AWS Firewall Manager endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 |
fms.us-east-2.amazonaws.com fms-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
US East (N. Virginia) | us-east-1 |
fms.us-east-1.amazonaws.com fms-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
US West (N. California) | us-west-1 |
fms.us-west-1.amazonaws.com fms-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
US West (Oregon) | us-west-2 |
fms.us-west-2.amazonaws.com fms-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
Africa (Cape Town) | af-south-1 |
fms.af-south-1.amazonaws.com fms-fips.af-south-1.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 |
fms.ap-east-1.amazonaws.com fms-fips.ap-east-1.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Hyderabad) | ap-south-2 | fms.ap-south-2.amazonaws.com | HTTPS |
Asia Pacific (Jakarta) | ap-southeast-3 | fms.ap-southeast-3.amazonaws.com | HTTPS |
Asia Pacific (Melbourne) | ap-southeast-4 | fms.ap-southeast-4.amazonaws.com | HTTPS |
Asia Pacific (Mumbai) | ap-south-1 |
fms.ap-south-1.amazonaws.com fms-fips.ap-south-1.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Osaka) | ap-northeast-3 | fms.ap-northeast-3.amazonaws.com | HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 |
fms.ap-northeast-2.amazonaws.com fms-fips.ap-northeast-2.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 |
fms.ap-southeast-1.amazonaws.com fms-fips.ap-southeast-1.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 |
fms.ap-southeast-2.amazonaws.com fms-fips.ap-southeast-2.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 |
fms.ap-northeast-1.amazonaws.com fms-fips.ap-northeast-1.amazonaws.com |
HTTPS HTTPS |
Canada (Central) | ca-central-1 |
fms.ca-central-1.amazonaws.com fms-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
Europe (Frankfurt) | eu-central-1 |
fms.eu-central-1.amazonaws.com fms-fips.eu-central-1.amazonaws.com |
HTTPS HTTPS |
Europe (Ireland) | eu-west-1 |
fms.eu-west-1.amazonaws.com fms-fips.eu-west-1.amazonaws.com |
HTTPS HTTPS |
Europe (London) | eu-west-2 |
fms.eu-west-2.amazonaws.com fms-fips.eu-west-2.amazonaws.com |
HTTPS HTTPS |
Europe (Milan) | eu-south-1 |
fms.eu-south-1.amazonaws.com fms-fips.eu-south-1.amazonaws.com |
HTTPS HTTPS |
Europe (Paris) | eu-west-3 |
fms.eu-west-3.amazonaws.com fms-fips.eu-west-3.amazonaws.com |
HTTPS HTTPS |
Europe (Spain) | eu-south-2 | fms.eu-south-2.amazonaws.com | HTTPS |
Europe (Stockholm) | eu-north-1 | fms.eu-north-1.amazonaws.com | HTTPS |
Europe (Zurich) | eu-central-2 | fms.eu-central-2.amazonaws.com | HTTPS |
Israel (Tel Aviv) | il-central-1 | fms.il-central-1.amazonaws.com | HTTPS |
Middle East (Bahrain) | me-south-1 |
fms.me-south-1.amazonaws.com fms-fips.me-south-1.amazonaws.com |
HTTPS HTTPS |
Middle East (UAE) | me-central-1 | fms.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 |
fms.sa-east-1.amazonaws.com fms-fips.sa-east-1.amazonaws.com |
HTTPS HTTPS |
AWS GovCloud (US-East) | us-gov-east-1 |
fms.us-gov-east-1.amazonaws.com fms-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS |
AWS GovCloud (US-West) | us-gov-west-1 |
fms.us-gov-west-1.amazonaws.com fms-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
Service quotas
Name | Default | Adjustable | Description |
---|---|---|---|
AWS WAF Classic rule groups per AWS WAF Classic policy | Each supported Region: 2 | No | The maximum number of AWS WAF Classic rule groups that you can use in a Firewall Manager AWS WAF Classic policy. |
Amazon VPC instances in scope of a common security group policy | Each supported Region: 100 |
Yes |
The maximum number of Amazon VPC instances that you can have in scope per Firewall Manager common security group policy per account. This number represents the combined count of VPCs that you own and VPCs that are shared with you. |
Applications per application list | Each supported Region: 50 |
Yes |
The maximum number of applications that you can define in an application list. |
Audit security groups per security group content audit policy | Each supported Region: 1 |
Yes |
The maximum number of audit security groups that you can use in a Firewall Manager content audit security group policy. |
Custom managed application lists in any content audit security group policy setting | Each supported Region: 1 |
Yes |
The maximum number of custom managed application lists that you can use in any setting in a Firewall Manager content audit security group policy. |
Custom managed application lists per account | Each supported Region: 10 |
Yes |
The maximum number of custom managed application lists that you can define for an account. |
Custom managed protocol lists in any content audit security group policy setting | Each supported Region: 1 |
Yes |
The maximum number of custom managed protocol lists that you can use in any setting in a Firewall Manager content audit security group policy. |
Custom managed protocol lists per account | Each supported Region: 10 |
Yes |
The maximum number of custom managed protocol lists that you can define for an account. |
Explicitly included or excluded accounts per policy per Region | Each supported Region: 200 |
Yes |
The maximum number of accounts per Region that you can explicitly include in scope or explicitly exclude from scope for a Firewall Manager policy. |
Firewall Manager policies per organization per Region | Each supported Region: 50 |
Yes |
The maximum number of Firewall Manager policies for any pair of Region and organization in AWS Organizations. |
IPV4 CIDRs for a Network Firewall policy | Each supported Region: 50 | No | The maximum number of IPV4 CIDR ranges that you can provide in a single Firewall Manager Network Firewall policy, for use in firewall endpoint management. |
Organizational units in scope per policy per Region | Each supported Region: 20 |
Yes |
The maximum number of organizational units that can be in scope of a Firewall Manager policy for any Region. |
Primary security groups per common security group policy | Each supported Region: 3 |
Yes |
The maximum number of primary security groups that you can use in a Firewall Manager common security group policy. |
Protocols per protocol list | Each supported Region: 5 |
Yes |
The maximum number of protocols that you can define in a protocol list. |
Route 53 Resolver DNS Firewall rule groups per DNS Firewall policy | Each supported Region: 2 |
Yes |
The maximum number of Route 53 Resolver DNS Firewall rule groups that you can use in a Firewall Manager DNS Firewall policy. |
Rule groups per AWS WAF policy | Each supported Region: 50 |
Yes |
The maximum number of rule groups that you can use in a Firewall Manager AWS WAF policy. |
Tags to include or exclude resources per policy | Each supported Region: 8 |
Yes |
The maximum number of tags that you can use to include or exclude resources for a Firewall Manager policy. |
VPCs that a single Network Firewall policy can automatically remediate | Each supported Region: 1,000 | No | The maximum number of VPCs that a single Firewall Manager Network Firewall policy can automatically remediate. |
Web ACL capacity units (WCU) used in an AWS WAF policy | Each supported Region: 5,000 | No | The maximum combined number of web ACL capacity units (WCU) for all of the rule groups used in a Firewall Manager AWS WAF policy. The WCU usage for a rule group is fixed by the rule group owner at creation time. |
For more information, see AWS Firewall Manager quotas in the AWS Firewall Manager Developer Guide.