Version 1.10.0

[alt-dima]

Added

• fix MaxResults=1000 for EC2 instances check (from baec59a)
• new checks: ecsstrg_count,fargatespot_count,fargatedemand_count,iam_role_count (from Iam role check #23)
• added service/quota_code: iam_user_count
• fixed description: s3_bucket_count
• feature: display NOTDEF for check if limit in AWS is not default (was increased)
• catch EndpointConnectionError

[alt-dima]

This PR just in case if somebody also needs feature to display NOTDEF for check if limit in AWS is not default (was increased)

[brennerm]

Hey @alt-dima, thanks for your work!
I'd like to ask you to remove the NOTDEF indication including all the relevant code for now as I don't agree with the current implementation. Maybe create an issue prior to making these kinds of changes to discuss this topic before spending your valuable time. :)

[alt-dima]

Ok! No problem:)
I have a task on my job to quickly find any changed/increased quotas/limits in our AWS accounts.
And also learn some python.
I will move NOTDEF stuff to a brach

[brennerm]

@alt-dima No need to close the PR. You can just revert your changes, push to the same branch and the PR will update.

[brennerm]

Why should the maximum value be -1?

[alt-dima]

maximum -1 means, that getting maximum value from AWS is not working. I have got an error NoSuchResourceException in this specific check.

[brennerm]

Check my comment here. I came across the same exception and would like to fall back to the default value (1000) in this case.

[alt-dima]

Yes, i saw it, but decided to specify -1 like indicator for user, that this value was got not from AWS, but hardcoded (and user should check it manually).
I changed the same logic in many places and with | grep -e NOTDEF -e /-1 I can get an indicators, that should be checked.
This is just my opinion and specific needs in my task.

[brennerm]

Not sure if you got that correctly. At the moment there are no hardcoded values for any checks. If there is no dedicated maxmium function defined the check will default to this function cause all checks are subclassing QuotaCheck.

[brennerm]

I still don't understand what you mean. We never "fail" getting the maximum from AWS. Anyway I'm pretty sure people will be confused when seeing this output 0/-1/15 cause it's very hard to understand. If you need this kind of output feel free to use your own fork.

[alt-dima]

I changed this logic too. To see, where the maximum value is not from AWS (was "copied" from "default"). In the future this should be fixed by AWS or ourself to get correct max/def value from AWS.

If we can't get maximum or default value from AWS, then we should inform about that. And also we can be sure, that we are not over-quota. For example, this is very important with number of S3 buckets. You can't check a maximum value from AWS (only default and current). Maximum can tell only support. So, if you see it, you should check it mannually:

S3 Buckets per account [16634349525/us-east-1]: 209/-1/100  X

or another example:

ERROR get maximum : appmesh / L-AC861A39
App Meshes per account [1668413434345]: 0/-1/15  !

[brennerm]

Think we just have a different expectation of what this tool should do. Feel free to implement this in your fork. I'm not going to merge this logic into this project.