awslimitchecker.checker module

class awslimitchecker.checker.AwsLimitChecker(warning_threshold=80, critical_threshold=99, account_id=None, account_role=None, region=None, external_id=None, mfa_serial_number=None, mfa_token=None)[source]

Bases: object

Main AwsLimitChecker class - this should be the only externally-used portion of awslimitchecker.

Constructor builds self.services as a dict of service_name (str) to _AwsService instance, and sets limit thresholds.

Parameters:
  • warning_threshold (int) – the default warning threshold, as an integer percentage, for any limits without a specifically-set threshold.
  • critical_threshold (int) – the default critical threshold, as an integer percentage, for any limits without a specifically-set threshold.
  • account_id (str) – AWS Account ID (12-digit string, currently numeric) for the account to connect to (destination) via STS
  • account_role (str) – the name of an IAM Role (in the destination account) to assume
  • region (str) – AWS region name to connect to
  • external_id (str) – (optional) the External ID string to use when assuming a role via STS.
  • mfa_serial_number (str) – (optional) the MFA Serial Number string to use when assuming a role via STS.
  • mfa_token (str) – (optional) the MFA Token string to use when assuming a role via STS.
__dict__ = dict_proxy({'set_limit_override': <function set_limit_override at 0x7fd39bf2bc80>, '__module__': 'awslimitchecker.checker', 'find_usage': <function find_usage at 0x7fd39bf2bb90>, 'get_service_names': <function get_service_names at 0x7fd39bf2bb18>, 'set_threshold_overrides': <function set_threshold_overrides at 0x7fd39bf2bcf8>, 'get_version': <function get_version at 0x7fd39bf2b9b0>, 'check_thresholds': <function check_thresholds at 0x7fd39bf2bde8>, 'set_threshold_override': <function set_threshold_override at 0x7fd39bf2bd70>, 'get_limits': <function get_limits at 0x7fd39bf2baa0>, 'set_limit_overrides': <function set_limit_overrides at 0x7fd39bf2bc08>, '__dict__': <attribute '__dict__' of 'AwsLimitChecker' objects>, 'get_required_iam_policy': <function get_required_iam_policy at 0x7fd39bf2be60>, '__weakref__': <attribute '__weakref__' of 'AwsLimitChecker' objects>, '__doc__': None, '__init__': <function __init__ at 0x7fd39bf2b938>, 'get_project_url': <function get_project_url at 0x7fd39bf2ba28>})
__init__(warning_threshold=80, critical_threshold=99, account_id=None, account_role=None, region=None, external_id=None, mfa_serial_number=None, mfa_token=None)

Main AwsLimitChecker class - this should be the only externally-used portion of awslimitchecker.

Constructor builds self.services as a dict of service_name (str) to _AwsService instance, and sets limit thresholds.

Parameters:
  • warning_threshold (int) – the default warning threshold, as an integer percentage, for any limits without a specifically-set threshold.
  • critical_threshold (int) – the default critical threshold, as an integer percentage, for any limits without a specifically-set threshold.
  • account_id (str) –

    AWS Account ID (12-digit string, currently numeric) for the account to connect to (destination) via STS

  • account_role (str) –

    the name of an IAM Role (in the destination account) to assume

  • region (str) – AWS region name to connect to
  • external_id (str) –

    (optional) the External ID string to use when assuming a role via STS.

  • mfa_serial_number (str) – (optional) the MFA Serial Number string to use when assuming a role via STS.
  • mfa_token (str) – (optional) the MFA Token string to use when assuming a role via STS.
__module__ = 'awslimitchecker.checker'
__weakref__

list of weak references to the object (if defined)

check_thresholds(service=None, use_ta=True)

Check all limits and current usage against their specified thresholds; return all AwsLimit instances that have crossed one or more of their thresholds.

If service is specified, the returned dict has one element, the service name, whose value is a nested dict as described below; otherwise it includes all known services.

The returned AwsLimit objects can be interrogated for their limits (get_limit()) as well as the details of usage that crossed the thresholds (get_warnings() and get_criticals()).

See AwsLimit.check_thresholds().

Parameters:
  • service (string) – the name of one service to return results for
  • use_ta (bool) – check Trusted Advisor for information on limits
Returns:

dict of service name (string) to nested dict of limit name (string) to limit (AwsLimit)

Return type:

dict

find_usage(service=None, use_ta=True)

For each limit in the specified service (or all services if service is None), query the AWS API via boto3 and find the current usage amounts for that limit.

