From 88aa28e864f9e74e65807b146a95802f14bb0540 Mon Sep 17 00:00:00 2001
From: Maciej Murawski <maciej.murawski@nordcloud.com>
Date: Fri, 14 Nov 2025 13:18:43 +0000
Subject: [PATCH 1/2] feat: monitor alert for high DToS DB CPU Percentage

---
 infrastructure/modules/sql-server/alerts.tf    |  0
 infrastructure/modules/sql-server/variables.tf | 12 ++++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 infrastructure/modules/sql-server/alerts.tf

diff --git a/infrastructure/modules/sql-server/alerts.tf b/infrastructure/modules/sql-server/alerts.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/infrastructure/modules/sql-server/variables.tf b/infrastructure/modules/sql-server/variables.tf
index 25159472..33449d47 100644
--- a/infrastructure/modules/sql-server/variables.tf
+++ b/infrastructure/modules/sql-server/variables.tf
@@ -264,3 +264,15 @@ variable "vulnerability_assessment_enabled" {
   description = "to enable extended auditing policy for server or database"
   default     = false
 }
+
+variable "enable_alerting" {
+  description = "Whether monitoring and alerting is enabled for the Azure SQL Server."
+  type        = bool
+  default     = false
+}
+
+variable "alert_cpu_threshold" {
+  type        = number
+  description = "If alerting is enabled this will control what the cpu threshold will be, default will be 90."
+  default     = 90
+}

From 5ba9a68b74a0bcd23c41dd5c62a34b5cf65fdab8 Mon Sep 17 00:00:00 2001
From: Maciej Murawski <maciej.murawski@nordcloud.com>
Date: Fri, 14 Nov 2025 13:22:23 +0000
Subject: [PATCH 2/2] feat: monitor alert for high DToS DB CPU Percentage

---
 infrastructure/modules/sql-server/alerts.tf   | 31 +++++++++++++++++
 .../modules/sql-server/variables.tf           | 33 +++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/infrastructure/modules/sql-server/alerts.tf b/infrastructure/modules/sql-server/alerts.tf
index e69de29b..06bab444 100644
--- a/infrastructure/modules/sql-server/alerts.tf
+++ b/infrastructure/modules/sql-server/alerts.tf
@@ -0,0 +1,31 @@
+
+# Azure Monitor alert for DToSDB CPU Percentage higher than 90% for the past 5 minutes
+resource "azurerm_monitor_metric_alert" "cpu" {
+  count = var.enable_alerting ? 1 : 0
+
+  name                = "${azurerm_mssql_server.azure_sql_server.name}-cpu"
+  resource_group_name = var.resource_group_name
+  scopes              = [azurerm_mssql_server.azure_sql_server.id]
+  description         = "Action will be triggered when cpu use is greater than ${var.alert_cpu_threshold}%"
+  window_size         = var.alert_window_size
+  severity            = 2
+  frequency           = local.alert_frequency
+
+  criteria {
+    metric_namespace = "Microsoft.Sql/servers/databases"
+    metric_name      = "cpu_percent"
+    aggregation      = "Average"
+    operator         = "GreaterThan"
+    threshold        = var.alert_cpu_threshold
+  }
+
+  action {
+    action_group_id = var.action_group_id
+  }
+
+  lifecycle {
+    ignore_changes = [
+      tags
+    ]
+  }
+}
diff --git a/infrastructure/modules/sql-server/variables.tf b/infrastructure/modules/sql-server/variables.tf
index 33449d47..4c501dd7 100644
--- a/infrastructure/modules/sql-server/variables.tf
+++ b/infrastructure/modules/sql-server/variables.tf
@@ -265,6 +265,10 @@ variable "vulnerability_assessment_enabled" {
   default     = false
 }
 
+/* --------------------------------------------------------------------------------------------------
+  Azure Monitor Alerts variables
+-------------------------------------------------------------------------------------------------- */
+
 variable "enable_alerting" {
   description = "Whether monitoring and alerting is enabled for the Azure SQL Server."
   type        = bool
@@ -276,3 +280,32 @@ variable "alert_cpu_threshold" {
   description = "If alerting is enabled this will control what the cpu threshold will be, default will be 90."
   default     = 90
 }
+
+variable "alert_window_size" {
+  type     = string
+  nullable = false
+  default  = "PT5M"
+  validation {
+    condition     = contains(["PT1M", "PT5M", "PT15M", "PT30M", "PT1H", "PT6H", "PT12H"], var.alert_window_size)
+    error_message = "The alert_window_size must be one of: PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H"
+  }
+  description = "The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly."
+}
+
+locals {
+  alert_frequency_map = {
+    PT5M  = "PT1M"
+    PT15M = "PT1M"
+    PT30M = "PT1M"
+    PT1H  = "PT1M"
+    PT6H  = "PT5M"
+    PT12H = "PT5M"
+  }
+  alert_frequency = local.alert_frequency_map[var.alert_window_size]
+}
+
+variable "action_group_id" {
+  type        = string
+  description = "ID of the action group to notify."
+  default     = null
+}