AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-11-16 · Documentation low

File: solutions/latest/automated-security-response-on-aws/quotas.md

Summary

Replaced EventBridge quotas section with AWS Organizations API usage documentation

Security assessment

Documentation update about API usage patterns and throttling mitigation, not security vulnerabilities

Diff

diff --git a/solutions/latest/automated-security-response-on-aws/quotas.md b/solutions/latest/automated-security-response-on-aws/quotas.md
index f9bb46965..137d0f8bb 100644
--- a//solutions/latest/automated-security-response-on-aws/quotas.md
+++ b//solutions/latest/automated-security-response-on-aws/quotas.md
@@ -5 +5 @@
-Quotas for AWS services in this solutionAWS CloudFormation quotasAWS CloudWatch quotasAmazon EventBridge rules quotas
+Quotas for AWS services in this solutionAWS CloudFormation quotasAWS CloudWatch quotasAWS Organizations
@@ -25 +25 @@ Your AWS account has AWS CloudWatch quotas tied to CloudWatch Resource Policies
-## Amazon EventBridge rules quotas
+## AWS Organizations
@@ -27 +27,5 @@ Your AWS account has AWS CloudWatch quotas tied to CloudWatch Resource Policies
-Your AWS account has Amazon EventBridge rules quotas that you should be aware of when selecting the playbooks to deploy with the solution. Each playbook will create an EventBridge Rule for each control it can remediate. When deploying multiple playbooks, it is possible to reach the quota for Rules. For more information, see [Amazon EventBridge quotas](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-quota.html) in the _Amazon EventBridge User Guide_.
+The solution’s Lambda functions make calls to the [AWS Organizations API](https://docs.aws.amazon.com/organizations/latest/APIReference/Welcome.html) in order to fetch the alias of the current account to include in messages published to the solution’s SNS topic. This enables human-readable account names to be visible in the solution’s notifications for debugging and tracking purposes.
+
+AWS Organizations imposes limits on how often customers can invoke their API endpoints. If you find that the solution is exceeding the limits set for your account, you can disable the feature that fetches and displays the account alias.
+
+To do this, **navigate to the Lambda function** named `SO0111-ASR-sendNotifications` located in the region and account where you deployed the Admin stack. Then, **locate the environment variable** named `DISABLE_ACCOUNT_ALIAS_LOOKUP` and change the value from "False" to **"True"**. The account alias field in the solution’s notifications will now be _"Unknown"_ however this will not impact the functionality of the solution.