AWS Certificate Manager
User Guide (Version 1.0)

Limits

The following AWS Certificate Manager (ACM) limits apply to each AWS region and each AWS account. To request higher limits, create a case at the AWS Support Center. New AWS accounts might start with limits that are lower than those that are described here.

General Limits

The following general limits apply to your AWS account when using ACM.

    Item Default Limit
    Number of ACM Certificates

    New AWS accounts may start with a limit lower than the maximum.

    1000
    Number of ACM Certificates per year (last 365 days)

    You can request up to twice your limit of ACM Certificates every year. For example, if your limit is 1,000, you can request up to 2,000 ACM Certificates a year. You can only have 1,000 certificates at any given time. To request 2,000 certificates in a year, you must delete 1,000 during the year to stay within the limit. If you need more than 1,000 certificates at any given time, you must contact the AWS Support Center.

    Twice your account limit
    Number of imported certificates 1000
    Number of imported certificates per year (last 365 days) Twice your account limit
    Number of domain names per ACM Certificate

    The default limit is 10 domain names for each ACM Certificate. Your limit may be greater.

    The first domain name that you submit is included as the subject common name (CN) of the certificate. All names are included in the Subject Alternative Name extension.

    You can request up to 100 domain names. To request an increase in your limit, create a case at the AWS Support Center . Before creating a case, however, make sure you understand how adding more domain names can create more administrative work for you if you use email validation. For more information, see Domain Validation.

    The limit for the number of domain names per ACM Certificate applies only to certificates that are provided by ACM. This limit does not apply to certificates that you import into ACM. The following sections apply only to ACM Certificates.

    10
    Number of Private CAs

    ACM is integrated with AWS Certificate Manager Private Certificate Authority (ACM Private CA). You can use the ACM console, AWS CLI, or ACM API to request private certificates from an existing private certificate authority (CA) hosted by ACM Private CA. These certificates are managed within the ACM environment and have the same restrictions as public certificates issued by ACM. For more information, see Request a Private Certificate. You can also issue private certificates by using the standalone ACM PCA service. For more information, see Issue a Private End-Entity Certificate.

    A private CA that has been deleted will count towards your limit until the end of its restoration period. For more information, see Deleting Your Private CA.
    10
    Number of Private Certificates per CA (lifetime) 1,000,000

    API Rate Limits

    The following limits apply to the ACM API for each region and account. ACM throttles API requests at different limits depending on the API operation. Throttling means that ACM rejects an otherwise valid request because the request exceeds the operation's limit for the number of requests per second. When a request is throttled, ACM returns a ThrottlingException error. The following table lists each API operation and the limit at which ACM throttles requests for that operation.

    Requests per second limit for each ACM API operation

    API call Requests per second

    AddTagsToCertificate

    5

    DeleteCertificate

    10

    DescribeCertificate

    10

    ExportCertificate

    5

    ImportCertificate

    1

    ListCertificates

    5

    ListTagsForCertificate

    10

    RemoveTagsFromCertificate

    5

    RequestCertificate

    5

    ResendValidationEmail

    1

    For more information, see AWS Certificate Manager API Reference.