AWS WAF endpoints and quotas - AWS General Reference

AWS WAF endpoints and quotas

Note

This page provides information related the latest version of AWS WAF, released in November 2019. The names of the entities that you use to access AWS WAF, like endpoints and namespaces, all have the versioning information added, like V2 or v2, to distinguish from the prior version.

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service Endpoints

AWS WAF has a single endpoint: wafv2.amazonaws.com. It supports HTTPS requests only.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

wafv2.us-east-2.amazonaws.com

wafv2-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

wafv2.us-east-1.amazonaws.com

wafv2-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

wafv2.us-west-1.amazonaws.com

wafv2-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

wafv2.us-west-2.amazonaws.com

wafv2-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Africa (Cape Town) af-south-1

wafv2.af-south-1.amazonaws.com

wafv2-fips.af-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1

wafv2.ap-east-1.amazonaws.com

wafv2-fips.ap-east-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Mumbai) ap-south-1

wafv2.ap-south-1.amazonaws.com

wafv2-fips.ap-south-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Seoul) ap-northeast-2

wafv2.ap-northeast-2.amazonaws.com

wafv2-fips.ap-northeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Singapore) ap-southeast-1

wafv2.ap-southeast-1.amazonaws.com

wafv2-fips.ap-southeast-1.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Sydney) ap-southeast-2

wafv2.ap-southeast-2.amazonaws.com

wafv2-fips.ap-southeast-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Tokyo) ap-northeast-1

wafv2.ap-northeast-1.amazonaws.com

wafv2-fips.ap-northeast-1.amazonaws.com

HTTPS

HTTPS

Canada (Central) ca-central-1

wafv2.ca-central-1.amazonaws.com

wafv2-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1

wafv2.eu-central-1.amazonaws.com

wafv2-fips.eu-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Ireland) eu-west-1

wafv2.eu-west-1.amazonaws.com

wafv2-fips.eu-west-1.amazonaws.com

HTTPS

HTTPS

Europe (London) eu-west-2

wafv2.eu-west-2.amazonaws.com

wafv2-fips.eu-west-2.amazonaws.com

HTTPS

HTTPS

Europe (Milan) eu-south-1

wafv2.eu-south-1.amazonaws.com

wafv2-fips.eu-south-1.amazonaws.com

HTTPS

HTTPS

Europe (Paris) eu-west-3

wafv2.eu-west-3.amazonaws.com

wafv2-fips.eu-west-3.amazonaws.com

HTTPS

HTTPS

Europe (Stockholm) eu-north-1

wafv2.eu-north-1.amazonaws.com

wafv2-fips.eu-north-1.amazonaws.com

HTTPS

HTTPS

Middle East (Bahrain) me-south-1

wafv2.me-south-1.amazonaws.com

wafv2-fips.me-south-1.amazonaws.com

HTTPS

HTTPS

South America (São Paulo) sa-east-1

wafv2.sa-east-1.amazonaws.com

wafv2-fips.sa-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US) us-gov-west-1

wafv2.us-gov-west-1.amazonaws.com

wafv2-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Service Quotas

AWS WAF has default quotas on the number of entities per account. You can request an increase in these quotas.

Resource Default

Web ACLs per Region

100

Rule groups per Region

100

Web ACL capacity units (WCUs) per web ACL

1,500

WCUs per rule group

1,500

IP sets per Region

100

Requests per second per web ACL (applies only to Application Load Balancers)

10,000

*This quota applies only to AWS WAF on an Application Load Balancer and Amazon API Gateway API. Requests per Second (RPS) quotas for AWS WAF on CloudFront are the same as the RPS quotas support by CloudFront described in the Amazon CloudFront Developer Guide.

The following quotas on AWS WAF entities can't be changed.

Resource Default
Maximum number of references (to IP sets and regex pattern sets) per rule group

50

Maximum number of references (to IP sets, regex pattern sets, and rule groups) per web ACL

50

IP addresses in CIDR notation per IP set

10,000

Unique IP addresses that can be blocked per rate-based rule

10,000

Maximum characters allowed for a string match statement

200

Maximum characters allowed for each regex pattern

200

Unique regex patterns per regex set

10

Regex sets per Region

10

Maximum size of a web request body that can be inspected

8 KB

Maximum number of rate-based rules per account

10

Minimum request rate that can be defined for a rate-based rule

100

These quotas are the same for all Regions in which AWS WAF is available. Each Region is subject to these quotas individually. That is, the quotas are not cumulative across regions.