Menu
Sign In to the Console
Amazon Web Services
General Reference (Version 1.0)

AWS Documentation » General Reference » AWS Service Limits

AWS Service Limits

The following tables provide the default limits for AWS services for an AWS account. Unless otherwise noted, each limit is region-specific. Many services contain limits that cannot be changed. For more information about the limits for a specific service, see the documentation for that service.

AWS Trusted Advisor offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services. For more information, see Service Limits Check Questions in the Trusted Advisor FAQs.

You can take the following steps to request an increase for limits. These increases are not granted immediately, so it may take a couple of days for your increase to become effective.

To request a limit increase

  1. Open the AWS Support Center page, sign in if necessary, and choose Create Case.

  2. For Regarding, choose Service Limit Increase.

  3. Complete Limit Type, Use Case Description, and Contact method. If this request is urgent, choose Phone as the method of contact instead of Web.

  4. Choose Submit.

Default Limits

Amazon API Gateway Limits

The following limits apply to configuring and running an API in Amazon API Gateway and can be increased upon request to optimize performances of a deployed API in Amazon API Gateway.

Resource or Operation Default Limit
Throttle rate per account per region 10000 request per second (rps) with an additional burst capacity provided by the token bucket algorithm, using a maximum bucket capacity of 5000 requests.
APIs (or RestApis) per account per region 60
API keys per account per region 500
Custom authorizers per API 10
Client certificates per account per region 60
Documentation parts per API 2000
Resources per API 300
Stages per API 10
Usage plans per account per region 300
Usage plans per API key 10
VPC links per account per region 5

All of the per API limits can only be increased on specific APIs.

For more information about these limits, see Limits in Amazon API Gateway in the API Gateway Developer Guide.

AWS Application Discovery Service Limits

Resource Default Limit
Inactive agents heartbeating but not collecting data 10,000
Active agents sending data to the service 250
Total collected data for all agents, per day 10 GB
Data storage duration before being purged 90 days

Amazon AppStream Limits

Important

This information applies only to the older version of Amazon AppStream.

An Amazon AppStream account has a service limit of up to five concurrent streaming sessions:

  • Up to two concurrent streaming application deployments using the interactive wizard.

  • Up to three streaming applications in the Building, Active, or Error states.

For more information, see Amazon AppStream Application Lifecycle in the Amazon AppStream Developer Guide.

Amazon AppStream 2.0 Limits

Default Limits Per Region Per Account

Resource Default Limit
Stacks 5
Fleets 5
Streaming instances 5 *
Images 5
Image builders 5
Users 5

* This is the total limit across all instance families. Certain instance families have additional limits. For the Graphics Desktop and Graphics Pro instance families, the default limit is 0. For the Graphics Design instance family, the default limit is 2.

This is the total limit across all instance families. Certain instance families have additional limits. For the Graphics Desktop and Graphics Pro instance families, the default limit is 0. For the Graphics Design instance family, the default limit is 1.

AWS AppSync Limits

Resource Default Limit
Maximum number of APIs per region 5 per account
Maximum number of API keys 10 per API
Maximum schema document size 5 MB
Maximum GraphQL query execution time 30 seconds
Maximum request/response mapping template size 64 KB

Application Auto Scaling Limits

Resource Default Limit
Scalable targets 500
Scaling policies per scalable target 50
Step adjustments per scaling policy 20

Amazon Athena Limits

Resource Default Limit
Number of concurrent queries 5
Query timeout 30 minutes

For information about limits for databases, tables, and partitions, see AWS Glue Limits.

Auto Scaling Limits

Resource Default Limit
Launch configurations per region 200
Auto Scaling groups per region 200
Scaling policies per Auto Scaling group 50
Scheduled actions per Auto Scaling group 125
Lifecycle hooks per Auto Scaling group 50
SNS topics per Auto Scaling group 10
Load balancers per Auto Scaling group 50
Target groups per Auto Scaling group 50
Step adjustments per scaling policy 20

For more information about these limits, see Auto Scaling Limits in the Auto Scaling User Guide.

AWS Batch Limits

Item Default Limit
Maximum number of compute environments 10
Maximum number of job queues 5
Maximum number of compute environments per job queue 3

For more information about these limits, see Service Limits in the AWS Batch User Guide.

AWS Certificate Manager (ACM) Limits

Item Default Limit
Number of ACM-provided certificates 100
Number of imported certificates 100
Number of domain names per ACM-provided certificate 10

For more information about these limits, see Limits in the AWS Certificate Manager User Guide.

AWS Cloud9 Limits

Item Default Limit
Maximum number of AWS Cloud9 EC2 development environments

  • 20 per IAM user

  • 100 per AWS account
Maximum number of SSH environments

  • 10 per IAM user

  • 100 per AWS account
Maximum number of members in an environment 8
Maximum number of environments open at the same time 10 total per IAM user, regardless of environment type (EC2 or SSH)

For more information about these limits, see Limits in the AWS Cloud9 User Guide.

AWS CloudFormation Limits

Resource Default Limit
Stacks 200
Stack sets 20
Stack instances per stack set 500

For more information about these limits, see AWS CloudFormation Limits in the AWS CloudFormation User Guide.

Amazon CloudFront Limits

Resource Default Limit
Data transfer rate per distribution 40 Gbps
Requests per second per distribution 100,000
Web distributions per account 200
RTMP distributions per account 100
Alternate domain names (CNAMEs) per distribution 100
Origins per distribution 25
Cache behaviors per distribution 25
Whitelisted headers per cache behavior 10
Whitelisted cookies per cache behavior 10
SSL certificates per account when serving HTTPS requests using dedicated IP addresses (no limit when serving HTTPS requests using SNI) 2
Custom headers that you can have Amazon CloudFront forward to the origin 10 name–value pairs

Whitelisted query strings per cache behavior

For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.

Request timeout per origin

For more information, see Request Timeout in the Amazon CloudFront Developer Guide.

For more information about these limits, see Limits in the Amazon CloudFront Developer Guide.

AWS CloudHSM Limits

Resource Default Limit
Clusters 4
HSMs 6

For more information about these limits, see Limits in the AWS CloudHSM User Guide.

AWS CloudHSM Classic Limits

Resource Default Limit
HSM appliances 3
High-availability partition groups 20

For more information about these limits, see Limits in the AWS CloudHSM Classic User Guide.

Amazon CloudSearch Limits

Resource Default Limit
Partitions 10
Search instances 50

For more information about these limits, see Understanding Amazon CloudSearch Limits in the Amazon CloudSearch Developer Guide.

AWS CloudTrail Limits

CloudTrail has no increaseable limits. For more information, see Limits in AWS CloudTrail.

Amazon CloudWatch Limits

Resource Default Limit Comments

Alarms

10 per month per customer for free. 5000 per region per account.

For the 5000 per region per account limit, you can request a limit increase.

DescribeAlarms

9 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

GetMetricStatistics

400 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

ListMetrics

25 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

PutMetricAlarm

3 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

PutMetricData

150 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

For more information about these and other CloudWatch limits, see CloudWatch Limits in the Amazon CloudWatch User Guide.

Amazon CloudWatch Events Limits

Resource Default Limit Comments

Invocations

750 per second (after 750 invocations, the invocations are throttled; that is, they still happen but they are delayed). If the invocation of a target fails due to a problem with the target service, account throttling, etc., new attempts are made for up to 24 hours for a specific invocation.

You can request a limit increase.

Rules

100 per region per account

You can request a limit increase.

Before requesting a limit increase, examine your rules. You may have multiple rules each matching to very specific events. Consider broadening their scope by using fewer identifiers in your Events and Event Patterns. In addition, a rule can invoke several targets each time it matches an event. Consider adding more targets to your rules.

