Quotas
You can request a CloudFront quota increase by using the following options:
-
You can use the Service Quotas console or the AWS Command Line Interface. For more information, see the following topics:
-
Requesting a quota increase in the Service Quotas User Guide
-
request-service-quota-increase in the AWS CLI Command Reference
-
-
If a CloudFront quota isn't available in Service Quotas, use the AWS Support Center Console to create a service quota increase case
.
CloudFront is subject to the following quotas.
Topics
- General quotas
- General quotas on distributions
- General quotas on policies
- Quotas on CloudFront Functions
- Quotas on key value stores
- Quotas on Lambda@Edge
- Quotas on SSL certificates
- Quotas on invalidations
- Quotas on key groups
- Quotas on WebSocket connections
- Quotas on field-level encryption
- Quotas on cookies (legacy cache settings)
- Quotas on query strings (legacy cache settings)
- Quotas on headers
- Related information
General quotas
| Entity | Default quota |
|---|---|
|
Data transfer rate per distribution |
150 Gbps |
|
Requests per second per distribution |
250,000 |
|
Tags that can be added to a distribution |
50 |
|
Files that you can serve per distribution |
No quota |
|
Maximum length of a request or an origin response, including headers and query strings, but not including the body content |
20,480 bytes |
|
Maximum length of a URL |
8,192 bytes |
General quotas on distributions
| Entity | Default quota |
|---|---|
|
Alternate domain names (CNAMEs) per distribution For more information, see Use custom URLs by adding alternate domain names (CNAMEs). |
100 |
|
Cache behaviors per distribution |
25 |
|
Connection attempts per origin For more information, see Connection attempts. |
1-3 |
|
Connection timeout per origin For more information, see Connection timeout. |
1-10 seconds |
|
Distributions per AWS account For more information, see Create a distribution. |
200 |
|
Distributions per origin access control |
100 |
|
Distributions within chain of requests to origin endpoint We don't recommend placing one distribution in front of another. Exceeding this quota results in a 403 error. |
2 |
|
File compression: range of file sizes that CloudFront compresses For more information, see Serve compressed files. |
1,000 to 10,000,000 bytes |
|
Keep-alive timeout per origin For more information, see Keep-alive timeout (custom origins only). |
1-60 seconds |
|
Maximum cacheable file size per HTTP GET response. Only the responses for an HTTP GET are cached. Responses for POST or PUT are not cached. |
50 GB |
|
Origin access controls per AWS account |
100 |
|
Origin access identities per AWS account |
100 |
|
Origins per distribution |
25 |
|
Origin groups per distribution |
10 |
|
Response timeout per origin For more information, see Response timeout (custom origins only). |
1-60 seconds |
|
Staging distributions per AWS account For more information, see Use CloudFront continuous deployment to safely test CDN configuration changes. |
20 |
General quotas on policies
| Entity | Default quota |
|---|---|
|
Cache policies per AWS account |
20 |
|
Distributions associated with the same cache policy |
100 |
|
Query strings per cache policy |
10 |
|
Headers per cache policy |
10 |
|
Cookies per cache policy |
10 |
|
Total combined length of all query string, header, and cookie names in a cache policy |
1024 |
|
Origin request policies per AWS account |
20 |
|
Distributions associated with the same origin request policy |
100 |
|
Query strings per origin request policy |
10 |
|
Headers per origin request policy |
10 |
|
Cookies per origin request policy |
10 |
|
Total combined length of all query string, header, and cookie names in an origin request policy |
1024 |
|
Response headers policies per AWS account |
20 |
|
Distributions associated with the same response headers policy |
100 |
|
Custom headers per response headers policy |
10 |
|
Continuous deployment policies per AWS account |
20 |
Quotas on CloudFront Functions
|
Entity |
Default quota |
|---|---|
|
Functions per AWS account |
100 |
|
Maximum function size This quota isn't adjustable. To store additional data for your CloudFront Functions, create a key value store and add your key-value pairs. For more information, see Amazon CloudFront KeyValueStore. |
10 KB |
|
Maximum function memory |
2 MB |
|
Distributions associated with the same function |
100 |
In addition to these quotas, there are some other restrictions when using CloudFront Functions. For more information, see Restrictions on CloudFront Functions.
Quotas on key value stores
|
Entity |
Default quota |
|---|---|
| Maximum size of a key in a key-value pair | 512 Bytes |
| Maximum size of the value in a key-value pair | 1 KB |
| Maximum key values pairs that you can update in a single API request | 50 keys or 3 MB payload, whichever is reached first |
| Maximum size of an individual key value store | 5 MB |
| Maximum number of functions that a single key value store can be associated with | 10 |
| Maximum number of key value stores per function | 1 |
| Maximum number of key value stores per account |
50 |
Quotas on Lambda@Edge
|
Entity |
Default quota |
|---|---|
|
Distributions per AWS account that can have Lambda@Edge functions |
500 |
|
Lambda@Edge functions per distribution |
100 |
|
Concurrent executions NoteLambda manages the concurrency quotas for Lambda@Edge. All Lambda functions in the AWS Region share this quota. For more information, see Function scaling in the AWS Lambda Developer Guide. |
1,000 (in each AWS Region) |
|
Distributions associated with the same function |
500 |
|
Maximum compressed size of a Lambda function and any included libraries |
50 MB |
|
Lambda@Edge requests per second (each supported AWS Region) |
10,000 |
|
Entity |
Viewer request and viewer response events |
Origin request and origin response events |
|---|---|---|
|
Function memory size |
128 MB |
Same as Lambda quotas |
|
Function timeout. The function can make network calls to resources such as Amazon S3 buckets, DynamoDB tables, or Amazon EC2 instances in AWS Regions. |
5 seconds |
30 seconds |
|
Size of a response that is generated by a Lambda function, including headers and body |
40 KB |
1 MB |
In addition to these quotas, there are some other restrictions when using Lambda@Edge functions. For more information, see Restrictions on Lambda@Edge.
Quotas on SSL certificates
| Entity | Default quota |
|---|---|
|
SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI) For more information, see Use HTTPS with CloudFront. |
2 |
|
SSL certificates that can be associated with a CloudFront distribution |
1 |
If your SSL certificate is specifically for HTTPS communication between viewers and CloudFront, and if you used AWS Certificate Manager (ACM) or the IAM certificate store to provision or import your certificate, additional quotas apply. For more information, see Quotas on using SSL/TLS certificates with CloudFront (HTTPS between viewers and CloudFront only).
There are also quotas on the number of SSL certificates that you can import into AWS Certificate Manager (ACM) or upload to AWS Identity and Access Management (IAM). For more information, see Increase the quotas for SSL/TLS certificates.
Quotas on invalidations
| Entity | Default quota |
|---|---|
|
File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations For more information, see Invalidate files to remove content. |
3,000 |
|
File invalidation: maximum number of active wildcard invalidations allowed |
15 |
|
File invalidation: maximum number of files that one wildcard invalidation can process |
No quota |
Quotas on key groups
| Entity | Default quota |
|---|---|
|
Public keys in a single key group |
5 |
|
Key groups associated with a single cache behavior |
4 |
|
Key groups per AWS account |
10 |
|
Distributions associated with a single key group |
100 |
Quotas on WebSocket connections
| Entity | Default quota |
|---|---|
|
Origin response timeout (idle timeout) |
10 minutes If CloudFront hasn't detected any bytes sent from the origin to the client within the past 10 minutes, the connection is assumed to be idle and is closed. |
Quotas on field-level encryption
| Entity | Default quota |
|---|---|
|
Maximum length of a field to encrypt For more information, see Use field-level encryption to help protect sensitive data. |
16 KB |
|
Maximum number of fields in a request body when field-level encryption is configured |
10 |
|
Maximum length of a request body when field-level encryption is configured |
1 MB |
|
Maximum number of field-level encryption configurations that can be associated with one AWS account |
10 |
|
Maximum number of field-level encryption profiles that can be associated with one AWS account |
10 |
|
Maximum number of public keys that can be added to one AWS account |
10 |
|
Maximum number of fields to encrypt that can be specified in one profile |
10 |
|
Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration |
20 |
|
Maximum number of query argument profile mappings that can be included in a field-level encryption configuration |
5 |
Quotas on cookies (legacy cache settings)
These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.
| Entity | Default quota |
|---|---|
|
Cookies per cache behavior For more information, see Cache content based on cookies. |
10 |
|
Total number of bytes in cookie names (doesn't apply if you configure CloudFront to forward all cookies to the origin) |
512 minus the number of cookies |
Quotas on query strings (legacy cache settings)
These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.
| Entity | Default quota |
|---|---|
|
Maximum number of characters in a query string |
128 characters |
|
Maximum number of characters total for all query strings in the same parameter |
512 characters |
|
Query strings per cache behavior For more information, see Cache content based on query string parameters. |
10 |
Quotas on headers
| Entity | Default quota |
|---|---|
|
Headers per cache behavior (legacy cache settings) For more information, see Cache content based on request headers. |
10 |
|
Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests For more information, see Add custom headers to origin requests. |
10 |
|
Custom headers: maximum number of custom headers that you can add to a response headers policy |
10 |
|
Custom headers: maximum length of a header name |
256 characters |
|
Custom headers: maximum length of a header value |
1,783 characters |
|
Custom headers: maximum length of all header values and names combined |
10,240 characters |
Maximum length of the Content-Security-Policy header value |
1,783 characters |
Maximum length of a CORS (Access-Control-Allow-Origin) header value |
1,783 characters |
Related information
For more information, see Amazon CloudFront endpoints and quotas in the AWS General Reference.
