AWS Solutions Library

Quota Monitor for AWS

What does Quota Monitor for AWS do?

This solution helps you proactively track resource usage and send notifications when you approach quotas. It leverages the AWS Trusted Advisor Service Limits checks and Service Quotas to monitor AWS resource usage and raise alerts.

Benefits

Track resource usage

Provision the services necessary to proactively track resource usage and send notifications when you approach quotas.

blank

Notifications via email or Slack

Receive notifications via email or your existing Slack channel, enabling you to request quota increases or shut down resources before the quota is reached.

AWS Solution overview

The following diagram depicts the Quota Monitor for AWS reference architecture you can deploy in minutes using the solution's implementation guide and accompanying AWS CloudFormation templates.

Quota Monitor on AWS reference architecture diagram

Quota Monitor for AWS architecture

Quota Monitor for AWS includes a hub template that you deploy in your monitoring account.

The hub template launches the following workflow:

1. Reporting – This workflow provisions an Amazon Simple Queue Service (Amazon SQS) queue, an AWS Lambda function summarizer, and an Amazon DynamoDB table. The queue receives usage events from all monitored accounts. The Lambda function puts all usage data on the DynamoDB table.

2. Centralized event collection – The workflow provisions a custom Amazon EventBridge bus, Amazon CloudWatch Events rule, and Amazon Simple Notification Service (Amazon SNS) topic to raise alerts. The workflow raises alerts for quota usage and defines alert levels. The workflow also sends all events to the reporting queue for saving usage data in DynamoDB.

3. Deployment management – The workflow provisions AWS Systems Manager Parameter Store, a CloudWatch Events rule, a Lambda function, and CloudFormation StackSets.or account IDs, the workflow makes needed configuration changes to start monitoring the updated list of OUs or accounts.

Additionally, the solution provides a Service Quotas spoke template and a Trusted Advisor spoke template. You must deploy each of these templates in the accounts that need quota monitoring.

The Service Quotas spoke template launches the following workflow:

4. Quota list generation – The workflow provisions a Lambda function and two DynamoDB tables. The workflow manages an active and validated list of Service Quotas that support usage monitoring using CloudWatch metrics.

5. Quota utilization alerting – The workflow provisions a schedule-based Lambda function, custom EventBridge bus, and a CloudWatch Events rule. The cw-poller function queries the quota list table and fetches usage data for those quotas from CloudWatch metrics. The workflow sends all usage data as events on the EventBridge bus. The spoke bus routes the usage events to the centralized bus.

The Trusted Advisor spoke template launches the following workflow:

6. Trust Advisor alerting – The workflow provisions a Lambda function and a CloudWatch Events rule to support quota usage monitoring using Trusted Advisor. The Lambda function executes at an interval of 24 hours to refresh Trusted Advisor checks. The Events rule routes Trusted Advisor usage events to the centralized bus.

Show less