AWS WAF endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Note
AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.
Note
This page provides information related the latest version of AWS WAF, released in
November 2019. The names of the entities that you use to access AWS WAF, like endpoints
and namespaces, all have the versioning information added, like V2 or
v2, to distinguish from the prior version.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
wafv2.us-east-2.amazonaws.com wafv2-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
wafv2.us-east-1.amazonaws.com wafv2-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
wafv2.us-west-1.amazonaws.com wafv2-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
wafv2.us-west-2.amazonaws.com wafv2-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 |
wafv2.af-south-1.amazonaws.com wafv2-fips.af-south-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 |
wafv2.ap-east-1.amazonaws.com wafv2-fips.ap-east-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 |
wafv2.ap-south-2.amazonaws.com wafv2-fips.ap-south-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 |
wafv2.ap-southeast-3.amazonaws.com wafv2-fips.ap-southeast-3.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 |
wafv2.ap-southeast-5.amazonaws.com wafv2-fips.ap-southeast-5.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 |
wafv2.ap-southeast-4.amazonaws.com wafv2-fips.ap-southeast-4.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 |
wafv2.ap-south-1.amazonaws.com wafv2-fips.ap-south-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 |
wafv2.ap-northeast-3.amazonaws.com wafv2-fips.ap-northeast-3.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 |
wafv2.ap-northeast-2.amazonaws.com wafv2-fips.ap-northeast-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 |
wafv2.ap-southeast-1.amazonaws.com wafv2-fips.ap-southeast-1.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 |
wafv2.ap-southeast-2.amazonaws.com wafv2-fips.ap-southeast-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 |
wafv2.ap-northeast-1.amazonaws.com wafv2-fips.ap-northeast-1.amazonaws.com |
HTTPS HTTPS |
| Canada (Central) | ca-central-1 |
wafv2.ca-central-1.amazonaws.com wafv2-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Canada West (Calgary) | ca-west-1 |
wafv2.ca-west-1.amazonaws.com wafv2-fips.ca-west-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 |
wafv2.eu-central-1.amazonaws.com wafv2-fips.eu-central-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Ireland) | eu-west-1 |
wafv2.eu-west-1.amazonaws.com wafv2-fips.eu-west-1.amazonaws.com |
HTTPS HTTPS |
| Europe (London) | eu-west-2 |
wafv2.eu-west-2.amazonaws.com wafv2-fips.eu-west-2.amazonaws.com |
HTTPS HTTPS |
| Europe (Milan) | eu-south-1 |
wafv2.eu-south-1.amazonaws.com wafv2-fips.eu-south-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Paris) | eu-west-3 |
wafv2.eu-west-3.amazonaws.com wafv2-fips.eu-west-3.amazonaws.com |
HTTPS HTTPS |
| Europe (Spain) | eu-south-2 |
wafv2.eu-south-2.amazonaws.com wafv2-fips.eu-south-2.amazonaws.com |
HTTPS HTTPS |
| Europe (Stockholm) | eu-north-1 |
wafv2.eu-north-1.amazonaws.com wafv2-fips.eu-north-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Zurich) | eu-central-2 |
wafv2.eu-central-2.amazonaws.com wafv2-fips.eu-central-2.amazonaws.com |
HTTPS HTTPS |
| Israel (Tel Aviv) | il-central-1 |
wafv2.il-central-1.amazonaws.com wafv2-fips.il-central-1.amazonaws.com |
HTTPS HTTPS |
| Middle East (Bahrain) | me-south-1 |
wafv2.me-south-1.amazonaws.com wafv2-fips.me-south-1.amazonaws.com |
HTTPS HTTPS |
| Middle East (UAE) | me-central-1 |
wafv2.me-central-1.amazonaws.com wafv2-fips.me-central-1.amazonaws.com |
HTTPS HTTPS |
| South America (São Paulo) | sa-east-1 |
wafv2.sa-east-1.amazonaws.com wafv2-fips.sa-east-1.amazonaws.com |
HTTPS HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
wafv2.us-gov-east-1.amazonaws.com wafv2-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
wafv2.us-gov-west-1.amazonaws.com wafv2-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
Service quotas
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Maximum IP sets per account in WAF for CloudFront | Each supported Region: 100 | No | The maximum number of IP sets you can create in your account for CloudFront. |
| Maximum IP sets per account in WAF for regional | Each supported Region: 100 | No | The maximum number of IP sets you can create in your account for regional. |
| Maximum combined size in kilobytes of all response body content for a single rule group or a single web ACL for CloudFront | Each supported Region: 50 | No | The maximum combined size in kilobytes of all response body content for a single rule group or a single web ACL for CloudFront. |
| Maximum combined size in kilobytes of all response body content for a single rule group or a single web ACL for regional | Each supported Region: 50 | No | The maximum combined size in kilobytes of all response body content for a single rule group or a single web AC for regional. |
