AWS IoT Core endpoints and quotas - AWS General Reference
Service endpointsService quotas

AWS IoT Core endpoints and quotas

To connect programmatically to an AWS service, you use an endpoint. AWS services offer the following endpoint types in some or all of the AWS Regions that the service supports: IPv4 endpoints, dual-stack endpoints, and FIPS endpoints. Some services provide global endpoints. For more information, see AWS service endpoints.

Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

The following are the service endpoints and service quotas for this service.

Service endpoints

The following sections describe the service endpoints for AWS IoT Core.

Note

You can use these endpoints to perform the operations in the AWS IoT API Reference. The endpoints in the following sections are different from the device endpoints, which provide devices an MQTT publish/subscribe interface and a subset of the API operations. For more information about the data, credential access, and job management endpoints used by devices, see AWS IoT device endpoints.

For information about connecting to and using the AWS IoT endpoints, see Connecting devices to AWS IoT in the AWS IoT Developer Guide.

AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations. For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS IoT operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

iot.us-east-2.amazonaws.com

iot-fips.us-east-2.api.aws

iot-fips.us-east-2.amazonaws.com

iot.us-east-2.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
US East (N. Virginia) us-east-1

iot.us-east-1.amazonaws.com

iot-fips.us-east-1.api.aws

iot-fips.us-east-1.amazonaws.com

iot.us-east-1.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
US West (N. California) us-west-1

iot.us-west-1.amazonaws.com

iot-fips.us-west-1.api.aws

iot-fips.us-west-1.amazonaws.com

iot.us-west-1.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
US West (Oregon) us-west-2

iot.us-west-2.amazonaws.com

iot-fips.us-west-2.api.aws

iot-fips.us-west-2.amazonaws.com

iot.us-west-2.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
Asia Pacific (Hong Kong) ap-east-1

iot.ap-east-1.amazonaws.com

iot.ap-east-1.api.aws

HTTPS

HTTPS
Asia Pacific (Malaysia) ap-southeast-5

iot.ap-southeast-5.amazonaws.com

iot.ap-southeast-5.api.aws

HTTPS

HTTPS
Asia Pacific (Mumbai) ap-south-1

iot.ap-south-1.amazonaws.com

iot.ap-south-1.api.aws

HTTPS

HTTPS
Asia Pacific (Seoul) ap-northeast-2

iot.ap-northeast-2.amazonaws.com

iot.ap-northeast-2.api.aws

HTTPS

HTTPS
Asia Pacific (Singapore) ap-southeast-1

iot.ap-southeast-1.amazonaws.com

iot.ap-southeast-1.api.aws

HTTPS

HTTPS
Asia Pacific (Sydney) ap-southeast-2

iot.ap-southeast-2.amazonaws.com

iot.ap-southeast-2.api.aws

HTTPS

HTTPS
Asia Pacific (Tokyo) ap-northeast-1

iot.ap-northeast-1.amazonaws.com

iot.ap-northeast-1.api.aws

HTTPS

HTTPS
Canada (Central) ca-central-1

iot.ca-central-1.amazonaws.com

iot-fips.ca-central-1.api.aws

iot-fips.ca-central-1.amazonaws.com

iot.ca-central-1.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
Europe (Frankfurt) eu-central-1

iot.eu-central-1.amazonaws.com

iot.eu-central-1.api.aws

HTTPS

HTTPS
Europe (Ireland) eu-west-1

iot.eu-west-1.amazonaws.com

iot.eu-west-1.api.aws

HTTPS

HTTPS
Europe (London) eu-west-2

iot.eu-west-2.amazonaws.com

iot.eu-west-2.api.aws

HTTPS

HTTPS
Europe (Paris) eu-west-3

iot.eu-west-3.amazonaws.com

iot.eu-west-3.api.aws

HTTPS

HTTPS
Europe (Spain) eu-south-2

iot.eu-south-2.amazonaws.com

iot.eu-south-2.api.aws

HTTPS

HTTPS
Europe (Stockholm) eu-north-1

iot.eu-north-1.amazonaws.com

iot.eu-north-1.api.aws

HTTPS

HTTPS
Middle East (Bahrain) me-south-1

iot.me-south-1.amazonaws.com

iot.me-south-1.api.aws

HTTPS

HTTPS
Middle East (UAE) me-central-1

iot.me-central-1.amazonaws.com

iot.me-central-1.api.aws

HTTPS

HTTPS
South America (São Paulo) sa-east-1

iot.sa-east-1.amazonaws.com

iot.sa-east-1.api.aws

HTTPS

HTTPS
AWS GovCloud (US-East) us-gov-east-1

iot.us-gov-east-1.amazonaws.com

iot-fips.us-gov-east-1.api.aws

iot-fips.us-gov-east-1.amazonaws.com

iot.us-gov-east-1.api.aws

HTTPS

HTTPS

HTTPS

HTTPS
AWS GovCloud (US-West) us-gov-west-1

iot.us-gov-west-1.amazonaws.com

iot-fips.us-gov-west-1.api.aws

iot-fips.us-gov-west-1.amazonaws.com

iot.us-gov-west-1.api.aws

HTTPS

HTTPS

HTTPS

HTTPS

AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Data-ATS

This command returns your data plane API endpoint in the following format:

account-specific-prefix-ats.iot.aws-region.amazonaws.com

For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT data plane operations in the AWS IoT API Reference.

