brennerm / aws-quota-checker Goto Github PK

View Code? Open in Web Editor NEW

84.0 4.0 35.0 574 KB

Keep an eye on your AWS quotas before you hit their limits

Home Page: https://pypi.org/project/aws-quota-checker/

License: MIT License

Python 99.48% Dockerfile 0.52%

aws quota iac ci

aws-quota-checker's Introduction

aws-quota-checker

A tool that helps keeping track of your AWS quota utilization. It'll determine the limits of your AWS account and compare them to the number of current resources.

This is especially useful cause today, cloud resources are being created from all kinds of sources, e.g. IaC and Kubernetes operators. This tool will give you a head start for requesting quota increases before you hit a quota limit to prevent being stuck with a production system not being able to scale anymore.

A usual use case is to add it to your CI pipeline right after applying your IaC or run it on a regular basis. It also comes with a Prometheus exporter mode that allows you to visualize the data with your tool of choice, e.g. Grafana.

Installation

From pypi

pip install aws-quota-checker

From Docker

docker run -e AWS_ACCESS_KEY_ID=ABC -e AWS_SECRET_ACCESS_KEY=DEF -e AWS_DEFAULT_REGION=eu-central-1 ghcr.io/brennerm/aws-quota-checker

aws configure
docker run -v ~/.aws/credentials:/home/aqc/.aws/credentials:ro ghcr.io/brennerm/aws-quota-checker

From source

git clone [email protected]:brennerm/aws-quota-checker.git
cd aws-quota-checker
pip install .

Usage

Make sure you are logged into your AWS account (aws configure or through environment variables) or switch to the one you want to check. This account needs to have read permissions for all supported services. AWS provides a default policy called ReadOnlyAccess that contains the required permissions.

Check the help page with aws-quota-checker --help to see all available command and their documentation.

Run a single check

$ aws-quota-checker check vpc_count
AWS profile: default | AWS region: eu-central-1 | Active checks: vpc_count
VPCs per Region [default/eu-central-1]: 1/5 ✓

Run all checks

$ aws-quota-checker check all
AWS profile: default | AWS region: eu-central-1 | Active checks: route53_traffic_policy_count,vpc_count,ec2_tgw_count,ec2_on_demand_standard_count,route53_health_check_count,cw_alarm_count,iam_attached_policy_per_role,asg_count,elasticbeanstalk_environment_count,s3_bucket_count,iam_attached_policy_per_user,elb_listeners_per_alb,ec2_eip_count,route53resolver_rule_count,iam_policy_version_count,elb_listeners_per_nlb,vpc_subnets_per_vpc,route53_vpcs_per_hosted_zone,cf_stack_count,iam_user_count,elb_listeners_per_clb,ni_count,dyndb_table_count,elasticbeanstalk_application_count,route53_traffic_policy_instance_count,ig_count,elb_clb_count,ec2_vpn_connection_count,route53_reusable_delegation_set_count,ebs_snapshot_count,route53_hosted_zone_count,iam_attached_policy_per_group,eks_count,am_mesh_count,elb_target_group_count,route53resolver_rule_association_count,iam_server_certificate_count,elb_alb_count,vpc_acls_per_vpc,iam_group_count,ec2_spot_standard_count,route53resolver_endpoint_count,iam_policy_count,elb_nlb_count,sg_count,route53_records_per_hosted_zone,lc_count,ecs_count,secretsmanager_secrets_count
Collecting checks  [####################################]  100%
Route53 Traffic Policies per Account [default]: 0/50 ✓
VPCs per Region [default/eu-central-1]: 1/5 ✓
Transit Gateways per Account [default]: 4/5 !
Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) EC2 instances [default]: 0/1280 ✓
Route53 Health Checks per Account [default]: 0/200 ✓
Number of CloudWatch alarms per Region [default/eu-central-1]: 0/5000 ✓
Auto Scaling groups per Region [default/eu-central-1]: 0/200 ✓
Elastic Beanstalk Environments per Account [default]: 0/200 ✓
Application Load Balancers per Region [default/eu-central-1]: 46/50 X
...

Run a single instance check

$ aws-quota-checker check-instance vpc_acls_per_vpc vpc-0123456789
Network ACLs per VPC [default/eu-central-1/vpc-0123456789]: 0/200

Prometheus exporter

The Prometheus exporter requires additional dependencies that you need to install with pip install aws-quota-checker[prometheus].

$ aws-quota-checker prometheus-exporter all
AWS profile: default | AWS region: us-east-1 | Active checks: am_mesh_count,asg_count,cf_stack_count,cw_alarm_count,dyndb_table_count,ebs_snapshot_count,ec2_eip_count,ec2_on_demand_f_count,ec2_on_demand_g_count,ec2_on_demand_inf_count,ec2_on_demand_p_count,ec2_on_demand_standard_count,ec2_on_demand_x_count,ec2_spot_f_count,ec2_spot_g_count,ec2_spot_inf_count,ec2_spot_p_count,ec2_spot_standard_count,ec2_spot_x_count,ec2_tgw_count,ec2_vpn_connection_count,ecs_count,eks_count,elasticbeanstalk_application_count,elasticbeanstalk_environment_count,elb_alb_count,elb_clb_count,elb_listeners_per_alb,elb_listeners_per_clb,elb_listeners_per_nlb,elb_nlb_count,elb_target_group_count,iam_attached_policy_per_group,iam_attached_policy_per_role,iam_attached_policy_per_user,iam_group_count,iam_policy_count,iam_policy_version_count,iam_server_certificate_count,iam_user_count,ig_count,lc_count,ni_count,route53_health_check_count,route53_hosted_zone_count,route53_records_per_hosted_zone,route53_reusable_delegation_set_count,route53_traffic_policy_count,route53_traffic_policy_instance_count,route53_vpcs_per_hosted_zone,route53resolver_endpoint_count,route53resolver_rule_association_count,route53resolver_rule_count,s3_bucket_count,secretsmanager_secrets_count,sg_count,sns_pending_subscriptions_count,sns_subscriptions_per_topic,sns_topics_count,vpc_acls_per_vpc,vpc_count,vpc_subnets_per_vpc
09-Mar-21 20:15:11 [INFO] botocore.credentials - Found credentials in shared credentials file: ~/.aws/credentials
09-Mar-21 20:15:11 [INFO] aws_quota.prometheus - starting /metrics endpoint on port 8080
09-Mar-21 20:15:11 [INFO] aws_quota.prometheus - collecting checks
09-Mar-21 20:15:19 [INFO] aws_quota.prometheus - collected 110 checks
09-Mar-21 20:15:19 [INFO] aws_quota.prometheus - refreshing limits
09-Mar-21 20:16:34 [INFO] aws_quota.prometheus - limits refreshed
09-Mar-21 20:16:34 [INFO] aws_quota.prometheus - refreshing current values
09-Mar-21 20:18:15 [INFO] aws_quota.prometheus - current values refreshed

The exporter will return the following metrics:

awsquota_$checkkey: the current value of each quota check
awsquota_$checkkey_limit: the limit value of each quota check
awsquota_$checkkey_duration_seconds: the time to get the current value of each quota check
awsquota_$checkkey_limit_duration_seconds: the time to get the limit value of each quota check
awsquota_check_count: the number of quota checks that are being executed
awsquota_check_limits_duration_seconds: the number of seconds that was necessary to query all quota limits
awsquota_check_currents_duration_seconds: the number of seconds that was necessary to query all current quota values
awsquota_info: info gauge that will expose the current AWS account and region as labels

Depending on the check type, labels for the AWS account, the AWS region and the instance ID will be attached to the metric.

Below you can find a few example metrics:

# HELP awsquota_info AWS quota checker info
# TYPE awsquota_info gauge
awsquota_info{account="123456789",region="us-east-1"} 1.0
# HELP awsquota_check_count Number of AWS Quota Checks
# TYPE awsquota_check_count gauge
awsquota_check_count 110.0
# HELP awsquota_collect_checks_duration_seconds Time to collect all quota checks
# TYPE awsquota_collect_checks_duration_seconds gauge
awsquota_collect_checks_duration_seconds{account="123456789",region="us-east-1"} 7.885610818862915
# HELP awsquota_asg_count_limit Auto Scaling groups per Region Limit
# TYPE awsquota_asg_count_limit gauge
awsquota_asg_count_limit{account="123456789",region="us-east-1"} 200.0
# HELP awsquota_ec2_on_demand_standard_count Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) EC2 instances
# TYPE awsquota_ec2_on_demand_standard_count gauge
awsquota_ec2_on_demand_standard_count{account="123456789"} 22.0
# HELP awsquota_elb_listeners_per_clb Listeners per Classic Load Balancer
# TYPE awsquota_elb_listeners_per_clb gauge
awsquota_elb_listeners_per_clb{account="123456789",instance="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",region="us-east-1"} 10.0
awsquota_elb_listeners_per_clb{account="123456789",instance="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",region="us-east-1"} 2.0

As querying all quotas, depending on the number of resources to check, may take some time, the exporter works asynchronously. That means requesting the /metrics endpoint will return cached results and not trigger a recheck of all quotas. Instead all checks will be executed and refreshed in the background. That's why no metrics will be available directly after starting the exporter.

Hence it doesn't make too much sense to scrape the /metrics every few seconds cause the values will only refresh once in a while. The check intervals of the background jobs can be adjusted to your needs using command line arguments.

Autocompletion

To enable autocompletion for all check keys, sub commands and their options, follow one of the next sections depending on the shell you use.

Bash

Add this to your ~/.bashrc:

eval "$(_AWS_QUOTA_CHECKER_COMPLETE=source_bash aws-quota-checker)"

Zsh

Add this to your ~/.zshrc:

eval "$(_AWS_QUOTA_CHECKER_COMPLETE=source_zsh aws-quota-checker)"

Fish

Add this to your ~/.config/fish/completions/aws-quota-checker.fish:

eval "$(_AWS_QUOTA_CHECKER_COMPLETE=source_fish aws-quota-checker)"

Missing a quota check?

Feel free to create a new issue with the New Check label including a description which quota check you are missing.

aws-quota-checker's People

Contributors

Stargazers

Watchers

aws-quota-checker's Issues

Lambda function and layer storage

This check is currently missing

ec2_on_demand_standard_count check is incorrect?

This seems to be checking the current number of instances, when it should be checking the number of vCPUs:

$ aws-quota-checker check 'ec2_on_demand_standard_count'
AWS profile: default | AWS region: us-east-2 | Active checks: ec2_on_demand_standard_count
Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) EC2 instances [************]: 178/980 ✓

This shows 178/980, which does not match Trusted Advisor:

And does not match Service Quotas:

Regression for blacklist check in 1.3.0

Running check with a blacklist entry in 1.3.0 returns a usage error.

(aws-quota-checker) [(HEAD detached at 1.3.0)] aws-quota-checker $ aws-quota-checker check 'all,!vpc_count'
Usage: aws-quota-checker check [OPTIONS] [all|am_mesh_count|asg_count|cf_stack
                               _count|cw_alarm_count|dyndb_table_count|ebs_sna
                               pshot_count|ec2_eip_count|ec2_on_demand_f_count
                               |ec2_on_demand_g_count|ec2_on_demand_inf_count|
                               ec2_on_demand_p_count|ec2_on_demand_standard_co
                               unt|ec2_on_demand_x_count|ec2_spot_f_count|ec2_
                               spot_g_count|ec2_spot_inf_count|ec2_spot_p_coun
                               t|ec2_spot_standard_count|ec2_spot_x_count|ec2_
                               tgw_count|ec2_vpn_connection_count|ecs_count|ek
                               s_count|elasticbeanstalk_application_count|elas
                               ticbeanstalk_environment_count|elb_alb_count|el
                               b_clb_count|elb_listeners_per_alb|elb_listeners
                               _per_clb|elb_listeners_per_nlb|elb_nlb_count|el
                               b_target_group_count|iam_attached_policy_per_gr
                               oup|iam_attached_policy_per_role|iam_attached_p
                               olicy_per_user|iam_group_count|iam_policy_count
                               |iam_policy_version_count|iam_server_certificat
                               e_count|iam_user_count|ig_count|lc_count|ni_cou
                               nt|route53_health_check_count|route53_hosted_zo
                               ne_count|route53_records_per_hosted_zone|route5
                               3_reusable_delegation_set_count|route53_traffic
                               _policy_count|route53_traffic_policy_instance_c
                               ount|route53_vpcs_per_hosted_zone|route53resolv
                               er_endpoint_count|route53resolver_rule_associat
                               ion_count|route53resolver_rule_count|s3_bucket_
                               count|secretsmanager_secrets_count|sg_count|sns
                               _pending_subscriptions_count|sns_subscriptions_
                               per_topic|sns_topics_count|vpc_acls_per_vpc|vpc
                               _count|vpc_subnets_per_vpc]
Try 'aws-quota-checker check --help' for help.

