AWS General Reference
Reference guide (Version 1.0)

AWS Service Quotas

The following tables provide the default quotas, formerly referred to as limits, for AWS services for an AWS account. Unless otherwise noted, each quota is Region-specific. Many services contain quotas that cannot be increased.

Service Quotas is an AWS service that helps you manage your quotas for over 100 AWS services, from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console.

AWS Trusted Advisor offers a service quotas check (in the Performance category) that displays your usage and quotas for some aspects of some services. For more information, see Service Quotas Check Questions in the Trusted Advisor FAQs.

To request a quota increase

There are two ways to request a quota increase: Service Quotas and AWS Support Center. If a service is not yet available in Service Quotas, use AWS Support Center instead. Increases are not granted immediately. It might take a couple of days for your increase to become effective.

  • (Recommended) Open the Service Quotas console. In the navigation pane, choose AWS services. Select a service, select a quota, and follow the directions to request a quota increase. For more information, see Requesting a Quota Increase in the Service Quotas User Guide.

  • Open the AWS Support Center page, sign in if necessary, and choose Create case. Choose Service limit increase. Complete and submit the form.

Alexa for Business

Resource Default

Maximum number of conference appliances

10,000

Maximum number of gateways

100

Maximum number of rooms

10,000

Maximum number of devices

100,000 (10 per room)

Maximum number of users

10,000

Maximum number of skills

100 (25 per skill group)

Maximum number of skill groups

1,000

Maximum number of profiles

100

Amazon API Gateway

For more information, see Quotas in Amazon API Gateway in the API Gateway Developer Guide.

Application Auto Scaling

Item Default Notes
Maximum number of scalable targets per resource type

Amazon DynamoDB: 3000

All other resource types: 500

Make sure that you specify the type of resource with your request for a limit increase, for example, Amazon ECS or DynamoDB.*
Maximum number of scaling policies per scalable target 50
Maximum number of scheduled actions per scalable target 200
Maximum number of step adjustments per scaling policy 20

* For a complete list of resource types, see the Application Auto Scaling User Guide.

AWS Application Discovery Service

Resource Default
Inactive agents heartbeating but not collecting data 10,000
Active agents sending data to the service 250
Total collected data for all agents, per day 10 GB
Data storage duration before being purged 90 days

AWS App Mesh Service

Resource Default
Maximum number of meshes per account 15
Maximum number of virtual services per mesh 200
Maximum number of virtual nodes per mesh 200
Maximum number of backends per virtual node 50
Maximum number of connected Envoys per virtual node 10
Maximum number of virtual routers per mesh 200
Maximum number of routes per virtual router 50
Maximum number of weighted targets per route 10

Amazon AppStream 2.0

Resource Default
Stacks 5
Fleets 5
Streaming instances 5 *
Images 5
Image builders 5
Users 5

* This is the total quota across all instance families. Certain instance families have additional quotas. For the Graphics Desktop and Graphics Pro instance families, the default quota is 0. For the Graphics Design instance family, the default quota is 2.

This is the total quota across all instance families. Certain instance families have additional quotas. For the Graphics Desktop and Graphics Pro instance families, the default quota is 0. For the Graphics Design instance family, the default quota is 1.

AWS AppSync

Resource Default
Maximum number of APIs per Region

25 per account

You can request a quota increase.

Maximum number of API keys 50 per API
Maximum schema document size 1 MB
Functions per pipeline resolver 10
Throttle rate per GraphQL API

1,000 queries per second

You can request a quota increase.

Maximum GraphQL query execution timeout 30 seconds
Maximum evaluated resolver template size 5 MB
Maximum request/response mapping template size 64 KB
Maximum subscription payload size 128 KB
Maximum number of iterations in #foreach...#end loop in mapping templates 1000

Amazon Athena

Resource Default
Number of DDL queries you can submit at the same time. DDL queries include CREATE TABLE and CREATE TABLE ADD PARTITION queries. 20

Number of DML queries you can submit at the same time. DML queries include SELECT and CREATE TABLE AS (CTAS) queries.

20
Query timeout 30 minutes
Maximum allowed query string length 262144 bytes

Athena APIs have the following default quotas for the number of calls to the API per account (not per query):

API Name Default Number of Calls per Second Burst Capacity
BatchGetNamedQuery, ListNamedQueries, ListQueryExecutions 5 up to 10
CreateNamedQuery, DeleteNamedQuery, GetNamedQuery 5 up to 20
BatchGetQueryExecution 20 up to 40
StartQueryExecution, StopQueryExecution 20 up to 80
GetQueryExecution, GetQueryResults 100 up to 200

For example, for StartQueryExecution, you can make up to 20 calls per second. In addition, if this API is not called for 4 seconds, your account accumulates a burst capacity of up to 80 calls. In this case, your application can make up to 80 calls to this API in burst mode.

If you use any of these APIs and exceed the default quota for the number of calls per second, or the burst capacity in your account, the Athena API issues an error similar to the following: ""ClientError: An error occurred (ThrottlingException) when calling the <API_name> operation: Rate exceeded." Reduce the number of calls per second, or the burst capacity for the API for this account. You can contact AWS Support to request a quota increase.

For information about quotas for databases, tables, and partitions, see AWS Glue. If you have not migrated to AWS Glue Data Catalog, the number of partitions per table is 20,000.

AWS Auto Scaling

Following are the quotas for AWS Auto Scaling. To request a quota increase, use the Auto Scaling Quotas form.

Item Default Notes
Maximum number of scalable resources per resource type

Amazon DynamoDB: 2000

Amazon EC2 Auto Scaling groups: 200

All other resource types: 500

Make sure that you specify the type of resource with your request for a quota increase, for example, Amazon EC2 Auto Scaling, Amazon ECS, or DynamoDB.*
Maximum number of scaling plans 100
Maximum number of scaling instructions per scaling plan 500
Maximum number of target tracking configurations per scaling instruction 10

* For a complete list of resource types, see the AWS Auto Scaling User Guide.

Amazon EC2 Auto Scaling

Following are the limits for Amazon EC2 Auto Scaling. To request a quota increase, use the Auto Scaling Quotas form.

Resource Default
Maximum number of launch configurations per Region 200
Maximum number of Auto Scaling groups per Region 200
Maximum number of scaling policies per Auto Scaling group 50
Maximum number of scheduled actions per Auto Scaling group 125
Maximum number of lifecycle hooks per Auto Scaling group 50
Maximum number of SNS topics per Auto Scaling group 10
Maximum number of classic load balancers per Auto Scaling group 50
Maximum number of target groups per Auto Scaling group 50
Maximum number of step adjustments per scaling policy 20

For additional quotas and information about viewing your current quotas, see Amazon EC2 Auto Scaling Quotas in the Amazon EC2 Auto Scaling User Guide.

AWS Backup

API Name Default Number of Calls Per Second

CreateBackupPlan

CreateBackupSelection

DeleteBackupPlan

DeleteBackupSelection

DeleteBackupVault

DeleteBackupVaultAccessPolicy

DeleteBackupVaultNotifications

DescribeBackupVault

ExportBackupPlanTemplate

GetBackupPlanFromJSON

GetBackupPlanFromTemplate

PutBackupVaultNotifications

StartBackupJob

StartRestoreJob

StopBackupJob

TagResource

UntagResource

UpdateBackupPlan

UpdateRecoveryPointLifecycle

5

DeleteRecoveryPoint

DescribeProtectedResource

10

DescribeBackupJob

DescribeRecoveryPoint

DescribeRestoreJob

GetBackupPlan

GetBackupSelection

GetBackupVaultAccessPolicy

GetBackupVaultNotifications

GetRecoveryPointRestoreMetadata

GetSupportedResourceTypes

15

ListBackupJobs

ListBackupPlans

ListBackupPlanTemplates

ListBackupPlanVersions

ListBackupSelections

ListBackupVaults

ListProtectedResources

ListRecoveryPointByResource

ListRecoveryPointsByBackupVault

ListRecoveryPointsByResource

ListRestoreJobs

ListTags

20
Sum of All API Calls 50

If you regularly receive throttling exceptions, consider using a rate limiter.

To request an increase in these quotas, create a case with the AWS Support Center.

For additional information, see Quotas in the AWS Backup Developer Guide.

AWS Batch

AWS Batch does not have any default service quotas that you can increase. For more information about service quotas for AWS Batch, see Service Quotas in the AWS Batch User Guide.

Billing and Cost Management

Billing and Cost Management has no increasable quotas. For more information, see Quotas in AWS Billing and Cost Management.

AWS Certificate Manager (ACM)

Item Default
Number of ACM certificates 1000
Number of ACM certificates per year (last 365 days) Twice your account quota
Number of imported certificates 1000
Number of imported certificates per year (last 365 days) Twice your account quota
Number of domain names per ACM certificate 10
Number of private CAs 10
Number of private certificates per CA (lifetime) 1,000,000

For more information, see Quotas in the AWS Certificate Manager User Guide.

AWS Certificate Manager Private Certificate Authority (ACM PCA)

Item Default
Number of private CAs 10
Number of private certificates per CA (lifetime) 1,000,000
Number of revoked private certificates per private CA (lifetime) 1,000,000

For more information, see Quotas in the AWS Certificate Manager User Guide.

Amazon Chime

Resource Default

Amazon Chime Voice Connectors per account

3

Amazon Chime Voice Connector groups per account

3

Amazon Chime Voice Connectors per Amazon Chime Voice Connector group

3

Amazon Chime provisioned phone numbers per account

25

Calls per second for each Amazon Chime Voice Connector

1

Rooms per account

1,500

Rooms per profile

1,500

Memberships per room

1,000

Memberships per profile

1,000

Active Amazon Chime SDK meetings per account

100

Amazon Chime SDK attendees per meeting

100

AWS Cloud9

Resource Default Adjustable
Maximum number of AWS Cloud9 EC2 development environments
  • 100 per user

  • 200 per account

Yes
Maximum number of SSH environments
  • 100 per user

  • 200 per account

Yes
Maximum number of members in an environment

The maximum number of members is equal to the memory of the instance for that environment divided by 60 MB, with results rounded down. For example, an instance with 1 GiB of memory can have a maximum of 17 members (which is 1 GiB divided by 60 MB, rounded down).

If AWS Cloud9 cannot determine the memory of an instance, it defaults to a maximum of 8 users for each environment associated with that instance.

The absolute maximum number of members for an environment is 25.

No1

1 You can move an environment to attempt to increase the maximum number of members. However, the absolute maximum number of members for an environment is still 25. For more information, see Moving an Environment in the AWS Cloud9 User Guide.

For more information, see Quotas in the AWS Cloud9 User Guide.

AWS CloudFormation

Resource Default
Stacks 200
Stack sets 20
Stack instances per stack set 500

For more information, see AWS CloudFormation Quotas in the AWS CloudFormation User Guide.

Amazon CloudFront

General

Resource Default
Data transfer rate per distribution 40 Gbps
Requests per second per distribution 100,000
Web distributions per account 200
RTMP distributions per account 100
Alternate domain names (CNAMEs) per distribution 100
Origins per distribution 25
Origin access identities per account 100
Cache behaviors per distribution 25
Whitelisted headers per cache behavior 10
Whitelisted cookies per cache behavior 10
SSL certificates per account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI) 2
Custom headers that you can have Amazon CloudFront forward to the origin 10 name–value pairs

Whitelisted query strings per cache behavior

For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.

Response timeout per origin

For more information, see Response Timeout in the Amazon CloudFront Developer Guide.

Lambda@Edge

Resource Default
Distributions per AWS account that you can create triggers for 25
Triggers per distribution 25
Requests per second 10,000
Concurrent executions 1,000

For more information, see Quotas in the Amazon CloudFront Developer Guide.

AWS CloudHSM

Resource Default
Clusters 4
HSMs 6

For more information, see Quotas in the AWS CloudHSM User Guide.

AWS CloudHSM Classic

Resource Default
HSM appliances 3
High-availability partition groups 20

For more information, see Quotas in the AWS CloudHSM Classic User Guide.

AWS Cloud Map

Resource Default
Namespaces 50 per AWS Region *
Services 1,000 per namespace
Instances 2,000 per namespace
Instances 1,000 per service

* When you create a namespace, we automatically create a Route 53 hosted zone. This hosted zone counts against the quota on the number of hosted zones that you can create with an AWS account. See Amazon Route 53.

For more information, see AWS Cloud Map Quotas in the AWS Cloud Map Developer Guide.

Amazon CloudSearch

Resource Default
Partitions 10
Search instances 50

For more information, see Understanding Amazon CloudSearch Quotas in the Amazon CloudSearch Developer Guide.

AWS CloudTrail

CloudTrail has no increasable quotas. For more information, see Quotas in AWS CloudTrail.

Amazon CloudWatch

Resource Default

Actions

5/alarm. This quota cannot be changed.

Alarms

10/month/customer for free. 5000 per Region per account.

API requests

1,000,000/month/customer for free.

Custom metrics

No quota.

Dashboards

Up to 100 metrics per dashboard widget.

Up to 500 metrics per dashboard, across all widgets.

These cannot be changed.

DescribeAlarms

9 transactions per second (TPS). The maximum number of operation requests you can make per second without being throttled.

You can request a quota increase.

DeleteAlarms request

DescribeAlarmHistory request

DescribeAlarmsForMetric request

DisableAlarmActions request

EnableAlarmActions request

SetAlarmState request

3 transactions per second (TPS) for each of these operations. The maximum number of operation requests you can make per second without being throttled.

These quotas cannot be changed.

DeleteDashboards request

GetDashboard request

ListDashboards request

PutDashboard request

10 transactions per second (TPS) for each of these operations. The maximum number of operation requests you can make per second without being throttled.

These quotas cannot be changed.

Dimensions

10/metric. This quota cannot be changed.

GetMetricData

50 transactions per second (TPS). The maximum number of operation requests you can make per second without being throttled. You can request a quota increase.

180,000 Datapoints Per Second (DPS) if the StartTime used in the API request is less than or equal to three hours from current time. 90,000 DPS if the StartTime is more than three hours from current time. This is the maximum number of datapoints you can request per second using one or more API calls without being throttled. This quota cannot be changed.

