Quotas
CloudFront is subject to the following quotas.
Topics
- General quotas
- General quotas on distributions
- General quotas on policies
- Quotas on CloudFront Functions
- Quotas on key value stores
- Quotas on Lambda@Edge
- Quotas on SSL certificates
- Quotas on invalidations
- Quotas on key groups
- Quotas on WebSocket connections
- Quotas on field-level encryption
- Quotas on cookies (legacy cache settings)
- Quotas on query strings (legacy cache settings)
- Quotas on headers
General quotas
Entity | Default quota |
---|---|
Data transfer rate per distribution |
150 Gbps |
Requests per second per distribution |
250,000 |
Tags that can be added to a distribution |
50 |
Files that you can serve per distribution |
No quota |
Maximum length of a request, including headers and query strings, but not including the body content |
20,480 bytes |
Maximum length of a URL |
8,192 bytes |
General quotas on distributions
Entity | Default quota |
---|---|
Alternate domain names (CNAMEs) per distribution For more information, see Using custom URLs by adding alternate domain names (CNAMEs). |
100 |
Cache behaviors per distribution |
25 |
Connection attempts per origin For more information, see Connection attempts. |
1-3 |
Connection timeout per origin For more information, see Connection timeout. |
1-10 seconds |
Distributions per AWS account For more information, see Creating a distribution. |
200 |
Distributions per origin access control |
100 |
File compression: range of file sizes that CloudFront compresses For more information, see Serving compressed files. |
1,000 to 10,000,000 bytes |
Keep-alive timeout per origin For more information, see Keep-alive timeout (custom origins only). |
1-60 seconds |
Maximum cacheable file size per HTTP GET response. Only the responses for an HTTP GET are cached. Responses for POST or PUT are not cached. |
50 GB |
Origin access controls per AWS account |
100 |
Origin access identities per AWS account |
100 |
Origins per distribution |
25 |
Origin groups per distribution |
10 |
Response timeout per origin For more information, see Response timeout (custom origins only). |
1-60 seconds |
Staging distributions per AWS account For more information, see Using CloudFront continuous deployment to safely test CDN configuration changes. |
20 |
General quotas on policies
Entity | Default quota |
---|---|
Cache policies per AWS account |
20 |
Distributions associated with the same cache policy |
100 |
Query strings per cache policy |
10 |
Headers per cache policy |
10 |
Cookies per cache policy |
10 |
Total combined length of all query string, header, and cookie names in a cache policy |
1024 |
Origin request policies per AWS account |
20 |
Distributions associated with the same origin request policy |
100 |
Query strings per origin request policy |
10 |
Headers per origin request policy |
10 |
Cookies per origin request policy |
10 |
Total combined length of all query string, header, and cookie names in an origin request policy |
1024 |
Response headers policies per AWS account |
20 |
Distributions associated with the same response headers policy |
100 |
Custom headers per response headers policy |
10 |
Continuous deployment policies per AWS account |
20 |
Quotas on CloudFront Functions
Entity |
Default quota |
---|---|
Functions per AWS account |
100 |
Maximum function size |
10 KB |
Maximum function memory |
2 MB |
Distributions associated with the same function |
100 |
In addition to these quotas, there are some other restrictions when using CloudFront Functions. For more information, see Restrictions on CloudFront Functions.
Quotas on key value stores
Entity |
Default quota |
---|---|
Maximum size of a key in a key-value pair | 512 Bytes |
Maximum size of the value in a key-value pair | 1 KB |
Maximum key values pairs that you can update in a single API request | 50 keys or 3 MB payload, whichever is reached first |
Maximum size of an individual key value store | 5 MB |
Maximum number of functions that a single key value store can be associated with | 10 |
Maximum number of key value stores per function | 1 |
Maximum number of key value stores per account | 50 |
Quotas on Lambda@Edge
The quotas in this section apply to Lambda@Edge. These quotas are in addition to the default AWS Lambda quotas, which also apply. For the Lambda quotas, see Quotas in the AWS Lambda Developer Guide.
Note
Lambda dynamically scales capacity in response to increased traffic, within your AWS account's quotas. For more information, see Function scaling in the AWS Lambda Developer Guide.
General quotas | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Entity |
Default quota |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Distributions per AWS account that can have Lambda@Edge functions |
500 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Lambda@Edge functions per distribution |
100 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requests per second |
10,000 (in each AWS Region) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Concurrent executions For more information, see Function scaling in the AWS Lambda Developer Guide. |
1,000 (in each AWS Region) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Distributions associated with the same function |
500 |
Quotas that differ by event type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Entity |
Viewer request and viewer response events |
Origin request and origin response events |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Function memory size |
128 MB |
Same as Lambda quotas |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Function timeout. The function can make network calls to resources such as Amazon S3 buckets, DynamoDB tables, or Amazon EC2 instances in AWS Regions. |
5 seconds |
30 seconds |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Size of a response that is generated by a Lambda function, including headers and body |
40 KB |
1 MB |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Maximum compressed size of a Lambda function and any included libraries |
1 MB |
50 MB |
In addition to these quotas, there are some other restrictions when using Lambda@Edge functions. For more information, see Restrictions on Lambda@Edge.
Quotas on SSL certificates
Entity | Default quota |
---|---|
SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI) For more information, see Using HTTPS with CloudFront. |
2 |
SSL certificates that can be associated with a CloudFront distribution |
1 |
Quotas on invalidations
Entity | Default quota |
---|---|
File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations For more information, see Invalidating files. |
3,000 |
File invalidation: maximum number of active wildcard invalidations allowed |
15 |
File invalidation: maximum number of files that one wildcard invalidation can process |
No quota |
Quotas on key groups
Entity | Default quota |
---|---|
Public keys in a single key group |
5 |
Key groups associated with a single cache behavior |
4 Request a higher quota |
Key groups per AWS account |
10 Request a higher quota |
Distributions associated with a single key group |
100 Request a higher quota |
Quotas on WebSocket connections
Entity | Default quota |
---|---|
Origin response timeout (idle timeout) |
10 minutes If CloudFront hasn't detected any bytes sent from the origin to the client within the past 10 minutes, the connection is assumed to be idle and is closed. |
Quotas on field-level encryption
Entity | Default quota |
---|---|
Maximum length of a field to encrypt For more information, see Using field-level encryption to help protect sensitive data. |
16 KB |
Maximum number of fields in a request body when field-level encryption is configured |
10 |
Maximum length of a request body when field-level encryption is configured |
1 MB |
Maximum number of field-level encryption configurations that can be associated with one AWS account |
10 |
Maximum number of field-level encryption profiles that can be associated with one AWS account |
10 |
Maximum number of public keys that can be added to one AWS account |
10 |
Maximum number of fields to encrypt that can be specified in one profile |
10 |
Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration |
20 |
Maximum number of query argument profile mappings that can be included in a field-level encryption configuration |
5 |
Quotas on cookies (legacy cache settings)
These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.
Entity | Default quota |
---|---|
Cookies per cache behavior For more information, see Caching content based on cookies. |
10 |
Total number of bytes in cookie names (doesn't apply if you configure CloudFront to forward all cookies to the origin) |
512 minus the number of cookies |
Quotas on query strings (legacy cache settings)
These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.
Entity | Default quota |
---|---|
Maximum number of characters in a query string |
128 characters |
Maximum number of characters total for all query strings in the same parameter |
512 characters |
Query strings per cache behavior For more information, see Caching content based on query string parameters. |
10 |
Quotas on headers
Entity | Default quota |
---|---|
Headers per cache behavior (legacy cache settings) For more information, see Caching content based on request headers. |
10 |
Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests For more information, see Adding custom headers to origin requests. |
10 |
Custom headers: maximum number of custom headers that you can add to a response headers policy |
10 |
Custom headers: maximum length of a header name |
256 characters |
Custom headers: maximum length of a header value |
1,783 characters |
Custom headers: maximum length of all header values and names combined |
10,240 characters |
Maximum length of the value of the
Content-Security-Policy header |
1,783 characters |