Merge pull request #260 from /issues/259

Fix dupes in required IAM policy

CHANGES.rst

@@ -22,6 +22,7 @@ This release **requires new IAM permissions**: ``redshift:DescribeClusterSnapsho
   for EC2 Spot Instance-related API calls, and limits returned as 0 by the DescribeAccountAttributes EC2 API action.
 * `PR #249 <https://github.com/jantman/awslimitchecker/pull/249>`_ to add support for RedShift limits (Redshift subnet groups and Redshift manual snapshots).
   This requires the ``redshift:DescribeClusterSnapshots`` and ``redshift:DescribeClusterSubnetGroups`` IAM permissions.
+* `Issue #259 <https://github.com/jantman/awslimitchecker/issues/259>`_ - remove duplicates from required IAM policy returned by ``awslimitchecker.checker.AwsLimitChecker.get_required_iam_policy`` and ``awslimitchecker --iam-policy``.
 * Various TravisCI/tox build fixes:
 
   * Fix pip caching; use default pip cache directory

awslimitchecker/checker.py

@@ -553,7 +553,7 @@ def get_required_iam_policy(self):
             'Statement': [{
                 'Effect': 'Allow',
                 'Resource': '*',
-                'Action': sorted(required_actions),
+                'Action': sorted(list(set(required_actions))),
             }],
         }
         return policy

awslimitchecker/tests/test_checker.py

@@ -703,6 +703,7 @@ def test_get_required_iam_policy(self):
         self.mock_svc1.required_iam_permissions.return_value = [
             'ec2:foo',
             'ec2:bar',
+            'foo:perm1'
         ]
         self.mock_svc2.required_iam_permissions.return_value = [
             'foo:perm1',

docs/source/cli_usage.rst

@@ -130,7 +130,7 @@ View the AWS services currently supported by ``awslimitchecker`` with the
    EC2
    ELB
    (...)
-   RDS
+   Redshift
    S3
    SES
    VPC
@@ -170,7 +170,7 @@ and limits followed by ``(API)`` have been obtained from the service's API.
 .. code-block:: console
 
    (venv)$ awslimitchecker -l
-   AutoScaling/Auto Scaling groups                        800 (API)
+   AutoScaling/Auto Scaling groups                        1000 (API)
    AutoScaling/Launch configurations                      1000 (API)
    CloudFormation/Stacks                                  1300 (API)
    EBS/Active snapshots                                   30000 (TA)
@@ -191,7 +191,7 @@ from Trusted Advisor for all commands.
 .. code-block:: console
 
    (venv)$ awslimitchecker -l --skip-ta
-   AutoScaling/Auto Scaling groups                        800 (API)
+   AutoScaling/Auto Scaling groups                        1000 (API)
    AutoScaling/Launch configurations                      1000 (API)
    CloudFormation/Stacks                                  1300 (API)
    EBS/Active snapshots                                   10000
@@ -217,14 +217,14 @@ using their IDs).
 .. code-block:: console
 
    (venv)$ awslimitchecker -u
-   AutoScaling/Auto Scaling groups                        637
-   AutoScaling/Launch configurations                      741
-   CloudFormation/Stacks                                  1050
-   EBS/Active snapshots                                   18335
-   EBS/Active volumes                                     5990
+   AutoScaling/Auto Scaling groups                        673
+   AutoScaling/Launch configurations                      788
+   CloudFormation/Stacks                                  1125
+   EBS/Active snapshots                                   18852
+   EBS/Active volumes                                     1743
    (...)
    VPC/Rules per network ACL                              max: acl-bde47dd9=6 (acl-4bd96a2e=4, acl-8190 (...)
-   VPC/Subnets per VPC                                    max: vpc-c89074a9=40 (vpc-7bcef71f=1, vpc-e2e (...)
+   VPC/Subnets per VPC                                    max: vpc-c89074a9=40 (vpc-e2edf486=1, vpc-7bc (...)
    VPC/VPCs                                               11
 
 
@@ -286,15 +286,15 @@ threshold only, and another has crossed the critical threshold):
 .. code-block:: console
 
    (venv)$ awslimitchecker --no-color
-   CloudFormation/Stacks                                  (limit 1300) WARNING: 1050
-   EC2/Security groups per VPC                            (limit 500) CRITICAL: vpc-36f22951=601, vpc-c (...)
-   EC2/VPC security groups per elastic network interface  (limit 5) WARNING: eni-2b6bbcc5=4, eni-ef3e99 (...)
-   ELB/Active load balancers                              (limit 800) WARNING: 651
-   ElastiCache/Clusters                                   (limit 50) CRITICAL: 64
-   ElasticBeanstalk/Application versions                  (limit 500) CRITICAL: 2527
-   ElasticBeanstalk/Applications                          (limit 25) CRITICAL: 158
-   ElasticBeanstalk/Environments                          (limit 200) CRITICAL: 483
-   S3/Buckets                                             (limit 100) CRITICAL: 343
+   CloudFormation/Stacks                                  (limit 1300) WARNING: 1125
+   EC2/Security groups per VPC                            (limit 500) CRITICAL: vpc-36f22951=719, vpc-c (...)
+   EC2/VPC security groups per elastic network interface  (limit 5) CRITICAL: eni-8226ce61=5 WARNING: e (...)
+   ELB/Active load balancers                              (limit 800) WARNING: 695
+   ElastiCache/Clusters                                   (limit 50) CRITICAL: 68
+   (...)
+   ElasticBeanstalk/Environments                          (limit 200) CRITICAL: 513
+   RDS/DB security groups                                 (limit 25) WARNING: 20
+   S3/Buckets                                             (limit 100) CRITICAL: 380
 
