AWS IoT Core endpoints and quotas - AWS General Reference

AWS IoT Core endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

The following sections describe the service endpoints for AWS IoT Core.

Note

You can use these endpoints to perform the operations in the AWS IoT API Reference. The endpoints in the following sections are different from the device endpoints, which provide devices an MQTT publish/subscribe interface and a subset of the API operations. For more information about the data, credential access, and job management endpoints used by devices, see AWS IoT device endpoints.

For information about connecting to and using the AWS IoT endpoints, see Connecting devices to AWS IoT in the AWS IoT Developer Guide.

AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations. For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS IoT operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

iot.us-east-2.amazonaws.com

iot-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

iot.us-east-1.amazonaws.com

iot-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

iot.us-west-1.amazonaws.com

iot-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

iot.us-west-2.amazonaws.com

iot-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1 iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

iot.ca-central-1.amazonaws.com

iot-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1 iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

iot.us-gov-east-1.amazonaws.com

iot-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

iot.us-gov-west-1.amazonaws.com

iot-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Data-ATS

This command returns your data plane API endpoint in the following format:

account-specific-prefix.iot.aws-region.amazonaws.com

For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT data plane operations in the AWS IoT API Reference.

The following table contains generic representations of the AWS account-specific endpoints for each AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from your Account-specific endpoint replaces data shown in the generic endpoint representation.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

data-ats.iot.us-east-2.amazonaws.com

data.iot-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

data-ats.iot.us-east-1.amazonaws.com

data.iot-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

data-ats.iot.us-west-1.amazonaws.com

data.iot-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

data-ats.iot.us-west-2.amazonaws.com

data.iot-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1 data-ats.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 data-ats.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 data-ats.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 data-ats.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 data-ats.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 data-ats.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

data-ats.iot.ca-central-1.amazonaws.com

data.iot-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1 data-ats.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 data-ats.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 data-ats.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 data-ats.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 data-ats.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 data-ats.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 data-ats.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

data-ats.iot.us-gov-east-1.amazonaws.com

data.iot-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

data-ats.iot.us-gov-west-1.amazonaws.com

data.iot-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

AWS IoT Device Management - jobs data endpoints

The AWS IoT Device Management - jobs data endpoints are specific to each AWS account and AWS Region. To find the AWS IoT Device Management - jobs data endpoint for your AWS account and AWS Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Jobs

This command returns your Jobs data plane API endpoint in the following format:

account-specific-prefix.jobs.iot.aws-region.amazonaws.com.

For information about the actions supported by the AWS IoT Device Management - jobs data endpoints, see AWS IoT jobs data plane operations in the AWS IoT API Reference.

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data operations. In the Endpoint column, the account-specific-prefix from your account-specific endpoint replaces the prefix shown in the generic endpoint representation.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 prefix.jobs.iot.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 prefix.jobs.iot.us-east-1.amazonaws.com HTTPS
US West (N. California) us-west-1 prefix.jobs.iot.us-west-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 prefix.jobs.iot.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 prefix.jobs.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 prefix.jobs.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 prefix.jobs.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 prefix.jobs.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 prefix.jobs.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 prefix.jobs.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 prefix.jobs.iot.ca-central-1.amazonaws.com HTTPS
China (Beijing) cn-north-1 prefix.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 prefix.jobs.iot.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt)) eu-central-1 prefix.jobs.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 prefix.jobs.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 prefix.jobs.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 prefix.jobs.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1

prefix.jobs.iot.eu-north-1.amazonaws.com

HTTPS
Middle East (Bahrain) me-south-1 prefix.jobs.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 prefix.jobs.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1 prefix.jobs.iot.us-gov-west-1.amazonaws.com HTTPS

AWS IoT Device Management - secure tunneling endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for secure tunneling operations. For more information, see AWS IoT secure tunneling operations in the AWS IoT API Reference.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

api.tunneling.iot.us-east-2.amazonaws.com

api.tunneling.iot-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

api.tunneling.iot.us-east-1.amazonaws.com

api.tunneling.iot-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

api.tunneling.iot.us-west-1.amazonaws.com

api.tunneling.iot-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

api.tunneling.iot.us-west-2.amazonaws.com

api.tunneling.iot-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Asia Pacific (Hong Kong) ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 api.tunneling.iot.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 api.tunneling.iot.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 api.tunneling.iot.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 api.tunneling.iot.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 api.tunneling.iot.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

api.tunneling.iot.ca-central-1.amazonaws.com

api.tunneling.iot-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

Europe (Frankfurt) eu-central-1 api.tunneling.iot.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 api.tunneling.iot.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 api.tunneling.iot.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 api.tunneling.iot.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 api.tunneling.iot.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

api.tunneling.iot.us-gov-east-1.amazonaws.com

api.tunneling.iot-fips.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

api.tunneling.iot.us-gov-west-1.amazonaws.com

api.tunneling.iot-fips.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

AWS IoT Core for LoRaWAN API endpoints

AWS IoT Core for LoRaWAN provides control plane and data plane endpoints for its API.

