如何使用 AWS CLI 来管理服务配额请求,进而排查错误?

上次更新时间:2020 年 9 月 8 日

使用 Amazon 命令行界面 (AWS CLI) 管理提高服务配额的请求时遇到错误。我应该如何排查此问题?

简短描述

以下是使用 AWS CLI 查看和管理提高配额请求时可能出现的常见错误:

  • list-service-quotas 命令未列出所有可用配额。
  • 错误:“An error occurred (ResourceAlreadyExistsException) when calling the RequestServiceQuotaIncrease operation: Only one open service quota increase request is allowed per quota”。
  • 错误:“An error occurred (NoSuchResourceException) when calling the ListAWSDefaultServiceQuotas operation: The request failed because the specified service does not exist”。

有关解决与 Service Quotas 无关的 AWS CLI 错误的一般信息,请参阅为什么我在运行 AWS CLI 命令时会遇到错误?

解决方法

确认您使用的是最新版本的 AWS CLI

如果您使用的是较旧版本的 AWS CLI,则可能会在使用 API 命令时遇到问题。如果您在使用命令时遇到错误,请升级到最新版本的 AWS CLI,然后再次尝试运行命令。有关更多信息,请参阅排查 AWS CLI 错误中的常规:确保您正在运行最新版本的 AWS CLI 部分。

错误:list-service-quotas 命令未列出所有可用配额

list-service-quotas 命令返回已应用配额值的配额。要返回所有默认值,请使用 list-aws-default-service-quotas 命令。

以下示例使用 list-service-quotas 命令。输出列出了已应用值的两项服务。

# aws service-quotas list-service-quotas --service-code vpc --region eu-west-1 --query "Quotas[*].{ServiceName:ServiceName,QuotaName:QuotaName,QuotaCode:QuotaCode,Value:Value}" --output table
------------------------------------------------------------------------------------------------------
|                                          ListServiceQuotas                                         |
+------------+--------------------------------+---------------------------------------------+--------+
|  QuotaCode |           QuotaName            |                 ServiceName                 | Value  |
+------------+--------------------------------+---------------------------------------------+--------+
|  L-A4707A72|  Internet gateways per Region  |  Amazon Virtual Private Cloud (Amazon VPC)  |  10.0  |
|  L-F678F1CE|  VPCs per Region               |  Amazon Virtual Private Cloud (Amazon VPC)  |  10.0  |
+------------+--------------------------------+---------------------------------------------+--------+

以下示例使用 list-service-quota 命令。输出列出了与服务(在此示例中为 VPC)相关联的所有配额及其默认配额值。

# aws service-quotas list-aws-default-service-quotas --service-code vpc --region eu-west-1 --query "Quotas[*].{ServiceName:ServiceName,QuotaName:QuotaName,QuotaCode:QuotaCode,Value:Value}" --output table
-----------------------------------------------------------------------------------------------------------------------
|                                             ListAWSDefaultServiceQuotas                                             |
+------------+------------------------------------------------+---------------------------------------------+---------+
|  QuotaCode |                   QuotaName                    |                 ServiceName                 |  Value  |
+------------+------------------------------------------------+---------------------------------------------+---------+
|  L-7E9ECCDB|  Active VPC peering connections per VPC        |  Amazon Virtual Private Cloud (Amazon VPC)  |  50.0   |
|  L-45FE3B85|  Egress-only internet gateways per Region      |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
|  L-1B52E74A|  Gateway VPC endpoints per Region              |  Amazon Virtual Private Cloud (Amazon VPC)  |  20.0   |
|  L-83CA0A9D|  IPv4 CIDR blocks per VPC                      |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
|  L-085A6257|  IPv6 CIDR blocks per VPC                      |  Amazon Virtual Private Cloud (Amazon VPC)  |  1.0    |
|  L-0EA8095F|  Inbound or outbound rules per security group  |  Amazon Virtual Private Cloud (Amazon VPC)  |  60.0   |
|  L-29B6F2EB|  Interface VPC endpoints per VPC               |  Amazon Virtual Private Cloud (Amazon VPC)  |  50.0   |
|  L-A4707A72|  Internet gateways per Region                  |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
|  L-FE5A380F|  NAT gateways per Availability Zone            |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
|  L-B4A6D682|  Network ACLs per VPC                          |  Amazon Virtual Private Cloud (Amazon VPC)  |  200.0  |
|  L-DF5E4CA3|  Network interfaces per Region                 |  Amazon Virtual Private Cloud (Amazon VPC)  |  5000.0 |
|  L-DC9F7029|  Outstanding VPC peering connection requests   |  Amazon Virtual Private Cloud (Amazon VPC)  |  25.0   |
|  L-2C462E13|  Participant accounts per VPC                  |  Amazon Virtual Private Cloud (Amazon VPC)  |  100.0  |
|  L-589F43AA|  Route tables per VPC                          |  Amazon Virtual Private Cloud (Amazon VPC)  |  200.0  |
|  L-93826ACB|  Routes per route table                        |  Amazon Virtual Private Cloud (Amazon VPC)  |  50.0   |
|  L-2AEEBF1A|  Rules per network ACL                         |  Amazon Virtual Private Cloud (Amazon VPC)  |  20.0   |
|  L-2AFB9258|  Security groups per network interface         |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
|  L-407747CB|  Subnets per VPC                               |  Amazon Virtual Private Cloud (Amazon VPC)  |  200.0  |
|  L-44499CD2|  Subnets that can be shared with an account    |  Amazon Virtual Private Cloud (Amazon VPC)  |  100.0  |
|  L-8312C5BB|  VPC peering connection request expiry hours   |  Amazon Virtual Private Cloud (Amazon VPC)  |  168.0  |
|  L-E79EC296|  VPC security groups per Region                |  Amazon Virtual Private Cloud (Amazon VPC)  |  2500.0 |
|  L-F678F1CE|  VPCs per Region                               |  Amazon Virtual Private Cloud (Amazon VPC)  |  5.0    |
+------------+------------------------------------------------+---------------------------------------------+---------+

错误:“An error occurred (ResourceAlreadyExistsException) when calling the RequestServiceQuotaIncrease operation: Only one open service quota increase request is allowed per quota.”

每个配额仅允许提出一个提高服务配额的请求。如果前一个请求尚未完成即提交另一个请求,您会遇到 ResourceAlreadyExistsException 错误。

在提交另一个提高配额的请求之前请先验证前一个请求是否已完成。

错误:“An error occurred (NoSuchResourceException) when calling the ListAWSDefaultServiceQuotas operation: The request failed because the specified service does not exist.”

出现这一错误可能是由于以下原因:

  • 客户正在尝试访问未与 Service Quotas 集成的服务。
  • 服务代码区分大小写。例如,不能将服务代码值 ec2 输入为 EC2。以下示例显示 --service-code 值应正确显示为 ec2
# aws service-quotas get-service-quota --service-code ec2 --quota-code L-0263D0A3 --region eu-west-1