Monitoring your AWS Service Limits

It’s all too easy to go past your AWS Service Limits if you’re dealing with big accounts.

E.g. the default for m4.largeper Region is 20. We’re currently running 65 in our smallest Region.


Attempt 1: using AWS’ solution

This unfortunately uses Cloudformation. Moving on…

Attempt 2: using awslimitchecker

See comes to the rescue. You can write your AWS Lambda scripts with it and you’d be good to go.

E.g. List Limits for a Region

awslimitchecker -r eu-west-2 -S EC2 -l

Note that these are defined manually in `./limitchecker/lib/python2.7/site-packages/awslimitchecker/services/`

and are from

However, if you have an account that’s already in use these limits may differ. And may also differ per Region.

As I said, it doesn’t query TrustedAdvisor dynamically. Moving on…

Attempt 3: getting the Service Limit data by CLI

Generic TA Check ID:

aws support describe-trusted-advisor-check-result --check-id eW7HH0l7J9 --region us-east-1

and the EC2 On-Demand Check ID:

aws support describe-trusted-advisor-check-result –language en –check-id 0Xc6LMYG8P –query ‘result.sort_by(flaggedResources[?status!=`ok`],&metadata[2])[].metadata’ –output table

For Check IDs per Service see:


Note that this only seems to work for us-east-1 so you’ll need to make sure this is your default profile (or specify a profile that uses it).

E.g. for other endpoints I got:

Could not connect to the endpoint URL: “”


Could not connect to the endpoint URL: “”

This seems to imply there are no Support endpoints other than us-east-1.

UPDATE: I was right:

AWS Support has a single endpoint: (HTTPS).


More info:


Note 2: if you don’t have Business or Enterprise support this CLI won’t work and you’ll get something like `usage: aws [options] <command> <subcommand> [<subcommand> …] [parameters]`.

You can use some Python like this for running EC2 instances:

session = boto3.Session(profile_name=<your aws credentials profile>)

client = session.client('ec2')

client.describe_instances( Filters=[{'Name': 'instance-state-name', 'Values': [ 'running', ]}] )

so let’s just adapt it to:

ta.describe_trusted_advisor_check_result( checkId='0Xc6LMYG8P' )



List account limits:

aws ec2 describe-account-attributes --region eu-west-1 --attribute-names $attributes --output table --query 'AccountAttributes[*].[AttributeName,AttributeValues[0].AttributeValue]'



Leave a Reply

Your email address will not be published. Required fields are marked *