PutEvents

10 entries per request and 400 requests per second. Each request can be up to 256 KB in size.

You can request a limit increase.

For more information about these and other CloudWatch Events limits, see CloudWatch Events Limits in the Amazon CloudWatch Events User Guide.

Amazon CloudWatch Logs Limits

Resource Default Limit Comments

CreateLogGroup

5000 log groups/account/Region

If you exceed your log group limit, you get a ResourceLimitExceeded exception.

You can request a limit increase.

DescribeLogStreams

5 transactions per second (TPS)/account/Region

If you experience frequent throttling, you can request a limit increase.

FilterLogEvents

5 transactions per second (TPS)/account/region

This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support.

GetLogEvents

10 transactions per second (TPS)/account/Region

We recommend subscriptions if you are continuously processing new data. If you need historical data, we recommend exporting your data to Amazon S3. This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support.

PutLogEvents

1500 transactions per second per account per Region, except for the following Regions where the limit is 800 transactions per second per account per Region: ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, eu-central-1, eu-west-2, sa-east-1, us-east-2, and us-west-1.

You can request a limit increase.

The maximum batch size of a PutLogEvents request is 1MB.

5 requests per second per log stream. Additional requests are throttled. This limit cannot be changed.

For more information about these and other CloudWatch Logs limits, see CloudWatch Logs Limits in the Amazon CloudWatch Logs User Guide.

AWS CodeBuild Limits

Resource Default Limit
Maximum number of build projects 1,000
Maximum number of concurrent running builds * 20

* Limits for the maximum number of concurrent running builds vary, depending on the compute type. For some compute types, the default is 20. To request a higher concurrent build limit or if you get a "Cannot have more than X active builds for the account" error, contact AWS support.

For more information about these limits, see Limits for AWS CodeBuild in the AWS CodeBuild User Guide.

AWS CodeCommit Limits

Resource Default Limit
Number of repositories 1,000 per AWS account

For more information about these limits, see Limits in AWS CodeCommit in the AWS CodeCommit User Guide.

AWS CodeDeploy Limits

Resource Default Limit
Maximum number of applications associated with an AWS account in a single region 100
Maximum number of concurrent deployments associated with an AWS account 10
Maximum number of deployment groups associated with a single application 100
Maximum number of instances in a single deployment 500
Maximum number of event notification triggers in a deployment group 10

For more information about these limits, see Limits in AWS CodeDeploy in the AWS CodeDeploy User Guide.

AWS CodePipeline Limits

Resource Default Limit

Maximum number of pipelines per region in an AWS account

US East (N. Virginia) (us-east-1): 40

US West (Oregon) (us-west-2): 60

EU (Ireland) (eu-west-1): 60

All other supported regions: 20

Number of stages in a pipeline

Minimum of 2, maxi­mum of 10

Number of actions in a stage

Minimum of 1, maxi­mum of 20
Maximum number of parallel actions in a stage Maximum of 5
Maximum number of sequential actions in a stage Maximum of 10

Number of custom actions per region in an AWS account

50

Maximum number of revisions running across all pipelines in an AWS account, per region

Five times the number of pipelines in the region

Maximum size of artifacts in a source stage

Artifacts stored in Amazon S3 buckets: 2 GB

Artifacts stored in AWS CodeCommit or GitHub repositories: 1 GB

Exception: If you are using Amazon EBS to deploy applications, the maximum artifact size is always 512 MB.

Exception: If you are using AWS CloudFormation to deploy applications, the maximum artifact size is always 256 MB.

It may take up to two weeks to process requests for a limit increase.

For more information about these limits, see Limits in AWS CodePipeline in the AWS CodePipeline User Guide.

Amazon Cognito User Pools Limits

Resource Default Limit
Maximum number of apps per user pool 25
Maximum number of user pools per account 60
Maximum number of user import jobs per user pool 50
Maximum number of identity providers per user pool 25
Maximum number of resource servers per user pool 20
Maximum number of scopes per user pool 20

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Federated Identities Limits

Resource Default Limit
Maximum number of identity pools per account 60

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Sync Limits

Resource Default Limit
Maximum number of datasets per identity 20
Maximum number of records per dataset 1024
Maximum size of a single dataset 1 MB

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Connect Limits

Item Default limit

Amazon Connect instances per account

10

Users per instance

500

Phone numbers per instance

10

Queues per instance

50

Queues per routing profile

50

Routing profiles per instance

100

Hours of operation per instance

100

Quick connects per instance

100

Prompts per instance

500

Agent status per instance

50

Security profiles per instance

100

Contact flows per instance

100

Groups per level

50

Reports per instance

500

Scheduled reports per instance

50

Active calls per instance

100

AWS Config Limits

Resource Default Limit Notes
Number of AWS Config rules per region in your account 50

You can request a limit increase.

AWS Data Pipeline Limits

Attribute Limit Adjustable
Number of pipelines 100 Yes
Number of objects per pipeline 100 Yes
Number of active instances per object 5 Yes
Number of fields per object 50 No
Number of UTF8 bytes per field name or identifier 256 No
Number of UTF8 bytes per field 10,240 No
Number of UTF8 bytes per object 15,360 (including field names) No
Rate of creation of an instance from an object 1 per 5 minutes No
Retries of a pipeline activity 5 per task No
Minimum delay between retry attempts 2 minutes No
Minimum scheduling interval 15 minutes No
Maximum number of roll-ups into a single object 32 No
Maximum number of EC2 instances per Ec2Resource object 1 No

For additional limits, see AWS Data Pipeline Limits in the AWS Data Pipeline Developer Guide.

AWS Database Migration Service Limits

Resource Default Limit
Replication instances 20
Total amount of storage 6 TB
Replication subnet groups 20
Subnets per replication subnet group 20
Endpoints 100
Tasks 200
Endpoints per instance 20

AWS Device Farm Limits

Resource Default Limit Comments

App file size you can upload

4 GB

Number of devices that AWS Device Farm can test during a run

5

This limit can be increased to 100 upon request.

Number of devices you can include in a test run

None

Number of runs you can schedule

None
Duration of a remote access session

60 minutes

AWS Direct Connect Limits

For more information about these limits, see AWS Direct Connect Limits in the AWS Direct Connect User Guide.

AWS Directory Service Limits

Resource Default Limit
AD Connector directories 10
AWS Directory Service for Microsoft Active Directory (Enterprise Edition) directories 10
Simple AD directories 10
Manual snapshots 5 per Microsoft AD
Manual snapshots 5 per Simple AD

For information about additional documented limits, including limits on Amazon Cloud Directory, see AWS Directory Service Limits in the AWS Directory Service Admin Guide.

Amazon DynamoDB Limits

Resource Default Limit
US East (N. Virginia) Region:

Maximum capacity units per table or global secondary index

40,000 read capacity units and 40,000 write capacity units
US East (N. Virginia) Region:

Maximum capacity units per account

80,000 read capacity units and 80,000 write capacity units
All other regions:

Maximum capacity units per table or global secondary index

10,000 read capacity units and 10,000 write capacity units
All other regions:

Maximum capacity units per account

20,000 read capacity units and 20,000 write capacity units
Maximum number of tables 256

For more information about these limits, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide.

Amazon Elastic Container Registry (Amazon ECR) Limits

Resource Default Limit
Maximum number of repositories per account 1,000
Maximum number of images per repository 1,000

For information about additional documented limits, see Amazon ECR Service Limits in the Amazon Elastic Container Registry User Guide.