GetMetricData

A single GetMetricData call can include as many as 100 MetricDataQuery structures.

This quota cannot be changed.

GetMetricStatistics

400 transactions per second (TPS). The maximum number of operation requests you can make per second without being throttled.

You can request a quota increase.

ListMetrics

25 transactions per second (TPS). The maximum number of operation requests you can make per second without being throttled.

You can request a quota increase.

Metric data

15 months. This quota cannot be changed.

MetricDatum items

20/PutMetricData request. A MetricDatum object can contain a single value or a StatisticSet object representing many values. This quota cannot be changed.

Metrics

10/month/customer for free.

Period

Maximum value is one day (86,400 seconds). This quota cannot be changed.

PutMetricAlarm request

3 transactions per second (TPS). The maximum number of operation requests you can make per second without being throttled.

You can request a quota increase.

PutMetricData request

40 KB for HTTP POST requests. PutMetricData can handle 150 transactions per second (TPS), which is the maximum number of operation requests you can make per second without being throttled.

You can request a quota increase.

Amazon SNS email notifications

1,000/month/customer for free.

For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.

Amazon CloudWatch Events

For more information, see CloudWatch Events Quotas in the Amazon CloudWatch Events User Guide.

Amazon CloudWatch Logs

Resource Default

Batch size

1 MB (maximum). This quota cannot be changed.

Data archiving

Up to 5 GB of data archiving for free. This quota cannot be changed.

DescribeLogStreams

5 transactions per second (TPS/account/Region).

Discovered log fields

CloudWatch Logs Insights can discover a maximum of 1000 log event fields in a log group. This quota cannot be changed.

Event size

256 KB (maximum). This quota cannot be changed.

Export task

One active (running or pending) export task at a time, per account. This quota cannot be changed.

FilterLogEvents

5 transactions per second (TPS)/account/Region. This quota cannot be changed.

GetLogEvents

10 requests per second per account per Region. This quota cannot be changed.

We recommend subscriptions if you are continuously processing new data. If you need historical data, we recommend exporting your data to Amazon S3.

Incoming data

Up to 5 GB of incoming data for free. This quota cannot be changed.

Log groups

20,000 log groups per account per Region. You can request a quota increase.

There is no quota on the number of log streams that can belong to one log group.

Metrics filters

100 per log group. This quota cannot be changed.

PutLogEvents

5 requests per second per log stream. Additional requests are throttled. This quota cannot be changed.

The maximum batch size of a PutLogEvents request is 1MB.

1500 transactions per second per account per Region, except for the following Regions where the quota is 800 transactions per second per account per Region: ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, eu-central-1, eu-west-2, sa-east-1, us-east-2, and us-west-1. You can request a quota increase.

Query concurrency

A maximum of 4 concurrent CloudWatch Logs Insights queries, including queries that have been added to dashboards. You can request a quota increase.

Query results displayed in console

In CloudWatch Logs Insights query results, a maximum of 10000 log events are displayed on the console. This quota cannot be changed.

Subscription filters

1 per log group. This quota cannot be changed.

For more information, see CloudWatch Logs Quotas in the Amazon CloudWatch Logs User Guide.

CodeBuild

Resource Default
Maximum number of build projects 1,000
Maximum number of concurrent running builds * 20

* Quotas for the maximum number of concurrent running builds vary, depending on the compute type. For some compute types, the default is 20. To request a higher concurrent build quota or if you get a "Cannot have more than X active builds for the account" error, contact AWS support.

For more information, see Quotas for CodeBuild in the AWS CodeBuild User Guide.

CodeCommit

Resource Default
Number of repositories 1,000 per AWS account

For more information, see Quotas in CodeCommit in the AWS CodeCommit User Guide.

CodeDeploy

Resource Default
Maximum number of applications associated with an AWS account in a single Region 100
Maximum number of concurrent deployments associated with an AWS account 100
Maximum number of deployment groups associated with a single application 100
Maximum number of instances in a single deployment 500
Maximum number of event notification triggers in a deployment group 10

For more information, see Quotas in CodeDeploy in the AWS CodeDeploy User Guide.

CodePipeline

This table lists the configurable quotas for CodePipeline.

Resource Default

Maximum number of total pipelines per Region in an AWS account

300

Maximum number of pipelines per Region with change detection set to periodically checking for source changes

60

Note

Instead of using periodic checks, configure your pipeline to use the recommended change-detection method for your source type. For example, configure your AWS CodeCommit pipeline to use Amazon CloudWatch Events for change detection. See Change-detection Methods for instructions specific to your source type.

Number of stages in a pipeline

Minimum of 2, maximum of 10

Number of actions in a stage

Minimum of 1, maximum of 50

Maximum number of parallel actions in a stage 50
Maximum number of sequential actions in a stage 50
Maximum number of webhooks per Region in an AWS account 300

Number of custom actions per Region in an AWS account

50

It may take up to two weeks to process requests for a quota increase.

For more information, see Quotas in CodePipeline in the AWS CodePipeline User Guide.

Amazon Cognito User Pools

Resource Default
Maximum number of apps per user pool 1000
Maximum number of user pools per account 1000
Maximum number of user import jobs per user pool 50
Maximum number of groups per user pool 300
Maximum number of identity providers per user pool 300
Maximum number of resource servers per user pool 25

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Federated Identities Quotas

Resource Default
Maximum number of identity pools per account 1000

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Sync

Resource Default
Maximum number of datasets per identity 20
Maximum number of records per dataset 1024
Maximum size of a single dataset 1 MB

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Comprehend

Resource Default
Transactions per second for the DetectDominantLanguage, DetectEntities, DetectKeyPhrases, and DetectSentiment operations 20
Transactions per second for the BatchDetectDominantLanguage, BatchDetectEntities, BatchDetectKeyPhrases, and BatchDetectSentiment operations 10
Transactions per second for the StartTopicsDetectionJob operation 1
Transactions per second for the DescribeTopicsDetectionJob and ListTopicDetectionJobs operations 10
Maximum concurrent jobs 10

You can request an increase for any of the quotas using the Amazon Comprehend service quotas increase form.

For more information, see Guidelines and Quotas in the Amazon Comprehend Developer Guide.

Amazon Comprehend Medical

Resource Default
Transactions per second (TPS) for the DetectEntities and DetectPHI operations 10

You can request an increase for any of the quotas using the Comprehend Medical service quotas.

For more information, see Guidelines and Quotas in the Amazon Comprehend Medical Developer Guide.

AWS Config

Resource Default Notes
Number of AWS Config rules per Region in your account 150

You can request a quota increase.

Maximum Number of Configuration Aggregators 50

You can request a quota increase.

Amazon Connect

The following are the defaults for new Amazon Connect instances. The quotas for your account may differ from the defaults described here. For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.

Item Default

Amazon Connect instances

5

Users per instance

500

Phone numbers per instance

10

Queues per instance

50

Queues per routing profile

50

Routing profiles per instance

100

Hours of operation per instance

100

Quick connects per instance

100

Prompts per instance

500

Agent status per instance

50

Security profiles per instance

100

Contact flows per instance

100

Agent hierarchy groups per instance

50

Reports per instance

500

Scheduled reports per instance

50

Concurrent active calls per instance

100

Phone Number Porting

You can port your US phone numbers from your current carrier to Amazon Connect. For information about how to port your phone number, see Port Your Current Phone Number.

Country code whitelisting for Outbound Calls

You can place calls to the following dialing codes when you create a new instance:

  • Australia

  • Canada

  • China

  • Germany

  • Hong Kong

  • Israel

  • Japan

  • Mexico

  • Singapore

  • Sweden

  • United States

  • United Kingdom †

† UK numbers with a 447 prefix are not allowed by default. Before you can dial these UK mobile numbers, you must submit a service quota increase request.

AWS Data Pipeline

Attribute Value Adjustable
Number of pipelines 100 Yes
Number of objects per pipeline 100 Yes
Number of active instances per object 5 Yes
Number of fields per object 50 No
Number of UTF8 bytes per field name or identifier 256 No
Number of UTF8 bytes per field 10,240 No
Number of UTF8 bytes per object 15,360 (including field names) No
Rate of creation of an instance from an object 1 per 5 minutes No
Retries of a pipeline activity 5 per task No
Minimum delay between retry attempts 2 minutes No
Minimum scheduling interval 15 minutes No
Maximum number of roll-ups into a single object 32 No
Maximum number of EC2 instances per Ec2Resource object 1 No

For more additional, see AWS Data Pipeline Quotas in the AWS Data Pipeline Developer Guide.

AWS Database Migration Service

Resource Default
Replication instances 20
Total amount of storage 6 TB
Replication subnet groups 20
Subnets per replication subnet group 20
Endpoints 100
Tasks 200
Endpoints per instance 20

AWS DataSync

Resource Value

Maximum number of tasks you can create in account per AWS Region

Note

You can make a request for this quota to be increased to 64.

10

Maximum number of files for per task

20 million

Maximum throughput per task

10 Gbps

These quotas can be increased upon request.

AWS DeepLens

Resource Default Adjustable upon Request
Devices per account 200 Yes
Projects per account 200 Yes
Models per account 200 Yes
Versions per project 100 No

AWS Device Farm

Resource Default Comments

App file size you can upload

4 GB

Number of devices that AWS Device Farm can test during a run

5

This quota can be increased to 100 upon request.

Number of devices you can include in a test run

None

Number of runs you can schedule

None

Duration of a remote access session

60 minutes

AWS Direct Connect

For more information, see AWS Direct Connect Quotas in the AWS Direct Connect User Guide.

AWS Directory Service

Resource Default
AD Connector directories 10
AWS Directory Service for Microsoft Active Directory directories 10
Simple AD directories 10
Manual snapshots 5 per AWS Managed Microsoft AD
Manual snapshots 5 per Simple AD

For more information, see AWS Directory Service Quotas in the AWS Directory Service Administration Guide.

Amazon DynamoDB

Resource Default
US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), South America (São Paulo), EU (Frankfurt), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing) Regions:

Maximum capacity units per table or global secondary index

40,000 read capacity units and 40,000 write capacity units
US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), South America (São Paulo), EU (Frankfurt), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing) Regions:

Maximum capacity units per account

80,000 read capacity units and 80,000 write capacity units
All other Regions:

Maximum capacity units per table or global secondary index

10,000 read capacity units and 10,000 write capacity units
All other Regions:

Maximum capacity units per account

20,000 read capacity units and 20,000 write capacity units
Maximum number of tables 256

For more information, see Quotas in Amazon DynamoDB in the Amazon DynamoDB Developer Guide.

AWS Elastic Beanstalk

Resource Default
Applications 75
Application Versions 1000
Configuration Templates 2000
Environments 200

Amazon Elastic Block Store (Amazon EBS)

Resource Default
Number of EBS snapshots 100,000
Concurrent snapshot copies to a single destination Region 5
Total provisioned IOPS 300,000
Number of EBS snapshots enabled for fast snapshot restore 5

General Purpose SSD (gp2) volumes

Resource Default
Concurrent snapshots for a single volume 5
Total volume storage 300 TiB
Maximum modifying storage

100 TiB

Provisioned IOPS SSD (io1) volumes

Resource Default
Concurrent snapshots for a single volume 5
Total volume storage 300 TiB
Maximum modifying storage

100 TiB

Maximum modifying IOPS

100,000

Throughput Optimized HDD (st1) volumes

Resource Default
Concurrent snapshots for a single volume 1
Total volume storage 300 TiB
Maximum modifying storage

100 TiB

Cold HDD (sc1) volumes

Resource Default
Concurrent snapshots for a single volume 1
Total volume storage 300 TiB
Maximum modifying storage

100 TiB

Magnetic (standard) volumes

Resource Default
Concurrent snapshots for a single volume 5
Total volume storage 300 TiB
Maximum modifying storage

100 TiB

Amazon Elastic Compute Cloud (Amazon EC2)

Resource Default
On-Demand Instances Quotas vary depending on instance type. For more information, see On-Demand Instance Quotas.
Spot Instances 20 per Region. For more information, see Spot Instance Quotas.
Reserved Instances 20 regional and 20 zonal per month per Availability Zone. For more information, see Reserved Instance Quotas.
Elastic IP addresses for EC2-Classic 5
Security groups for EC2-Classic per instance 500
Rules per security group for EC2-Classic 100
Key pairs 5,000
Launch Templates Up to 5,000 launch templates per Region and 10,000 versions per launch template.
Dedicated Hosts Up to two Dedicated Hosts per instance family, per Region.
Placement groups 500
Concurrent AMI copies Destination Regions can have up to 50 concurrent AMI copies.
Throttle on the emails that can be sent from your Amazon EC2 account Throttle applied

Amazon Elastic Container Registry (Amazon ECR)

Service quota Description Default quota value

Registered repositories

The maximum number of repositories that you can create in this account in the current Region.

10,000

Image per repository

The maximum number of images per repository.

10,000

Rate of GetAuthorizationToken API requests

The sustain rate of GetAuthorizationToken API requests that you can make per second in the current Region. Your account receives a bucket that can store up to 200 credits to use for this API transaction and the bucket gets replenishes at this sustain rate.

20 *

GetAuthorizationToken API throttle burst quota

The maximum number of GetAuthorizationToken API requests you can make in one burst in the current Region. Your bucket replenishes at the sustain rate of 20 transactions per second.

200

Rate of image pulls

The sustain rate of docker pull transactions that you can make per second in the current Region. Your account receives a bucket that can store up to 400 credits to use for this API transaction and the bucket gets replenishes at this sustain rate.

200

Image pull throttle burst quota

The maximum number of docker pull transactions you can make in one burst in the current Region. Your bucket replenishes at the sustain rate of 200 transactions per second.

400

Rate of image pull layers

The sustain rate of docker pull layer transactions that you can make per second in the current Region. Your account receives a bucket that can store up to 400 credits to use for this API transaction and the bucket gets replenishes at this sustain rate.

200

Image pull layer throttle burst quota

The maximum number of docker pull layer transactions you can make in one burst in the current Region. Your bucket replenishes at the sustain rate of 200 transactions per second.

