AWS IoT Core endpoints and quotas - AWS General Reference

AWS IoT Core endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service Endpoints

The following sections describe the service endpoints for AWS IoT Core.

Note

You can use these endpoints to perform the operations in the AWS IoT API Reference. These endpoints are different than device endpoints, which provide devices an MQTT publish/subscribe interface and a subset of the API operations. For more information, see Connecting devices to AWS IoT in the AWS IoT Developer Guide.

For information about using AWS IoT in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-West) Endpoints.

For information about using AWS IoT in the China Regions, see:

Control Plane API Endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for group management operations. For more information, see AWS IoT operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 iot.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 iot.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 iot.ca-central-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 iot.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 iot.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 iot.us-gov-east-1.amazonaws.com HTTPS
AWS GovCloud (US) us-gov-west-1 iot.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS IoT in the AWS GovCloud (US) Regions, see AWS GovCloud (US) Endpoints.

For information about using AWS IoT in the China Regions, see:

Data Plane API Endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for shadow and MQTT data operations. For more information, see AWS IoT data plane operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 data.iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 data.iot.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 data.iot.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 data.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 data.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 data.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 data.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 data.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 data.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 data.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 data.iot.ca-central-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 data.iot.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 data.iot.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 data.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 data.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 data.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 data.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 data.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 data.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 data.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 data.iot.us-gov-east-1.amazonaws.com HTTPS
AWS GovCloud (US) us-gov-west-1 data.iot.us-gov-west-1.amazonaws.com HTTPS

Jobs Data Plane API Endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data operations. For more information, see AWS IoT jobs data plane operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 data.jobs.iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 data.jobs.iot.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 data.jobs.iot.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 data.jobs.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 data.jobs.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 data.jobs.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 data.jobs.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 data.jobs.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 data.jobs.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 data.jobs.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 data.jobs.iot.ca-central-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 data.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 data.jobs.iot.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 data.jobs.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 data.jobs.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 data.jobs.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 data.jobs.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 data.jobs.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 data.jobs.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 data.jobs.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US) us-gov-west-1 data.jobs.iot.us-gov-west-1.amazonaws.com HTTPS

Secure Tunneling API Endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for secure tunneling operations. For more information, see AWS IoT secure tunneling operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 api.tunneling.iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 api.tunneling.iot.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 api.tunneling.iot.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 api.tunneling.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 api.tunneling.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 api.tunneling.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 api.tunneling.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 api.tunneling.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 api.tunneling.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 api.tunneling.iot.ca-central-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 api.tunneling.iot.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 api.tunneling.iot.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 api.tunneling.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 api.tunneling.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 api.tunneling.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 api.tunneling.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 api.tunneling.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1 api.tunneling.iot.us-gov-east-1.amazonaws.com HTTPS
AWS GovCloud (US) us-gov-west-1 api.tunneling.iot.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Contents

AWS IoT Core Bulk Thing Registration

Resource Default Note
Allowed registration tasks 1 For any given AWS account, only one bulk registration task can run at a time.
Data retention policy 30 days After the bulk registration task (which can be long lived) is complete, data related to bulk thing registration is permanently deleted after 30 days.
Maximum line length 256K Each line in an Amazon S3 input JSON file can't exceed 256K in length.
Registration task termination 30 days Any pending or incomplete bulk registration tasks are terminated after 30 days.

AWS IoT Core Rules Engine

Resource Description Quota Adjustable
Rule evaluations per second per AWS account

The maximum number rules that can be evaluated per second per AWS account. This quota includes rule evaluations that result from inbound Basic Ingest messages.

