- This release makes significant changes to how Trusted Advisor is used; see below.
- This release requires the following new IAM permissions:
eks:ListClusters
,eks:DescribeCluster
,eks:ListNodegroups
,eks:ListFargateProfiles
,eks:DescribeFargateProfile
,kinesis:DescribeLimits
. - This release introduces a number of new limits, as well as new services. Please see below for details.
- This release removes the
EC2/Security groups per VPC
limit, which no longer exists, and adds the newEC2/VPC security groups per Region
limit.
- Issue #466 - Significant changes to Trusted Advisor support.
- In June 2019, AWS announced the new Service Quotas service (great name) that allows us to retrieve limit/quota information from a unified API. In addition, many individual services now provide limit information via their own APIs. At this point (late 2020) all of the limit/quota information that was previously available via Trusted Advisor is now available via a combination of the individual service APIs and Service Quotas.
- In February 2020, the layout of Trusted Advisor checks was changed, and the "Performance / Service Limits" check that we previously used to obtain limit information was moved to its own category in Trusted Advisor. While I can't confirm this, as far as I can tell, this change was only made in the standard AWS regions/partitions (i.e. not GovCloud or China).
- awslimitchecker still has not been updated for this new Trusted Advisor layout.
- This release disables Trusted Advisor by default outside China and GovCloud, as it provides no additional information outside of these regions/partitions.
- If you are running in China or GovCloud and have issues with awslimitchecker retrieving information from Trusted Advisor, please open an issue.
- My current intent is to leave Trusted Advisor support in this state until Service Quotas is available in China and GovCloud, at which point I plan on completely removing all Trusted Advisor support.
- Migrate CI builds from travis-ci.org to travis-ci.com.
- Issue #503 - Fix
Units set to "None"
error when retrieving load balancer data from Service Quotas. We now allow the (A|E)LB per Region quota with a unit of either "Count" (prior to November 2020) or "None" (November 2020 on). - Issue #489 / PR #490 - Add missing RDS limits:
Manual Cluster Snapshots
,Custom Endpoints Per DB Cluster
,DB Instance Roles
, andDB Cluster Roles
. Thanks to sebasrp for this contribution! - Issue #472 / PR #494 - Add support for the
EKS
service, and 8 new limits for it. Thanks to sebasrp for this contribution! - Issue #495 / PR #496 - Add support for the
Kinesis
service, and one new limit for it. Thanks to sebasrp for this contribution! - PR #499 - Set quota_name for VPC "Entries per route table" limit, so that the current limit will be automatically retrieved from Service Quotas. Thanks to patuck for this contribution!
- Issue #498 - Fix multiple issues relating to VPC limits:
- Update the EC2 /
Rules per VPC security group
limit to support retrieving the current limit value from Service Quotas. - Remove the
EC2/Security groups per VPC
limit, which no longer exists. - Add the new
EC2/VPC security groups per Region
limit.
- Update the EC2 /
- Issue #501 - Update
VPC/Network interfaces per Region
limit for new calculation method. - Issue #488 / PR #491 - Update new ElastiCache default limits. Thanks to sebasrp for this contribution!
Important: This release requires new IAM permissions: sts:GetCallerIdentity
and cloudwatch:GetMetricData
Important: This release includes updates for major changes to ECS limits, which includes the renaming of some existing limits.
- Issue #477 - EC2 instances running on Dedicated Hosts (tenancy "host") or single-tenant hardware (tenancy "dedicated") do not count towards On-Demand Instances limits. They were previously being counted towards these limits; they are now excluded from the count. Thanks to pritam2277 for reporting this issue and providing details and test data.
- Issue #477 - For all VPC resources that support the
owner-id
filter, supply that filter when describing them, set to the current account ID. This will prevent shared resources from other accounts from being counted against the limits. Thanks to pritam2277 for reporting this issue and providing details and test data. - Issue #475 - When an Alert Provider is used, only exit non-zero if an exception is encountered. Exit zero even if there are warnings and/or criticals. Thanks to varuzam for this feature request.
- Issue #467 - Fix the Service Quotas quota name for VPC "NAT Gateways per AZ" limit. Thanks to xRokco for reporting this issue, as well as the required fix.
- Issue #457 - In the required IAM permissions, replace
support:*
with the specific permissions that we need. - Issue #463 - Updates for the major changes to ECS limits in August 2020. Thanks to vincentclee for reporting this issue.
- The
EC2 Tasks per Service (desired count)
limit has been replaced withTasks per service
, which measures the desired count of tasks of all launch types (EC2 or Fargate). The default value of this limit has increased from 1000 to 2000. - The default of
Clusters
has increased from 2,000 to 10,000. - The default of
Services per Cluster
has increased from 1,000 to 2,000. - The
Fargate Tasks
limit has been removed. - The
Fargate On-Demand resource count
limit has been added, with a default quota value of 500. This limit measures the number of ECS tasks and EKS pods running concurrently on Fargate. The current usage for this metric is obtained from CloudWatch. - The
Fargate Spot resource count
limit has been added, with a default quota value of 500. This limit measures the number of ECS tasks running concurrently on Fargate Spot. The current usage for this metric is obtained from CloudWatch.
- The
- Add internal helper method to :py:class:`~._AwsService` to get Service Quotas usage information from CloudWatch.
- PR #468 - Fix transposed headings in CLI Usage documentation. Thanks to @owenmann.
- PR #470 - Fix new EBS "Active snapshots" limit (bumped from 10,000 to 100,000) and Quotas Service name. Thanks to @rashidamiri.
- Issue #464 - Fix bug where SES was causing
ConnectTimeoutError
in some regions. This has been added to the list of SES exceptions that we catch and silently ignore. This is a new exception thrown by regions that do not have SES support. - Add
.dockerignore
file to make local builds quite a bit smaller. - Issue #465 - Fixed via versionfinder 1.1.1.
- Internal testing changes:
- Stop testing under Python 2.7 and Python 3.4.
- Switch from deprecated pep8 / pytest-pep8 to pycodestyle / pytest-pycodestyle.
