- Lab
- A Cloud Guru
Configure an Azure Monitor Alert Rule
In this lab, you will create an Azure Monitor alert rule on a storage account, using Azure CLI. Students with prior experience in Azure and working with Azure CLI will have the best opportunity to complete the lab objectives with minimal assistance. However, there are hints and tips to guide you, along with the detailed lab guide and solution video. So even students new to the technology and concepts should be able to successfully complete the lab objectives.
Path Info
Table of Contents
-
Challenge
Log In to the Azure Portal
- Open an incognito or private window and log in to the Azure portal using the user name and password provided in the lab environment.
- From within the portal, initiate the Cloud Shell to select Bash (versus PowerShell) and set up with new backing storage — do not use the existing storage account deployed into the lab environment. You will need both storage accounts to complete the lab.
-
Challenge
Use Azure CLI to Configure an Alert Rule
At this point you should be logged into the Azure portal in the subscription associated with the lab credentials, and you should ahve the integrated Cloud Shell terminal open.
Use the Azure portal and the integrated Cloud Shell terminal to write Azure CLI required to complete the following tasks. Note that the order of the tasks is slightly different from the order of the wizard you may have used in the Azure portal to create Azure Monitor alert rules. See the Hints section at the end of the instructions if you need just a little help getting started on some of the tasks, prior to turning to the lab guide or solution video for a more detailed walk-through.
Collect the values you will need to populate two Azure CLI commands.
You can collect the required values by simply copy-pasting the values into a text editor, but for cleaner code that's easier to read and write, we suggest you use environment variables that you can then use in the Azure CLI commands. You can collect the values by using Azure CLI or by using the portal to navigate to the storage account deployed on your behalf in the lab subscription. The correct lab's name starts with "pslab" followed by a short string of random characters. Do not use the storage account you used to set up your Cloud Shell environment.
These are the values you need to collect:
- The resource group name (not the ID) where the storage account is located
- The "scope" for your alert rule, which is the Resource ID URL found under Endpoints in the left menu of the storage account in the portal.
- An action group name of your choice
Create an Action Group
You might recall from the intro video, in the portal workflow, you create the alert-rule scope, the condition, and then the action group that identifies what you want to do when the rule is triggered. But because we want to refernece the action group in our alert rule definition, we need to first create the action group.
Use the Azure CLI
az monitor action-group create
command, populated with the name of the action group, the resource group name, a short name, under 12 characters, for the action group, and the action you want to take, which is to send an SMS message to yourself. NOTE: The Microsoft documentation around the--action
argument is not easy to find. See the "Hints" section, below for the syntax you should use on the--action
argument.When you successfully execute the code to create an Action Group based on your own phone number, you should almost immediately get a text.
Create an Alert on the Activity Log for the Storage Account
Use the
az monitor activity-log alert create
command, populated with the name of the alert rule, which can be anything you want, the resource group, the scope, the condition, the description, which can be anything you want, and the action group. NOTE: The Microsoft documentation around the specifics of the--condition
argument is not easy to find. See the "Hints" section, below for the syntax you should use on the--condition
argument.Optional: Confirm the Creation of the Alert Rule
Assuming there are no errors, when you execute the
alert create
command, it should return the JSON description of your alert, but if you want to be double-sure, you can this list command:az monitor activity-log alert list.
You can also go back to the storage account in the portal and click on Alerts in the left menu and then Alert Rules to see the one you just created.Hints and Tips
- Don't be afraid to try to write the Azure CLI on your own. If you have the syntax wrong or you are missing an argument, you will get error feedback that may help you sort it out for yourself, without referring to documentation.
- To create an environment variable at the command line, just type the name of the command and set it equal to the value, like this:
resource_group_name="my-rg"
Note that there is no space before or after the "=" sign. Bash will throw an error if you put in spaces. The double-quotes are not strictly required unless there are spaces in the assigned value, but some developers do it as a matter of habit. The variable names used in the solution video are:
resource_group_name rule_scope action_group_name
And then you reference them later in code by putting a "$" in front of the variable name, as in this example:
--resource-group $resource_group_name
- The documentation for the az monitor action-group command group is here: https://learn.microsoft.com/en-us/cli/azure/monitor/action-group?view=azure-cli-latest#az-monitor-action-group-create()
- The correct syntax for the --action argument when creating the action group looks like this, where the first value is the type of action, the second value is the name of the recipient, the third value is the country code, and the fourth value is a valid phone number (5555555555 is a placeholder and will not work). You will need to use your name, country code, and phone number.
--action sms Amy 1 5555555555
- The documentation for the
az monitor activity-log alert
command group is here: https://learn.microsoft.com/en-us/cli/azure/monitor/activity-log/alert?view=azure-cli-latest - The correct argument name and value for setting the condition that triggers the rule is, below. Copy-paste this into your terminal window for the condition argument in your code block:
--condition "category=Administrative and operationName=Microsoft.Storage/storageAccounts/write"
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.