AWS PrivateLink quotas

Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased. If you request a quota increase that applies per resource, we increase the quota for all resources in the Region.

To request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Request throttling

The API actions for AWS PrivateLink are part of the Amazon EC2 API. Amazon EC2 throttles its API requests at the AWS account level. For more information, see Request throttling in the Amazon EC2 Developer Guide. In addition, API requests are also throttled at the organization level to help the performance of AWS PrivateLink. If you are using AWS Organizations and you receive a RequestLimitExceeded error code while you are still within your account-level API limits, contact your account team or AWS Support for help identifying the accounts in your organization that are making a large number of API calls. You can open a technical support case using the VPC service and the VPC Endpoints category. Be sure to attach an image of the RequestLimitExceeded error code.

VPC endpoint quotas

Your AWS account has the following quotas related to VPC endpoints.

Name	Default	Adjustable	Comments
Interface and Gateway Load Balancer endpoints per VPC	50	Yes	This is a combined quota for interface endpoints and Gateway Load Balancer endpoints
Gateway VPC endpoints per Region	20	Yes	You can create up to 255 gateway endpoints per VPC
Characters per VPC endpoint policy	20,480	No	The maximum size of a VPC endpoint policy, including white space

The following considerations apply to traffic that passes through a VPC endpoint:

By default, each VPC endpoint can support a bandwidth of up to 10 Gbps per Availability Zone, and automatically scales up to 100 Gbps. The maximum bandwidth for a VPC endpoint, when distributing the load across all Availability Zones, is the number of Availability Zones multiplied by 100 Gbps. If your application needs higher throughput, contact AWS support.
The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed through a VPC endpoint. The larger the MTU, the more data that can be passed in a single packet. A VPC endpoint supports an MTU of 8500 bytes. Packets with a size larger than 8500 bytes that arrive at the VPC endpoint are dropped.
Path MTU Discovery (PMTUD) is not supported. VPC endpoints do not generate the following ICMP message: Destination Unreachable: Fragmentation needed and Don't Fragment was Set (Type 3, Code 4).
VPC endpoints enforce Maximum Segment Size (MSS) clamping for all packets. For more information, see RFC879.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CloudWatch metrics

Document history