- Pin pytest to
<6.0.0
to avoid some breaking changes for now. - Switch integration test environment from Python 3.7 to Python 3.8.
- PR #458 - Fix for ZeroDivisionError on some Service Quotas limits that report as having a limit of zero. Thanks to @deimosfr.
- Fixes issue #453 - remove version constraint on
dateutil
dependency. - Fixes issue #454 - remove version constraint on
botocore
dependency. - Update tox
docs
,localdocs
, anddocker
environments to use Python 3.8. - Fixes issue #451 - Fix default Rules Per VPC Security Group limit.
Important: This release includes major changes to the EC2 On-Demand Instances service limits! For most users, this means the 175 Instance-type-specific limits will be removed and replaced with five (5) limits. Please see the :ref:`changelog.8_0_0_vcpu_limits` section below for further details, as this will especially impact anyone using limit or threshold overrides, or post-processing awslimitchecker's output. This is also a time to remind all users that this project adheres to a strict :ref:`development.versioning_policy` and if occasional breakage due to limit or IAM policy changes is unacceptable, you should pin to a major version.
Important: Python versions prior to 3.5, including 2.7, are now pending deprecation. As of January 1, 2020, they will no longer be tested or supported, and awslimitchecker will require Python 3.5 or newer. Please see below for details. Also take note that running via the official Docker image is a way to ensure the best version of Python is always used.
Important: This release requires a new IAM permission, servicequotas:ListServiceQuotas
.
- Issue #400 / PR #434 - Support GovCloud region and alternate partitions in STS assumed roles and Trusted Advisor. Thanks to @djkiourtsis.
- Issue #432 - Update EC2 limit handling for new vCPU-based limits in regions other than
cn-*
andus-gov-*
(which still use old per-instance-type limits). See :ref:`section below <changelog.8_0_0_vcpu_limits>` for further information. For regions other thancn-*
andus-gov-*
, this will remove all 175Running On-Demand <type> instances
and theRunning On-Demand EC2 instances
limit, and replace them with:Running On-Demand All F instances
Running On-Demand All G instances
Running On-Demand All P instances
Running On-Demand All X instances
Running On-Demand All Standard (A, C, D, H, I, M, R, T, Z) instances
- Issue #429 - add 87 missing EC2 instance types. This will now only impact
cn-*
andus-gov-*
regions. - Issue #433 - Fix broken links in the docs; waffle.io and landscape.io are both gone, sadly.
- Issue #441 - Fix critical bug where awslimitchecker would die with an unhandled
botocore.exceptions.ParamValidationError
exception in accounts that have Trusted Advisor but do not have a "Service Limits" check in the "performance" category. - Issue #439 - Fix unhandled exception in CloudTrail service when attempting to call
GetEventSelectors
on an Organization trail. When callingDescribeTrails
, we will now passincludeShadowTrails
as False, to not include replications of trails in different regions or organization trails in member accounts (relevant API documentation). - Issue #438 - Per PEP 373, Python 2.7 will officially end support on January 1, 2020. As such, and in keeping with reasoning explained at python3statement.org, awslimitchecker will stop supporting and testing against Python 2.7 on January 1, 2020. At that point, all new versions will be free to use Python features introduced in 3.5. As of this version, a PendingDeprecationWarning will be emitted when running awslimitchecker under Python 2.7.
- Issue #437 - Per PEP 429, Python 3.4 reached end-of-life on March 18, 2019 and is now officially retired. Add a
PendingDeprecationWarning
for users running under this version, announcing that support for Python 3.4 will be removed on January 1, 2020. - In following with the above two issues, raise a
DeprecationWarning
when running on any Python2 version prior to 2.7 or any Python3 version prior to 3.4, in accorance with the published end-of-life dates of those versions. - Issue #436 - Begin testing under Python 3.8 and base our Docker image on
python:3.8-alpine
. - Issue #435 - Allow configuring the botocore maximum retries for Throttling / RateExceeded errors on a per-AWS-API basis via environment variables. See the relevant sections of the :ref:`CLI Usage <cli_usage.throttling>` or :ref:`Python Usage <python_usage.throttling>` documentation for further details.
- Issue #431 - Fix a major under-calculation of usage for the EC2
Rules per VPC security group
limit. We were previously calculating the number of "Rules" (from port / to port / protocol combinations) in a Security Group, but the limit is actually based on the number of permissions granted. See this comment on the issue for further details. - Issue #413 - Add support for retrieving limits from the new Service Quotas service where available. See the :ref:`changelog.8_0_0_service_quotas` section below for more information.
- Bump boto3 minimum version requirement from 1.4.6 to 1.9.175 and botocore minimum version requirement from 1.6.0 to 1.12.175, in order to support Service Quotas.
AWS has announced new, completely different handling of EC2 On-Demand Instances service limits. Instead of having a limit per instance type (currently 261 limits), there will now be only five limits, based on the number of vCPUs for instance families: one each for "F", "G", "P", and "X" family instances (defaulting to a total of 128 vCPUs each) and one limit for all other "Standard" instance families (currently A, C, D, H, I, M, R, T, and Z) defaulting to a combined total of 1152 vCPUs. Please see the link, and the EC2 On-Demand Instance Limits section of the AWS FAQ for further information.
This greatly simplifies handling of the EC2 On-Demand limits, but does mean that any existing code that references EC2 Running On-Demand limit names, including any limit and/or threshold overrides, will need to be updated for this change.
This change is only going into effect in the "standard" AWS regions/partitions, i.e. not in the China partition (cn-
regions) or GovCloud (us-gov-
regions). It is a phased rollout from October 24 to November 7, 2019 based on the first character of your account ID (see the "How will the transition to vCPU limits happen?" entry in the FAQ linked above for exact dates). Unfortunately, there is no clear way to determine via API if a given account is using the new vCPU limits or the old per-instance-type limits. As a result, and given that this release is being made already part-way through the rollout window, the current behavior of awslimitchecker is as follows:
- When running against region names beginning with
cn-
orus-gov-
, use the old per-instance-type limits, unless theUSE_VCPU_LIMITS
environment variable is set totrue
. - Otherwise use the new vCPU-based limits, unless the
USE_VCPU_LIMITS
environment variable is set to something other thantrue
.