The following table contains generic representations of the AWS account-specific endpoints for each AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from your account-specific endpoint replaces data shown in the generic endpoint representation.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

data-ats.iot.us-east-2.amazonaws.com

data.iot-fips.us-east-2.amazonaws.com

HTTPS

HTTPS
US East (N. Virginia) us-east-1

data-ats.iot.us-east-1.amazonaws.com

data.iot-fips.us-east-1.amazonaws.com

HTTPS

HTTPS
US West (N. California) us-west-1

data-ats.iot.us-west-1.amazonaws.com

data.iot-fips.us-west-1.amazonaws.com

HTTPS

HTTPS
US West (Oregon) us-west-2

data-ats.iot.us-west-2.amazonaws.com

data.iot-fips.us-west-2.amazonaws.com

HTTPS

HTTPS
Asia Pacific (Hong Kong) ap-east-1 data-ats.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Malaysia) ap-southeast-5 data-ats.iot.ap-southeast-5.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 data-ats.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 data-ats.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 data-ats.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 data-ats.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 data-ats.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

data-ats.iot.ca-central-1.amazonaws.com

data.iot-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS
Europe (Frankfurt) eu-central-1 data-ats.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 data-ats.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 data-ats.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 data-ats.iot.eu-west-3.amazonaws.com HTTPS
Europe (Spain) eu-south-2 data-ats.iot.eu-south-2.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 data-ats.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 data-ats.iot.me-south-1.amazonaws.com HTTPS
Middle East (UAE) me-central-1 data-ats.iot.me-central-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 data-ats.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

data-ats.iot.us-gov-east-1.amazonaws.com

data.iot-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS
AWS GovCloud (US-West) us-gov-west-1

data-ats.iot.us-gov-west-1.amazonaws.com

data.iot-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

AWS IoT Core - credential provider endpoints

Note

If you are an existing user of AWS IoT Core credential provider and your endpoint was previously created, the endpoint likely only supports IPv4 address by default. For dual-stack support (to support both IPv4 and IPv6 connectivity) for your credential provider endpoint, contact AWS Support.

New credential provider endpoints support both IPv4 and IPv6 (dual-stack) by default.

To find out whether your endpoint currently supports IPv6, you can run the following command:

  • For Linuxdig +short AAAA account-specific-prefix.credentials.iot.aws-region.amazonaws.com

  • For Windowsnslookup -type=AAAA account-specific-prefix.credentials.iot.aws-region.amazonaws.com

If this command returns no results, your endpoint does not currently support IPv6.

The AWS IoT Core credential provider endpoints are specific to each AWS account and AWS Region. To find the credential provider endpoint for your AWS account and AWS Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:CredentialProvider

This command returns your credential provider API endpoint in the following format:

account-specific-prefix.credentials.iot.aws-region.amazonaws.com

The following table contains generic representations of the AWS account-specific endpoints for each AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from your account-specific endpoint replaces prefix shown in the generic endpoint representation.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

prefix.credentials.iot.us-east-2.amazonaws.com

data.credentials.iot-fips.us-east-2.amazonaws.com

 HTTPS
US East (N. Virginia) us-east-1

prefix.credentials.iot.us-east-1.amazonaws.com

data.credentials.iot-fips.us-east-1.amazonaws.com

 HTTPS
US West (N. California) us-west-1

prefix.credentials.iot.us-west-1.amazonaws.com

data.credentials.iot-fips.us-west-1.amazonaws.com

 HTTPS
US West (Oregon) us-west-2

prefix.credentials.iot.us-west-2.amazonaws.com

data.credentials.iot-fips.us-west-2.amazonaws.com

 HTTPS
Asia Pacific (Hong Kong) ap-east-1 prefix.credentials.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Malaysia) ap-southeast-5 prefix.credentials.iot.ap-southeast-5.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 prefix.credentials.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 prefix.credentials.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 prefix.credentials.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 prefix.credentials.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 prefix.credentials.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

prefix.credentials.iot.ca-central-1.amazonaws.com

data.credentials.iot-fips.ca-central-1.amazonaws.com

 HTTPS
Europe (Frankfurt) eu-central-1 prefix.credentials.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 prefix.credentials.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 prefix.credentials.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 prefix.credentials.iot.eu-west-3.amazonaws.com HTTPS
Europe (Spain) eu-south-2 prefix.credentials.iot.eu-south-2.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 prefix.credentials.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 prefix.credentials.iot.me-south-1.amazonaws.com HTTPS
Middle East (UAE) me-central-1 prefix.credentials.iot.me-central-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 prefix.credentials.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

prefix.credentials.iot.us-gov-east-1.amazonaws.com

data.credentials.iot-fips.us-gov-east-1.amazonaws.com

 HTTPS
AWS GovCloud (US-West) us-gov-west-1

prefix.credentials.iot.us-gov-west-1.amazonaws.com

data.credentials.iot-fips.us-gov-west-1.amazonaws.com

 HTTPS

AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2. Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see Connecting to AWS IoT FIPS endpoints.

Service quotas

Note

For the limits and quotas for the AWS IoT Core device location feature, see AWS IoT Core device location Service quotas.

AWS IoT Core thing resource limits and quotas

AWS IoT Core thing limits and quotas

Limit display name

Description

Default value

Adjustable

Maximum number of propagating attributes

The maximum number of propagating attributes you can add. When creating or updating a thing type, you can add propagating attributes to the published MQTT 5 messages. A propagating attribute is a key-value pair that describes aspects of an IoT resource.

20

No

Maximum number of thing attributes for a thing with a thing type

Maximum number of thing attributes for a thing with a thing type. Thing types are optional and make it easier to discover things. Things with a thing type can have up to 50 attributes.

50

Yes

Maximum number of thing attributes for a thing without a thing type

Maximum number of thing attributes for a thing without a thing type. Things without a thing type can have up to three attributes.

3

No

Maximum thing name size

Maximum size of a thing name, which is 128 bytes of UTF-8 encoded characters.

128 Bytes

No

Number of thing types that can be associated with a thing

Number of thing types that can be associated with a thing, which can be zero or one. Thing types are optional and their use makes it easier to discover things.

1

No

Size of thing attributes per thing

The size of thing attributes per thing, which is 47 kilobytes. Thing attributes are optional name-value pairs that store information about the thing, which makes their use easier to discover things.

47 Kilobytes

Yes
Note
Thing types

The number of thing types that can be defined in an AWS account is not limited.Thing types allow you to store description and configuration information that is common to all things associated with the same thing type.

AWS IoT Core thing group resource limits and quotas

AWS IoT Core thing group limits and quotas

Limit display name

Description

Default value

Adjustable

Maximum depth of a thing group hierarchy

The maximum depth of a hierarchy of thing groups. When you build a hierarchy of groups, the policy attached to the parent group is inherited by its child group, and by all the things in the group and its child groups. This makes it easier to manage permissions for large number of things.

7

No

Maximum number of attributes associated with a thing group

Maximum number of attributes associated with a thing group. Attributes are name-value pairs you can use to store information about a group. You can add, delete, or update the attributes of a group.

50

No

Maximum number of direct child groups

The maximum number of direct child groups that a thing group can have in a thing group hierarchy.

