From 5c4b7dea0640661ecfd7629ddbc0ff1071962163 Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Tue, 20 Aug 2019 11:31:54 +0100
Subject: [PATCH 1/5] MON-499: set of monitors using integrations http_check,
 dns_check and tls

---
 README.md                     |   4 +
 network/dns/README.md         |  24 ++++
 network/dns/inputs.tf         |  85 +++++++++++++
 network/dns/modules.tf        |   9 ++
 network/dns/monitors-dns.tf   |  34 +++++
 network/dns/outputs.tf        |   5 +
 network/http/README.md        |  26 ++++
 network/http/inputs.tf        | 181 +++++++++++++++++++++++++++
 network/http/modules.tf       |   9 ++
 network/http/monitors-http.tf | 107 ++++++++++++++++
 network/http/outputs.tf       |  15 +++
 network/tls/README.md         |  28 +++++
 network/tls/inputs.tf         | 226 ++++++++++++++++++++++++++++++++++
 network/tls/modules.tf        |   9 ++
 network/tls/monitors-tls.tf   | 143 +++++++++++++++++++++
 network/tls/outputs.tf        |  20 +++
 16 files changed, 925 insertions(+)
 create mode 100644 network/dns/README.md
 create mode 100644 network/dns/inputs.tf
 create mode 100644 network/dns/modules.tf
 create mode 100644 network/dns/monitors-dns.tf
 create mode 100644 network/dns/outputs.tf
 create mode 100644 network/http/README.md
 create mode 100644 network/http/inputs.tf
 create mode 100644 network/http/modules.tf
 create mode 100644 network/http/monitors-http.tf
 create mode 100644 network/http/outputs.tf
 create mode 100644 network/tls/README.md
 create mode 100644 network/tls/inputs.tf
 create mode 100644 network/tls/modules.tf
 create mode 100644 network/tls/monitors-tls.tf
 create mode 100644 network/tls/outputs.tf

