AWS Service Quotas and Resource Constraints

This guide covers the essential knowledge required for managing AWS service limits and understanding physical resource constraints, specifically tailored for the AWS Certified Solutions Architect – Professional (SAP-C02) exam.

Learning Objectives

By the end of this module, you should be able to:

• Differentiate between Soft Limits (adjustable) and Hard Limits (non-adjustable).
• Identify the role of AWS Trusted Advisor and the Service Quotas console in monitoring usage.
• Explain the impact of Environmental Constraints on architecture design.
• Formulate a remediation strategy when approaching or hitting a hard limit.

Key Terms & Glossary

• Service Quotas: Default, pre-defined values for resources per AWS account (usually per Region) designed to prevent over-provisioning and abuse.
• Soft Limit: An adjustable quota that can be increased via a support request or the Service Quotas console.
• Hard Limit: A fixed quota that cannot be increased under any circumstances.
• Environmental Constraint: Physical limitations of the underlying AWS infrastructure, such as hardware throughput or physical disk capacity.
• Bursting: A temporary ability to exceed a baseline quota for a short duration, though not applicable to all services.

The "Big Idea"

AWS is a multi-tenant environment. Service quotas act as "safety rails" that protect both the customer (from runaway costs due to accidental over-provisioning) and AWS (from resource exhaustion due to abusive patterns). For a Solutions Architect Professional, managing these limits is not just administrative—it is a critical component of Reliability and Performance Excellence. If you don't design for these limits, your application will fail to scale regardless of how well the code is written.

Formula / Concept Box

Hierarchical Outline

• I. Resource Constraints Categories
  • A. Service Quotas (Logical limits)
    • 1. Soft Limits (Adjustable via API/Console)
    • 1. Hard Limits (Non-adjustable; requires architectural redesign)
  • B. Environmental Constraints (Physical limits)
    • 1. Network bandwidth (e.g., DX/VPN throughput)
    • 1. Physical storage limits
• II. Monitoring & Governance
  • A. Service Quotas Console/API (Primary management tool)
  • B. AWS Trusted Advisor (Automated monitoring/alerting)
  • C. AWS Organizations (Centralized reporting across accounts)
• III. Remediation Strategies
  • A. Soft Limit Hit: Request increase
  • B. Hard Limit Hit: Re-design (e.g., sharding, multi-account strategy)

Visual Anchors

Quota Management Workflow

Resource Constraint Classification

Definition-Example Pairs

• Soft Limit → A limit you can change.
  • Example: The default limit of 5 VPCs per Region in an account. This can be increased to dozens if needed.
• Hard Limit → A limit you cannot change.
  • Example: The number of IPv6 CIDR blocks per VPC is fixed at 1 and cannot be adjusted.
• Environmental Constraint → Limits dictated by physics or hardware.
  • Example: The maximum throughput of a single AWS Direct Connect connection (e.g., 10 Gbps) is limited by the physical port speed.

Worked Examples

Scenario: The VPC CIDR Expansion

Problem: A company is migrating a large monolithic application to a microservices architecture. They currently have 5 CIDR blocks associated with their VPC and need to add a 6th to accommodate new subnets.

Step-by-step Breakdown:

1. Identify the Limit Type: Check documentation. The IPv4 CIDR blocks per VPC is a Soft Limit.
2. Monitor Current State: Use aws support describe-trusted-advisor-checks to verify if current usage is at 100%.
3. Request Increase: Navigate to the Service Quotas Console, select "Amazon Virtual Private Cloud (Amazon VPC)", find "IPv4 CIDR blocks per VPC", and click "Request quota increase".
4. Verification: Once the status changes to "Applied", the architecture can proceed without a redesign.

Checkpoint Questions

1. What tool provides a central dashboard for checking service limits across several pillars of the Well-Architected Framework?
2. If a limit is categorized as a "Hard Limit," what is the only way to overcome it?
3. At what percentage of usage does AWS Trusted Advisor typically trigger a "Yellow" alert for service limits?
4. Are service quotas typically applied at the Global, Regional, or Availability Zone level?

▶Click to see answers

1. AWS Trusted Advisor.
2. Redesigning the architecture (e.g., moving to a multi-account or multi-region model).
3. 80%.
4. Regional level (unless specified otherwise).

Muddy Points & Cross-Refs

• The Multi-Account Strategy: Often, if you hit a hard limit in one account, the solution is "account sharding." This is why AWS Organizations is a prerequisite for high-scale designs (See Chapter 3: Multi-Account Design).
• Propagation Delay: Be aware that quota increases are not always instantaneous. It can take up to 24 hours for Trusted Advisor to reflect the change.
• Support Plan Impact: If you do not have a paid support plan (Business or Enterprise), your access to the Trusted Advisor Support API may be restricted.

Comparison Tables

Soft Limits vs. Hard Limits

Service Quotas vs. Environmental Constraints