REL01-BP05 Automate quota management
Implement tools to alert you when thresholds are being approached. You can automate quota increase requests by using AWS Service Quotas APIs.
If you integrate your Configuration Management Database (CMDB) or ticketing system with Service Quotas, you can automate the tracking of quota increase requests and current quotas. In addition to the AWS SDK, Service Quotas offers automation using the AWS Command Line Interface (AWS CLI).
Common anti-patterns:
-
Tracking the quotas and usage in spreadsheets.
-
Running reports on usage daily, weekly, or monthly, and then comparing usage to the quotas.
Benefits of establishing this best practice: Automated tracking of the AWS service quotas and monitoring of your usage against that quota allows you to see when you are approaching a quota. You can set up automation to assist you in requesting a quota increase when needed. You might want to consider lowering some quotas when your usage trends in the opposite direction to realize the benefits of lowered risk (in case of compromised credentials) and cost savings.
Level of risk exposed if this best practice is not established: Medium
Implementation guidance
Set up automated monitoring Implement tools using SDKs to alert you when thresholds are being approached.
-
Use Service Quotas and augment the service with an automated quota monitoring solution, such as AWS Limit Monitor or an offering from AWS Marketplace.
-
Set up automated responses based on quota thresholds, using Amazon SNS and AWS Service Quotas APIs.
-
Test automation.
-
Configure limit thresholds.
-
Integrate with change events from AWS Config, deployment pipelines, Amazon EventBridge, or third parties.
-
Artificially set low quota thresholds to test responses.
-
Set up automated operations to take appropriate action on notifications and contact AWS Support when necessary.
-
Manually start change events.
-
Run a game day to test the quota increase change process.
-
-
Resources
Related documents:
Related videos:
