Aphelion: Capture and Visualize Your AWS Services Usage Limits

By: Huriel Hernandez


Is your enterprise running multiple applications on multiple accounts in Amazon Web Services (AWS)? Are you finding it challenging to proactively monitor the individual services and limits associated with all of those services? Are you tired of emergency requests for service limit increases while your critical applications are failing to deploy or run? Say hello to Aphelion, FINRA’s open source solution to monitoring service limits across multiple AWS accounts and regions.

AWS provides a Limit Monitor that helps you track your service limits; however, it may not provide all the limits that you’d like to monitor. That’s where Aphelion comes to the rescue, by monitoring your service limits and being able to proactively request for service limit increases before you face deployment failures and critical down time.

Aphelion is a web application that is able to make requests to your AWS accounts using AWS APIs. It works together with Amazon’s Trusted Advisor (TA) on a configurable schedule in order to fetch your service limits. Aphelion will also generate a report that can display your limits as graphs and tables in a dashboard. You can filter displayed results by Account, Region, or Date when the report was generated. Aphelion displays the results in a table, highlighting services by color to show:

With Aphelion you can also download a CSV report containing all the data produced by the application:


Leveraging Aphelion requires a few steps to get set up. Packaged as 3 Docker Images, Aphelion can be deployed on ECS by simply using the provided Docker Compose file. All you need to do is provide your account settings and create a role that can be assumed by the application in order to make the required AWS API calls.

Environment variables required by Aphelion are as follows:

Environment Variable Description Example
ASSUMED_ROLE_NAME IAM role that Aphelion will assume in order to call in order to query AWS APIs assumed_role_name
ASSUMED_ROLE_SESSION_NAME An identifier for the assumed role session limit_dashboard
ACCOUNT_ID_LIST AWS account list that will be used to generate report 123456789101, 123456789102, 123456789103
REGIONS AWS Regions to be used to generate report us-east-1, us-east-2, us-west-1
REPORT_FILE_NAME Name of the CSV file to be created limits.csv
CRON_REFRESH Valid cron regular expression to be used to call TA refresh (should be done an hour before report is generated) 0 */1 * * *
CRON_LIMITS Valid cron regular expression to be used to schedule report to be generated 59 */1 * * *
AWS_DEFAULT_REGION Default AWS Region to be used us-east-1

Aphelion requires a role to be created with the following IAM permissions:

In summary, Aphelion allows you to monitor AWS limits for your services across all of your AWS accounts and regions in order to allow you enough time to request a limit increase or free up resources. Aphelion will continue to be updated with new features, including the ability to automatically request a limit increase when your application or service reaches a usage threshold. Whether it is to report bugs or create pull requests or feature requests, we welcome and encourage contributions to Aphelion through Github.