AWS CloudTrail endpoints and quotas - AWS General Reference

AWS CloudTrail endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Note

AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.

Service endpoints

Control plane endpoints

The following table contains AWS Region-specific endpoints that AWS CloudTrail supports for control plane operations. For more information, see the AWS CloudTrail API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

cloudtrail.us-east-2.amazonaws.com

cloudtrail-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

cloudtrail.us-east-1.amazonaws.com

cloudtrail-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

cloudtrail.us-west-1.amazonaws.com

cloudtrail-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

cloudtrail.us-west-2.amazonaws.com

cloudtrail-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Africa (Cape Town) af-south-1 cloudtrail.af-south-1.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 cloudtrail.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Hyderabad) ap-south-2 cloudtrail.ap-south-2.amazonaws.com HTTPS
Asia Pacific (Jakarta) ap-southeast-3 cloudtrail.ap-southeast-3.amazonaws.com HTTPS
Asia Pacific (Malaysia) ap-southeast-5 cloudtrail.ap-southeast-5.amazonaws.com HTTPS
Asia Pacific (Melbourne) ap-southeast-4 cloudtrail.ap-southeast-4.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 cloudtrail.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Osaka) ap-northeast-3 cloudtrail.ap-northeast-3.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 cloudtrail.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 cloudtrail.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 cloudtrail.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 cloudtrail.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 cloudtrail.ca-central-1.amazonaws.com HTTPS
Canada West (Calgary) ca-west-1 cloudtrail.ca-west-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 cloudtrail.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 cloudtrail.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 cloudtrail.eu-west-2.amazonaws.com HTTPS
Europe (Milan) eu-south-1 cloudtrail.eu-south-1.amazonaws.com HTTPS
Europe (Paris) eu-west-3 cloudtrail.eu-west-3.amazonaws.com HTTPS
Europe (Spain) eu-south-2 cloudtrail.eu-south-2.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 cloudtrail.eu-north-1.amazonaws.com HTTPS
Europe (Zurich) eu-central-2 cloudtrail.eu-central-2.amazonaws.com HTTPS
Israel (Tel Aviv) il-central-1 cloudtrail.il-central-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 cloudtrail.me-south-1.amazonaws.com HTTPS
Middle East (UAE) me-central-1 cloudtrail.me-central-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 cloudtrail.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 cloudtrail.us-gov-east-1.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1 cloudtrail.us-gov-west-1.amazonaws.com HTTPS

Data plane endpoints

The following table contains AWS Region-specific endpoints that AWS CloudTrail supports for data plane operations. For more information, see the AWS CloudTrail Data API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 cloudtrail-data.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 cloudtrail-data.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 cloudtrail-data.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 cloudtrail-data.us-west-2.amazonaws.com HTTPS
Africa (Cape Town) af-south-1 cloudtrail-data.af-south-1.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 cloudtrail-data.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Jakarta) ap-southeast-3 cloudtrail-data.ap-southeast-3.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 cloudtrail-data.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Osaka) ap-northeast-3 cloudtrail-data.ap-northeast-3.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 cloudtrail-data.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 cloudtrail-data.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 cloudtrail-data.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 cloudtrail-data.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 cloudtrail-data.ca-central-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 cloudtrail-data.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 cloudtrail-data.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 cloudtrail-data.eu-west-2.amazonaws.com HTTPS
Europe (Milan) eu-south-1 cloudtrail-data.eu-south-1.amazonaws.com HTTPS
Europe (Paris) eu-west-3 cloudtrail-data.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 cloudtrail-data.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 cloudtrail-data.me-south-1.amazonaws.com HTTPS
Middle East (UAE) me-central-1 cloudtrail-data.me-central-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 cloudtrail-data.sa-east-1.amazonaws.com HTTPS

Service quotas

Name Default Adjustable Description
Channels Each supported Region: 25 No This quota applies to channels used for CloudTrail Lake integrations with event sources outside of AWS, and does not apply to service-linked channels.
CloudTrail file size sent to Amazon S3 Each supported Region: 50 Megabytes No For both management and data events, CloudTrail sends events to S3 in maximum 50 MB (compressed) ZIP files. If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends ZIP files to S3.
Concurrent queries Each supported Region: 10 No The maximum number of queued or running queries that you can run simultaneously in CloudTrail Lake.
Conditions across all advanced event selectors Each supported Region: 500 No If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. Unless a trail logs data events on all resources, such as all S3 buckets, a trail is limited to 250 data resources. Data resources can be distributed across event selectors, but the total cannot exceed 250.
Data resources across all event selectors in a trail Each supported Region: 250 No If you choose to limit data events by using event selectors or advanced event selectors, the total number of data resources cannot exceed 250 across all event selectors in a trail.
Event data stores Each supported Region: 10 No The maximum number of event data stores that you can have in any one region. This includes single-region event data stores for the region as well as any multi-region event data stores across all regions.
Event selectors Each supported Region: 5 No The maximum number of event selectors per trail.
Event size Each supported Region: 256 Kilobytes No The maximum event size (in KB). All event versions: events over 256 KB cannot be sent to CloudWatch Logs. Event version 1.05 and newer: maximum event size of 256 KB.
Events per PutAuditEvents request Each supported Region: 100 No You can add up to 100 activity events (or up to 1 MB) per PutAuditEvents request.
Trails per region Each supported Region: 5 No The maximum number of trails per region.
Transactions per second (TPS) for the AddTags API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the CancelQuery API Each supported Region: 3 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the CreateChannel API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the CreateEventDataStore API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the CreateTrail API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DeleteChannel API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DeleteEventDataStore API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DeleteResourcePolicy API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DeleteTrail API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DeregisterOrganizationDelegatedAdmin API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DescribeQuery API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DescribeTrails API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the DisableFederation API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the EnableFederation API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetChannel API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetEventDataStore API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetEventSelectors API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetImport API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetInsightSelectors API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetQueryResults API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetResourcePolicy API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetTrail API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the GetTrailStatus API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListChannels API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListEventDataStores API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListImportFailures API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListImports API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListInsightsMetricData API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListPublicKeys API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListQueries API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListTags API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the ListTrails API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the LookupEvents API Each supported Region: 2 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the PutAuditEvents API Each supported Region: 100 No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the PutEventSelectors API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the PutInsightSelectors API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the PutResourcePolicy API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the RegisterOrganizationDelegatedAdmin API Each supported Region: 10 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the RemoveTags API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the RestoreEventDataStore API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StartEventDataStoreIngestion API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StartImport API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StartLogging API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StartQuery API Each supported Region: 3 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StopEventDataStoreIngestion API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StopImport API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the StopLogging API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the UpdateChannel API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the UpdateEventDataStore API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.
Transactions per second (TPS) for the UpdateTrail API Each supported Region: 1 per second No The maximum number of operation requests you can make per second without being throttled.

For more information, see Quotas in AWS CloudTrail.