diff --git a/README.md b/README.md
index ab56880..2c4f1f5 100644
--- a/README.md
+++ b/README.md
@@ -200,6 +200,10 @@ The `//` is very important, it's a terraform specific syntax used to separate gi
 	- [kong](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/middleware/kong/)
 	- [nginx](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/middleware/nginx/)
 	- [php-fpm](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/middleware/php-fpm/)
+- [network](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/)
+	- [dns](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/dns/)
+	- [http](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/)
+	- [tls](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/tls/)
 - [saas](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/)
 	- [new-relic](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/new-relic/)
 - [system](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/system/)
diff --git a/network/dns/README.md b/network/dns/README.md
new file mode 100644
index 0000000..8d459a7
--- /dev/null
+++ b/network/dns/README.md
@@ -0,0 +1,24 @@
+# NETWORK DNS DataDog monitors
+
+## How to use this module
+
+```
+module "datadog-monitors-network-dns" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/dns?ref={revision}"
+
+  environment = var.environment
+  message     = module.datadog-message-alerting.alerting-message
+}
+
+```
+
+## Purpose
+
+Creates DataDog monitors with the following checks:
+
+- DNS cannot resolve
+
+
+## Related documentation
+
+- Datadog Documentation https://docs.datadoghq.com/integrations/dns_check/
diff --git a/network/dns/inputs.tf b/network/dns/inputs.tf
new file mode 100644
index 0000000..dfd4a03
--- /dev/null
+++ b/network/dns/inputs.tf
@@ -0,0 +1,85 @@
+# Global Terraform
+variable "environment" {
+  description = "Architecture Environment"
+  type        = string
+}
+
+# Global DataDog
+variable "evaluation_delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 15
+}
+
+variable "new_host_delay" {
+  description = "Delay in seconds before monitor new resource"
+  default     = 300
+}
+
+variable "prefix_slug" {
+  description = "Prefix string to prepend between brackets on every monitors names"
+  default     = ""
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "filter_tags_custom_excluded" {
+  description = "Tags excluded for custom filtering when filter_tags_use_defaults is false"
+  default     = ""
+}
+
+#
+# Cannot Resolve
+#
+variable "cannot_resolve_enabled" {
+  description = "Flag to enable DNS cannot resolve monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "cannot_resolve_message" {
+  description = "Custom message for DNS cannot resolve monitor"
+  type        = string
+  default     = ""
+}
+
+variable "cannot_resolve_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "cannot_resolve_threshold_warning" {
+  description = "DNS cannot resolve monitor (warning threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_resolve_threshold_critical" {
+  description = "DNS cannot resolve monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "cannot_resolve_no_data_timeframe" {
+  description = "DNS cannot resolve monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "cannot_resolve_extra_tags" {
+  description = "Extra tags for DNS cannot resolve monitor"
+  type        = list(string)
+  default     = []
+}
\ No newline at end of file
diff --git a/network/dns/modules.tf b/network/dns/modules.tf
new file mode 100644
index 0000000..03747be
--- /dev/null
+++ b/network/dns/modules.tf
@@ -0,0 +1,9 @@
+module "filter-tags" {
+  source = "../../common/filter-tags"
+
+  environment                 = var.environment
+  resource                    = "dns"
+  filter_tags_use_defaults    = var.filter_tags_use_defaults
+  filter_tags_custom          = var.filter_tags_custom
+  filter_tags_custom_excluded = var.filter_tags_custom_excluded
+}
diff --git a/network/dns/monitors-dns.tf b/network/dns/monitors-dns.tf
new file mode 100644
index 0000000..48f1c8c
--- /dev/null
+++ b/network/dns/monitors-dns.tf
@@ -0,0 +1,34 @@
+#
+# Service Check
+#
+resource "datadog_monitor" "cannot_resolve" {
+  count   = var.cannot_resolve_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] DNS cannot resolve"
+  message = coalesce(var.cannot_resolve_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "dns.can_resolve"${module.filter-tags.service_check}.by("nameserver","resolved_hostname").last(${var.cannot_resolve_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.cannot_resolve_threshold_warning
+    critical = var.cannot_resolve_threshold_critical
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.cannot_resolve_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:dns_check", "resource:dns", "team:claranet", "created-by:terraform"], var.cannot_resolve_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
\ No newline at end of file
diff --git a/network/dns/outputs.tf b/network/dns/outputs.tf
new file mode 100644
index 0000000..b834803
--- /dev/null
+++ b/network/dns/outputs.tf
@@ -0,0 +1,5 @@
+output "cannot_resolve_id" {
+  description = "id for monitor cannot_resolve"
+  value       = datadog_monitor.cannot_resolve.*.id
+}
+
diff --git a/network/http/README.md b/network/http/README.md
new file mode 100644
index 0000000..d9a0003
--- /dev/null
+++ b/network/http/README.md
@@ -0,0 +1,26 @@
+# NETWORK HTTP DataDog monitors
+
+## How to use this module
+
+```
+module "datadog-monitors-network-http" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http?ref={revision}"
+
+  environment = var.environment
+  message     = module.datadog-message-alerting.alerting-message
+}
+
+```
+
+## Purpose
+
+Creates DataDog monitors with the following checks:
+
+- HTTP cannot connect
+- SSL certificate expiration
+- SSL invalid certificate
+
+
+## Related documentation
+
+- Datadog Documentation https://docs.datadoghq.com/integrations/http_check/
\ No newline at end of file
diff --git a/network/http/inputs.tf b/network/http/inputs.tf
new file mode 100644
index 0000000..3b50be0
--- /dev/null
+++ b/network/http/inputs.tf
@@ -0,0 +1,181 @@
+# Global Terraform
+variable "environment" {
+  description = "Architecture Environment"
+  type        = string
+}
+
+# Global DataDog
+variable "evaluation_delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 15
+}
+
+variable "new_host_delay" {
+  description = "Delay in seconds before monitor new resource"
+  default     = 300
+}
+
+variable "prefix_slug" {
+  description = "Prefix string to prepend between brackets on every monitors names"
+  default     = ""
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "filter_tags_custom_excluded" {
+  description = "Tags excluded for custom filtering when filter_tags_use_defaults is false"
+  default     = ""
+}
+
+#
+# HTTP Cannot Connect
+#
+variable "cannot_connect_enabled" {
+  description = "Flag to enable HTTP cannot connect monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "cannot_connect_message" {
+  description = "Custom message for HTTP cannot connect monitor"
+  type        = string
+  default     = ""
+}
+
+variable "cannot_connect_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "cannot_connect_threshold_warning" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 2
+}
+
+variable "cannot_connect_threshold_critical" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_threshold_ok" {
+  description = "HTTP cannot connect monitor (ok threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_no_data_timeframe" {
+  description = "HTTP cannot connect monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "cannot_connect_extra_tags" {
+  description = "Extra tags for HTTP cannot connect monitor"
+  type        = list(string)
+  default     = []
+}
+
+#
+# SSL invalid certificate
+#
+variable "invalid_ssl_certificate_enabled" {
+  description = "Flag to enable SSL invalid certificate monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "invalid_ssl_certificate_message" {
+  description = "Custom message for SSL invalid certificate monitor"
+  type        = string
+  default     = ""
+}
+
+variable "invalid_ssl_certificate_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "invalid_ssl_certificate_threshold_warning" {
+  description = "SSL invalid certificate monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "invalid_ssl_certificate_threshold_critical" {
+  description = "SSL invalid certificate monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "invalid_ssl_certificate_no_data_timeframe" {
+  description = "SSL invalid certificate monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "invalid_ssl_certificate_extra_tags" {
+  description = "Extra tags for SSL invalid certificate monitor"
+  type        = list(string)
+  default     = []
+}
+
+#
+# Certificate Expiration Date
+#
+variable "certificate_expiration_date_enabled" {
+  description = "Flag to enable Certificate Expiration Date monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "certificate_expiration_date_message" {
+  description = "Custom message for the Certificate Expiration Date monitor"
+  type        = string
+  default     = ""
+}
+
+variable "certificate_expiration_date_time_aggregator" {
+  description = "Time aggregator for the Certificate Expiration Date monitor"
+  type        = string
+  default     = "max"
+}
+
+variable "certificate_expiration_date_timeframe" {
+  description = "Timeframe for the Certificate Expiration Date monitor"
+  type        = string
+  default     = "last_5m"
+}
+
+variable "certificate_expiration_date_threshold_warning" {
+  description = "Certificate Expiration Date warning threshold"
+  type        = string
+  default     = 30
+}
+
+variable "certificate_expiration_date_threshold_critical" {
+  description = "Certificate Expiration Date critical threshold"
+  type        = string
+  default     = 8
+}
+
+variable "certificate_expiration_date_extra_tags" {
+  description = "Extra tags for Certificate Expiration Date monitor"
+  type        = list(string)
+  default     = []
+}
diff --git a/network/http/modules.tf b/network/http/modules.tf
new file mode 100644
index 0000000..e96052c
--- /dev/null
+++ b/network/http/modules.tf
@@ -0,0 +1,9 @@
+module "filter-tags" {
+  source = "../../common/filter-tags"
+
+  environment                 = var.environment
+  resource                    = "http"
+  filter_tags_use_defaults    = var.filter_tags_use_defaults
+  filter_tags_custom          = var.filter_tags_custom
+  filter_tags_custom_excluded = var.filter_tags_custom_excluded
+}
diff --git a/network/http/monitors-http.tf b/network/http/monitors-http.tf
new file mode 100644
index 0000000..1d4b776
--- /dev/null
+++ b/network/http/monitors-http.tf
@@ -0,0 +1,107 @@
+#
+# HTTP Cannot Connect
+#
+resource "datadog_monitor" "cannot_connect" {
+  count   = var.cannot_connect_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] HTTP cannot connect"
+  message = coalesce(var.cannot_connect_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.cannot_connect_threshold_warning
+    critical = var.cannot_connect_threshold_critical
+    ok       = var.cannot_connect_threshold_ok
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.cannot_connect_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
+
+#
+# Invalid SSL Certificate
+#
+resource "datadog_monitor" "invalid_ssl_certificate" {
+  count   = var.invalid_ssl_certificate_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] SSL invalid certificate"
+  message = coalesce(var.invalid_ssl_certificate_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "http.ssl_cert"${module.filter-tags.service_check}.by("instance","url").last(${var.invalid_ssl_certificate_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.invalid_ssl_certificate_threshold_warning
+    critical = var.invalid_ssl_certificate_threshold_critical
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.invalid_ssl_certificate_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:ssl-certificate", "team:claranet", "created-by:terraform"], var.invalid_ssl_certificate_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
+
+#
+# Certificate Expiration Date
+#
+resource "datadog_monitor" "certificate_expiration_date" {
+  count   = var.certificate_expiration_date_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] SSL certificate expiration {{#is_alert}}{{{comparator}}} {{threshold}} ({{value}} days){{/is_alert}}{{#is_warning}}{{{comparator}}} {{warn_threshold}} ({{value}} days){{/is_warning}}"
+  message = coalesce(var.certificate_expiration_date_message, var.message)
+  type    = "query alert"
+
+  query = <<EOQ
+    ${var.certificate_expiration_date_time_aggregator}(${var.certificate_expiration_date_timeframe}):
+      avg:http.ssl.days_left${module.filter-tags.query_alert} by {url}
+    < ${var.certificate_expiration_date_threshold_critical}
+EOQ
+
+  thresholds = {
+    warning  = var.certificate_expiration_date_threshold_warning
+    critical = var.certificate_expiration_date_threshold_critical
+  }
+
+  evaluation_delay    = var.evaluation_delay
+  new_host_delay      = var.new_host_delay
+  notify_no_data      = false
+  renotify_interval   = 0
+  notify_audit        = false
+  timeout_h           = 0
+  include_tags        = true
+  locked              = false
+  require_full_window = true
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:ssl-certificate", "team:claranet", "created-by:terraform"], var.certificate_expiration_date_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
\ No newline at end of file
diff --git a/network/http/outputs.tf b/network/http/outputs.tf
new file mode 100644
index 0000000..f028c03
--- /dev/null
+++ b/network/http/outputs.tf
@@ -0,0 +1,15 @@
+output "cannot_connect_id" {
+  description = "id for monitor cannot_connect"
+  value       = datadog_monitor.cannot_connect.*.id
+}
+
+output "invalid_ssl_certificate_id" {
+  description = "id for monitor invalid_ssl_certificate"
+  value       = datadog_monitor.invalid_ssl_certificate.*.id
+}
+
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
+}
+
diff --git a/network/tls/README.md b/network/tls/README.md
new file mode 100644
index 0000000..d3d3082
--- /dev/null
+++ b/network/tls/README.md
@@ -0,0 +1,28 @@
+# NETWORK TLS DataDog monitors
+
+## How to use this module
+
+```
+module "datadog-monitors-network-tls" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/tls?ref={revision}"
+
+  environment = var.environment
+  message     = module.datadog-message-alerting.alerting-message
+}
+
+```
+
+## Purpose
+
+Creates DataDog monitors with the following checks:
+
+- TLS cannot connect
+- TLS certificate expiration
+- TLS certificate expiring
+- TLS invalid certificate
+
+
+## Related documentation
+
+- Datadog Documentation https://docs.datadoghq.com/integrations/tls/
+
diff --git a/network/tls/inputs.tf b/network/tls/inputs.tf
new file mode 100644
index 0000000..bb92313
--- /dev/null
+++ b/network/tls/inputs.tf
@@ -0,0 +1,226 @@
+# Global Terraform
+variable "environment" {
+  description = "Architecture Environment"
+  type        = string
+}
+
+# Global DataDog
+variable "evaluation_delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 15
+}
+
+variable "new_host_delay" {
+  description = "Delay in seconds before monitor new resource"
+  default     = 300
+}
+
+variable "prefix_slug" {
+  description = "Prefix string to prepend between brackets on every monitors names"
+  default     = ""
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "filter_tags_custom_excluded" {
+  description = "Tags excluded for custom filtering when filter_tags_use_defaults is false"
+  default     = ""
+}
+
+#
+# TLS Cannot Connect
+#
+variable "cannot_connect_enabled" {
+  description = "Flag to enable TLS cannot connect monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "cannot_connect_message" {
+  description = "Custom message for TLS cannot connect monitor"
+  type        = string
+  default     = ""
+}
+
+variable "cannot_connect_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "cannot_connect_threshold_warning" {
+  description = "TLS cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 2
+}
+
+variable "cannot_connect_threshold_critical" {
+  description = "TLS cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_threshold_ok" {
+  description = "TLS cannot connect monitor (ok threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_no_data_timeframe" {
+  description = "TLS cannot connect monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "cannot_connect_extra_tags" {
+  description = "Extra tags for TLS cannot connect monitor"
+  type        = list(string)
+  default     = []
+}
+
+#
+# TLS invalid certificate
+#
+variable "invalid_tls_certificate_enabled" {
+  description = "Flag to enable TLS certificate expiration monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "invalid_tls_certificate_message" {
+  description = "Custom message for TLS certificate expiration monitor"
+  type        = string
+  default     = ""
+}
+
+variable "invalid_tls_certificate_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "invalid_tls_certificate_threshold_warning" {
+  description = "TLS certificate expiration monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "invalid_tls_certificate_threshold_critical" {
+  description = "TLS certificate expiration monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "invalid_tls_certificate_no_data_timeframe" {
+  description = "TLS certificate expiration monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "invalid_tls_certificate_extra_tags" {
+  description = "Extra tags for TLS certificate expiration monitor"
+  type        = list(string)
+  default     = []
+}
+
+#
+# TLS Certificate Expiration
+#
+variable "tls_certificate_expiration_enabled" {
+  description = "Flag to enable TLS certificate expiration monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "tls_certificate_expiration_message" {
+  description = "Custom message for TLS certificate expiration monitor"
+  type        = string
+  default     = ""
+}
+
+variable "tls_certificate_expiration_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "tls_certificate_expiration_threshold_warning" {
+  description = "TLS certificate expiration monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "tls_certificate_expiration_threshold_critical" {
+  description = "TLS certificate expiration monitor (warning threshold)"
+  type        = string
+  default     = 5
+}
+
+variable "tls_certificate_expiration_no_data_timeframe" {
+  description = "TLS certificate expiration monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "tls_certificate_expiration_extra_tags" {
+  description = "Extra tags for TLS certificate expiration monitor"
+  type        = list(string)
+  default     = []
+}
+
+#
+# Certificate Expiration Date
+#
+variable "certificate_expiration_date_enabled" {
+  description = "Flag to enable Certificate Expiration Date monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "certificate_expiration_date_message" {
+  description = "Custom message for the Certificate Expiration Date monitor"
+  type        = string
+  default     = ""
+}
+
+variable "certificate_expiration_date_time_aggregator" {
+  description = "Time aggregator for the Certificate Expiration Date monitor"
+  type        = string
+  default     = "max"
+}
+
+variable "certificate_expiration_date_timeframe" {
+  description = "Timeframe for the Certificate Expiration Date monitor"
+  type        = string
+  default     = "last_5m"
+}
+
+variable "certificate_expiration_date_threshold_warning" {
+  description = "Container Memory Usage warning threshold"
+  type        = string
+  default     = 30
+}
+
+variable "certificate_expiration_date_threshold_critical" {
+  description = "Container Memory Usage critical threshold"
+  type        = string
+  default     = 8
+}
+
+variable "certificate_expiration_date_extra_tags" {
+  description = "Extra tags for Certificate Expiration Date monitor"
+  type        = list(string)
+  default     = []
+}
\ No newline at end of file
diff --git a/network/tls/modules.tf b/network/tls/modules.tf
new file mode 100644
index 0000000..941bec4
--- /dev/null
+++ b/network/tls/modules.tf
@@ -0,0 +1,9 @@
+module "filter-tags" {
+  source = "../../common/filter-tags"
+
+  environment                 = var.environment
+  resource                    = "tls"
+  filter_tags_use_defaults    = var.filter_tags_use_defaults
+  filter_tags_custom          = var.filter_tags_custom
+  filter_tags_custom_excluded = var.filter_tags_custom_excluded
+}
diff --git a/network/tls/monitors-tls.tf b/network/tls/monitors-tls.tf
new file mode 100644
index 0000000..cad2aae
--- /dev/null
+++ b/network/tls/monitors-tls.tf
@@ -0,0 +1,143 @@
+#
+# TLS Cannot Connect
+#
+resource "datadog_monitor" "cannot_connect" {
+  count   = var.cannot_connect_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] TLS cannot connect"
+  message = coalesce(var.cannot_connect_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "tls.can_connect"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.cannot_connect_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.cannot_connect_threshold_warning
+    critical = var.cannot_connect_threshold_critical
+    ok       = var.cannot_connect_threshold_ok
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.cannot_connect_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:tls", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
+
+#
+# Invalid TLS Certificate
+#
+resource "datadog_monitor" "invalid_tls_certificate" {
+  count   = var.invalid_tls_certificate_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] TLS invalid certificate"
+  message = coalesce(var.invalid_tls_certificate_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "tls.cert_validation"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.invalid_tls_certificate_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.invalid_tls_certificate_threshold_warning
+    critical = var.invalid_tls_certificate_threshold_critical
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.invalid_tls_certificate_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:tls", "resource:tls-certificate", "team:claranet", "created-by:terraform"], var.invalid_tls_certificate_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
+
+#
+# TLS Certificate Expiration
+#
+resource "datadog_monitor" "tls_certificate_expiration" {
+  count   = var.tls_certificate_expiration_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] TLS certificate expiring"
+  message = coalesce(var.tls_certificate_expiration_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "tls.cert_expiration"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.tls_certificate_expiration_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.tls_certificate_expiration_threshold_warning
+    critical = var.tls_certificate_expiration_threshold_critical
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.tls_certificate_expiration_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:tls", "resource:tls-certificate", "team:claranet", "created-by:terraform"], var.tls_certificate_expiration_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
+
+#
+# Certificate Expiration Date
+#
+resource "datadog_monitor" "certificate_expiration_date" {
+  count   = var.certificate_expiration_date_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] TLS certificate expiration {{#is_alert}}{{{comparator}}} {{threshold}} ({{value}} days){{/is_alert}}{{#is_warning}}{{{comparator}}} {{warn_threshold}} ({{value}} days){{/is_warning}}"
+  message = var.certificate_expiration_date_message
+  type    = "query alert"
+
+  query = <<EOQ
+    ${var.certificate_expiration_date_time_aggregator}(${var.certificate_expiration_date_timeframe}):
+      avg:tls.days_left${module.filter-tags.query_alert} by {name,server,port,server_hostname}
+    < ${var.certificate_expiration_date_threshold_critical}
+EOQ
+
+
+  thresholds = {
+    warning  = var.certificate_expiration_date_threshold_warning
+    critical = var.certificate_expiration_date_threshold_critical
+  }
+
+  evaluation_delay    = var.evaluation_delay
+  new_host_delay      = var.new_host_delay
+  notify_no_data      = false
+  renotify_interval   = 0
+  notify_audit        = false
+  timeout_h           = 0
+  include_tags        = true
+  locked              = false
+  require_full_window = true
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:tls", "resource:tls-certificate", "team:claranet", "created-by:terraform"], var.certificate_expiration_date_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
\ No newline at end of file
diff --git a/network/tls/outputs.tf b/network/tls/outputs.tf
new file mode 100644
index 0000000..e40331d
--- /dev/null
+++ b/network/tls/outputs.tf
@@ -0,0 +1,20 @@
+output "cannot_connect_id" {
+  description = "id for monitor cannot_connect"
+  value       = datadog_monitor.cannot_connect.*.id
+}
+
+output "invalid_tls_certificate_id" {
+  description = "id for monitor invalid_tls_certificate"
+  value       = datadog_monitor.invalid_tls_certificate.*.id
+}
+
+output "tls_certificate_expiration_id" {
+  description = "id for monitor tls_certificate_expiration"
+  value       = datadog_monitor.tls_certificate_expiration.*.id
+}
+
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
+}
+

From 55545331da2f0fda38607743c231df9215a244da Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Tue, 20 Aug 2019 12:32:35 +0100
Subject: [PATCH 2/5] MON-499 Readmes ready. Only one monitor with no data TRUE
 per module

---
 network/dns/README.md         | 27 +++++++++++++++++-
 network/http/README.md        | 44 ++++++++++++++++++++++++++++-
 network/http/monitors-http.tf |  2 +-
 network/tls/README.md         | 52 ++++++++++++++++++++++++++++++++++-
 network/tls/monitors-tls.tf   |  4 +--
 5 files changed, 123 insertions(+), 6 deletions(-)

diff --git a/network/dns/README.md b/network/dns/README.md
index 8d459a7..e33a8bf 100644
--- a/network/dns/README.md
+++ b/network/dns/README.md
@@ -18,7 +18,32 @@ Creates DataDog monitors with the following checks:
 
 - DNS cannot resolve
 
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cannot\_resolve\_enabled | Flag to enable DNS cannot resolve monitor | string | `"true"` | no |
+| cannot\_resolve\_extra\_tags | Extra tags for DNS cannot resolve monitor | list(string) | `[]` | no |
+| cannot\_resolve\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| cannot\_resolve\_message | Custom message for DNS cannot resolve monitor | string | `""` | no |
+| cannot\_resolve\_no\_data\_timeframe | DNS cannot resolve monitor no data timeframe | string | `"10"` | no |
+| cannot\_resolve\_threshold\_critical | DNS cannot resolve monitor (warning threshold) | string | `"5"` | no |
+| cannot\_resolve\_threshold\_warning | DNS cannot resolve monitor (warning threshold) | string | `"3"` | no |
+| environment | Architecture Environment | string | n/a | yes |
+| evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
+| filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
+| filter\_tags\_custom\_excluded | Tags excluded for custom filtering when filter_tags_use_defaults is false | string | `""` | no |
+| filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
+| message | Message sent when an alert is triggered | string | n/a | yes |
+| new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
+| prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cannot\_resolve\_id | id for monitor cannot_resolve |
 
