{ "Description": "(SO0005-SQ) - quota-monitor-for-aws version:v6.2.1 - Service Quotas Template", "AWSTemplateFormatVersion": "2010-09-09", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Monitoring Account Configuration" }, "Parameters": [ "EventBusArn" ] }, { "Label": { "default": "Service Quotas Configuration" }, "Parameters": [ "NotificationThreshold", "MonitoringFrequency" ] } ], "ParameterLabels": { "EventBusArn": { "default": "Arn for the EventBridge bus in the monitoring account" }, "NotificationThreshold": { "default": "At what quota utilization do you want notifications?" }, "MonitoringFrequency": { "default": "Frequency to monitor quota utilization" } } } }, "Parameters": { "EventBusArn": { "Type": "String" }, "NotificationThreshold": { "Type": "String", "Default": "80", "AllowedValues": [ "60", "70", "80" ] }, "MonitoringFrequency": { "Type": "String", "Default": "rate(12 hours)", "AllowedValues": [ "rate(6 hours)", "rate(12 hours)" ] } }, "Resources": { "QMSpokeBus1D13B121": { "Type": "AWS::Events::EventBus", "Properties": { "Name": "QuotaMonitorSpokeBus" }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Spoke-Bus/Resource" } }, "QMUtilsLayerquotamonitorsqspokeQMUtilsLayerquotamonitorsqspokeLayerF6FD536E": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "Content": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset81614929e374f7931dfaaabf04bb969f72fcacc1ee083173711b38ce460307a9.zip" }, "CompatibleRuntimes": [ "nodejs16.x" ], "LayerName": "QM-UtilsLayer-quota-monitor-sq-spoke" }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-UtilsLayer-quota-monitor-sq-spoke/QM-UtilsLayer-quota-monitor-sq-spoke-Layer/Resource", "aws:asset:path": "asset.81614929e374f7931dfaaabf04bb969f72fcacc1ee083173711b38ce460307a9.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Content" } }, "SQServiceTable0182B2D0": { "Type": "AWS::DynamoDB::Table", "Properties": { "KeySchema": [ { "AttributeName": "ServiceCode", "KeyType": "HASH" } ], "AttributeDefinitions": [ { "AttributeName": "ServiceCode", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "SSEEnabled": true }, "StreamSpecification": { "StreamViewType": "NEW_AND_OLD_IMAGES" } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/SQ-ServiceTable/Resource" } }, "SQQuotaTableD0BC5741": { "Type": "AWS::DynamoDB::Table", "Properties": { "KeySchema": [ { "AttributeName": "ServiceCode", "KeyType": "HASH" }, { "AttributeName": "QuotaCode", "KeyType": "RANGE" } ], "AttributeDefinitions": [ { "AttributeName": "ServiceCode", "AttributeType": "S" }, { "AttributeName": "QuotaCode", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "SSEEnabled": true } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/SQ-QuotaTable/Resource" } }, "QMListManagerQMListManagerFunctionServiceRole12D19CB7": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Function/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" }, { "reason": "Actions do not support resource-level permissions", "id": "AwsSolutions-IAM5" } ] } } }, "QMListManagerQMListManagerFunctionServiceRoleDefaultPolicy314665D0": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:Query" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "SQServiceTable0182B2D0", "Arn" ] } }, { "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:Query" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "SQQuotaTableD0BC5741", "Arn" ] } }, { "Action": [ "cloudwatch:GetMetricData", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "dynamodb:DescribeLimits", "autoscaling:DescribeAccountLimits", "route53:GetAccountLimit", "rds:DescribeAccountAttributes" ], "Effect": "Allow", "Resource": "*" }, { "Action": "dynamodb:ListStreams", "Effect": "Allow", "Resource": "*" }, { "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "SQServiceTable0182B2D0", "StreamArn" ] } } ], "Version": "2012-10-17" }, "PolicyName": "QMListManagerQMListManagerFunctionServiceRoleDefaultPolicy314665D0", "Roles": [ { "Ref": "QMListManagerQMListManagerFunctionServiceRole12D19CB7" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Function/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Actions do not support resource-level permissions", "id": "AwsSolutions-IAM5" } ] } } }, "QMListManagerQMListManagerFunction1F09A88F": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset85d9ca6ca82264edea4621132e1dddcc4db4b25916164e31df85b9079fe06bd8.zip" }, "Role": { "Fn::GetAtt": [ "QMListManagerQMListManagerFunctionServiceRole12D19CB7", "Arn" ] }, "Description": "SO0005 quota-monitor-for-aws - QM-ListManager-Function", "Environment": { "Variables": { "SQ_SERVICE_TABLE": { "Ref": "SQServiceTable0182B2D0" }, "SQ_QUOTA_TABLE": { "Ref": "SQQuotaTableD0BC5741" }, "PARTITION_KEY": "ServiceCode", "SORT": "QuotaCode", "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "Layers": [ { "Ref": "QMUtilsLayerquotamonitorsqspokeQMUtilsLayerquotamonitorsqspokeLayerF6FD536E" } ], "MemorySize": 128, "Runtime": "nodejs16.x", "Timeout": 900 }, "DependsOn": [ "QMListManagerQMListManagerFunctionServiceRoleDefaultPolicy314665D0", "QMListManagerQMListManagerFunctionServiceRole12D19CB7" ], "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Function/Resource", "aws:asset:path": "asset.85d9ca6ca82264edea4621132e1dddcc4db4b25916164e31df85b9079fe06bd8.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMListManagerQMListManagerFunctionEventInvokeConfigDDD15BD1": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMListManagerQMListManagerFunction1F09A88F" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Function/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMListManagerQMListManagerFunctionDynamoDBEventSourcequotamonitorsqspokeSQServiceTableDFB54B66D184A01F": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { "FunctionName": { "Ref": "QMListManagerQMListManagerFunction1F09A88F" }, "BatchSize": 1, "EventSourceArn": { "Fn::GetAtt": [ "SQServiceTable0182B2D0", "StreamArn" ] }, "StartingPosition": "LATEST" }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Function/DynamoDBEventSource:quotamonitorsqspokeSQServiceTableDFB54B66/Resource" } }, "QMListManagerQMListManagerProviderframeworkonEventServiceRoleB85FCC1C": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Provider/framework-onEvent/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMListManagerQMListManagerProviderframeworkonEventServiceRoleDefaultPolicy60F3D9D1": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "QMListManagerQMListManagerFunction1F09A88F", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "QMListManagerQMListManagerFunction1F09A88F", "Arn" ] }, ":*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "QMListManagerQMListManagerProviderframeworkonEventServiceRoleDefaultPolicy60F3D9D1", "Roles": [ { "Ref": "QMListManagerQMListManagerProviderframeworkonEventServiceRoleB85FCC1C" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMListManagerQMListManagerProviderframeworkonEvent1F57B2C8": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" }, "Role": { "Fn::GetAtt": [ "QMListManagerQMListManagerProviderframeworkonEventServiceRoleB85FCC1C", "Arn" ] }, "Description": "AWS CDK resource provider framework - onEvent (quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Provider)", "Environment": { "Variables": { "USER_ON_EVENT_FUNCTION_ARN": { "Fn::GetAtt": [ "QMListManagerQMListManagerFunction1F09A88F", "Arn" ] } } }, "Handler": "framework.onEvent", "Runtime": "nodejs14.x", "Timeout": 900 }, "DependsOn": [ "QMListManagerQMListManagerProviderframeworkonEventServiceRoleDefaultPolicy60F3D9D1", "QMListManagerQMListManagerProviderframeworkonEventServiceRoleB85FCC1C" ], "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/QM-ListManager-Provider/framework-onEvent/Resource", "aws:asset:path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMListManagerSQServiceList2C145D4D": { "Type": "Custom::SQServiceList", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "QMListManagerQMListManagerProviderframeworkonEvent1F57B2C8", "Arn" ] }, "VERSION": "v6.2.1" }, "DependsOn": [ "QMUtilizationErr3AEC9915", "SQQuotaTableD0BC5741", "SQServiceTable0182B2D0" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManager/SQServiceList/Default" } }, "QMListManagerSchedule2CDA6819": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - quota-monitor-sq-spoke-EventsRule", "ScheduleExpression": "cron(0 0 1 * ? *)", "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMListManagerQMListManagerFunction1F09A88F", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManagerSchedule/Resource" } }, "QMListManagerScheduleAllowEventRulequotamonitorsqspokeQMListManagerQMListManagerFunction5A8AD0C253E1C515": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMListManagerQMListManagerFunction1F09A88F", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMListManagerSchedule2CDA6819", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-ListManagerSchedule/AllowEventRulequotamonitorsqspokeQMListManagerQMListManagerFunction5A8AD0C2" } }, "QMCWPollerQMCWPollerEventsRuleE8CD588E": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-CWPoller-EventsRule", "ScheduleExpression": { "Ref": "MonitoringFrequency" }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambda824ABE36", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-EventsRule/Resource" } }, "QMCWPollerQMCWPollerEventsRuleAllowEventRulequotamonitorsqspokeQMCWPollerQMCWPollerLambdaB70526DA3005A260": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambda824ABE36", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerEventsRuleE8CD588E", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-EventsRule/AllowEventRulequotamonitorsqspokeQMCWPollerQMCWPollerLambdaB70526DA" } }, "QMCWPollerQMCWPollerLambdaDeadLetterQueueE535D49E": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": "alias/aws/sqs" }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda-Dead-Letter-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Queue itself is dead-letter queue", "id": "AwsSolutions-SQS3" } ] } } }, "QMCWPollerQMCWPollerLambdaDeadLetterQueuePolicyC81A8B00": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambdaDeadLetterQueueE535D49E", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMCWPollerQMCWPollerLambdaDeadLetterQueueE535D49E" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda-Dead-Letter-Queue/Policy/Resource" } }, "QMCWPollerQMCWPollerLambdaServiceRole8985092D": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMCWPollerQMCWPollerLambdaServiceRoleDefaultPolicy626BCE22": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambdaDeadLetterQueueE535D49E", "Arn" ] } }, { "Action": "dynamodb:Query", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "SQQuotaTableD0BC5741", "Arn" ] } }, { "Action": "cloudwatch:GetMetricData", "Effect": "Allow", "Resource": "*" }, { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMSpokeBus1D13B121", "Arn" ] } }, { "Action": "servicequotas:ListServices", "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "QMCWPollerQMCWPollerLambdaServiceRoleDefaultPolicy626BCE22", "Roles": [ { "Ref": "QMCWPollerQMCWPollerLambdaServiceRole8985092D" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMCWPollerQMCWPollerLambda824ABE36": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/assetf954c9eab8f20af8501ce3219697e49421445ff12b3c38b17e4f85cf077872ea.zip" }, "Role": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambdaServiceRole8985092D", "Arn" ] }, "DeadLetterConfig": { "TargetArn": { "Fn::GetAtt": [ "QMCWPollerQMCWPollerLambdaDeadLetterQueueE535D49E", "Arn" ] } }, "Description": "SO0005 quota-monitor-for-aws - QM-CWPoller-Lambda", "Environment": { "Variables": { "SQ_QUOTA_TABLE": { "Ref": "SQQuotaTableD0BC5741" }, "SPOKE_EVENT_BUS": { "Ref": "QMSpokeBus1D13B121" }, "POLLER_FREQUENCY": { "Ref": "MonitoringFrequency" }, "THRESHOLD": { "Ref": "NotificationThreshold" }, "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "Layers": [ { "Ref": "QMUtilsLayerquotamonitorsqspokeQMUtilsLayerquotamonitorsqspokeLayerF6FD536E" } ], "MemorySize": 512, "Runtime": "nodejs16.x", "Timeout": 900 }, "DependsOn": [ "QMCWPollerQMCWPollerLambdaServiceRoleDefaultPolicy626BCE22", "QMCWPollerQMCWPollerLambdaServiceRole8985092D" ], "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda/Resource", "aws:asset:path": "asset.f954c9eab8f20af8501ce3219697e49421445ff12b3c38b17e4f85cf077872ea.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMCWPollerQMCWPollerLambdaEventInvokeConfigB943EE46": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMCWPollerQMCWPollerLambda824ABE36" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-CWPoller/QM-CWPoller-Lambda/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMUtilizationOK588DBAE8": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - quota-monitor-sq-spoke-EventsRule", "EventBusName": { "Ref": "QMSpokeBus1D13B121" }, "EventPattern": { "account": [ { "Ref": "AWS::AccountId" } ], "detail": { "status": [ "OK" ] }, "detail-type": [ "Service Quotas Utilization Notification" ], "source": [ "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Ref": "EventBusArn" }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ "QMUtilizationOKEventsRoleC12899D6", "Arn" ] } } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-OK/Resource" } }, "QMUtilizationOKEventsRoleC12899D6": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-OK/EventsRole/Resource" } }, "QMUtilizationOKEventsRoleDefaultPolicyD9D7AF54": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Ref": "EventBusArn" } } ], "Version": "2012-10-17" }, "PolicyName": "QMUtilizationOKEventsRoleDefaultPolicyD9D7AF54", "Roles": [ { "Ref": "QMUtilizationOKEventsRoleC12899D6" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-OK/EventsRole/DefaultPolicy/Resource" } }, "QMUtilizationWarn1BF84C25": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - quota-monitor-sq-spoke-EventsRule", "EventBusName": { "Ref": "QMSpokeBus1D13B121" }, "EventPattern": { "account": [ { "Ref": "AWS::AccountId" } ], "detail": { "status": [ "WARN" ] }, "detail-type": [ "Service Quotas Utilization Notification" ], "source": [ "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Ref": "EventBusArn" }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ "QMUtilizationWarnEventsRole4BC4EAB1", "Arn" ] } } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Warn/Resource" } }, "QMUtilizationWarnEventsRole4BC4EAB1": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Warn/EventsRole/Resource" } }, "QMUtilizationWarnEventsRoleDefaultPolicyAE78A2DA": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Ref": "EventBusArn" } } ], "Version": "2012-10-17" }, "PolicyName": "QMUtilizationWarnEventsRoleDefaultPolicyAE78A2DA", "Roles": [ { "Ref": "QMUtilizationWarnEventsRole4BC4EAB1" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Warn/EventsRole/DefaultPolicy/Resource" } }, "QMUtilizationErr3AEC9915": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - quota-monitor-sq-spoke-EventsRule", "EventBusName": { "Ref": "QMSpokeBus1D13B121" }, "EventPattern": { "account": [ { "Ref": "AWS::AccountId" } ], "detail": { "status": [ "ERROR" ] }, "detail-type": [ "Service Quotas Utilization Notification" ], "source": [ "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Ref": "EventBusArn" }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ "QMUtilizationErrEventsRoleAAC90710", "Arn" ] } } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Err/Resource" } }, "QMUtilizationErrEventsRoleAAC90710": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Err/EventsRole/Resource" } }, "QMUtilizationErrEventsRoleDefaultPolicy4BE442C4": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "events:PutEvents", "Effect": "Allow", "Resource": { "Ref": "EventBusArn" } } ], "Version": "2012-10-17" }, "PolicyName": "QMUtilizationErrEventsRoleDefaultPolicy4BE442C4", "Roles": [ { "Ref": "QMUtilizationErrEventsRoleAAC90710" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/QM-Utilization-Err/EventsRole/DefaultPolicy/Resource" } }, "SQSpokeAppRegistryApplicationB3787B2B": { "Type": "AWS::ServiceCatalogAppRegistry::Application", "Properties": { "Name": { "Fn::Join": [ "-", [ "QM_SQ", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" } ] ] }, "Description": "Service Catalog application to track and manage all your resources for the solution quota-monitor-for-aws", "Tags": { "ApplicationType": "AWS-Solutions", "SolutionID": "SO0005-SQ", "SolutionName": "quota-monitor-for-aws", "SolutionVersion": "v6.2.1" } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/SQSpokeAppRegistryApplication/AppRegistryApplication/Resource" } }, "SQSpokeAppRegistryApplicationApplicationAttributeGroup78ACE782": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroup", "Properties": { "Attributes": { "solutionID": "SO0005-SQ", "solutionName": "quota-monitor-for-aws", "version": "v6.2.1", "applicationType": "AWS-Solutions" }, "Name": { "Fn::Join": [ "-", [ "QM_SQ", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" } ] ] }, "Description": "Attribute group for application information", "Tags": { "ApplicationType": "AWS-Solutions", "SolutionID": "SO0005-SQ", "SolutionName": "quota-monitor-for-aws", "SolutionVersion": "v6.2.1" } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/SQSpokeAppRegistryApplication/AppRegistryApplication/ApplicationAttributeGroup/Resource" } }, "SQSpokeAppRegistryApplicationAttributeGroupAssociation49810cc2f44766C6F2EA": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation", "Properties": { "Application": { "Fn::GetAtt": [ "SQSpokeAppRegistryApplicationB3787B2B", "Id" ] }, "AttributeGroup": { "Fn::GetAtt": [ "SQSpokeAppRegistryApplicationApplicationAttributeGroup78ACE782", "Id" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/SQSpokeAppRegistryApplication/AppRegistryApplication/AttributeGroupAssociation49810cc2f447" } }, "AppRegistryAssociation": { "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation", "Properties": { "Application": { "Fn::GetAtt": [ "SQSpokeAppRegistryApplicationB3787B2B", "Id" ] }, "Resource": { "Ref": "AWS::StackId" }, "ResourceType": "CFN_STACK" }, "Metadata": { "aws:cdk:path": "quota-monitor-sq-spoke/AppRegistryAssociation" } } } }