Error: Invalid value for '[all|am_mesh_count|asg_count|cf_stack_count|cw_alarm_count|dyndb_table_count|ebs_snapshot_count|ec2_eip_count|ec2_on_demand_f_count|ec2_on_demand_g_count|ec2_on_demand_inf_count|ec2_on_demand_p_count|ec2_on_demand_standard_count|ec2_on_demand_x_count|ec2_spot_f_count|ec2_spot_g_count|ec2_spot_inf_count|ec2_spot_p_count|ec2_spot_standard_count|ec2_spot_x_count|ec2_tgw_count|ec2_vpn_connection_count|ecs_count|eks_count|elasticbeanstalk_application_count|elasticbeanstalk_environment_count|elb_alb_count|elb_clb_count|elb_listeners_per_alb|elb_listeners_per_clb|elb_listeners_per_nlb|elb_nlb_count|elb_target_group_count|iam_attached_policy_per_group|iam_attached_policy_per_role|iam_attached_policy_per_user|iam_group_count|iam_policy_count|iam_policy_version_count|iam_server_certificate_count|iam_user_count|ig_count|lc_count|ni_count|route53_health_check_count|route53_hosted_zone_count|route53_records_per_hosted_zone|route53_reusable_delegation_set_count|route53_traffic_policy_count|route53_traffic_policy_instance_count|route53_vpcs_per_hosted_zone|route53resolver_endpoint_count|route53resolver_rule_association_count|route53resolver_rule_count|s3_bucket_count|secretsmanager_secrets_count|sg_count|sns_pending_subscriptions_count|sns_subscriptions_per_topic|sns_topics_count|vpc_acls_per_vpc|vpc_count|vpc_subnets_per_vpc]': invalid choice: all,!vpc_count. (choose from all, am_mesh_count, asg_count, cf_stack_count, cw_alarm_count, dyndb_table_count, ebs_snapshot_count, ec2_eip_count, ec2_on_demand_f_count, ec2_on_demand_g_count, ec2_on_demand_inf_count, ec2_on_demand_p_count, ec2_on_demand_standard_count, ec2_on_demand_x_count, ec2_spot_f_count, ec2_spot_g_count, ec2_spot_inf_count, ec2_spot_p_count, ec2_spot_standard_count, ec2_spot_x_count, ec2_tgw_count, ec2_vpn_connection_count, ecs_count, eks_count, elasticbeanstalk_application_count, elasticbeanstalk_environment_count, elb_alb_count, elb_clb_count, elb_listeners_per_alb, elb_listeners_per_clb, elb_listeners_per_nlb, elb_nlb_count, elb_target_group_count, iam_attached_policy_per_group, iam_attached_policy_per_role, iam_attached_policy_per_user, iam_group_count, iam_policy_count, iam_policy_version_count, iam_server_certificate_count, iam_user_count, ig_count, lc_count, ni_count, route53_health_check_count, route53_hosted_zone_count, route53_records_per_hosted_zone, route53_reusable_delegation_set_count, route53_traffic_policy_count, route53_traffic_policy_instance_count, route53_vpcs_per_hosted_zone, route53resolver_endpoint_count, route53resolver_rule_association_count, route53resolver_rule_count, s3_bucket_count, secretsmanager_secrets_count, sg_count, sns_pending_subscriptions_count, sns_subscriptions_per_topic, sns_topics_count, vpc_acls_per_vpc, vpc_count, vpc_subnets_per_vpc)

Expected output (1.2.0):

(aws-quota-checker) [(HEAD detached at 1.2.0)] aws-quota-checker $ aws-quota-checker check 'all,!vpc_count'
AWS profile: default | AWS region: None | Active checks: am_mesh_count,asg_count,cf_stack_count,cw_alarm_count,dyndb_table_count,ebs_snapshot_count,ec2_eip_count,ec2_on_demand_f_count,ec2_on_demand_g_count,ec2_on_demand_inf_count,ec2_on_demand_p_count,ec2_on_demand_standard_count,ec2_on_demand_x_count,ec2_spot_f_count,ec2_spot_g_count,ec2_spot_inf_count,ec2_spot_p_count,ec2_spot_standard_count,ec2_spot_x_count,ec2_tgw_count,ec2_vpn_connection_count,ecs_count,eks_count,elasticbeanstalk_application_count,elasticbeanstalk_environment_count,elb_alb_count,elb_clb_count,elb_listeners_per_alb,elb_listeners_per_clb,elb_listeners_per_nlb,elb_nlb_count,elb_target_group_count,iam_attached_policy_per_group,iam_attached_policy_per_role,iam_attached_policy_per_user,iam_group_count,iam_policy_count,iam_policy_version_count,iam_server_certificate_count,iam_user_count,ig_count,lc_count,ni_count,route53_health_check_count,route53_hosted_zone_count,route53_records_per_hosted_zone,route53_reusable_delegation_set_count,route53_traffic_policy_count,route53_traffic_policy_instance_count,route53_vpcs_per_hosted_zone,route53resolver_endpoint_count,route53resolver_rule_association_count,route53resolver_rule_count,s3_bucket_count,secretsmanager_secrets_count,sg_count,sns_pending_subscriptions_count,sns_subscriptions_per_topic,sns_topics_count,vpc_acls_per_vpc,vpc_subnets_per_vpc

RDS quota monitoring

Please add:
Allocated storage / Total storage for all DB instances for RDS

Grafana dashboard

Hi there,

Good stuff, I've just deployed this in my environment.

Would you be able to please provide an export of your Grafana dashboard json?

How to check more than one region at the same time?

I configured the quota check with my prometheus, but it only brings me the default region of aws configure, but I need it to bring sa-east-1 and us-east-1, could you help me?

DynamoDB pagination

DynamoDB shows 100 when in reality you have more tables, looks like it's getting capped due to pagination.

Build for MacM1

Would love to use this locally, however the Docker image is not build for linux/arm64/v8

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Probably https://github.com/marketplace/actions/build-and-push-docker-images will help as the following ran fine

docker buildx build --platform=linux/arm/v8 -t aws-quota-checker:macm1 .

SNS SMS quota

I think I am correct in not seeing this in current checks.

Thanks

CloudFormation stack count doesn't return full count

Version: aws-quota-checker==1.12.0

when running

aws-quota-checker check cf_stack_count --profile tools --region $region

I'm seeing a maximum of 100 returned for regions that have more than 100 stacks. I suspect this is some kind of paging issue.

[New Check] Roles in an AWS account

The AWS console is warning us about getting close to the limit for number of IAM roles (1000). Would like to have a check for this limit.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities

limit overrides

Some AWS services have not integrated with the quota service so the current implementation cannot get the applied limit and falls back to the default limit. For example we have gotten an S3 bucket limit increase to 300 buckets, so this quota checker will always indicate we are at the limit for number of s3 buckets.

Do you have any plans to implement a way to override individual checks to handle this type of scenario? Asking since we have a need for it and might tackle it in our fork (https://github.com/northwoodspd/aws-quota-checker). If you have ideas about how you'd like to see that approached, we'd have a better chance of getting such a feature accepted into your repo.

Per aws support:

------------------------------------------------------------------------
% aws service-quotas get-service-quota --service-code s3 --quota-code L-DC2B2D3D

An error occurred (NoSuchResourceException) when calling the GetServiceQuota operation:
------------------------------------------------------------------------

I then contacted an S3 SME regarding the above - please note, S3 has not yet been onboarded onto the get-service-quota API. Therefore, you will only not be able to view any increased limits for S3 buckets.

[snip]

Therefore, for the time being, it will only be possible to use the get-aws-default-service-quota API until the get-service-quota API is onboarded with S3. Additionally, although this feature is not currently available, I recommend you to follow our news channels to be updated on all service releases from us (please note we cannot give timelines for new feature releases):

vpc_rules_per_sg is returning incorrect count for one of the SG

Hi! I'm getting incorrect rules count for specific SG (according to AWS console - this group have 230 inbound, 1 outbound rule).
Other SGs have (inbound+outbound)<10 and displayed correctly. Maybe it's some paging issue?
I got such results on latest master, fix-cf-stack-counting branches.

Best regards!

