AWS IoT Greengrass V1 endpoints and quotas - AWS General Reference

AWS IoT Greengrass V1 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Note

AWS recommends using Regional STS endpoints within your applications and avoid using the global (legacy) STS endpoint. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use the regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about the global (legacy) AWS STS endpoint, including how to monitor for use of this endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.

Service endpoints

Control Plane Operations

The following table contains AWS Region-specific endpoints that AWS IoT Greengrass supports for group management operations.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 greengrass.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 greengrass.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 greengrass.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 greengrass.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 greengrass.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 greengrass.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 greengrass.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 greengrass.ap-northeast-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 greengrass.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 greengrass.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 greengrass.eu-west-2.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

greengrass.us-gov-east-1.amazonaws.com

greengrass.us-gov-east-1.amazonaws.com

greengrass-ats.iot.us-gov-east-1.amazonaws.com

greengrass-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

MQTT and HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

greengrass.us-gov-west-1.amazonaws.com

greengrass-ats.iot.us-gov-west-1.amazonaws.com

greengrass.us-gov-west-1.amazonaws.com

HTTPS

MQTT and HTTPS

HTTPS

AWS IoT Device Operations

The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT device management operations, such as shadow sync. This is a data plane API.

To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-ATS command.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

prefix-ats.iot.us-east-2.amazonaws.com

HTTPS, MQTT
US East (N. Virginia) us-east-1

prefix-ats.iot.us-east-1.amazonaws.com

HTTPS, MQTT
US West (Oregon) us-west-2

prefix-ats.iot.us-west-2.amazonaws.com

HTTPS, MQTT
Asia Pacific (Mumbai) ap-south-1

prefix-ats.iot.ap-south-1.amazonaws.com

HTTPS, MQTT
Asia Pacific (Seoul) ap-northeast-2

prefix-ats.iot.ap-northeast-2.amazonaws.com

HTTPS, MQTT
Asia Pacific (Singapore) ap-southeast-1

prefix-ats.iot.ap-southeast-1.amazonaws.com

HTTPS, MQTT
Asia Pacific (Sydney) ap-southeast-2

prefix-ats.iot.ap-southeast-2.amazonaws.com

HTTPS, MQTT
Asia Pacific (Tokyo) ap-northeast-1

prefix-ats.iot.ap-northeast-1.amazonaws.com

HTTPS, MQTT
China (Beijing) cn-north-1 prefix.ats.iot.cn-north-1.amazonaws.com.cn HTTPS, MQTT
Europe (Frankfurt) eu-central-1

prefix-ats.iot.eu-central-1.amazonaws.com

HTTPS, MQTT
Europe (Ireland) eu-west-1

prefix-ats.iot.eu-west-1.amazonaws.com

HTTPS, MQTT
Europe (London) eu-west-2

prefix-ats.iot.eu-west-2.amazonaws.com

HTTPS, MQTT
AWS GovCloud (US-West) us-gov-west-1 prefix-ats.iot.us-gov-west-1.amazonaws.com HTTPS, MQTT
AWS GovCloud (US-East) us-gov-east-1 prefix-ats.iot.us-gov-east-1.amazonaws.com HTTPS, MQTT
Note

Legacy Verisign endpoints are currently supported for some Regions, but we recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For more information, see Server Authentication in the AWS IoT Developer Guide.

Discovery Operations

The following table contains AWS Region-specific ATS endpoints for device discovery operations using the AWS IoT Greengrass Discovery API. This is a data plane API.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 greengrass-ats.iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 greengrass-ats.iot.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 greengrass-ats.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 greengrass-ats.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 greengrass-ats.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 greengrass-ats.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 greengrass-ats.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 greengrass-ats.iot.ap-northeast-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 greengrass.ats.iot.cn-north-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 greengrass-ats.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 greengrass-ats.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 greengrass-ats.iot.eu-west-2.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1 greengrass-ats.iot.us-gov-west-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 greengrass-ats.iot.us-gov-east-1.amazonaws.com HTTPS
Note

Legacy Verisign endpoints are currently supported for some Regions, but we recommend that you use ATS endpoints with ATS root CA certificates. For more information, see Server authentication in the AWS IoT Developer Guide.

