Deployment Change Tracking

Terraform + Alert24 Integration: Track Infrastructure Changes

Log Terraform applies to Alert24's change log so infrastructure changes appear alongside application deployments in your incident timeline.

Infrastructure changes are often the root cause of production incidents. Logging Terraform applies to Alert24 means infrastructure changes show up alongside application deployments in your incident timeline, making correlation dramatically faster.

Before you start

You'll need:

  • An Alert24 API key with write scope (Settings → API Keys)
  • Terraform CLI (or Terraform Cloud/Enterprise)

Option A: Shell wrapper script

Wrap your Terraform apply command in a script that logs to Alert24 on success:

#!/bin/bash
# deploy-infra.sh

set -euo pipefail

API_KEY="${ALERT24_API_KEY}"
ENVIRONMENT="${TF_VAR_environment:-production}"
WORKSPACE="${TF_WORKSPACE:-default}"

# Run the apply
terraform apply -auto-approve "$@"
EXIT_CODE=$?

if [ $EXIT_CODE -eq 0 ]; then
  curl -s -X POST https://app.alert24.net/api/v1/changes \
    -H "Authorization: Bearer $API_KEY" \
    -H "Content-Type: application/json" \
    -d "{
      \"summary\": \"Terraform apply: $WORKSPACE ($ENVIRONMENT)\",
      \"change_type\": \"config\",
      \"environment\": \"$ENVIRONMENT\",
      \"changed_by\": \"$(git config user.name 2>/dev/null || echo 'terraform')\",
      \"source\": \"terraform\",
      \"tags\": [\"terraform\", \"infrastructure\", \"$WORKSPACE\"],
      \"risk_level\": \"medium\"
    }"
fi

exit $EXIT_CODE

Option B: Terraform null_resource with local-exec

Add a null_resource to your Terraform configuration that fires after key resources are applied:

variable "alert24_api_key" {
  type      = string
  sensitive = true
}

resource "null_resource" "alert24_change_log" {
  triggers = {
    # Re-run this when key resources change
    instance_id = aws_instance.app.id
    image_id    = aws_instance.app.ami
  }

  provisioner "local-exec" {
    command = <<-EOT
      curl -s -X POST https://app.alert24.net/api/v1/changes \
        -H "Authorization: Bearer ${var.alert24_api_key}" \
        -H "Content-Type: application/json" \
        -d '{
          "summary": "Infrastructure updated: ${var.environment}",
          "change_type": "config",
          "environment": "${var.environment}",
          "source": "terraform",
          "risk_level": "medium",
          "tags": ["terraform", "infrastructure"]
        }'
    EOT
  }
}

Option C: Terraform Cloud run tasks or webhooks

If you use Terraform Cloud, configure a Run Task or Notification webhook:

  1. In Terraform Cloud, go to Workspace → Settings → Notifications
  2. Add a notification with your Alert24 change webhook endpoint
  3. Use an intermediate adapter (Lambda or Cloudflare Worker) to translate Terraform Cloud's payload to Alert24's schema

Tips

  • change_type: "config" is more accurate than "deployment" for infrastructure changes — it keeps application deploys and infra changes visually distinct in Alert24's timeline.
  • risk_level: "high" for changes that modify load balancers, databases, or networking — these are higher-impact than a standard config tweak.
  • CI/CD integration: Most teams run Terraform in CI. Add the Alert24 curl call as the final step in your Terraform apply job (see GitHub Actions or GitLab CI guides for the pipeline pattern).
  • Plan vs apply: Only log on apply, not plan. Planning is read-only and doesn't change anything.
Previous
Bitbucket Pipelines + Alert24: Deployment Change Tracking
Next
Kubernetes + Alert24: Track Rollouts in Your Change Log