400

Rate of image pushes

The maximum number of docker push transactions that you can make per second in the current Region. Your account receives a bucket that can store up to 40 credits to use for this API transaction and the bucket gets replenishes at this sustain rate.

10

Image push throttle burst quota

The maximum number of docker push transactions you can make in one burst in the current Region. Your bucket replenishes at the sustain rate of 10 transactions per second.

40

For more information, see Amazon ECR Service Quotas in the Amazon Elastic Container Registry User Guide.

Amazon Elastic Container Service (Amazon ECS)

Service quota Description Default quota value

Clusters per account

The maximum number of clusters per Region, per account.

2000

Container instances per cluster

The maximum number of container instances per cluster.

2000

Services per cluster

The maximum number of services per cluster.

1000

Tasks using the EC2 launch type per service (the desired count)

The maximum number of tasks using the EC2 launch type per service (the desired count).

1000

Tasks using the Fargate launch type, per Region, per account

The maximum number of tasks using the Fargate launch type, per Region.

100

Public IP addresses for tasks using the Fargate launch type

The maximum number of public IP addresses used by tasks using the Fargate launch type, per Region.

100

For more information, see Amazon ECS Service Quotas in the Amazon Elastic Container Service Developer Guide.

Amazon Elastic Kubernetes Service (Amazon EKS)

Resource Default
Maximum number of Amazon EKS clusters per region, per account 100
Maximum number of managed node groups per cluster 10
Maximum number nodes per managed node group 100

For more information, see Amazon EKS Service Quotas in the Amazon EKS User Guide.

Amazon Elastic File System

Following can be increased by contacting AWS Support.

Resource Default
Number of file systems for each customer account in an AWS Region 1,000
Total bursting throughput for all connected clients

US East (Ohio) Region – 3 GB/s

US East (N. Virginia) Region – 3 GB/s

US West (N. California) Region – 1 GB/s

US West (Oregon) Region – 3 GB/s

Asia Pacific (Mumbai) – 1 GB/s

Asia Pacific (Seoul) – 1 GB/s

Asia Pacific (Singapore) – 1 GB/s

Asia Pacific (Tokyo) – 1 GB/s

Canada (Central) – 1 GB/s

EU (Frankfurt) Region – 1 GB/s

EU (Ireland) Region – 3 GB/s

EU (London) Region – 1 GB/s

EU (Paris) Region – 1 GB/s

Asia Pacific (Sydney) Region – 3 GB/s

AWS GovCloud (US-West) – 1 GB/s

Total provisioned throughput for all connected clients

All AWS Regions – 1 GB/s

For more information, see Amazon EFS Quotas in the Amazon Elastic File System User Guide.

Amazon Elastic Inference

Amazon Elastic Inference

Resource Default Adjustable
Maximum number of Elastic Inference accelerators 5 Yes

Elastic Load Balancing

Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.

Application Load Balancers

Resource Default
Load balancers per Region 50
Target groups per Region 3000 *
Listeners per load balancer 50
Targets per load balancer 1000
Subnets per Availability Zone per load balancer 1
Security groups per load balancer 5
Rules per load balancer (not counting default rules) 100
Certificates per load balancer (not counting default certificates) 25
Number of times a target can be registered per load balancer 100
Load balancers per target group 1
Targets per target group (instances or IP addresses) 1000
Targets per target group (Lambda functions) 1

Network Load Balancers

Resource Default
Network Load Balancers per Region 50
Target groups per Region 3000 *
Listeners per load balancer 50
Subnets per Availability Zone per load balancer 1
Targets per load balancer per Availability Zone 500
Targets per load balancer 500
Certificates per load balancer (not counting default certificates) 25
Load balancers per target group 1

* This quota is shared by target groups for your Application Load Balancers and Network Load Balancers.

Classic Load Balancers

Resource Default
Load balancers per Region 20
Listeners per load balancer 100
Security groups per load balancer 5
Registered instances per load balancer 1,000
Subnets per Availability Zone per load balancer 1

Amazon Elastic Transcoder

Resource Default
Pipelines per Region 4
User-defined presets 50
Maximum number of jobs processed simultaneously by each pipeline

100 per pipeline

Maximum number of jobs queued in each pipeline

1,000,000

Maximum number of outputs

30 per job

Maximum rate at which you can submit requests to create a job

You can submit two requests per second per AWS account at a sustained rate; brief bursts of 100 requests per second are allowed.

Maximum rate at which you can submit requests to read a job

You can submit four requests per second per AWS account at a sustained rate; brief bursts of 50 requests per second are allowed.

It may take up to two weeks to process requests for a quota increase.

For more information, see Amazon Elastic Transcoder quotas in the Amazon Elastic Transcoder Developer Guide.

Amazon ElastiCache

For information on ElastiCache terminology, see ElastiCache Components and Features.

Resource Default Description
Nodes per Region 300 The maximum number of nodes across all clusters in a Region. This quota applies to both your reserved and non-reserved nodes within the given Region. You can have up to 300 reserved nodes and 300 non-reserved nodes in the same Region.
Nodes per cluster (Memcached) 40 The maximum number of nodes in an individual Memcached cluster.
Nodes per cluster  per instance type (Redis cluster mode enabled) 90 The maximum number of nodes in an individual Redis cluster. You must also specify the instance type with your request.
Nodes per shard (Redis) 6 The maximum number of nodes in an individual Redis shard (node group). One node is the read/write Primary. All other nodes are read-only Replicas. This quota cannot be increased.
Shards per Cluster (Redis cluster mode disabled) 1 The maximum number of shards (node groups) in a Redis (cluster mode disabled) cluster.
Parameter groups per Region 150 The maximum number of parameters groups you can create in a Region.
Security groups per Region 50 The maximum number of security groups you can create in a Region.
Subnet groups per Region 150 The maximum number of subnet groups you can create in a Region.
Subnets per subnet group 20 The maximum number of subnets you can define for a subnet group.

These quotas are global quotas per customer account. To exceed these quotas, make your request using the ElastiCache Node request form.

Amazon EventBridge

For more information, see EventBridge Quotas in the Amazon EventBridge User Guide.

AWS Firewall Manager

AWS Firewall Manager has default quotas on the number of entities per account. You can request an increase in these quotas.

Resource Default

Accounts per organization in AWS Organizations

Varies. An invitation sent to an account counts against this quota. The count is returned if the invited account declines, the master account cancels the invitation, or the invitation expires.

Firewall Manager policies per organization in AWS Organizations

20

Tags to specified include or exclude per Firewall Manager policy

8

The following quotas related to Firewall Manager can't be changed.

Resource Value
Rule groups per AWS Firewall Manager administrator account 3

Rule groups per Firewall Manager policy

2: 1 customer-created rule group and 1 AWS Marketplace rule group

Rules per rule group

10

Amazon FSx

Following are the quotas for Amazon FSx for Lustre and Amazon FSx for Windows File Server that you can increase by contacting AWS Support.

Amazon FSx for Lustre

Resource Default Can be increased up to
Number of file systems 100 Thousands
Total storage for all file systems

US East (Ohio) Region – 100,800 GiB

US East (N. Virginia) Region – 100,800 GiB

US West (N. California) Region – 25,200 GiB

US West (Oregon) Region – 100,800 GiB

Asia Pacific (Singapore) – 25,200 GiB

Asia Pacific (Sydney) – 100,800 GiB

Asia Pacific (Tokyo) – 100,800 GiB

EU (Frankfurt) Region – 100,800 GiB

EU (Ireland) Region – 100,800 GiB

EU (London) Region – 25,200 GiB

EU (Stockholm) Region – 25,200 GiB

Petabytes

For more information, see FSx Lustre Quotas in the Amazon FSx for Lustre User Guide.

Amazon FSx for Windows File Server

Resource Default Can Be Increased Up To
Number of file systems 100 Thousands
Total storage for all file systems 512 TiB Multiple PiBs
Total throughput capacity for all file systems 10 GBps Hundreds of GBps
Total number of user-initiated backups for all file system

500

Thousands

For more information, see FSx for Windows Quotas in the Amazon FSx for Windows File Server User Guide.

Amazon GameLift

Resource Default
Aliases 20
Fleets 20
Builds 1000
Scripts 1000
Total combined size of uploaded builds and scripts 100 GB
Log upload size per game session 200 MB
On-demand instances

Per instance type: quotas vary.

Per account: 20 instances max, regardless of instance type.

For more information, see Scaling Amazon Elastic Compute Cloud (Amazon EC2) Instances for Amazon GameLift.

Server processes per instance

GameLift SDK v2.x: 1

GameLift SDK v3.x and up: 50

Player sessions per game session 200
Matchmakers per account 100
VPC peering connections For quotas on active and pending VPC peering connections, see Amazon Virtual Private Cloud (Amazon VPC).

The expiry time for an Amazon GameLift VPC peering authorization is 24 hours.

Amazon S3 Glacier

Resource Default
Number of vaults per account 1000
Number of provisioned capacity units 2

AWS Global Accelerator

Resource Default
Number of accelerators for each AWS account 20
Number of listeners for each accelerator 10
Number of port ranges for each listener 10
Number of endpoints for each endpoint group 10

In addition, there are quotas for Elastic IP addresses, Network Load Balancers, and Application Load Balancers that are used as endpoints for an accelerator. For more information, see the following:

AWS Glue

Resource Default
Number of databases per account 10,000
Number of tables per database 200,000
Number of partitions per table 10,000,000
Number of table versions per table 100,000
Number of functions per database 100
Number of tables per account 1,000,000
Number of partitions per account 20,000,000
Number of table versions per account 1,000,000
Number of connections per account 1,000
Number of functions per account 100
Number of concurrent crawlers per account 50
Number of crawlers per account 1000
Number of jobs per account 250
Number of triggers per account 250
Number of workflows per account 250
Number of concurrent job runs per account 50
Number of concurrent job runs per job 1,000
Number of jobs per trigger 50
Number of development endpoints per account 25
Number of security configurations per account 250
Maximum DPUs used by a development endpoint at one time 50
Maximum DPUs used by a role at one time 300
Number of machine learning transforms per account 100
Maximum label file size in MB 10
Number of concurrent tasks per transform 3
Number of concurrent tasks per account 30

Some of the quotas for AWS Glue vary for the AWS GovCloud (US-West) Region. For more information, see AWS Glue in the AWS GovCloud (US) User Guide.

AWS Ground Station

Resource Default
Maximum lead time allowed for scheduling a contact 7 days
Maximum contact duration permitted 20 minutes
Maximum scheduled contact duration permitted 1000 minutes
Maximum number of scheduled contacts allowed 100
Maximum number of configs allowed 100
Maximum number of dataflow endpoint groups allowed 100
Maximum number of mission profiles allowed 100
Maximum number of dataflow endpoints per group allowed 20

For more information, see the AWS Ground Station User Guide.

Amazon GuardDuty

Resource Default
Detectors 1
Filters 100
Trusted IP sets 1
Threat intel sets 6
GuardDuty member accounts 1000
GuardDuty finding retention time 90 days

For more information, see the Amazon GuardDuty User Guide.

AWS Identity and Access Management (IAM)

Default quotas for IAM entities:

Resource Default
Customer managed policies in an AWS account 1500
Groups in an AWS account 300
Roles in an AWS account 1000
Managed policies attached to an IAM role 10
Managed policies attached to an IAM user 10
Virtual MFA devices (assigned or unassigned) in an AWS account Equal to the user quota for the account
Instance profiles in an AWS account 1000
Server certificates stored in an AWS account 20

These default quotas can be changed. For information about other quotas that cannot be changed, see Limitations on IAM Entities and Objects in the IAM User Guide.

AWS Import/Export

AWS Snowball (Snowball)

Resource Default Comments
Snowball 1

To increase this quota, contact AWS Support.

Amazon Inspector

Resource Default
Running agents 500
Assessment runs 50,000
Assessment templates 500
Assessment targets 50

For more information, see the Amazon Inspector User Guide.

AWS IoT

Thing

Resource Default
Thing name size 128 bytes of UTF-8 encoded characters. This quota applies for both the thing registry and Thing Shadow services.
Maximum number of thing attributes for a thing with a thing type 50
Maximum number of thing attribute for a thing without a thing type 3
Number of thing types that can be associated with a thing 1
Maximum number of thing types in an AWS account Unlimited

Thing Group

Resource Description Default Adjustable
Maximum direct child groups The maximum number of direct child groups. 100 No
Maximum dynamic groups The maximum number of dynamic groups. 100 No
Thing Group Hierarchy The maximum depth of a thing group hierarchy. 7 No
Thing Group Attributes The maximum number of attributes associated with a thing group. 50 No
Thing Group Attribute Name The maximum size of a thing group attribute name (in chars). 128 No
Thing Group Attribute Value The maximum size of a thing group attribute value (in chars). 800 No

Message Broker

Resource Description Default Adjustable
Maximum concurrent client connections per account The maximum number of concurrent connections allowed per account. 500,000 Yes
Connect requests per second per account AWS IoT restricts an account to a maximum number of MQTT CONNECT requests per second. 500 Yes

Connect requests per second per client ID

AWS IoT restricts MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second.