When checking rules count over aws cli

aws ec2 describe-security-group-rules --region us-east-1 --profile sso-prod --filter Name="group-id",Values="sg-xxxx" | jq -r '.SecurityGroupRules | length'
231

When checking rules count using aws-quota-checker

/usr/local/bin/aws-quota-checker check vpc_rules_per_sg
AWS profile: default | AWS region: us-east-1 | Active checks: vpc_rules_per_sg
Collecting checks  [####################################]  100%
Rules per VPC security group [****/us-east-1/sg-xxxx]: 66/333 ✓

ec2_on_demand

Hey,
The ec2_on_demand_standard_count metric gives me back the number of instances I have, and the awsquota_ec2_on_demand_standard_count_limit give me back the number of CPUs I can use. I would like to get the number of CPUs I'm using.

Add an Prometheus exporter

I was thinking about allowing to expose the results of all quota monitors on a Prometheus /metrics endpoint. This would allow to constantly monitor all quotas and visualize them in e.g. Grafana.

If you'd like to see such a feature leave a thumbs up on this issue.

ebs_snapshot_count seems high

I'm seeing
EBS Snapshots per region [default/eu-west-1]: 25780/100000 ✓
for an account with only a handful of actual snapshots.
Perhaps change

return len(self.boto_session.client('ec2').describe_snapshots()['Snapshots'])

return len(self.boto_session.client('ec2').describe_snapshots(OwnerIds=["self"])['Snapshots'])

Compatibility with python3

Getting the following error while running it inside a kubernetes pod or even as a container

Traceback (most recent call last):
File "/usr/local/bin/aws-quota-checker", line 7, in
from aws_quota.cli import cli
File "/usr/local/lib/python3.7/site-packages/aws_quota/cli.py", line 2, in
from aws_quota.utils import get_account_id
File "/usr/local/lib/python3.7/site-packages/aws_quota/utils.py", line 6, in
def get_account_id(session: boto3.Session) -> str:
File "/usr/lib64/python3.7/functools.py", line 490, in lru_cache
raise TypeError('Expected maxsize to be an integer or None')
TypeError: Expected maxsize to be an integer or None

Target groups per application load balancer

After implementing this tool. I noticed a few missing checks. This is one that would be super helpful for us.

[New Check] RDS Event Subscriptions

Link to PR: #28

Feature: Limit checks by Scope

Right now, I can either run all checks or specifically select them. It would be nice to be able to select them by scope, something like:

$> aws-quota-checker check all
# Run only account scope checks
$> aws-quota-checker check --scope account all
# or run everything *except* account scope checks
$> aws-quota-checker check all,!scope:account

New Check - SES Sending Limits

Sending Quota
Quota Used
Max Send Rate

That would be nice to have.

Thanks for this awesome tool.

Missing checks for RDS

Since I've been told you use an issue based workflow. This is to start the discussion about #24!

PromQL expression QOL

We're updating our alerts to make use of the metrics exposed by the prometheus-exporter feature of aws-quota-checker. We have a generic expression which aims to alert whenever we've breached 70% of any limit.

The expression is quite unweildly:

round( 100 *
    label_replace({__name__=~"^awsquota_([3a-z_]+(_count|_instances))$",account=~".+"}, "resource", "$1", "__name__", "^awsquota_([3a-z_]+(_count|_instances))$")
    / on (resource)
    label_replace({__name__=~"^awsquota_([3a-z_]+(_limit))$",account=~".+"}, "resource", "$1", "__name__", "^awsquota_([3a-z_]+)(_limit)$")
) > 70

A couple suggestions which would aid in crafting PromQL expressions:

It would be great if the metrics had an additional label e.g.

awsquota_rds_instances{resource="rds_instances"}
awsquota_rds_instances_limit{resource="rds_instances"}

A bigger change, but what if the metrics were exposed using the same pair of metrics, just with the additional label as above? e.g.
```
awsquota_usage{resource="rds_instances"}
awsquota_limit{resource="rds_instances"}
```

Feel free to disregard if this is too niche or opinionated in a direction you'd rather not take. A solution to those facing similar grievances could be through the use of recording rules.

[Feature Req] Checks for the below Quotas

Subnets that can be shared with an account : L-44499CD2
Number of Resource shares : L-595828F9
Security group per network interface : L-2AFB9258