Amazon Elastic Container Service (Amazon ECS) Limits

Resource Default Limit
Number of clusters per region per account 1000
Number of container instances per cluster 1000
Number of services per cluster 500
Number of tasks using the EC2 launch type per service (the desired count) 1000
Number of tasks using the Fargate launch type, per region, per account 20
Number of public IP addresses for tasks using the Fargate launch type 20

For information about additional documented limits, see Amazon ECS Service Limits in the Amazon Elastic Container Service Developer Guide.

AWS Systems Manager Limits

Resource Default Limit
On-premises managed instances registered through Amazon EC2 activation

Each AWS account can activate a maximum of 1,000 on-premises instances in a region for use with Systems Manager.

For more information about activating on-premises instances for use in your hybrid environment, see Create a Managed-Instance Activation in the AWS Systems Manager User Guide.

Note

Activation limits apply only to the on-premises instances you add to your hybrid environment, and not to registered Amazon EC2 instances.

Systems Manager documents

200

Each AWS account can create a maximum of 200 documents per region.

Privately shared Systems Manager document

1000

A single Systems Manager document can be shared with a maximum of 1000 AWS accounts.

Publicly shared Systems Manager document

5

Each AWS account can publicly share a maximum of five documents.

State Manager associations

10,000

Each Systems Manager document can be associated with a maximum of 10,000 instances.

State Manager association versions

1,000

You can created a maximum of 1,000 versions of a State Manager association.

Inventory data collected per instance per call

1 MB

This maximum adequately supports most inventory collection scenarios. When this limit is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Inventory data collected per instance per day

5 MB

When this limit is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Custom Inventory Types

20

You can add up to 20 custom inventory types.

Custom Inventory Type Size

200 KB

This is the maximum size of the type, not the inventory collected.

Custom Inventory Type Attributes

50

This is the maximum number of attributes within the custom inventory type.

Inventory data expiration

30 days

If you terminate an instance, inventory data for that instance is deleted immediately. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Amazon EC2 managed instance inventory in the AWS Config Developer Guide.

Maintenance Windows per account

50

Tasks per Maintenance Window

20

Targets per Maintenance Window

50

Instance IDs per target

50

Targets per task

10

Concurrent executions of a single Maintenance Window

1

Concurrent executions of Maintenance Windows

5

Maintenance Window execution history retention

30 days

Maximum number of parameters per account

10,000

Max size for parameter value

4096 characters

Max history for a parameter

100 past values

Patch baselines per account

25

Patch groups per patch baseline

25

AWS Elastic Beanstalk Limits

Resource Default Limit
Applications 75
Application Versions 1000
Environments 200

Amazon Elastic Block Store (Amazon EBS) Limits

Resource Default Limit
Number of EBS snapshots 10,000
Concurrent snapshots allowed for a single volume 5 for io1, gp2, magnetic; 1 for st1, sc1

Concurrent snapshot copy requests to a single destination region

5
Total volume storage of General Purpose SSD (gp2) volumes 100 TiB
Total volume storage of Provisioned IOPS SSD (io1) volumes 100 TiB
Total volume storage of Throughput Optimized HDD (st1) 300 TiB
Total volume storage of Cold HDD (sc1) 300 TiB
Total volume storage of Magnetic volumes (standard) 20 TiB
Total provisioned IOPS 200,000

For more information about these limits, see Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.

Amazon Elastic Compute Cloud (Amazon EC2) Limits

Resource Default Limit
Elastic IP addresses for EC2-Classic 5
Security groups for EC2-Classic per instance 500
Rules per security group for EC2-Classic 100
Key pairs 5,000
Throttle on the emails that can be sent from your Amazon EC2 account Throttle applied
On-Demand Instances Limits vary depending on instance type. For more information, see How many instances can I run in Amazon EC2.
Spot Instances Limits vary depending on instance type, region, and account. For more information, see Spot Instance Limits.
Reserved Instances 20 Reserved Instances per Availability Zone, per month, plus 20 regional Reserved Instances. For more information, see Reserved Instance Limits.
Dedicated Hosts Up to two Dedicated Hosts per instance family, per region can be allocated.
AMI Copies Destination regions are limited to 50 concurrent AMI copies at a time, with no more than 25 of those coming from a single source region.
Launch Templates 1,000 launch templates per region and 10,000 versions per launch template.

For information about related limits for EC2-VPC, see Amazon Virtual Private Cloud (Amazon VPC) Limits.

For information about viewing your current limits, see Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.

Amazon Elastic File System Limits

Following are the limits for Amazon EFS that can be increased by contacting AWS Support.

Resource Default Limit
Number of file systems per customer account per AWS region 10
Total throughput per file system for all connected clients

US East (Ohio) Region – 3 GB/s

US East (N. Virginia) Region – 3 GB/s

US West (Oregon) Region – 3 GB/s

EU (Frankfurt) Region – 1 GB/s

EU (Ireland) Region – 3 GB/s

Asia Pacific (Sydney) Region – 3 GB/s

For more information about these limits, see Amazon EFS Limits in the Amazon Elastic File System User Guide.

Elastic Load Balancing Limits

Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.

Application Load Balancers

Resource Default Limit
Load balancers per region 20
Target groups per region 3000
Listeners per load balancer 50
Targets per load balancer 1000
Subnets per Availability Zone per load balancer 1
Security groups per load balancer 5
Rules per load balancer (not counting default rules) 100
Certificates per load balancer (not counting default certificates) 25
Number of times a target can be registered per load balancer 100
Load balancers per target group 1
Targets per target group 1000

This limit includes both your Application Load Balancers and your Classic Load Balancers. This limit can be increased upon request.

Network Load Balancers

Resource Default Limit
Network Load Balancers per region 20
Target groups per region 3000 *
Listeners per load balancer 50
Subnets per Availability Zone per load balancer 1
Targets per load balancer per Availability Zone 200
Load balancers per target group 1

* This limit is shared by target groups for your Application Load Balancers and Network Load Balancers.

Classic Load Balancers

Resource Default Limit
Load balancers per region 20
Listeners per load balancer 100
Security groups per load balancer 5
Subnets per Availability Zone per load balancer 1

This limit includes both your Application Load Balancers and your Classic Load Balancers. This limit can be increased upon request.

Amazon Elastic Transcoder Limits

Resource Default Limit
Pipelines per region 4
User-defined presets 50
Maximum number of jobs processed simultaneously by each pipeline

US East (N. Virginia) Region – 20

US West (N. California) Region – 12

US West (Oregon) Region – 20

Asia Pacific (Mumbai) Region – 12

Asia Pacific (Singapore) Region – 12

Asia Pacific (Sydney) Region – 12

Asia Pacific (Tokyo) Region – 12

EU (Ireland) Region – 20

It may take up to two weeks to process requests for a limit increase.

For more information about these limits, see Amazon Elastic Transcoder limits in the Amazon Elastic Transcoder Developer Guide.

Amazon ElastiCache Limits

For information on ElastiCache terminology, see ElastiCache Components and Features.

Resource Default Limit Description
Nodes per region 100 The maximum number of nodes across all clusters in a region. This limit applies to both your reserved and nonreserved nodes within the given region. You can have up to 100 reserved nodes and 100 nonreserved nodes in the same region.
Nodes per cluster (Memcached) 20 The maximum number of nodes in an individual Memcached cluster.
Nodes per shard (Redis) 6 The maximum number of nodes in an individual Redis shard (node group). One node is the read/write Primary. All other nodes are read-only Replicas.
Shards per Cluster (Redis cluster mode disabled) 1 The maximum number of shards (node groups) in a Redis (cluster mode disabled) cluster.
Shards per Cluster (Redis cluster mode enabled) 15 The maximum number of shards (node groups) in a Redis (cluster mode enabled) cluster.
Parameter groups per region 20 The maximum number of parameters groups you can create in a region.
Security groups per region 50 The maximum number of security groups you can create in a region.
Subnet groups per region 50 The maximum number of subnet groups you can create in a region.
Subnets per subnet group 20 The maximum number of subnets you can define for a subnet group.

These limits are global limits per customer account. To exceed these limits, make your request using the ElastiCache Node request form.

Amazon Elasticsearch Service Limits

Resource Default Limit
Number of Amazon ES instances per cluster 20 (except for T2 instance types, which have a maximum of 10).

Note

The default limit is 20 instances per domain. To request an increase up to 100 instances per domain, create a case with the AWS Support Center.

Amazon GameLift Limits

Resource Default Limit
Aliases 20
Fleets 20
Builds 1000
Total size of builds 100 GB
Log upload size per game session 200 MB
On-demand instances

Per instance type: limits vary.

Per account: 20 instances max, regardless of instance type.

For more information, see Scaling Amazon Elastic Compute Cloud (Amazon EC2) Instances for Amazon GameLift.

Server processes per instance

GameLift SDK v2.x: 1

GameLift SDK v3.x and up: 50
Player sessions per game session 200
Matchmakers per account 100
VPC peering connections For limits on active and pending VPC peering connections, see Amazon Virtual Private Cloud (Amazon VPC) Limits.

The expiry time for an Amazon GameLift VPC peering authorization is 24 hours.

AWS Glue Limits

Resource Default Limit
Number of databases per account 100
Number of tables per database 1000
Number of partitions per table 20,000
Number of crawlers per account 10
Number of jobs per account 25
Number of triggers per account 25
Number of concurrent job runs per account 30
Number of concurrent job runs per job 3
Number of jobs per trigger 10
Number of development endpoints per account 2
Maximum DPUs used by a development endpoint at one time 5
Maximum DPUs used by a role at one time 100

AWS Greengrass Limits

AWS Greengrass Cloud API Limits

Description Limit
Maximum number of AWS IoT devices in a group. 200
Maximum number of Lambda functions in a group. 200
Maximum number of resources per Lambda function. 10
Maximum number of resources per group. 50
Maximum number of transactions per second (TPS) on the AWS Greengrass API. 30
Maximum number of subscriptions per AWS Greengrass group. 1000
Maximum number of subscriptions that specify Cloud as the source per AWS Greengrass group. 50
Maximum length of a Core thing name. 124 bytes of UTF-8 encoded characters.

AWS Greengrass core Limits

Description Limit
Maximum number of routing table entries that specify "Cloud" as the source. 50 (matches AWS IoT subscription limit)
Maximum size of messages sent by an AWS IoT device. 128 KB (matches AWS IoT message size limit)
Maximum message queue size in the Greengrass core router. 2.5 MB
Maximum length of a topic string 256 bytes of UTF-8 encoded characters.
Maximum number of forward slashes '/' in a topic or topic filter. 7
Minimum disk space needed to run the Greengrass core software 128 MB
Minimum RAM to run the Greengrass core software 128 MB
Automatic IP detection should not be used when:

  • IP address changes are frequent.

  • Interruption of the Greengrass core service is unacceptable.

  • The Greengrass core is multi-homed or Greengrass devices cannot reliably determine which IP address to use.

  • Reporting of Greengrass core IP addresses to the cloud may raise security concerns.

The Greengrass core software provides a service to automatically detect the IP address(es) of your Greengrass core devices. It sends this information to the AWS Greengrass cloud service and allows AWS IoT devices to download the IP address of the Greengrass core they need to connect to. This feature should not be used in the following circumstances:

  • The IP address of a Greengrass core device changes frequently.

  • The Greengrass core device must always be available to AWS IoT devices in it's group.

  • The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine which address to use.

  • Sending IP addresses to the cloud raises security concerns.

AWS Identity and Access Management (IAM) Limits

Resource Default Limit
Customer managed policies in an AWS account 1500
Groups in an AWS account 300
Roles in an AWS account 1000
Users in an AWS account

5000 (If you need to add a large number of users, consider using temporary security credentials.)

Virtual MFA devices (assigned or unassigned) in an AWS account Equal to the user quota for the account
Instance profiles in an AWS account 1000
Server certificates stored in an AWS account 20

For more information about these limits, see Limitations on IAM Entities and Objects in the IAM User Guide.

AWS Import/Export Limits

AWS Snowball (Snowball)

Resource Default Limit Comments
Snowball 1

To increase this limit, contact AWS Support.

Amazon Inspector Limits

Resource Default Limit
Running agents 500
Assessment runs 50,000
Assessment templates 500
Assessment targets 50

For more information, see the Amazon Inspector User Guide.

AWS IoT Limits

Thing Limits

Resource Limit
Thing name size 128 bytes of UTF-8 encoded characters. This limit applies for both the thing registry and Thing Shadow services.
Maximum number of thing attributes for a thing with a thing type 50
Maximum number of thing attribute for a thing without a thing type 3
Number of thing types that can be associated with a thing 1
Maximum number of thing types in an AWS account Unlimited

Message Broker Limits

Client ID size 128 bytes of UTF-8 encoded characters.
Connection inactivity (keep-alive interval)

By default, an MQTT client connection is disconnected after 30 minutes of inactivity. When the client sends a PUBLISH, SUBSCRIBE, PING, or PUBACK message, the inactivity timer is reset.

A client can request a shorter keep-alive interval by specifying a value between 5-1,200 seconds in the MQTT CONNECT message sent to the server. If a keep-alive value is specified, the server disconnects the client if it does not receive a PUBLISH, SUBSCRIBE, PINGREQ, or PUBACK message within a period 1.5 times the requested interval. The keep-alive timer starts after the sender sends a CONNACK.

If a client sends a keep-alive value of zero, the default keep-alive behavior remains in place.

If a client requests a keep-alive shorter than 5 seconds, the server treats the client as though it requested a keep-alive interval of 5 seconds.

The keep-alive timer begins immediately after the server returns a CONNACK to the client. There might be a brief delay between the client's sending of a CONNECT message and the start of keep-alive behavior.

Connect requests per second per account

AWS IoT limits an account to a maximum of 300 MQTT CONNECT requests per second.

Connect requests per second per client ID

AWS IoT AWS IoT throttles connects from the same accountId and clientId to 1 connect operation per second.

Maximum number of slashes in topic and topic filter

A topic provided while publishing a message or a topic filter provided while subscribing can have no more than 7 forward slashes (/).

Maximum inbound unacknowledged messages

The message broker allows 100 in-progress unacknowledged messages per client. (This limit is applied across all messages that require ACK.) When this limit is reached, no new messages are accepted from this client until an ACK is returned by the server.

Maximum outbound unacknowledged messages

The message broker allows only 100 in-progress unacknowledged messages per client. (This limit is applied across all messages that require ACK.) When this limit is reached, no new messages are sent to the client until the client acknowledges the in-progress messages.

Maximum retry interval for delivering QoS 1 messages If a connected client is unable to receive an ACK on a QoS 1 message for one hour, the message broker drops the message. The client might be unable to receive the message if it has 100 in-flight messages, it is being throttled due to large payloads, or other errors.
Maximum subscriptions per subscribe call

A single SUBSCRIBE call is limited to request a maximum of eight subscriptions.

Message size

The payload for every PUBLISH message is limited to 128 KB. The AWS IoT service rejects messages larger than this size.

Publish requests per second per account

9000 per second per account (inbound publish requests - max. 3000 per second, outbound publish requests - max. 6000 per second).

