equals = "Unknown"
field = "properties.previousHealthStatus"
},
{
equals = "Available"
field = "properties.previousHealthStatus"
},
]
},
{
anyOf = [
{
equals = "PlatformInitiated"
field = "properties.cause"
},
{
equals = "UserInitiated"
field = "properties.cause"
},
]
},
]
}
description = "This is just a test acceptance."
enabled = true
scopes = [
azapi_resource.resourceGroup.id,
azapi_resource.storageAccount.id,
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