 ## Related documentation
 
-- Datadog Documentation https://docs.datadoghq.com/integrations/dns_check/
+- [Datadog DNS integration](https://docs.datadoghq.com/integrations/dns_check/)
diff --git a/network/http/README.md b/network/http/README.md
index d9a0003..8a8288c 100644
--- a/network/http/README.md
+++ b/network/http/README.md
@@ -20,7 +20,49 @@ Creates DataDog monitors with the following checks:
 - SSL certificate expiration
 - SSL invalid certificate
 
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
+| cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
+| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
+| cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
+| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
+| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"true"` | no |
+| certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
+| certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
+| certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_warning | Certificate Expiration Date warning threshold | string | `"30"` | no |
+| certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
+| certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
+| environment | Architecture Environment | string | n/a | yes |
+| evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
+| filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
+| filter\_tags\_custom\_excluded | Tags excluded for custom filtering when filter_tags_use_defaults is false | string | `""` | no |
+| filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
+| invalid\_ssl\_certificate\_enabled | Flag to enable SSL invalid certificate monitor | string | `"true"` | no |
+| invalid\_ssl\_certificate\_extra\_tags | Extra tags for SSL invalid certificate monitor | list(string) | `[]` | no |
+| invalid\_ssl\_certificate\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| invalid\_ssl\_certificate\_message | Custom message for SSL invalid certificate monitor | string | `""` | no |
+| invalid\_ssl\_certificate\_no\_data\_timeframe | SSL invalid certificate monitor no data timeframe | string | `"10"` | no |
+| invalid\_ssl\_certificate\_threshold\_critical | SSL invalid certificate monitor (warning threshold) | string | `"5"` | no |
+| invalid\_ssl\_certificate\_threshold\_warning | SSL invalid certificate monitor (warning threshold) | string | `"5"` | no |
+| message | Message sent when an alert is triggered | string | n/a | yes |
+| new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
+| prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cannot\_connect\_id | id for monitor cannot_connect |
+| certificate\_expiration\_date\_id | id for monitor certificate_expiration_date |
+| invalid\_ssl\_certificate\_id | id for monitor invalid_ssl_certificate |
 
 ## Related documentation
 
-- Datadog Documentation https://docs.datadoghq.com/integrations/http_check/
\ No newline at end of file
+- [Datadog HTTP integration](https://docs.datadoghq.com/integrations/http_check/)
diff --git a/network/http/monitors-http.tf b/network/http/monitors-http.tf
index 1d4b776..c431332 100644
--- a/network/http/monitors-http.tf
+++ b/network/http/monitors-http.tf
@@ -54,7 +54,7 @@ EOQ
 
   new_host_delay      = var.new_host_delay
   no_data_timeframe   = var.invalid_ssl_certificate_no_data_timeframe
-  notify_no_data      = true
+  notify_no_data      = false
   notify_audit        = false
   locked              = false
   timeout_h           = 0
diff --git a/network/tls/README.md b/network/tls/README.md
index d3d3082..10ac9b1 100644
--- a/network/tls/README.md
+++ b/network/tls/README.md
@@ -21,8 +21,58 @@ Creates DataDog monitors with the following checks:
 - TLS certificate expiring
 - TLS invalid certificate
 
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cannot\_connect\_enabled | Flag to enable TLS cannot connect monitor | string | `"true"` | no |
+| cannot\_connect\_extra\_tags | Extra tags for TLS cannot connect monitor | list(string) | `[]` | no |
+| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| cannot\_connect\_message | Custom message for TLS cannot connect monitor | string | `""` | no |
+| cannot\_connect\_no\_data\_timeframe | TLS cannot connect monitor no data timeframe | string | `"10"` | no |
+| cannot\_connect\_threshold\_critical | TLS cannot connect monitor (warning threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_ok | TLS cannot connect monitor (ok threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_warning | TLS cannot connect monitor (warning threshold) | string | `"2"` | no |
+| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"true"` | no |
+| certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
+| certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
+| certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_warning | Container Memory Usage warning threshold | string | `"30"` | no |
+| certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
+| certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
+| environment | Architecture Environment | string | n/a | yes |
+| evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
+| filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
+| filter\_tags\_custom\_excluded | Tags excluded for custom filtering when filter_tags_use_defaults is false | string | `""` | no |
+| filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
+| invalid\_tls\_certificate\_enabled | Flag to enable TLS certificate expiration monitor | string | `"true"` | no |
+| invalid\_tls\_certificate\_extra\_tags | Extra tags for TLS certificate expiration monitor | list(string) | `[]` | no |
+| invalid\_tls\_certificate\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| invalid\_tls\_certificate\_message | Custom message for TLS certificate expiration monitor | string | `""` | no |
+| invalid\_tls\_certificate\_no\_data\_timeframe | TLS certificate expiration monitor no data timeframe | string | `"10"` | no |
+| invalid\_tls\_certificate\_threshold\_critical | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
+| invalid\_tls\_certificate\_threshold\_warning | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
+| message | Message sent when an alert is triggered | string | n/a | yes |
+| new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
+| prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
+| tls\_certificate\_expiration\_enabled | Flag to enable TLS certificate expiration monitor | string | `"true"` | no |
+| tls\_certificate\_expiration\_extra\_tags | Extra tags for TLS certificate expiration monitor | list(string) | `[]` | no |
+| tls\_certificate\_expiration\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| tls\_certificate\_expiration\_message | Custom message for TLS certificate expiration monitor | string | `""` | no |
+| tls\_certificate\_expiration\_no\_data\_timeframe | TLS certificate expiration monitor no data timeframe | string | `"10"` | no |
+| tls\_certificate\_expiration\_threshold\_critical | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
+| tls\_certificate\_expiration\_threshold\_warning | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cannot\_connect\_id | id for monitor cannot_connect |
+| certificate\_expiration\_date\_id | id for monitor certificate_expiration_date |
+| invalid\_tls\_certificate\_id | id for monitor invalid_tls_certificate |
+| tls\_certificate\_expiration\_id | id for monitor tls_certificate_expiration |
 
 ## Related documentation
 
-- Datadog Documentation https://docs.datadoghq.com/integrations/tls/
+- [Datadog TLS integration](https://docs.datadoghq.com/integrations/tls/)
 
diff --git a/network/tls/monitors-tls.tf b/network/tls/monitors-tls.tf
index cad2aae..402caca 100644
--- a/network/tls/monitors-tls.tf
+++ b/network/tls/monitors-tls.tf
@@ -54,7 +54,7 @@ EOQ
 
   new_host_delay      = var.new_host_delay
   no_data_timeframe   = var.invalid_tls_certificate_no_data_timeframe
-  notify_no_data      = true
+  notify_no_data      = false
   notify_audit        = false
   locked              = false
   timeout_h           = 0
@@ -89,7 +89,7 @@ EOQ
 
   new_host_delay      = var.new_host_delay
   no_data_timeframe   = var.tls_certificate_expiration_no_data_timeframe
-  notify_no_data      = true
+  notify_no_data      = false
   notify_audit        = false
   locked              = false
   timeout_h           = 0

From 00e2104623bd2d32a52cd5b902649a89e86352bd Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Tue, 20 Aug 2019 12:45:21 +0100
Subject: [PATCH 3/5] MON-499 Disable by default the monitors for the
 certificates using the metric instead the service check

---
 network/http/README.md | 4 ++--
 network/http/inputs.tf | 2 +-
 network/tls/README.md  | 4 ++--
 network/tls/inputs.tf  | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/network/http/README.md b/network/http/README.md
index 8a8288c..d894492 100644
--- a/network/http/README.md
+++ b/network/http/README.md
@@ -17,7 +17,7 @@ module "datadog-monitors-network-http" {
 Creates DataDog monitors with the following checks:
 
 - HTTP cannot connect
-- SSL certificate expiration
+- SSL certificate expiration (disabled by default)
 - SSL invalid certificate
 
 ## Inputs
@@ -32,7 +32,7 @@ Creates DataDog monitors with the following checks:
 | cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
 | cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
 | cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
-| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"true"` | no |
+| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
 | certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"8"` | no |
diff --git a/network/http/inputs.tf b/network/http/inputs.tf
index 3b50be0..a90387a 100644
--- a/network/http/inputs.tf
+++ b/network/http/inputs.tf
@@ -141,7 +141,7 @@ variable "invalid_ssl_certificate_extra_tags" {
 variable "certificate_expiration_date_enabled" {
   description = "Flag to enable Certificate Expiration Date monitor"
   type        = string
-  default     = "true"
+  default     = "false"
 }
 
 variable "certificate_expiration_date_message" {
diff --git a/network/tls/README.md b/network/tls/README.md
index 10ac9b1..2a7f472 100644
--- a/network/tls/README.md
+++ b/network/tls/README.md
@@ -17,7 +17,7 @@ module "datadog-monitors-network-tls" {
 Creates DataDog monitors with the following checks:
 
 - TLS cannot connect
-- TLS certificate expiration
+- TLS certificate expiration (disabled by default)
 - TLS certificate expiring
 - TLS invalid certificate
 
@@ -33,7 +33,7 @@ Creates DataDog monitors with the following checks:
 | cannot\_connect\_threshold\_critical | TLS cannot connect monitor (warning threshold) | string | `"3"` | no |
 | cannot\_connect\_threshold\_ok | TLS cannot connect monitor (ok threshold) | string | `"3"` | no |
 | cannot\_connect\_threshold\_warning | TLS cannot connect monitor (warning threshold) | string | `"2"` | no |
-| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"true"` | no |
+| certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
 | certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"8"` | no |
diff --git a/network/tls/inputs.tf b/network/tls/inputs.tf
index bb92313..c2ba5e5 100644
--- a/network/tls/inputs.tf
+++ b/network/tls/inputs.tf
@@ -186,7 +186,7 @@ variable "tls_certificate_expiration_extra_tags" {
 variable "certificate_expiration_date_enabled" {
   description = "Flag to enable Certificate Expiration Date monitor"
   type        = string
-  default     = "true"
+  default     = "false"
 }
 
 variable "certificate_expiration_date_message" {

From ac5b9e3262f04f51a3b4580243195fb0a9949316 Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Fri, 30 Aug 2019 11:16:51 +0100
Subject: [PATCH 4/5] MON-499 HTTP monitors now in two modules: webcheck and
 ssl. Critical threshold for SSL and TLS monitors on metric are now 15 days.

---
 README.md                                     |  2 +
 network/http/{ => ssl}/README.md              | 19 +---
 network/http/{ => ssl}/inputs.tf              | 55 +----------
 network/http/{ => ssl}/modules.tf             |  0
 .../{monitors-http.tf => ssl/monitors-ssl.tf} | 36 --------
 network/http/{ => ssl}/outputs.tf             | 11 +--
 network/http/webcheck/README.md               | 49 ++++++++++
 network/http/webcheck/inputs.tf               | 91 +++++++++++++++++++
 network/http/webcheck/modules.tf              |  9 ++
 network/http/webcheck/monitors-webcheck.tf    | 35 +++++++
 network/http/webcheck/outputs.tf              |  5 +
 network/tls/README.md                         |  2 +-
 network/tls/inputs.tf                         |  2 +-
 network/tls/outputs.tf                        | 10 +-
 14 files changed, 207 insertions(+), 119 deletions(-)
 rename network/http/{ => ssl}/README.md (72%)
 rename network/http/{ => ssl}/inputs.tf (73%)
 rename network/http/{ => ssl}/modules.tf (100%)
 rename network/http/{monitors-http.tf => ssl/monitors-ssl.tf} (69%)
 rename network/http/{ => ssl}/outputs.tf (71%)
 create mode 100644 network/http/webcheck/README.md
 create mode 100644 network/http/webcheck/inputs.tf
 create mode 100644 network/http/webcheck/modules.tf
 create mode 100644 network/http/webcheck/monitors-webcheck.tf
 create mode 100644 network/http/webcheck/outputs.tf

diff --git a/README.md b/README.md
index 2c4f1f5..5eba7b8 100644
--- a/README.md
+++ b/README.md
@@ -203,6 +203,8 @@ The `//` is very important, it's a terraform specific syntax used to separate gi
 - [network](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/)
 	- [dns](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/dns/)
 	- [http](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/)
+		- [ssl](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/ssl/)
+		- [webcheck](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/http/webcheck/)
 	- [tls](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/network/tls/)
 - [saas](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/)
 	- [new-relic](https://git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors/tree/master/saas/new-relic/)
diff --git a/network/http/README.md b/network/http/ssl/README.md
similarity index 72%
rename from network/http/README.md
rename to network/http/ssl/README.md
index d894492..aaa2377 100644
--- a/network/http/README.md
+++ b/network/http/ssl/README.md
@@ -1,10 +1,10 @@
-# NETWORK HTTP DataDog monitors
+# NETWORK HTTP SSL DataDog monitors
 
