Getting the Limit of AWS Accounts using BOTO3

Question

I need to monitor my infrastructure on AWS. For this, I am writing boto3 functions to know the limits of my account. However, I am not able to achieve the following things:

1. Limit of EBS Volumes (Not able to find any method from where I can know the max number of Volumes I can create)
2. Limit of total Number of Security Groups
3. Limit of Security rules per Security group
4. Max number of Elastic IPs. Since I have different AWS accounts and limits vary for each of these accounts. I need to take it dynamically from each account.

Answer 1

It appears that Trusted Advisor has an API for providing limit checks. Also, specific services have API calls available to describe limits.

Take a look at awslimitchecker. It seems to provide a large number of limit checks. You could even look at the awslimitchecker code to see how it obtains the limits.

Answer 2

for #3 (getting "Inbound or outbound rules per security group"):

import boto3


def get_limit_value(service_code, quota_name):
    client = boto3.client('service-quotas')
    paginator = client.get_paginator('list_service_quotas')
    page_iterator = paginator.paginate(ServiceCode=service_code)
    for page in page_iterator:
        for quota in page['Quotas']:
            if quota['QuotaName'] == quota_name:
                return int(quota['Value'])

rules_per_sg = get_limit_value('vpc', 'Inbound or outbound rules per security group')
print(rules_per_sg)

Answer 3

Basically, AWS show you the VPC services limit here , but some soft limit can be lifted by emailing a request to AWS.

EBS soft limit is here.

If your real concern is the cost, then (eg.for those who host web page in AWS without CDN), you should create a billing alarm as describe here.

Answer 4

We can achieve this by using trust advisor service. you only need to monitor the result by direct API call for Trust advisor like service limits in my case. https://console.aws.amazon.com/trustedadvisor/home?#/category/performance?checkId=eW7HH0l7J9