100

No

Maximum number of dynamic groups

Maximum number of dynamic groups.

100

No

Maximum number of thing groups a thing can belong to

A thing can be added to a maximum of 10 thing groups. But you cannot add a thing to more than one group in the same hierarchy. This means that a thing cannot be added to two groups that share a common parent.

10

No

Maximum size of a thing group attribute name, in chars

Maximum size of a thing group attribute name, in chars.

128

No

Maximum size of a thing group attribute value, in chars

Maximum size of a thing group attribute value, in chars.

800

No

Maximum thing group name size

Maximum thing group name size.

128 Bytes

No
Note
Thing group assignment

The maximum number of things that can be assigned to a thing group is not limited.

AWS IoT Core bulk thing registration limits and quotas

AWS IoT Core bulk thing registration

Limit display name

Description

Default value

Adjustable

Allowed registration tasks

For any given AWS account, only one bulk registration task can run at a time.

1

No

Data retention policy

After the bulk registration task (which can be long lived) is complete, data related to bulk thing registration is permanently deleted after 30 days.

2592000 Seconds

No

Maximum line length

Each line in an Amazon S3 input JSON file can't exceed 256K in length.

256000

No

Registration task termination

Any pending or incomplete bulk registration tasks are terminated after 30 days.

2592000 Seconds

No

For more information about the JSON file used for bulk registration, see Amazon S3 input JSON file.

AWS IoT Core billing group restrictions

  • A thing can belong to exactly one billing group.

  • Unlike thing groups, billing groups cannot be organized into hierarchies.

  • For its usage to be registered for tagging or billing purposes, a device must:

    • Be registered as a thing in AWS IoT Core.

    • Communicate with AWS IoT Core using MQTT only.

    • Authenticate with AWS IoT Core using only its thing name as the client ID.

    • Use an X.509 certificate or Amazon Cognito Identity to authenticate.

    For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning. You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a thing.

  • The maximum number of billing groups per AWS account is 20,000.

AWS IoT Core rules engine limits and quotas

This section describes the limits and quotas of the AWS IoT Core rules engine.

AWS IoT Core rules engine

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

Maximum number of actions per rule

The maximum number of entries in the rule's actions property.

10

10

No

Maximum number of rules per AWS account

The maximum number of rules that can be defined in a single AWS account.

1000

1000

Yes

Rule evaluations per second per AWS account

The maximum number of rules that can be evaluated per second per AWS account. This quota includes rule evaluations that result from inbound Basic Ingest messages.

20000

2000

Yes

Rule payload size

The maximum size of a rule payload. A rule payload includes the rule SQL, action definitions, error action definitions, rule SQL version, and description encoded in JSON using UTF-8 character encoding. Creation or modification of a rule will be rejected if the rule payload exceeds the maximum size.

128 Kilobytes

128 Kilobytes

No

*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia), Asia Pacific (Malaysia), Europe (Spain)

AWS IoT Core rules engine HTTP actions limits and quotas

AWS IoT Core HTTP action

Limit display name

Description

Default value

Adjustable

HTTP Action: Maximum length of an endpoint URL

Maximum length of an endpoint URL for topic rule HTTP Action.

2 Kilobytes

No

HTTP Action: Maximum number of headers per action

Maximum number of headers per HTTP action. When specifying the list of headers to include in the HTTP request, it must contain a header key and a header value. To learn more, see https://docs.aws.amazon.com/iot/latest/developerguide/https-rule-action.html.

100

No

HTTP Action: Maximum size of a header key

Maximum size of a header key for topic rule HTTP action. The header file for a HTTP request includes this header key and a header value.

256 Bytes

No

HTTP Action: Maximum topic rule destinations per AWS account

Maximum number of topic rule destinations per AWS account for topic rule HTTPS action. You must confirm and enable HTTPS endpoints before the rules engine can use them. For more information, see https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html.

1000

No

HTTP Action: Request timeout

Request timeout for topic rule HTTP action. The AWS IoT rules engine retries the HTTPS action until the total time to complete a request exceeds the timeout quota.

3000 Milliseconds

No
Resource Value Adjustable
TCP ports used for HTTP actions 443, 8443 No

AWS IoT Core rules engine Apache Kafka actions limits and quotas

Resource Limits
Bootstrap server ports 9000-9100
Kerberos key distribution center (KDC) 88

AWS IoT Core rules engine VPC actions limits and quotas

Resource Quota
Maximum number of VPC destinations 5 per account per Region

AWS IoT Core API throttling limits

This table describes the maximum number of transactions per second (TPS) that can be made to each of these AWS IoT Core API actions.

