As with any digital assets, Infrastructure-as-code requires the same level of monitoring as with any the resources in the public cloud. Changes to the resources are as important to know before hand than after the effect. Consequently, subscriptions and notifications play an important role in the pipelines that deploy the infrastructure.

There are several ways to setup alerts and notifications, and they mostly have to do with the path rather than the content.

The first method is to send out notifications from the pipeline as the code is compiled and executed. There are ways to do this from say the repository with the help of say GitHub Actions or the repository settings. The latter is used to send out notifications in the form of emails by merely specifying the email addresses. The former is used for more involved notifications such as making HTTP Post requests to webhook urls as in the case of posting a message in the Teams channel. Either way the payload for commit notifications includes information such as the name of the repository, the branch a commit was made in, the SHA1 of the commit and its link to the diff in GitHub, the author of the commit, the date when the commit was made, the files that were changed as part of the commit, and the commit message. Notifications can also be expanded to include a conversation in a specific issue, pull request or gist, all activity in a repository, CI activity such as the status of workflows in repositories such as with GitHub Actions and repository issues, pull requests, releases, security alerts, or discussions if enabled. The notification via Teams channel requires a step in the GitHub actions and the MS_Teams_WebHook_URI for the dedicated Microsoft Teams Channel. The webhook URI is saved as a secret in the GitHub repository’s settings. The step itself is executed only on the events specified and these can include a wide variety with the pull_request, push and the deployment events as the most common ones. The builtin module to use in this case would be actions/checkout@v2 and the runner will require the parameters as the operating system say ubuntu-latest, a github token that is used for reading the repository, the webhook uri read from the secrets, the notification summary, color and timezone. Emoji support isn’t great for incoming webhooks on Microsoft Teams yet but it can be hacked through HEX codes.

The Microsoft Teams Channel on its end can have a GitHub application added or a bot created to display the messages. The Webhook url must be added, configured and saved. Channels that can add a GitHub application have the choice of sending some canned commands to help setup this up end to end. For example, the “subscribe owner/repo workflows:{name: “your workflow name” event: “workflow event” branch: “branch name” actor:”Actor name” } will filter out for the passed in values to those parameters.

These are some of the ways the alerts and notifications can be setup on the IaC.