Limit Monitor on AWS
AWS Limit Monitor

Automated Deployment

Before you launch the automated deployment, please review the architecture, configuration, and other considerations discussed in this guide. Follow the step-by-step instructions in this section to configure and deploy the AWS Limit Monitor into your account.

Time to deploy: Approximately five (5) minutes

What We'll Cover

The procedure for deploying this architecture on AWS consists of the following steps. For detailed instructions, follow the links for each step.

Step 1. Launch the Stack

  • Launch the AWS CloudFormation template into your AWS account.

  • Enter values for required parameters: Stack Name, Topic Email, Account List

  • Review the other template parameters, and adjust if necessary.

Step 2. Configure Permissions for Additional Accounts

  • Create the IAM role

  • Attach the policies to each account

Step 1. Launch the Stack

This automated AWS CloudFormation template deploys the AWS Limit Monitor in AWS Lambda, and configures related components.


You are responsible for the cost of the AWS services used while running this solution. See the Cost section for more details. For full details, see the pricing webpage for each AWS service you will be using in this solution.

  1. Log in to the AWS Management Console and click the button below to launch the limit-monitor AWS CloudFormation template.

                            AWS Limit Monitor launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default. To launch the AWS Limit Monitor in a different AWS Region, use the region selector in the console navigation bar.


    This solution uses the AWS Lambda service, which is currently available in specific AWS Regions only. Therefore, you must launch this solution an AWS Region where Lambda is available. For the most current AWS Lambda availability by region, see AWS service offerings by region. We recommend deployment in the US East (N. Virginia) Region as we call API endpoints in that region to check limits. Once deployed, this solution monitors limits in all regions in your account.

  3. On the Select Template page, verify that you selected the correct template and choose Next.

  4. On the Specify Details page, assign a name to your AWS Limit Monitor stack.

  5. Under Parameters, review the parameters for the template, and modify them as necessary.

    Parameter Default Description
    Topic Email <Requires Input> Email address to subscribe to alerts. For example:
    SNS Topic Name <Optional Input> Name of the Amazon SNS topic for email alerts. You can modify the SNS topic name to align with any existing naming conventions.
    Account List <Requires Input> Quote-encapsulated, comma-delimited list of account IDs to check for limits.


    You must enter at least one account number.

    Check Role Name <Optional Input> Name of the AWS Identity and Access Management (IAM) role that is created to check limits. You can modify the role name to align with any existing naming conventions.
    Send Anonymous Usage Data Yes Send anonymous data to AWS to help us understand limit usage and related cost savings across our customer base as a whole. To opt out of this feature, select No. For more information, see the appendix.
  6. Choose Next.

  7. On the Options page, choose Next.

  8. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  9. Choose Create to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in roughly five (5) minutes.


In addition to the master and child AWS Lambda functions, this solution includes a AWS CloudFormation custom resource AWS Lambda function called Config, which helps provide automation when this solution is launched, updated, or deleted.

When running this solution, you will see all four AWS Lambda functions in the AWS console, but only the master and child functions are regularly active. However, do not delete the Config function as it is necessary to manage associated resources.

Step 2. Configure Permissions for Additional Accounts

If you will monitor limits across multiple accounts, you must create IAM roles in each additional account. The roles allow the primary account to run the necessary describe calls in the secondary accounts using the cross-account roles.


You must complete this procedure individually for each account.

  1. In the AWS CloudFormation stack Outputs tab, copy the CreateRole value, paste it into AWS Command Line Interface (AWS CLI) and press Enter.

  2. Copy the AttachPolicy1 value, paste it into the AWS CLI, and press Enter.

  3. Copy the AttachPolicy2 value, paste it into the AWS CLI, and press Enter.

  4. Copy the AttachPolicy3 value, paste it into the AWS CLI, and press Enter.

  5. Repeat steps 1-4 for each additional account.