AWS Firewall Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

Region Name	Region	Endpoint	Protocol
US East (Ohio)	us-east-2	fms.us-east-2.amazonaws.com fms-fips.us-east-2.amazonaws.com	HTTPS HTTPS
US East (N. Virginia)	us-east-1	fms.us-east-1.amazonaws.com fms-fips.us-east-1.amazonaws.com	HTTPS HTTPS
US West (N. California)	us-west-1	fms.us-west-1.amazonaws.com fms-fips.us-west-1.amazonaws.com	HTTPS HTTPS
US West (Oregon)	us-west-2	fms.us-west-2.amazonaws.com fms-fips.us-west-2.amazonaws.com	HTTPS HTTPS
Africa (Cape Town)	af-south-1	fms.af-south-1.amazonaws.com fms-fips.af-south-1.amazonaws.com	HTTPS HTTPS
Asia Pacific (Hong Kong)	ap-east-1	fms.ap-east-1.amazonaws.com fms-fips.ap-east-1.amazonaws.com	HTTPS HTTPS
Asia Pacific (Hyderabad)	ap-south-2	fms.ap-south-2.amazonaws.com	HTTPS
Asia Pacific (Jakarta)	ap-southeast-3	fms.ap-southeast-3.amazonaws.com	HTTPS
Asia Pacific (Melbourne)	ap-southeast-4	fms.ap-southeast-4.amazonaws.com	HTTPS
Asia Pacific (Mumbai)	ap-south-1	fms.ap-south-1.amazonaws.com fms-fips.ap-south-1.amazonaws.com	HTTPS HTTPS
Asia Pacific (Osaka)	ap-northeast-3	fms.ap-northeast-3.amazonaws.com	HTTPS
Asia Pacific (Seoul)	ap-northeast-2	fms.ap-northeast-2.amazonaws.com fms-fips.ap-northeast-2.amazonaws.com	HTTPS HTTPS
Asia Pacific (Singapore)	ap-southeast-1	fms.ap-southeast-1.amazonaws.com fms-fips.ap-southeast-1.amazonaws.com	HTTPS HTTPS
Asia Pacific (Sydney)	ap-southeast-2	fms.ap-southeast-2.amazonaws.com fms-fips.ap-southeast-2.amazonaws.com	HTTPS HTTPS
Asia Pacific (Tokyo)	ap-northeast-1	fms.ap-northeast-1.amazonaws.com fms-fips.ap-northeast-1.amazonaws.com	HTTPS HTTPS
Canada (Central)	ca-central-1	fms.ca-central-1.amazonaws.com fms-fips.ca-central-1.amazonaws.com	HTTPS HTTPS
Europe (Frankfurt)	eu-central-1	fms.eu-central-1.amazonaws.com fms-fips.eu-central-1.amazonaws.com	HTTPS HTTPS
Europe (Ireland)	eu-west-1	fms.eu-west-1.amazonaws.com fms-fips.eu-west-1.amazonaws.com	HTTPS HTTPS
Europe (London)	eu-west-2	fms.eu-west-2.amazonaws.com fms-fips.eu-west-2.amazonaws.com	HTTPS HTTPS
Europe (Milan)	eu-south-1	fms.eu-south-1.amazonaws.com fms-fips.eu-south-1.amazonaws.com	HTTPS HTTPS
Europe (Paris)	eu-west-3	fms.eu-west-3.amazonaws.com fms-fips.eu-west-3.amazonaws.com	HTTPS HTTPS
Europe (Spain)	eu-south-2	fms.eu-south-2.amazonaws.com	HTTPS
Europe (Stockholm)	eu-north-1	fms.eu-north-1.amazonaws.com	HTTPS
Europe (Zurich)	eu-central-2	fms.eu-central-2.amazonaws.com	HTTPS
Israel (Tel Aviv)	il-central-1	fms.il-central-1.amazonaws.com	HTTPS
Middle East (Bahrain)	me-south-1	fms.me-south-1.amazonaws.com fms-fips.me-south-1.amazonaws.com	HTTPS HTTPS
Middle East (UAE)	me-central-1	fms.me-central-1.amazonaws.com	HTTPS
South America (São Paulo)	sa-east-1	fms.sa-east-1.amazonaws.com fms-fips.sa-east-1.amazonaws.com	HTTPS HTTPS
AWS GovCloud (US-East)	us-gov-east-1	fms.us-gov-east-1.amazonaws.com fms-fips.us-gov-east-1.amazonaws.com	HTTPS HTTPS
AWS GovCloud (US-West)	us-gov-west-1	fms.us-gov-west-1.amazonaws.com fms-fips.us-gov-west-1.amazonaws.com	HTTPS HTTPS

