Service limit (quota) recommender

The service limit recommender analyzes usage of service quotas by projects in your organization and provides recommendations that help you identify resources that may be getting close to their quota limits.

Overview

Quota limits are in place to help you manage resources and protect you from unforeseen spikes in usage, but they can be complicated to track and manage. Service limit recommender analyzes your quota utilization and provides you with the following features to help you catch potential bottlenecks before they become an issue:

Recommendations to review quotas with high utilization
Usage insights for each quota with high utilization

Proactively monitoring and taking action on quota recommendations can help reduce the risk of running out of quota. In addition to recommendations that are updated once per day, you can set up quota usage alerts using Cloud Monitoring for any quotas that may require real-time monitoring.

How it works

The service limit recommender analyzes usage over rate, allocation, and concurrent quotas over the last 30 days. If at any point during those 30 days your utilization has hit 80% of your current limit, a recommendation will be generated.

Pricing

Please refer to recommender pricing.

Before you begin

Before you can view the insights and recommendations, you must do the following:

You must enable the Recommender API. You only need to enable the API on a single project. You can then use this same project to examine recommendations and insights for other projects by using the --billing-project functionality of gcloud/API.
Make sure that you have one of these required roles assigned:

Description	Roles
View recommendations	`recommender.serviceLimitViewer`
View and update recommendations	`recommender.serviceLimitAdmin`

These roles provide a set of permissions that enable you to access the insights and recommendations. For more information about roles, refer to understanding roles and granting IAM permissions.

You may also opt out of all service limit insights and recommendations in Transparency and Control Center. In order to change opt-out settings you must have the dataprocessing.admin IAM role. For more information about opting out, refer to opting out of insights and recommendations.

Recommender ID

Here are the service limit (quota) recommender ID and insight type:

google.resourcemanager.serviceLimit.Recommender
google.resourcemanager.serviceLimit.Insight

Required IAM permissions

To access the list of service limit recommendations and insights, the following permissions are required:

recommender.resourcemanagerServiceLimitRecommendations.get
recommender.resourcemanagerServiceLimitRecommendations.list
recommender.resourcemanagerServiceLimitInsights.get
recommender.resourcemanagerServiceLimitInsights.list

To update recommendations and insights (for example, to dismiss a recommendation), the following permissions are required:

recommender.resourcemanagerServiceLimitRecommendations.update
recommender.resourcemanagerServiceLimitInsights.update

Viewing service limit (quota) recommendations

Insights and recommendations can be accessed through the Cloud Console, gcloud, or the Recommender API for all customers.

Exporting recommendations via BigQuery is also available for customers with a Standard, Enhanced, or Premium support package.

Console

Go to the Recommendation Hub. See also Getting started with Recommendation Hub.

Go to the Recommendation Hub
In the Review and manage quota utilization card, click View all.

Note: You must have the have the correct IAM permissions (listed above) in order to see recommendations. If you have the correct permissions and the page does not show any recommendations then the project does not have any quota utilization meeting the criteria for a recommendation.

gcloud

To view recommendations and insights using gcloud, follow the steps below. For more information, see Using the API - Insights and Using the API - Recommendations.

Recommendations

To list recommendations for the project where you've enabled the Recommender API, run the following command:
```
  gcloud recommender recommendations list \
  --project=PROJECT_ID \
  --location=LOCATION \
  --recommender=google.resourcemanager.serviceLimit.Recommender
```
Replace the following:
- PROJECT_ID: The project ID.
- LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.
Note: If the command does not return any recommendations then the project does not have any quota utilization meeting the criteria for a recommendation.
To list recommendations in a different project while using a project where you've enabled the Recommender API (as in the previous step), run the following command:
```
  gcloud recommender recommendations list \
  --billing-project=BILLING_PROJECT_ID \
  --project=PROJECT_ID \
  --location=LOCATION \
  --recommender=google.resourcemanager.serviceLimit.Recommender
```
Replace the following:
- BILLING_PROJECT_ID: The ID of the project that you've enabled with the Recommender API (this would be the same PROJECT_ID as given in the previous step).
- PROJECT_ID: The ID of a different project for which you'd like to view the recommendations.
- LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.

Insights

A similar set of commands may be used to list insights. Simply make two modifications to each of the above commands:

Instead of running gcloud recommender recommendations list run gcloud recommender insights list.
Instead of passing --recommender=google.resourcemanager.serviceLimit.Recommender pass --insight-type=google.resourcemanager.serviceLimit.Insight

For example, to list insights for a given project run the following command:

    gcloud recommender insights list 

    --project=PROJECT_ID 

    --location=LOCATION 

    --insight-type=google.resourcemanager.serviceLimit.Insight

Replace the following:

PROJECT_ID: The project ID.
LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.

API

To view recommendations and insights, you can use curl to send a request to the recommender APIs. To authorize requests from the command line, you use OAuth access tokens. An OAuth access token is a string that grants temporary access to an API.

Recommendations

To list recommendations for the project where you've enabled the Recommender API, run the following command:
```
curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/\
recommenders/google.resourcemanager.serviceLimit.Recommender/recommendations"
```
Replace the following:
- PROJECT_ID: The project ID.
- LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.
Note: If the API call does not return any recommendations then the project does not have any quota utilization meeting the criteria for a recommendation.
To list recommendations in a different project while using a project where you've enabled the Recommender API (as in the previous step), run the following command:
```
curl \
-H "Authorization: Bearer $(gcloud auth print-access-token)"  \
-H "x-goog-user-project: BILLING_PROJECT_ID" \
"https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/\
recommenders/google.resourcemanager.serviceLimit.Recommender/recommendations"
```
Replace the following:
- BILLING_PROJECT_ID: The ID of the project that you've enabled with the Recommender API (this would be the same PROJECT_ID as given in the previous step).
- PROJECT_ID: The ID of a different project for which you'd like to view the recommendations.
- LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.

Insights

A similar set of commands may be used to list insights. Simply replace recommenders/google.resourcemanager.serviceLimit.Recommender/recommendations with insightTypes/google.resourcemanager.serviceLimit.Insight/insights in the url.

For example, to list insights for a given project run the following command:

  curl 

 -H "Authorization: Bearer $(gcloud auth print-access-token)" 

 "https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/

 insightTypes/google.resourcemanager.serviceLimit.Insight/insights"

Replace the following:

PROJECT_ID: The project ID.
LOCATION: The Cloud region or zone. If a quota type is not defined on a regional or zonal basis then it will fall under the "global" location.

BigQuery export

Recommendations and insights can also be exported in bulk to a BigQuery table. For details please refer to the BigQuery export documentation.