 ## How to use this module
 
 ```
-module "datadog-monitors-network-http" {
-  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http?ref={revision}"
+module "datadog-monitors-network-http-ssl" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http/ssl?ref={revision}"
 
   environment = var.environment
   message     = module.datadog-message-alerting.alerting-message
@@ -16,7 +16,6 @@ module "datadog-monitors-network-http" {
 
 Creates DataDog monitors with the following checks:
 
-- HTTP cannot connect
 - SSL certificate expiration (disabled by default)
 - SSL invalid certificate
 
@@ -24,18 +23,10 @@ Creates DataDog monitors with the following checks:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
-| cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
-| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
-| cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
-| cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
-| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
 | certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
-| certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_critical | Certificate Expiration Date critical threshold | string | `"15"` | no |
 | certificate\_expiration\_date\_threshold\_warning | Certificate Expiration Date warning threshold | string | `"30"` | no |
 | certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
 | certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
@@ -59,10 +50,8 @@ Creates DataDog monitors with the following checks:
 
 | Name | Description |
 |------|-------------|
-| cannot\_connect\_id | id for monitor cannot_connect |
 | certificate\_expiration\_date\_id | id for monitor certificate_expiration_date |
 | invalid\_ssl\_certificate\_id | id for monitor invalid_ssl_certificate |
 
 ## Related documentation
 
-- [Datadog HTTP integration](https://docs.datadoghq.com/integrations/http_check/)
diff --git a/network/http/inputs.tf b/network/http/ssl/inputs.tf
similarity index 73%
rename from network/http/inputs.tf
rename to network/http/ssl/inputs.tf
index a90387a..5bbbfcf 100644
--- a/network/http/inputs.tf
+++ b/network/http/ssl/inputs.tf
@@ -39,57 +39,6 @@ variable "filter_tags_custom_excluded" {
   default     = ""
 }
 
-#
-# HTTP Cannot Connect
-#
-variable "cannot_connect_enabled" {
-  description = "Flag to enable HTTP cannot connect monitor"
-  type        = string
-  default     = "true"
-}
-
-variable "cannot_connect_message" {
-  description = "Custom message for HTTP cannot connect monitor"
-  type        = string
-  default     = ""
-}
-
-variable "cannot_connect_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
-variable "cannot_connect_threshold_warning" {
-  description = "HTTP cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 2
-}
-
-variable "cannot_connect_threshold_critical" {
-  description = "HTTP cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_threshold_ok" {
-  description = "HTTP cannot connect monitor (ok threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_no_data_timeframe" {
-  description = "HTTP cannot connect monitor no data timeframe"
-  type        = string
-  default     = 10
-}
-
-variable "cannot_connect_extra_tags" {
-  description = "Extra tags for HTTP cannot connect monitor"
-  type        = list(string)
-  default     = []
-}
-
 #
 # SSL invalid certificate
 #
@@ -171,11 +120,11 @@ variable "certificate_expiration_date_threshold_warning" {
 variable "certificate_expiration_date_threshold_critical" {
   description = "Certificate Expiration Date critical threshold"
   type        = string
-  default     = 8
+  default     = 15
 }
 
 variable "certificate_expiration_date_extra_tags" {
   description = "Extra tags for Certificate Expiration Date monitor"
   type        = list(string)
   default     = []
-}
+}
\ No newline at end of file
diff --git a/network/http/modules.tf b/network/http/ssl/modules.tf
similarity index 100%
rename from network/http/modules.tf
rename to network/http/ssl/modules.tf
diff --git a/network/http/monitors-http.tf b/network/http/ssl/monitors-ssl.tf
similarity index 69%
rename from network/http/monitors-http.tf
rename to network/http/ssl/monitors-ssl.tf
index c431332..0a4034d 100644
--- a/network/http/monitors-http.tf
+++ b/network/http/ssl/monitors-ssl.tf
@@ -1,39 +1,3 @@
-#
-# HTTP Cannot Connect
-#
-resource "datadog_monitor" "cannot_connect" {
-  count   = var.cannot_connect_enabled == "true" ? 1 : 0
-  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] HTTP cannot connect"
-  message = coalesce(var.cannot_connect_message, var.message)
-  type    = "service check"
-
-  query = <<EOQ
-    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
-EOQ
-
-  thresholds = {
-    warning  = var.cannot_connect_threshold_warning
-    critical = var.cannot_connect_threshold_critical
-    ok       = var.cannot_connect_threshold_ok
-  }
-
-  new_host_delay      = var.new_host_delay
-  no_data_timeframe   = var.cannot_connect_no_data_timeframe
-  notify_no_data      = true
-  notify_audit        = false
-  locked              = false
-  timeout_h           = 0
-  include_tags        = true
-  require_full_window = true
-  renotify_interval   = 0
-
-  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
-
-  lifecycle {
-    ignore_changes = ["silenced"]
-  }
-}
-
 #
 # Invalid SSL Certificate
 #
diff --git a/network/http/outputs.tf b/network/http/ssl/outputs.tf
similarity index 71%
rename from network/http/outputs.tf
rename to network/http/ssl/outputs.tf
index f028c03..9cc4b61 100644
--- a/network/http/outputs.tf
+++ b/network/http/ssl/outputs.tf
@@ -1,6 +1,6 @@
-output "cannot_connect_id" {
-  description = "id for monitor cannot_connect"
-  value       = datadog_monitor.cannot_connect.*.id
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
 }
 
 output "invalid_ssl_certificate_id" {
@@ -8,8 +8,3 @@ output "invalid_ssl_certificate_id" {
   value       = datadog_monitor.invalid_ssl_certificate.*.id
 }
 
-output "certificate_expiration_date_id" {
-  description = "id for monitor certificate_expiration_date"
-  value       = datadog_monitor.certificate_expiration_date.*.id
-}
-
diff --git a/network/http/webcheck/README.md b/network/http/webcheck/README.md
new file mode 100644
index 0000000..99e4f8c
--- /dev/null
+++ b/network/http/webcheck/README.md
@@ -0,0 +1,49 @@
+# NETWORK HTTP WEBCHECK DataDog monitors
+
+## How to use this module
+
+```
+module "datadog-monitors-network-http-webcheck" {
+  source = "git::ssh://git@git.fr.clara.net/claranet/pt-monitoring/projects/datadog/terraform/monitors.git//network/http/webcheck?ref={revision}"
+
+  environment = var.environment
+  message     = module.datadog-message-alerting.alerting-message
+}
+
+```
+
+## Purpose
+
+Creates DataDog monitors with the following checks:
+
+- HTTP cannot connect
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
+| cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
+| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
+| cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
+| cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
+| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
+| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
+| environment | Architecture Environment | string | n/a | yes |
+| evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
+| filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
+| filter\_tags\_custom\_excluded | Tags excluded for custom filtering when filter_tags_use_defaults is false | string | `""` | no |
+| filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
+| message | Message sent when an alert is triggered | string | n/a | yes |
+| new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
+| prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cannot\_connect\_id | id for monitor cannot_connect |
+
+## Related documentation
+
diff --git a/network/http/webcheck/inputs.tf b/network/http/webcheck/inputs.tf
new file mode 100644
index 0000000..bbeb6f0
--- /dev/null
+++ b/network/http/webcheck/inputs.tf
@@ -0,0 +1,91 @@
+# Global Terraform
+variable "environment" {
+  description = "Architecture Environment"
+  type        = string
+}
+
+# Global DataDog
+variable "evaluation_delay" {
+  description = "Delay in seconds for the metric evaluation"
+  default     = 15
+}
+
+variable "new_host_delay" {
+  description = "Delay in seconds before monitor new resource"
+  default     = 300
+}
+
+variable "prefix_slug" {
+  description = "Prefix string to prepend between brackets on every monitors names"
+  default     = ""
+}
+
+variable "message" {
+  description = "Message sent when an alert is triggered"
+}
+
+variable "filter_tags_use_defaults" {
+  description = "Use default filter tags convention"
+  default     = "true"
+}
+
+variable "filter_tags_custom" {
+  description = "Tags used for custom filtering when filter_tags_use_defaults is false"
+  default     = "*"
+}
+
+variable "filter_tags_custom_excluded" {
+  description = "Tags excluded for custom filtering when filter_tags_use_defaults is false"
+  default     = ""
+}
+
+#
+# HTTP Cannot Connect
+#
+variable "cannot_connect_enabled" {
+  description = "Flag to enable HTTP cannot connect monitor"
+  type        = string
+  default     = "true"
+}
+
+variable "cannot_connect_message" {
+  description = "Custom message for HTTP cannot connect monitor"
+  type        = string
+  default     = ""
+}
+
+variable "cannot_connect_last" {
+  description = "Parameter 'last' for the service check"
+  type        = string
+  default     = 6
+}
+
+variable "cannot_connect_threshold_warning" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 2
+}
+
+variable "cannot_connect_threshold_critical" {
+  description = "HTTP cannot connect monitor (warning threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_threshold_ok" {
+  description = "HTTP cannot connect monitor (ok threshold)"
+  type        = string
+  default     = 3
+}
+
+variable "cannot_connect_no_data_timeframe" {
+  description = "HTTP cannot connect monitor no data timeframe"
+  type        = string
+  default     = 10
+}
+
+variable "cannot_connect_extra_tags" {
+  description = "Extra tags for HTTP cannot connect monitor"
+  type        = list(string)
+  default     = []
+}
\ No newline at end of file
diff --git a/network/http/webcheck/modules.tf b/network/http/webcheck/modules.tf
new file mode 100644
index 0000000..e96052c
--- /dev/null
+++ b/network/http/webcheck/modules.tf
@@ -0,0 +1,9 @@
+module "filter-tags" {
+  source = "../../common/filter-tags"
+
+  environment                 = var.environment
