turbot / steampipe-plugin-sdk

Steampipe Plugin SDK is a simple abstraction layer to write a Steampipe plugin. Plugins automatically work across all engine types including the Steampipe CLI, Postgres FDW, SQLite extension and the export CLI.
https://hub.steampipe.io/plugins
Apache License 2.0
33 stars 16 forks source link

Better rate limiting support #595

Open massyn opened 1 year ago

massyn commented 1 year ago

Is your feature request related to a problem? Please describe. On a large AWS account (100 accounts +) Steampipe would run into rate limiting issues on AWS.

Describe the solution you'd like Steampipe should recognize the limits posed by each of the API endpoints, and should only queue the number of APIs based on the limit the service can entertain. At that point, Steampipe should wait (sleep) until the rate limit has lapsed.

Describe alternatives you've considered Tweaking the MAX_PARRALLEL parameter, but this has no effect. There are no other options in the aws plugin where throttling of API calls, or any setting to manage rate limits can be tweaked.

Additional context

cbruno10 commented 1 year ago

Hi @massyn , as far as I understand it, AWS has rate limiting on a per account, per region connection, so I don't believe the number of AWS accounts would affect rate limiting. What would affect how often rate limits are hit would be how many queries are run against tables that use the same service for a particular account region, e.g., if multiple queries are made to aws_ec2_instance, aws_ec2_ami, and aws_ec2_key_pair against a single region in an account, then the EC2 API could throttle in that particular region in the account.

As far as I know, AWS shares how some service rate limits work, e.g., https://docs.aws.amazon.com/AWSEC2/latest/APIReference/throttling.html, but these aren't available programmatically and other services aren't as transparent with their rate limits. If you've seen any way to get these limits programmatically though, please share any links you have as we'd be interested in exploring them.

Implementing some extra controls around this information is possible, but labor intensive and because not all services support it, we instead chose to handle throttling with configurations available in the AWS SDK.

For instance, in the plugin, we implement a retry backoff strategy with jitter when we encounter throttling or retryable errors in https://github.com/turbot/steampipe-plugin-aws/blob/2387b04c46101344617c0472b62d9012025e9bad/aws/service.go#L1772, like AWS recommends in https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/ and https://aws.amazon.com/builders-library/timeouts-retries-and-backoff-with-jitter/, though we can still hit the maximum number of retries.

Can you please have a look at some follow-up questions I have below, which I think may help us better understand your use case:

massyn commented 1 year ago

Are you receiving any particular errors? Or do your queries just take a long time to complete?

Do any specific connections seem to hit throttling more frequently?

What queries, checks, and/or dashboards are you running?

Do any seem to cause you to hit rate limits in particular?

Are there certain tables or services you hit rate limits with more frequently?

Does increasing max_error_retry_attempts and/or min_error_retry_delay from https://hub.steampipe.io/plugins/turbot/aws#configuration help with hitting

cbruno10 commented 1 year ago

@massyn If I understand correctly, the main effect of how Steampipe and the AWS plugin are hitting the AWS API is that Steampipe will eventually cause the server/instance to run out of memory?

Also, can you please share some log messages, console outputs, and/or screenshots of the errors and crashes you're seeing? These can help us try and reproduce and diagnose from our end. Thanks!

bigdatasourav commented 1 year ago

@kaidaguerre, I've transferred this issue to the SDK repo for better tracking, as this looks like an SDK issue you are already working on. Please let us know if anything is required from the plugin team.

judell commented 1 year ago

@massyn have you tried the new rate limiting in v21? https://steampipe.io/blog/memory-management-rate-limiters-diagnostics