Limit Monitor on AWS
AWS Limit Monitor

Architecture Overview

Deploying this solution builds the following environment in the AWS Cloud.


      AWS Limit Monitor Architecture

Figure 1: AWS Limit Monitor architecture

The AWS Limit Monitor includes a template that you deploy in your primary account. This template launches an AWS Lambda function that runs once every 24 hours. (You can modify the AWS CloudFormation template to change how often the refresh Lambda function is invoked. For more information, see Appendix B.) The Lambda function refreshes the AWS Trusted Advisor Service Limits checks to retrieve the most current utilization and limit data through API calls. Trusted Advisor calculates usage against the limit to determine whether the status is OK (less than 80% utilization), WARN (between 80% and 99% utilization), or ERROR (100% utilization). Amazon CloudWatch Events captures the status events from Trusted Advisor and uses a set of CloudWatch Events rules to send the status events to all the targets you choose during initial deployment of the solution: an Amazon Simple Queue Service (Amazon SQS) queue, an Amazon Simple Notification Service (Amazon SNS) topic (optional), or a Lambda function for Slack notifications (optional).

If you enable Slack notifications during initial deployment, the solution will launch a Lambda function that sends notifications to your existing Slack channel. An AWS Systems Manager Parameter Store will also be deployed to provide highly available, secure, durable storage for your Slack WebHook URL which is used to send messages to the Slack channel. For more information, see Slack Integration.

Amazon SQS receives all the OK, WARN, and ERROR status events and sends them to an Amazon DynamoDB table that stores the events. By default, Amazon SNS and Slack receive only WARN and ERROR status events. But, you can customize the notifications for your specific needs.

The solution also includes a secondary template you can deploy in secondary accounts and other AWS Regions. This template launches a Lambda function that refreshes the Trusted Advisor Service Limits check in the secondary account. CloudWatch Events in the secondary account captures the status events and sends those events to the primary account using the CloudWatch Event Bus. Once those events are received in the primary account, the CloudWatch Events rules send the events to your chosen targets.