aws-solutions / quota-monitor-for-aws

This solution leverages AWS Trusted Advisor and Service Quotas to monitor AWS resource usage and raise alerts.
Other
427 stars 116 forks source link

SNS Notifications are not sent from spoke accounts #157

Open KadalurSupreeth opened 11 months ago

KadalurSupreeth commented 11 months ago

We have upgraded from limit monitor to quota monitor. Used the hub and spoke model deployment solution using quota-monitor-hub template and its dependencies.

This model supports only sending SNS notifications from centralized hub account. This is frustrating because not all spoke accounts in an organization is not monitored by centralized operations team. The responsibilities should be decentralized to individual accounts which has quota limit issues.

This helps to have focused effort in addressing quota limit issues. Currently emails are flooded to one centralized account. Our Organization have more than 100 accounts and it will grow.

Requesting to enhance the solution to send SNS notifications to individual account email DLs and also to retain existing centralized SNS notification. This way individual account alert monitoring and centralized monitoring both will be addressed. This needs to be fixed ASAP.

abewub commented 10 months ago

Thanks for the feedback. As you implied, our design is to have multiple hubs deployed if you want the notifications to go to different destinations. We will see if we can improve the design to support your use case too. In the meantime, you create different subscriptions with different filters for the different email addresses as described here.

KadalurSupreeth commented 10 months ago

Appreciate for the quick feedback. Deploying multiple hubs to more than 100 accounts is not feasible. Also, we do have an automated process to provision a new account whenever needed by application teams. New accounts created will have their own email IDs. We have chosen quota monitoring solution because any new account added to the OUs in an organization will have this framework deployed automatically (spoke templates). Please verify if you can improve the design to pick the email Ids attached to the account and automatically subscribe to the SNS topic for each account. This way, assigning Emails IDs or updating filtering policy manually can be avoided. Please let me know your thoughts. This is kind of urgent need for us. Thanks for your assitance.

abewub commented 10 months ago

That is something that can be done for deployments within organizational units. This solution can also be deployed in purely hub and spoke model on otherwise unrelated accounts, where you can't know the root email address. We will have this in our backlog, but I am afraid this won't be something we will be doing immediately.

KadalurSupreeth commented 10 months ago

Ok understood. Can I get at least tentative timelines when this can be done? I can pass on the message to our cloud center of excellence team. Thanks

rakshb commented 10 months ago

@KadalurSupreeth Hello, thanks for your request. We have added this to the backlog and will prioritize it for our next release planned for Q2 2024.

KadalurSupreeth commented 10 months ago

Thank you