AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)


This section specifies limits that affect AWS Certificate Manager Private Certificate Authority.

Limits on Certificates

The following ACM PCA certificate limits apply to each region and each account. To request higher limits, create a case at the AWS Support Center. New AWS accounts might start with limits that are lower than those that are described here.

Item Default Limit
Number of private certificate authorities (CAs) 10
Number of private certificates per private CA (lifetime) 1,000,000
Number of revoked private certificates per private CA (lifetime) 1,000,000


A private CA that has been deleted will count towards your certificate limit until the end of its restoration period. For more information, see Delete Your Private CA.

ACM PCA is integrated with ACM. You can use the ACM console, AWS CLI, or ACM API to request private certificates from an existing private certificate authority (CA). The certificates are managed by ACM and have the same restrictions as public certificates issued by ACM. For a list of the restrictions, see Request a Private Certificate. You can also issue private certificates with the ACM PCA API or AWS CLI. For more information, see Issue a Private Certificate. Regardless of which method you use, you can create 10 private CAs, request 1,000,000 private certificates, and revoke 1,000,000 certificate per account per region. ACM places limits on public and imported certificates. For more information, see ACM Limits.

API Rate Limits

The following limits apply to the ACM PCA API for each region and account. ACM PCA throttles API requests at different limits depending on the API operation. Throttling means that ACM PCA rejects an otherwise valid request because the request exceeds the operation's limit for the number of requests per second. When a request is throttled, ACM PCA returns a ThrottlingException error. The following table lists each API operation and the limit at which ACM PCA throttles requests for that operation.


At this time, ACM PCA does not support individual API rate limit increases per customer.