+  resource                    = "http"
+  filter_tags_use_defaults    = var.filter_tags_use_defaults
+  filter_tags_custom          = var.filter_tags_custom
+  filter_tags_custom_excluded = var.filter_tags_custom_excluded
+}
diff --git a/network/http/webcheck/monitors-webcheck.tf b/network/http/webcheck/monitors-webcheck.tf
new file mode 100644
index 0000000..c9f2a4e
--- /dev/null
+++ b/network/http/webcheck/monitors-webcheck.tf
@@ -0,0 +1,35 @@
+#
+# HTTP Cannot Connect
+#
+resource "datadog_monitor" "cannot_connect" {
+  count   = var.cannot_connect_enabled == "true" ? 1 : 0
+  name    = "${var.prefix_slug == "" ? "" : "[${var.prefix_slug}]"}[${var.environment}] HTTP cannot connect"
+  message = coalesce(var.cannot_connect_message, var.message)
+  type    = "service check"
+
+  query = <<EOQ
+    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
+EOQ
+
+  thresholds = {
+    warning  = var.cannot_connect_threshold_warning
+    critical = var.cannot_connect_threshold_critical
+    ok       = var.cannot_connect_threshold_ok
+  }
+
+  new_host_delay      = var.new_host_delay
+  no_data_timeframe   = var.cannot_connect_no_data_timeframe
+  notify_no_data      = true
+  notify_audit        = false
+  locked              = false
+  timeout_h           = 0
+  include_tags        = true
+  require_full_window = true
+  renotify_interval   = 0
+
+  tags = concat(["env:${var.environment}", "type:network", "provider:http_check", "resource:webcheck", "team:claranet", "created-by:terraform"], var.cannot_connect_extra_tags)
+
+  lifecycle {
+    ignore_changes = ["silenced"]
+  }
+}
diff --git a/network/http/webcheck/outputs.tf b/network/http/webcheck/outputs.tf
new file mode 100644
index 0000000..50ab0f6
--- /dev/null
+++ b/network/http/webcheck/outputs.tf
@@ -0,0 +1,5 @@
+output "cannot_connect_id" {
+  description = "id for monitor cannot_connect"
+  value       = datadog_monitor.cannot_connect.*.id
+}
+
diff --git a/network/tls/README.md b/network/tls/README.md
index 2a7f472..e5b6422 100644
--- a/network/tls/README.md
+++ b/network/tls/README.md
@@ -36,7 +36,7 @@ Creates DataDog monitors with the following checks:
 | certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
-| certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"8"` | no |
+| certificate\_expiration\_date\_threshold\_critical | Container Memory Usage critical threshold | string | `"15"` | no |
 | certificate\_expiration\_date\_threshold\_warning | Container Memory Usage warning threshold | string | `"30"` | no |
 | certificate\_expiration\_date\_time\_aggregator | Time aggregator for the Certificate Expiration Date monitor | string | `"max"` | no |
 | certificate\_expiration\_date\_timeframe | Timeframe for the Certificate Expiration Date monitor | string | `"last_5m"` | no |
diff --git a/network/tls/inputs.tf b/network/tls/inputs.tf
index c2ba5e5..31a051a 100644
--- a/network/tls/inputs.tf
+++ b/network/tls/inputs.tf
@@ -216,7 +216,7 @@ variable "certificate_expiration_date_threshold_warning" {
 variable "certificate_expiration_date_threshold_critical" {
   description = "Container Memory Usage critical threshold"
   type        = string
-  default     = 8
+  default     = 15
 }
 
 variable "certificate_expiration_date_extra_tags" {
diff --git a/network/tls/outputs.tf b/network/tls/outputs.tf
index e40331d..f491451 100644
--- a/network/tls/outputs.tf
+++ b/network/tls/outputs.tf
@@ -3,6 +3,11 @@ output "cannot_connect_id" {
   value       = datadog_monitor.cannot_connect.*.id
 }
 
+output "certificate_expiration_date_id" {
+  description = "id for monitor certificate_expiration_date"
+  value       = datadog_monitor.certificate_expiration_date.*.id
+}
+
 output "invalid_tls_certificate_id" {
   description = "id for monitor invalid_tls_certificate"
   value       = datadog_monitor.invalid_tls_certificate.*.id
@@ -13,8 +18,3 @@ output "tls_certificate_expiration_id" {
   value       = datadog_monitor.tls_certificate_expiration.*.id
 }
 
-output "certificate_expiration_date_id" {
-  description = "id for monitor certificate_expiration_date"
-  value       = datadog_monitor.certificate_expiration_date.*.id
-}
-

From 70894689a2b6b117f823948972f761fd40928959 Mon Sep 17 00:00:00 2001
From: Rafael Romero Carmona <rafael.romero.carmona@fr.clara.net>
Date: Fri, 30 Aug 2019 12:26:20 +0100
Subject: [PATCH 5/5] MON-499 Service checks modified to use the standard
 structure and values.

---
 network/dns/README.md                      |  2 -
 network/dns/inputs.tf                      | 12 ------
 network/dns/monitors-dns.tf                |  4 +-
 network/http/ssl/README.md                 |  4 +-
 network/http/ssl/inputs.tf                 | 14 +------
 network/http/ssl/monitors-ssl.tf           |  4 +-
 network/http/webcheck/README.md            |  5 +--
 network/http/webcheck/inputs.tf            | 18 ---------
 network/http/webcheck/monitors-webcheck.tf |  5 +--
 network/tls/README.md                      | 11 +-----
 network/tls/inputs.tf                      | 44 +---------------------
 network/tls/monitors-tls.tf                | 13 +++----
 12 files changed, 18 insertions(+), 118 deletions(-)

diff --git a/network/dns/README.md b/network/dns/README.md
index e33a8bf..533d1de 100644
--- a/network/dns/README.md
+++ b/network/dns/README.md
@@ -24,10 +24,8 @@ Creates DataDog monitors with the following checks:
 |------|-------------|:----:|:-----:|:-----:|
 | cannot\_resolve\_enabled | Flag to enable DNS cannot resolve monitor | string | `"true"` | no |
 | cannot\_resolve\_extra\_tags | Extra tags for DNS cannot resolve monitor | list(string) | `[]` | no |
-| cannot\_resolve\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | cannot\_resolve\_message | Custom message for DNS cannot resolve monitor | string | `""` | no |
 | cannot\_resolve\_no\_data\_timeframe | DNS cannot resolve monitor no data timeframe | string | `"10"` | no |
-| cannot\_resolve\_threshold\_critical | DNS cannot resolve monitor (warning threshold) | string | `"5"` | no |
 | cannot\_resolve\_threshold\_warning | DNS cannot resolve monitor (warning threshold) | string | `"3"` | no |
 | environment | Architecture Environment | string | n/a | yes |
 | evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
diff --git a/network/dns/inputs.tf b/network/dns/inputs.tf
index dfd4a03..83e766f 100644
--- a/network/dns/inputs.tf
+++ b/network/dns/inputs.tf
@@ -54,24 +54,12 @@ variable "cannot_resolve_message" {
   default     = ""
 }
 
-variable "cannot_resolve_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "cannot_resolve_threshold_warning" {
   description = "DNS cannot resolve monitor (warning threshold)"
   type        = string
   default     = 3
 }
 
-variable "cannot_resolve_threshold_critical" {
-  description = "DNS cannot resolve monitor (warning threshold)"
-  type        = string
-  default     = 5
-}
-
 variable "cannot_resolve_no_data_timeframe" {
   description = "DNS cannot resolve monitor no data timeframe"
   type        = string
diff --git a/network/dns/monitors-dns.tf b/network/dns/monitors-dns.tf
index 48f1c8c..8aee37b 100644
--- a/network/dns/monitors-dns.tf
+++ b/network/dns/monitors-dns.tf
@@ -8,12 +8,12 @@ resource "datadog_monitor" "cannot_resolve" {
   type    = "service check"
 
   query = <<EOQ
-    "dns.can_resolve"${module.filter-tags.service_check}.by("nameserver","resolved_hostname").last(${var.cannot_resolve_last}).count_by_status()
+    "dns.can_resolve"${module.filter-tags.service_check}.by("nameserver","resolved_hostname").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.cannot_resolve_threshold_warning
-    critical = var.cannot_resolve_threshold_critical
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay
diff --git a/network/http/ssl/README.md b/network/http/ssl/README.md
index aaa2377..b95bd17 100644
--- a/network/http/ssl/README.md
+++ b/network/http/ssl/README.md
@@ -37,11 +37,9 @@ Creates DataDog monitors with the following checks:
 | filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
 | invalid\_ssl\_certificate\_enabled | Flag to enable SSL invalid certificate monitor | string | `"true"` | no |
 | invalid\_ssl\_certificate\_extra\_tags | Extra tags for SSL invalid certificate monitor | list(string) | `[]` | no |
-| invalid\_ssl\_certificate\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | invalid\_ssl\_certificate\_message | Custom message for SSL invalid certificate monitor | string | `""` | no |
 | invalid\_ssl\_certificate\_no\_data\_timeframe | SSL invalid certificate monitor no data timeframe | string | `"10"` | no |
-| invalid\_ssl\_certificate\_threshold\_critical | SSL invalid certificate monitor (warning threshold) | string | `"5"` | no |
-| invalid\_ssl\_certificate\_threshold\_warning | SSL invalid certificate monitor (warning threshold) | string | `"5"` | no |
+| invalid\_ssl\_certificate\_threshold\_warning | SSL invalid certificate monitor (warning threshold) | string | `"3"` | no |
 | message | Message sent when an alert is triggered | string | n/a | yes |
 | new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
 | prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
diff --git a/network/http/ssl/inputs.tf b/network/http/ssl/inputs.tf
index 5bbbfcf..16ab71e 100644
--- a/network/http/ssl/inputs.tf
+++ b/network/http/ssl/inputs.tf
@@ -54,22 +54,10 @@ variable "invalid_ssl_certificate_message" {
   default     = ""
 }
 
-variable "invalid_ssl_certificate_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "invalid_ssl_certificate_threshold_warning" {
   description = "SSL invalid certificate monitor (warning threshold)"
   type        = string
-  default     = 5
-}
-
-variable "invalid_ssl_certificate_threshold_critical" {
-  description = "SSL invalid certificate monitor (warning threshold)"
-  type        = string
-  default     = 5
+  default     = 3
 }
 
 variable "invalid_ssl_certificate_no_data_timeframe" {
diff --git a/network/http/ssl/monitors-ssl.tf b/network/http/ssl/monitors-ssl.tf
index 0a4034d..d7b7093 100644
--- a/network/http/ssl/monitors-ssl.tf
+++ b/network/http/ssl/monitors-ssl.tf
@@ -8,12 +8,12 @@ resource "datadog_monitor" "invalid_ssl_certificate" {
   type    = "service check"
 
   query = <<EOQ
-    "http.ssl_cert"${module.filter-tags.service_check}.by("instance","url").last(${var.invalid_ssl_certificate_last}).count_by_status()
+    "http.ssl_cert"${module.filter-tags.service_check}.by("instance","url").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.invalid_ssl_certificate_threshold_warning
-    critical = var.invalid_ssl_certificate_threshold_critical