1 No
Subscriptions per account AWS IoT restricts an account to a maximum number of subscriptions across all active connections. 500,000 Yes
Subscriptions per second per account AWS IoT restricts an account to a maximum number of subscriptions per second. For example, if there are two MQTT SUBSCRIBE requests within a second with 3 subscriptions (topic filters) each, AWS IoT counts those as 6 subscriptions towards this quota. 500 Yes
Subscriptions per connection AWS IoT supports 50 subscriptions per connection. Subscription requests on the same connection in excess of this amount may be rejected by AWS IoT and the connection will be closed. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed. 50 No
Publish requests per second per connection AWS IoT restricts each client connection to a maximum number of inbound and outbound publish requests per second. Publish requests exceeding that quota will be discarded. 100 No
Inbound publish requests per second per account Inbound publish requests count for all the messages that AWS IoT processes before routing the messages to the subscribed clients or the rules engine. For example, a single message published on $aws/things/device/shadow/update topic can result in publishing three additional messages to $aws/things/device/shadow/update/accepted, $aws/things/device/shadow/update/documents, and $aws/things/device/shadow/delta topics. In this case, AWS IoT counts those as 4 inbound publish requests towards this quota. However, a single message to an unreserved topic like a/b is counted only as a single inbound publish request. 20,000 Yes
Outbound publish requests per second per account Outbound publish requests count for every message that resulted in matching a client's subscription or matching a rules engine subscription. For example, two clients are subscribed to topic filter a/b and a rule is subscribed to topic filter a/#. An inbound publish request on topic a/b results in a total of 3 outbound publish requests. 20,000 Yes
Throughput per second per connection Data received or sent over a client connection is processed at a maximum throughput rate. Data exceeding the maximum throughput will be delayed in processing. 512 KiB No
Maximum inbound unacknowledged QoS 1 publish requests AWS IoT restricts the number of unacknowledged inbound publish requests per client. When this quota is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server. 100 No
Maximum outbound unacknowledged QoS 1publish requests AWS IoT restricts the number of unacknowledged outbound publish requests per client. When this quota is reached, no new publish requests are sent to the client until the client acknowledges the publish requests. 100 No
Maximum retry interval for delivering QoS 1 messages AWS IoT will retry delivery of unacknowledged quality-of-service 1 (QoS 1) publish requests to a client for up to one hour. If AWS IoT does not receive a PUBACK message from the client after one hour, it will drop the publish requests. 1 hour No
Persistent Session expiry period The duration of time for which the Message Broker will store an MQTT persistent session. The expiry period begins when the Message Broker detects the session has become disconnected. Once the expiry period has elapsed, the Message Broker terminates the session and discards any associated queued messages. 1 hour Yes

Protocol

Resource Description
Connection inactivity (keep-alive interval) For MQTT (or MQTT over WebSockets) connections, a client can request a keep-alive interval between 30 - 1200 seconds as part of the MQTT CONNECT message. AWS IoT starts the keep-alive timer for a client when sending CONNACK in response to the CONNECT message. This timer is reset whenever AWS IoT receives a PUBLISH, SUBSCRIBE, PING, or PUBACK message from the client. AWS IoT will disconnect a client whose keep-alive timer has reached 1.5x the specified keep-alive interval (i.e., by a factor of 1.5).The default keep-alive interval is 1200 seconds. If a client requests a keep-alive interval of zero, the default keep-alive interval will be used. If a client requests a keep-alive interval greater than 1200 seconds, the default keep-alive interval will be used. If a client requests a keep-alive interval shorter than 30 seconds but greater than zero, the server treats the client as though it requested a keep-alive interval of 30 seconds.
WebSocket connection duration The WebSocket connection quota is 24 hours. If the quota is exceeded, the WebSocket connection is automatically closed when an attempt is made to send a message by the client or server.
Maximum subscriptions per subscribe request A single SUBSCRIBE request has a quota of eight subscriptions.
Message size The payload for every publish request can be no larger than 128 KB. The AWS IoT service rejects publish and connect requests larger than this size.
Client ID size 128 bytes of UTF-8 encoded characters.
Restricted client ID prefix $ is reserved for AWS IoT generated client IDs.
Topic size The topic passed to the AWS IoT when sending a publish request can be no larger than 256 bytes of UTF-8 encoded characters. This excludes the first three mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).
Restricted topic prefix Topics beginning with $ are reserved by AWS IoT and are not supported for publishing and subscribing except for using the specific topic names defined by AWS IoT services (i.e., Thing Shadow).
Maximum number of slashes in topic and topic filter A topic in a publish or subscribe request can have no more than 7 forward slashes (/). This excludes the first three slashes in the mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).

Device Shadow

Maximum depth of JSON device state documents The maximum number of levels in the desired or reported section of the JSON device state document is 5. For example:
"desired": { "one": { "two": { "three": { "four": { "five":{ } } } } } }

Maximum number of in-flight, unacknowledged messages per thing.

The Thing Shadows service supports up to 10 in-flight unacknowledged messages per thing. When this quota is reached, all new shadow requests are rejected with a 429 error code.

Maximum number of JSON objects per AWS account.

There is no quota on the number of JSON objects per AWS account.

Maximum size of a JSON state document.

8 KB. Note that metadata do not contribute to the document size for service quotas or pricing.

Maximum size of a thing name.

128 bytes of UTF-8 encoded characters.

Maximum number of shadows in an AWS account.

Unlimited.

Requests per second per thing.

The Thing Shadows service supports up to 20 requests per second per thing. Note that this quota is per thing and not per API.

Note

A thing shadow is deleted by AWS IoT after the creating account is deleted or per customer request. For operational purposes, AWS IoT service backups are kept for 6 months.

Security and Identity

Maximum number of CA certificates with the same subject field allowed per AWS account per Region 10
Maximum number of policies that can be attached to a certificate or Amazon Cognito identity 10
Maximum number of named policy versions 5
Maximum policy document size 2048 characters (excluding white space)
Maximum number of device certificates that can be registered per second 15
Maximum number of AWS IoT role aliases 100

AWS IoT Throttling

API Transactions per Second
AcceptCertificateTransfer 10
AddThingToBillingGroup 60
AddThingToThingGroup 60
AssociateTargetsWithJob 10
AttachPrincipalPolicy 15
AttachPolicy 15
AttachThingPrincipal 15
CancelCertificateTransfer 10
CancelJob 10
CancelJobExecution 10
ClearDefaultAuthorizer 10
CreateAuthorizer 10
CreateBillingGroup 25
CreateCertificateFromCsr 15
CreateDynamicThingGroup 5
CreateJob 10
CreatePolicy 10
CreatePolicyVersion 10
CreateRoleAlias 10
CreateThing 15
CreateThingGroup 25
CreateThingType 15
DeleteAuthorizer 10
DeleteBillingGroup 15
DeleteCertificate 10
DeleteCACertificate 10
DeleteDynamicThingGroup 5
DeleteJob 10
DeleteJobExecution 10
DeletePolicy 10
DeletePolicyVersion 10
DeleteRegistrationCode 10
DeleteRoleAlias 10
DeleteThing 15
DeleteThingGroup 15
DeleteThingType 15
DeprecateThingType 15
DescribeAuthorizer 10
DescribeBillingGroup 100
DescribeCertificate 10
DescribeCACertificate 10
DescribeDefaultAuthorizer 10
DescribeJob 10
DescribeJobExecution 10
DescribeRoleAlias 10
DescribeThing 350
DescribeThingGroup 100
DescribeThingType 10
DetachThingPrincipal 15
DetachPrincipalPolicy 15
DetachPolicy 15
GetEffectivePolicies 50
GetJobDocument 10
GetPolicy 10
GetPolicyVersion 15
GetRegistrationCode 10
ListAttachedPolicies 15
ListAuthorizers 10
ListBillingGroups 10
ListCACertificates 10
ListCertificates 10
ListChildThingGroups 15
ListCertificatesByCA 10
ListJobExecutionsForJob 10
ListJobExecutionsForThing 10
ListJobs 10
ListOutgoingCertificates 10
ListPolicies 10
ListPolicyPrincipals 10
ListPolicyVersions 10
ListPrincipalPolicies 15
ListPrincipalThings 10
ListRoleAliases 10
ListTagsForResource 10
ListTargetsForPolicy 10
ListThingGroups 10
ListThingGroupsForThing 10
ListThingPrincipals 10
ListThings 10
ListThingsInBillingGroup 25
ListThingsInThingGroup 25
ListThingTypes 10
RegisterCertificate 10
RegisterCACertificate 10
RegisterThing 10
RejectCertificateTransfer 10
RemoveThingFromBillingGroup 15
RemoveThingFromThingGroup 15
SetDefaultAuthorizer 10
SetDefaultPolicyVersion 10
TagResource 10
TestAuthorization 10
TestInvokeAuthorizer 10
TransferCertificate 10
UntagResource 10
UpdateAuthorizer 10
UpdateBillingGroup 15
UpdateCertificate 10
UpdateCACertificate 10
UpdateDynamicThingGroup 5
UpdateJob 10
UpdateRoleAlias 10
UpdateThing 10
UpdateThingGroup 15

AWS IoT Rules Engine

Maximum number of rules per AWS account 1000
Actions per rule A maximum of 10 actions can be defined per rule.
Rule size Up to 256 KB of UTF-8 encoded characters (including white space).
Inbound publish requests per second per account 20,000

AWS IoT Job

Resource Min Max Note
JobId 1 character 64 characters The JobId length must not exceed 64 characters.
Document N/A 32768 bytes The maximum size of a document that can be sent to an AWS IoT device is 32 KB.
DocumentSource N/A 1350 characters

The maximum job document source size is 1350 characters.

Description N/A 2028 characters The maximum job description size is 2028 characters.
Targets 1 100 The number of targets a job can have.
ExpiresInSec 60 seconds 3600 seconds The lifetime of pre-signed URLs must be configured greater than 60 seconds and less than 1 hour.
Comment N/A 2028 characters The maximum comment size is 2028 characters.
MaxResults 1 250 The maximum list result per page is 250.
MaximumJobExecutionsPerMinute 1 1000 Configures the rollout speed for a job.
Active snapshot jobs 0 100 The maximum number of active snapshot jobs is 100 (irrespective of the number of active continuous jobs).
Active continuous jobs 0 100 The maximum number of active continuous jobs is 100 (irrespective of the number of active snapshot jobs).
Job document variable substitution 0 10 Up to 10 variables substitutions, including the presign URL, are allowed in a job document.
Data retention N/A 730 days Job data and job execution data for inactive jobs (jobs that aren't IN_PROGRESS) will be purged after 730 days.
StatusDetail map key:value pairs 1 key:value pair 10 key:value pairs
StatusDetail map key size 1 character 128 characters
StatusDetail map value size 1 character 128 characters
DescribeJobExecution and GetPendingJobExectuions N/A 200 TPS per account If invoking one or more of these "read" APIs in the data plane causes the associated AWS account to exceed 200 read transactions per second (TPS) in total, then the offending API invocation(s) will be throttled to maintain the maximum allowed 200 read TPS per AWS account. Be aware that in the control plane, DescribeJobExecution has a quota of 10 TPS per invocation.
StartNextPendingJobExecution and UpdateJobExecution N/A 200 TPS per account If invoking one or more of these "write" APIs in the data plane causes the associated AWS account to exceed 200 write transactions per second (TPS) in total, then the offending API invocation(s) will be throttled to maintain the maximum allowed 200 write TPS per AWS account.
inProgressTimeoutInMinutes property of TimeoutConfig 1 10080 Values are in minutes (1 minute to 7 days).
stepTimeoutInMinutes value passed with UpdateJobExecution and StartNextPendingJobExecution 1 10080 Values are in minutes (1 minute to 7 days). A value of -1 is also valid when using the UpdateJobExecution API and discards a previously set timer.

For definitions of data plane and control plane, see What are the ways for accessing AWS IoT Core?

AWS IoT Fleet Indexing

Resource Default Note
Maximum number of query terms per query 5 You can have up to 5 terms per query.
Maximum query length 1000 Your queries can be up to 1000 bytes of UTF-8 encoded characters long.
Maximum number of query results 500 Fleet indexing service will return up to 500 results per query.
Maximum number of * wild card operators per query term 2 Each query term can have up to 2 multi-character wildcards (*).
Maximum number of ? wild card operators per query term 5 Each query term can have up to 5 single-character wildcards (?).
Maximum number of queries per second 15 You can execute up to 15 search queries per second.
Maximum number of things in the fleet index Unlimited There is no quota on the number of things that can be indexed.
Maximum number of dynamic groups in the fleet index 100 A maximum of 100 dynamic groups can be indexed.

AWS IoT Throttling Quotas

API Max Calls Per Second
UpdateIndexingConfiguration 1
GetIndexingConfiguration 20
DescribeIndex 10
ListIndices 5
SearchIndex 15

AWS IoT Bulk Thing Registration

Resource Default Note
Registration task termination 30 days Any pending/uncompleted bulk registration tasks are terminated after 30 days.
Data retention policy 30 days Once the associated bulk registration task has completed (which can be long lived), bulk Thing registration related data is permanently deleted after 30 days.
Allowed registration tasks 1 For any given AWS account, only one bulk registration task can run at a time.
Maximum line length 256K Each line in an Amazon S3 input JSON file cannot exceed 256K in length.

AWS IoT Device Defender

Audit

Resource Default Description
scheduled audits 5 max. You can create up to 5 scheduled audits before a LimitExceeded Exception occurs.
simultaneous in progress "on-demand" audits 10 max. You can create up to 10 "on-demand" audits before a LimitExceeded Exception occurs.

Detect

  • The maximum number of security profiles per target (thing group or user account) is 5.

  • The maximum number of behaviors per security profile is 100.

  • The maximum number of value elements (counts, IP addresses, ports) per security profile is 1000.

  • Device metric reporting is throttled to one metric per 5 minutes per device (a device may not report more than one metric every 5 minutes).

  • Device Defender Detect violations are stored for 30 days after they have been generated.

