AWS Identity and Access Management endpoints and quotas - AWS General Reference

AWS Identity and Access Management endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service Endpoints

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 iam.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 iam.amazonaws.com HTTPS
US West (N. California) us-west-1 iam.amazonaws.com HTTPS
US West (Oregon) us-west-2 iam.amazonaws.com HTTPS
Africa (Cape Town) af-south-1 iam.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 iam.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 iam.amazonaws.com HTTPS
Asia Pacific (Osaka-Local) ap-northeast-3 iam.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 iam.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 iam.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 iam.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 iam.amazonaws.com HTTPS
Canada (Central) ca-central-1 iam.amazonaws.com HTTPS
China (Beijing) cn-north-1 iam.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 iam.cn-north-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 iam.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 iam.amazonaws.com HTTPS
Europe (London) eu-west-2 iam.amazonaws.com HTTPS
Europe (Milan) eu-south-1 iam.amazonaws.com HTTPS
Europe (Paris) eu-west-3 iam.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 iam.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 iam.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 iam.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 iam.us-gov.amazonaws.com HTTPS
AWS GovCloud (US) us-gov-west-1 iam.us-gov.amazonaws.com HTTPS

Service Quotas

AWS allows you to request an increase to default quotas for IAM entities. You can use Service Quotas to manage your IAM quotas. For adjustable IAM quotas, you can request a quota increase. Smaller increases are automatically approved in Service Quotas and are completed within a few minutes. Larger requests above the maximum autoapproved increase are submitted to AWS Support. Some adjustable quotas can't be increased above the maximum autoapproved increase amount. You can track your request case in the AWS Support console.

To request a quota increase, sign in to the AWS Management Console and open the Service Quotas console at https://console.aws.amazon.com/servicequotas/. In the navigation pane, choose AWS services. On the navigation bar, choose the US East (N. Virginia) Region. Then search for IAM. Choose AWS Identity and Access Management (IAM), choose a quota, and follow the directions to request a quota increase. For more information, see Requesting a Quota Increase in the Service Quotas User Guide.

The following quotas are adjustable.

Resource Default Maximum autoapproval
ACL (Assume role policy) size per role 2048 characters 4096 characters
Customer managed policies in an AWS account 1500 5000
Groups in an AWS account 300 500
Roles in an AWS account 1000 5000
Managed policies attached to an IAM role 10 20
Managed policies attached to an IAM user 10 20
Virtual MFA devices (assigned or unassigned) in an AWS account Equal to the user quota for the account Not applicable
Instance profiles in an AWS account 1000 5000
Server certificates stored in an AWS account 20 1000

These quotas can be changed. For information about other quotas that cannot be changed, see IAM and STS Quotas in the IAM User Guide.