Automated Deployment - Limit Monitor on AWS

Automated Deployment

Before you launch the automated deployment, please review the architecture, configuration, and other considerations discussed in this guide. Follow the step-by-step instructions in this section to configure and deploy the AWS Limit Monitor into your account.

Time to deploy: Approximately five minutes

Prerequisites

  • To use this solution, each account must have a Business- or Enterprise-level AWS Support plan in order to gain access to the Trusted Advisor Service Limits checks.

  • To use this solution’s Slack notification functionality, you must have an existing Slack channel.

What We'll Cover

The procedure for deploying this architecture on AWS consists of the following steps. For detailed instructions, follow the links for each step.

Step 1. Launch the Stack

  • Launch the AWS CloudFormation template into your AWS account

  • Enter values for required parameters: Stack Name and Email Address

  • Review the other template parameters, and adjust if necessary

Step 2. Launch the Spoke Stack (Optional)

  • Launch the AWS CloudFormation template into secondary AWS accounts

  • Review the other template parameters and adjust if necessary

Step 3. Configure Slack Notifications (Optional)

  • Add the webhook URL to the AWS Systems Manager Parameter Store

Step 1. Launch the Stack

This automated AWS CloudFormation template deploys AWS Limit Monitor into your account. Please make sure that your account has a Business- or Enterprise-level AWS Support plan, and that you have an existing Slack channel, if necessary, before launching the stack.

Note

You are responsible for the cost of the AWS services used while running this solution. See the Cost section for more details. For full details, see the pricing webpage for each AWS service you will be using in this solution.

  1. Sign in to the AWS Management Console and click the button below to launch the limit-monitor AWS CloudFormation template.

    
                            AWS Limit Monitor launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default.

    Note

    You must launch this solution in the US East (N. Virginia) Region.

  3. On the Create stack page, verify that the correct template URL shows in the Amazon S3 URL text box and choose Next.

  4. On the Specify stack details page, assign a name to your solution stack.

  5. Under Parameters, review the parameters for the template, and modify them as necessary.

    Parameter Default Description
    Account List <Optional Input> List of account IDs for limit monitoring. Note that the format is double quotation marks and comma separated (for multiple values), and the value must match the regular expression: ^"\d{12}"(,"\d{12}")*$|(^\s*)$. Enter the secondary account IDs in this parameter before you deploy the spoke template in secondary accounts. To add accounts after you launch the primary template, update the Account List parameter in the primary stack with the secondary account IDs. Then, update the primary stack and deploy the spoke template in the secondary accounts.
    Note

    If you leave this parameter blank, the solution will only monitor limits in the primary account. If you enter a secondary account ID, you must also enter the primary account ID in this parameter.

    Email Notification Level “WARN”, “ERROR” Choose the status event level(s) that will trigger notifications. For example, “WARN”, “ERROR”. Note that the format is double quotation marks and comma separated (for more than one value).
    Note

    Leave this parameter blank if you do not want to receive Amazon Simple Notification Service (Amazon SNS) notifications. Note that the SNS notification components will not be deployed.

    Email Address <Optional Input> A valid email address to receive Amazon SNS notifications for service limit alerts.
    Slack Notification Level “WARN”, “ERROR” Choose the status event level(s) that will trigger Slack notifications. For example, “WARN”, “ERROR”. Note that the format is double quotation marks and comma separated (for multiple values).
    Note

    Leave this parameter blank if you do not want to receive Slack notifications. Note that the Slack notification components will not be deployed.

    Slack Hook URL Key Name <Optional Input> The AWS Systems Manager parameter key for the incoming Slack webhook.
    Note

    If the parameter key does not exist in the parameter store, the solution will create one with a dummy value. The parameter name cannot begin with either aws or ssm prefixes (case-insensitive).

    Slack Channel Key Name <Optional Input> The AWS Systems Manager parameter key for the Slack channel
    Note

    If the parameter key does not exist in the parameter store, the solution will create one with a dummy value. The parameter name cannot begin with either aws or ssm prefixes (case-insensitive).

  6. Choose Next.

  7. On the Configure stack options page, choose Next.

  8. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  9. Choose Create stack to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in approximately five minutes.

  10. In the subscription notification email, select the SubscribeURL link to enable Amazon SNS notifications.

Note

In addition to the primary Lambda functions, this solution includes the HelperFunction Lambda function, which runs only during initial configuration or when resources are updated or deleted.

When running this solution, the HelperFunction function is inactive. However, do not delete the HelperFunction function as it is necessary to manage associated resources.

Step 2. Launch the Spoke Stack (Optional)

Use this procedure to launch the components necessary to monitor limits in secondary accounts. You must enter the secondary account IDs in the Account List parameter of the primary template before you launch this template in secondary accounts.

Note

You are responsible for the cost of the AWS services used while running this solution. See the Cost section for more details. For full details, see the pricing webpage for each AWS service you will be using in this solution.

  1. Sign in to the AWS Management Console and click the button below to launch the limit-monitor-spoke AWS CloudFormation template.

    
                                AWS Limit Monitor launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default.

    Note

    You must launch this solution in the US East (N. Virginia) Region.

  3. On the Create stack page, verify that the correct template URL shows in the Amazon S3 URL text box and choose Next.

  4. On the Specify stack details page, assign a name to your solution stack.

  5. Under Parameters, review the parameter for the template, and modify it as necessary.

    Parameter Default Description
    Primary Account <Requires Input> The account ID of the primary account. The value must match the regular expression: ^\d{12}$
  6. Choose Next.

  7. On the Configure stack options page, choose Next.

  8. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  9. Choose Create stack to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in approximately five minutes.

Step 3. Configure Slack Notifications (Optional)

Use this procedure to enable Slack notifications.

Note

Use this procedure if you specified parameters that did not already exist in AWS Systems Manager Parameter Store. If you specified parameters that already existed, you do not have to complete this step. For more information, see Slack Integration.

  1. Navigate to Slack’s Incoming WebHooks app.

  2. If necessary, log into Slack.

  3. Select Add Configuration.

  4. In the Post to Channel dropdown menu, choose a channel. Then, select Add Incoming WebHooks integration.

  5. Copy the WebHook URL.

  6. In the AWS Systems Manager console, under Shared Resources in the left pane, select Parameter Store.

  7. Select the Slack Hook URL Key you provided during stack deployment, then select Edit

  8. Replace the SLACK_DUMMY value with your WebHook URL and select Save changes.

  9. Select the Slack Channel Key you provided during stack deployment, then select Edit

  10. Replace the SLACK_DUMMY value with the channel you specified and select Save changes. For example, if your Slack channel name is #limitmonitor, enter limitmonitor as the value.