AWS IoT Analytics

API Default Description Adjustable?
SampleChannelData 1 transaction per second per channel yes
CreateDatasetContent 1 transaction per second per data set yes
RunPipelineActivity 1 transaction per second yes
other management APIs 20 transactions per second yes
BatchPutMessage 100,000 messages or 500MB total message size per second per channel; 100 messages per batch; 128Kb per message yes; yes; no

Resource Default Description Adjustable?
channel 50 per account yes
data store 25 per account yes
pipeline 100 per account yes
activities 25 per pipeline no
data set 100 per account yes
minimum SQL data set refresh interval 1 minute no
minimum container data set refresh interval 15 minutes yes
concurrent data set content generation 2 data sets simultaneously no
container datasets that can be triggered from a single SQL dataset 10 no
concurrent container dataset runs 20 no

AWS IoT Events

Resource Description Default Adjustable
Detector models per input The maximum number of detector models that can be associated with a single input. 10 no
Message size The maximum size of a message (in Kilobytes). 10 yes
Messages per detector per second The maximum number of messages that can be sent to a detector in a second. 10 no
Detectors per detector model The maximum number of detectors that can be created by a detector model. 100,000 yes
Detector model definition size The maximum size (in Kilobytes) of a detector model definition. 512 no
Detector models The maximum number of detector models for this account. 50 yes
Detector model versions The maximum number of versions of a single detector model for this account. 500 yes
Inputs The maximum number of inputs for this account. 50 yes
Trigger expressions The maximum number of trigger expressions per state. 20 yes
State variables per detector model definition The maximum number of state variables in a detector model definition. 50 yes
Timers scheduled per detector The maximum number of timers that can be scheduled by a detector. 5 yes
API Default Description Adjustable?
BatchPutMessage 1000 transactions per second yes

AWS IoT Greengrass

AWS IoT Greengrass Cloud API

Description Default
Maximum number of AWS IoT devices per AWS IoT Greengrass group. 200
Maximum number of Lambda functions per group. 200
Maximum number of resources per Lambda function. 10
Maximum number of resources per group. 50

Maximum number of transactions per second (TPS) on the AWS IoT Greengrass APIs.

See TPS.

Maximum number of subscriptions per group. 1000
Maximum number of subscriptions that specify Cloud as the source per group. 50
Maximum length of a core thing name. 124 bytes of UTF-8 encoded characters.

TPS

The default quota for the maximum number of transactions per second on the AWS IoT Greengrass APIs depends on the AWS Region where AWS IoT Greengrass is used.

In most supported AWS Regions, the default quota is 30. Exceptions are noted in the following table.

AWS Region Default
China (Beijing) 10
AWS GovCloud (US-West) 10

This quota applies per account and per API. For example, in the US East (N. Virginia) Region, each account has a default quota of 30 TPS, which is the aggregate of all API operation requests. Each API (such as CreateGroupVersion or ListFunctionDefinitions) has a quota of 30 TPS. This includes control plane and data plane operations. Requests that exceed the account or API quotas are throttled. To request account and API quota increases, including quotas for specific APIs, contact your AWS Enterprise Support representative.

AWS IoT Greengrass Core

Description Default
Maximum number of routing table entries that specify Cloud as the source. 50 (matches AWS IoT subscription quota)
Maximum size of messages sent by an AWS IoT device. 128 KB (matches AWS IoT message size quota)
Maximum message queue size in the Greengrass core router. 2.5 MB
Maximum length of a topic string. 256 bytes of UTF-8 encoded characters.
Maximum number of forward slashes (/) in a topic or topic filter. 7
Minimum disk space needed to run the Greengrass Core software. 128 MB
Minimum RAM to run the Greengrass Core software. 128 MB
Automatic IP detection should not be used when:
  • IP address changes are frequent.

  • Interruption of the Greengrass core service is unacceptable.

  • The Greengrass core is multi-homed or Greengrass devices cannot reliably determine which IP address to use.

  • Reporting of Greengrass core IP addresses to the cloud might raise security concerns.

The Greengrass Core software provides a service to detect the IP addresses of your Greengrass core devices. It sends this information to the AWS IoT Greengrass cloud service and allows AWS IoT devices to download the IP address of the Greengrass core they need to connect to. This feature should not be used in the following circumstances:

  • The IP address of a Greengrass core device changes frequently.

  • The Greengrass core device must always be available to AWS IoT devices in its group.

  • The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine which address to use.

  • Sending IP addresses to the cloud raises security concerns.

AWS IoT Things Graph

Description Default Adjustable?
Flow (workflow) definition document size. 10 KB yes
Maximum number of flows triggered. 5 per second yes
Maximum number of steps executed per flow configuration deployment. 50 per second yes
Total flow configurations in a namespace. 100 yes
Total entities (properties, states, events, actions, capabilities, mappings, devices, and services) in a namespace. 500 yes
Total flow definitions in a namespace. 100 yes
Entity definition document size (for properties, states, events, actions, capabilities, mappings, devices, and services). 1 MB no
Device action timeout. 1 minute no

API Max Calls Per Second Adjustable?
AssociateEntityToThing 10 yes
CreateDeploymentConfiguration 10 yes
CreateFlowTemplate 10 yes
CreateSystemInstance 20 yes
CreateSystemTemplate 10 yes
DeleteDeploymentConfiguration 10 yes
DeleteFlowTemplate 10 yes
DeleteNamespace 10 yes
DeleteSystemInstance 10 yes
DeleteSystemTemplate 10 yes
DeployConfigurationToTarget 10 yes
DeploySystemInstance 10 yes
DeprecateDeploymentConfiguration 10 yes
DeprecateFlowTemplate 10 yes
DeprecateSystemTemplate 10 yes
DescribeNamespace 10 yes
DissociateEntityFromThing 10 yes
GetDeploymentConfiguration 10 yes
GetEntities 10 yes
GetFlowTemplate 10 yes
GetFlowTemplateRevisions 10 yes
GetNamespaceDeletionStatus 10 yes
GetRecentUploads 10 yes
GetSystemInstance 10 yes
GetSystemTemplate 10 yes
GetSystemTemplateRevisions 10 yes
GetUploadStatus 10 yes
ListFlowExecutionMessages 10 yes
ListMappingPaths 10 yes
SearchDeploymentConfigurations 10 yes
SearchEntities 10 yes
SearchFlowExecutions 10 yes
SearchFlowTemplates 10 yes
SearchSystemInstances 10 yes
SearchSystemTemplates 10 yes
SearchThings 10 yes
UndeploySystemInstance 10 yes
UpdateFlowTemplate 10 yes
UpdateSystemTemplate 10 yes
UploadEntityDefinitions 10 yes
ValidateEntityDefinitions 10 yes

AWS Key Management Service (AWS KMS)

Resource Default
Customer Master Keys (CMKs) 10,000
Aliases 10,000
Grants per CMK 10,000
Grants for a given principal per CMK 500
Key policy document size 32 KB (32,768 bytes)
Requests per second Varies by API operation; see Quotas in the AWS Key Management Service Developer Guide.

All quotas in the preceding table are calculated separately for each AWS Region in each AWS account.

For more information about these quotas, see Quotas in the AWS Key Management Service Developer Guide.

Amazon Kinesis Data Firehose

Resource Default
Delivery streams per Region

50

Delivery stream capacity for US East (N. Virginia), US West (Oregon), and EU (Ireland) †

2,000 transactions/second

5,000 records/second

5 MB/second

Delivery stream capacity for other Regions where Kinesis Data Firehose is available †

1,000 transactions/second

1,000 records/second

1 MB/second

† The three capacity quotas scale proportionally. For example, if you increase the throughput quota to 2 MB/second in Asia Pacific (Singapore), the other quotas increase to 2,000 transactions/second and 2,000 records/second.

For more information, see Amazon Kinesis Data Firehose Quotas in the Amazon Kinesis Data Firehose Developer Guide.

Amazon Kinesis Data Streams

Resource Default
Shards per Region

US East (N. Virginia) Region – 500

US West (Oregon) Region – 500

EU (Ireland) Region – 500

All other supported Regions – 200

For more information, see Amazon Kinesis Data Streams Quotas in the Amazon Kinesis Data Streams Developer Guide.

Amazon Kinesis Data Analytics

Kinesis Data Analytics for SQL Applications Quotas

Resource Default
Kinesis Processing Units (KPUs)

8

Input Parallelism for SQL applications

64 input streams

Applications

50

For more information, see Quotas in the Amazon Kinesis Data Analytics for SQL Applications Developer Guide.

Kinesis Data Analytics for Java Applications Quotas

Resource Default
Kinesis Processing Units (KPUs)

32

Snapshots

1000

Applications

50

For more information, see Quotas in the Amazon Kinesis Data Analytics for Java Applications Developer Guide.

Amazon Kinesis Video Streams

The quotas below are either soft [s], which can be upgraded by submitting a support ticket, or hard [h], which cannot be increased.

Control Plane API

The following section describes quotas for Control Plane APIs.

When an account-level Request quota is reached, a ClientLimitExceededException is thrown.

When an account-level Streams quota is reached, or a stream-level quota is reached, a StreamLimitExceededException is thrown.

Control Plane API quotas

API Account Quota: Request Account Quota: Streams Stream-level quota Relevant Exceptions and Notes
CreateStream 50 TPS [s] 2500 streams per account [s] in US East (N. Virginia) and US West (Oregon) regions. 1000 streams per account [s] in all other supported regions.

Note

This quota can be increased up to 100,000 (or more) streams per account [s]. Sign in to the AWS Management Console at https://console.aws.amazon.com/ and submit a service quota increase case for Kinesis Video Streams to request an increase of this limit.

Devices, CLIs, SDK-driven access, and the console can all invoke this API. Only one API call succeeds if the stream doesn’t already exist.
DescribeStream 300 TPS [h] N/A 5 TPS [h]
UpdateStream 50 TPS [h] N/A 5 TPS [h]
ListStreams 50 TPS [h] N/A
DeleteStream 50 TPS [h] N/A 5 TPS [h]
GetDataEndpoint 300 TPS [h] N/A 5 TPS [h] Called every 45 minutes to refresh the streaming token for most PutMedia/GetMedia use cases. Caching data endpoints is safe if the application reloads them on failure.
UpdateDataRetention 50 TPS [h] N/A 5 TPS [h]
TagStream 50 TPS [h] N/A 5 TPS [h]
UntagStream 50 TPS [h] N/A 5 TPS [h]
ListTagsForStream 50 TPS [h] N/A 5 TPS [h]

Media and Archived Media API

The following section describes quotas for Media and Archived Media APIs.

When a stream-level quota is exceeded, a StreamLimitExceededException is thrown.

When a connection-level quota is reached, a ConnectionLimitExceededException is thrown.

The following errors or acks are thrown when a fragment-level quota is reached:

  • A MIN_FRAGMENT_DURATION_REACHED ack is returned for a fragment below the minimum duration.

  • A MAX_FRAGMENT_DURATION_REACHED ack is returned for a fragment above the maximum duration.

  • A MAX_FRAGMENT_SIZE ack is returned for a fragment above the maximum data size.

  • A FragmentLimitExceeded exception is thrown if a fragment quota is reached in a GetMediaForFragmentList operation.

Data Plane API quotas

API Stream-level quota Connection-level quota Bandwidth quota Fragment-level quota Relevant Exceptions and Notes
PutMedia 5 TPS [h] 1 [s] 12.5 MB/second, or 100 Mbps [s]
  • Minimum fragment duration: 1 second [h]

  • Maximum fragment duration: 10 seconds [h]

  • Maximum fragment size: 50 MB [h]

  • Maximum number of tracks: 3 [s]

A typical PutMedia request contains data for several seconds, resulting in a lower TPS per stream. In the case of multiple concurrent connections that exceed quotas, the last connection is accepted.
GetHLSStreamingSessionURL 5 TPS Burst, 1 TPS Sustained [h] N/A N/A N/A Only 10 sessions per stream can be active at a time [s]. After the quota has been reached, the oldest session is revoked when a new session is created.
GetDASHStreamingSessionURL 5 TPS Burst, 1 TPS Sustained [h] N/A N/A N/A Only 10 sessions per stream can be active at a time [s]. After the quota has been reached, the oldest session is revoked when a new session is created.
GetMedia 5 TPS [h] 3 [s] 25 MB/s or 200 Mbps [s] N/A

Only three clients can concurrently receive content from the media stream at any moment of time. Further client connections are rejected. A unique consuming client shouldn’t need more than 2 or 3 TPS because after the connection is established, we anticipate that the application will read continuously.

If a typical fragment is approximately 5 MB, this quota means ~75 MB/ sec per Kinesis video stream. Such a stream would have an outgoing bitrate of 2x the streams' maximum incoming bitrate.

ListFragments 5 TPS [h] N/A N/A N/A
GetMediaForFragmentList 5 TPS [h] 5 [s] 25 MB/s or 200 MbpsA [s] Maximum number of fragments: 1000 [h] Five fragment-based consuming applications can concurrently get media. Further connections are rejected.

Video Playback Protocol API quotas

API Session-level quota Fragment-level quota
GetDASHManifestPlaylist 5 TPS [h] Maximum number of fragments per playlist: 1000 [h]
GetHLSMasterPlaylist 5 TPS [h] N/A
GetHLSMediaPlaylist 5 TPS [h] Maximum number of fragments per playlist: 1000 [h]
GetMP4InitFragment 5 TPS [h] N/A
GetMP4MediaFragment 10 TPS [h] N/A
GetTSFragment 10 TPS [h] N/A

AWS Lake Formation

The following quotas apply per catalog.

Resource Default

Number of subfolders in Amazon S3 path

20

Length of path which can be registered

700

Number of admins

10

Number of registered paths per catalog

10,000

Number of permissions per catalog

10,000,000

AWS Lambda

AWS Lambda quotas the amount of compute and storage resources that you can use to run and store functions. The following quotas apply per Region and can be increased. To request an increase, use the Support Center console.

Resource Default

Concurrent executions

1,000

Function and layer storage

75 GB

For more information, see AWS Lambda Quotas in the AWS Lambda Developer Guide.

AWS License Manager

Resource Default

Number of license configurations per resource

10

Total number of license configurations

25

Amazon Lightsail

New AWS accounts may start with defaults that are lower than those described here.

Resource Default Comment
Number of instances 20 per Region This quota can be increased by contacting support.
Number of databases 40 per Region This quota cannot be increased.
Number of static IP addresses 5 per Region This quota can be increased by contacting support.
Number of parallel SSH connections using the browser-based SSH client 5 per Region, per account This quota cannot be increased.
Number of parallel RDP connections using the browser-based RDP client 1 per Region, per account This quota cannot be increased.
Number of DNS zones (or domains) 3 per account This quota cannot be increased.
Number of load balancers 5 per Region This quota cannot be increased.
Amount of attached block storage disk space

20,000 GB per Region

16 TB per disk maximum, or 8 GB per disk minimum

Each instance can have up to 15 attached disks, and 1 boot volume disk

These quotas cannot be increased.
Number of certificates (last 365 days) 20 per account This quota cannot be increased.
Number of tags 50 per resource This quota cannot be increased.

