Overview
This solution helps you proactively track resource usage and send notifications when you approach quotas. Tracking your usage against AWS service quotas shows you whether you are approaching a given quota so that you can proactively request a service quota increase before you exceed a quota. It leverages the AWS Trusted Advisor Service Limits checks and Service Quotas to monitor AWS resource usage and raise alerts. The solution uses AWS Support APIs in the Trusted Advisor spoke stack. The APIs require a Business-level or Enterprise-level AWS Support plan. However, the rest of the solution components do not require a paid plan.
Benefits
Provision the services necessary to proactively track resource usage and send notifications when you approach quotas.
Receive notifications via email or your existing Slack channel, enabling you to request quota increases or shut down resources before the quota is reached.
Technical details
Quota Monitor for AWS includes a hub template that you deploy in your monitoring account. Additionally, the solution provides a Service Quotas spoke template and a Trusted Advisor spoke template. You must deploy each of these templates in the accounts that need quota monitoring.
Step 1 (hub template)
Reporting – This workflow provisions an Amazon Simple Queue Service (Amazon SQS) queue, an AWS Lambda function summarizer, and an Amazon DynamoDB table. The queue receives usage events from all monitored accounts. The Lambda function puts all usage data on the DynamoDB table.
Step 2 (hub template)
Centralized event collection – The workflow provisions a custom Amazon EventBridge bus, Amazon CloudWatch Events rule, and Amazon Simple Notification Service (Amazon SNS) topic to raise alerts. The workflow raises alerts for quota usage and defines alert levels. The workflow also sends all events to the reporting queue for saving usage data in DynamoDB.
Step 3 (hub template)
Deployment management – The workflow provisions AWS Systems Manager Parameter Store, a CloudWatch Events rule, a Lambda function, and CloudFormation StackSets or account IDs, the workflow makes needed configuration changes to start monitoring the updated list of OUs or accounts.
Step 4 (Service Quotas spoke template)
Quota list generation – The workflow provisions a Lambda function and two DynamoDB tables. The workflow manages an active and validated list of Service Quotas that support usage monitoring using CloudWatch metrics.
Step 5 (Service Quotas spoke template)
Quota utilization alerting – The workflow provisions a schedule-based Lambda function, custom EventBridge bus, and a CloudWatch Events rule. The cw-poller function queries the quota list table and fetches usage data for those quotas from CloudWatch metrics. The workflow sends all usage data as events on the EventBridge bus. The spoke bus routes the usage events to the centralized bus.
Step 6 (Trusted Advisor spoke template)
Trust Advisor alerting – The workflow provisions a Lambda function and a CloudWatch Events rule to support quota usage monitoring using AWS Trusted Advisor. The Lambda function executes at an interval of 24 hours to refresh Trusted Advisor checks. The Events rule routes Trusted Advisor usage events to the centralized bus.
Step 1 (hub template)
Reporting – This workflow provisions an Amazon Simple Queue Service (Amazon SQS) queue, an AWS Lambda function summarizer, and an Amazon DynamoDB table. The queue receives usage events from all monitored accounts. The Lambda function puts all usage data on the DynamoDB table.
Step 2 (hub template)
Centralized event collection – The workflow provisions a custom Amazon EventBridge bus, Amazon CloudWatch Events rule, and Amazon Simple Notification Service (Amazon SNS) topic to raise alerts. The workflow raises alerts for quota usage and defines alert levels. The workflow also sends all events to the reporting queue for saving usage data in DynamoDB.
Step 3 (hub template)
Deployment management – The workflow provisions AWS Systems Manager Parameter Store, a CloudWatch Events rule, a Lambda function, and CloudFormation StackSets or account IDs, the workflow makes needed configuration changes to start monitoring the updated list of OUs or accounts.
Step 4 (Service Quotas spoke template)
Quota list generation – The workflow provisions a Lambda function and two DynamoDB tables. The workflow manages an active and validated list of Service Quotas that support usage monitoring using CloudWatch metrics.
Step 5 (Service Quotas spoke template)
Quota utilization alerting – The workflow provisions a schedule-based Lambda function, custom EventBridge bus, and a CloudWatch Events rule. The cw-poller function queries the quota list table and fetches usage data for those quotas from CloudWatch metrics. The workflow sends all usage data as events on the EventBridge bus. The spoke bus routes the usage events to the centralized bus.
Step 6 (Trusted Advisor spoke template)
Trust Advisor alerting – The workflow provisions a Lambda function and a CloudWatch Events rule to support quota usage monitoring using AWS Trusted Advisor. The Lambda function executes at an interval of 24 hours to refresh Trusted Advisor checks. The Events rule routes Trusted Advisor usage events to the centralized bus.
Related content
This course is an introduction to AWS Trusted Advisor, the AWS service that provides real-time guidance to help you provision your resources following AWS best practices.
Establishing visibility and usage analysis through spend dashboards, spend limits, chargebacks, anomaly detection and response, allows customers to identify opportunities to optimize expenses for cloud services. Customers can allocate current costs, plan and forecast future spend with the Cloud Financial Management capability. This enables customers to track, notify, and apply cost optimization techniques across their environment.