Quotas in AWS CloudTrail - AWS CloudTrail

Quotas in AWS CloudTrail

The following table describes quotas, or limits, within CloudTrail. CloudTrail has no adjustable quotas. For information about other quotas in AWS, see AWS service quotas.

Resource Default Limit Comments
Trails per region 5 This limit cannot be increased.
Get, describe, and list APIs 10 transactions per second (TPS) The maximum number of operation requests you can make per second without being throttled. The LookupEvents API is not included in this category.

This limit cannot be increased.

LookupEvents API 2 transactions per second (TPS) The maximum number of operation requests you can make per second without being throttled.

This limit cannot be increased.

All other APIs 1 transaction per second (TPS) The maximum number of operation requests you can make per second without being throttled.

This limit cannot be increased.

Event selectors 5 per trail This limit cannot be increased.
Data resources in event selectors 250 across all event selectors in a trail The total number of data resources cannot exceed 250 across all event selectors in a trail. The limit of number of resources on an individual event selector is configurable up to 250. This upper limit is allowed only if the total number of data resources does not exceed 250 across all event selectors.

Examples:

  • A trail with 5 event selectors, each configured with 50 data resources, is allowed. (5*50=250)

  • A trail with 5 event selectors, 3 of which are configured with 50 data resources, 1 of which is configured with 99 data resources, and 1 of which is configured with 1 data resource, is also allowed. ((3*50)+1+99=250)

  • A trail configured with 5 event selectors, all of which are configured with 100 data resources, is not allowed. (5*100=500)

This limit cannot be increased.

Event size

All event versions: events over 256 KB cannot be sent to CloudWatch Logs

Event version 1.05 and newer: total event size limit of 256 KB

Amazon CloudWatch Logs and Amazon CloudWatch Events each allow a maximum event size of 256 KB. CloudTrail does not send events over 256 KB to CloudWatch Logs or CloudWatch Events.

Starting with event version 1.05, events have a maximum size of 256 KB. This is to help prevent exploitation by malicious actors, and allow events to be consumed by other AWS services, such as CloudWatch Logs and CloudWatch Events.