AWS IoT Device Defender endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Note
AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
iot.us-east-2.amazonaws.com iot-fips.us-east-2.amazonaws.com |
https https |
| US East (N. Virginia) | us-east-1 |
iot.us-east-1.amazonaws.com iot-fips.us-east-1.amazonaws.com |
https https |
| US West (N. California) | us-west-1 |
iot.us-west-1.amazonaws.com iot-fips.us-west-1.amazonaws.com |
https https |
| US West (Oregon) | us-west-2 |
iot.us-west-2.amazonaws.com iot-fips.us-west-2.amazonaws.com |
https https |
| Asia Pacific (Hong Kong) | ap-east-1 | iot.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | iot.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | iot.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | iot.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | iot.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | iot.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 |
iot.ca-central-1.amazonaws.com iot-fips.ca-central-1.amazonaws.com |
https https |
| Europe (Frankfurt) | eu-central-1 | iot.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | iot.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | iot.eu-west-2.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | iot.eu-west-3.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | iot.eu-north-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | iot.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | iot.me-central-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
iot.us-gov-east-1.amazonaws.com iot-fips.us-gov-east-1.amazonaws.com |
https https |
| AWS GovCloud (US-West) | us-gov-west-1 |
iot.us-gov-west-1.amazonaws.com iot-fips.us-gov-west-1.amazonaws.com |
https https |
Service quotas
Limit display name |
Description |
Default value |
Adjustable |
|---|---|---|---|
The maximum number of scheduled audits. |
5 |
No |
|
The maximum number of simultaneous in progress on-demand audits. |
10 |
No |
|
The maximum time, in days, that audit findings are stored after being reported. |
90 |
No |
The following service quotas apply to mitigation actions and audit mitigation action tasks:
Limit display name |
Description |
Default value |
Adjustable |
|---|---|---|---|
The maximum number of mitigation actions. |
100 |
No |
| Resource | Limit |
|---|---|
| Number of audit mitigation action tasks running at the same time | 10 tasks |
| Retention period for audit mitigation action tasks | 90 days |
Limit display name |
Description |
Default value |
Adjustable |
|---|---|---|---|
The maximum number of behavior metric value elements (counts, IP addresses, ports) for each security profile. |
1000 |
No |
|
The maximum number of behaviors for each security profile |
100 |
No |
|
The maximum number of detect custom metrics. |
100 |
||
The minimum time, in seconds, that a device must wait between sending metric reports. |
300 Seconds |
||
The maximum number of device-side metric reports that can be sent, per second, from all devices in an account. |
3500 |
||
The maximum number of detect metric dimensions. |
10 |
No |
|
The maximum number of security profiles for each target (things or thing groups in the AWS account). |
5 |
No |
|
The maximum time, in days, that detect metrics are stored after being ingested. |
14 |
No |
|
The maximum time, in days, that detect violations are stored after being generated. |
30 |
No |
AWS IoT Device Defender API throttling limits
This table describes the maximum number of transactions per second (TPS) that can be made to each of these AWS IoT Device Defender API actions.
Limit display name |
Description |
Default value |
Adjustable |
|---|---|---|---|
The maximum number of transactions per second (TPS) that can be made for the AttachSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CancelAuditMitigationActionsTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CancelAuditTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CancelDetectMitigationActionsTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateAuditSuppression API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateCustomMetric API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateMitigationAction API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateScheduledAudit API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteAccountAuditConfiguration API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteAuditSuppression API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteCustomMetric API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteDimension API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteMitigationAction API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteScheduledAudit API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeAccountAuditConfiguration API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeAuditFinding API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeAuditMitigationActionsTask API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeAuditSuppression API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeAuditTask API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeCustomMetric API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeDetectMitigationActionsTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeDimension API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeMitigationAction API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeScheduledAudit API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeSecurityProfile API. |
25 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DetachSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListActiveViolations API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAuditFindings API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAuditMitigationActionsExecutions API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAuditMitigationActionsTasks API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAuditSuppressions API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAuditTasks API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListCustomMetrics API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListDetectMitigationActionsExecutions API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListDetectMitigationActionsTasks API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListDimensions API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListMetricValues API. |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the ListMitigationActions API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListScheduledAudits API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListSecurityProfiles API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListSecurityProfilesForTarget API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListTargetsForSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListViolationEvents API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the PutVerificationStateOnViolation API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the StartAuditMitigationActionsTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the StartDetectMitigationActionsTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the StartOnDemandAuditTask API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateAccountAuditConfiguration API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateAuditSuppression API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateCustomMetric API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateDimension API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateMitigationAction API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateScheduledAudit API. |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateSecurityProfile API. |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ValidateSecurityProfileBehaviors API. |
10 |
No |