Amazon Macie

Resource Default
Full data classification 3 TB per month
Macie member accounts 10
S3 buckets/prefixes specified for data classification 250 (this quota cannot be changed)

For more information, see the Amazon Macie User Guide.

Amazon Machine Learning (Amazon ML)

Resource Default
Data file size* 100 GB
Batch prediction input size 1 TB
Batch prediction input (number of records) 100 million
Number of variables in a data file (schema) 1,000
Recipe complexity (number of processed output variables) 10,000
Transactions Per Second for each real-time prediction endpoint 200
Total Transactions Per Second for all real-time prediction endpoints 10,000
Total RAM for all real-time prediction endpoints 10 GB
Number of simultaneous jobs 25
Longest run time for any job 7 days
Number of classes for multiclass ML models 100
ML model size 2 GB

Note

The size of your data files is restricted to ensure that jobs finish in a timely manner. Jobs that have been running for more than seven days are automatically terminated, resulting in a FAILED status.

For more information, see Amazon ML Quotas in the Amazon Machine Learning Developer Guide.

Amazon Managed Blockchain

For information about attributes of Starter Edition and Standard Edition networks, such as the number of members per network, peer nodes per member, available instance types, and more, see Amazon Managed Blockchain Pricing.

Resource Default
Starter Edition networks
Maximum number of Starter Edition networks in which an AWS account can own a member. 4
Maximum number of Hyperledger Fabric channels per Starter Edition network. 3
Standard Edition networks
Maximum number of Standard Edition networks in which an AWS account can own a member. 2
Maximum number of Hyperledger Fabric channels per Standard Edition network. 8

AWS Elemental MediaConnect

Resource Default Comments
Entitlements 50 per flow The maximum number of entitlements that you can grant on a flow.
Flows 20 per AWS Region The maximum number of flows that you can create in each AWS Region.
Outputs 20 per flow The maximum number of outputs that a flow can have.
Sources 1 per flow The maximum number of sources that you can assign to a flow.

AWS Elemental MediaConvert

Resource Default
Number of queues per account 10
Concurrent jobs processed per on-demand queue Varies by Region.

200 in these Regions:

  • US East (N. Virginia)

  • US West (N. California)

  • EU (Ireland)

100 in all other Regions

Concurrent jobs processed per reserved queue Equal to the number of reserved transcoding slots (RTS) purchased in the contract.
Number of custom output presets 100
Number of custom output job templates 100
Rate of DescribeEndpoints requests 0.01667 TPS (Once per 60 seconds)

Note

This endpoint is specific to your AWS account and won't change. Request this endpoint once, and then hardcode or cache it.

Rate of CreateJob requests 5 TPS (5 transactions per second)
Rate of all other requests 2 TPS (2 transactions per second)
Burst rate of all requests other than DescribeEndpoints 100 TPS (100 transactions per second)

To request increases, open a support case with AWS Support.

AWS Elemental MediaLive

Resource Default
Maximum inputs 5
Maximum input security groups 5
Maximum channels 5

AWS Elemental MediaPackage

You can request increases on the following quotas. To do so, go to the AWS support center and create a case.

For more information about AWS Elemental MediaPackage quotas, including quotas that can't be increased, see Quotas in the AWS Elemental MediaPackage User Guide.

Live Content

These are the quotas for live content in MediaPackage.

Resource Default
Maximum channels per account 30
Maximum endpoints per channel 10

VOD Content

These are the quotas for video on demand (VOD) content in MediaPackage.

Resource Default
Maximum packaging groups 10
Maximum packaging configurations per packaging group 10
Maximum assets per packaging group 1000

AWS Elemental MediaStore

Resource or Operation

Default

Comments

DeleteObject

100 transactions per second (TPS)

The maximum number of operation requests that you can make per second. Additional requests are throttled.

You can request a quota increase.

DescribeObject

1,000 transactions per second (TPS)

The maximum number of operation requests that you can make per second. Additional requests are throttled.

You can request a quota increase.

GetObject

1,000 transactions per second (TPS)

The maximum number of operation requests that you can make per second. Additional requests are throttled.

You can request a quota increase.

ListItems

5 transactions per second (TPS)

The maximum number of operation requests that you can make per second. Additional requests are throttled.

You can request a quota increase.

PutObject

100 transactions per second (TPS)

The maximum number of operation requests that you can make per second. Additional requests are throttled.

You can request a quota increase.

For more information, see Quotas in the AWS Elemental MediaStore User Guide.

AWS Elemental MediaTailor

Resource Default Comment
Transactions 3,000 concurrent transactions per second across all request types (such as manifest requests and tracking requests for client-side reporting). This is an account-level quota.

Your transactions per second are largely dependent on how often the player requests updated manifests. For example, a player with eight second segments might update the manifest every eight seconds. The player, then, generates 0.125 transactions per second.

For more information about AWS Elemental MediaTailor quotas, including quotas that can't be increased, see Quotas in the AWS Elemental MediaTailor User Guide.

Amazon MQ

For more information, see Amazon MQ Quotas in the Amazon MQ Developer Guide.

Amazon Neptune

Resource Default
US East (N. Virginia) Region:

Maximum instances

Maximum instances is 3.

You can request an increase on this quota. For more information, see https://aws.amazon.com/support.

AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet Enterprise

Resource Default
Chef or Puppet servers 5
User-initiated (manual) backup generations 10
Automated (scheduled) backup generations 30

AWS OpsWorks Stacks

Resource Default
Stacks 40
Layers per stack 40
Instances per stack 40
Apps per stack 40

AWS Organizations

Resource Default
Accounts per organization Varies. Contact Customer Support.
Invitations sent per day 20

For more information, see Quotas of AWS Organizations in the AWS Organizations User Guide.

OTA Update Manager

OTA Update Manager API

API TPS
CreateOTAUpdate 10 TPS
GetOTAUpdate 15 TPS
DeleteOTAUpdate 5 TPS
ListOTAUpdates 15 TPS

Amazon Pinpoint

Resource Default
Active campaigns per account

200 per account.

Note

An active campaign is a campaign that hasn't completed or failed. Active campaigns have a status of SCHEDULED, EXECUTING, or PENDING_NEXT_RUN.

Concurrent endpoint import jobs per account 2 per account.
Message sends per campaign activity 100 million.
Total file size per endpoint import job 1 GB per import job.
SMS account spend threshold USD$1.00 per account.
Maximum number of Amazon SNS topics for two-way SMS 100,000 per account.
Number of emails that you can send in a 24-hour period (sending quota) 200 emails per 24-hour period for accounts in the sandbox.
Number of emails that you can send each second (sending rate) 1 email per second for accounts in the sandbox.
Email recipient addresses Accounts in the sandbox can only send email to recipients whose email addresses or domains have been verified.
Number of voice messages that you can send in a 24-hour period. 20 messages per 24-hour period for accounts in the sandbox.
Number of voice messages that you can send per minute. 5 messages per minute for accounts in the sandbox.
Voice message length. 30 second length for accounts in the sandbox.
Ability to send voice messages to international phone numbers.

Accounts in the sandbox can only send messages to recipients in the following countries and Regions:

  • Australia

  • Canada

  • China

  • Germany

  • Hong Kong

  • Israel

  • Japan

  • Mexico

  • Singapore

  • Sweden

  • The United States

  • The United Kingdom

To request an increase, submit a Amazon Pinpoint Quota Increase case.

Note

The sandbox for the email channel is separate from the sandbox for the voice channel. To gain production access for both channels, you have to complete the request form for both channels.

To learn more about requesting production access for the email channel, see Requesting Production Access for Email. To learn more about requesting production access for the voice channel, see Requesting Production Access (Voice).

For more information, see Quotas in the Amazon Pinpoint Developer Guide.

Amazon Polly

  • Throttle rate per IP address: 100 transactions (requests) per second (tps) with a burst quota of 120 tps.

  • Throttle rate per operation:

    Throttle Rate per Operation

    Operation

    Default

    Lexicon

    DeleteLexicon

    PutLexicon

    GetLexicon

    ListLexicons

    Any 2 transactions per second (tps) from these operations combined.

    Maximum allowed burst of 4 tps.

    Speech

    DescribeVoices

    80 rps with a burst quota of 100 tps

    SynthesizeSpeech

    80 rps with a burst quota of 100 tps

Amazon QLDB

Resource Default
Number of active ledgers 5

For more information, see Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.

AWS Resource Access Manager

Resource Default
Maximum number of resource shares 500
Maximum number of shared resources 5000
Maximum number of pending invitations 20

Amazon Redshift

Resource Default
Nodes per cluster 101
Nodes 200
Reserved Nodes 200
Snapshots 20
Parameter Groups 20
Security Groups 20
Subnet Groups 20
Subnets per Subnet Group 20
Event Subscriptions 20

For more information, see Quotas in Amazon Redshift in the Amazon Redshift Cluster Management Guide.

Amazon Rekognition

Amazon Rekognition has the following quotas that you can change.

Resource Default

Transactions per second per account for image data plane operations:

  • US East (Ohio) Region – 5

  • US East (N. Virginia) Region – 50

  • US West (N. California) Region – 5

  • US West (Oregon) Region – 50

  • Asia Pacific (Mumbai) Region – 5

  • Asia Pacific (Seoul) Region – 5

  • Asia Pacific (Singapore) Region – 5

  • Asia Pacific (Sydney) Region – 5

  • Asia Pacific (Tokyo) Region – 5

  • EU (Frankfurt) Region – 5

  • EU (Ireland) Region – 50

  • EU (London) Region – 5

  • AWS GovCloud (US-West) – 5

Transactions per second per account for image control plane operations:

In each Region that Amazon Rekognition supports – 5

Transactions per second per account for all stored video Start operations:

In each Region that Amazon Rekognition supports – 5

Transactions per second per account for all stored video Get operations:

  • US East (Ohio) Region – 5

  • US East (N. Virginia) Region – 20

  • US West (N. California) Region – 5

  • US West (Oregon) Region – 20

  • Asia Pacific (Mumbai) Region – 5

  • Asia Pacific (Seoul) Region – 5

  • Asia Pacific (Singapore) Region – 5

  • Asia Pacific (Sydney) Region – 5

  • Asia Pacific (Tokyo) Region – 5

  • EU (Frankfurt) Region – 5

  • EU (Ireland) Region – 5

  • EU (London) Region – 5

  • AWS GovCloud (US-West) – 5

Maximum number of concurrent stored video jobs per account 20
Maximum number of streaming video stream processors per account that can simultaneously exist In each Region that Amazon Rekognition supports – 10

Transactions per second per account for all streaming video operations:

In each Region that Amazon Rekognition supports – 1

For more information, see Amazon Rekognition Quotas.

Amazon Relational Database Service (Amazon RDS)

Resource Default
Clusters 40
Cluster parameter groups 50
DB Instances 40
Event subscriptions 20
Manual snapshots 100
Option groups 20
Parameter groups 50
Read replicas per master 5
Reserved instances 40
Rules per security group 20
Security groups 25
Security groups (VPC) 5
Subnet groups 50
Subnets per subnet group 20
Tags per resource 50
Total storage for all DB instances 100 TB

AWS Resource Groups

Resource Default
Resource groups per account 100

AWS RoboMaker

Resource Default Adjustable Comments
Robot application 40 Yes The maximum number of robot applications you can create in this account in the current Region.
Robot application versions 40 Yes The maximum number of versions you can create for a Robot Application.
Simulation application 40 Yes The maximum number of simulation applications you can create in this account in the current Region.
Simulation application versions 40 Yes The maximum number of versions you can create for a Simulation Application.
Concurrent simulation jobs
  • US West (Oregon) Region – 10

  • US East (N. Virginia) Region – 10

  • All other supported regions – 5

Yes The maximum number of concurrent simulation jobs you can run in this account in the current Region.
Simulation job creation rate per minute
  • US West (Oregon) Region – 10

  • US East (N. Virginia) Region – 10

  • All other supported regions – 5

No The maximum number of simulation jobs you can create per minute in this account in the current Region.
Minimum simulation duration 5 No The minimum duration in minutes that you can specify for a simulation job.
Simulation duration 14 No The maximum duration in days that a simulation job can run for including restarts.
Simulation job retention time 90 No The maximum duration in days a simulation job is retained. After this time, you can no longer retrieve or view the simulation job.
Robots 100 Yes The maximum number of robots you can create in this account in the current Region.
Fleets 20 Yes The maximum number of fleets you can create in this account in the current Region.
Robots per fleet 100 Yes The maximum number of robots you can register to a fleet.
Deployment job retention time 90 No The maximum duration in days a deployment job is retained. After this time, you can no longer retrieve or view the deployment job.
Concurrent deployment jobs 5 Yes The maximum number of concurrent deployment jobs you can run in this account in the current Region.
Source size 5 No The maximum size (in GB) for any source of robot application or simulation application.

Amazon Route 53

DNS and Domain Registration

Resource Default
Hosted zones 500
Domains 50
Resource record sets per hosted zone 10,000
Reusable delegation sets 100
Hosted zones that can use the same reusable delegation set 100
Amazon VPCs that you can associate with a private hosted zone 100
Health checks 200
Traffic policies 50
Traffic policy records 5

Route 53 Resolver

Resource Default
Endpoints per AWS Region 4 per AWS account
Rules per AWS Region 1,000 per AWS account
Associations between rules and VPCs per AWS Region 2,000 per AWS account

Amazon Route 53 auto naming has been released as a separate service, AWS Cloud Map. See AWS Cloud Map.

For more information, see Route 53 Quotas in the Amazon Route 53 Developer Guide.

Amazon SageMaker

The following tables group Amazon SageMaker quotas by components.

Amazon SageMaker quotas for new accounts might be different from the default quotas listed here. If you receive an error that you've exceeded your quota, contact customer service to request a quota increase for the resources you want to use.

Amazon SageMaker Notebooks

Resource Default
ml.t2.medium instances 20
ml.t2.large instances 20
ml.t2.xlarge instances 20
ml.t2.2xlarge instances 20
ml.t3.medium instances 20
ml.t3.large instances 20
ml.t3.xlarge instances 20
ml.t3.2xlarge instances 20
ml.m4.xlarge instances 20
ml.m4.2xlarge instances 20
ml.m4.4xlarge instances 10
ml.m4.10xlarge instances 5
ml.m4.16xlarge instances 5
ml.m5.xlarge instances 20
ml.m5.2xlarge instances 20
ml.m5.4xlarge instances 10
ml.m5.12xlarge instances 3
ml.m5.24xlarge instances 2
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.4xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.xlarge instances 20
ml.c5.2xlarge instances 20
ml.c5.4xlarge instances 5
ml.c5.9xlarge instances 5
ml.c5.18xlarge instances 5
ml.c5d.xlarge instances 20
ml.c5d.2xlarge instances 20
ml.c5d.4xlarge instances 5
ml.c5d.9xlarge instances 5
ml.c5d.18xlarge instances 5
ml.p2.xlarge instances 1
ml.p2.8xlarge instances 1
ml.p2.16xlarge instances 1
ml.p3.2xlarge instances 2
ml.p3.8xlarge instances 2
ml.p3.16xlarge instances 2
Number of notebook instances 20

Amazon SageMaker Automatic Model Tuning

Resource Default
Number of concurrent hyperparameter tuning jobs 100
Number of hyperparameters that can be searched (every possible value in a categorical hyperparameter counts against this quota) 20
Number of metrics defined per hyperparameter tuning job 20
Number of parallel training jobs per hyperparameter tuning job 10
Number of training jobs per hyperparameter tuning job 500
Maximum run time for a hyperparameter tuning job 30 days

Amazon SageMaker Training and Managed Spot Training

Note

On-demand and Spot instance quotas are tracked and modified separately. For example, with the default quotas, you could run up to 20 training jobs with on-demand ml.m4.xlarge instances and up to 20 training jobs with Managed Spot ml.m4.xlarge instances simultaneously. Request quota increases for on-demand and spot instances separately.

Resource Default
ml.m4.xlarge instances 20
ml.m4.2xlarge instances 20
ml.m4.4xlarge instances 10
ml.m4.10xlarge instances 5
ml.m4.16xlarge instances 5
ml.m5.large instances 20
ml.m5.xlarge instances 20
ml.m5.2xlarge instances 20
ml.m5.4xlarge instances 10
ml.m5.12xlarge instances 3
ml.m5.24xlarge instances 2
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.4xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.xlarge instances 20
ml.c5.2xlarge instances 20
ml.c5.4xlarge instances 5
ml.c5.9xlarge instances 5
ml.c5.18xlarge instances 5
ml.p2.xlarge instances 1
ml.p2.8xlarge instances 1
ml.p2.16xlarge instances 1
ml.p3.2xlarge instances 2
ml.p3.8xlarge instances 2
ml.p3.16xlarge instances 2
Longest run time for a training job 5 days
Number of instances across training jobs 20
Number of instances for a training job 20
Size of EBS volume for an instance 1 TB

Amazon SageMaker Hosting

Resource Default
ml.t2.medium instances 20
ml.t2.large instances 20
ml.t2.xlarge instances 20
ml.t2.2xlarge instances 20
ml.m4.xlarge instances 20
ml.m4.2xlarge instances 20
ml.m4.4xlarge instances 10
ml.m4.10xlarge instances 5
ml.m4.16xlarge instances 5
ml.m5.large instances 20
ml.m5.xlarge instances 20
ml.m5.2xlarge instances 20
ml.m5.4xlarge instances 10
ml.m5.12xlarge instances 3
ml.m5.24xlarge instances 2
ml.c4.large instances 20
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.4xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.large instances 20
ml.c5.xlarge instances 20
ml.c5.2xlarge instances 20
ml.c5.4xlarge instances 5
ml.c5.9xlarge instances 5
ml.c5.18xlarge instances 5
ml.p2.xlarge instances 2
ml.p2.8xlarge instances 2
ml.p2.16xlarge instances 2
ml.p3.2xlarge instances 2
ml.p3.8xlarge instances 2
ml.p3.16xlarge instances 2
ml.g4dn.xlarge instances 2
ml.g4dn.2xlarge instances 2
ml.g4dn.4xlarge instances 2
ml.g4dn.8xlarge instances 2
ml.g4dn.12xlarge instances 2
ml.g4dn.16xlarge instances 2
ml.r5.large instances 5
ml.r5.xlarge instances 5
ml.r5.2xlarge instances 4
ml.r5.4xlarge instances 4
ml.r5.12xlarge instances 3
ml.r5.24xlarge instances 3
Number of instances across active endpoints 20
Number of instances for an endpoint 20
Total TPS for all endpoints 10,000
Maximum payload size for endpoint invocation 5 MB

Amazon SageMaker Batch Transform

Resource Default
ml.m4.xlarge instances 20
ml.m4.2xlarge instances 20
ml.m4.4xlarge instances 10
ml.m4.10xlarge instances 5
ml.m4.16xlarge instances 5
ml.m5.large instances 20
ml.m5.xlarge instances 20
ml.m5.2xlarge instances 20
ml.m5.4xlarge instances 10
ml.m5.12xlarge instances 3
ml.m5.24xlarge instances 2
ml.c4.xlarge instances 20
ml.c4.2xlarge instances 20
ml.c4.4xlarge instances 20
ml.c4.8xlarge instances 20
ml.c5.xlarge instances 20
ml.c5.2xlarge instances 20
ml.c5.4xlarge instances 5
ml.c5.9xlarge instances 5
ml.c5.18xlarge instances 5
ml.p2.xlarge instances 1
ml.p2.8xlarge instances 1
ml.p2.16xlarge instances 1
ml.p3.2xlarge instances 2
ml.p3.8xlarge instances 2
ml.p3.16xlarge instances 2
Longest run time for a transform job 5 days
Number of instances across transform jobs 20
Number of instances for a transform job 20

Amazon SageMaker Ground Truth

Resource Default
Concurrent labeling jobs 20
Dataset objects per labeling job 100,000

AWS Secrets Manager

Resource Default
Max number of secrets in an AWS account 40,000
Max number of versions in a secret Approximately 100
Max number of labels you can attach to a version 20
Max number of versions a label can be attached to at the same time 1
Maximum length of a secret 10240 bytes
Maximum length of a resource-based policy - JSON text 20480 bytes

AWS Server Migration Service

Resource Default
Concurrent VM migrations 50 per account

Maximum duration of service usage per VM (not per account), beginning with the initial replication of a VM. We terminate an ongoing replication after this period, unless a customer requests a quota increase.

90 days

AWS Serverless Application Repository

Quotas Per Account Per Region

Resource Default
Public Applications 100

Free Amazon S3 Storage for Code Packages

5 GB

For more information, see AWS Serverless Application Repository Quotas in the AWS Serverless Application Repository Developer Guide.

Service Quotas

None of the quotas in Service Quotas can be increased. The Service Quotas console provides information about the quotas in Service Quotas. Along with viewing the default quotas, you can use the Service Quotas console to request quota increases for adjustable quotas.

AWS Service Catalog

Resource Default
Portfolios 25 per account
Users, groups, and roles 25 per portfolio
Products 25 per portfolio, 100 total per account
Product versions 50 per product
Constraints 25 per product per portfolio
Tags 20 per product, 20 per portfolio, 50 per provisioned product
Stacks 200 (AWS CloudFormation quota)

AWS Shield Advanced

AWS Shield Advanced offers advanced monitoring and protection for Elastic IP addresses, CloudFront distributions, Route 53 hosted zones, or Elastic Load Balancing load balancers. You can monitor and protect up to 1000 of each of these resource types per account. If you want to increase these quotas, contact the AWS Support Center.

Amazon Simple Email Service (Amazon SES)

The following are the default quotas for Amazon SES in the sandbox environment.

Resource Default
Daily sending quota 200 messages per 24-hour period.
Maximum send rate 1 email per second.

Note

The rate at which Amazon SES accepts your messages might be less than the maximum send rate.

Recipient address verification All recipient addresses must be verified.

For more information, see Quotas in Amazon SES in the Amazon Simple Email Service Developer Guide.

Amazon Simple Notification Service (Amazon SNS)

The following quotas determine how many Amazon SNS resources you can create in your AWS account, and they determine the rate at which you can issue Amazon SNS API requests.

Amazon SNS Resource

To request an increase, submit an SNS Quota Increase case.

Note

The delivery rate for email messages has a quota of 10 messages per second. This quota can't be increased.

Resource Default
Topics 100,000 per account
Subscriptions 12,500,000 per topic
Pending subscriptions 5,000 per account
Account spend threshold for SMS 1.00 USD per account
Delivery rate for promotional SMS messages 20 messages per second
Delivery rate for transactional SMS messages 20 messages per second
Subscription filter policies 200 per account

Amazon SNS API Throttling

The following quotas throttle the rate at which you can issue Amazon SNS API requests.

Hard

The following quotas cannot be increased.

API Transactions per Second
ListEndpointsByPlatformApplication 30
ListTopics 30
ListPlatformApplications 15
ListSubscriptions 30
ListSubscriptionsByTopic 30
Subscribe 100
Unsubscribe 100

Soft

The following quotas vary by AWS Region. To increase any of these quotas, submit an SNS Quota Increase case.

Publish API Throttling

API AWS Regions Transactions per Second

Publish

US East (N. Virginia) Region

30,000

EU (Ireland) Region

US West (Oregon) Region

9,000

Asia Pacific (Singapore) Region

Asia Pacific (Sydney) Region

Asia Pacific (Tokyo) Region

EU (Frankfurt) Region

US West (N. California) Region

1,500

Asia Pacific (Mumbai) Region

Asia Pacific (Osaka-Local) Region

Asia Pacific (Seoul) Region

Canada (Central) Region

China (Beijing) Region

China (Ningxia) Region

EU (London) Region

EU (Paris) Region

South America (São Paulo) Region

US East (Ohio) Region

300

Other API Throttling

APIs AWS Regions Transactions per Second

CheckIfPhoneNumberIsOptedOut

ConfirmSubscription

CreatePlatformApplication

CreatePlatformEndpoint

CreateTopic

DeleteEndpoint

DeletePlatformApplication

DeleteTopic

GetEndpointAttributes

GetPlatformApplicationAttributes

GetSMSAttributes

GetSubscriptionAttributes

GetTopicAttributes

ListPhoneNumbersOptedOut

OptInPhoneNumber

SetEndpointAttributes

SetPlatformApplicationAttributes

SetSMSAttributes

SetSubscriptionAttributes

SetTopicAttributes

US East (N. Virginia) Region

3,000

EU (Ireland) Region

US West (Oregon) Region

900

Asia Pacific (Singapore) Region

Asia Pacific (Sydney) Region

Asia Pacific (Tokyo) Region

EU (Frankfurt) Region

US West (N. California) Region

150

Asia Pacific (Mumbai) Region

Asia Pacific (Osaka-Local) Region

Asia Pacific (Seoul) Region

Canada (Central) Region

China (Beijing) Region

China (Ningxia) Region

EU (London) Region

EU (Paris) Region

South America (São Paulo) Region

US East (Ohio) Region

30

AWS Streaming Service

Streaming

Resource Default
Maximum number of streams 1000
Maximum number of files per stream 10
Minimum file block size 256 bytes
Maximum file block size 128 KB

Streaming API

API TPS
CreateStream 15 TPS
UpdateStream 15 TPS
ListStreams 15 TPS
DeleteStream 15 TPS
DescribeStream 15 TPS

Amazon Simple Queue Service (Amazon SQS)

For more information, see Amazon SQS Quotas in the Amazon Simple Queue Service Developer Guide and the "Quotas and Restrictions" section of the Amazon SQS FAQs.

Amazon Simple Storage Service (Amazon S3)

Resource Default Notes
Buckets 100 per account By default, you can create up to 100 buckets per AWS account. However, you can request a quota increase of up to 1,000 buckets per AWS account. To request a quota increase, see AWS Service Quotas.
Replication transfer rate 1 Gbps The maximum S3 Replication Time Control transfer rate that you can replicate from the source Region per AWS account. To request a quota increase, see AWS Service Quotas.

Amazon Simple Workflow Service (Amazon SWF)

For more information, see Amazon SWF Quotas in the Amazon Simple Workflow Service Developer Guide.

Amazon SimpleDB

Resource Default
Domains 250

For more information, see Amazon SimpleDB Quotas in the Amazon SimpleDB Developer Guide.

AWS Step Functions

For more information, see AWS Step Functions Quotas in the AWS Step Functions Developer Guide.

AWS Storage Gateway

For more information, see AWS Storage Gateway Quotas in the AWS Storage Gateway User Guide.

Amazon Sumerian

Resource

Default

Projects

1,000

Scenes

10,000

Texture file size

10 MB

Sound file size

10 MB

Model file size

50 MB

Script file size

1 MB

ZIP file size

200 MB

AWS Systems Manager

Capability Resource Default
Automation Concurrently running automations

25

Each AWS account can run a maximum of 25 automation executions at one time. Concurrent executions greater than 25 are automatically added to an execution queue.

Automation Concurrently running child automations

75

Each AWS account can run a maximum of 75 child automations. Child automation executions are initiated from a parent automation execution. This quota is a cumulative total of child automation executions. Current child automation executions over the default quota of 75 are automatically added to an execution queue.

Automation Additional automation executions that can be queued

1,000

Automation Maximum duration an automation execution can run when running in the context of a user

12 hours

If you expect an automation to run longer than 12 hours, then you must run the automation by using a service role (or assume role).

Automation executeScript action run time

10 minutes

Each executeScript action can run up to a maximum duration of 10 minutes.

Automation Number of Automation document (playbook) attachments

Five attachments.

Each document can have up to five attachments.

Automation Automation document (playbook) attachment size

256 MB

Each attachment can be up to 256 MB.

Distributor

Maximum number of Distributor packages per account, per Region

200

Distributor

Maximum number of package versions per Distributor package

25

Distributor

Maximum package size in Distributor

20 GB

Distributor

Maximum package manifest size in Distributor

64 KB

Managed Instances - Hybrid Environment Total number of registered on-premises servers and virtual machines (VMs) in a hybrid environment

Standard instances: 1,000 (per account per Region)

Advanced instances: Advanced instances are available on a pay-per-use basis. Advanced instances also enable you to connect to your hybrid machines by using AWS Systems Manager Session Manager. For more information about activating on-premises instances for use in your hybrid environment, see Create a Managed-Instance Activation in the AWS Systems Manager User Guide. For more information about enabling advanced instances, see Using the Advanced-Instances Tier.

Inventory

Inventory data collected per instance per call

1 MB

This maximum adequately supports most inventory collection scenarios. When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Inventory

Inventory data collected per instance per day

5 MB

When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Inventory

Custom inventory types

20

You can add up to 20 custom inventory types.

Inventory

Custom inventory type size

200 KB

This is the maximum size of the type, not the inventory collected.

Inventory

Custom inventory type attributes

50

This is the maximum number of attributes within the custom inventory type.

Inventory

Inventory data expiration

30 days

If you terminate an instance, inventory data for that instance is deleted immediately. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Amazon EC2 managed instance inventory in the AWS Config Developer Guide.

Maintenance Windows

Maintenance Windows per account

50

Maintenance Windows

Tasks per Maintenance Window

20

Maintenance Windows

Targets per Maintenance Window

100

Maintenance Windows

Instance IDs per target

50

Maintenance Windows

Targets per task

10

Maintenance Windows

Concurrent executions of a single Maintenance Window

1

Maintenance Windows

Concurrent executions of Maintenance Windows

5

Maintenance Windows

Execution history retention

30 days

OpsCenter

Total number of OpsItems allowed per account per AWS Region

500,000

OpsCenter

Maximum number of OpsItems per account per month

10,000

OpsCenter

Maximum operational data value size

20 KB

OpsCenter

Maximum number of associated Automation runbooks per OpsItem

10

OpsCenter

Maximum number of Automation runbook executions stored in operational data under a single associated runbook

10

OpsCenter

Maximum number of related resources you can specify per OpsItem

100

OpsCenter

Maximum number of related OpsItems you can specify per OpsItem

10

OpsCenter

Maximum length of a deduplication string

64 characters

Parameter Store

Total number of parameters allowed

(per AWS account and Region)

Standard parameters: 10,000

Advanced parameters: 100,000

For more information about advanced parameters, see About Systems Manager Advanced Parameters in the AWS Systems Manager User Guide.

Parameter Store

Max size for parameter value

Standard parameter: 4 KB

Advanced parameter: 8 KB

Parameter Store

Max number of parameter policies per advanced parameter

10

Parameter Store

Max throughput (transactions per second)

Default throughput: 40 (Shared by the following API actions: GetParameter, GetParameters, GetParametersByPath)

Higher throughput: 100 (GetParametersByPath)

Higher throughput: 1000 (Shared by the following API actions: GetParameter and GetParameters)

For more information about Parameter Store throughput, see Increasing Parameter Store Throughput in the AWS Systems Manager User Guide.

Parameter Store

Max history for a parameter

100 past values

Patch Baselines

Patch baselines per account

50

Patch Baselines

Patch groups per patch baseline

25

Run Command Execution history retention

30 days

The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail.

Session Manager

Maximum number of active sessions per account per Region

100

Session Manager

Maximum idle time before session termination

20 minutes

SSM Documents Total documents

500

Each AWS account can create a maximum of 500 documents per Region.

SSM Documents Privately shared Systems Manager document

1000

A single Systems Manager document can be shared with a maximum of 1000 AWS accounts.

SSM Documents Publicly shared Systems Manager document

5

Each AWS account can publicly share a maximum of five documents.

State Manager Targets per State Manager association

10,000

Each Systems Manager document can be associated with a maximum of 10,000 instances. As a best practice when creating State Manager associations, use tags as targets instead of instance IDs.

State Manager Concurrent State Manager associations

2,000

Each AWS Account can have 2,000 associations per Region at one time.

State Manager State Manager association versions

1,000

You can created a maximum of 1,000 versions of a State Manager association.

Amazon Textract

Amazon Textract has the following quotas that you can change.

Resource Default

Transactions per second per account for synchronous operations:

In each Region that Amazon Textract supports – 1

Transactions per second per account for all Start (asynchronous) operations:

In each Region that Amazon Textract supports – 2

Transactions per second per account for all Get (asynchronous) operations:

In each Region that Amazon Textract supports – 5
Maximum number of asynchronous jobs per account that can simultaneously exist In each Region that Amazon Textract supports – 10

For more information, see Amazon Textract Quotas.

Amazon Transcribe

Resource Default
Number of concurrent transcription jobs 100
Total number of vocabularies per account 100
Number of pending vocabularies 10
Transactions per second, StartTranscriptionJob operation 10
Transactions per second, GetTranscriptionJob operation 20
Transactions per second, ListTranscriptionJobs operation 5
Transactions per second, CreateVocabulary and UpdateVocabulary operations 10
Transactions per second, DeleteVocabulary operation 5
Transactions per second, GetVocabulary operation 20
Transactions per second, ListVocabularies operation 5
Number of channels for channel identification 2
Number of simultaneous streams for streaming transcription 5
Maximum audio length for streaming transcription 4 hours
Transactions per second, StartStreamTranscription operation 1

You can request an increase for any of the quotas using the Amazon Transcribe service quotas increase form.

For more information, see Guidelines and Quotas in the Amazon Transcribe Developer Guide.

AWS Transfer for SFTP

Resource Default Comments
Servers per customer 10
Simultaneous sessions per server 10,000
Users per server 10,000 This quota applies to service managed servers only.
SSH keys per user 10 This quota applies to service managed servers only.
Maximum file size 5 TiB

Amazon Translate

Resource Default
Bytes per 10 seconds per language pair 10,000
Transactions per second per language pair 20

You can request an increase for any of the quotas using the Amazon Translate service quotas increase form.

For more information, see Guidelines and Quotas in the Amazon Translate Developer Guide.

Amazon Virtual Private Cloud (Amazon VPC)

Unless otherwise noted, you can submit a request to increase these quotas.

Resource Default Comments
VPCs and Subnets

VPCs per Region

5

Increasing this quota increases the quota on Internet gateways per Region by the same amount.

Subnets per VPC

200

-

IPv4 CIDR blocks per VPC

5

This quota is made up of the primary CIDR block plus 4 secondary CIDR blocks.

IPv6 CIDR blocks per VPC

1

This quota cannot be increased.

Elastic IP Addresses

Elastic IP addresses per Region for EC2-VPC

5

This is the quota for the number of Elastic IP addresses for use in EC2-VPC. For Elastic IP addresses for EC2-Classic, see Amazon Elastic Compute Cloud (Amazon EC2).

Gateways

Customer gateways per Region

50

To increase this quota, contact AWS Support.

Egress-only Internet gateways per Region 5 This quota is directly correlated with the quota on VPCs per Region. To increase this quota, increase the quota on VPCs per Region. Only one egress-only Internet gateway can be attached to a VPC at a time.

Internet gateways per Region

5

This quota is directly correlated with the quota on VPCs per Region. To increase this quota, increase the quota on VPCs per Region. Only one Internet gateway can be attached to a VPC at a time.

NAT gateways per Availability Zone 5 A NAT gateway in the pending, active, or deleting state counts against your quota.

Virtual private gateways per Region

5

Only one virtual private gateway can be attached to a VPC at a time.

Network ACLs

Network ACLs per VPC

200

You can associate one network ACL to one or more subnets in a VPC. This quota is not the same as the number of rules per network ACL.

Rules per network ACL

20

This is the one-way quota for a single network ACL, where the quota for ingress rules is 20, and the quota for egress rules is 20. This quota includes both IPv4 and IPv6 rules, and includes the default deny rules (rule number 32767 for IPv4 and 32768 for IPv6, or an asterisk * in the Amazon VPC console).

This quota can be increased up to a maximum if 40; however, network performance may be impacted.

Network Interfaces

Network interfaces per instance

-

This quota varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type.

Network interfaces per Region

5000

-

Route Tables

Route tables per VPC

200

This quota includes the main route table.

Routes per route table (non-propagated routes)

50

You can increase this quota up to a maximum of 1000; however, network performance might be impacted. This quota is enforced separately for IPv4 routes and IPv6 routes.

If you have more than 125 routes, we recommend that you paginate calls to describe your route tables for better performance.

BGP advertised routes per route table (propagated routes)

100

This quota cannot be increased. If you require more than 100 prefixes, advertise a default route.

Security Groups

VPC security groups per Region

2500

The maximum is 10000. If you have more than 5000 security groups in a Region, we recommend that you paginate calls to describe your security groups for better performance.

Inbound or outbound rules per security group

60

You can have 60 inbound and 60 outbound rules per security group (making a total of 120 rules). This quota is enforced separately for IPv4 rules and IPv6 rules; for example, a security group can have 60 inbound rules for IPv4 traffic and 60 inbound rules for IPv6 traffic. A rule that references a security group or prefix list ID counts as one rule for IPv4 and one rule for IPv6.

A quota change applies to both inbound and outbound rules. This quota multiplied by the quota for security groups per network interface cannot exceed 1000. For example, if you increase this quota to 100, we decrease the quota for your number of security groups per network interface to 10.

Security groups per network interface

5

To increase or decrease this quota, contact AWS Support. The maximum is 16. The quota for security groups per network interface multiplied by the quota for rules per security group cannot exceed 1000. For example, if you increase this quota to 10, we decrease the quota for your number of rules per security group to 100.

Transit Gateways
Total number of transit gateway attachments per transit gateway:

5

-

Number of transit gateway attachments per VPC:

5

This quota cannot be increased.

Number of transit gateways per Region per account

5

-

Number of transit gateway route tables per transit gateway 20

Number of static routes per transit gateway route table

10,000

For VPC route table quotas, see Amazon VPC Quotas in the Amazon VPC User Guide.

Total number of transit gateway attachments per Region per account

5,000

-

Maximum number of incoming prefixes for a BGP session on an IPSec VPN attachment 100
Maximum bandwidth (burst) per Availability Zone per VPC connection 50 Gbps
Maximum bandwidth per VPN connection 1.25 Gbps This quota cannot be increased. You can use ECMP to get higher VPN bandwidth by aggregating multiple VPN connections.
Number of AWS Direct Connect gateways per transit gateway 20 This quota cannot be increased.
Transit gateways per AWS Direct Connect gateway 3 This quota cannot be increased.
VPC Endpoints

Gateway VPC endpoints per Region

20

You cannot have more than 255 gateway endpoints per VPC.

Interface VPC endpoints per VPC

20

To increase this quota, contact AWS Support.
VPC Peering Connections

Active VPC peering connections per VPC

50

The maximum quota is 125 peering connections per VPC. The number of entries per route table should be increased accordingly; however, network performance may be impacted.

Outstanding VPC peering connection requests

25

This is the quota for the number of outstanding VPC peering connection requests that you've requested from your account.

Expiry time for an unaccepted VPC peering connection request

1 week (168 hours)

-

VPC Sharing

Number of unique accounts with which you can share a VPC

100

This is the quota for the number of distinct participant accounts that subnets in a VPC can be shared with. This is a per VPC quota and applies across all the subnets shared in a VPC. AWS recommends that you paginate your DescribeSecurityGroups and DescribeNetworkInterfaces API calls before requesting an increase for this quota. To increase this quota, contact AWS Support.

Number of subnets that you can share with an account

100

This is the quota for maximum number of subnets that can be shared with an AWS account. AWS recommends that you paginate your DescribeSecurityGroups and DescribeSubnets API calls before requesting an increase for this quota. To increase this quota contact AWS Support.

VPN Connections

VPN connections per Region

50

-

VPN connections per VPC (per virtual private gateway)

10

-

For more information, see Amazon VPC Quotas in the Amazon VPC User Guide.

Amazon VPC DNS

For more information, see DNS Quotas in the Amazon VPC User Guide.

AWS WAF

AWS WAF has default quotas on the number of entities per account. You can request an increase in these quotas.

Resource Default

Web ACLs per AWS account

50

Rules per AWS account

100

Conditions per AWS account

100 of each condition type (For example: 100 Size constraint conditions, 100 IP match conditions, etc.)

Requests per Second 10,000 per web ACL*

*This quota applies only to AWS WAF on an Application Load Balancer. Requests per Second (RPS) quotas for AWS WAF on CloudFront are the same as the RPS quotas support by CloudFront described in the Amazon CloudFront Developer Guide.

The following quotas on AWS WAF entities can't be changed.

Resource Default

Rule groups per web ACL

2: 1 customer-created rule group and 1 AWS Marketplace rule group

Rules per web ACL

10

Conditions per rule

10

IP address ranges (in CIDR notation) per IP match condition

10,000

Filters per cross-site scripting match condition

10

Filters per size constraint condition

10

Filters per SQL injection match condition

10

Filters per string match condition

10

In string match conditions, the number of characters in HTTP header names, when you've configured AWS WAF to inspect the headers in web requests for a specified value

40

In string match conditions, the number of characters in the value that you want AWS WAF to search for

50

In regex match conditions, the number of characters in the pattern that you want AWS WAF to search for

70

These quotas are the same for all Regions in which AWS WAF is available. Each Region is subject to these quotas individually. That is, the quotas are not cumulative across regions.

AWS Well-Architected Tool

Resource

Default

Workloads per AWS account

1000

Milestones per workload

100

Amazon WorkMail

For more information, see Amazon WorkMail Quotas.

Amazon WorkSpaces

Resource Default
WorkSpaces per Region 1
Graphics WorkSpaces per Region 0
GraphicsPro WorkSpaces per Region 0
Images per Region 5
IP access control groups per Region 100
Rules per IP access control group 10
IP access control groups per directory 5

AWS X-Ray

Resource

Default

Trace and service graph retention

30 days

Segment document size

64kB

Indexed annotations per trace

50

Custom sampling rules per Region

25

On this page: