×
Community Blog Introducing Alibaba Cloud Quota Center and Permissions on API Operations

Introducing Alibaba Cloud Quota Center and Permissions on API Operations

This article briefly introduced how to use Quota Center and explains how to increase your quota by using Quota Center.

Alibaba Cloud Quota Center is a service that centrally manages quotas for cloud products. With Quota Center, you can check the maximum limit for various cloud products in your account and request an increase in quota based on your business needs.

The first part of this article provides information on the services supported by Quota Center and explains how to submit a quota increase application. The second part introduces the recent announcement regarding the permissions on specific API operations in Quota Center.

1. Quota-manageable Products in Quota Center

Quota Center manages quotas in three categories: general quotas, API rate limits, and privileges.

1-1. General Quotas

General quotas are allocated for the general use of cloud resources, such as the maximum number of security groups that can be created in each region. For new accounts, there may be restrictions on the quota items and limits that can be applied for. However, as the account is used regularly, these restrictions are gradually lifted. The following table lists the supported services.

1

1-2. API Rate Limits

The API rate limit is the quota for the frequency of API calls, such as the maximum number of times the CreateECS operation can be called per second. The unit of application is Query per Second (QPS). The default QPS is determined based on your account usage. If you require high-frequency API operations due to business growth, you can request an increase in the available QPS. The following table lists the supported services.

2

1-3. Privileges

This quota is for features not open to all accounts or provided through a whitelist (such as the usage whitelist for HAVIP).

The following table lists the supported services.

3

2. How to Increase Your Quota

The following will explain how to increase your quota by using Quota Center. We will increase the maximum number of VPCs that can be created in the Japan (Tokyo) region.

2-1. Create a new VPC in the Japan (Tokyo) region.

4

2-2. It fails because the maximum number of VPCs that can be created was exceeded.

5

2-3. Open Quote Center Console.

6

2-4. Choose General Quotas > Virtual Private Cloud.

7

2-5. Click Apply to the right of vpc_quota_instances_num_ap-northeast-1.

8

2-6. Enter the quota that you want and the reason, and then click OK.

9

2-7. The page refreshes and the quota has been increased.

10

2-8. Try creating a VPC again. This time, it will be successful.

11

3. Permissions for Specific API Operations

In Quote Center, an announcement on permission update for specific API operations was posted.

After checking the contents, the following API operations (6 related to quota templates and 3 related to product quotas) were involved.

· ListProductQuotaDimensions - queries the quota dimensions of a product

· ListProductDimensionGroups - queries the dimension groups of a cloud service

· GetProductQuotaDimension - queries the details of a quota dimension of a product

· DeleteTemplateQuotaItem - deletes a quota template

· ModifyQuotaTemplateServiceStatus - changes the status of a quota template

· GetQuotaTemplateServiceStatus - queries the state of a quota template

· CreateTemplateQuotaItem - creates a quota template

· ModifyTemplateQuotaItem - modifies a quota template

· ListQuotaApplicationTemplates - queries a list of quota templates

The following are listed as precautions:

  1. If you have already attached the system permissions policy (such as AliyunQuotasFullAccess) to a RAM user in Quota Center, you will not be affected by the update.
  2. If you have attached a custom system permissions policy to a RAM user in Quota Center, you need to add the mentioned API operations to the system permissions policy. Otherwise, when you call these API operations or visit the General Quotas, API Rate Limits, or Privileges page in the Quota Center console after six months, you will receive a prompt stating that you are not authorized to perform these operations.

I didn’t understand the meaning of these precautions, so I contacted Alibaba Cloud Support. They informed me that until now, no permission was required to call the nine API operations mentioned. For example, even a RAM user without the DeleteTemplateQuotaItem permission could delete a quota template.

This update changes the specification, and if you don't explicitly grant the necessary API operation permissions to the RAM user, they won't be able to use the nine affected API operations. This is what is meant by API permissions.

4. Summary

This article briefly introduced how to use Quota Center. There was some confusion regarding the announcement about the permissions for specific API operations, and Alibaba Cloud Support helped clarify it. If you need to use Quota Center or increase your quota, please refer to this article.

This article is a translated piece of work from SoftBank: https://www.softbank.jp/biz/blog/cloud-technology/articles/202307/quota/

Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

0 1 0
Share on

H Ohara

12 posts | 0 followers

You may also like

Comments

H Ohara

12 posts | 0 followers

Related Products