Supported Legacy Endpoints

We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates. For backward compatibility, AWS IoT Greengrass currently supports legacy Verisign endpoints in the following AWS Regions. This support is expected to end in the future. For more information, see Server authentication in the AWS IoT Developer Guide.

When using legacy Verisign endpoints, you must use Verisign root CA certificates.

AWS IoT Device Operations (Legacy Endpoints)
Region Name Region Endpoint Protocol
US East (N. Virginia) us-east-1 prefix.iot.us-east-1.amazonaws.com HTTPS, MQTT
US West (Oregon) us-west-2 prefix.iot.us-west-2.amazonaws.com HTTPS, MQTT
Asia Pacific (Sydney) ap-southeast-2 prefix.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT
Asia Pacific (Tokyo) ap-northeast-1 prefix.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT
Europe (Frankfurt) eu-central-1 prefix.iot.eu-central-1.amazonaws.com HTTPS, MQTT
Europe (Ireland) eu-west-1 prefix.iot.eu-west-1.amazonaws.com HTTPS, MQTT

To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data command.

Discovery Operations (Legacy Endpoints)
Region Name Region Endpoint Protocol
US East (N. Virginia) us-east-1 greengrass.iot.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 greengrass.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 greengrass.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 greengrass.iot.ap-northeast-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 greengrass.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 greengrass.iot.eu-west-1.amazonaws.com HTTPS

Service quotas

AWS IoT Greengrass Cloud API

Description Default
Maximum number of AWS IoT devices per AWS IoT Greengrass group. 2500
Maximum number of Lambda functions per group. 200
Maximum number of resources per Lambda function. 20
Maximum number of resources per group. 200

Maximum number of transactions per second (TPS) on the AWS IoT Greengrass APIs.

See TPS.

Maximum number of subscriptions per group. 10000
Maximum number of subscriptions that specify Cloud as the source per group. 50
Maximum length of a core thing name. 124 bytes of UTF-8 encoded characters.

TPS

The default quota for the maximum number of transactions per second on the AWS IoT Greengrass APIs depends on the API and the AWS Region where AWS IoT Greengrass is used.

For most APIs and supported AWS Regions, the default quota is 30. Exceptions are noted in the following tables.

API exceptions
API Default
CreateDeployment 20
AWS Region exceptions
AWS Region Default
China (Beijing) 10
AWS GovCloud (US-West) 10
AWS GovCloud (US-East) 10

This quota applies per AWS account. For example, in the US East (N. Virginia) Region, each account has a default quota of 30 TPS. Each API (such as CreateGroupVersion or ListFunctionDefinitions) has a quota of 30 TPS. This includes control plane and data plane operations. Requests that exceed the account or API quotas are throttled. To request account and API quota increases, including quotas for specific APIs, contact your AWS Enterprise Support representative.

AWS IoT Greengrass Core

Description Default
Maximum number of routing table entries that specify Cloud as the source. 50 (matches AWS IoT subscription quota)
Maximum size of messages sent by an AWS IoT device. 128 KB (matches AWS IoT message size quota)
Minimum message queue size in the Greengrass core router. 256 KB
Maximum length of a topic string. 256 bytes of UTF-8 encoded characters.
Maximum number of forward slashes (/) in a topic or topic filter. 7
Minimum disk space needed to run the Greengrass Core software.

128 MB

400 MB when using OTA updates

Minimum RAM to run the Greengrass Core software.

128 MB

198 MB when using stream manager

The Greengrass Core software provides a service to detect the IP addresses of your Greengrass core devices. It sends this information to the AWS IoT Greengrass cloud service and allows AWS IoT devices to download the IP address of the Greengrass core they need to connect to.

Do not use this feature if any of the following is true:

  • The IP address of a Greengrass core device changes frequently.

  • The Greengrass core device is not always available to AWS IoT devices in its group.

  • The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine which address to use.

  • Your organization's security policies don't allow you to send devices' IP addresses to the AWS Cloud.