Terraform Monitors

The devhelm_monitor resource creates and manages monitors of any type. Configure assertions, incident policies, and scheduling in HCL.

Basic example

resource "devhelm_monitor" "api_health" {
  name              = "API Health"
  type              = "HTTP"
  frequency_seconds = 60
  regions           = ["us-east", "eu-west"]

  config = jsonencode({
    url       = "https://api.example.com/health"
    method    = "GET"
    verifyTls = true
  })

  assertions {
    type   = "status_code"
    config = jsonencode({ expected = 200, operator = "equals" })
  }
}

Arguments

Top-level

Attribute	Type	Required	Description
`name`	string	Yes	Human-readable name (also used as import ID)
`type`	string	Yes	Monitor type: `HTTP`, `DNS`, `TCP`, `ICMP`, `HEARTBEAT`, `MCP_SERVER`. Forces replacement on change.
`config`	string (JSON)	Yes	Type-specific configuration as JSON
`frequency_seconds`	number	—	Check frequency in seconds (30–86400)
`enabled`	bool	—	Whether the monitor is active (default: `true`)
`regions`	list(string)	—	Probe regions
`environment_id`	string	—	Environment ID for variable substitution
`alert_channel_ids`	list(string)	—	Alert channel IDs to notify
`tag_ids`	list(string)	—	Tag IDs to attach
`auth`	object	—	HTTP authentication. Pick exactly one of `bearer`, `basic`, `header`, or `api_key`; each variant takes a `vault_secret_id` (UUID of a `devhelm_secret`). `header` and `api_key` also require `header_name`.

Computed attributes

Attribute	Description
`id`	Monitor ID
`ping_url`	Heartbeat ping URL (only set for `HEARTBEAT` type)

assertions block

Repeatable block for pass/fail criteria. The block name is assertions (plural); repeat it once per assertion:

Attribute	Type	Required	Description
`type`	string	Yes	Assertion type discriminator in snake_case wire format. Supported values: `status_code`, `response_time`, `body_contains`, `header_value`, `dns_resolves`, `ssl_expiry`, `tcp_connects`
`config`	string (JSON)	Yes	Assertion configuration as JSON; the inner `type` field is omitted (set via the sibling `type` attribute). Field names inside `config` are camelCase, e.g. `{ expected = 200, operator = "equals" }` for `status_code` or `{ thresholdMs = 500 }` for `response_time`
`severity`	string	—	`fail` or `warn` (default: `fail`)

incident_policy attribute

Single nested attribute (use = assignment, not a block) controlling confirmation and recovery behavior. Omit it entirely to adopt server defaults; supplying any field overrides the policy in full.

Attribute	Type	Required	Description
`confirmation_type`	string	—	Confirmation strategy (e.g., `multi_region`)
`min_regions_failing`	number	—	Minimum failing regions to confirm
`max_wait_seconds`	number	—	Maximum confirmation wait time
`consecutive_successes`	number	—	Consecutive passes required for recovery
`min_regions_passing`	number	—	Minimum passing regions for recovery
`cooldown_minutes`	number	—	Minutes before auto-resolving
`trigger_rules`	list of objects	—	Rules that determine when failures escalate to incidents

trigger_rules[*] object:

Attribute	Type	Required	Description
`type`	string	Yes	`consecutive_failures`, `failures_in_window`, or `response_time`
`severity`	string	Yes	`down` or `degraded`
`scope`	string	—	`per_region` or `any_region`
`count`	number	—	Failure count threshold (1–10)
`window_minutes`	number	—	Time window for `failures_in_window`
`threshold_ms`	number	—	Response time threshold for `response_time`
`aggregation_type`	string	—	`all_exceed`, `average`, `p95`, `max`

Config by monitor type

The config attribute accepts JSON. The shape depends on type:

config = jsonencode({
  url           = "https://api.example.com/health"
  method        = "GET"
  verifyTls     = true
  customHeaders = { Accept = "application/json" }
})

Full example with assertions and incident policy

resource "devhelm_monitor" "api_health" {
  name              = "API Health"
  type              = "HTTP"
  frequency_seconds = 60
  enabled           = true
  regions           = ["us-east", "eu-west"]

  config = jsonencode({
    url       = "https://api.example.com/health"
    method    = "GET"
    verifyTls = true
  })

  assertions {
    type   = "status_code"
    config = jsonencode({ expected = 200, operator = "equals" })
  }

  assertions {
    type     = "response_time"
    config   = jsonencode({ thresholdMs = 2000 })
    severity = "warn"
  }

  incident_policy = {
    confirmation_type     = "multi_region"
    min_regions_failing   = 2
    max_wait_seconds      = 120
    consecutive_successes = 2

    trigger_rules = [
      {
        type     = "consecutive_failures"
        severity = "down"
        scope    = "per_region"
        count    = 3
      },
    ]
  }

  tag_ids           = [devhelm_tag.production.id]
  alert_channel_ids = [devhelm_alert_channel.slack.id]
}

Import

terraform import devhelm_monitor.api_health "API Health"

Import uses the monitor name as the identifier.

Next steps

Alert channels

devhelm_alert_channel resource reference.

Data sources

Reference existing resources without managing them.

Documentation Index

​Basic example

​Arguments

​Top-level

​Computed attributes

​assertions block

​incident_policy attribute

​Config by monitor type

​Full example with assertions and incident policy

​Import

​Next steps