How can I more simply update an AzActivityLogAlert ActionGroup?
I'm using a PaaS system that comes preconfigured on Azure with a large number of alerts. I want to update these alerts with an Azure Az Powershell v14 script by adding an Action Group to them, to get direct notifications of problems.
I can access these alerts using Get-AzActivityLogAlert and loop through the ActionGroup property to check if the AG already exists. However, there's no update/set command, only New-AzActivityLogAlert (which the docs says can create or update).
My current approach is to rebuild ActionGroup and Tags from Get-AzActivityLogAlert, and then plug these values into New-AzActivityLogAlert as follows:
$newActionGroups = $rule.ActionGroup
$newActionGroups += New-AzActivityLogAlertActionGroupObject -Id $myAGID
$tagsHash = @{}
$rule.Tag.AdditionalProperties.GetEnumerator() | ForEach-Object {
$tagsHash[$_.Key] = $_.Value
}
New-AzActivityLogAlert `
-ResourceGroupName $tmpGroup `
-Name $rule.Name `
-Action $newActionGroups `
-Condition $rule.ConditionAllOf `
-Scope $rule.Scope `
-Location $rule.Location `
-Description $rule.Description `
-Enabled $true `
-Tag $tagsHash
This seems to add the new Action Group successfully, but it requires rebuilding the Tag property from one type (provided by Get-AzActivityLogAlert) into a type compatible with the New-AzActivityLogAlert command.
I'm also worried about losing other fields or data by over writing them with the New-AzActivityLogAlert command. For example, my first attempt was missing the -Tag flag, so I lost all my tags.
For metric alerts I just did something like this:
Get-AzMetricAlertRuleV2 -ResourceGroupName $tmpGroup -Name $rule.Name | Add-AzMetricAlertRuleV2 -ActionGroup $newActionGroups
This seems much safer and simpler. Is it possible to do something similar for the log alerts?
You can use the script below to create new Action Group to an existing Activity Log Alert while preserving its existing tags, conditions, and settings.
$resourceGroupName = "venkat-RG"
$alertName = "my-activity-log-alert"
$emailAddress = "dummy@contoso.com"
$emailReceiver = New-AzActionGroupEmailReceiverObject -Name "AlertEmail" -EmailAddress $emailAddress
$actionGroup = New-AzActionGroup -Name "demo-actiongrouptest" -ResourceGroupName $resourceGroupName -Location "Global" -EmailReceiver $emailReceiver -GroupShortName "SEGrp"
$actionGroupId = $actionGroup.Id
$actionGroupObj = New-AzActivityLogAlertActionGroupObject -Id $actionGroupId -WebhookProperty @{}
$existingAlert = Get-AzActivityLogAlert -ResourceGroupName $resourceGroupName -Name "Storage account key generation failed"
$existingAGIds = $existingAlert.Action | ForEach-Object { $_.Id }
if ($existingAGIds -notcontains $actionGroupId) {
$updatedActions = @()
foreach ($ag in $existingAlert.Action) {
$updatedActions += New-AzActivityLogAlertActionGroupObject -Id $ag.Id
}
$updatedActions += $actionGroupObj
} else {
$updatedActions = $existingAlert.Action
}
$tagsHash = @{}
$existingAlert.Tag.AdditionalProperties.GetEnumerator() | ForEach-Object {
$tagsHash[$_.Key] = $_.Value
}
new Action Group attached
New-AzActivityLogAlert -ResourceGroupName $resourceGroupName -Name $alertName -Location $existingAlert.Location -Scope $existingAlert.Scope -Condition $existingAlert.ConditionAllOf -Action $updatedActions -Description $existingAlert.Description -Enabled $existingAlert.Enabled -Tag $tagsHash
Write-Output "Action Group successfully created and attached to Activity Log Alert '$alertName'."
Output:
- Re-send dead letter message in Azure Bus
- How to do random sampling of rows in Synapse Analytics serverless SQL pool?
- How to skip admin approval for external users in an Entra ID multi-tenant application
- Bicep How to use external file to be used in Deployment Script?
- Insufficient Privileges error when retrieving AD User's Entra ID from Microsoft Graph API using email address
- What is the correct way to set a cookie expiration when using Azure AD to login users to an ASP.NET Core 5 Web Application?
- How can I Parse Json in a Azure Function
- Alchemy Websockets: Can't host server on Azure
- How to connect secrets value stored in Azure key vault to Azure app service env variables directly
- I need to use some query results in an alert email notification in Azure ApplicationInsights
- Azure DevOps Pull work items in tree level in Excel
- Azure Event Hubs to share specific partitions with specific consumer groups
- Azure AD B2C vs Microsoft Entra External ID
- How to query OAuth2 permission grants for service principals in Entra ID using Microsoft Graph PowerShell
- How to get the app role's value given an app role ID in Entra ID using Microsoft Graph Powershell?
- How to list all directory extension definitions within an Entra ID tenant?
- How to get error message from action in Logic App
- How do I enable my Azure pipeline to checkout a submodule using Git?
- Azure Mobile App using existing database that has identity column not called id
- Devops self hosted agent - submodule checkout SSH host key verification failed
- How can I read a XML file Azure Databricks Spark
- Azure Command-Line Interface (CLI) error running .NET 8 console app
- Azure windows VM extensions are provisioning failed state VM agent is "Ready" but Backup failed at VM running State GuestAgentSnapshotTaskStatusError
- Android scheme not accepted by IOS when submitting react-native app through Expo EAS
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Access Azure DevOps Artifact Feed from different organization
- Duplicate record handling with Azure Data Explorer
- File upload fails with 413 Request Entity Too Large in Azure app service but not while running locally
- Azure Tables: best practices for choosing partition/row keys
- Access Denied when accessing Azure Key vault from Azure Functions