Monitor Service Limits to ensure that the allocation of resources in your AWS account is not reaching the limit set by Amazon in order to avoid resource starvation. Cloud Conformity make use of Amazon Trusted Advisor API to constantly check your account for service limits across multiple AWS products.
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
Service Limits checks can help you avoid resource starvation within you AWS environment, allowing you to expand fast your AWS infrastructure.
The following table shows the service limits supported by AWS Trusted Advisor:
Service | Limits |
AWS Elastic Block Store (EBS) | Active volumes Active snapshots General Purpose (SSD) volume storage (GiB) Provisioned IOPS Provisioned IOPS (SSD) volume storage (GiB) Magnetic volume storage (GiB) |
AWS Relational Database Service (RDS) | Clusters Cluster parameter groups Cluster roles DB instances DB parameter groups DB security groups DB snapshots per user Event subscriptions Max auths per security group Option groups Read replicas per master Reserved Instances Storage quota (GiB) Subnet groups Subnets per subnet group |
AWS Simple Email Service (SES) | Daily sending quota |
AWS Virtual Private Cloud (VPC) | Elastic IP addresses (EIPs) Internet gateways VPCs |
Auto Scaling | Auto Scaling groups Launch configurations |
AWS CloudFormation | Stacks |
Elastic Load Balancing (ELB) | Active load balancers |
Identity and Access Management (IAM) | Groups Instance profiles Policies Roles Server certificates Users |
Note 1: As example, this conformity rule will demonstrate how to audit and remediate an EC2 Elastic IP address (EIP) service limit detected using Amazon Trusted Advisor.
Note 2: You can change the severity level (Very High, High, Medium, Low) for this rule on the Cloud Conformity dashboard.
Audit
To check AWS Service Limits with Amazon Trusted Advisor, perform the following:
Remediation / Resolution
To request an increase for the VPC Elastic IP (EIP) limit, you need to perform the following actions:
Note: Requesting to increase the limit for the number of Elastic IPs per region using the AWS API via Command Line Interface (CLI) is not currently supported.References
- AWS Documentation
- AWS Trusted Advisor
- Trusted Advisor FAQs
- AWS Service Limits
- AWS Command Line Interface (CLI) Documentation
- support
- describe-trusted-advisor-checks
- refresh-trusted-advisor-check
- describe-trusted-advisor-check-refresh-statuses
- describe-trusted-advisor-check-result