Menu
Amazon Virtual Private Cloud
User Guide

Amazon VPC Limits

The following tables list the limits for Amazon VPC resources per region for your AWS account. Unless indicated otherwise, you can request an increase for these limits by using the Amazon VPC Limits form. If you want to increase a limit that applies per resource, we increase the limit for all resources in the region; for example, the limit for security groups per VPC applies to all VPCs in the region.

VPC and Subnets

ResourceDefault limitComments

VPCs per region

5

If you need to increase this limit, submit a request. The limit for Internet gateways per region is directly correlated to this one. Increasing this limit will increase the limit on Internet gateways per region by the same amount.

Subnets per VPC

200

If you need to increase this limit, submit a request.

Elastic IP Addresses

ResourceDefault limitComments

Elastic IP addresses per region

5

This is the limit for the number of VPC Elastic IP addresses you can allocate within a region. This is a separate limit from the Amazon EC2 Elastic IP address limit. If you need to increase this limit, submit a request.

Flow Logs

ResourceDefault limitComments

Flow logs per single network interface, single subnet, or single VPC in a region

2You can effectively have 6 flow logs per network interface if you create 2 flow logs for the subnet, and 2 flow logs for the VPC in which your network interface resides. This limit cannot be increased.

Gateways

ResourceDefault limitComments

Customer gateways per region

50

If you need to increase this limit, contact AWS Support.

Internet gateways per region

5

This limit is directly correlated with the limit on VPCs per region. You cannot increase this limit individually; the only way to increase this limit is to increase the limit on VPCs per region. Only one Internet gateway can be attached to a VPC at a time.

NAT gateways per Availability Zone5If you need to increase this limit, submit a request. A NAT gateway in the pending, active, or deleting state counts against your limit.

Virtual private gateways per region

5

If you need to increase this limit, contact AWS Support; however, only one virtual private gateway can be attached to a VPC at a time.

Network ACLs

ResourceDefault limitComments

Network ACLs per VPC

200

You can associate one network ACL to one or more subnets in a VPC. This limit is not the same as the number of rules per network ACL.

Rules per network ACL

20

This is the one-way limit for a single network ACL, where the limit for ingress rules is 20, and the limit for egress rules is 20. This limit can be increased upon request up to a maximum of 40; however, network performance may be impacted due to the increased workload to process the additional rules.

Network Interfaces

ResourceDefault limitComments

Network interfaces per instance

-

This limit varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance Type.

Network interfaces per region

350

This limit is the greater of either the default limit (350) or your On-Demand instance limit multiplied by 5. The default limit for On-Demand instances is 20. If your On-Demand instance limit is below 70, the default limit of 350 applies. You can increase the number of network interfaces per region by contacting AWS Support, or by increasing your On-Demand instance limit.

Route Tables

ResourceDefault limitComments

Route tables per VPC

200

Including the main route table. You can associate one route table to one or more subnets in a VPC. If you need to increase this limit, submit a request.

Routes per route table (non-propagated routes)

50

This is the limit for the number of non-propagated entries per route table. You can submit a request for an increase of up to a maximum of 100; however, network performance may be impacted.

BGP advertised routes per route table (propagated routes)

100

You can have up to 100 propagated routes per route table. This limit cannot be increased. If you require more than 100 prefixes, advertise a default route.

Security Groups

ResourceDefault limitComments

Security groups per VPC (per region)

500

If you need to increase this limit, you can submit a request.

Inbound or outbound rules per security group

50

You can have 50 inbound and 50 outbound rules per security group (giving a total of 100 combined inbound and outbound rules). If you need to increase or decrease this limit, you can contact AWS Support — a limit change applies to both inbound and outbound rules. However, the multiple of the limit for inbound or outbound rules per security group and the limit for security groups per network interface cannot exceed 250. For example, if you want to increase the limit to 100, we decrease your number of security groups per network interface to 2.

Security groups per network interface

5

If you need to increase or decrease this limit, you can contact AWS Support. The maximum is 16. The multiple of the limit for security groups per network interface and the limit for rules per security group cannot exceed 250. For example, if you want 10 security groups per network interface, we decrease your number of rules per security group to 25.

VPC Peering Connections

ResourceDefault limitComments

Active VPC peering connections per VPC

50

If you need to increase this limit, contact AWS Support . The maximum limit is 125 peering connections per VPC. The number of entries per route table should be increased accordingly; however, network performance may be impacted.

Outstanding VPC peering connection requests

25

This is the limit for the number of outstanding VPC peering connection requests that you've requested from your account. If you need to increase this limit, contact AWS Support.

Expiry time for an unaccepted VPC peering connection request

1 week (168 hours)

If you need to increase this limit, contact AWS Support.

VPC Endpoints

ResourceDefault limitComments

VPC endpoints per region

20

If you need to increase this limit, contact AWS Support. The maximum limit is 255 endpoints per VPC, regardless of your endpoint limit per region.

VPN Connections

ResourceDefault limitComments

VPN connections per region

50

If you need to increase this limit, submit a request.

VPN connections per VPC (per virtual private gateway)

10

If you need to increase this limit, submit a request.