As such, if you install this release before November 7, 2019 and need to force your non-China, non-GovCloud accout to use the older per-instance-type limits, setting the USE_VCPU_LIMITS
environment variable to false
will accomplish this until your account switches over to the new vCPU limits. Alternatively, you can leave awslimitchecker as-is and accept possibly-slightly-inaccurate limit calculations for a few days.
Please also note that with the change to vCPU limits, there is no longer an overall Running On-Demand EC2 instances
limit for accounts that use the new vCPU limits.
I have not yet implemented Trusted Advisor (TA) support for these new limits, as they're presented in a different category of Trusted Advisor checks from the previous EC2 limits. I'm not going to be implementing TA for these limits, in favor of spending the time instead on implementing Service Quotas support via Issue #413.
Calculation of current usage for the vCPU limits is based on the EC2 Optimizing CPU Options documentation which specifies, "The number of vCPUs for the instance is the number of CPU cores multiplied by the threads per core." The CpuOptions
field of the EC2 DescribeInstances
API specifies the core and thread count for each running instance.
AWS' new Service Quotas service provides a unified interface to retrieve current limits from many AWS services. These limit values are second only to the services' own APIs (for the services that provide limit information via API), and are much more current and complete than the information provided by Trusted Advisor. The introduction of Service Quotas should greatly reduce the number of limits that need to be retrieved from Trusted Advisor or specified manually.
If you currently have any Limit Overrides set (via either the :ref:`CLI <cli_usage.limit_overrides>` or :ref:`Python API <python_usage.limit_overrides>`), please verify on the :ref:`limits` page whether Service Quotas data is now available for those limits. You should be able to remove manual overrides for the limits that now retrieve data from Service Quotas.
- Issue #301 - Distribute an official Docker image for awslimitchecker.
- Issue #421
- Stop referencing deprecated
botocore.vendored.requests.exceptions.ConnectTimeout
in favor of new, and higher-level,botocore.exceptions.ConnectionError
- In :py:meth:`awslimitchecker.utils._get_latest_version`, replace use of
botocore.vendored.requests
withurllib3
.
- Stop referencing deprecated
- Issue #324 - Support loading :ref:`limit overrides <cli_usage.limit_overrides>` and/or :ref:`threshold overrides <cli_usage.threshold_overrides>` from a JSON file either stored locally or in S3 via new
--limit-override-json
and--threshold-override-json
CLI options. - Issue #418 - Add support for sending runtime, limits, and usage to :ref:`<metric providers <cli_usage.metrics>` such as Datadog.
- Issue #419 - Add support for alerts/notifications of thresholds crossed or failed runs (exceptions) via :ref:`<alert providers <cli_usage.alerts>` such as PagerDuty.
This release removes one limit and adds two new limits!
- Issue #412 / PR #414 - Since some time in June 2019, the former
ELB
ServiceActive load balancers
limit is now two separate limits,Classic load balancers
andApplication load balancers
. Anyone who was using the "Active load balancers" limit name (e.g. in overrides or custom code) must update their code accordingly. This release removes theActive load balancers
limit and adds two new limits,Classic load balancers
andApplication load balancers
, to match how AWS now calculates and exposes these limits. - Issue #410 - Documentation fix for missing Trusted Advisor information on Limits page.
- Fix some test failures related to exception objects in pytest 5.0.0.
- Issue #406 - Fix for unhandled exception when a Trusted Advisor check has a
null
timestamp.
- PR #402 - Add
--skip-check
command line option for ignoring specific checks based on service and check name. Thanks to @ddelnano.
- Issue #397 - Fix unhandled exception checking SES in some regions. Issue #375 in 6.0.1 handled an uncaught
ClientError
when checking SES in some regions, but some regions such as ap-southeast-2 are now returning a 503 Service Unavailable for SES instead. Handle this case as well. Thanks to @TimGebert for reporting the issue and bergkampsliew for verifying.
- PR #394 - Fix bug in calculation of VPC "Network interfaces per Region" limit, added in 6.1.0 (PR #379), that resulted in reporting the limit 5x lower than it actually is in some cases. Thanks to @TimGebert.
- PR #391 / Issue #390 - Update for some recently-increased DynamoDB and EFS default limits. Thanks to bergkampsliew.
- PR #387 - Fix bug in calculation of VPC "Network interfaces per Region" limit, added in 6.1.0 (PR #379). Thanks to @nadlerjessie.
- PR #381 / Issue #382 - Revised fix for Issue #375, uncaught
ClientError
exception when checking SES Send Quota in certain regions. Thanks to bergkampsliew.
- PR #379 - Add support for EC2/VPC
Network interfaces per Region
limit. Thanks to @nadlerjessie.
- Issue #375 - Fix uncaught
ClientError
exception when checking SES Send Quota in certain regions. Thanks to bergkampsliew for PR #376.
This release requires new IAM permissions:
lambda:GetAccountSettings
Important: This release removes the ApiGateway APIs per account
limit in favor of more-specific limits; see below.
- Issue #363 - Add support for the Lambda limits and usages.
- Clarify support for "unlimited" limits (limits where :py:meth:`awslimitchecker.limit.AwsLimit.get_limit` returns
None
). - Add support for 26 new EC2 instance types.
- Update default limits for ECS service.
ApiGateway
service now has three ReST API limits (Regional API keys per account
,Private API keys per account
, andEdge API keys per account
) in place of the previous singleAPIs per account
to reflect the current documented service limits.- API Gateway service - add support for
VPC Links per account
limit. - Add support for Network Load Balancer limits
Network load balancers
andListeners per network load balancer
. - Add support for Application Load Balancer limits
Certificates per application load balancer
. - Add support for Classic ELB (ELBv1)
Registered instances per load balancer
limit. - Rename
dev/terraform.py
todev/update_integration_iam_policy.py
and move from using terraform to manage integration test IAM policy to pure Python. - Note that I've left out the
Targets per application load balancer
andTargets per network load balancer
limits. Checking usage for these requires iterating overDescribeTargetHealth
for each target group, so I've opted to leave it out at this time for performance reasons and because I'd guess that the number of people with 500 or 1000 targets per LB is rather small. Please open an issue if you'd like to see usage calculation for these limits.
awslimitchecker has had documented support for Limits that are unlimited/"infinite" since 0.5.0 by returning None
from :py:meth:`awslimitchecker.limit.AwsLimit.get_limit`. Until now, that edge case was only triggered when Trusted Advisor returned "Unlimited" for a limit. It will now also be returned for the Lambda service's Function Count
Limit. Please be aware of this if you're using the Python API and assuming Limit values are all numeric.
If you are relying on the output format of the command line awslimitchecker
script, please use the Python API instead.
- Issue #358 - Update EFS with new default limit for number of File systems: 70 in us-east-1 and 125 in other regions.
- PR #359 - Add support for
t3
EC2 instance types (thanks to chafouin). - Switch
py37
TravisCI tests from py37-dev to py37 (release).
This release requires new IAM permissions:
cloudtrail:DescribeTrails
cloudtrail:GetEventSelectors
route53:GetHostedZone
route53:ListHostedZones
route53:GetHostedZoneLimit
This release officially drops support for Python 2.6 and 3.3.
- PR #345 / Issue #349 - Add Route53 service and checks for "Record sets per hosted zone" and "VPC associations per hosted zone" limits (the latter only for private zones). (thanks to julienduchesne).
- Support Per-Resource Limits (see below). Note that this includes some changes to the ``awslimitchecker`` CLI output format and some minor API changes.
- Issue #317 - Officially drop support for Python 2.6 and 3.3. Also, begin testing py37.
- Issue #346 - Update documentation for S3 API calls made by ElasticBeanstalk while retrieving EB limits (thanks to fenichelar for finding this).
- PR #350 - Add support for CloudTrail limits (thanks to fpiche).
- Issue #352 - Update version check PyPI URL and set User-Agent when performing version check.
- Issue #351 - Add support for forty two (42) missing EC2 instance types including the new c5d/m5d/r5d/z1d series instances.
Some Limits (:py:class:`~.AwsLimit`) now have limits/maxima that are per-resource rather than shared across all resources of a given type. The first limit of this kind that awslimitchecker supports is Route53, where the "Record sets per hosted zone" and "VPC associations per hosted zone" limits are set on a per-resource (per-zone) basis rather than globally to all zones in the account. Limits of this kind are also different since, as they are per-resource, they can only be enumerated at runtime. Supporting limits of this kind required some changes to the internals of awslimitchecker (specifically the :py:class:`~.AwsLimit` and :py:class:`~.AwsLimitUsage` classes) as well as to the output of the command line script/entrypoint.
For limits which support different maxima/limit values per-resource, the command line awslimitchecker
script -l
/ --list-limits
functionality will now display them in Service/Limit/ResourceID format, i.e.:
Route53/Record sets per hosted zone/foo.com 10000 (API)
Route53/Record sets per hosted zone/bar.com 10000 (API)
Route53/Record sets per hosted zone/local. 15000 (API)
Route53/VPC associations per hosted zone/local. 100 (API)
As opposed to the Service/Limit format used for all existing limits, i.e.:
IAM/Groups 300 (API)
IAM/Instance profiles 2000 (API)
If you are relying on the output format of the command line awslimitchecker
script, please use the Python API instead.
For users of the Python API, please take note of the new :py:meth:`.AwsLimit.has_resource_limits` and :py:meth:`~.AwsLimitUsage.get_maximum` methods which assist in how to identify limits that have per-resource maxima. Existing code that only surfaces awslimitchecker's warnings/criticals (the result of :py:meth:`~.AwsLimitChecker.check_thresholds`) will work without modification, but any code that displays or uses the current limit values themselves may need to be updated.
This is a minor bugfix release for one issue:
- Issue #341 - The Trusted Advisor EBS checks for
General Purpose (SSD) volume storage (GiB)
andMagnetic volume storage (GiB)
have been renamed to toGeneral Purpose SSD (gp2) volume storage (GiB)
andMagnetic (standard) volume storage (GiB)
, respectively, to provide more unified naming. This change was made on March 19th or 20th without any public announcement, and resulted in awslimitchecker being unable to determine the current values for these limits from Trusted Advisor. Users relying on Trusted Advisor for these values saw the limit values incorrectly revert to the global default. This is an internal-only change to map the new Trusted Advisor check names to the awslimitchecker limit names.
This is a minor bugfix release for a few issues that users have reported recently.
- Fix Issue #337 where sometimes an account even with Business-level support will not have a Trusted Advisor result for the Service Limits check, and will return a result with
status: not_available
or a missingflaggedResources
key. - Fix Issue #335 where runs against the EFS service in certain unsupported regions result in either a connection timeout or an AccessDeniedException.
This release requires new IAM permissions:
ds:GetDirectoryLimits
ecs:DescribeClusters
ecs:DescribeServices
ecs:ListClusters
ecs:ListServices
- Fix various docstring problems causing documentation build to fail.
- PR #328 - Add support for Directory Service and ECS (thanks to di1214).
- NOTE the "EC2 Tasks per Service (desired count)" limit uses non-standard resource IDs, as service names and ARNs aren't unique by account or region, but only by cluster. i.e. the only way to uniquely identify an ECS Service is by the combination of service and cluster. As such, the
resource_id
field for usage values of the "EC2 Tasks per Service (desired count)" limit is a string of the formcluster=CLUSTER-NAME; service=SERVICE-NAME
.
- NOTE the "EC2 Tasks per Service (desired count)" limit uses non-standard resource IDs, as service names and ARNs aren't unique by account or region, but only by cluster. i.e. the only way to uniquely identify an ECS Service is by the combination of service and cluster. As such, the
- PR #330 - Update numerous no-longer-correct default limits (thanks to GitHub user KingRogue).
- AutoScaling
- Auto Scaling groups - 20 to 200
- Launch configurations - 100 to 200
- EBS
- Provisioned IOPS - 40000 to 200000
- Provisioned IOPS (SSD) storage (GiB) - 20480 to 102400 (100 TiB)
- General Purpose (SSD) volume storage (GiB) - 20480 to 102400 (100 TiB)
- Throughput Optimized (HDD) volume storage (GiB) - 20480 to 307200 (300 TiB)
- Cold (HDD) volume storage (GiB) - 20480 to 307200 (300 TiB)
- ElasticBeanstalk
- Applications - 25 to 75
- Application versions - 500 to 1000
- IAM
- Groups - 100 to 300
- Roles - 250 to 1000
- Instance profiles - 100 to 1000
- Policies - 1000 to 1500
- AutoScaling
- Fix
dev/terraform.py
anddev/integration_test_iam.tf
for integration tests. - Fix date and incorrect project name in some file/copyright headers.
- Issue #331 - Change layout of the generated Supported Limits documentation page to be more clear about which limits are supported, and include API and Trusted Advisor data in the same table as the limits and their defaults.
Important Notice for python 2.6 and 3.3 users:
Python 2.6 reached its end of life in October 2013. Python 3.3 officially reached its end of life in September 2017, five years after development was ceased. The test framework used by awslimitchecker, pytest, has dropped support for Python 2.6 and 3.3 in its latest release. According to the PyPI download statistics (which unfortunately don't take into account mirrors or caching proxies), awslimitchecker has only ever had one download reported as Python 3.3 and has a very, very small number reporting as Python 2.6 (likely only a handful of users). The next release of awslimitchecker will officially drop support for Python 2.6 and 3.3, changing the required Python version to 2.7 or >= 3.4. If you are one of the very few (perhaps only one) users running on Python 2.6, you can either run with a newer Python version or see Issue 301 for information on building a Docker container based on Python 3.5.
- Fix test failures caused by dependency updates.
- Pin
pytest
development to 3.2.5 to continue python 2.6 and 3.3 support. - Issue #314 - Update RDS service default limits;
DB snapshots per user
default limit increased from 50 to 100 andSubnet Groups
limit increased from 20 to 50. This should not have affected any users, as these limits are retrieved in realtime via the RDS API. - Issue #293 - Increase maximum number of retries (boto3/botocore) for
elbv2
API calls, to attempt to deal with the large number of calls we have to make in order to count the ALB listeners and rules. This requires botocore >= 1.6.0, which requires boto3 >= 1.4.6. - Issue #315 - Add new instance types: 'c5.18xlarge', 'c5.2xlarge', 'c5.4xlarge', 'c5.9xlarge', 'c5.large', 'c5.xlarge', 'g3.16xlarge', 'g3.4xlarge', 'g3.8xlarge', 'h1.16xlarge', 'h1.2xlarge', 'h1.4xlarge', 'h1.8xlarge', 'm5.12xlarge', 'm5.24xlarge', 'm5.2xlarge', 'm5.4xlarge', 'm5.large', 'm5.xlarge', 'p3.16xlarge', 'p3.2xlarge', 'p3.8xlarge', 'x1e.32xlarge', 'x1e.xlarge'
- Issue #316 - Automate release process.
- Update README with correct boto version requirement. (Thanks to nadlerjessie for the contribution.)
- Update minimum
boto3
version requirement from 1.2.3 to 1.4.4; the code for Issue #268 released in 0.11.0 requires boto3 >= 1.4.4 to make the ElasticLoadBalancingDescribeAccountLimits
call. - Bug fix for "Running On-Demand EC2 instances" limit - Issue #308 - The fix for Issue #215 / PR #223, released in 0.6.0 on November 11, 2016 was based on incorrect information about how Regional Benefit Reserved Instances (RIs) impact the service limit. The code implemented at that time subtracted Regional Benefit RIs from the count of running instances that we use to establish usage. Upon further review, as well as confirmation from AWS Support, some AWS TAMs, and the relevant AWS documentation, only Zonal RIs (AZ-specific) are exempt from the Running On-Demand Instances limit. Regional Benefit RIs are counted the same as any other On-Demand Instances, as they don't have reserved capacity. This release stops subtracting Regional Benefit RIs from the count of Running Instances, which was causing awslimitchecker to report inaccurately low Running Instances usage.
This release requires new IAM permissions:
apigateway:GET
apigateway:HEAD
apigateway:OPTIONS
ec2:DescribeVpnGateways
dynamodb:DescribeLimits
dynamodb:DescribeTable
dynamodb:ListTables
Changes in this release:
- Issue #254 - Officially adopt SemVer for this project, and document our :ref:`versioning policy <development.versioning_policy>`.
- Issue #294 - Ignore NAT Gateways that are not in "available" or "pending" state.
- Issue #253 - Check latest awslimitchecker version on PyPI at class instantiation; log warning if a newer version is available. Add Python API and CLI options to disable this.
- Pin tox version to 2.7.0 as workaround for parsing change.
- Issue #292 - Add support for API Gateway limits.
- PR #302 - Add support for VPC VPN Gateways limit. (Thanks to andrewmichael for the contribution.)
- Issue #280 / PR #297 - Add support for DynamoDB limits. (Thanks to saratlingamarla for the contribution.)
This release requires new IAM permissions:
elasticfilesystem:DescribeFileSystems
elasticloadbalancing:DescribeAccountLimits
elasticloadbalancing:DescribeListeners
elasticloadbalancing:DescribeTargetGroups
elasticloadbalancing:DescribeRules
Changes in this release:
- Issue #287 / PR #288 - Add support for Elastic Filesystem number of filesystems limit. (Thanks to nicksantamaria for the contribution.)
- Issue #268 - Add support for ELBv2 (Application Load Balancer) limits; get ELBv1 (Classic) and ELBv2 (Application) limits from the DescribeAccountLimits API calls.
This release removes the ElastiCache Clusters limit, which no longer exists.
- Issue #283 - Add gitter.im chat link to README and docs.
- Issue #282 - versionfinder caused awslimitchecker to die unexpectedly on systems without a
git
binary on the PATH. Bump versionfinder requirement to>= 0.1.1
. - Issue #284 - Fix ElastiCache limits to reflect what AWS Support and the current documentation say, instead of a support ticket from July 2015.
- Remove the "Clusters" limit, which no longer exists.
- "Nodes per Cluster" limit is Memcached only.
- Add "Subnets per subnet group" limit.
- Issue #279 - Add Github release to release process.
- Issue #269 - set Trusted Advisor limit name overrides for some RDS limits that were recently added to TA, but with different names than what awslimitchecker uses.
- Fix bug Issue #270 - do not count propagated routes towards the VPC "Entries per route table" limit, per clarification in VPC service limits documentation ("This is the limit for the number of non-propagated entries per route table.")
- PR #276 /
Issue #275 - Add new
--skip-service
CLI option andAwsLimitChecker.remove_services
to allow skipping of one or more specific services during runs. (Thanks to tamsky for this contribution.) - PR #274 /
Issue #273 - Add support
for new
i3
EC2 Instance types. (Thanks to tamsky) for this contribution.) - Fix broken docs build due to changes Intersphinx reference to ValueError in python2 docs
- Add hack to
docs/source/conf.py
as workaround for sphinx-doc/sphinx#3860 - Issue #267 - Firehose is only
available in
us-east-1
,us-west-2
andeu-west-1
. Omit the traceback from the log message for FirehoseEndpointConnectionError
and log at warning instead of error.
This release includes a breaking API change. Please see the first bullet point below. Note that once 1.0.0 is released (which should be relatively soon), such API changes will only come with a major version increment.
This release requires new IAM permissions: redshift:DescribeClusterSnapshots
and redshift:DescribeClusterSubnetGroups
.
This release removes Python 3.2 support. This was deprecated in 0.7.0. As of this release, awslimitchecker may still work on Python 3.2, but it is no longer tested and any support tickets or bug reports specific to 3.2 will be closed.
- PR #250 - Allow the
--service
command line option to accept multiple values. This is a breaking public API change; theawslimitchecker.checker.AwsLimitChecker
check_thresholds, find_usage, and get_limits methods now take an optionalservice
list keyword argument instead of a string for a single service name. - PR #251 - Handle GovCloud-specific edge cases; specifically, UnsupportedOperation errors for EC2 Spot Instance-related API calls, and limits returned as 0 by the DescribeAccountAttributes EC2 API action.
- PR #249 - Add support for RedShift limits (Redshift subnet groups and Redshift manual snapshots).
This requires the
redshift:DescribeClusterSnapshots
andredshift:DescribeClusterSubnetGroups
IAM permissions. - Issue #259 - remove duplicates from required IAM policy returned by
awslimitchecker.checker.AwsLimitChecker.get_required_iam_policy
andawslimitchecker --iam-policy
. - Various TravisCI/tox build fixes:
- Fix pip caching; use default pip cache directory
- Add python 3.6 tox env and Travis env, now that it's released
- Switch integration3 tox env from py3.4 to py3.6
- PR #256 - Add example of wrapping awslimitchecker in a script to send metrics to Prometheus.
- Issue #236 - Drop support for Python 3.2; stop testing under py32.
- Issue #257 - Handle ElastiCache DescribeCacheCluster responses that are missing
CacheNodes
key in a cluster description. - Issue #200 - Remove EC2 Spot Instances/Fleets limits from experimental status.
- Issue #123 - Update documentation on using session tokens (Session or Federation temporary creds).
This release deprecates support for Python 3.2. It will be removed in the next release.
This release introduces support for automatically refreshing Trusted Advisor
checks on accounts that support this. If you use this new feature,
awslimitchecker will require a new permission, trustedadvisor:RefreshCheck
.
See Getting Started - Trusted Advisor for further information.
- #231 - add support for new f1, r4 and t2.(xlarge|2xlarge) instance types, introduced in November 2016.
- #230 - replace the
built-in
versioncheck.py
with versionfinder. Remove all of the many versioncheck tests. - #233 - refactor tests to replace yield-based tests with parametrize, as yield-based tests are deprecated and will be removed in pytest 4.
- #235 - Deprecate Python 3.2 support. There don't appear to have been any downloads on py32 in the last 6 months, and the effort to support it is too high.
- A bunch of Sphinx work to use README.rst in the generated documentation.
- Changed DEBUG-level logging format to include timestamp.
- #239 - Support refreshing Trusted Advisor check results during the run, and optionally waiting for refresh to finish. See Getting Started - Trusted Advisor for further information.
- #241 / PR #242 - Fix default ElastiCache/Nodes limit from 50 to 100, as that's now what the docs say.
- #220 / PR #243 /
PR #245 - Fix for ExpiredTokenException Errors.
awslimitchecker.connectable.credentials has been removed.
In previous releases, awslimitchecker had been using a
Connectable.credentials
class attribute to store AWS API credentials and share them betweenConnectable
subclass instances. The side-effect of this was that AWS credentials were set at the start of the Python process and never changed. For users taking advantage of the Python API and either using short-lived STS credentials or using long-running or threaded implementations, the same credentials persisted for the life of the process, and would often result in ExpiredTokenExceptions. The fix was to move _boto_conn_kwargs and _get_sts_token from connectable to the top-level AwsLimitChecker class itself, get the value of the_boto_conn_kwargs
property in the constructor, and pass that value in to allConnectable
subclasses. This means that each instance of AwsLimitChecker has its own unique connection-related kwargs and credentials, and constructing a new instance will work intuitively - either use the newly-specified credentials, or regenerate STS credentials if configured to use them. I have to extend my deepest gratitude to the folks who identified and fixed this issue, specifically cstewart87 for the initial bug report and description, aebie for the tireless and relentlessly thorough investigation and brainstorming and for coordinating work for a fix, and willusher for the final implementation and dealing (wonderfully) with the dizzying complexity of many of the unit tests (and even matching the existing style).
This release has a breaking change. The VPC
NAT gateways
has been renamed
to NAT Gateways per AZ
and its get_current_usage()
method will now return
a list with multiple items. See the changelog entry for #214 below.
This release requires the following new IAM permissions to function:
firehose:ListDeliveryStreams
- #217 - add support
for new/missing EC2 instance types:
m4.16xlarge
,x1.16xlarge
,x1.32xlarge
,p2.xlarge
,p2.8xlarge
,p2.16xlarge
. - #215 - support "Regional Benefit" Reserved Instances that have no specific AZ set on them. Per AWS, these are exempt from On-Demand Running Instances limits like all other RIs.
- #214 - The VPC "NAT gateways" limit incorrectly calculated usage for the entire region, while the limit is actually per-AZ. It also had strange capitalization that confused users. The name has been changed to "NAT Gateways per AZ" and the usage is now correctly calculated per-AZ instead of region-wide.
- #221 /
PR #222 - Fix bug
in handling of STS Credentials where they are cached permanently in
connectable.Connectable.credentials
, and new AwsLimitChecker instances in the same Python process reuse the first set of STS credentials. This is fixed by storing the Account ID as part ofconnectable.ConnectableCredentials
and getting new STS creds if the cached account ID does not match the currentaccount_id
on theConnectable
object. - PR #216 - add new "Firehose" service with support for "Delivery streams per region" limit.
- #213 /
PR #188 - support
AWS cross-sdk credential file profiles via
-P
/--profile
, like awscli.
This release requires the following new IAM permissions to function:
ec2:DescribeSpot*
or more specifically:ec2:DescribeSpotDatafeedSubscription
ec2:DescribeSpotFleetInstances
ec2:DescribeSpotFleetRequestHistory
ec2:DescribeSpotFleetRequests
ec2:DescribeSpotInstanceRequests
ec2:DescribeSpotPriceHistory
ec2:DescribeNatGateways
- #51 / PR #201 - Add experimental support for Spot Instance and Spot Fleet limits (only the ones explicitly documented by AWS). This is currently experimental, as the documentation is not terribly clear or detailed, and the author doesn't have access to any accounts that make use of spot instances. This will be kept experimental until multiple users validate it. For more information, see the EC2 limit documentation.
- PR #204 contributed by hltbra to add support for VPC NAT Gateways limit.
- Add README and Docs link to waffle.io board.
- Fix bug where
--skip-ta
command line flag was ignored in :py:meth:`~.Runner.show_usage` (when running with-u
/--show-usage
action). - Add link to waffle.io Kanban board
- #202 - Adds management of integration test IAM policy via Terraform.
- #211 - Add working download stats to README and docs
- Fix broken landscape.io badges in README and docs
- #194 - On Limits page of docs, clarify that Running On-Demand Instances does not include Reserved Instances.
- Multiple
tox.ini
changes:- simplify integration and unit/versioncheck testenv blocks using factors and reuse
- py26 testenv was completely unused, and py26-unit was running and working with mock==2.0.0
- use pytest<3.0.0 in py32 envs
- #208 - fix KeyError when
timestamp
key is missing from TrustedAdvisor check result dict
This release includes a change to awslimitchecker
's Python API. awslimitchecker.limit.AwsLimit.get_limit can now return either an int
or None
, as TrustedAdvisor now lists some service limits as being explicitly "unlimited".
- #195 - Handle TrustedAdvisor explicitly reporting some limits as "unlimited". This introduces the concept of unlimited limits, where the effective limit is
None
.
- PR #190 / #189 - Add support for EBS st1 and sc1 volume types (adds "EBS/Throughput Optimized (HDD) volume storage (GiB)" and "EBS/Cold (HDD) volume storage (GiB)" limits).
- PR #184 Fix default VPC/Security groups per VPC limit from 100 to 500, per VPC limits documentation (this limit was increased at some point recently). Thanks to Travis Thieman for this contribution.
This release requires the following new IAM permissions to function:
elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeApplicationVersions
elasticbeanstalk:DescribeEnvironments
- #70 Add support for ElasicBeanstalk service.
- #177 Integration tests weren't being properly skipped for PRs.
- #175 the simplest and most clear contributor license agreement I could come up with.
- #172 add an integration test running against sa-east-1, which has fewer services than the popular US regions.
- #170 Critical bug fix in implementation of #71 - SES only supports three regions (us-east-1, us-west-2, eu-west-1) and causes an unhandled connection error if used in another region.
This release requires the following new IAM permissions to function:
rds:DescribeAccountAttributes
iam:GetAccountSummary
s3:ListAllMyBuckets
ses:GetSendQuota
cloudformation:DescribeAccountLimits
cloudformation:DescribeStacks
Issues addressed:
#150 add CHANGES.rst to Sphinx docs
-
- add support for RDS 'DB Clusters' and 'DB Cluster Parameter Groups' limits
- use API to retrieve RDS limits
- switch RDS from calculating usage to using the DescribeAccountAttributes usage information, for all limits other than those which are per-resource and need resource IDs (Max auths per security group, Read replicas per master, Subnets per Subnet Group)
- awslimitchecker now requires an additional IAM permission,
rds:DescribeAccountAttributes
#157 fix for TrustedAdvisor polling multiple times - have TA set an instance variable flag when it updates services after a poll, and skip further polls and updates if the flag is set. Also add an integration test to confirm this.
#50 Add support for IAM service with a subset of its limits (Groups, Instance Profiles, Policies, Policy Versions In Use, Roles, Server Certificates, Users), using both limits and usage information from the GetAccountSummary API action. This requires an additional IAM permission,
iam:GetAccountSummary
.#48 Add support for S3 Buckets limit. This requires an additional IAM permission,
s3:ListAllMyBuckets
.#71 Add support for SES service (daily sending limit). This requires an additional IAM permission,
ses:GetSendQuota
.#69 Add support for CloudFormation service Stacks limit. This requires additional IAM permissions,
cloudformation:DescribeAccountLimits
andcloudformation:DescribeStacks
.#166 Speed up TravisCI tests by dropping testing for PyPy and PyPy3, and only running the -versioncheck tests for two python interpreters instead of 8.
- #155 Bug fix for uncaught KeyError on accounts with Trusted Advisor (business-level support and above). This was caused by an undocumented change released by AWS between Thu, 10 Mar 2016 07:00:00 GMT and Fri, 11 Mar 2016 07:00:00 GMT, where five new IAM-related checks were introduced that lack the
region
data field (which the TrustedAdvisorResourceDetail API docs still list as a required field).