Inbound publish requests count for all the messages that the message broker processes before routing the messages to the subscribed clients or the rules engine. For example, a single message published on $aws/things/device/shadow/update topic can result in publishing three additional messages to $aws/things/device/shadow/update/accepted, $aws/things/device/shadow/update/documents, $aws/things/device/shadow/delta topics. In this case, AWS IoT counts those as 4 inbound publish requests towards this limit. However, a single message to an unreserved topic like "a/b" is counted only as a single inbound publish request.

Outbound publish requests count for every message that resulted in matching a client's subscription or matching a rules engine subscription. For example, two clients are subscribed to topic filter 'a/b' and a rule is subscribed to topic filter 'a/#'. An inbound publish request message on topic 'a/b' results in a total of 3 outbound publish requests.

Note

Inbound and outbound publish requests cannot be traded for each other, for example, if only 1,000 inbound publish requests per second are used, the maximum outbound publish requests per second remains 6,000.

Publish requests per second per connection AWS IoT limits each client connection to 100 inbound publish requests per second and 100 outbound publish requests per second. Publish requests exceeding that limit will be discarded.
Restricted client ID prefix '$' is reserved for internally generated client IDs.
Restricted topic prefix Topics beginning with '$' are considered reserved and are not supported for publishing and subscribing except when working with the Thing Shadows service.

Subscriptions per second per account

AWS IoT limits an account to a maximum of 500 subscriptions per second. For example, if there are two MQTT SUBSCRIBE calls within a second with 3 subscriptions (topic filters) each, AWS IoT counts those as 6 subscriptions towards this limit.

Subscriptions per connection

AWS IoT limits each client connection to subscribe to up to 50 subscriptions. A SUBSCRIBE request that pushes the total number of subscriptions past 50 results in the connection being disconnected.

Throughput per connection

AWS IoT limits the ingress and egress rate on each client connection to 512 KB/s. Data sent or received at a higher rate is throttled to this throughput.

Topic size The topic passed to the message broker when publishing a message cannot exceed 256 bytes of UTF-8 encoded characters.
WebSocket connection duration

WebSocket connections are limited to 24 hours. If the limit is exceeded, the WebSocket connection is automatically closed when an attempt is made to send a message by the client or server. To maintain an active WebSocket connection for longer than 24 hours, simply close and reopen the WebSocket connection from the client side before the time limit elapses.

AWS IoT supports keep-alive values specified in MQTT CONNECT messages. When a client specifies a keep-alive value, the client tells the server to disconnect the client and transmit any last-will message associated with the MQTT session if the server does not receive a message (PUBLISH, SUBSCRIBE, PUBACK, PINGREQ) within 1.5 times the keep-alive period. AWS IoT supports keep-alive values between 5 seconds and 20 minutes. If a client requests no keep-alive (that is, sets the field to 0 in the MQTT CONNECT message), the server sets the keep-alive value to 20 minutes, which corresponds to the maximum idle time supported by AWS IoT of 30 minutes. Most MQTT clients (including the AWS SDK clients) support keep-alive values by sending a PINGREQ if the keep-alive period expires without the transmission of any other message by the client.

Device Shadow Limits

Maximum depth of JSON device state documents The maximum number of levels in the desired or reported section of the JSON device state document is 5. For example: 
"desired": {
    "one": {
        "two": {
            "three": {
                "four": {
                    "five":{
                    }
                 }
             }
        }
    }
}
Maximum number of in-flight, unacknowledged messages The Thing Shadows service supports up to 10 in-flight unacknowledged messages. When this limit is reached, all new shadow requests is rejected with a 429 error code.
Maximum number of JSON objects per AWS account There is no limit on the number of JSON objects per AWS account.
Maximum size of a JSON state document 8 KB.
Maximum size of a thing name 128 bytes of UTF-8 encoded characters.
Shadow lifetime A thing shadow is deleted by AWS IoT up to six months after the creating account is deleted or per customer request. For operational purposes, AWS IoT service backups are kept for 6 months

Security and Identity Limits

Maximum number of CA certificates with the same subject field allowed per AWS account per region 10
Maximum number of policies that can be attached to a certificate or Amazon Cognito identity 10
Maximum number of named policy versions 5
Maximum policy document size 2048 characters (excluding white space)
Maximum number of device certificates that can be registered per second 15

Throttling Limits

API Transaction per Second
AcceptCertificateTransfer 10
AttachPrincipalPolicy 15
AttachThingPrincipal 15
CancelCertificateTransfer 10
CreateCertificateFromCsr 15
CreatePolicy 10
CreatePolicyVersion 10
CreateThing 15
CreateThingType 15
DeleteCertificate 10
DeleteCACertificate 10
DeletePolicy 10
DeletePolicyVersion 10
DeleteThing 15
DeleteThingType 15
DeprecateThingType 15
DescribeCertificate 10
DescribeCACertificate 10
DescribeThing 10
DescribeThingType 10
DetachThingPrincipal 15
DetachPrincipalPolicy 15
DeleteRegistrationCode 10
GetPolicy 10
GetPolicyVersion 15
GetRegistrationCode 10
ListCACertificates 10
ListCertificates 10
ListCertificatesByCA 10
ListOutgoingCertificates 10
ListPolicies 10
ListPolicyPrincipals 10
ListPolicyVersions 10
ListPrincipalPolicies 15
ListPrincipalThings 10
ListThings 10
ListThingPrincipals 10
ListThingTypes 10
RegisterCertificate 10
RegisterCACertificate 10
RejectCertificateTransfer 10
SetDefaultPolicyVersion 10
TransferCertificate 10
UpdateCertificate 10
UpdateCACertificate 10
UpdateThing 10
UpdateThingShadow 10

AWS IoT Rules Engine Limits

Maximum number of rules per AWS account 1000
Actions per rule A maximum of 10 actions can be defined per rule.
Rule size Up to 256 KB of UTF-8 encoded characters (including white space).

AWS IoT Job Limits

Resource Min Max Note
JobId 1 character 64 characters The JobId length must not exceed 64 characters.
Document N/A 32768 bytes The maximum size of a document that can be sent to an AWS IoT device is 32 KB.
DocumentSource N/A 1350 characters

The maximum job document source size is 1350 characters.

Description N/A 2028 characters The maximum job description size is 2028 characters.
Targets 1 100 The number of targets a job can have.
ExpiresInSec 60 seconds 3600 seconds The lifetime of pre-signed URLs must be configured greater than 60 seconds and less than 1 hour.
Comment N/A 2028 characters The maximum comment size is 2028 characters.
MaxResults 1 250 The maximum list result per page is 250.
MaximumJobExecutionsPerMinute 1 1000 Configures the rollout speed for a job.

Active snapshot jobs

0 100 The maximum number of active snapshot jobs is 100 (irrespective of the number of active continuous jobs).

Active continuous jobs

0 100 The maximum number of active continuous jobs is 100 (irrespective of the number of active snapshot jobs).

Job document variable substitution

 0 10

Up to 10 variables substitutions, including the presign URL, are allowed in a job document.

Data retention N/A 90 days

Job data and job execution data will be purged after 90 days.

StatusDetail map key size

1 character 128 characters
StatusDetail map value size 1 character 128 characters

AWS Key Management Service (AWS KMS) Limits

Resource Default Limit
Customer Master Keys (CMKs) 1000
Aliases 1100
Grants per CMK 2500
Grants for a given principal per CMK 500
Requests per second Varies by API operation; see Limits in the AWS Key Management Service Developer Guide.

All limits in the preceding table apply per region and per AWS account.

For more information about these limits, see Limits in the AWS Key Management Service Developer Guide.

Amazon Kinesis Data Firehose Limits

Resource Default Limit
Delivery streams per region

20
Delivery stream capacity †

2,000 transactions/second

5,000 records/second

5 MB/second

† The three capacity limits scale proportionally. For example, if you increase the throughput limit to 10MB/second, the other limits increase to 4,000 transactions/second and 10,000 records/second.

