Quotas - Amazon CloudFront

Quotas

CloudFront is subject to the following quotas.

General quotas

Entity Default quota

Data transfer rate per distribution

150 Gbps

Request a higher quota

Requests per second per distribution

250,000

Request a higher quota

Tags that can be added to a distribution

50

Files that you can serve per distribution

No quota

Maximum length of a request, including headers and query strings, but not including the body content

20,480 bytes

Maximum length of a URL

8,192 bytes

General quotas on distributions

Entity Default quota

Alternate domain names (CNAMEs) per distribution

For more information, see Using custom URLs by adding alternate domain names (CNAMEs).

100

Request a higher quota

Cache behaviors per distribution

25

Request a higher quota

Connection attempts per origin

For more information, see Connection attempts.

1-3

Connection timeout per origin

For more information, see Connection timeout.

1-10 seconds

Distributions per AWS account

For more information, see Creating a distribution.

200

Request a higher quota

Distributions per origin access control

100

Request a higher quota

File compression: range of file sizes that CloudFront compresses

For more information, see Serving compressed files.

1,000 to 10,000,000 bytes

Keep-alive timeout per origin

For more information, see Keep-alive timeout (custom origins only).

1-60 seconds

Request a higher quota

Maximum cacheable file size per HTTP GET response.

Only the responses for an HTTP GET are cached. Responses for POST or PUT are not cached.

50 GB

Origin access controls per AWS account

100

Origin access identities per AWS account

100

Request a higher quota

Origins per distribution

25

Request a higher quota

Origin groups per distribution

10

Request a higher quota

Response timeout per origin

For more information, see Response timeout (custom origins only).

1-60 seconds

Request a higher quota

Staging distributions per AWS account

For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes.

20

Request a higher quota

General quotas on policies

Entity Default quota

Cache policies per AWS account

20

Distributions associated with the same cache policy

100

Query strings per cache policy

10

Request a higher quota

Headers per cache policy

10

Request a higher quota

Cookies per cache policy

10

Request a higher quota

Total combined length of all query string, header, and cookie names in a cache policy

1024

Origin request policies per AWS account

20

Distributions associated with the same origin request policy

100

Query strings per origin request policy

10

Request a higher quota

Headers per origin request policy

10

Request a higher quota

Cookies per origin request policy

10

Request a higher quota

Total combined length of all query string, header, and cookie names in an origin request policy

1024

Response headers policies per AWS account

20

Request a higher quota

Distributions associated with the same response headers policy

100

Request a higher quota

Custom headers per response headers policy

10

Request a higher quota

Continuous deployment policies per AWS account

20

Request a higher quota

Quotas on CloudFront Functions

Entity

Default quota

Functions per AWS account

100

Maximum function size

10 KB

Request a higher quota

Maximum function memory

2 MB

Distributions associated with the same function

100

In addition to these quotas, there are some other restrictions when using CloudFront Functions. For more information, see Restrictions on CloudFront Functions.

Quotas on key value stores

Entity

Default quota

Maximum size of a key in a key-value pair 512 Bytes
Maximum size of the value in a key-value pair 1 KB
Maximum key values pairs that you can update in a single API request 50 keys or 3 MB payload, whichever is reached first
Maximum size of an individual key value store 5 MB
Maximum number of functions that a single key value store can be associated with 10
Maximum number of key value stores per function 1
Maximum number of key value stores per account 50

Request a higher quota

Quotas on Lambda@Edge

The quotas in this section apply to Lambda@Edge. These quotas are in addition to the default AWS Lambda quotas, which also apply. For the Lambda quotas, see Quotas in the AWS Lambda Developer Guide.

Note

Lambda dynamically scales capacity in response to increased traffic, within your AWS account's quotas. For more information, see Function scaling in the AWS Lambda Developer Guide.

General quotas

Entity

Default quota

Distributions per AWS account that can have Lambda@Edge functions

500

Request a higher quota

Lambda@Edge functions per distribution

100

Request a higher quota

Requests per second

10,000 (in each AWS Region)

Request a higher quota

Concurrent executions

For more information, see Function scaling in the AWS Lambda Developer Guide.

1,000 (in each AWS Region)

Request a higher quota

Distributions associated with the same function

500

Quotas that differ by event type

Entity

Viewer request and viewer response events

Origin request and origin response events

Function memory size

128 MB

Same as Lambda quotas

Function timeout. The function can make network calls to resources such as Amazon S3 buckets, DynamoDB tables, or Amazon EC2 instances in AWS Regions.

5 seconds

30 seconds

Size of a response that is generated by a Lambda function, including headers and body

40 KB

1 MB

Maximum compressed size of a Lambda function and any included libraries

1 MB

50 MB

In addition to these quotas, there are some other restrictions when using Lambda@Edge functions. For more information, see Restrictions on Lambda@Edge.

Quotas on SSL certificates

Entity Default quota

SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI)

For more information, see Using HTTPS with CloudFront.

2

Request a higher quota

SSL certificates that can be associated with a CloudFront distribution

1

Quotas on invalidations

Entity Default quota

File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations

For more information, see Invalidating files.

3,000

File invalidation: maximum number of active wildcard invalidations allowed

15

File invalidation: maximum number of files that one wildcard invalidation can process

No quota

Quotas on key groups

Entity Default quota

Public keys in a single key group

5

Request a higher quota

Key groups associated with a single cache behavior

4

Request a higher quota

Key groups per AWS account

10

Request a higher quota

Distributions associated with a single key group

100

Request a higher quota

Quotas on WebSocket connections

Entity Default quota

Origin response timeout (idle timeout)

10 minutes

If CloudFront hasn't detected any bytes sent from the origin to the client within the past 10 minutes, the connection is assumed to be idle and is closed.

Quotas on field-level encryption

Entity Default quota

Maximum length of a field to encrypt

For more information, see Using field-level encryption to help protect sensitive data.

16 KB

Maximum number of fields in a request body when field-level encryption is configured

10

Maximum length of a request body when field-level encryption is configured

1 MB

Maximum number of field-level encryption configurations that can be associated with one AWS account

10

Maximum number of field-level encryption profiles that can be associated with one AWS account

10

Maximum number of public keys that can be added to one AWS account

10

Maximum number of fields to encrypt that can be specified in one profile

10

Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration

20

Maximum number of query argument profile mappings that can be included in a field-level encryption configuration

5

Quotas on cookies (legacy cache settings)

These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.

Entity Default quota

Cookies per cache behavior

For more information, see Caching content based on cookies.

10

Request a higher quota

Total number of bytes in cookie names (doesn't apply if you configure CloudFront to forward all cookies to the origin)

512 minus the number of cookies

Quotas on query strings (legacy cache settings)

These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.

Entity Default quota

Maximum number of characters in a query string

128 characters

Maximum number of characters total for all query strings in the same parameter

512 characters

Query strings per cache behavior

For more information, see Caching content based on query string parameters.

10

Request a higher quota

Quotas on headers

Entity Default quota

Headers per cache behavior (legacy cache settings)

For more information, see Caching content based on request headers.

10

Request a higher quota

Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests

For more information, see Adding custom headers to origin requests.

10

Request a higher quota

Custom headers: maximum number of custom headers that you can add to a response headers policy

10

Request a higher quota

Custom headers: maximum length of a header name

256 characters

Custom headers: maximum length of a header value

1,783 characters

Custom headers: maximum length of all header values and names combined

10,240 characters

Maximum length of the value of the Content-Security-Policy header

1,783 characters

Request a higher quota