Amazon CloudFront endpoints and quotas - AWS General Reference

Amazon CloudFront endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

Region Name Region Endpoint Protocol Amazon Route 53 Hosted Zone ID*
US East (N. Virginia) Region us-east-1

cloudfront.amazonaws.com

cloudfront-fips.amazonaws.com

HTTPS

HTTPS

Z2FDTNDATAQYW2

Service quotas

Name Default Adjustable
Alternate domain names (CNAMEs) per distribution All supported Regions: 100 Yes
Cache behaviors per distribution All supported Regions: 25 Yes
Cache policies per AWS account All supported Regions: 20 No
CloudFront Functions: Maximum number of distributions associated with a single function All supported Regions: 100 Yes
Concurrent executions All supported Regions: 1,000 Yes
Connection attempts per origin All supported Regions: 3 No
Connection timeout per origin All supported Regions: 10 Seconds No
Cookies per cache policy All supported Regions: 10 Yes
Cookies per origin request policy All supported Regions: 10 Yes
Custom headers: maximum length of a header name All supported Regions: 256 No
Custom headers: maximum length of a header value All supported Regions: 1,783 No
Custom headers: maximum length of all header values and names combined All supported Regions: 10,240 No
Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests All supported Regions: 10 Yes
Data transfer rate per distribution All supported Regions: 150 Yes
Distributions associated with a single key group All supported Regions: 100 Yes
Distributions associated with the same cache policy All supported Regions: 100 No
Distributions associated with the same origin request policy All supported Regions: 100 No
Distributions per AWS account that you can create triggers for All supported Regions: 25 Yes
File invalidation: maximum number of active wildcard invalidations allowed All supported Regions: 15 No
File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations All supported Regions: 3,000 No
Function memory size (Viewer request and response event) All supported Regions: 128 Megabytes No
Function timeout (Origin request and response event) All supported Regions: 30 Seconds No
Function timeout for a viewer request and response event All supported Regions: 5 Seconds No
Headers per cache policy All supported Regions: 10 Yes
Headers per origin request policy All supported Regions: 10 Yes
Key groups associated with a single distribution All supported Regions: 4 Yes
Key groups per AWS account All supported Regions: 10 Yes
Maximum compressed size of a Lambda function and any included libraries. (Origin request and response event) All supported Regions: 50 Megabytes No
Maximum compressed size of a Lambda function and any included libraries. (Viewer request and response event) All supported Regions: 1 Megabytes No
Maximum file size for HTTP GET, POST, and PUT requests All supported Regions: 20 Gigabytes No
Maximum length of a URL All supported Regions: 8,192 Bytes No
Maximum length of a field to encrypt All supported Regions: 16 Kilobytes No
Maximum length of a request body when field-level encryption is configured All supported Regions: 1 Megabytes No
Maximum length of a request, including headers and query strings, but not including the body content All supported Regions: 20,480 Bytes No
Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration All supported Regions: 20 No
Maximum number of characters in a whitelisted query string All supported Regions: 128 No
Maximum number of characters total for all whitelisted query strings in the same parameter All supported Regions: 512 No
Maximum number of field-level encryption configurations that can be associated with one AWS account All supported Regions: 10 No
Maximum number of field-level encryption profiles that can be associated with one AWS account All supported Regions: 10 No
Maximum number of fields in a request body when field-level encryption is configured All supported Regions: 10 No
Maximum number of fields to encrypt that can be specified in one profile All supported Regions: 10 No
Maximum number of public keys that can be added to one AWS account All supported Regions: 10 No
Maximum number of query argument profile mappings that can be included in a field-level encryption configuration All supported Regions: 5 No
Origin access identities per account All supported Regions: 100 Yes
Origin groups per distribution All supported Regions: 10 Yes
Origin request policies per AWS account All supported Regions: 20 No
Origin response timeout (idle timeout) All supported Regions: 10 No
Origins per distribution All supported Regions: 25 Yes
Public keys in a single key group All supported Regions: 5 Yes
Query strings per cache policy All supported Regions: 10 Yes
Query strings per origin request policy All supported Regions: 10 Yes
RTMP distributions per AWS account All supported Regions: 100 Yes
Range of file sizes that CloudFront compresses All supported Regions: 10,000,000 Bytes No
Request body size for origin requests exposed to a Lambda@Edge function. All supported Regions: 1 Megabytes No
Request body size for origin requests when returning from a Lambda function (base64 encoding) All supported Regions: 1.33 Megabytes No
Request body size for origin requests when returning from a Lambda function (text encoding) All supported Regions: 1 Megabytes No
Request body size for viewer requests exposed to a Lambda@Edge function. All supported Regions: 40 Kilobytes No
Request body size for viewer requests when returning from a Lambda function (base64 encoding) All supported Regions: 53.2 Kilobytes No
Request body size for viewer requests when returning from a Lambda function (text encoding) All supported Regions: 40 Kilobytes No
Request timeout All supported Regions: 30 Seconds Yes
Requests per second All supported Regions: 10,000 Yes
Requests per second per distribution All supported Regions: 250,000 Yes
Response timeout per origin All supported Regions: 60 Seconds Yes
SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses All supported Regions: 2 Yes
SSL certificates that can be associated with a CloudFront web distribution All supported Regions: 1 No
Size of a response that is generated by a Lambda function, including headers and body (Origin request and response event) All supported Regions: 1 Megabytes No
Size of a response that is generated by a Lambda function, including headers and body (Viewer request and response event) All supported Regions: 40 Kilobytes No
Tags that can be added to a distribution All supported Regions: 50 No
Total length of the URI including query string in a Lambda@Edge function All supported Regions: 8,192 No
Total number of bytes in whitelisted cookie names (doesn’t apply if you configure CloudFront to forward all cookies to the origin) All supported Regions: 512 Bytes No
Triggers per distribution All supported Regions: 100 Yes
Web distributions per AWS account All supported Regions: 200 Yes
Whitelisted cookies per cache behavior All supported Regions: 10 Yes
Whitelisted headers per cache behavior All supported Regions: 10 Yes
Whitelisted query strings per cache behavior All supported Regions: 10 Yes

For more information, see Quotas in the Amazon CloudFront Developer Guide.