README
¶
awslimitchecker
Simple module to programatically retrieve your AWS account limits (whether they are supporter by servicequotas or not). It also provide a lightweight cli program to access the data.
Status
The project is under active development. We are focusing primarly to put the basic foundations of the module/cli in order to make it useful. Not many services are currently supported, but it's fairly simple to add them - priority at the moment is to put the foundations - adding services is done gradually.
Features
- Check current AWS resource usage against AWS ServiceQuota limits (see wiki - Supported Quotas for complete list)
- Retrieves current usage
- Compare current usage to limits
- When available, retrieves applied (different than default) values
- Supports explicitely setting the AWS region
- Supports Overriding default/applied limits (for accounts that have increased limits through customer support for example)
cli
A utility awslimitchecker CLI is provided, that exposes the module through a simple interface.
Usage
Make sure you are logged into your AWS account (aws configure or through environment variables). This account needs to have the required IAM permissions.
Check the help page with awslimitchecker --help to see all available commands.
List required permissions
awslimitchecker requires a set of permissions in order to retrieve usage and quota information. To list the required AWS IAM policies, use the iam command line argument
➜ awslimitchecker iam
Required IAM permissions to retrieve usage/limits:
* dynamodb:ListTables
* eks:ListClusters
* eks:ListNodegroups
* elasticache:DescribeCacheClusters
* elasticloadbalancing:DescribeLoadBalancers
* elasticloadbalancing:DescribeAccountLimits
* iam:GetAccountSummary
* kinesis:DescribeLimits
* rds:DescribeAccountAttributes
* s3:ListAllMyBuckets
* sns:ListTopics
* sns:ListSubscriptions
Run a check on a single service
(note - all "usage" have been manufactured/are examples)
➜ awslimitchecker check rds --console
AWS profile: default | AWS region: ap-southeast-1 | service: rds
* [rds] DB instances 100/600
* [rds] DB clusters 100/300
* [rds] Reserved DB instances 0/600
Run all the available checks
(note - all "actuals" have been manufactured/are examples)
➜ awslimitchecker check all
AWS profile: default | AWS region: ap-southeast-1 | service: all
* [rds] DB instances 100/600
* [rds] DB clusters 100/300
* [rds] Reserved DB instances 0/600
* [dynamodb] Maximum number of tables 100/2500
* [eks] Clusters 1/100
* [eks] Managed node groups per cluster (AWS::EKS::Cluster::cluster1) 0/30
* [eks] Managed node groups per cluster (AWS::EKS::Cluster::cluster2) 0/30
* [elasticache] Nodes per Region 10/300
* [s3] Buckets 20/100
* [sns] Topics per Account 300/100000
* [sns] Pending Subscriptions per Account 300/5000
* [elasticloadbalancing] Classic Load Balancers per Region 12/100
* [elasticloadbalancing] Application Load Balancers per Region 12/100
* [elasticloadbalancing] Network Load Balancers per Region 12/50
* [iam] Instance profiles per Account 100/1000
* [iam] Policies per Account 1000/3000
* [iam] Server Certificates per Account 10/25
* [iam] Roles per Account 1000/5000
* [iam] Users per Account 100/5000
* [iam] Groups per Account 100/300
* [kinesis] On-demand Data Streams per account 10/50
* [kinesis] Shards per Region 10/200
Override Limits
awslimitchecker allows you to override the applied or default quotas. To do so, you can specify the path to the json file in the CLI, or provide the slice in the module as well.
The format of the json file needs to be as follows:
{
"kinesis": {
"Shards per Region": 123,
"On-demand Data Streams per account": 456
},
...
"serviceName": {
"quota name": 1234.00 // override value
}
}
Then, you can use the cli as follow:
awslimitchecker check all --quota-override-json <path to your file>
Export data to csv
awslimitchecker check all --csv
Configuration file
Tired of manually selecting the different parameters? You can save those in a file and provide it with the --config flag - or just place it under $HOME/.awslimitchecker to be automatically picked up. The format and options supported are (order does not matter)
awsprofile: <name of profile>
region: <region to evaluate>
overridesJson: <path of the json containing the overrides to apply>
console: true /false
csv: true / false
verbose: true / false
Development
To run the latest:
cd awslimitchecker
go build ./... && go install ./...
awslimitchecker --help
When making changes:
- make sure you add relevant tests (there is a github action doing codecov validation)
- make sure the existing tests pass
go test ./...from root directory - make sure the changes passes golangci-lint
golangci-lint runfrom root directory
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var SupportedAwsServices = map[string]func() services.Svcquota{ "acm": services.NewAcmChecker, "autoscaling": services.NewAutoscalingChecker, "cloudformation": services.NewCloudformationChecker, "dynamodb": services.NewDynamoDbChecker, "ebs": services.NewEbsChecker, "eks": services.NewEksChecker, "elasticache": services.NewElastiCacheChecker, "elb": services.NewElbChecker, "iam": services.NewIamChecker, "kinesis": services.NewKinesisChecker, "rds": services.NewRdsChecker, "s3": services.NewS3Checker, "sns": services.NewSnsChecker, }
Functions ¶
func GetIamPolicies ¶
func GetIamPolicies() (ret []string)
func GetUsage ¶
func GetUsage(awsService string, awsprofile string, region string, overrides []services.AWSQuotaOverride) (ret []services.AWSQuotaInfo)
func IsValidAwsService ¶
Types ¶
This section is empty.
Source Files
Directories