Amazon CloudFront endpoints and quotas - AWS General Reference

Amazon CloudFront endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Note

AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.

Service endpoints

Amazon CloudFront

Region Name Region Endpoint Protocol Amazon Route 53 Hosted Zone ID*
US East (N. Virginia) Region us-east-1

cloudfront.amazonaws.com

cloudfront-fips.amazonaws.com

HTTPS

HTTPS

Z2FDTNDATAQYW2

Amazon CloudFront KeyValueStore

CloudFront KeyValueStore is a global service. Specify your AWS account ID for the endpoint.

Endpoint Protocol Amazon Route 53 Hosted Zone ID*

AWS account.cloudfront-kvs.global.api.aws

HTTPS

The root host zone is the following. Each customer endpoint has its own hosted zone.

Z024645223JLTKL21A7KJ

Service quotas

Name Default Adjustable Description
Alternate domain names (CNAMEs) per distribution Each supported Region: 100 Yes The maximum number of alternate domain names (CNAMEs) per distribution.
Cache behaviors per distribution Each supported Region: 25 Yes The maximum number of cache behaviors per distribution.
Cache policies per AWS account Each supported Region: 20 Yes The maximum number of cache policies per AWS account.
CloudFront Functions: Maximum number of distributions associated with a single function Each supported Region: 100 Yes The maximum number of CloudFront distributions associated with a single CloudFront function.
Connection attempts per origin Each supported Region: 3 No The number of connection attempts per origin (1-3).
Connection timeout per origin Each supported Region: 10 Seconds No The connection timeout per origin (1-10 seconds).
Cookies per cache policy Each supported Region: 10 Yes The maximum number of cookies per cache policy.
Cookies per origin request policy Each supported Region: 10 Yes The maximum number of cookies per origin request policy.
Custom headers per response headers policy Each supported Region: 10 Yes The maximum number of custom headers per response headers policy.
Custom headers: maximum length of a header name Each supported Region: 256 No The maximum length of a header name in characters.
Custom headers: maximum length of a header value Each supported Region: 1,783 No The maximum length of a header value in characters.
Custom headers: maximum length of all header values and names combined Each supported Region: 10,240 No The maximum length of all header values and names combined.
Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests Each supported Region: 10 Yes The maximum number of custom headers that you can configure CloudFront to add to origin requests.
Data transfer rate per distribution Each supported Region: 150 Yes The maximum data transfer rate (in Gbps) per distribution.
Distributions associated with a single key group Each supported Region: 100 Yes The maximum number of distributions associated with a single key group.
Distributions associated with the same cache policy Each supported Region: 100 No The maximum number of distributions associated with the same cache policy.
Distributions associated with the same origin request policy Each supported Region: 100 No The maximum number of distributions associated with the same origin request policy.
Distributions associated with the same response headers policy Each supported Region: 100 Yes The maximum number of distributions that you can associate with the same response headers policy.
Distributions per AWS account that you can create triggers for Each supported Region: 25 Yes The maximum number of distributions per AWS account that you can create triggers for.
File invalidation: maximum number of active wildcard invalidations allowed Each supported Region: 15 No The maximum number of active wildcard invalidations allowed.
File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations Each supported Region: 3,000 No The maximum number of files allowed in active invalidation requests, excluding wildcard invalidations.
Function memory size (Viewer request and response event) Each supported Region: 128 Megabytes No The maximum function memory size (in MB). (Viewer request and response event)
Function timeout (Origin request and response event) Each supported Region: 30 Seconds No The maximum function timeout (in seconds). (Origin request and response event)
Function timeout for a viewer request and response event Each supported Region: 5 Seconds No The maximum function timeout (in seconds). (Viewer request and response event)
Headers per cache policy Each supported Region: 10 Yes The maximum number of headers per cache policy.
Headers per origin request policy Each supported Region: 10 Yes The maximum number of headers per origin request policy.
Key groups associated with a single distribution Each supported Region: 4 Yes The maximum number of key groups associated with a single distribution.
Key groups per AWS account Each supported Region: 10 Yes The maximum number of key groups per AWS account.
Length of the content security policy value in a response headers policy Each supported Region: 1,783 Yes The maximum length of the content security policy value in a response headers policy.
Maximum compressed size of a Lambda function and any included libraries. (Origin request and response event) Each supported Region: 50 Megabytes No The maximum compressed size (in MB) of a Lambda function and any included libraries. (Origin request and response event)
Maximum compressed size of a Lambda function and any included libraries. (Viewer request and response event) Each supported Region: 1 Megabytes No The maximum compressed size (in MB) of a Lambda function and any included libraries. (Viewer request and response event)
Maximum file size for HTTP GET, POST, and PUT requests Each supported Region: 50 Gigabytes No The maximum file size (in GB) for HTTP GET, POST, and PUT requests.
Maximum length of a URL Each supported Region: 8,192 Bytes No The maximum length of a URL (in bytes).
Maximum length of a field to encrypt Each supported Region: 16 Kilobytes No The maximum length (in KB) of a field to encrypt.
Maximum length of a request body when field-level encryption is configured Each supported Region: 1 Megabytes No The maximum length (in MB) of a request body when field-level encryption is configured.
Maximum length of a request, including headers and query strings, but not including the body content Each supported Region: 20,480 Bytes No The maximum length of a request (in bytes), including headers and query strings, but not including the body content.
Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration Each supported Region: 20 No The maximum number of CloudFront distributions that can be associated with a field-level encryption configuration.
Maximum number of characters in a whitelisted query string Each supported Region: 128 No The maximum number of characters in a whitelisted query string.
Maximum number of characters total for all whitelisted query strings in the same parameter Each supported Region: 512 No The maximum number of characters total for all whitelisted query strings in the same parameter.
Maximum number of field-level encryption configurations that can be associated with one AWS account Each supported Region: 10 No The maximum number of field-level encryption configurations that can be associated with one AWS account.
Maximum number of field-level encryption profiles that can be associated with one AWS account Each supported Region: 10 No The maximum number of field-level encryption profiles that can be associated with one AWS account.
Maximum number of fields in a request body when field-level encryption is configured Each supported Region: 10 No The maximum number of fields in a request body when field-level encryption is configured.
Maximum number of fields to encrypt that can be specified in one profile Each supported Region: 10 No The maximum number of fields to encrypt that can be specified in one profile.
Maximum number of public keys that can be added to one AWS account Each supported Region: 10 No The maximum number of public keys that can be added to one AWS account.
Maximum number of query argument profile mappings that can be included in a field-level encryption configuration Each supported Region: 5 No The maximum number of query argument profile mappings that can be included in a field-level encryption configuration.
Origin access identities per account Each supported Region: 100 Yes The maximum number of origin access identities per account.
Origin groups per distribution Each supported Region: 10 Yes The maximum number of origin groups per distribution.
Origin request policies per AWS account Each supported Region: 20 Yes The maximum number of origin request policies per AWS account.
Origin response timeout (idle timeout) Each supported Region: 10 No The maximum origin response timeout (idle timeout) in minutes. If CloudFront hasn’t detected any bytes sent from the origin to the client within the past 10 minutes, the connection is assumed to be idle and is closed.
Origins per distribution Each supported Region: 25 Yes The maximum number of origins per distribution.
Public keys in a single key group Each supported Region: 5 Yes The maximum number of public keys in a single key group.
Query strings per cache policy Each supported Region: 10 Yes The maximum number of query strings per cache policy.
Query strings per origin request policy Each supported Region: 10 Yes The maximum number of query strings per origin request policy.
Range of file sizes that CloudFront compresses Each supported Region: 10,000,000 Bytes No The range of file sizes (in bytes) that CloudFront compresses (1,000 to 10,000,000).
Removing headers from a response headers policy Each supported Region: 10 Yes The maximum number of headers that you can remove in a response headers policy.
Request body size for origin requests exposed to a Lambda@Edge function. Each supported Region: 1 Megabytes No The maximum request body size (in MB) for origin requests exposed to a Lambda@Edge function.
Request body size for origin requests when returning from a Lambda function (base64 encoding) Each supported Region: 1.33 Megabytes No The maximum request body size (in KB) for origin requests when returning from a Lambda function. (base64 encoding)
Request body size for origin requests when returning from a Lambda function (text encoding) Each supported Region: 1 Megabytes No The maximum request body size (in KB) for origin requests when returning from a Lambda function. (text encoding)
Request body size for viewer requests exposed to a Lambda@Edge function. Each supported Region: 40 Kilobytes No The maximum request body size (in KB) for viewer requests exposed to a Lambda@Edge function.
Request body size for viewer requests when returning from a Lambda function (base64 encoding) Each supported Region: 53.2 Kilobytes No The maximum request body size (in KB) for viewer requests when returning from a Lambda function. (base64 encoding)
Request body size for viewer requests when returning from a Lambda function (text encoding) Each supported Region: 40 Kilobytes No The maximum request body size (in KB) for viewer requests when returning from a Lambda function. (text encoding)
Request timeout Each supported Region: 30 Seconds Yes The maximum request timeout in seconds.
Requests per second per distribution Each supported Region: 250,000 Yes The maximum number of requests per second per distribution.
Response headers policies Each supported Region: 20 Yes The maximum number of response headers policies per AWS account.
Response timeout per origin Each supported Region: 60 Seconds Yes The response timeout per origin (1-60 seconds).
SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses Each supported Region: 2 Yes The maximum number of SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI).
SSL certificates that can be associated with a CloudFront web distribution Each supported Region: 1 No The maximum number of SSL certificates that can be associated with a CloudFront web distribution.
Size of a response that is generated by a Lambda function, including headers and body (Origin request and response event) Each supported Region: 1 Megabytes No The maximum size (in MB) of a response that is generated by a Lambda function, including headers and body. (Origin request and response event)
Size of a response that is generated by a Lambda function, including headers and body (Viewer request and response event) Each supported Region: 40 Kilobytes No The maximum size (in KB) of a response that is generated by a Lambda function, including headers and body. (Viewer request and response event)
Tags that can be added to a distribution Each supported Region: 50 No The maximum number of tags that can be added to a distribution.
Total length of the URI including query string in a Lambda@Edge function Each supported Region: 8,192 No The maximum total length in characters of the URI including the query string in a Lambda@Edge function.
Total number of bytes in whitelisted cookie names (doesn’t apply if you configure CloudFront to forward all cookies to the origin) Each supported Region: 512 Bytes No The total number of bytes in whitelisted cookie names (doesn’t apply if you configure CloudFront to forward all cookies to the origin). 512 minus the number of whitelisted cookies.
Triggers per distribution Each supported Region: 100 Yes The maximum number of triggers per distribution.
Web distributions per AWS account Each supported Region: 200 Yes The maximum number of web distributions per AWS account.
Whitelisted cookies per cache behavior Each supported Region: 10 Yes The maximum number of whitelisted cookies per cache behavior.
Whitelisted headers per cache behavior Each supported Region: 10 Yes The maximum number of whitelisted headers per cache behavior.
Whitelisted query strings per cache behavior Each supported Region: 10 Yes The maximum number of whitelisted query strings per cache behavior.

For more information, see Quotas in the Amazon CloudFront Developer Guide.