For more information about these limits, see Amazon Kinesis Data Firehose Limits in the Amazon Kinesis Data Firehose Developer Guide.

Amazon Kinesis Data Streams Limits

Resource Default Limit
Shards per region

US East (N. Virginia) Region – 500

US West (Oregon) Region – 500

EU (Ireland) Region – 500

All other supported regions – 200

For more information about these limits, see Amazon Kinesis Data Streams Limits in the Amazon Kinesis Data Streams Developer Guide.

Amazon Kinesis Data Analytics Limits

Resource Default Limit
Kinesis Processing Units (KPUs)

US East (N. Virginia) Region – 8

US West (Oregon) Region – 8

EU (Ireland) Region – 8

For more information about these limits, see Limits in the Amazon Kinesis Data Analytics Developer Guide.

Amazon Kinesis Video Streams Limits

The limits below are either soft [s], which can be upgraded by submitting a support ticket, or hard [h], which cannot be increased.

Control Plane API limits

The following section describes limits for control-plane APIs.

When an account-level Request limit is reached, a ClientLimitExceededException is thrown.

When an account-level Streams limit is reached, or a stream-level limit is reached, a StreamLimitExceededException is thrown.

Control Plane API limits

API Account Limit: Request Account Limit: Streams Stream-level limit Relevant Exceptions and Notes
CreateStream 50 TPS [s] 100 streams per account [s] 5 TPS [h] Devices, CLIs, SDK-driven access and the console can all invoke this API. Only one API call succeeds if the stream doesn’t already exist.
DescribeStream 300 TPS [h] N/A 5 TPS [h]
UpdateStream 50 TPS [h] N/A 5 TPS [h]
ListStreams 300 TPS [h] N/A 5 TPS [h]
DeleteStream 50 TPS [h] N/A 5 TPS [h]
GetDataEndpoint 300 TPS [h] N/A 5 TPS [h] When combined with account limit, this implies a maximum of 60 streams can be Put to and Read from (with 4 consumers).

Data Plane API limits

The following section describes limits for control-plane APIs.

When a stream-level limit is exceeded, a StreamLimitExceededException is thrown.

When a connection-level limit is reached, a ConnectionLimitExceededException is thrown.

The following errors or acks are thrown when a fragment-level limit is reached:

  • A MIN_FRAGMENT_DURATION_REACHED ack is returned for a fragment below the minumum duration.

  • A MAX_FRAGMENT_DURATION_REACHED ack is returned for a fragment above the maximum duration.

  • A MAX_FRAGMENT_SIZE ack is returned for a fragment above the maximum data size.

  • A FragmentLimitExceeded exception is thrown if a fragment limit is reached in a GetMediaForFragmentList operation.

Data Plane API limits

API Stream-level limit Connection-level limit Bandwidth limit Fragment-level limit Relevant Exceptions and Notes
PutMedia 5 TPS [h] 1 (5 in the config, to allow for streaming token rotation, retries, etc.) 12.5 MB/second, or 100 Mbps

  • Minimum fragment duration: 1 second

  • Maximum fragment duration: 10 seconds

  • Maximum fragment size: 50 MB

 A typical PutMedia request will contain data for several seconds, resulting in a lower TPS per stream. In the case of multiple concurrent connections that exceed limits, the last connection is accepted.
GetMedia 5 TPS [h] 3 25 MB/s or 200 Mbps N/A

Only three clients can concurrently receive content from the media stream at any moment of time. Further client connections are rejected. A unique consuming client shouldn’t need more than 2 or 3 TPS, since once the connection is established, we anticipate that the application will read continuously.

If a typical fragment is approximately 5 MB, this limit will mean ~75 MB/ sec per Kinesis video stream. Such a stream would have an outgoing bit rate of 2x the streams' maximum incoming bit rate.

ListFragments 5 TPS [h] 5 N/A N/A Five fragment-based consuming applications can concurrently list fragments based on processing requirements.
GetMediaForFragmentList 5 TPS [h] 5 25 MB/s or 200 Mbps Maximum number of fragments: 1000 Five fragment-based consuming applications can concurrently get media. Further connections are rejected.

AWS Lambda Limits

Resource Limit
Concurrent executions 1000

For more information about these limits, see AWS Lambda Limits in the AWS Lambda Developer Guide.

AWS Lambda will dynamically scale capacity in response to increased traffic, subject to your account's Concurrent Execution Safety Limit. To handle any burst in traffic, Lambda will immediately increase your concurrently executing functions by a predetermined amount, dependent on which region it's executed (see table below).

If the default Immediate Concurrency Increase value, as noted in the table below, is not sufficient to accommodate the traffic surge, Lambda will continue to increase the number of concurrent function executions by 500 per minute until your account safety limit has been reached or the number of concurrently executing functions is sufficient to successfully process the increased load.

Region Immediate Concurrency Increase (function executions)
Asia Pacific (Tokyo) 1000
Asia Pacific (Seoul) 500
Asia Pacific (Mumbai) 500
Asia Pacific (Singapore) 500
Asia Pacific (Sydney) 500
Canada (Central) 500
EU (Frankfurt) 1000
EU (London) 500
EU (Ireland) 3000
AWS GovCloud (US) 500
US East (Ohio) 500
US West (N. California) 500
US West (Oregon) 3000
US East (N. Virginia) 3000
South America (São Paulo) 500
China (Beijing) 500
AWS GovCloud (US) 500

Amazon Lightsail Limits

Resource Default Limit Comment
Number of instances 20 per account This limit cannot be increased.
Number of Elastic IP addresses 5 per account This limit cannot be increased.
Number of parallel SSH connections 3 x the number of instances in the account This limit cannot be increased.
Number of hosted zones 3 per account This limit cannot be increased.

Amazon Machine Learning (Amazon ML) Limits

Resource Default Limit
Data file size* 100 GB
Batch prediction input size 1 TB
Batch prediction input (number of records) 100 million
Number of variables in a data file (schema) 1,000
Recipe complexity (number of processed output variables) 10,000
Transactions Per Second for each real-time prediction endpoint 200
Total Transactions Per Second for all real-time prediction endpoints 10,000
Total RAM for all real-time prediction endpoints 10 GB
Number of simultaneous jobs 25
Longest run time for any job 7 days
Number of classes for multiclass ML models 100
ML model size 2 GB

Note

The size of your data files is limited to ensure that jobs finish in a timely manner. Jobs that have been running for more than seven days are automatically terminated, resulting in a FAILED status.

For more information about these limits, see Amazon ML Limits in the Amazon Machine Learning Developer Guide.

AWS Elemental MediaConvert Limits

Resource Default Limit
Number of queues 10
Concurrent jobs processed across all queues 100
Concurrent jobs processed from a queue 100 divided by number of queues
Number of custom output presets 100
Number of custom output job templates 100
DescribeEndpoints API calling rate per second 0.01667 TPS (Once per 60 seconds, burst zero)
Aggregate API calling rate per second for job, queue, preset and template 2 TPS (2 per second, burst 100)]

AWS Elemental MediaLive Limits

Resource Default Limit
Maximum inputs 5
Maximum input security groups 5
Maximum channels 5

AWS Elemental MediaPackage Limits

Resource Default Limit
Maximum channels per account 10
Maximum endpoints per channel 10

AWS Elemental MediaStore Limits

Resource Default Limit
Containers 100

For information about AWS Elemental MediaStore limits, including limits that can't be increased, see Limits in the AWS Elemental MediaStore User Guide.

