Monitoring your AWS Service Limits

It’s all too easy to go past your AWS Service Limits if you’re dealing with big accounts.

E.g. the default for m4.largeper Region is 20. We’re currently running 65 in our smallest Region.


Attempt 1: using AWS’ solution

This unfortunately uses Cloudformation. Moving on…

Attempt 2: using awslimitchecker

See comes to the rescue. You can write your AWS Lambda scripts with it and you’d be good to go.

E.g. List Limits for a Region

awslimitchecker -r eu-west-2 -S EC2 -l

Note that these are defined manually in `./limitchecker/lib/python2.7/site-packages/awslimitchecker/services/`

and are from

However, if you have an account that’s already in use these limits may differ. And may also differ per Region.

As I said, it doesn’t query TrustedAdvisor dynamically. Moving on…

Attempt 3: getting the Service Limit data by CLI

Generic TA Check ID:

aws support describe-trusted-advisor-check-result --check-id eW7HH0l7J9 --region us-east-1

and the EC2 On-Demand Check ID:

aws support describe-trusted-advisor-check-result –language en –check-id 0Xc6LMYG8P –query ‘result.sort_by(flaggedResources[?status!=`ok`],&metadata[2])[].metadata’ –output table

For Check IDs per Service see:


Note that this only seems to work for us-east-1 so you’ll need to make sure this is your default profile (or specify a profile that uses it).

E.g. for other endpoints I got:

Could not connect to the endpoint URL: “”


Could not connect to the endpoint URL: “”

This seems to imply there are no Support endpoints other than us-east-1.

UPDATE: I was right:

AWS Support has a single endpoint: (HTTPS).


More info:


Note 2: if you don’t have Business or Enterprise support this CLI won’t work and you’ll get something like `usage: aws [options] <command> <subcommand> [<subcommand> …] [parameters]`.

You can use some Python like this for running EC2 instances:

session = boto3.Session(profile_name=<your aws credentials profile>)

client = session.client('ec2')

client.describe_instances( Filters=[{'Name': 'instance-state-name', 'Values': [ 'running', ]}] )

so let’s just adapt it to:

ta.describe_trusted_advisor_check_result( checkId='0Xc6LMYG8P' )



List account limits:

aws ec2 describe-account-attributes --region eu-west-1 --attribute-names $attributes --output table --query 'AccountAttributes[*].[AttributeName,AttributeValues[0].AttributeValue]'



warning: deleting branch ‘old_branch’ that has been merged to ‘refs/remotes/origin/old_branch’, but not yet merged to HEAD: why I hate/love git

git is immensely powerful. In the same way that English is as a language. There are endless nuances.

I love that you can do so much with it.

However, I hate that, even after a decade using it, I’m still running into basic issues that interrupt my workflow while I go and research the error message to see what’s going on under the hood.

Here’s an example. I was so confident I could delete the local branches I did two at once. And ran into 2 separate error messages. i.e. I did a git branch -d <local_branch1 local_branch2> that had been pushed and merged only to get these messages:

A. warning: deleting branch 'old_branch' that has been merged to 'refs/remotes/origin/old_branch', but not yet merged to HEAD.

Turns out, when you do a merge --squashand delete the remote branch you’ll get this warning. Here’s why:

  1. you created the branch
  2. pushed to remote
  3. merged there and deleted the remote branch
  4. did a pull from origin/master
  5. your local HEAD (master) does not have a record of this merge (even though it was done on the remote) hence the warning


error: The branch <my_branch> is not fully merged.
If you are sure you want to delete it, run 'git branch -D <my_branch>'

Check with:

git log --graph --left-right --cherry-pick --oneline master...<my_branch>


Terraform: security_groups vs vpc_security_group_ids

Basically, just use `vpc_security_group_ids`.

Another one of my gripes /  rants. Why the differnet naming schemes?!


  • security_groups – (Optional, EC2-Classic and default VPC only) A list of security group names to associate with.

Could not connect to the endpoint URL: “”

Annoying but this:

aws ec2 describe-availability-zones --region eu-west2

fails saying:

Could not connect to the endpoint URL: ""

The reason is simple – there’s a typo in the Region.

It should be:

aws ec2 describe-availability-zones --region eu-west-2

Would be nice if the AWS CLI gave a better error message! E.g. like there’s no such Region.

More here:


Install with

brew install tmate

Run with


then copy and paste the ssh string for another person to share your session.

Exit with

exit(or Ctrl d)



If you want to page up / down in the buffer enable the mode with:

CTRL b then [


Page Up / Page Down (i.e. Fn + Up arrow / Down arrow).

Use ESCto exit this mode.