Limit display name Description Default value Default value in select AWS Regions* Adjustable
AcceptCertificateTransfer API TPS The maximum number of transactions per second (TPS) that can be made for the AcceptCertificateTransfer API. 10 10 Yes
AddThingToBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the AddThingToBillingGroup API. 60 60 Yes
AddThingToThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the AddThingToThingGroup API. 100 60 Yes
AttachPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the AttachPolicy API. 15 15 Yes
AttachPrincipalPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the AttachPrincipalPolicy API. 15 15 Yes
AttachThingPrincipal API TPS The maximum number of transactions per second (TPS) that can be made for the AttachThingPrincipal API. 100 50 Yes
CancelCertificateTransfer API TPS The maximum number of transactions per second (TPS) that can be made for the CancelCertificateTransfer API. 10 10 Yes
ClearDefaultAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the ClearDefaultAuthorizer API. 10 10 Yes
CreateAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the CreateAuthorizer API. 10 10 No
CreateBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the CreateBillingGroup API. 25 25 Yes
CreateCertificateFromCsr API TPS The maximum number of transactions per second (TPS) that can be made for the CreateCertificateFromCsr API. 15 15 Yes
CreateCertificateProvider API TPS The maximum number of transactions per second (TPS) that can be made for the CreateCertificateProvider API. 1 1 No
CreateDomainConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the CreateDomainConfiguration API. 1 1 No
CreateDynamicThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the CreateDynamicThingGroup API. 5 5 Yes
CreateKeysAndCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the CreateKeysAndCertificate API. 10 10 Yes
CreatePolicy API TPS The maximum number of transactions per second (TPS) that can be made for the CreatePolicy API. 10 10 Yes
CreatePolicyVersion API TPS The maximum number of transactions per second (TPS) that can be made for the CreatePolicyVersion API. 10 10 Yes
CreateProvisioningClaim API TPS The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningClaim API. 10 10 Yes
CreateProvisioningTemplate API TPS The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplate API. 10 10 No
CreateProvisioningTemplateVersion API TPS The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplateVersion API. 10 10 No
CreateRoleAlias API TPS The maximum number of transactions per second (TPS) that can be made for the CreateRoleAlias API. 10 10 No
CreateThing API TPS The maximum number of transactions per second (TPS) that can be made for the CreateThing API. 100 50 Yes
CreateThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the CreateThingGroup API. 25 25 Yes
CreateThingType API TPS The maximum number of transactions per second (TPS) that can be made for the CreateThingType API. 15 15 Yes
CreateTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the CreateTopicRule API. 5 5 No
CreateTopicRuleDestination API TPS The maximum number of transactions per second (TPS) that can be made for the CreateTopicRuleDestination API. 5 5 No
DeleteAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteAuthorizer API. 10 10 No
DeleteBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteBillingGroup API. 15 15 Yes
DeleteCACertificate API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteCACertificate API. 10 10 Yes
DeleteCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteCertificate API. 10 10 Yes
DeleteCertificateProvider API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteCertificateProvider API. 1 1 No
DeleteDomainConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteDomainConfiguration API. 10 10 No
DeleteDynamicThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteDynamicThingGroup API. 5 5 Yes
DeletePolicy API TPS The maximum number of transactions per second (TPS) that can be made for the DeletePolicy API. 10 10 Yes
DeletePolicyVersion API TPS The maximum number of transactions per second (TPS) that can be made for the DeletePolicyVersion API. 10 10 Yes
DeleteProvisioningTemplate API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplate API. 10 10 Yes
DeleteProvisioningTemplateVersion API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplateVersion API. 10 10 No
DeleteRegistrationCode API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteRegistrationCode API. 10 10 Yes
DeleteRoleAlias API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteRoleAlias API. 10 10 No
DeleteThing API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteThing API. 100 50 Yes
DeleteThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteThingGroup API. 15 15 Yes
DeleteThingType API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteThingType API. 15 15 Yes
DeleteTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRule API. 20 5 No
DeleteTopicRuleDestination API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRuleDestination API. 5 5 No
DeleteV2LoggingLevel API TPS The maximum number of transactions per second (TPS) that can be made for the DeleteV2LoggingLevel API. 2 2 No
DeprecateThingType API TPS The maximum number of transactions per second (TPS) that can be made for the DeprecateThingType API. 15 15 Yes
DescribeAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeAuthorizer API. 10 10 Yes
DescribeBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeBillingGroup API. 100 100 Yes
DescribeCACertificate API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeCACertificate API. 10 10 Yes
DescribeCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeCertificate API. 10 10 Yes
DescribeCertificateProvider API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeCertificateProvider API. 10 10 No
DescribeDefaultAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeDefaultAuthorizer API. 10 10 Yes
DescribeDomainConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeDomainConfiguration API. 10 10 Yes
DescribeEncryptionConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeEncryptionConfiguration API. 10 10 No
DescribeEndpoint API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeEndpoint API. 10 10 No
DescribeEventConfigurations API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeEventConfigurations API. 10 10 Yes
DescribeProvisioningTemplate API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplate API. 10 10 Yes
DescribeProvisioningTemplateVersion API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplateVersion API. 10 10 Yes
DescribeRoleAlias API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeRoleAlias API. 10 10 Yes
DescribeThing API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeThing API. 350 350 Yes
DescribeThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeThingGroup API. 100 100 Yes
DescribeThingRegistrationTask API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeThingRegistrationTask API. 10 10 Yes
DescribeThingType API TPS The maximum number of transactions per second (TPS) that can be made for the DescribeThingType API. 100 50 Yes
DetachPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the DetachPolicy API. 15 15 Yes
DetachPrincipalPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the DetachPrincipalPolicy API. 15 15 Yes
DetachThingPrincipal API TPS The maximum number of transactions per second (TPS) that can be made for the DetachThingPrincipal API. 100 50 Yes
DisableTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the DisableTopicRule API. 5 5 No
EnableTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the EnableTopicRule API. 5 5 No
GetEffectivePolicies API TPS The maximum number of transactions per second (TPS) that can be made for the GetEffectivePolicies API. 5 5 No
GetLoggingOptions API TPS The maximum number of transactions per second (TPS) that can be made for the GetLoggingOptions API. 2 2 No
GetPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the GetPolicy API. 10 10 Yes
GetPolicyVersion API TPS The maximum number of transactions per second (TPS) that can be made for the GetPolicyVersion API. 15 15 Yes
GetRegistrationCode API TPS The maximum number of transactions per second (TPS) that can be made for the GetRegistrationCode API. 10 10 Yes
GetRetainedMessage API TPS The maximum number of transactions per second that can be made for the GetRetainedMessage API. 500 50 Yes
GetTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the GetTopicRule API. 200 20 No
GetTopicRuleDestination API TPS The maximum number of transactions per second (TPS) that can be made for the GetTopicRuleDestination API. 50 5 No
GetV2LoggingOptions API TPS The maximum number of transactions per second (TPS) that can be made for the GetV2LoggingOptions API. 2 2 No
ListAttachedPolicies API TPS The maximum number of transactions per second (TPS) that can be made for the ListAttachedPolicies API. 15 15 Yes
