Query EC2 Account Limits with AWS API

Here’s a useful tip mentioned in one of the sessions at AWS re:Invent this year.

There is a little known API call that lets you query some of the EC2 limits/attributes in your account. The API call is DescribeAccountAttributes and you can use the aws-cli to query it from the command line.

For full JSON output:

aws ec2 describe-account-attributes

To query select limits/attributes and output them in a handy table format:

attributes="max-instances max-elastic-ips vpc-max-elastic-ips"
aws ec2 describe-account-attributes --region us-west-2 --attribute-names $attributes --output table --query 'AccountAttributes[*].[AttributeName,AttributeValues[0].AttributeValue]'

Note that the limits vary by region even for a single account, so you can add the --region option:

regions=$(aws ec2 describe-regions --output text --query 'Regions[*].RegionName')
attributes="max-instances max-elastic-ips vpc-max-elastic-ips"
for region in $regions; do
  echo; echo "region=$region"
  aws ec2 describe-account-attributes --region $region --attribute-names $attributes --output text --query 'AccountAttributes[*].[AttributeName,AttributeValues[0].AttributeValue]' |
    tr '\t' '=' | sort
done

Here’s sample output of the above command for a basic account:

region=eu-west-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=sa-east-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=us-east-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=ap-northeast-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=us-west-2
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=us-west-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=ap-southeast-1
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5

region=ap-southeast-2
max-elastic-ips=5
max-instances=20
vpc-max-elastic-ips=5