| Maximum number of IP addresses in an IP set in WAF for CloudFront | Each supported Region: 10,000 | No | The maximum number of IP addresses allowed in an IP set for CloudFront. |
| Maximum number of IP addresses in an IP set in WAF for regional | Each supported Region: 10,000 | No | The maximum number of IP addresses allowed in an IP set for regional. |
| Maximum number of bytes in a string match (byte match) string in WAF for CloudFront | Each supported Region: 200 | No | The maximum number of bytes you can create in a string match (byte match) string for CloudFront. |
| Maximum number of bytes in a string match (byte match) string in WAF for regional | Each supported Region: 200 | No | The maximum number of bytes you can create in a string match (byte match) string for regional. |
| Maximum number of characters allowed in a regex pattern per account in WAF for Cloudfront | Each supported Region: 200 | No | The maximum number of characters allowed in a regex pattern in your account for CloudFront. |
| Maximum number of characters allowed in a regex pattern per account in WAF for regional | Each supported Region: 200 | No | The maximum number of characters allowed in a regex pattern in your account for regional. |
| Maximum number of custom headers for a single custom request definition for CloudFront | Each supported Region: 10 | No | The maximum number of custom headers for a single custom request definition for CloudFront. |
| Maximum number of custom headers for a single custom request definition for regional | Each supported Region: 10 | No | The maximum number of custom headers for a single custom request definition for regional. |
| Maximum number of custom headers for a single custom response definition for CloudFront | Each supported Region: 10 | No | The maximum number of custom headers for a single custom response definition for CloudFront. |
| Maximum number of custom headers for a single custom response definition for regional | Each supported Region: 10 | No | The maximum number of custom headers for a single custom response definition for regional. |
| Maximum number of custom request headers per web ACL or rule group for CloudFront | Each supported Region: 100 |
Yes |
The maximum number of custom request headers per web ACL or rule group for CloudFront. |
| Maximum number of custom request headers per web ACL or rule group for regional | Each supported Region: 100 |
Yes |
The maximum number of custom request headers per web ACL or rule group for regional. |
| Maximum number of custom response bodies per web ACL or rule group for CloudFront | Each supported Region: 50 |
Yes |
The maximum number of custom response bodies per web ACL or rule group for CloudFront. |
| Maximum number of custom response bodies per web ACL or rule group for regional | Each supported Region: 50 |
Yes |
The maximum number of custom response bodies per web ACL or rule group for regional. |
| Maximum number of custom response headers per web ACL or rule group for CloudFront | Each supported Region: 100 |
Yes |
The maximum number of custom response headers per web ACL or rule group for CloudFront. |
| Maximum number of custom response headers per web ACL or rule group for regional | Each supported Region: 100 |
Yes |
The maximum number of custom response headers per web ACL or rule group for regional. |
| Maximum number of log destination configs per web ACL in WAF for Cloudfront | Each supported Region: 1 | No | The maximum number of log destination configs allowed in a web ACL for CloudFront. |
| Maximum number of log destination configs per web ACL in WAF for regional | Each supported Region: 1 | No | The maximum number of log destination configs allowed in a web ACL for regional. |
| Maximum number of patterns in a regex pattern set per account in WAF for Cloudfront | Each supported Region: 10 | No | The maximum number of patterns in a regex pattern set you can create in your account for CloudFront. |
| Maximum number of patterns in a regex pattern set per account in WAF for regional | Each supported Region: 10 | No | The maximum number of patterns in a regex pattern set you can create in your account for regional. |
| Maximum number of rate-based statements per web ACL in WAF for Cloudfront | Each supported Region: 10 | No | The maximum number of rate-based statements allowed in a web ACL for CloudFront. |
| Maximum number of rate-based statements per web ACL in WAF for regional | Each supported Region: 10 | No | The maximum number of rate-based statements allowed in a web ACL for CloudFront. |
| Maximum number of referenced statements per rule group or web ACL in WAF for Cloudfront | Each supported Region: 50 | No | The maximum number of referenced statements allowed within a rule group or web ACL for CloudFront. |
| Maximum number of referenced statements per rule group or web ACL in WAF for regional | Each supported Region: 50 | No | The maximum number of referenced statements allowed within a rule group or web ACL for regional. |
| Maximum number of requests per second per web ACL for CloudFront | Each supported Region: 25,000 |
Yes |
The maximum number of requests per second per web ACL for CloudFront. |
| Maximum number of requests per second per web ACL for regional | Each supported Region: 25,000 |
Yes |
The maximum number of requests per second per web ACL for regional. |
| Maximum number of text transformations per rule statement for CloudFront | Each supported Region: 3 | No | The maximum number of text transformations per rule statement for CloudFront. |
| Maximum number of text transformations per rule statement for regional | Each supported Region: 3 | No | The maximum number of text transformations per rule statement for regional. |
| Maximum number of unique IP addresses that can be blocked per rate-based rule for CloudFront | Each supported Region: 10,000 | No | The maximum number of unique IP addresses that can be blocked per rate-based rule for CloudFront. |
| Maximum number of unique IP addresses that can be blocked per rate-based rule for regional | Each supported Region: 10,000 | No | The maximum number of unique IP addresses that can be blocked per rate-based rule for regional. |
| Maximum number of web ACL capacity units in a rule group in WAF for CloudFront | Each supported Region: 5,000 | No | The maximum number of web ACL capacity units allowed in a rule group for CloudFront. |
| Maximum number of web ACL capacity units in a rule group in WAF for regional | Each supported Region: 5,000 | No | The maximum number of web ACL capacity units allowed in a rule group for regional. |
| Maximum number of web ACL capacity units in a web ACL in WAF for CloudFront | Each supported Region: 5,000 | No | The maximum number of web ACL capacity units allowed in a web ACL for CloudFront. |
| Maximum number of web ACL capacity units in a web ACL in WAF for regional | Each supported Region: 5,000 | No | The maximum number of web ACL capacity units allowed in a web ACL for regional. |
| Maximum regex pattern sets per account in WAF for CloudFront | Each supported Region: 10 | No | The maximum number of regex pattern sets you can create in your account for CloudFront. |
| Maximum regex pattern sets per account in WAF for regional | Each supported Region: 10 | No | The maximum number of regex pattern sets you can create in your account for regional. |
| Maximum rule groups per account in WAF for CloudFront | Each supported Region: 100 |
Yes |
The maximum number of rule groups you can create in your account for CloudFront. |
| Maximum rule groups per account in WAF for regional | Each supported Region: 100 |
Yes |
The maximum number of rule groups you can create in your account for regional. |
| Maximum size in kilobytes of a web request body that can be inspected for Application Load Balancer and AWS AppSync protections | Each supported Region: 8 | No | The maximum size in kilobytes of a web request body that can be inspected for Application Load Balancer and AWS AppSync protections. |
| Maximum size in kilobytes of a web request body that can be inspected for CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access protections | Each supported Region: 64 | No | The maximum size in kilobytes of a web request body that can be inspected for CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access protections. |
| Maximum size in kilobytes of the custom response body content for a single custom response definition for CloudFront | Each supported Region: 4 | No | The maximum size in kilobytes of the custom response body content for a single custom response definition for CloudFront. |
| Maximum size in kilobytes of the custom response body content for a single custom response definition for regional | Each supported Region: 4 | No | The maximum size in kilobytes of the custom response body content for a single custom response definition for regional. |
| Maximum web ACLs per account in WAF for CloudFront | Each supported Region: 100 |
Yes |
The maximum number of web ACLs you can create in your account for CloudFront. |
| Maximum web ACLs per account in WAF for regional | Each supported Region: 100 |
Yes |
The maximum number of web ACLs you can create in your account for regional. |
| Minimum request rate that can be defined for a rate-based rule for CloudFront | Each supported Region: 100 | No | The minimum request rate that can be defined for a rate-based rule for CloudFront. |
| Minimum request rate that can be defined for a rate-based rule for regional | Each supported Region: 100 | No | The minimum request rate that can be defined for a rate-based rule for regional. |
| Number of token domains per web ACL for CloudFront | Each supported Region: 10 |
Yes |
The number of token domains per web ACL for CloudFront. |
| Number of token domains per web ACL for regional | Each supported Region: 10 |
Yes |
The number of token domains per web ACL for regional. |
For more information, see AWS WAF quotas in the AWS WAF Developer Guide.