20,000 Yes
Maximum number of actions per rule The maximum number of entries in the rule's actions property. 10 No
Maximum number of rules per AWS account The maximum number rule actions that can be defined in a single AWS account. 1,000 Yes
Rule size The maximum number of UTF-8 encoded characters, including white space characters) that a rule document can contain. 256 KB No

AWS IoT Core Rules Engine HTTP Actions

Resource Quota Adjustable
Maximum length of an endpoint URL 2 KiB No
Maximum number of headers per action 100 No
Maximum size of a header key 256 bytes No
Maximum topic rule destinations per AWS account 1,000 No
Ports allowed for HTTP action 443 and 8443 No
Request timeout 3,000 ms No

AWS IoT Core Throttling

This table describes the maximum number of transactions per second (TPS) that can be made to each AWS IoT API.

API Quota (tps) Adjustable
AcceptCertificateTransfer 10 Yes
AddThingToBillingGroup 60 Yes
AddThingToThingGroup 60 Yes
AssociateTargetsWithJob 10
AttachPolicy 15 Yes
AttachPrincipalPolicy 15 Yes
AttachThingPrincipal 15
CancelCertificateTransfer 10 Yes
CancelJob 10
CancelJobExecution 10
ClearDefaultAuthorizer 10 Yes
CreateAuthorizer 10 Yes
CreateBillingGroup 25 Yes
CreateCertificateFromCsr 15 Yes
CreateDomainConfiguration 10 Yes
CreateDynamicThingGroup 5 Yes
CreateJob 10
CreateKeysAndCertificate 10 Yes
CreatePolicy 10 Yes
CreatePolicyVersion 10 Yes
CreateProvisioningClaim 10 Yes
CreateProvisioningTemplate 10 Yes
CreateProvisioningTemplateVersion 10 Yes
CreateRoleAlias 10 Yes
CreateThing 15 Yes
CreateThingGroup 25 Yes
CreateThingType 15 Yes
CreateTopicRule 5 No
CreateTopicRuleDestination 5 No
DeleteAuthorizer 10 Yes
DeleteBillingGroup 15 Yes
DeleteCertificate 10 Yes
DeleteDomainConfiguration 10 Yes
DeleteCACertificate 10 Yes
DeleteDynamicThingGroup 5 Yes
DeleteJob 10
DeleteJobExecution 10
DeletePolicy 10 Yes
DeletePolicyVersion 10 Yes
DeleteProvisioningTemplate 10 Yes
DeleteProvisioningTemplateVersion 10 Yes
DeleteRegistrationCode 10 Yes
DeleteRoleAlias 10 Yes
DeleteThing 15 Yes
DeleteThingGroup 15 Yes
DeleteThingType 15 Yes
DeprecateThingType 15 Yes
DeleteTopicRule 20 No
DeleteTopicRuleDestination 5 No
DeleteV2LoggingLevel 2 No
DescribeAuthorizer 10 Yes
DescribeBillingGroup 100 Yes
DescribeCertificate 10 Yes
DescribeCertificateTag 10 Yes
DescribeCACertificate 10 Yes
DescribeDomainConfiguration 10 Yes
DescribeEndpoint 10 Yes
DescribeDefaultAuthorizer 10 Yes
DescribeJob 10
DescribeJobExecution 10
DescribeProvisioningTemplate 10 Yes
DescribeProvisioningTemplateVersion 10 Yes
DescribeRoleAlias 10 Yes
DescribeThing 350 Yes
DescribeThingGroup 100 Yes
DescribeThingType 10 Yes
DetachThingPrincipal 15 Yes
DisableTopicRule 5 No
EnableTopicRule 5 No
DetachPrincipalPolicy 15 Yes
DetachPolicy 15 Yes
GetEffectivePolicies 50 Yes
GetJobDocument 10
GetLoggingOptions 2 No
GetPolicy 10 Yes
GetPolicyVersion 15 Yes
GetRegistrationCode 10 Yes
GetTopicRule 200 No
GetTopicRuleDestination 50 No
GetV2LoggingOptions 2 No
ListAttachedPolicies 15 Yes
ListAuthorizers 10 Yes
ListBillingGroups 10 Yes
ListCACertificates 10 Yes
ListCertificates 10 Yes
ListChildThingGroups 15 Yes
ListDomainConfigurations 10 Yes
ListCertificatesByCA 10 Yes
ListJobExecutionsForJob 10
ListJobExecutionsForThing 10
ListJobs 10
ListOutgoingCertificates 10 Yes
ListPolicies 10 Yes
ListPolicyPrincipals 10 Yes
ListPolicyVersions 10 Yes
ListPrincipalPolicies 15 Yes
ListPrincipalThings 10 Yes
ListProvisioningTemplates 10 Yes
ListProvisioningTemplateVersions 10 Yes
ListRoleAliases 10 Yes
ListTagsForResource 10 Yes
ListTargetsForPolicy 10 Yes
ListThingGroups 10 Yes
ListThingGroupsForThing 10 Yes
ListThingPrincipals 10 Yes
ListThings 10 Yes
ListThingsInBillingGroup 25 Yes
ListThingsInThingGroup 25 Yes
ListThingTypes 10 Yes
ListTopicRuleDestinations 1 No
ListTopicRules 1 No
ListV2LoggingLevels 2 No
RegisterCertificate 10 Yes
RegisterCertificateWithoutCA 10 Yes
RegisterCACertificate 10 Yes
RegisterThing 10 Yes
RejectCertificateTransfer 10 Yes
RemoveThingFromBillingGroup 15 Yes
RemoveThingFromThingGroup 15 Yes
ReplaceTopicRule 5 No
SetDefaultAuthorizer 10 Yes
SetDefaultPolicyVersion 10 Yes
SetLoggingOptions 2 No
SetV2LoggingLevel 2 No
SetV2LoggingOptions 2 No
TagResource 10 Yes
TestAuthorization 10 Yes
TestInvokeAuthorizer 10 Yes
TransferCertificate 10 Yes
UntagResource 10 Yes
UpdateAuthorizer 10 Yes
UpdateBillingGroup 15 Yes
UpdateCertificate 10 Yes
UpdateCertificateMode 10 Yes
UpdateCertificateTag 10 Yes
UpdateDomainConfiguration 10 Yes
UpdateCACertificate 10 Yes
UpdateDynamicThingGroup 5 Yes
UpdateJob 10
UpdateProvisioningTemplate 10 Yes
UpdateRoleAlias 10 Yes
UpdateThing 10 Yes
UpdateThingGroup 15 Yes
UpdateTopicRuleDestination 5 No

Billing Group Restrictions

  • A thing can belong to exactly one billing group.

  • Unlike thing groups, billing groups cannot be organized into hierarchies.

  • For its usage to be registered for tagging or billing purposes, a device must:

    • Be registered as a thing in AWS IoT Core.

    • Communicate with AWS IoT Core using MQTT only.

    • Authenticate with AWS IoT Core using only its thing name as the client ID.

    • Use an X.509 certificate or Amazon Cognito Identity to authenticate.

    For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning. You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a thing.

  • The maximum number of billing groups per AWS account is 20,000.

Device Shadows

The Device Shadow Service API is subject to these per-account limits, depending on the region.

Device Shadow Service API limits
Region Limit Adjustable
  • ap-northeast-1

  • ap-northeast-2

  • ap-south-1

  • ap-southeast-1

  • ap-southeast-2

  • cn-north-1

  • eu-central-1

  • eu-west-1

  • eu-west-2

  • us-east-1

  • us-east-2

  • us-west-1

  • us-west-2

4,000 Device Shadow API requests/second per account Yes

All other regions

400 Device Shadow API requests/second per account

Yes

Device Shadow Service resources are subject to these limits.

Device Shadow Service resource limits
Resource Description Adjustable
Maximum depth of JSON device state documents The maximum number of levels in the desired or reported section of the JSON device state document is 5. For example:
"desired": { "one": { "two": { "three": { "four": { "five":{ } } } } } }

Maximum number of in-flight, unacknowledged messages per thing

The Device Shadow service supports up to 10 in-flight unacknowledged messages per thing. When this quota is reached, all new shadow requests are rejected with a 429 error code.

Maximum number of JSON objects per AWS account

Unlimited.

Maximum number of shadows in an AWS account

Unlimited.

Maximum size of a JSON state document

Each individual shadow document must be 8KB or less in size. Metadata doesn't contribute to the document size for service quotas or pricing.

Yes
Maximum thing name size 128 bytes of UTF-8 encoded characters.

Maximum shadow name size

64 bytes of UTF-8 encoded characters.

Requests per second per thing

The Device Shadow service supports up to 20 requests per second per thing. This quota is per thing, not per API.

No
Note

AWS IoT Core deletes a device shadow after the creating account is deleted or upon customer request. For operational purposes, AWS IoT service backups are retained for 6 months.

AWS IoT Core Fleet Provisioning

Resource Quota
Maximum number of fleet provisioning template versions per template 5
Maximum number of fleet provisioning templates per customer 256
Maximum size of fleet provisioning template 10 KiB
Maximum number of provisioning claims that can be generated per second by trusted user 10 tps

AWS IoT Core Message Broker

Resource Description Default Adjustable
Connect requests per second per account AWS IoT Core restricts an account to a maximum number of MQTT CONNECT requests per second. 500 Yes

Connect requests per second per client ID

AWS IoT Core restricts MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second.

1 No
Inbound publish requests per second per account Inbound publish requests count for all the messages that AWS IoT Core processes before routing the messages to the subscribed clients or the rules engine. For example, a single message published on $aws/things/device/shadow/update topic can result in publishing 3 additional messages to $aws/things/device/shadow/update/accepted, $aws/things/device/shadow/update/documents, and $aws/things/device/shadow/delta topics. In this case, AWS IoT Core counts those as 4 inbound publish requests. However, a single message to an unreserved topic like a/b is counted as a single inbound publish request. 20,000 Yes
Maximum concurrent client connections per account The maximum number of concurrent connections allowed per account. 500,000 Yes
Maximum inbound unacknowledged QoS 1 publish requests AWS IoT Core restricts the number of unacknowledged inbound publish requests per client. When this quota is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server. 100 No
Maximum outbound unacknowledged QoS 1 publish requests AWS IoT Core restricts the number of unacknowledged outbound publish requests per client. When this quota is reached, no new publish requests are sent to the client until the client acknowledges the publish requests. 100 No
Maximum retry interval for delivering QoS 1 messages AWS IoT Core retries delivery of unacknowledged quality of service 1 (QoS 1) publish requests to a client for up to one hour. If AWS IoT Core does not receive a PUBACK message from the client after one hour, it drops the publish requests. 1 hour No
Outbound publish requests per second per account Outbound publish requests count for every message that resulted in matching a client's subscription or matching a rules engine subscription. For example, 2 clients are subscribed to topic filter a/b and a rule is subscribed to topic filter a/#. An inbound publish request on topic a/b results in a total of 3 outbound publish requests. 20,000 Yes
Persistent session expiry period The duration for which the message broker stores an MQTT persistent session. The expiry period begins when the message broker detects the session has become disconnected. After the expiry period has elapsed, the message broker terminates the session and discards any associated queued messages. You can adjust this to a value from 1 hour to 7 days by using the standard limit increase process. 1 hour Yes
Publish requests per second per connection AWS IoT Core restricts each client connection to a maximum number of inbound and outbound publish requests per second. Publish requests that exceed that quota are discarded. 100 No
Subscriptions per account AWS IoT Core restricts an account to a maximum number of subscriptions across all active connections. 500,000 Yes
Subscriptions per connection AWS IoT Core supports 50 subscriptions per connection. AWS IoT Core might reject subscription requests on the same connection in excess of this amount and the connection is closed. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed. 50 No
Subscriptions per second per account AWS IoT Core restricts an account to a maximum number of subscriptions per second. For example, if there are 2 MQTT SUBSCRIBE requests sent within a second, each with 3 subscriptions (topic filters), AWS IoT Core counts those as 6 subscriptions. 500 Yes
Throughput per second per connection Data received or sent over a client connection is processed at a maximum throughput rate. Data that exceeds the maximum throughput is delayed in processing. 512 KiB No

Protocols

Resource Description
Client ID size 128 bytes of UTF-8 encoded characters.
Connection inactivity (keep-alive interval) For MQTT (or MQTT over WebSocket) connections, a client can request a keep-alive interval between 30—1200 seconds as part of the MQTT CONNECT message. AWS IoT Core starts the keep-alive timer for a client when sending CONNACK in response to the CONNECT message. This timer is reset whenever AWS IoT receives a PUBLISH, SUBSCRIBE, PING, or PUBACK message from the client. AWS IoT Core disconnects a client whose keep-alive timer has reached 1.5x the specified keep-alive interval (i.e., by a factor of 1.5).The default keep-alive interval is 1200 seconds. If a client requests a keep-alive interval of zero, the default keep-alive interval is used. If a client requests a keep-alive interval greater than 1200 seconds, the default keep-alive interval is used. If a client requests a keep-alive interval shorter than 30 seconds but greater than zero, the server treats the client as though it requested a keep-alive interval of 30 seconds.
Maximum number of slashes in topic and topic filter A topic in a publish or subscribe request can have no more than 7 forward slashes (/). This excludes the first 3 slashes in the mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).
Maximum subscriptions per subscribe request A single SUBSCRIBE request has a quota of 8 subscriptions.
Message size The payload for every publish request can be no larger than 128 KB. AWS IoT Core rejects publish and connect requests larger than this size.
Restricted client ID prefix $ is reserved for AWS IoT Core-generated client IDs.
Restricted topic prefix Topics that start with $ are reserved by AWS IoT Core. They are not supported for publishing and subscribing except for using the specific topic names defined by AWS IoT Core services (for example, the Device Shadow service).
Topic size The topic passed to AWS IoT Core when sending a publish request can be no larger than 256 bytes of UTF-8 encoded characters. This excludes the first 3 mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).
WebSocket connection duration The WebSocket connection quota is 24 hours. If the quota is exceeded, the WebSocket connection is closed when the client or server attempts to send a message.

Security and Identity

Resource Default Adjustable
Maximum number of AWS IoT Core role aliases 100
Maximum number of CA certificates with the same subject field allowed per AWS account per Region 10
Maximum number of device certificates that can be registered per second 15 Yes
Maximum number of named policy versions 5
Maximum number of policies that can be attached to a certificate or Amazon Cognito identity 10
Maximum policy document size 2048 characters (excluding white space) No
Custom authentication: maximum number of authorizers per account 10 Yes
Custom authentication: minimum connection duration (value of DisconnectAfterInSecs) 300 No
Custom authentication: maximum connection duration (value of DisconnectAfterInSecs) 86,400 No
Custom authentication: minimum policy refresh rate (value of RefreshAfterInSecs) 300 No
Custom authentication: maximum policy refresh rate (value of RefreshAfterInSecs) 86,400 No

Things

Resource Default Adjustable
Maximum number of thing attributes for a thing with a thing type 50 Yes
Maximum number of thing attributes for a thing without a thing type 3 No
Maximum number of groups to which a thing can belong 10 No
Maximum number of thing types in an AWS account Unlimited.
Number of thing types that can be associated with a thing 1
Maximum thing name size 128 bytes of UTF-8 encoded characters.
Size of thing attributes per thing 47 KB Yes

Thing Groups

Resource Default Adjustable
Maximum number of thing groups a thing can belong to 10 No
Maximum number of things in a thing group Unlimited No
Maximum depth of a thing group hierarchy 7 No
Maximum number of attributes associated with a thing group 50 No
Maximum number of direct child groups 100 No
Maximum number of dynamic groups 100 No
Maximum thing group name size 128 bytes of UTF-8 encoded characters. No
Maximum size of a thing group attribute name, in chars. 128 No
Maximum size of a thing group attribute value, in chars. 800 No