awslimitchecker

Simple module to programatically retrieve your AWS account limits (whether they are supporter by servicequotas or not). It also provide a lightweight cli program to access the data.

Status

The project is under active development. We are focusing primarly to put the basic foundations of the module/cli in order to make it useful. Not many services are currently supported, but it's fairly simple to add them - priority at the moment is to put the foundations - adding services is done gradually.

Features

Check current AWS resource usage against AWS ServiceQuota limits (see wiki - Supported Quotas for complete list)
Retrieves current usage
Compare current usage to limits
When available, retrieves applied (different than default) values
Supports explicitely setting the AWS region
Supports Overriding default/applied limits (for accounts that have increased limits through customer support for example)

cli

A utility awslimitchecker CLI is provided, that exposes the module through a simple interface.

Usage

Make sure you are logged into your AWS account (aws configure or through environment variables). This account needs to have the required IAM permissions.

Check the help page with awslimitchecker --help to see all available commands.

List required permissions

awslimitchecker requires a set of permissions in order to retrieve usage and quota information. To list the required AWS IAM policies, use the iam command line argument

➜ awslimitchecker iam
Required IAM permissions to retrieve usage/limits:
* dynamodb:ListTables
* eks:ListClusters
* eks:ListNodegroups
* elasticache:DescribeCacheClusters
* elasticloadbalancing:DescribeLoadBalancers
* elasticloadbalancing:DescribeAccountLimits
* iam:GetAccountSummary
* kinesis:DescribeLimits
* rds:DescribeAccountAttributes
* s3:ListAllMyBuckets
* sns:ListTopics
* sns:ListSubscriptions

Run a check on a single service

(note - all "usage" have been manufactured/are examples)

➜ awslimitchecker check rds --console
AWS profile: default | AWS region: ap-southeast-1 | service: rds
* [rds] DB instances  100/600
* [rds] DB clusters  100/300
* [rds] Reserved DB instances  0/600

Run all the available checks

(note - all "actuals" have been manufactured/are examples)

➜ awslimitchecker check all
AWS profile: default | AWS region: ap-southeast-1 | service: all
* [rds] DB instances  100/600
* [rds] DB clusters  100/300
* [rds] Reserved DB instances  0/600
* [dynamodb] Maximum number of tables  100/2500
* [eks] Clusters  1/100
* [eks] Managed node groups per cluster (AWS::EKS::Cluster::cluster1) 0/30
* [eks] Managed node groups per cluster (AWS::EKS::Cluster::cluster2) 0/30
* [elasticache] Nodes per Region  10/300
* [s3] Buckets  20/100
* [sns] Topics per Account  300/100000
* [sns] Pending Subscriptions per Account  300/5000
* [elasticloadbalancing] Classic Load Balancers per Region  12/100
* [elasticloadbalancing] Application Load Balancers per Region  12/100
* [elasticloadbalancing] Network Load Balancers per Region  12/50
* [iam] Instance profiles per Account  100/1000
* [iam] Policies per Account  1000/3000
* [iam] Server Certificates per Account  10/25
* [iam] Roles per Account  1000/5000
* [iam] Users per Account  100/5000
* [iam] Groups per Account  100/300
* [kinesis] On-demand Data Streams per account  10/50
* [kinesis] Shards per Region  10/200

Override Limits

awslimitchecker allows you to override the applied or default quotas. To do so, you can specify the path to the json file in the CLI, or provide the slice in the module as well.

The format of the json file needs to be as follows:

{
    "kinesis": {
        "Shards per Region": 123,
        "On-demand Data Streams per account": 456
    },
    ...
    "serviceName": {
        "quota name": 1234.00 // override value
    }
}

Then, you can use the cli as follow:

awslimitchecker check all --quota-override-json <path to your file>

Export data to csv

awslimitchecker check all --csv

Configuration file

Tired of manually selecting the different parameters? You can save those in a file and provide it with the --config flag - or just place it under $HOME/.awslimitchecker to be automatically picked up. The format and options supported are (order does not matter)

awsprofile: <name of profile>
region: <region to evaluate>
overridesJson: <path of the json containing the overrides to apply>
console: true /false
csv: true / false
verbose: true / false

Development

To run the latest:

cd awslimitchecker
go build ./... && go install ./...
awslimitchecker --help

When making changes:

make sure you add relevant tests (there is a github action doing codecov validation)
make sure the existing tests pass go test ./... from root directory
make sure the changes passes golangci-lint golangci-lint run from root directory

sebasrp / awslimitchecker

readme