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay
diff --git a/network/http/webcheck/README.md b/network/http/webcheck/README.md
index 99e4f8c..9ff278e 100644
--- a/network/http/webcheck/README.md
+++ b/network/http/webcheck/README.md
@@ -24,12 +24,9 @@ Creates DataDog monitors with the following checks:
 |------|-------------|:----:|:-----:|:-----:|
 | cannot\_connect\_enabled | Flag to enable HTTP cannot connect monitor | string | `"true"` | no |
 | cannot\_connect\_extra\_tags | Extra tags for HTTP cannot connect monitor | list(string) | `[]` | no |
-| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | cannot\_connect\_message | Custom message for HTTP cannot connect monitor | string | `""` | no |
 | cannot\_connect\_no\_data\_timeframe | HTTP cannot connect monitor no data timeframe | string | `"10"` | no |
-| cannot\_connect\_threshold\_critical | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_ok | HTTP cannot connect monitor (ok threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"2"` | no |
+| cannot\_connect\_threshold\_warning | HTTP cannot connect monitor (warning threshold) | string | `"3"` | no |
 | environment | Architecture Environment | string | n/a | yes |
 | evaluation\_delay | Delay in seconds for the metric evaluation | string | `"15"` | no |
 | filter\_tags\_custom | Tags used for custom filtering when filter_tags_use_defaults is false | string | `"*"` | no |
diff --git a/network/http/webcheck/inputs.tf b/network/http/webcheck/inputs.tf
index bbeb6f0..eb4a2c0 100644
--- a/network/http/webcheck/inputs.tf
+++ b/network/http/webcheck/inputs.tf
@@ -54,27 +54,9 @@ variable "cannot_connect_message" {
   default     = ""
 }
 
-variable "cannot_connect_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "cannot_connect_threshold_warning" {
   description = "HTTP cannot connect monitor (warning threshold)"
   type        = string
-  default     = 2
-}
-
-variable "cannot_connect_threshold_critical" {
-  description = "HTTP cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_threshold_ok" {
-  description = "HTTP cannot connect monitor (ok threshold)"
-  type        = string
   default     = 3
 }
 
diff --git a/network/http/webcheck/monitors-webcheck.tf b/network/http/webcheck/monitors-webcheck.tf
index c9f2a4e..ba69cfb 100644
--- a/network/http/webcheck/monitors-webcheck.tf
+++ b/network/http/webcheck/monitors-webcheck.tf
@@ -8,13 +8,12 @@ resource "datadog_monitor" "cannot_connect" {
   type    = "service check"
 
   query = <<EOQ
-    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(${var.cannot_connect_last}).count_by_status()
+    "http.can_connect"${module.filter-tags.service_check}.by("instance","url").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.cannot_connect_threshold_warning
-    critical = var.cannot_connect_threshold_critical
-    ok       = var.cannot_connect_threshold_ok
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay
diff --git a/network/tls/README.md b/network/tls/README.md
index e5b6422..17abf94 100644
--- a/network/tls/README.md
+++ b/network/tls/README.md
@@ -27,12 +27,9 @@ Creates DataDog monitors with the following checks:
 |------|-------------|:----:|:-----:|:-----:|
 | cannot\_connect\_enabled | Flag to enable TLS cannot connect monitor | string | `"true"` | no |
 | cannot\_connect\_extra\_tags | Extra tags for TLS cannot connect monitor | list(string) | `[]` | no |
-| cannot\_connect\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | cannot\_connect\_message | Custom message for TLS cannot connect monitor | string | `""` | no |
 | cannot\_connect\_no\_data\_timeframe | TLS cannot connect monitor no data timeframe | string | `"10"` | no |
-| cannot\_connect\_threshold\_critical | TLS cannot connect monitor (warning threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_ok | TLS cannot connect monitor (ok threshold) | string | `"3"` | no |
-| cannot\_connect\_threshold\_warning | TLS cannot connect monitor (warning threshold) | string | `"2"` | no |
+| cannot\_connect\_threshold\_warning | TLS cannot connect monitor (warning threshold) | string | `"3"` | no |
 | certificate\_expiration\_date\_enabled | Flag to enable Certificate Expiration Date monitor | string | `"false"` | no |
 | certificate\_expiration\_date\_extra\_tags | Extra tags for Certificate Expiration Date monitor | list(string) | `[]` | no |
 | certificate\_expiration\_date\_message | Custom message for the Certificate Expiration Date monitor | string | `""` | no |
@@ -47,20 +44,16 @@ Creates DataDog monitors with the following checks:
 | filter\_tags\_use\_defaults | Use default filter tags convention | string | `"true"` | no |
 | invalid\_tls\_certificate\_enabled | Flag to enable TLS certificate expiration monitor | string | `"true"` | no |
 | invalid\_tls\_certificate\_extra\_tags | Extra tags for TLS certificate expiration monitor | list(string) | `[]` | no |
-| invalid\_tls\_certificate\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | invalid\_tls\_certificate\_message | Custom message for TLS certificate expiration monitor | string | `""` | no |
 | invalid\_tls\_certificate\_no\_data\_timeframe | TLS certificate expiration monitor no data timeframe | string | `"10"` | no |
-| invalid\_tls\_certificate\_threshold\_critical | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
-| invalid\_tls\_certificate\_threshold\_warning | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
+| invalid\_tls\_certificate\_threshold\_warning | TLS certificate expiration monitor (warning threshold) | string | `"3"` | no |
 | message | Message sent when an alert is triggered | string | n/a | yes |
 | new\_host\_delay | Delay in seconds before monitor new resource | string | `"300"` | no |
 | prefix\_slug | Prefix string to prepend between brackets on every monitors names | string | `""` | no |
 | tls\_certificate\_expiration\_enabled | Flag to enable TLS certificate expiration monitor | string | `"true"` | no |
 | tls\_certificate\_expiration\_extra\_tags | Extra tags for TLS certificate expiration monitor | list(string) | `[]` | no |
-| tls\_certificate\_expiration\_last | Parameter 'last' for the service check | string | `"6"` | no |
 | tls\_certificate\_expiration\_message | Custom message for TLS certificate expiration monitor | string | `""` | no |
 | tls\_certificate\_expiration\_no\_data\_timeframe | TLS certificate expiration monitor no data timeframe | string | `"10"` | no |
-| tls\_certificate\_expiration\_threshold\_critical | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
 | tls\_certificate\_expiration\_threshold\_warning | TLS certificate expiration monitor (warning threshold) | string | `"5"` | no |
 
 ## Outputs
diff --git a/network/tls/inputs.tf b/network/tls/inputs.tf
index 31a051a..bb2dcc9 100644
--- a/network/tls/inputs.tf
+++ b/network/tls/inputs.tf
@@ -54,27 +54,9 @@ variable "cannot_connect_message" {
   default     = ""
 }
 
-variable "cannot_connect_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "cannot_connect_threshold_warning" {
   description = "TLS cannot connect monitor (warning threshold)"
   type        = string
-  default     = 2
-}
-
-variable "cannot_connect_threshold_critical" {
-  description = "TLS cannot connect monitor (warning threshold)"
-  type        = string
-  default     = 3
-}
-
-variable "cannot_connect_threshold_ok" {
-  description = "TLS cannot connect monitor (ok threshold)"
-  type        = string
   default     = 3
 }
 
@@ -105,22 +87,10 @@ variable "invalid_tls_certificate_message" {
   default     = ""
 }
 
-variable "invalid_tls_certificate_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "invalid_tls_certificate_threshold_warning" {
   description = "TLS certificate expiration monitor (warning threshold)"
   type        = string
-  default     = 5
-}
-
-variable "invalid_tls_certificate_threshold_critical" {
-  description = "TLS certificate expiration monitor (warning threshold)"
-  type        = string
-  default     = 5
+  default     = 3
 }
 
 variable "invalid_tls_certificate_no_data_timeframe" {
@@ -150,24 +120,12 @@ variable "tls_certificate_expiration_message" {
   default     = ""
 }
 
-variable "tls_certificate_expiration_last" {
-  description = "Parameter 'last' for the service check"
-  type        = string
-  default     = 6
-}
-
 variable "tls_certificate_expiration_threshold_warning" {
   description = "TLS certificate expiration monitor (warning threshold)"
   type        = string
   default     = 5
 }
 
-variable "tls_certificate_expiration_threshold_critical" {
-  description = "TLS certificate expiration monitor (warning threshold)"
-  type        = string
-  default     = 5
-}
-
 variable "tls_certificate_expiration_no_data_timeframe" {
   description = "TLS certificate expiration monitor no data timeframe"
   type        = string
diff --git a/network/tls/monitors-tls.tf b/network/tls/monitors-tls.tf
index 402caca..34b1992 100644
--- a/network/tls/monitors-tls.tf
+++ b/network/tls/monitors-tls.tf
@@ -8,13 +8,12 @@ resource "datadog_monitor" "cannot_connect" {
   type    = "service check"
 
   query = <<EOQ
-    "tls.can_connect"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.cannot_connect_last}).count_by_status()
+    "tls.can_connect"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.cannot_connect_threshold_warning
-    critical = var.cannot_connect_threshold_critical
-    ok       = var.cannot_connect_threshold_ok
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay
@@ -44,12 +43,12 @@ resource "datadog_monitor" "invalid_tls_certificate" {
   type    = "service check"
 
   query = <<EOQ
-    "tls.cert_validation"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.invalid_tls_certificate_last}).count_by_status()
+    "tls.cert_validation"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.invalid_tls_certificate_threshold_warning
-    critical = var.invalid_tls_certificate_threshold_critical
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay
@@ -79,12 +78,12 @@ resource "datadog_monitor" "tls_certificate_expiration" {
   type    = "service check"
 
   query = <<EOQ
-    "tls.cert_expiration"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(${var.tls_certificate_expiration_last}).count_by_status()
+    "tls.cert_expiration"${module.filter-tags.service_check}.by("name","server","port","server_hostname").last(6).count_by_status()
 EOQ
 
   thresholds = {
     warning  = var.tls_certificate_expiration_threshold_warning
-    critical = var.tls_certificate_expiration_threshold_critical
+    critical = 5
   }
 
   new_host_delay      = var.new_host_delay