Amazon Cognito
Developer Guide

Limits in Amazon Cognito

This section describes the limits for Amazon Cognito.

Note

Any operation that takes accessToken as an input is also throttled on the user. This throttling is in addition to the user pool throttling. The default limits mentioned below are overall limits across all users.

Soft Limits

The following tables provide the soft (default) limits for Amazon Cognito, which are limits that can be changed. For information about these limits and how to change them, see AWS Service Limits.

Soft Limits in Amazon Cognito User Pools Resources

Resource Default Limit
Maximum number of app clients per user pool 1000
Maximum number of user pools per account 1000
Maximum number of user import jobs per user pool 1000
Maximum number of identity providers per user pool 300
Maximum number of resource servers per user pool 25
Maximum number of users per user pool 20,000,000

The limits specified in the table directly below are enforced per AWS account.

Soft Limits in Amazon Cognito User Pools APIs

API Limits (requests per second) Default Limit
AdminInitiateAuth 20
AdminRespondToAuthChallenge 20
  • AdminAddUserToGroup

  • AdminRemoveUserFromGroup

  • AdminListGroupsForUser

10
User authentication operations such as SignUp, InitiateAuth (sign in), and ForgotPassword. 10

Create, Update and Delete APIs for:

  • UserPool

  • UserPoolClient

  • UserImportJob

  • UserPoolDomain

  • IdentityProvider

  • ResourceServer

1

Describe APIs for:

  • UserPool

  • UserPoolClient

  • UserImportJob

  • UserPoolDomain

5
ListUsers 25

List APIs for:

  • UserPool

  • UserPoolClients

  • UserImportJobs

5
SetUICustomization, AddCustomAttributes 1
Admin APIs not listed above. 5

Soft Limits in Amazon Cognito Identity Pools (Federated Identities)

Resource Default Limit
Maximum number of identity pools per account 1000
Maximum Amazon Cognito user pool providers per identity pool 50
Maximum number of rules for role-based access control (RBAC) 25

Soft Limits in Amazon Cognito Sync

Resource Default Limit
Maximum number of datasets per identity 20
Maximum number of records per dataset 1024
Maximum size of a single dataset 1 MB

Hard Limits

The following tables describe Amazon Cognito hard limits, which are limits that cannot be changed.

Hard Limits in Amazon Cognito User Pools

Resource Limit
Maximum number of custom attributes per user pool 25
Maximum characters per attribute 2048 bytes
Maximum character length for custom attribute name 20
Min/max password policy length Between 6 and 99, inclusive

Number of emails sent daily per user pool1

50
Maximum number of emails sent daily per AWS account1 500
Maximum characters in email subject 140
Maximum character in email message 20,000
Maximum characters in SMS verification message 140
Maximum characters in password 256
Maximum character length for identity provider name 40
Maximum identifiers per identity provider 50
Maximum callback URLs per app client 100
Maximum logout URLs per app client 100
Maximum number of scopes per resource server 100
Maximum number of scopes per app client 50
Maximum number of custom domains per account 4
Maximum number of groups that each user can belong to 25
Maximum number of groups per user pool 500

Notes:

  1. This limit applies only if you are using the default email functionality for an Amazon Cognito user pool. To enable a higher email delivery volume, configure your user pool to use your Amazon SES email configuration. For more information, see Email Settings for Amazon Cognito User Pools.

Hard Limits on Token Validity in Amazon Cognito User Pools

Resource Limit
ID token 1 hour
Refresh token Between 1 day and 3650 days, inclusive

Hard Limits on Code Validity in Amazon Cognito User Pools

Resource Limit
Sign-up confirmation code 24 hours
User attribute verification code validity 24 hours
Multi-factor authentication code 3 minutes
Forgot password code 1 hour

Hard Limits in Amazon Cognito Identity Pools (Federated Identities)

Resource Limit
Maximum number of identities per identity pool Unlimited
Maximum character length for identity pool name 128 bytes
Maximum character length for login provider name 2048 bytes
Maximum number of results from a single List/Lookup API call 60

Hard Limits in Amazon Cognito Sync

Resource Limit
Maximum character length for dataset name 128 bytes
Minimum waiting time for a bulk publish after a successful request 24 hours

On this page: