Iam role check - Githubissues

brennerm / aws-quota-checker

Keep an eye on your AWS quotas before you hit their limits

https://pypi.org/project/aws-quota-checker/

MIT License

87 stars 37 forks source link

Iam role check #23

Closed charleshepner closed 2 years ago

charleshepner commented 3 years ago

Check for the number of IAM roles in an account.

Fixes #22

brennerm commented 3 years ago

@charleshepner Thanks for opening this PR. Unfortunately the service code you are referencing does not exist for my AWS account:

...
botocore.errorfactory.NoSuchResourceException: An error occurred (NoSuchResourceException) when calling the GetServiceQuota operation: 
...
botocore.errorfactory.NoSuchResourceException: An error occurred (NoSuchResourceException) when calling the GetAWSDefaultServiceQuota operation: The request failed because the specified service does not exist.

Did you request a quota increase for the number of roles in your AWS account?

charleshepner commented 3 years ago

We had 835 roles out of 1000 in our prod account, so the AWS console was warning us, which was what led me to create this check. Here are some screenshots from two of our accounts:

nonprod

prod

I did ask for a quota increase to 2000 for our prod account. It looks as if our nonprod account has an increase applied as well, but that must have been some time ago since I don't recall submitting a ticket for that.

brennerm commented 3 years ago

Yeah so it seems like these limits are only available after a quota increase. I'm OK with returning the default value of 1000 if getting the limit returns a botocore.errorfactory.NoSuchResourceException. Do you want to implement this behavior?

charleshepner commented 3 years ago

Yep, sure thing.

brennerm commented 2 years ago

Implemented in https://github.com/brennerm/aws-quota-checker/commit/da7b983f4ee9eefd84d4ecbd1da2b0bbe1b30452