ListAuthorizers API TPS The maximum number of transactions per second (TPS) that can be made for the ListAuthorizers API. 10 10 Yes
ListBillingGroups API TPS The maximum number of transactions per second (TPS) that can be made for the ListBillingGroups API. 10 10 Yes
ListCACertificates API TPS The maximum number of transactions per second (TPS) that can be made for the ListCACertificates API. 10 10 Yes
ListCertificateProviders API TPS The maximum number of transactions per second (TPS) that can be made for the ListCertificateProviders API. 10 10 No
ListCertificates API TPS The maximum number of transactions per second (TPS) that can be made for the ListCertificates API. 10 10 Yes
ListCertificatesByCA API TPS The maximum number of transactions per second (TPS) that can be made for the ListCertificatesByCA API. 10 10 Yes
ListDomainConfigurations API TPS The maximum number of transactions per second (TPS) that can be made for the ListDomainConfigurations API. 10 10 Yes
ListOutgoingCertificates API TPS The maximum number of transactions per second (TPS) that can be made for the ListOutgoingCertificates API. 10 10 Yes
ListPolicies API TPS The maximum number of transactions per second (TPS) that can be made for the ListPolicies API. 10 10 Yes
ListPolicyPrincipals API TPS The maximum number of transactions per second (TPS) that can be made for the ListPolicyPrincipals API. 10 10 Yes
ListPolicyVersions API TPS The maximum number of transactions per second (TPS) that can be made for the ListPolicyVersions API. 10 10 Yes
ListPrincipalPolicies API TPS The maximum number of transactions per second (TPS) that can be made for the ListPrincipalPolicies API. 15 15 Yes
ListPrincipalThings API TPS The maximum number of transactions per second (TPS) that can be made for the ListPrincipalThings API. 10 10 Yes
ListPrincipalThingsV2 API TPS The maximum number of transactions per second (TPS) that can be made for the ListPrincipalThingsV2 API. 10 10 Yes
ListProvisioningTemplateVersions API TPS The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplateVersions API. 10 10 Yes
ListProvisioningTemplates API TPS The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplates API. 10 10 Yes
ListRetainedMessages API TPS The maximum number of transactions per second that can be made for the ListRetainedMessages API. 10 10 Yes
ListRoleAliases API TPS The maximum number of transactions per second (TPS) that can be made for the ListRoleAliases API. 10 10 Yes
ListTagsForResource API TPS The maximum number of transactions per second (TPS) that can be made for the ListTagsForResource API. 10 10 Yes
ListTargetsForPolicy API TPS The maximum number of transactions per second (TPS) that can be made for the ListTargetsForPolicy API. 10 10 Yes
ListThingGroups API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingGroups API. 10 10 Yes
ListThingGroupsForThing API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingGroupsForThing API. 100 50 Yes
ListThingPrincipals API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingPrincipals API. 20 20 Yes
ListThingPrincipalsV2 API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingPrincipalsV2 API. 20 20 Yes
ListThingRegistrationTaskReports API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingRegistrationTaskReports API. 10 10 Yes
ListThingRegistrationTasks API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingRegistrationTasks API. 10 10 Yes
ListThingTypes API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingTypes API. 10 10 Yes
ListThings API TPS The maximum number of transactions per second (TPS) that can be made for the ListThings API. 10 10 Yes
ListThingsInBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingsInBillingGroup API. 25 25 Yes
ListThingsInThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the ListThingsInThingGroup API. 25 25 Yes
ListTopicRuleDestinations API TPS The maximum number of transactions per second (TPS) that can be made for the ListTopicRuleDestinations API. 1 1 No
ListTopicRules API TPS The maximum number of transactions per second (TPS) that can be made for the ListTopicRules API. 1 1 No
ListV2LoggingLevels API TPS The maximum number of transactions per second (TPS) that can be made for the ListV2LoggingLevels API. 2 2 No
Maximum number of resource-specific logging configurations per AWS account The maximum number of resource-specific logging configurations that can be defined in a single AWS account. 1000 1000 No
RegisterCACertificate API TPS The maximum number of transactions per second (TPS) that can be made for the RegisterCACertificate API. 10 10 Yes
RegisterCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the RegisterCertificate API. 10 10 Yes
RegisterCertificateWithoutCA API TPS The maximum number of transactions per second (TPS) that can be made for the RegisterCertificateWithoutCA API. 10 10 Yes
RegisterThing API TPS The maximum number of transactions per second (TPS) that can be made for the RegisterThing API. 10 10 Yes
RejectCertificateTransfer API TPS The maximum number of transactions per second (TPS) that can be made for the RejectCertificateTransfer API. 10 10 Yes
RemoveThingFromBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the RemoveThingFromBillingGroup API. 30 30 Yes
RemoveThingFromThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the RemoveThingFromThingGroup API. 100 50 Yes
ReplaceTopicRule API TPS The maximum number of transactions per second (TPS) that can be made for the ReplaceTopicRule API. 5 5 No
SetDefaultAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the SetDefaultAuthorizer API. 10 10 Yes
SetDefaultPolicyVersion API TPS The maximum number of transactions per second (TPS) that can be made for the SetDefaultPolicyVersion API. 10 10 Yes
SetLoggingOptions API TPS The maximum number of transactions per second (TPS) that can be made for the SetLoggingOptions API. 2 2 No
SetV2LoggingLevel API TPS The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingLevel API. 2 2 No
SetV2LoggingOptions API TPS The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingOptions API. 2 2 No
StartThingRegistrationTask API TPS The maximum number of transactions per second (TPS) that can be made for the StartThingRegistrationTask API. 10 10 Yes
StopThingRegistrationTask API TPS The maximum number of transactions per second (TPS) that can be made for the StopThingRegistrationTask API. 10 10 Yes
TagResource API TPS The maximum number of transactions per second (TPS) that can be made for the TagResource API. 10 10 Yes
TestAuthorization API TPS The maximum number of transactions per second (TPS) that can be made for the TestAuthorization API. 10 10 No
TestInvokeAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the TestInvokeAuthorizer API. 10 10 No
TransferCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the TransferCertificate API. 10 10 Yes
UntagResource API TPS The maximum number of transactions per second (TPS) that can be made for the UntagResource API. 10 10 Yes
UpdateAuthorizer API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateAuthorizer API. 10 10 Yes
UpdateBillingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateBillingGroup API. 15 15 Yes
UpdateCACertificate API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateCACertificate API. 10 10 Yes
UpdateCertificate API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateCertificate API. 10 10 Yes
UpdateCertificateMode API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateMode API. 10 10 Yes
UpdateCertificateProvider API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateProvider API. 1 1 No
UpdateDomainConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateDomainConfiguration API. 10 10 Yes
UpdateDynamicThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateDynamicThingGroup API. 5 5 Yes
UpdateEncryptionConfiguration API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateEncryptionConfiguration API. 1 1 No
UpdateEventConfigurations API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateEventConfigurations API. 10 10 Yes
UpdateProvisioningTemplate API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateProvisioningTemplate API. 10 10 Yes
UpdateRoleAlias API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateRoleAlias API. 10 10 Yes
UpdateThing API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateThing API. 100 50 Yes
UpdateThingGroup API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateThingGroup API. 15 15 Yes
UpdateThingGroupsForThing API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateThingGroupsForThing API. 10 10 Yes
UpdateThingType API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateThingType API. 15 15 Yes
UpdateTopicRuleDestination API TPS The maximum number of transactions per second (TPS) that can be made for the UpdateTopicRuleDestination API. 5 5 No

