Quotas in AWS CloudTrail
This section describes the resource quotas (formerly referred to as limits) in CloudTrail. For information about all quotas in CloudTrail, see Service quotas in the AWS General Reference.
Note
CloudTrail has no adjustable quotas.
CloudTrail resource quotas
The following table describes the resource quotas within CloudTrail.
| Resource | Default quota | Comments |
|---|---|---|
| Trails per Region | 5 | This quota cannot be increased. |
| Event data stores | 10 |
The maximum number of event data stores that you can have in any one AWS Region. This includes single-Region event data stores for the Region as well as any multi-Region event data stores across all AWS Regions. This includes event data stores in any lifecycle stage. This quota cannot be increased. |
| Channels | 25 |
This quota applies to channels used for CloudTrail Lake integrations with event sources outside of AWS, and does not apply to service-linked channels. This quota cannot be increased. |
| Concurrent queries | 10 |
The maximum number of queued or running queries that you can run simultaneously in CloudTrail Lake. This quota cannot be increased. |
| Events per PutAuditEvents request | 100 |
You can add up to 100 activity events (or up to 1 MB) per This quota cannot be increased. |
| Event selectors | 5 per trail | This quota cannot be increased. |
| Advanced event selectors | 500 conditions across all advanced event selectors |
If a trail or event data store uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. Unless a trail or event data store logs data events on all resources, such as all S3 buckets or all Lambda functions, you are limited to 250 data resources. Data resources can be distributed across event selectors, but the overall total cannot exceed 250. This quota cannot be increased. |
| Data resources in event selectors | 250 across all event selectors in a trail | If you choose to limit data events by using event selectors or advanced event selectors,
the total number of data resources cannot exceed 250 across all event selectors in a trail.
The limit of number of resources on an individual event selector is configurable up to 250.
This upper limit is allowed only if the total number of data resources does not exceed 250
across all event selectors. Examples:
Event selectors apply only to trails. For event data stores, you must use advanced event selectors. This quota cannot be increased. The quota does not apply if you choose to log data events on all resources, such as all S3 buckets or all Lambda functions. |
| Event size |
All event versions: events over 256 KB cannot be sent to CloudWatch Logs Event version 1.05 and newer: total event size limit of 256 KB |
Amazon CloudWatch Logs and Amazon EventBridge each allow a maximum event size of 256 KB. CloudTrail does not send events over 256 KB to CloudWatch Logs or EventBridge. Starting with event version 1.05, events have a maximum size of 256 KB. This is to help prevent exploitation by malicious actors, and allow events to be consumed by other AWS services, such as CloudWatch Logs and EventBridge. |
| CloudTrail file size sent to Amazon S3 |
50 MB ZIP file, after compression |
For both management and data events, CloudTrail sends events to S3 in maximum 50 MB (compressed) ZIP files. If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends ZIP files to S3. |
Transactions per second (TPS) quotas in CloudTrail
The AWS General Reference lists the transactions per second (TPS) quota for AWS APIs.
The transactions per second (TPS) quota for an API represents how many requests you can make per second for a given API
without being throttled. For example, the TPS quota for the CloudTrail LookupEvents API is 2.
For information about the TPS quota for each CloudTrail API, see Service quotas in the AWS General Reference.