AWS Elemental MediaTailor Limits

Resource Default Limit Comment
Transactions 3,000 concurrent transactions per second across all request types (such as manifest requests and tracking requests for client-side reporting). This is an account-level limit.

Your transactions per second are largely dependent on how often the player requests updated manifests. For example, a player with eight second segments might update the manifest every eight seconds. The player, then, generates 0.125 transactions per second.

For more information about AWS Elemental MediaTailor limits, including limits that can't be increased, see Limits in the AWS Elemental MediaTailor User Guide.

Amazon MQ Limits

For more information about these limits, see Amazon MQ Limits in the Amazon MQ Developer Guide.

Amazon Neptune Limits

Resource Default Limit
US East (N. Virginia) Region:

Maximum instances

 Maximum instances is 3.

You can request an increase on this limit. For more information, see https://aws.amazon.com/support.

AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet Enterprise Limits

Resource Default Limit
Chef or Puppet servers 5
User-initiated (manual) backup generations 10
Automated (scheduled) backup generations 30

AWS OpsWorks Stacks Limits

Resource Default Limit
Stacks 40
Layers per stack 40
Instances per stack 40
Apps per stack 40

AWS Organizations Limits

Resource Default Limit
Accounts per organization Varies. Contact Customer Support.
Invitations sent per day 20

For more information about these limits, see Limits of AWS Organizations in the AWS Organizations User Guide.

Amazon Polly Limits

  • Throttle rate per IP address: 100 transactions (requests) per second (tps) with a burst limit of 120 tps.

  • Throttle rate per operation:

    Throttle Rate per Operation

    Operation

    Limit

    Lexicon

    DeleteLexicon

    PutLexicon

    GetLexicon

    ListLexicons

    Any 2 transactions per second (tps) from these operations combined.

    Maximum allowed burst of 4 tps.

    Speech

    DescribeVoices

    80 rps with a burst limit of 100 tps

    SynthesizeSpeech

    80 rps with a burst limit of 100 tps

Amazon Pinpoint Limits

Resource Default Limit
Active campaigns per account 100
Apps per account 100
Concurrent endpoint import jobs per account 2
Custom event types per app 1500
Endpoint custom attributes per app 40
Endpoints per mobile app user 10
Message sends per campaign activity 100 million
Segments per app 200
Total file size per endpoint import job 1 GB
SMS sending rate 20 messages per second.
Email sending quota 200 emails per 24 hour period for accounts in the sandbox environment.
Email sending rate 1 email per second for accounts in the sandbox environment.
Email recipient addresses Accounts in the sandbox environment may only send email to recipients whose email addresses or domains have been verified.

For more information about verifying email addresses and domains, see Email Address or Domain Verification in the Amazon Pinpoint User Guide.

For information about moving out of the email sandbox environment, see Requesting Production Access for Email in the Amazon Pinpoint User Guide.

Amazon Redshift Limits

Resource Default Limit
Nodes per cluster 101
Nodes 200
Reserved Nodes 200
Snapshots 20
Parameter Groups 20
Security Groups 20
Subnet Groups 20
Subnets per Subnet Group 20
Event Subscriptions 20

For more information about these limits, see Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

Amazon Rekognition Limits

Amazon Rekognition does not have service limits that you can change. For information about Amazon Rekognition service limits, see Amazon Rekognition Limits.

Amazon Relational Database Service (Amazon RDS) Limits

Resource Default Limit
Clusters 40
Cluster parameter groups 50
DB Instances 40
Event subscriptions 20
Manual snapshots 100
Manual cluster snapshots 100
Option groups 20
Parameter groups 50
Read replicas per master 5
Reserved instances (purchased per month) 40
Rules per security group 20
Security groups 25
Security groups (VPC) 5
Subnet groups 50
Subnets per subnet group 20
Tags per resource 50
Total storage for all DB instances 100 TB

AWS Resource Groups Limits

Resource Default Limit
Resource groups per account 100

Route 53 Limits

Resource Default Limit
Hosted zones 500
Domains 50
Resource record sets per hosted zone 10,000
Reusable delegation sets 100
Hosted zones that can use the same reusable delegation set 100
Amazon VPCs that you can associate with a private hosted zone 100
Health checks 50
Traffic policies 50
Policy records 5

For more information about these limits, see Route 53 Limits in the Amazon Route 53 Developer Guide.

Amazon SageMaker Limits

The following tables group Amazon SageMaker limits by compoents.

Amazon SageMaker Notebooks

Resource Default Limit
ml.t2.medium instances 20
ml.m4.xlarge instances 20
ml.p2.xlarge instances 1
Number of notebook instances 100
Number of running notebook instances 20

Amazon SageMaker Training

Resource Default Limit
ml.m4.xlarge instances 20
ml.m4.4xlarge instances 10
ml.m4.10xlarge instances 5
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.xlarge instances 0
ml.c5.2xlarge instances 0
ml.c5.4xlarge instances 0
ml.c5.9xlarge instances 0
ml.c5.18xlarge instances 0
ml.p2.xlarge instances 1
ml.p2.8xlarge instances 1
ml.p2.16xlarge instances 0
ml.p3.2xlarge instances 0
ml.p3.8xlarge instances 0
ml.p3.16xlarge instances 0
Longest run time for a training job 5 days
Number of instances 20
Number of instances for a training job 20
Size of EBS volume for an instance 1 TB

Amazon SageMaker Hosting

Resource Default Limit
ml.t2.medium instances 20
ml.m4.xlarge instances 20
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.xlarge instances 0
ml.c5.2xlarge instances 0
ml.c5.9xlarge instances 0
ml.p2.xlarge instances 2
ml.p3.2xlarge instances 0
Number of instances 20
Number of instances for an endpoint 20
Total TPS for all endpoints 10,000
Hosting 5 MB

AWS Server Migration Service Limits

Resource Default Limit
Concurrent VM migrations 50 per account

Maximum duration of service usage per VM (not per account), beginning with the initial replication of a VM. We terminate an ongoing replication after this period, unless a customer requests a limit increase.

90 days

AWS Service Catalog Limits

Resource Default Limit
Portfolios 25 per account
Users, groups, and roles 25 per portfolio
Products 25 per portfolio, 100 total per account
Product versions 50 per product
Constraints 25 per product per portfolio
Tags 20 per product, 20 per portfolio, 50 per provisioned product
Stacks 200 (AWS CloudFormation limit)

AWS Shield Advanced Limits

AWS Shield Advanced offers advanced monitoring and protection for up to 100 CloudFront distributions, Route 53 hosted zones or Elastic Load Balancing resources combined, per account. If you want to increase these limits, contact the AWS Support Center.

Amazon Simple Email Service (Amazon SES) Limits

The following are the default limits for Amazon SES in the sandbox environment.

Resource Default Limit
Daily sending quota 200 messages per 24-hour period.
Maximum send rate 1 email per second.

Note

The rate at which Amazon SES accepts your messages might be less than the maximum send rate.

Recipient address verification All recipient addresses must be verified.

For more information about these limits, see Limits in Amazon SES in the Amazon Simple Email Service Developer Guide.

Amazon Simple Notification Service (Amazon SNS) Limits

Resource Default Limit
Topics 100,000 per account
Subscriptions 12,500,000 per topic
Pending subscriptions 5,000 per account
Account spend threshold for SMS 1.00 USD per account
Delivery rate for promotional SMS messages 20 messages per second
Delivery rate for transactional SMS messages 20 messages per second
Message filter policies 100 per account

To increase any of the limits above, submit an SNS Limit Increase case.

Amazon SNS API Throttling Limits

API Transactions per Second
ListEndpointsByPlatformApplication 30
ListTopics 30
ListPlatformApplications 15
ListSubscriptions 30
ListSubscriptionsByTopic 30
Subscribe 100
Unsubscribe 100

The Amazon SNS API throttling limits cannot be increased.