AWS IoT Core Device Shadow service limits and quotas

AWS IoT Core Device Shadow actions

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

Device Shadow API requests/second per account

Number of device shadow API requests per second per account. This value is adjustable and subject to per-account quotas, depending on the region.

4000

400

Yes

Maximum depth of JSON device state documents

The maximum number of levels in the desired or reported section of the JSON device state document is 8.

8

8

No

Maximum number of in-flight, unacknowledged messages per thing

The Device Shadow service supports up to 10 in-flight unacknowledged messages per thing on a single connection. When this quota is reached, all new shadow requests are rejected with a 429 error code until the number of in-flight requests drop below the limit.

10

10

No

Maximum shadow name size

Maximum size of a thing shadow name, which is 64 bytes of UTF-8 encoded characters.

64 Bytes

64 Bytes

No

Maximum size of a JSON state document

Each individual shadow document must be 8KB or less in size. Metadata doesn't contribute to the document size for service quotas or pricing.

8 Kilobytes

8 Kilobytes

Yes

Maximum thing name size

Maximum size of a thing name, which is 128 bytes of UTF-8 encoded characters.

128 Bytes

128 Bytes

No

Requests per second per thing

The Device Shadow service supports up to 20 requests per second per shadow. This limit applies to both HTTP and MQTT API calls for GetThingShadow, UpdateThingShadow, DeleteThingShadow, and ListNamedShadowsForThing (classic shadows only).

20

20

Yes

*Select AWS Regions: Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), South America (São Paulo), Canada (Central), Middle East (Bahrain), Middle East (UAE), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West) Asia Pacific (Malaysia), Europe (Spain)

The levels in the desired and reported sections of the Device Shadow's JSON state document are counted as shown here for the desired object.

"desired": {
    "one": {
        "two": {
            "three": {
                "four": {
                    "five":{
                    }
                 }
             }
        }
    }
}
Note

AWS IoT Core deletes a Device Shadow document after the creating account is deleted or upon customer request. For operational purposes, AWS IoT service backups are retained for 6 months.

AWS IoT Core Fleet Provisioning limits and quotas

Following are throttling limits for some fleet provisioning APIs per AWS account.

AWS IoT Core fleet provisioning limits and quotas

Limit display name

Description

Default value

Adjustable

Fleet Provisioning CreateCertificateFromCsr MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateCertificateFromCsr MQTT API.

20

Yes

Fleet Provisioning CreateKeysAndCertificate MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateKeysAndCertificate MQTT API.

10

Yes

Fleet Provisioning RegisterThing MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning RegisterThing MQTT API.

10

Yes

Fleet provisioning also has these limits, which can't be changed.

Resource Description Limit
Versions per fleet provisioning template The maximum number of versions that a fleet provisioning template can have. Each template version has a version ID and a creation date for devices that connect to AWS IoT using fleet previsioning. 5
Fleet provisioning templates per customer The maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT. 256
Fleet provisioning template size The maximum size of a fleet provisioning template in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT. 10 Kilobytes

AWS IoT Core message broker and protocol limits and quotas

Note

The limits listed below are per AWS Regions.

Limit display name Description Default value Default value in select AWS Regions* Adjustable
Client ID size Size of the client ID, which is 128 bytes of UTF-8 encoded characters. 128 Bytes 128 Bytes No
Connect requests per second per account The maximum number of MQTT CONNECT requests per second per account. 3000 100 Yes
Connect requests per second per client ID AWS IoT Core restricts MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second. 1 1 No
Connection inactivity (keep-alive interval) The default keep-alive interval is used when a client requests a keep-alive interval of zero or > 1200 seconds. If a client requests a keep-alive interval < 30 seconds but more than zero, the server treats the client as though it requested a keep-alive interval of 30 seconds. In VPC endpoints, MQTT keep alive periods can not exceed 230 seconds. 1200 Seconds 1200 Seconds No
Inbound publish requests per second per account Inbound publish requests counts all messages that IoT Core processes before routing them to the clients or rules engine. Ex: A single message published on reserved topic can result in publishing 3 additional messages for shadow update, documents and delta, hence counted as 4 requests; whereas on an unreserved topic like a/b is counted as 1 request. 20000 2000 Yes
MQTT payload size The payload for every publish request can be no larger than 128 KB. AWS IoT Core rejects publish and connect requests larger than this size. 128 Kilobytes 128 Kilobytes No
Maximum MQTT5 Content Type size The maximum size for MQTT5 Content Type (UTF-8 string). 256 Bytes 256 Bytes No
Maximum MQTT5 Correlation Data size The maximum size for MQTT5 Correlation Data. 8 Kilobytes 8 Kilobytes No
Maximum MQTT5 Topic Alias value The maximum value of MQTT 5 Topic Alias topics that a client can specify per connection allowed. If the client attempts to publish with Topic Alias topics greater than the maximum value, the client will be disconnected. 8 8 Yes
Maximum MQTT5 packet size The maximum MQTT5 packet size (variable header and payload) 146 Kilobytes 146 Kilobytes No
Maximum Message Expiry Interval The maximum MQTT5 lifetime of a message in seconds. 604800 Seconds 604800 Seconds No
Maximum User Properties total size The maximum total size per packet in kilobytes for MQTT5 User Property keys and values. 8 Kilobytes 8 Kilobytes No
Maximum concurrent client connections per account The maximum number of concurrent connections allowed per account. 500000 100000 Yes
Maximum inbound unacknowledged QoS 1 publish requests AWS IoT Core restricts the number of unacknowledged inbound publish requests per MQTT client. When this quota is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server. 100 100 No
Maximum number of retained messages per account The number of stored retained messages per account.When this limit is reached, no new retained messages are stored for this account and all retained publishes with payloads greater than 0 bytes are throttled. 500000 100000 Yes
Maximum number of slashes in topic and topic filter A topic in a publish or subscribe request can have no more than 7 forward slashes (/). This excludes the first 3 slashes in the mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/). 7 7 No
Maximum outbound unacknowledged QoS 1 publish requests AWS IoT Core restricts the number of unacknowledged outbound publish requests per client. When this quota is reached, no new publish requests are sent to the client until the client acknowledges the publish requests. 100 100 No
Maximum retry interval for delivering QoS 1 messages AWS IoT Core retries delivery of unacknowledged quality of service 1 (QoS 1) publish requests to a connected client for up to one hour for MQTT 3 subscribers and sixteen minutes for MQTT 5 subscribers, after which it drops the publish requests. 960 Seconds 960 Seconds No
Maximum subscriptions per subscribe request A single SUBSCRIBE request has a quota of 8 subscriptions. 8 8 No
Minimum MQTT5 maximum packet size To connect to AWS IoT Core, clients can specify a maximum packet size that it supports. Clients cannot set this value to less than 512 bytes. Clients that specify values less than 512 bytes will not be allowed to connect. 512 Bytes 512 Bytes No
Outbound publish requests per second per account Outbound publish requests count for every message that resulted in matching a client's subscription. For example, 2 clients are subscribed to topic filter a/b. An inbound publish request on topic a/b results in a total of 2 outbound publish requests. For topics with a large number of subscribers, message delivery is subject to increased latency. 20000 2000 Yes
Persistent session expiry period The duration for which the message broker stores MQTT persistent sessions, their queued messages, and messages in shared subscription group queues. When a session disconnects, the expiry timer starts. After expiry, the broker terminates the session and discards all queued messages. 3600 Seconds 3600 Seconds Yes
Publish requests per second per connection AWS IoT Core restricts each client connection to a maximum number of inbound and outbound publish requests per second. This limit includes messages sent to offline persistent session. Publish requests that exceed that quota are discarded. 100 100 No
Queued messages per second per account The maximum number of messages that AWS IoT Core can queue per second for an account. This limit applies when AWS IoT Core stores messages sent to offline persistent sessions or shared subscription groups. 500 500 Yes
Queued Messages per shared subscription group Maximum approximate number of queued messages for each shared subscription group. 500000 100000 Yes
Retained message inbound publish requests per second per account The maximum rate that AWS IoT Core can accept inbound publish requests of MQTT messages with the RETAIN flag set.This rate includes all inbound publish requests whether invoked by the HTTP or MQTT protocol. 500 50 Yes
Retained message inbound publish requests per second per topic MQTT/HTTP publish requests with RETAIN flag set made to the same topic per second. 1 1 No
Shared Subscription groups per account The maximum number of shared subscription groups per account. 100 100 No
Shared Subscriptions per group The maximum number of subscriptions in a shared subscription group. 100 100 No
Subscribe and unsubscribe requests per second per group The maximum number of subscribe and unsubscribe requests that AWS IoT Core can accept per second in a shared subscription group. 100 100 No
Subscriptions per account AWS IoT Core restricts an account to a maximum number of subscriptions across all active connections. 500000 100000 Yes
Subscriptions per connection AWS IoT Core restricts the number of subscriptions per connection. AWS IoT Core rejects subscription requests on the same connection in excess of this amount. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed. 50 50 Yes
Subscriptions per second per account AWS IoT Core restricts an account to a maximum number of subscriptions per second. For example, if there are 2 MQTT SUBSCRIBE requests sent within a second, each with 3 subscriptions (topic filters), AWS IoT Core counts those as 6 subscriptions. 3000 200 Yes
Throughput per second per connection Data received or sent over a client connection is processed at a maximum throughput rate. Data that exceeds the maximum throughput is delayed in processing. 512 Kilobytes 512 Kilobytes No
Topic size The topic passed to AWS IoT Core when sending a publish request can be no larger than 256 bytes of UTF-8 encoded characters. This excludes the first 3 mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/). 256 Bytes 256 Bytes No
WebSocket connection duration The WebSocket connection lifetime is 24 hours. If the lifetime is exceeded, The WebSocket connection will be closed. 86400 Seconds 86400 Seconds No

*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia), Asia Pacific (Malaysia), Europe (Spain)

AWS IoT Core credential provider limits and quotas

AWS IoT Core credential limits and quotas

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

AssumeRoleWithCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the AssumeRoleWithCertificate API.

50

100

Yes

Maximum number of AWS IoT Core role aliases

Maximum number of AWS IoT Core role aliases registered in your AWS account. AWS IoT role alias allows connected devices to authenticate to AWS IoT using X.509 certificates and obtain short-lived AWS credentials from an IAM role that is associated with the role alias.

100

100

No

*Select AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Ireland) Asia Pacific (Malaysia), Europe (Spain)

Note

Large Region limits apply to AWS Regions: US East (N. Virginia), US West (Oregon), and Europe (Ireland)

AWS IoT Core security and identity limits and quotas

AWS IoT Core security and identity limits and quotas

Limit display name

Description

Default value

Adjustable

Configurable endpoints: maximum number of domain configurations per account

Configurable endpoints: maximum number of domain configurations per account

10

Yes

Custom authentication: maximum number of active authorizers per account

Custom authentication: maximum number of authorizers that can be active in your AWS account.

32

No

Custom authentication: maximum number of authorizers per account

Custom authentication: maximum number of authorizers that can be registered to your AWS account. Authorizers have a lambda function that implements custom authentication and authorization.

100

No

Maximum number of CA certificates with the same subject field allowed per AWS account per Region

The maximum number of CA certificates with the same subject field allowed per AWS account per region. If you have more than one CA certificate with the same subject field, you must specify the CA certificate that was used to sign the device certificate being registered.

10

No

Maximum number of device certificates that can be registered per second

The maximum number of device certificates that can be registered per second. You can select up to 15 files to register.

15

Yes

Maximum number of domain configurations per account per region

Maximum number of domain configurations per AWS account per AWS Region.

10

Yes

Maximum number of fleet provisioning template versions per template

Maximum number of fleet provisioning template versions per template. Each template version has a version ID and a creation date for devices connecting to AWS IoT using fleet previsioning.

5

No

Maximum number of fleet provisioning templates per customer

Maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT.

256

No

Maximum number of named policy versions

The maximum number of named policy versions. A managed AWS IoT policy can have up to five versions. To update a policy, create a new policy version. If the policy has five versions, you must delete an existing version before creating a new one.

5

No

Maximum number of policies that can be attached to a certificate or Amazon Cognito identity

The maximum number of policies that can be attached to a client certificate or an Amazon Cognito identity, which is 10. Amazon Cognito identity enables you to create temporary, limited-privilege AWS credentials for use in mobile and web applications.

10

No

Maximum number of provisioning claims that can be generated per second by trusted user

The maximum number of provisioning claims that can be generated per second by a trusted user. A trusted user can be an end user or installation technician who uses a mobile app or web application to configure the device in its deployed location.

10

No

Maximum policy document size

The maximum size of the policy document, which is 2048 characters excluding white spaces.

2048

No

Maximum size of fleet provisioning template

Maximum size of fleet provisioning templates in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT.

10 Kilobytes

No
Additional AWS IoT Core security limits
Resource Description Default Adjustable
Maximum number of domain names per server certificate When you're providing the server certificates for AWS IoT custom domain configuration, certificates can have a maximum of four domain names. 4 No
Custom authentication: minimum connection duration (value of DisconnectAfterInSecs) The Lambda function of a custom authorizer uses a DisconnectAfterInSecs parameter to indicate the maximum duration (in seconds) of the connection to the AWS IoT Core gateway. The connection is terminated if it exceeds this value. The minimum value for DisconnectAfterInSecs is 300. If the value is less than 300, a client can be disconnected by AWS IoT Core. A connection can't last less than 300 seconds (the minimum value). 300 No
Custom authentication: maximum connection duration (value of DisconnectAfterInSecs) The Lambda function of a custom authorizer uses a DisconnectAfterInSecs parameter to indicate the maximum duration (in seconds) of the connection to the AWS IoT Core gateway. The connection is terminated if it exceeds this value. The maximum value for DisconnectAfterInSecs is 86,400. If the value is more than 86,400, a client can be disconnected by AWS IoT Core. A connection can't last longer than 86,400 seconds (the maximum value). This applies to all custom authentication connections (MQTT and WSS). 86,400 No
Custom authentication: minimum policy refresh rate (value of RefreshAfterInSecs) The Lambda function of a custom authorizer uses a RefreshAfterInSeconds parameter to indicate the interval (in seconds) between policy refreshes when connected to the AWS IoT Core gateway. When this interval passes, AWS IoT Core invokes the Lambda function to allow for policy refreshes. 300 No
Custom authentication: maximum policy refresh rate (value of RefreshAfterInSecs) The maximum time interval between policy refreshes when connected to the AWS IoT Core gateway, defined by the value of RefreshAfterInSeconds. 86,400 No

MQTT-based File Delivery

MQTT-based File Delivery Resource Quotas
Resource Description Default Adjustable
Streams per account The maximum number of streams per account. 10,000* No
Files per stream The maximum number of files per stream. 10 No
File size The maximum file size (in MB). 24 MB No
Maximum data block size The maximum data block size. 128 KB No
Minimum data block size The minimum data block size. 256 bytes No
Maximum block offset specified in a stream file request The maximum block offset specified in a stream file request. 98,304 No
Maximum blocks that can be requested per stream file request The maximum number of blocks that can be requested per stream file request. 98,304 No
Maximum block bitmap size The maximum block bitmap size. 12,288 bytes No

* For additional information, see Using AWS IoT MQTT-based file delivery in devices in the AWS IoT Developer Guide.

MQTT-based File Delivery Throttling
API Transactions Per Second
CreateStream 15 TPS
DeleteStream 15 TPS
DescribeStream 15 TPS
ListStreams 15 TPS
UpdateStream 15 TPS

AWS IoT Core Device Advisor limits and quotas

AWS IoT Core Device Advisor limits and quotas

Limit display name

Description

Default value

Adjustable

Concurrently connected devices

The maximum number of test devices that can be concurrently connected per test suite run.

1

No

Concurrently running test suites

The maximum number of suites an AWS account can run concurrently.

1

No

Connections per test endpoint

The maximum number of connections to an account-specific test endpoint.

5

No

MQTT CONNECT requests per account

The maximum number of MQTT Connect requests sent from a test device per second per account.

5

No

MQTT CONNECT requests per client ID

The maximum number of MQTT Connect requests sent from a test device per second per client ID.

1

No

Rate of CreateSuiteDefinition API requests

The maximum number of CreateSuiteDefinition API requests you can make per second.

1

No

Rate of DeleteSuiteDefinition API requests

The maximum number of DeleteSuiteDefinition API requests you can make per second.

10

No

Rate of GetSuiteDefinition API requests

The maximum number of GetSuiteDefinition API requests you can make per second.

10

No

Rate of GetSuiteRun API requests

The maximum number of GetSuiteRun API requests you can make per second.

10

No

Rate of GetSuiteRunReport API requests

The maximum number of GetSuiteRunReport API requests you can make per second.

10

No

Rate of ListSuiteDefinitions API requests

The maximum number of ListSuiteDefinitions API requests you can make per second.

10

No

Rate of ListSuiteRuns API requests

The maximum number of ListSuiteRuns API requests you can make per second.

10

No

Rate of ListTagsForResource API requests

The maximum number of ListTagsForResource API requests you can make per second.

10

No

Rate of ListTestCases API requests

The maximum number of ListTestCases API requests you can make per second.

10

No

Rate of StartSuiteRun API requests

The maximum number of StartSuiteRun API requests you can make per second.

1

No

Rate of TagResource API requests

The maximum number of TagResource API requests you can make per second.

10

No

Rate of UntagResource API requests

The maximum number of UntagResource API requests you can make per second.

10

No

Rate of UpdateSuiteDefinition API requests

The maximum number of UpdateSuiteDefinition API requests you can make per second.

10

No

Test case execution time

The maximum time until a test case fails if not completed.

10800 Seconds

No

Test cases per test suite

The maximum number of test cases in one test suite.

50

No