Service quotas

Name	Default	Adjustable	Description
AWS WAF Classic rule groups per AWS WAF Classic policy	Each supported Region: 2	No	The maximum number of AWS WAF Classic rule groups that you can use in a Firewall Manager AWS WAF Classic policy.
Amazon VPC instances in scope of a common security group policy	Each supported Region: 100	Yes	The maximum number of Amazon VPC instances that you can have in scope per Firewall Manager common security group policy per account. This number represents the combined count of VPCs that you own and VPCs that are shared with you.
Applications per application list	Each supported Region: 50	Yes	The maximum number of applications that you can define in an application list.
Audit security groups per security group content audit policy	Each supported Region: 1	Yes	The maximum number of audit security groups that you can use in a Firewall Manager content audit security group policy.
Custom managed application lists in any content audit security group policy setting	Each supported Region: 1	Yes	The maximum number of custom managed application lists that you can use in any setting in a Firewall Manager content audit security group policy.
Custom managed application lists per account	Each supported Region: 10	Yes	The maximum number of custom managed application lists that you can define for an account.
Custom managed protocol lists in any content audit security group policy setting	Each supported Region: 1	Yes	The maximum number of custom managed protocol lists that you can use in any setting in a Firewall Manager content audit security group policy.
Custom managed protocol lists per account	Each supported Region: 10	Yes	The maximum number of custom managed protocol lists that you can define for an account.
Explicitly included or excluded accounts per policy per Region	Each supported Region: 200	Yes	The maximum number of accounts per Region that you can explicitly include in scope or explicitly exclude from scope for a Firewall Manager policy.
Firewall Manager policies per organization per Region	Each supported Region: 50	Yes	The maximum number of Firewall Manager policies for any pair of Region and organization in AWS Organizations.
IPV4 CIDRs for a Network Firewall policy	Each supported Region: 50	No	The maximum number of IPV4 CIDR ranges that you can provide in a single Firewall Manager Network Firewall policy, for use in firewall endpoint management.
Organizational units in scope per policy per Region	Each supported Region: 20	Yes	The maximum number of organizational units that can be in scope of a Firewall Manager policy for any Region.
Primary security groups per common security group policy	Each supported Region: 3	Yes	The maximum number of primary security groups that you can use in a Firewall Manager common security group policy.
Protocols per protocol list	Each supported Region: 5	Yes	The maximum number of protocols that you can define in a protocol list.
Route 53 Resolver DNS Firewall rule groups per DNS Firewall policy	Each supported Region: 2	Yes	The maximum number of Route 53 Resolver DNS Firewall rule groups that you can use in a Firewall Manager DNS Firewall policy.
Rule groups per AWS WAF policy	Each supported Region: 50	Yes	The maximum number of rule groups that you can use in a Firewall Manager AWS WAF policy.
Tags to include or exclude resources per policy	Each supported Region: 8	Yes	The maximum number of tags that you can use to include or exclude resources for a Firewall Manager policy.
VPCs that a single Network Firewall policy can automatically remediate	Each supported Region: 1,000	No	The maximum number of VPCs that a single Firewall Manager Network Firewall policy can automatically remediate.
Web ACL capacity units (WCU) used in an AWS WAF policy	Each supported Region: 5,000	No	The maximum combined number of web ACL capacity units (WCU) for all of the rule groups used in a Firewall Manager AWS WAF policy. The WCU usage for a rule group is fixed by the rule group owner at creation time.

For more information, see AWS Firewall Manager quotas in the AWS Firewall Manager Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS FIS

Forecast