awslimitchecker.trustedadvisor module

class awslimitchecker.trustedadvisor.TrustedAdvisor(all_services, boto_connection_kwargs, ta_refresh_mode=None, ta_refresh_timeout=None, ta_api_region='us-east-1')[source]

Bases: awslimitchecker.connectable.Connectable

Class to contain all TrustedAdvisor-related logic.

Parameters:
  • all_services (dict) – AwsLimitChecker services dictionary.
  • profile_name (str) – The name of a profile in the cross-SDK shared credentials file for boto3 to retrieve AWS credentials from.
  • account_id (str) – AWS Account ID (12-digit string, currently numeric) for the account to connect to (destination) via STS
  • account_role (str) – the name of an IAM Role (in the destination account) to assume
  • region (str) – AWS region name to connect to
  • external_id (str) – (optional) the External ID string to use when assuming a role via STS.
  • mfa_serial_number (str) – (optional) the MFA Serial Number string to use when assuming a role via STS.
  • mfa_token (str) – (optional) the MFA Token string to use when assuming a role via STS.
  • ta_refresh_mode (str or int or None) – How to handle refreshing Trusted Advisor checks; this is either None (do not refresh at all), the string “wait” (trigger refresh of all limit-related checks and wait for the refresh to complete), the string “trigger” (trigger refresh of all limit-related checks but do not wait for the refresh to complete), or an integer, which causes any limit-related checks more than this number of seconds old to be refreshed, waiting for the refresh to complete. Note that “trigger” will likely result in the current run getting stale data, but the check being refreshed in time for the next run.
  • ta_refresh_timeout (int or None) – If ta_refresh_mode is “wait” or an integer (any mode that will wait for the refresh to complete), if this parameter is not None, only wait up to this number of seconds for the refresh to finish before continuing on anyway.
  • ta_api_region (str) – The AWS region used for calls to the TrustedAdvisor API. This is always us-east-1 for non GovCloud accounts.
__init__(all_services, boto_connection_kwargs, ta_refresh_mode=None, ta_refresh_timeout=None, ta_api_region='us-east-1')[source]

Class to contain all TrustedAdvisor-related logic.

Parameters:
  • all_services (dict) – AwsLimitChecker services dictionary.
  • profile_name (str) –

    The name of a profile in the cross-SDK shared credentials file for boto3 to retrieve AWS credentials from.

  • account_id (str) –

    AWS Account ID (12-digit string, currently numeric) for the account to connect to (destination) via STS

  • account_role (str) –

    the name of an IAM Role (in the destination account) to assume

  • region (str) – AWS region name to connect to
  • external_id (str) –

    (optional) the External ID string to use when assuming a role via STS.

  • mfa_serial_number (str) – (optional) the MFA Serial Number string to use when assuming a role via STS.
  • mfa_token (str) – (optional) the MFA Token string to use when assuming a role via STS.
  • ta_refresh_mode (str or int or None) – How to handle refreshing Trusted Advisor checks; this is either None (do not refresh at all), the string “wait” (trigger refresh of all limit-related checks and wait for the refresh to complete), the string “trigger” (trigger refresh of all limit-related checks but do not wait for the refresh to complete), or an integer, which causes any limit-related checks more than this number of seconds old to be refreshed, waiting for the refresh to complete. Note that “trigger” will likely result in the current run getting stale data, but the check being refreshed in time for the next run.
  • ta_refresh_timeout (int or None) – If ta_refresh_mode is “wait” or an integer (any mode that will wait for the refresh to complete), if this parameter is not None, only wait up to this number of seconds for the refresh to finish before continuing on anyway.
  • ta_api_region (str) – The AWS region used for calls to the TrustedAdvisor API. This is always us-east-1 for non GovCloud accounts.
__module__ = 'awslimitchecker.trustedadvisor'
_can_refresh_check(check_id)[source]

Determine if the given check_id can be refreshed yet.

Parameters:check_id (str) – the Trusted Advisor check ID
Returns:whether or not the check can be refreshed yet
Return type:bool
_dont_use_ta()[source]

If we are connecting to a region outside of China or GovCloud, and do not have the FORCE_USE_TA environment variable set to true, don’t use Trusted Advisor at all.

Returns:whether whether to skip using TA
Return type:bool
_get_check_result(check_id)[source]

Directly wrap Support.Client.describe_trusted_advisor_check_result(); return a 2-tuple of the result dict and the last refresh DateTime.

Parameters:check_id (str) – the Trusted Advisor check ID
Returns:2-tuple of (result dict, last refresh DateTime). If the last refresh time can’t be parsed from the response, the second element will be None.
Return type:tuple
_get_limit_check_id()[source]

Query currently-available TA checks, return the check ID and metadata of the ‘performance/Service Limits’ check.

Returns:2-tuple of Service Limits TA check ID (string), metadata (list), or (None, None).
Return type:tuple
_get_refreshed_check_result(check_id)[source]

Given the check_id, return the dict of Trusted Advisor check results. This handles refreshing the Trusted Advisor check, if desired, according to self.refresh_mode and self.refresh_timeout.

Parameters:check_id (str) – the Trusted Advisor check ID
Returns:dict check result. The return value of Support.Client.describe_trusted_advisor_check_result()
Return type:dict
_make_ta_service_dict()[source]

Build our service and limits dict. This is laid out identical to self.all_services, but keys limits by their ta_service_name and ta_limit_name properties.

Returns:dict of TA service names to TA limit names to AwsLimit objects.
_poll()[source]

Poll Trusted Advisor (Support) API for limit checks.

Return a dict of service name (string) keys to nested dict vals, where each key is a limit name and each value the current numeric limit.

e.g.:

{
    'EC2': {
        'SomeLimit': 10,
    }
}
_poll_for_refresh(check_id)[source]

Given a Trusted Advisor check_id that has just been refreshed, poll until the refresh is complete. Once complete, return the check result.

Parameters:check_id (str) – the Trusted Advisor check ID
Returns:dict check result. The return value of Support.Client.describe_trusted_advisor_check_result()
Return type:dict
_update_services(ta_results)[source]

Given a dict of TrustedAdvisor check results from _poll() and a dict of Service objects passed in to update_limits(), updated the TrustedAdvisor limits for all services.

Parameters:
  • ta_results (dict) – results returned by _poll()
  • services (dict) – dict of service names to _AwsService objects
api_name = 'support'
service_name = 'TrustedAdvisor'
update_limits()[source]

Poll ‘Service Limits’ check results from Trusted Advisor, if possible. Iterate over all AwsLimit objects for the given services and update their limits from TA if present in TA checks.

Parameters:services (dict) – dict of service name (string) to _AwsService objects
awslimitchecker.trustedadvisor.datetime_now()[source]

Helper function for testing; return datetime.datetime.now().

Returns:datetime.datetime.now()
Return type:datetime.datetime