- #117 fix Python 3.5 TravisCI tests and re-enable automatic testing for 3.5.
- #116 add t2.nano EC2 instance type; fix typo - "m4.8xlarge" should have been "m4.10xlarge"; update default limits for m4.(4|10)xlarge
- #134 Minor update to project description in docs and setup.py; use only _VERSION (not git) when building in RTD; include short description in docs HTML title; set meta description on docs index.rst.
- #128 Update Development and Getting Help documentation; add GitHub CONTRIBUTING.md file with link back to docs, as well as Issue and PR templates.
- #131 Refactor TrustedAdvisor interaction with limits for special naming cases (limits where the TrustedAdvisor service or limit name doesn't match that of the awslimitchecker limit); enable newly-available TrustedAdvisor data for some EC2 on-demand instance usage.
- Add coverage for one code branch introduced in PR #100 that wasn't covered by tests.
- #112 fix a bug in the versioncheck integration tests, and a bug uncovered in versioncheck itself, both dealing with checkouts that are on a un-cloned branch.
- #105 build and upload wheels in addition to sdist
- #95 major refactor to convert AWS client library from boto to boto3. This also includes significant changes to the internal connection logic and some of the internal (private) API. Pagination has been moved to boto3 wherever possible, and handling of API request throttling has been removed from awslimitchecker, as boto3 handles this itself. This also introduces full, official support for python3.
- Add separate
localdocs
tox env for generating documentation and updating output examples. - #113 update, expand and clarify documentation around threshold overrides; ignore some sites from docs linkcheck.
- #114 expanded automatic integration tests
- Please note that version 0.3.0 of awslimitchecker moved from using
boto
as its AWS API client to usingboto3
. This change is mostly transparent, but there is a minor change in how AWS credentials are handled. Inboto
, if theAWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
environment variables were set, and the region was not set explicitly via awslimitchecker, the AWS region would either be taken from theAWS_DEFAULT_REGION
environment variable or would default to us-east-1, regardless of whether a configuration file (~/.aws/credentials
or~/.aws/config
) was present. With boto3, it appears that the default region from the configuration file will be used if present, regardless of whether the credentials come from that file or from environment variables.
- PR #100 support MFA tokens when using STS assume role
- #107 add support to explicitly disable pagination, and use for TrustedAdvisor to prevent pagination warnings
- #83 remove the "v" prefix from version tags so ReadTheDocs will build them automatically.
- #21 run simple integration tests of
-l
and-u
for commits to main repo branches.
- #101 Ignore stopped and terminated instances from EC2 Running On-Demand Instances usage count.
- #47 In VersionCheck git -e tests, explicitly fetch git tags at beginning of test.
- #86 wrap all AWS API queries in
awslimitchecker.utils.boto_query_wrapper
to retry queries with an exponential backoff when API request throttling/rate limiting is encountered - Attempt at fixing #47 where versioncheck acceptance tests fail under TravisCI, when testing master after a tagged release (when there's a tag for the current commit)
- Fix #73 versioncheck.py reports incorrect information when package is installed in a virtualenv inside a git repository
- Fix #87 run coverage in all unit test Tox environments, not a dedicated env
- Fix #75 re-enable py26 Travis builds now that pytest-dev/pytest#1035 is fixed (pytest >= 2.8.3)
- Fix #13 re-enable Sphinx documentation linkcheck
- Fix #40 add support for pagination of API responses (to get all results) and handle pagination for all current services
- Fix #88 add support for API-derived limits. This is a change to the public API for
awslimitchecker.limit.AwsLimit
and the CLI output. - Fix #72 add support for some new limits returned by Trusted Advisor. This renames the following limits:
*
EC2/EC2-VPC Elastic IPs
toEC2/VPC Elastic IP addresses (EIPs)
*RDS/Read Replicas per Master
toRDS/Read replicas per master
*RDS/Parameter Groups
toRDS/DB parameter groups
- Fix #84 pull some EC2 limits from the API's DescribeAccountAttributes action
- Fix #94 pull AutoScaling limits from the API's DescribeAccountLimits action
- Add
autoscaling:DescribeAccountLimits
andec2:DescribeAccountAttributes
to required IAM permissions. - Ignore
AccountLimits
objects from result pagination
- Update trove classifier Development Status in setup.py to Beta
- Fix markup formatting issue in
docs/source/getting_started.rst
- temporarily disable py26 testenv in Travis; failing due to upstream bug pytest-dev/pytest#1035
- PR #64 and #68 -
support [STS](http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html) and regions
* Add support for passing in a region to connect to via
-r
/--region
* Add support for using STS to check resources in another account, including support forexternal_id
* Major refactor of how service classes connect to AWS API - #74 add support for EC2 t2.large instance type
- #65 handle case where ElastiCache API returns CacheCluster response with CacheNodes None
- #63 update Python usage documentation
- #49 clean up badges in README.rst and sphinx index.rst; PyPi downloads and version badges broken (switch to shields.io)
- #67 fix typo in required IAM policy; comma missing in list returned from _Ec2Service.required_iam_permissions()
- #76 default limits for EBS volume usage were in TiB not GiB, causing invalid default limits on accounts without Trusted Advisor
- Changes to some tests in
test_versioncheck.py
to aid in debugging #47 where Travis tests fail on master because of git tag from release (if re-run after release)
- #54 - For 'RDS/DB snapshots per user' limit, only count manual snapshots.
- PR #58 - Fix issue where BotoServerError exception is unhandled when checking ElastiCache limits on new accounts without EC2-Classic.
- #55 - use .version instead of .parsed_version to fix version information when using pip<6
- #46 - versioncheck integration test fixes
* Rename
-integration
tox environments to-versioncheck
* Skip versioncheck git install integration tests on PRs, since they'll fail - #56 - logging fixes * change the AGPL warning message to write directly to STDERR instead of logging * document logging configuration for library use * move boto log suppression from checker to runner
- Add contributing docs
- initial released version