1# Azure Resource Limits and Quotas
2 
3Check Azure resource availability during azure-prepare workflow. Validate after customer selects region.
4 
5## Types
6 
71. **Hard Limits** - Fixed constraints that cannot be changed
82. **Quotas** - Subscription limits that can be increased via support request
9 
10**CLI First:** Always use `az quota` CLI for quota checks. Provides better error handling and consistent output. "No Limit" in REST/Portal doesn't mean unlimited - verify with service docs.
11 
12## Hard Limits
13 
14Fixed service constraints (cannot be changed).
15 
16**Check via**: `azure__documentation` tool or azure-provisioning-limit skill
17 
18**Examples**: Cosmos DB item size (2 MB), Container Apps HTTP timeout (240s), App Service Free tier deployment slots (0)
19 
20**Process**:
211. Identify services and resource sizes needed
222. Look up limits in documentation
233. Compare plan vs limits
244. If exceeded: redesign or change tier
25 
26## Quotas
27 
28Subscription/regional limits that can be increased via support request.
29 
30**Check via**: `az quota` CLI (install: `az extension add --name quota`)
31 
32**Examples**: AKS clusters (5,000/region), Storage accounts (250/region), Container Apps environments (50/region)
33 
34**Key Concept**: No 1:1 mapping between ARM resource types and quota names.
35- ARM: `Microsoft.App/managedEnvironments` → Quota: `ManagedEnvironmentCount`
36- ARM: `Microsoft.Compute/virtualMachines` → Quota: `standardDSv3Family`, `cores`, `virtualMachines`
37 
38**Process**:
391. Install extension: `az extension add --name quota`
402. Discover quota names: `az quota list --scope /subscriptions/{id}/providers/{Provider}/locations/{region}`
413. Check usage: `az quota usage show --resource-name {name} --scope ...`
424. Check limit: `az quota show --resource-name {name} --scope ...`
435. Calculate: Available = Limit - Current Usage
446. If exceeded: Request increase via `az quota update`
45 
46**Unsupported Providers** (BadRequest error):
47 
48Not all providers support quota API. If `az quota list` fails with BadRequest, use fallback:
49 
501. Get current usage:
51   ```bash
52   # Option A: Azure Resource Graph (recommended)
53   az extension add --name resource-graph
54   az graph query -q "resources | where type == '{type}' and location == '{loc}' | count"
55   
56   # Option B: Resource list
57   az resource list --subscription "{id}" --resource-type "{Type}" --location "{loc}" | jq 'length'
58   ```
592. Get limit from [service documentation](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits)
603. Calculate: Available = Documented Limit - Current Usage
61 
62**Known Support Status**:
63- ❌ Microsoft.DocumentDB (Cosmos DB)
64- ✅ Microsoft.Compute, Microsoft.Network, Microsoft.App, Microsoft.Storage, Microsoft.MachineLearningServices
65 
66## Workflow
67 
68**Phase 1: Identify & Check Hard Limits**
691. Analyze app requirements and select Azure services
702. Determine resource counts, sizes, tiers, throughput
713. Check hard limits via azure-provisioning-limit skill or documentation
724. Validate plan against limits; redesign if needed
73 
74**Phase 2: Check Quotas After Region Selection**
751. Get customer subscription and region preference
762. For each service/region, check quota:
77   - Use `az quota usage list` and `az quota show`
78   - Calculate available capacity
793. If quota exceeded: request increase or choose different region
80 
81**Phase 3: Validate Region**
82- Confirm sufficient quota in selected region
83- Request increases if needed
84- Only proceed after validation complete
85 
86## Limit Scopes
87 
88| Scope | Example |
89|-------|---------|
90| Subscription | 50 Cosmos DB accounts (any region) |
91| Regional | 250 storage accounts per region |
92| Resource | 500 apps per Container Apps environment |
93 
94## Service Patterns
95 
96| Service | Hard Limits (examples) | Quota Check | Notes |
97|---------|------------------------|-------------|-------|
98| **Cosmos DB** | Item: 2MB, Partition key: 2KB, Serverless storage: 50GB | ❌ Not supported. Use Resource Graph + [docs](https://learn.microsoft.com/en-us/azure/cosmos-db/concepts-limits). Default: 50 accounts/region | Query: `az graph query -q "resources \| where type == 'microsoft.documentdb/databaseaccounts' and location == 'eastus' \| count"` |
99| **AKS** | Pods/node (Azure CNI): 250, Node pools/cluster: 100 | ✅ `az quota` supported | Provider: Microsoft.ContainerService |
100| **Storage** | Block blob: 190.7 TiB, Page blob: 8 TiB | ✅ Quota: `StorageAccounts` (limit: 250/region) | Provider: Microsoft.Storage |
