AWS Identity and Access Management endpoints and quotas - AWS General Reference

AWS Identity and Access Management endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 iam.amazonaws.com HTTPS
US East (N. Virginia) us-east-1

iam.amazonaws.com

iam-fips.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1 iam.amazonaws.com HTTPS
US West (Oregon) us-west-2 iam.amazonaws.com HTTPS
Africa (Cape Town) af-south-1 iam.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 iam.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 iam.amazonaws.com HTTPS
Asia Pacific (Osaka) ap-northeast-3 iam.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 iam.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 iam.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 iam.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 iam.amazonaws.com HTTPS
Canada (Central) ca-central-1 iam.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 iam.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 iam.amazonaws.com HTTPS
Europe (London) eu-west-2 iam.amazonaws.com HTTPS
Europe (Milan) eu-south-1 iam.amazonaws.com HTTPS
Europe (Paris) eu-west-3 iam.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 iam.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 iam.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 iam.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 iam.us-gov.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1

iam.us-gov.amazonaws.com

iam.us-gov.amazonaws.com

HTTPS

HTTPS

Service quotas

Name Default Adjustable
Access keys per user 2 No
Customer managed policies per account 1,500 Yes
Groups per account 300 Yes
IAM groups per user 10 No
Identity providers per IAM SAML provider object 10 No
Instance profiles per account 1,000 Yes
Keys per SAML provider 10 No
MFA devices per user 1 No
Managed policies per group 10 No
Managed policies per role 10 Yes
Managed policies per user 10 Yes
Managed policy length 6,144 No
OpenId connect providers per account 100 No
Role trust policy length 2,048 Yes
Roles per account 1,000 Yes
SAML providers per account 100 No
SSH Public keys per user 5 No
Server certificates per account 20 Yes
Signing certificates per user 2 No
Tags per role 50 No
Tags per user 50 No
Users per account 5,000 No
Versions per managed policy 5 No

For more information about IAM quotas, see IAM and AWS STS quotas in the IAM User Guide.