Amazon Simple Queue Service (Amazon SQS)

For more information about these limits, see Amazon SQS Limits in the Amazon Simple Queue Service Developer Guide and the "Limits and Restrictions" section of the Amazon SQS FAQs.

Amazon Simple Storage Service (Amazon S3) Limits

Resource Default Limit
Buckets 100 per account

For more information about these limits, see Amazon S3 limits in the Amazon Simple Storage Service Developer Guide.

Amazon Simple Workflow Service (Amazon SWF) Limits

For more information about these limits, see Amazon SWF Limits in the Amazon Simple Workflow Service Developer Guide.

Amazon SimpleDB Limits

Resource Default Limit
Domains 250

For more information about these limits, see Amazon SimpleDB Limits in the Amazon SimpleDB Developer Guide.

AWS Step Functions Limits

For more information about these limits, see AWS Step Functions Limits in the AWS Step Functions Developer Guide.

AWS Storage Gateway Limits

For more information about these limits, see AWS Storage Gateway Limits in the AWS Storage Gateway User Guide.

Amazon Virtual Private Cloud (Amazon VPC) Limits

Unless otherwise noted, submit a request to increase these limits.

Resource Default limit Comments

VPCs per region

5

Increasing this limit increases the limit on Internet gateways per region by the same amount. The multiple of the number of VPCs in the region and the number of security groups per VPC cannot exceed 5000.

Subnets per VPC

200

-

IPv4 CIDR blocks per VPC

5

This limit is made up of the primary CIDR block plus 4 secondary CIDR blocks.

IPv6 CIDR blocks per VPC

1

This limit cannot be increased.

Internet gateways per region

5

This limit is directly correlated with the limit on VPCs per region. To increase this limit, increase the limit on VPCs per region. Only one Internet gateway can be attached to a VPC at a time.

Egress-only Internet gateways per region 5 This limit is directly correlated with the limit on VPCs per region. To increase this limit, increase the limit on VPCs per region. Only one egress-only Internet gateway can be attached to a VPC at a time.

Virtual private gateways per region

5

Only one virtual private gateway can be attached to a VPC at a time.

Customer gateways per region

50

To increase this limit, contact AWS Support.

VPN connections per region

50

-

VPN connections per VPC (per virtual private gateway)

 10

-

Route tables per VPC

200

This limit includes the main route table.

Routes per route table (non-propagated routes)

50

You can increase this limit up to a maximum of 100; however, network performance may be impacted. This limit is enforced separately for IPv4 routes and IPv6 routes (50 each, and a maximum of 100 each).

BGP advertised routes per route table (propagated routes)

100

This limit cannot be increased. If you require more than 100 prefixes, advertise a default route.

Elastic IP addresses per region for EC2-VPC

5

This is the limit for the number of Elastic IP addresses for use in EC2-VPC. For Elastic IP addresses for EC2-Classic, see Amazon Elastic Compute Cloud (Amazon EC2) Limits.

Security groups per VPC

500

The multiple of the number of VPCs in the region and the number of security groups per VPC cannot exceed 5000.

Inbound or outbound rules per security group

50

You can have 50 inbound and 50 outbound rules per security group (giving a total of 100 rules). To change this limit, contact AWS Support — a limit change applies to both inbound and outbound rules. The multiple of the limit for inbound or outbound rules per security group and the limit for security groups per network interface cannot exceed 250. For example, if you increase the limit to 100, we decrease your number of security groups per network interface to 2.

This limit is enforced separately for IPv4 rules and IPv6 rules. A rule that references a security group counts as one rule for IPv4 and one rule for IPv6.

Security groups per network interface

5

To increase or decrease this limit, contact AWS Support. The maximum is 16. The multiple of the limit for security groups per network interface and the limit for rules per security group cannot exceed 250. For example, if you increase the limit to 10, we decrease your number of rules per security group to 25.

Network interfaces per instance

-

This limit varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type.

Network interfaces per region

350

This limit is the greater of either the default limit (350) or your On-Demand Instance limit multiplied by 5. The default limit for On-Demand Instances is 20. If your On-Demand Instance limit is below 70, the default limit of 350 applies. To increase this limit, submit a request or increase your On-Demand Instance limit.

Network ACLs per VPC

200

You can associate one network ACL to one or more subnets in a VPC. This limit is not the same as the number of rules per network ACL.

Rules per network ACL

20

This is the one-way limit for a single network ACL, where the limit for ingress rules is 20, and the limit for egress rules is 20. This limit includes both IPv4 and IPv6 rules, and includes the default deny rules (rule number 32767 for IPv4 and 32768 for IPv6, or an asterisk * in the Amazon VPC console).

This limit can be increased up to a maximum if 40; however, network performance may be impacted.

Active VPC peering connections per VPC

50

The maximum limit is 125 peering connections per VPC. The number of entries per route table should be increased accordingly; however, network performance may be impacted.

Outstanding VPC peering connection requests

25

This is the limit for the number of outstanding VPC peering connection requests that you've requested from your account. To increase this limit, contact AWS Support.

Expiry time for an unaccepted VPC peering connection request

1 week (168 hours)

To increase this limit, contact AWS Support.

VPC endpoints per region

20

You can have 20 interface endpoints and 20 gateway endpoints. The maximum limit for gateway endpoints is 255 endpoints per VPC, regardless of your endpoint limit per region.

Flow logs per single network interface, single subnet, or single VPC in a region

2 This limit cannot be increased. You can effectively have 6 flow logs per network interface if you create 2 flow logs for the subnet, and 2 flow logs for the VPC in which your network interface resides.
NAT gateways per Availability Zone 5 A NAT gateway in the pending, active, or deleting state counts against your limit.

For more information about these limits, see Amazon VPC Limits in the Amazon VPC User Guide.

Amazon VPC DNS Limits

For more information about these limits, see DNS Limits in the Amazon VPC User Guide.

AWS WAF Limits

AWS WAF has default limits on the number of entities per account. You can request an increase in these limits.

Resource Default Limit

Web ACLs per AWS account

50

Rules per AWS account

100

Conditions per AWS account

100 of each condition type (For example: 100 Size constraint conditions, 100 IP match conditions, etc.)

Requests per Second 10,000 per web ACL*

*This limit applies only to AWS WAF on an Application Load Balancer. Requests per Second (RPS) limits for AWS WAF on CloudFront are the same as the RPS limits support by CloudFront described in the CloudFront developer guide.

The following limits on AWS WAF entities can't be changed.

Resource Limit

Rules per web ACL

10

Conditions per rule

10

IP address ranges (in CIDR notation) per IP match condition

10,000

Filters per cross-site scripting match condition

10

Filters per size constraint condition

10

Filters per SQL injection match condition

10

Filters per string match condition

10

In string match conditions, the number of characters in HTTP header names, when you've configured AWS WAF to inspect the headers in web requests for a specified value

40

In string match conditions, the number of characters in the value that you want AWS WAF to search for

50

In regex match conditions, the number of characters in the pattern that you want AWS WAF to search for

70

These limits are the same for all regions in which AWS WAF is available. Each region is subject to these limits individually. That is, the limits are not cumulative across regions.

Amazon WorkMail Limits

For more information about these limits, see Amazon WorkMail Limits.

Amazon WorkSpaces Limits

Resource Default Limit
WorkSpaces 1
Graphics WorkSpaces 0
Images 5

AWS X-Ray Limits

Resource

Default Limit

Trace and service graph retention

30 days

Segment document size

64kB

Indexed annotations per trace

50

On this page: