AWS CloudTrail endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Note
AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.
Service endpoints
Control plane endpoints
The following table contains AWS Region-specific endpoints that AWS CloudTrail supports for control plane operations. For more information, see the AWS CloudTrail API Reference.
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 |
cloudtrail.us-east-2.amazonaws.com cloudtrail-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
US East (N. Virginia) | us-east-1 |
cloudtrail.us-east-1.amazonaws.com cloudtrail-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
US West (N. California) | us-west-1 |
cloudtrail.us-west-1.amazonaws.com cloudtrail-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
US West (Oregon) | us-west-2 |
cloudtrail.us-west-2.amazonaws.com cloudtrail-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
Africa (Cape Town) | af-south-1 | cloudtrail.af-south-1.amazonaws.com | HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 | cloudtrail.ap-east-1.amazonaws.com | HTTPS |
Asia Pacific (Hyderabad) | ap-south-2 | cloudtrail.ap-south-2.amazonaws.com | HTTPS |
Asia Pacific (Jakarta) | ap-southeast-3 | cloudtrail.ap-southeast-3.amazonaws.com | HTTPS |
Asia Pacific (Malaysia) | ap-southeast-5 | cloudtrail.ap-southeast-5.amazonaws.com | HTTPS |
Asia Pacific (Melbourne) | ap-southeast-4 | cloudtrail.ap-southeast-4.amazonaws.com | HTTPS |
Asia Pacific (Mumbai) | ap-south-1 | cloudtrail.ap-south-1.amazonaws.com | HTTPS |
Asia Pacific (Osaka) | ap-northeast-3 | cloudtrail.ap-northeast-3.amazonaws.com | HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 | cloudtrail.ap-northeast-2.amazonaws.com | HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 | cloudtrail.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | cloudtrail.ap-southeast-2.amazonaws.com | HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 | cloudtrail.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 | cloudtrail.ca-central-1.amazonaws.com | HTTPS |
Canada West (Calgary) | ca-west-1 | cloudtrail.ca-west-1.amazonaws.com | HTTPS |
Europe (Frankfurt) | eu-central-1 | cloudtrail.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | cloudtrail.eu-west-1.amazonaws.com | HTTPS |
Europe (London) | eu-west-2 | cloudtrail.eu-west-2.amazonaws.com | HTTPS |
Europe (Milan) | eu-south-1 | cloudtrail.eu-south-1.amazonaws.com | HTTPS |
Europe (Paris) | eu-west-3 | cloudtrail.eu-west-3.amazonaws.com | HTTPS |
Europe (Spain) | eu-south-2 | cloudtrail.eu-south-2.amazonaws.com | HTTPS |
Europe (Stockholm) | eu-north-1 | cloudtrail.eu-north-1.amazonaws.com | HTTPS |
Europe (Zurich) | eu-central-2 | cloudtrail.eu-central-2.amazonaws.com | HTTPS |
Israel (Tel Aviv) | il-central-1 | cloudtrail.il-central-1.amazonaws.com | HTTPS |
Middle East (Bahrain) | me-south-1 | cloudtrail.me-south-1.amazonaws.com | HTTPS |
Middle East (UAE) | me-central-1 | cloudtrail.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | cloudtrail.sa-east-1.amazonaws.com | HTTPS |
AWS GovCloud (US-East) | us-gov-east-1 | cloudtrail.us-gov-east-1.amazonaws.com | HTTPS |
AWS GovCloud (US-West) | us-gov-west-1 | cloudtrail.us-gov-west-1.amazonaws.com | HTTPS |
Data plane endpoints
The following table contains AWS Region-specific endpoints that AWS CloudTrail supports for data plane operations. For more information, see the AWS CloudTrail Data API Reference.
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 | cloudtrail-data.us-east-2.amazonaws.com | HTTPS |
US East (N. Virginia) | us-east-1 | cloudtrail-data.us-east-1.amazonaws.com | HTTPS |
US West (N. California) | us-west-1 | cloudtrail-data.us-west-1.amazonaws.com | HTTPS |
US West (Oregon) | us-west-2 | cloudtrail-data.us-west-2.amazonaws.com | HTTPS |
Africa (Cape Town) | af-south-1 | cloudtrail-data.af-south-1.amazonaws.com | HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 | cloudtrail-data.ap-east-1.amazonaws.com | HTTPS |
Asia Pacific (Jakarta) | ap-southeast-3 | cloudtrail-data.ap-southeast-3.amazonaws.com | HTTPS |
Asia Pacific (Mumbai) | ap-south-1 | cloudtrail-data.ap-south-1.amazonaws.com | HTTPS |
Asia Pacific (Osaka) | ap-northeast-3 | cloudtrail-data.ap-northeast-3.amazonaws.com | HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 | cloudtrail-data.ap-northeast-2.amazonaws.com | HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 | cloudtrail-data.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | cloudtrail-data.ap-southeast-2.amazonaws.com | HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 | cloudtrail-data.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 | cloudtrail-data.ca-central-1.amazonaws.com | HTTPS |
Europe (Frankfurt) | eu-central-1 | cloudtrail-data.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | cloudtrail-data.eu-west-1.amazonaws.com | HTTPS |
Europe (London) | eu-west-2 | cloudtrail-data.eu-west-2.amazonaws.com | HTTPS |
Europe (Milan) | eu-south-1 | cloudtrail-data.eu-south-1.amazonaws.com | HTTPS |
Europe (Paris) | eu-west-3 | cloudtrail-data.eu-west-3.amazonaws.com | HTTPS |
Europe (Stockholm) | eu-north-1 | cloudtrail-data.eu-north-1.amazonaws.com | HTTPS |
Middle East (Bahrain) | me-south-1 | cloudtrail-data.me-south-1.amazonaws.com | HTTPS |
Middle East (UAE) | me-central-1 | cloudtrail-data.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | cloudtrail-data.sa-east-1.amazonaws.com | HTTPS |
Service quotas
Name | Default | Adjustable | Description |
---|---|---|---|
Channels | Each supported Region: 25 | No | This quota applies to channels used for CloudTrail Lake integrations with event sources outside of AWS, and does not apply to service-linked channels. |
CloudTrail file size sent to Amazon S3 | Each supported Region: 50 Megabytes | No | For both management and data events, CloudTrail sends events to S3 in maximum 50 MB (compressed) ZIP files. If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends ZIP files to S3. |
Concurrent queries | Each supported Region: 10 | No | The maximum number of queued or running queries that you can run simultaneously in CloudTrail Lake. |
Conditions across all advanced event selectors | Each supported Region: 500 | No | If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. Unless a trail logs data events on all resources, such as all S3 buckets, a trail is limited to 250 data resources. Data resources can be distributed across event selectors, but the total cannot exceed 250. |
Data resources across all event selectors in a trail | Each supported Region: 250 | No | If you choose to limit data events by using event selectors or advanced event selectors, the total number of data resources cannot exceed 250 across all event selectors in a trail. |
Event data stores | Each supported Region: 10 | No | The maximum number of event data stores that you can have in any one region. This includes single-region event data stores for the region as well as any multi-region event data stores across all regions. |
Event selectors | Each supported Region: 5 | No | The maximum number of event selectors per trail. |
Event size | Each supported Region: 256 Kilobytes | No | The maximum event size (in KB). All event versions: events over 256 KB cannot be sent to CloudWatch Logs. Event version 1.05 and newer: maximum event size of 256 KB. |
Events per PutAuditEvents request | Each supported Region: 100 | No | You can add up to 100 activity events (or up to 1 MB) per PutAuditEvents request. |
Trails per region | Each supported Region: 5 | No | The maximum number of trails per region. |
Transactions per second (TPS) for the AddTags API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the CancelQuery API | Each supported Region: 3 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the CreateChannel API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the CreateEventDataStore API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the CreateTrail API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DeleteChannel API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DeleteEventDataStore API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DeleteResourcePolicy API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DeleteTrail API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DeregisterOrganizationDelegatedAdmin API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DescribeQuery API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DescribeTrails API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the DisableFederation API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the EnableFederation API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetChannel API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetEventDataStore API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetEventSelectors API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetImport API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetInsightSelectors API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetQueryResults API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetResourcePolicy API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetTrail API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the GetTrailStatus API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListChannels API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListEventDataStores API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListImportFailures API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListImports API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListInsightsMetricData API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListPublicKeys API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListQueries API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListTags API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the ListTrails API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the LookupEvents API | Each supported Region: 2 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the PutAuditEvents API | Each supported Region: 100 | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the PutEventSelectors API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the PutInsightSelectors API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the PutResourcePolicy API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the RegisterOrganizationDelegatedAdmin API | Each supported Region: 10 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the RemoveTags API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the RestoreEventDataStore API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StartEventDataStoreIngestion API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StartImport API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StartLogging API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StartQuery API | Each supported Region: 3 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StopEventDataStoreIngestion API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StopImport API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the StopLogging API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the UpdateChannel API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the UpdateEventDataStore API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
Transactions per second (TPS) for the UpdateTrail API | Each supported Region: 1 per second | No | The maximum number of operation requests you can make per second without being throttled. |
For more information, see Quotas in AWS CloudTrail.