Quotas - AWS Certificate Manager Private Certificate Authority


AWS Certificate Manager Private Certificate Authority assigns quotas to your allowed number of certificates and certificate authorities as well as the API rate.

Quotas on Certificates

The following ACM Private CA certificate quotas apply to each Region and each account. To request higher quotas, create a case at the AWS Support Center.

Item Default Quota
Number of private certificate authorities (CAs) 10
Number of private certificates per private CA (lifetime) 1,000,000
Number of unexpired revoked private certificates per CA* 1,000,000

* This quota reflects the number of unexpired certificates that can be included in the Certificate Revocation List (CRL), based on the maximum CRL size that can be processed by clients consuming CRLs. This quota cannot be increased.


A private CA that has been deleted counts towards your certificate quota until the end of its restoration period. For more information, see Delete Your Private CA.

ACM Private CA is integrated with ACM. You can use the ACM console, AWS CLI, or ACM API to request private certificates from an existing private certificate authority (CA). The certificates are managed by ACM and have the same restrictions as public certificates that are issued by ACM. For a list of the restrictions, see Request a Private Certificate. You can also issue private certificates with the ACM Private CA API or AWS CLI. For more information, see Issuing a Private End-Entity Certificate. Regardless of which method you use, you can create 10 private CAs, request 1,000,000 private certificates, and revoke 1,000,000 certificate per account per Region. ACM places quotas on public and imported certificates. For more information, see ACM Quotas.

API Rate Quotas

The following quotas apply to the ACM Private CA API for each Region and account. ACM Private CA throttles API requests at different quotas depending on the API operation. Throttling means that ACM Private CA rejects an otherwise valid request because the request exceeds the operation's quota for the number of requests per second. When a request is throttled, ACM Private CA returns a ThrottlingException error. The following table lists each API operation and the quota at which ACM Private CA throttles requests for that operation.


At this time, ACM Private CA does not support individual API rate quota increases per customer.