This method updates the current_usage attribute of the AwsLimit objects for each service, which can then be queried using get_limits().

Parameters:
  • service (None, or string service name to get) – _AwsService name, or None to check all services.
  • use_ta (bool) – check Trusted Advisor for information on limits
get_limits(service=None, use_ta=True)

Return all AwsLimit objects for the given service name, or for all services if service is None.

If service is specified, the returned dict has one element, the service name, whose value is a nested dict as described below.

Parameters:
  • service (string) – the name of one service to return limits for
  • use_ta (bool) – check Trusted Advisor for information on limits
Returns:

dict of service name (string) to nested dict of limit name (string) to limit (AwsLimit)

Return type:

dict

get_project_url()

Return the URL for the awslimitchecker project.

Returns:URL of where to find awslimitchecker
Return type:string
get_required_iam_policy()

Return an IAM policy granting all of the permissions needed for awslimitchecker to fully function. This returns a dict suitable for json serialization to a valid IAM policy.

Internally, this calls required_iam_permissions() on each _AwsService instance.

Returns:dict representation of IAM Policy
Return type:dict
get_service_names()

Return a list of all known service names

Returns:list of service names
Return type:list
get_version()

Return the version of awslimitchecker currently running.

Returns:current awslimitchecker version
Return type:string
set_limit_override(service_name, limit_name, value, override_ta=True)

Set a manual override on an AWS service limits, i.e. if you had limits increased by AWS support.

This method calls _AwsService.set_limit_override() on the corresponding _AwsService instance.

Explicitly set limit overrides using this method will take precedence over default limits. They will also take precedence over limit information obtained via Trusted Advisor, unless override_ta is set to False.

Parameters:
  • service_name (string) – the name of the service to override limit for
  • limit_name (string) – the name of the limit to override:
  • value (int) – the new (overridden) limit value)
  • override_ta (bool) – whether or not to use this value even if Trusted Advisor supplies limit information
Raises:

ValueError if limit_name is not known to the service instance

set_limit_overrides(override_dict, override_ta=True)

Set manual overrides on AWS service limits, i.e. if you had limits increased by AWS support. This takes a dict in the same form as that returned by get_limits(), i.e. service_name (str) keys to nested dict of limit_name (str) to limit value (int) like:

{
    'EC2': {
      'Running On-Demand t2.micro Instances': 1000,
      'Running On-Demand r3.4xlarge Instances': 1000,
    }
}

Internally, for each limit override for each service in override_dict, this method calls _AwsService.set_limit_override() on the corresponding _AwsService instance.

Explicitly set limit overrides using this method will take precedence over default limits. They will also take precedence over limit information obtained via Trusted Advisor, unless override_ta is set to False.

Parameters:
  • override_dict (dict) – dict of overrides to default limits
  • override_ta (bool) – whether or not to use this value even if Trusted Advisor supplies limit information
Raises:

exceptions.ValueError if limit_name is not known to the service instance

set_threshold_override(service_name, limit_name, warn_percent=None, warn_count=None, crit_percent=None, crit_count=None)

Set a manual override on the threshold (used for determining warning/critical status) for a specific limit. See AwsLimitChecker for information on Warning and Critical thresholds.

See AwsLimit.set_threshold_override().

Parameters:
  • service_name (string) – the name of the service to override limit for
  • limit_name (string) – the name of the limit to override:
  • warn_percent (int) – new warning threshold, percentage used
  • warn_count (int) – new warning threshold, actual count/number
  • crit_percent (int) – new critical threshold, percentage used
  • crit_count (int) – new critical threshold, actual count/number
set_threshold_overrides(override_dict)

Set manual overrides on the threshold (used for determining warning/critical status) a dict of limits. See AwsLimitChecker for information on Warning and Critical thresholds.

Dict is composed of service name keys (string) to dict of limit names (string), to dict of threshold specifications. Each threhold specification dict can contain keys ‘warning’ or ‘critical’, each having a value of a dict containing keys ‘percent’ or ‘count’, to an integer value.

Example:

{
    'EC2': {
        'SomeLimit': {
            'warning': {
                'percent': 80,
                'count': 8,
            },
            'critical': {
                'percent': 90,
                'count': 9,
            }
        }
    }
}

See AwsLimit.set_threshold_override().

Parameters:override_dict (dict) – nested dict of threshold overrides