Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong Usage for EC2 - on demand vCPU and VPC limits #477

Closed
ghost opened this issue Aug 27, 2020 · 6 comments · Fixed by #484
Closed

Wrong Usage for EC2 - on demand vCPU and VPC limits #477

ghost opened this issue Aug 27, 2020 · 6 comments · Fixed by #484

Comments

@ghost
Copy link

ghost commented Aug 27, 2020

Bug Report

Version

awslimitchecker==8.0.2

Installation Method

Installed using pip.

Supporting Software Versions

python --version
OS: Windows 10

Actual Output

C:\Users\test>awslimitchecker --skip-service=SES --skip-service=Redshift
awslimitchecker 8.0.2 is AGPL-licensed free software; all users have a right to the full source code of this version. See <https://github.com/jantman/awslimitchecker>
WARNING:awslimitchecker.checker:Skipping service: SES
WARNING:awslimitchecker.checker:Skipping service: Redshift
CRITICAL:awslimitchecker.trustedadvisor:Unable to find 'Service Limits' Trusted Advisor check; not using Trusted Advisor data.
EC2/Running On-Demand All Standard (A, C, D, H, I, M, R, T, Z) instances  (limit 640.0) �[31mCRITICAL: 4760

Expected Output

In above output, current usage says 4760 while current limit is 640. While current usage should have been 144 which is actual number of vCPU in on-demand instances. I noticed number 4760 also includes the vCPU from dedicated hosts. As per AWS, vCPU count for Running On-Demand All Standard (A, C, D, H, I, M, R, T, Z) instances or any on-demand instances metric does not include the instances running on the dedicated hosts.

Hi Jason,

We are using awslimitchecker in our organization and it has really been helpful.
I have came across service specific limits which returns the wrong output than expected.

  1. Service: EC2
    Limit Name: Running On-Demand All F instances, Running On-Demand All G instances, Running On-Demand All G
    instances, Running On-Demand All x instances, Running On-Demand All Standard (A, C, D, H, I, M, R, T, Z)
    instances

    In this limits, vCPU/instances running on dedicated host or dedicated instances shouldn't be included as that doesn't come
    under AWS definition of on demand limit metric. Awslimitchecker needs to calculate vCPU from on demand instances only.

  2. Service: VPC
    Limit Name:
    In case of VPC service, I noticed that VPC limits also including shared resources from other accounts as it's own usage. If we
    have shared VPC in the region, then it's calculating all the limits(Network interfaces per Region, Route tables per VPC, Rules
    per network ACL, Subnets per VPC, VPCs
    ) of shared VPC in usage.
    It would be great if awslimitchecker filters the VPC resources by owner id and show usage only of current account.

Let me know if I you need more information. I will be happy to help.

Thanks,
Pritam Yaduvanshi

@ghost ghost changed the title Wrong Usage for EC2 - vCPU and VPC limits Wrong Usage for EC2 - on demand vCPU and VPC limits Aug 27, 2020
@ghost
Copy link
Author

ghost commented Aug 27, 2020

@jantman

@jantman
Copy link
Owner

jantman commented Aug 31, 2020

Please accept my apologies for not responding sooner; I've been quite busy lately and unable to dedicate any time to my open source projects. I'm going to make every effort to dig into this sometime this week.

I'm relatively sure that the problem is, as you say, the dedicated hosts, as my employer doesn't use those and none of the accounts that I have access to have any dedicated hosts. Similarly, we don't use cross-account resource sharing, so I don't have a way to test that either.

Would it be possible for you to provide, with any sensitive/private information removed or replaced with X's:

  • The aws ec2 describe-instances output of an instance running on a dedicated host
  • Some information on how to identify VPC resources in a shared VPC? Is there some field in aws ec2 describe-vpcs that shows that a given VPC is shared?

Thanks,
Jason

@ghost
Copy link
Author

ghost commented Sep 10, 2020

Apologies for the late reply. Please find attached logs for both the issues.

  • Dedicated host : First instance in attached log file(dedicated host logs.json) is on demand instance while remaining last
    three are running on dedicated host. You will the notice the difference in "Placement" key.

  • Shared VPC : In attached log file(Shared VPC Logs.json), you will notice the account(32**********24) has only one VPC and
    it is a shared VPC from another account(98***********40). I have attached the output of "sts get-caller-
    identity" to show the current account on which I have ran this aws describe commands.
    File contains output of describe operations on VPC,subnets,route-tables,dhcp-options,nacl. You will notice the
    "OwnerId" key in all of them which is shared account number. So all of these resources should be filtered by
    awslimitchecker and shouldn't be part of current account limits.

logs.zip

jantman added a commit that referenced this issue Sep 21, 2020
jantman added a commit that referenced this issue Sep 21, 2020
Fixes #477 - ignore shared VPC resources and dedicated/host EC2 instances
@jantman
Copy link
Owner

jantman commented Sep 22, 2020

This has been fixed in 9.0.0, which is now live on PyPI and on the Docker Hub. Thank you so much!

@ghost
Copy link
Author

ghost commented Sep 25, 2020 via email

@ghost
Copy link
Author

ghost commented Sep 25, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant