What is the true maximum values for AWS quotas? - amazon-web-services

Does anywhere officially or unofficially document what the true maximums are for all AWS quotas?
I am new to AWS, and am trying to figure out the maximum values for certain quotas.
For example, the default value for S3 Access Points supports a maximum of 1000 per account.
but in the AWS quota console it says it is Adjustable, and the docs suggest I can request a quota increase.
You can create a maximum of 1,000 access points per AWS account per Region. If you need more than 1,000 access points for a single account in a single Region, you can request a service quota increase. For more information about service quotas and requesting an increase, see AWS Service Quotas in the AWS General Reference.
I'd like to know what the true maximums are across the board for IAM and S3 resources, to ease design of features I'm working on, without having to do a request to increase resources I may not actually use, if appropriate resource limits can't be requested.

After discussing with AWS support, some quota changes aren't reflected in this console at this time (e.g dynamoDb quota changes)
Haven't tried it, but possibly using aws-limit-checker may show the real limits

Related

How to increase aws lambda Applied quota value?

As i observe on the services quota panel that the applied quota value of AWS lambda , is much lower then the aws default value. How can I increase this value?
I cannot find proper guidelines of how to increase the applied quota value as much of the resource related to it is about how to increase the default quota.
Same process, use the Request quota increase function in the Service Quota's console. The Lambda Quotas documentation gives some insight, that there are specific limits placed on new AWS Accounts, which get automatically raised over time.
The fact they don't explain this in the Service Quota's console isn't very user friendly.

AWS Codepipeline limitations on a single account

We are planning to leverage AWS codepipeline by hosting it on a single AWS account, moving forward pipeline count will get around ~500, Is there any limitation by AWS that only certain number of pipelines needs to be hosted on a single account.
Do we need to have a separate account for hosting all these pipelines or just host these on the AWS account in which the application is running? what are the best practices?
You can see the limits pertaining to CodePipeline at https://docs.aws.amazon.com/codepipeline/latest/userguide/limits.html.
It looks like as of now there is a soft limit is 300 pipelines per region per account. If you hit that number, you should be able to request an increase by following the link in that document.
As mentioned in another answer, the default limit for pipelines per account per region is 300. This limit can be raised on request.
While you can run more than 300 pipelines per account, you may also start running into related limits like IAM roles per account, CloudWatch Event rules per account, etc. You can get these limits raised too, but the complexity of dealing with all this can start to add up.
My personal recommendation would be to split things across multiple accounts so that there are about 300 pipelines per account at most. If you have multiple teams or multiple departments, splitting accounts by team/department can be a good idea anyway.

How to limit number of reads from Amazon S3 bucket

I'm hosting a static website in Amazon S3 with CloudFront. Is there a way to set a limit for how many reads (for example per month) will be allowed for my Amazon S3 bucket in order to make sure I don't go above my allocated budget?
If you are concerned about going over a budget, I would recommend Creating a Billing Alarm to Monitor Your Estimated AWS Charges.
AWS is designed for large-scale organizations that care more about providing a reliable service to customers than staying within a particular budget. For example, if their allocated budget was fully consumed, they would not want to stop providing services to their customers. They might, however, want to tweak their infrastructure to reduce costs in future, such as changing the Price Class for a CloudFront Distribution or using AWS WAF to prevent bots from consuming too much traffic.
Your static website will be rather low-cost. The biggest factor will likely be Data Transfer rather than charges for Requests. Changing the Price Class should assist with this. However, the only true way to stop accumulating Data Transfer charges is to stop serving content.
You could activate CloudTrail data read events for the bucket, create a CloudWatch Event Rule to trigger an AWS Lambda Function that increments the number of reads per object in an Amazon DynamoDB table and restrict access to the objects once a certain number of reads has been reached.
What you're asking for is a very typical question in AWS. Unfortunately with near infinite scale, comes near infinite spend.
While you can put a WAF, that is actually meant for security rather than scale restrictions. From a cost-perspective, I'd be more worried about the bandwidth charges than I would be able S3 requests cost.
Plus once you put things like Cloudfront or Lambda, it gets hard to limit all this down.
The best way to limit, is to put Billing Alerts on your account -- and you can tier them, so you get a $10, $20, $100 alerts, up until the point you're uncomfortable with. And then either manually disable the website -- or setup a lambda function to disable it for you.

How to rate limit per user in API Gateway?

I'm running a business API on AWS, through API Gateway and Lambda.
Currently, I handle rate limiting with the built in usage plans and api keys.
Each account tier (think basic, medium, premium) is associated to a usage plan, to which each customer's api key is linked.
I just found out that there is a hard (but increasable) limit of 500 api keys that a single AWS account can have per region (https://docs.aws.amazon.com/fr_fr/apigateway/latest/developerguide/limits.html).
Is it sustainable to rely on api keys to rate limit each customer ? We will get to the 500 limit eventually. Are there other solutions we could use ?
Thanks a lot
If you read the table carefully you will notice that the last column has a header "Can Be Increased" and value "Yes" for "Maximum number of API keys per account per region".
Just contact support once you will be getting close to your limit and ask for an increase. It may take up to 2-3 work days, but otherwise it should be only a matter of asking.

Using AWS budgets to stop a services

I am currently signed up to the free tier of AWS. I am enjoying experimenting with various services including those not affording by said free tier. Can AWS's enhanced budgets be used to stop services like EC2 instances if I accidentally spend too much? Or do they merely act as alerts?
This is available for EC2, I don't think it is available for all of the AWS resources.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html
Hope it helps.
There are several posts which looks it from different perspectives, such as this and this.
Having a cost cap might be a crucial requirement based on the usage, especially when considering how complex it is to set the things up properly and keeping everything secure on the cloud for an average user. At least we can expect to have a feature to switch on/off a cost-cap service, so a user can decide their own scenario easily.
Closest solution that I found is here:
Serverless Automated Cost Controls
https://aws.amazon.com/blogs/compute/serverless-automated-cost-controls-part1
It explains how to trigger AWS Lambda function to change IAM permission from EC2FullAccess to EC2ReadOnly when the budget exceeds the limit.
There is no built-in way to terminate services based on budgets or billing alarms.
You can get notified automatically, but it is then up to you to determine how to handle it.
Would you really want AWS automatically terminating your production infrastructure because you went $1 over your estimated monthly spending?
Edit: There is now a way to monitor and alert on free tier usage, and when your predicted usage will exceed the free tier. See here for details. You could probably come up with a way to terminate infrastructure based on an alert using SNS & lambda.
Edit 2: In Oct. 2020, AWS released Budget Actions - the ability to trigger an action when a budget thresholds are reached. This should give you the ability to automate a response - you can shut down servers, change IAM permissions to prevent additional infrastructure from being created, etc.
Recently, Amazon has given "budget action" to carry out actions like stop services automatically if the budget has exceeded.
https://aws.amazon.com/about-aws/whats-new/2020/10/announcing-aws-budgets-actions/
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/budgets-controls.html#:~:text=select%20Configure%20thresholds.-,To%20configure%20a%20budget%20action,-Under%20Configure%20thresholds