Is your enterprise running multiple applications on multiple accounts in Amazon Web Services (AWS)? Are you finding it challenging to proactively monitor the individual services and limits associated with all of those services? Are you tired of emergency requests for service limit increases while your critical applications are failing to deploy or run? Say hello to Aphelion, FINRA’s open source solution to monitoring service limits across multiple AWS accounts and regions.
AWS provides a Limit Monitor that helps you track your service limits; however, it may not provide all the limits that you’d like to monitor. That’s where Aphelion comes to the rescue, by monitoring your service limits and being able to proactively request for service limit increases before you face deployment failures and critical down time.
Aphelion is a web application that is able to make requests to your AWS accounts using AWS APIs. It works together with Amazon’s Trusted Advisor (TA) on a configurable schedule in order to fetch your service limits. Aphelion will also generate a report that can display your limits as graphs and tables in a dashboard. You can filter displayed results by Account, Region, or Date when the report was generated. Aphelion displays the results in a table, highlighting services by color to show:
With Aphelion you can also download a CSV report containing all the data produced by the application:
Leveraging Aphelion requires a few steps to get set up. Packaged as 3 Docker Images, Aphelion can be deployed on ECS by simply using the provided Docker Compose file. All you need to do is provide your account settings and create a role that can be assumed by the application in order to make the required AWS API calls.
Environment variables required by Aphelion are as follows:
|ASSUMED_ROLE_NAME||IAM role that Aphelion will assume in order to call in order to query AWS APIs||assumed_role_name|
|ASSUMED_ROLE_SESSION_NAME||An identifier for the assumed role session||limit_dashboard|
|ACCOUNT_ID_LIST||AWS account list that will be used to generate report||123456789101, 123456789102, 123456789103|
|REGIONS||AWS Regions to be used to generate report||us-east-1, us-east-2, us-west-1|
|REPORT_FILE_NAME||Name of the CSV file to be created||limits.csv|
|CRON_REFRESH||Valid cron regular expression to be used to call TA refresh (should be done an hour before report is generated)||0 */1 * * *|
|CRON_LIMITS||Valid cron regular expression to be used to schedule report to be generated||59 */1 * * *|
|AWS_DEFAULT_REGION||Default AWS Region to be used||us-east-1|
Aphelion requires a role to be created with the following IAM permissions:
In summary, Aphelion allows you to monitor AWS limits for your services across all of your AWS accounts and regions in order to allow you enough time to request a limit increase or free up resources. Aphelion will continue to be updated with new features, including the ability to automatically request a limit increase when your application or service reaches a usage threshold. Whether it is to report bugs or create pull requests or feature requests, we welcome and encourage contributions to Aphelion through Github.