AWS Identity and Access Management endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 | iam.amazonaws.com | HTTPS |
| US East (N. Virginia) | us-east-1 |
iam.amazonaws.com iam-fips.amazonaws.com iam-fips.amazonaws.com |
HTTPS HTTPS HTTPS |
| US West (N. California) | us-west-1 | iam.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | iam.amazonaws.com | HTTPS |
| Africa (Cape Town) | af-south-1 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | iam.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | iam.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | iam.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | iam.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | iam.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | iam.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | iam.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | iam.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | iam.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | iam.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | iam.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | iam.us-gov.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
iam.us-gov.amazonaws.com iam.us-gov.amazonaws.com iam.us-gov.amazonaws.com |
HTTPS HTTPS HTTPS |
Service quotas
| Name | Default | Adjustable |
|---|---|---|
| Access keys per user | Each supported Region: 2 | No |
| Customer managed policies per account | Each supported Region: 1,500 |
Yes |
| Groups per account | Each supported Region: 300 |
Yes |
| IAM groups per user | Each supported Region: 10 | No |
| Identity providers per IAM SAML provider object | Each supported Region: 10 | No |
| Instance profiles per account | Each supported Region: 1,000 |
Yes |
| Keys per SAML provider | Each supported Region: 10 | No |
| MFA devices per user | Each supported Region: 1 | No |
| Managed policies per group | Each supported Region: 10 | No |
| Managed policies per role | Each supported Region: 10 |
Yes |
| Managed policies per user | Each supported Region: 10 |
Yes |
| Managed policy length | Each supported Region: 6,144 | No |
| OpenId connect providers per account | Each supported Region: 100 | No |
| Role trust policy length | Each supported Region: 2,048 |
Yes |
| Roles per account | Each supported Region: 1,000 |
Yes |
| SAML providers per account | Each supported Region: 100 | No |
| SSH Public keys per user | Each supported Region: 5 | No |
| Server certificates per account | Each supported Region: 20 |
Yes |
| Signing certificates per user | Each supported Region: 2 | No |
| Tags per role | Each supported Region: 50 | No |
| Tags per user | Each supported Region: 50 | No |
| Users per account | Each supported Region: 5,000 | No |
| Versions per managed policy | Each supported Region: 5 | No |
For more information about IAM quotas, see IAM and AWS STS quotas in the IAM User Guide.
