You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+12-14Lines changed: 12 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,14 @@
1
1
# terraform-aws-service-quota-alarms
2
2
3
-
The modules in this repo will create CloudWatch alarms for all available, critical AWS service quotas limits.
3
+
The modules in this repo will create CloudWatch alarms for all available, critical AWS service quotas limits. Included are 3 terraform modules:
4
+
5
+
-[modules/trusted_advisor_alarms](modules/trusted_advisor_alarms): Creates alarms in the `AWS/TrustedAdvisor` namespace for for quotas from multiple regions. This module should only be defined once in the `us-east-1` region.
6
+
-[modules/usage_alarms](modules/usage_alarms): Creates alarms in the `AWS/Usage` namespace. This module needs to be defined for each region that is to be monitored.
7
+
-[modules/dashboard](modules/dashboard): Creates a CloudWatch dashboard for all service quotas. This module should only be defined once in the `us-east-1` region.
8
+
9
+
See [example](example) for a full example implimentation of both modules, multiple regions and multiple terraform AWS providers.
10
+
11
+
## Details
4
12
5
13
AWS service quotas can be monitored in 2 different CloudWatch namespaces:
6
14
@@ -10,26 +18,16 @@ AWS service quotas can be monitored in 2 different CloudWatch namespaces:
10
18
* b) `ResourceCount`: These metrics are mostly about the count of certain resource types per service
11
19
* c) `ThrottleCount`: A few specific throttling metrics only for the CloudWatch service
12
20
13
-
This module will create alarms for all metrics from items 1 and 2b.
21
+
The modules will create alarms for all metrics from items 1 and 2b.
14
22
15
23
It will not create alarms for items:
16
24
17
25
- 2a: There is too many metrics here to make alarms and most of them do not have a corresponding quota that can be adjusted
18
26
- 2c: These do not look critical or useful
19
27
20
-
## Modules
21
-
22
-
This repo includes 2 terraform modules:
23
-
24
-
-[modules/trusted_advisor_alarms](modules/trusted_advisor_alarms): Creates alarms in the `AWS/TrustedAdvisor` namespace for for quotas from multiple regions. This module should only be defined once in the `us-east-1` region.
25
-
-[modules/usage_alarms](modules/usage_alarms): Creates alarms in the `AWS/Usage` namespace. This module needs to be defined for each region that is used.
26
-
-[modules/dashboard](modules/dashboard): Creates a CloudWatch dashboard for all service quotas. This module should only be defined once in the `us-east-1` region.
27
-
28
-
See [example](example) for a full example implimentation of both modules, multiple regions and multiple terraform AWS providers.
29
-
30
-
## Challenges of measuring service quota usage
28
+
### Challenges of measuring service quota usage
31
29
32
-
Generally the implementation in AWS measuring service quota usage seems inconsistent. The metrics are split across 2 different CloudWatch namespaces, each measured in a different way. There is many services in the `AWS/Usage` CloudWatch namespace that do not support the `SERVICE_QUOTA` math function so measurement of usage against the current quota limit is not possible. Some AWS services have metrics in both namespaces, e.g. `EC2`. And some metrics under 2b are not a count of resource, e.g. `NumberOfMessagesPublishedPerAccount`for SNS service which measures messages published per minute. Furthermore, there seems to be a bug with `Elastic Load Balancing/ClassicLoadBalancersPerRegion` quota where the quota usage is always measured against the default limit, not the actual limit. And there exists additional inconsistencies in the AWS Service Quota console where the utilization numbers do not match the provided CloudWatch dashboard panel, for example with `SNS/NumberOfMessagesPublishedPerAccount`.
30
+
Generally the implementation in AWS for measuring service quota usage seems inconsistent. The metrics are split across 2 different CloudWatch namespaces, each measured in a different way. There is many services in the `AWS/Usage` CloudWatch namespace that do not support the `SERVICE_QUOTA` math function so measurement of usage against the current quota limit is not possible. Some AWS services have metrics in both namespaces, e.g. `EC2`. And some metrics under 2b are not a count of resource, e.g. `SNS/NumberOfMessagesPublishedPerAccount` which measures messages published per second. Furthermore, there seems to be a bug with `Elastic Load Balancing/*` quotas where the quota usage is always measured against the default limit, not the actual limit. And there exists additional inconsistencies in the AWS Service Quota console where the utilization numbers do not match the provided CloudWatch dashboard panel, for example with `SNS/NumberOfMessagesPublishedPerAccount`.
0 commit comments