 
 
@@ -306,12 +306,13 @@ To set the warning threshold of 50% and a critical threshold of 75% when checkin
 .. code-block:: console
 
    (venv)$ awslimitchecker -W 97 --critical=98 --no-color
-   EC2/Security groups per VPC            (limit 500) CRITICAL: vpc-36f22951=601, vpc-c89074a9=892
-   ElastiCache/Clusters                   (limit 50) CRITICAL: 64
-   ElasticBeanstalk/Application versions  (limit 500) CRITICAL: 2527
-   ElasticBeanstalk/Applications          (limit 25) CRITICAL: 158
-   ElasticBeanstalk/Environments          (limit 200) CRITICAL: 483
-   S3/Buckets                             (limit 100) CRITICAL: 343
+   EC2/Security groups per VPC                            (limit 500) CRITICAL: vpc-36f22951=719, vpc-c (...)
+   EC2/VPC security groups per elastic network interface  (limit 5) CRITICAL: eni-8226ce61=5
+   ElastiCache/Clusters                                   (limit 50) CRITICAL: 68
+   ElasticBeanstalk/Application versions                  (limit 500) CRITICAL: 2800
+   ElasticBeanstalk/Applications                          (limit 25) CRITICAL: 172
+   ElasticBeanstalk/Environments                          (limit 200) CRITICAL: 513
+   S3/Buckets                                             (limit 100) CRITICAL: 380
 
 
 

docs/source/iam_policy.rst

@@ -29,26 +29,20 @@ permissions required for it to function correctly:
             "ec2:DescribeInternetGateways", 
             "ec2:DescribeNatGateways", 
             "ec2:DescribeNetworkAcls", 
-            "ec2:DescribeNetworkAcls", 
             "ec2:DescribeNetworkInterfaces", 
             "ec2:DescribeReservedInstances", 
             "ec2:DescribeRouteTables", 
-            "ec2:DescribeRouteTables", 
             "ec2:DescribeSecurityGroups", 
             "ec2:DescribeSnapshots", 
-            "ec2:DescribeSnapshots", 
             "ec2:DescribeSpotDatafeedSubscription", 
             "ec2:DescribeSpotFleetInstances", 
             "ec2:DescribeSpotFleetRequestHistory", 
             "ec2:DescribeSpotFleetRequests", 
             "ec2:DescribeSpotInstanceRequests", 
             "ec2:DescribeSpotPriceHistory", 
             "ec2:DescribeSubnets", 
-            "ec2:DescribeSubnets", 
-            "ec2:DescribeVolumes", 
             "ec2:DescribeVolumes", 
             "ec2:DescribeVpcs", 
-            "ec2:DescribeVpcs", 
             "elasticache:DescribeCacheClusters", 
             "elasticache:DescribeCacheParameterGroups", 
             "elasticache:DescribeCacheSecurityGroups", 
@@ -68,6 +62,8 @@ permissions required for it to function correctly:
             "rds:DescribeEventSubscriptions", 
             "rds:DescribeOptionGroups", 
             "rds:DescribeReservedDBInstances", 
+            "redshift:DescribeClusterSnapshots", 
+            "redshift:DescribeClusterSubnetGroups", 
             "s3:ListAllMyBuckets", 
             "ses:GetSendQuota", 
             "support:*", 

docs/source/limits.rst

@@ -50,6 +50,8 @@ updated from Trusted Advisor:
 
   * Elastic IP addresses (EIPs)
 
+  * Running On-Demand c3.2xlarge instances
+
   * Running On-Demand c3.4xlarge instances
 
   * Running On-Demand c3.large instances
@@ -318,7 +320,7 @@ Rules per VPC security group                                   50
 Running On-Demand EC2 instances :sup:`(API)`                   20  
 Running On-Demand c1.medium instances                          20  
 Running On-Demand c1.xlarge instances                          20  
-Running On-Demand c3.2xlarge instances                         20  
+Running On-Demand c3.2xlarge instances :sup:`(TA)`             20  
 Running On-Demand c3.4xlarge instances :sup:`(TA)`             20  
 Running On-Demand c3.8xlarge instances                         20  
 Running On-Demand c3.large instances :sup:`(TA)`               20  
@@ -485,6 +487,18 @@ Subnets per Subnet Group :sup:`(API)`                 20
 VPC Security Groups                                   5     
 ===================================================== ======
 
+.. _limits.Redshift:
+
+Redshift
++++++++++
+
+========================= ==
+Limit                     Default
+========================= ==
+Redshift manual snapshots 20
+Redshift subnet groups    20
+========================= ==
+
 .. _limits.S3:
 
 S3