101| **Container Apps** | Revisions/app: 100, HTTP timeout: 240s | ✅ Quota: `ManagedEnvironmentCount` (limit: 50/region) | Provider: Microsoft.App |
102| **Functions** | Timeout (Consumption): 10 min, Queue msg: 64KB | ✅ Check function apps quota | Provider: Microsoft.Web |
103 
104## CLI Reference
105 
106**Prerequisites**: `az extension add --name quota`
107 
108**Discovery**: List quotas to find resource names
109```bash
110az quota list --scope /subscriptions/{id}/providers/{provider}/locations/{location}
111```
112 
113**Check Usage**:
114```bash
115az quota usage show --resource-name {quota-name} --scope /subscriptions/{id}/providers/{provider}/locations/{location}
116```
117 
118**Check Limit**:
119```bash
120az quota show --resource-name {quota-name} --scope /subscriptions/{id}/providers/{provider}/locations/{location}
121```
122 
123**Request Increase**:
124```bash
125az quota update --resource-name {quota-name} --scope /subscriptions/{id}/providers/{provider}/locations/{location} --limit-object value={new-limit} --resource-type {type}
126```
127 
128## azure-prepare Integration
129 
130**When to Check**:
1311. After selecting services - Check hard limits
1322. After customer selects region - Check quotas
1333. Before generating infrastructure code - Validate availability
134 
135**Required Steps**:
136 
137**Phase 1 - Planning**:
138- Select Azure services
139- Check hard limits (service documentation)
140- Create provisioning limit checklist (leave quota columns as "_TBD_")
141 
142**Phase 2 - Execution**:
143- Get subscription and region preference
144- **Must invoke azure-quotas skill** - Process ONE resource type at a time:
145  a. Try `az quota list` first (required)
146  b. If supported: Use `az quota usage show` and `az quota show`
147  c. If NOT supported (BadRequest): Use Resource Graph + service docs
148  d. Calculate available capacity
149  e. Document in checklist (no "_TBD_" entries allowed)
150  f. If insufficient: Request increase or change region
151 
152**Phase 3 - Generate Artifacts**:
153- Only proceed after Phase 2 complete (all quotas validated)
154 
155## Error Messages
156 
157| Error | Type | Action |
158|-------|------|--------|
159| "Quota exceeded" | Quota | Use azure-quotas to request increase |
160| "(BadRequest) Bad request" | Unsupported provider | Use [service limits docs](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits) |
161| "Limit exceeded" | Hard Limit | Redesign or change tier |
162| "Maximum size exceeded" | Hard Limit | Split data or use alternative storage |
163| "Too many requests" | Rate Limit | Implement retry logic or increase tier |
164| "Cannot exceed X" | Hard Limit | Stay within limit or use multiple resources |
165| "Subscription limit reached" | Quota | Request quota increase using azure-quotas skill |
166| "Regional capacity" | Quota | Choose different region or request increase |
167 
168## Best Practices
169 
1701. **MUST use Azure CLI quota API first**: `az quota` commands are MANDATORY as the primary method for checking quotas - only use fallback methods (REST API, Portal, docs) when quota API returns `BadRequest`
1712. **Don't trust "No Limit" values**: If REST API or Portal shows "No Limit" or unlimited, verify with official service documentation - it likely means the quota API doesn't support that resource type, not that capacity is unlimited
1723. **Always check after customer selects region**: Validates availability and allows time for quota requests
1734. **Use the discovery workflow**: Never assume quota resource names - always run `az quota list` first to discover correct names
1745. **Check both usage and limit**: Run `az quota usage show` AND `az quota show` to calculate available capacity
1756. **Handle unsupported providers gracefully**: If you get `BadRequest` error, fall back to official documentation (Azure Resource Graph + docs)
1767. **Request quota increases proactively**: If selected region lacks capacity, submit request before deployment
1778. **Have alternative regions ready**: If quota increase denied, suggest backup regions
1789. **Document capacity assumptions**: Note quota availability and source in `.azure/deployment-plan.md`
17910. **Design for limits**: Architecture should account for both hard limits and quotas
18011. **Monitor usage trends**: Regular quota checks help predict future needs
18112. **Use lower environments wisely**: Dev/test environments count against quotas
182 
183## Quick Reference Limits
184 
185For complete quota checking workflow and commands, invoke the **azure-quotas** skill.
186 
187> **Note:** These are typical default limits. Always verify actual quotas using `az quota show` for your specific subscription and region.
188 
189Common quotas to check:
190 
191### Subscription Level
192- Cosmos DB accounts: 50 per region (check via docs - quota API not supported)
193- SQL logical servers: 250 per region
194- Service Bus namespaces: 100-1,000 (tier dependent)
195 
196### Regional Level  
197- Storage accounts: 250 per region (quota resource name: `StorageAccounts`)
198- AKS clusters: 5,000 per region (quota resource name: varies by configuration)
199- Container Apps environments: 50 per region (quota resource name: `ManagedEnvironmentCount`)
200- Function apps: 200 per region (Consumption)
201 
202### Resource Level
203- Cosmos DB containers per account: Unlimited (subject to storage)
204- Apps per Container Apps environment: 500
205- Databases per SQL server: 500
206- Queues/topics per Service Bus namespace: 10,000
207 
208## Related Documentation
209 
210- **azure-quotas skill** - Complete quota checking workflow and CLI commands (invoke the **azure-quotas** skill)
211- [Azure subscription limits](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) - Official Microsoft documentation
212- [Azure Quotas Overview](https://learn.microsoft.com/en-us/azure/quotas/quotas-overview) - Understanding quotas and limits
213- [azure-context.md](azure-context.md) - How to confirm subscription and region
214- [architecture.md](architecture.md) - Architecture planning workflow
215 
216## Example: Complete Check Workflow
217 
218```bash
219# Scenario: Deploying app with Cosmos DB, Storage, and Container Apps
220# Customer selected region: East US
221 
222# 1. Check Hard Limits (from azure-provisioning-limit skill)
223# Cosmos DB: Item size max 2 MB ✓
224# Storage: Blob size max 190.7 TiB ✓
225# Container Apps: Timeout 240 sec ✓
226 
227# 2. Get Customer's Region Preference
228# Customer: "I prefer East US"
229 
230# 3. Check Quotas for Customer's Selected Region (East US)
231 
232# 3a. Cosmos DB - NOT SUPPORTED by quota API
233az quota list \
234  --scope /subscriptions/abc-123/providers/Microsoft.DocumentDB/locations/eastus
235# Error: (BadRequest) Bad request
236 
237# Fallback: Get current usage with Azure Resource Graph
238# Install extension first (if needed)
239az extension add --name resource-graph
240 
241az graph query -q "resources | where type == 'microsoft.documentdb/databaseaccounts' and location == 'eastus' | count"
242# Result: 3 database accounts currently deployed
243 
244# Or use Azure CLI resource list
245az resource list \
246  --subscription "abc-123" \
247  --resource-type "Microsoft.DocumentDB/databaseAccounts" \
248  --location "eastus" | jq 'length'
249# Result: 3
250 
251# Get limit from documentation: 50 database accounts per region
252# Calculate: Available = 50 - 3 = 47 ✓
253# Document as: "Fetched from: Azure Resource Graph + Official docs"
254 
255# 3b. Storage Accounts
256# Step 1: Discover resource name
257az quota list \
258  --scope /subscriptions/abc-123/providers/Microsoft.Storage/locations/eastus
259 
260# Step 2: Check usage (use discovered name "StorageAccounts")
261az quota usage show \
262  --resource-name StorageAccounts \
263  --scope /subscriptions/abc-123/providers/Microsoft.Storage/locations/eastus
264# Current: 180
265 
266# Step 3: Check limit
267az quota show \
268  --resource-name StorageAccounts \
269  --scope /subscriptions/abc-123/providers/Microsoft.Storage/locations/eastus
270# Limit: 250
271# Available: 250 - 180 = 70 ✓
272 
273# 3c. Container Apps
274# Step 1: Discover resource name
275az quota list \
276  --scope /subscriptions/abc-123/providers/Microsoft.App/locations/eastus
277# Shows: "ManagedEnvironmentCount"
278 
279# Step 2: Check usage
280az quota usage show \
281  --resource-name ManagedEnvironmentCount \
282  --scope /subscriptions/abc-123/providers/Microsoft.App/locations/eastus
283# Current: 8
284 
285# Step 3: Check limit
286az quota show \
287  --resource-name ManagedEnvironmentCount \
288  --scope /subscriptions/abc-123/providers/Microsoft.App/locations/eastus
289# Limit: 50
290# Available: 50 - 8 = 42 ✓
291 
292# 4. Validate Availability
293# ✅ All services have sufficient quota in East US
294# ✅ Proceed with deployment
295 
296# Alternative: If quotas were insufficient
297# ❌ Container Apps: 49/50 (only 1 available, need 3)
298# Action: Request quota increase
299# 
300# az quota update \
301#   --resource-name ManagedEnvironmentCount \
302#   --scope /subscriptions/abc-123/providers/Microsoft.App/locations/eastus \
303#   --limit-object value=100 \
304#   --resource-type Microsoft.App/managedEnvironments
305```
306 
307---
308 
309> **Remember**: Checking limits and quotas early prevents deployment failures and ensures smooth infrastructure provisioning.
310