AWS IoT Core for LoRaWAN control plane API endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core for LoRaWAN supports for operations to manage LoRaWAN gateways and devices.

Region Name Region Endpoint Protocol
US East (N. Virginia) us-east-1

api.iotwireless.us-east-1.amazonaws.com

HTTPS
US West (Oregon) us-west-2

api.iotwireless.us-west-2.amazonaws.com

HTTPS
Europe (Ireland) eu-west-1

api.iotwireless.eu-west-1.amazonaws.com

HTTPS
Asia Pacific (Tokyo) ap-northeast-1

api.iotwireless.ap-northeast-1.amazonaws.com

HTTPS
Asia Pacific (Sydney) ap-southeast-2

api.iotwireless.ap-southeast-2.amazonaws.com

HTTPS

AWS IoT Core for LoRaWAN data plane API endpoints

The data plane API endpoints are specific to each AWS Account and Region. To find the data plane API endpoint for your AWS Account and Region, use the get-service-endpoint CLI command shown here, or the GetServiceEndpoint REST API.

aws iotwireless get-service-endpoint

This command returns information about:

  • The service type for which you want to get endpoint information about, which can be CUPS or LNS.

  • The CUPS or LNS server trust certificate depending on the endpoint specified.

  • Your data plane API endpoint in the following format:

    account-specific-prefix.service.lorawan.aws-region.amazonaws.com

where service can be cups or lns.

The following table contains generic representations of the AWS Account-specific LNS endpoints for each Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from your Account-specific endpoint replaces prefix shown in the generic endpoint representation.

LNS endpoints
Region Name Region Endpoint Protocol
US East (N. Virginia) us-east-1

prefix.lns.lorawan.us-east-1.amazonaws.com

WSS
US West (Oregon) us-west-2

prefix.lns.lorawan.us-west-2.amazonaws.com

WSS
Europe (Ireland) eu-west-1

prefix.lns.lorawan.eu-west-1.amazonaws.com

WSS
Asia Pacific (Tokyo) ap-northeast-1

prefix.lns.lorawan.ap-northeast-1.amazonaws.com

WSS
Asia Pacific (Sydney) ap-southeast-2

prefix.lns.lorawan.ap-southeast-2.amazonaws.com

WSS

The following table contains generic representations of the AWS Account-specific CUPS endpoints for each Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from your Account-specific endpoint replaces prefix shown in the generic endpoint representation.

CUPS endpoints
Region Name Region Endpoint Protocol
US East (N. Virginia) us-east-1

prefix.cups.lorawan.us-east-1.amazonaws.com

HTTPS
US West (Oregon) us-west-2

prefix.cups.lorawan.us-west-2.amazonaws.com

HTTPS
Europe (Ireland) eu-west-1

prefix.cups.lorawan.eu-west-1.amazonaws.com

HTTPS
Asia Pacific (Tokyo) ap-northeast-1

prefix.cups.lorawan.ap-northeast-1.amazonaws.com

HTTPS
Asia Pacific (Sydney) ap-southeast-2

prefix.cups.lorawan.ap-southeast-2.amazonaws.com

HTTPS

AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2. Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see Connecting to AWS IoT FIPS endpoints.

Service quotas

Note

The limits and quotas for these AWS IoT Device Management features: AWS IoT registry, AWS IoT Fleet Indexing, AWS IoT Jobs, AWS IoT Secure Tunneling, and Fleet Hub for AWS IoT Device Management can be found in AWS IoT Device Management Service quotas.

AWS IoT Core rules engine limits and quotas

This section describes the limits and quotas of the AWS IoT Core rules engine.

AWS IoT Core rules engine

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

Maximum number of actions per rule

The maximum number of entries in the rule's actions property.

10

10

No

Maximum number of rules per AWS account

The maximum number of rules that can be defined in a single AWS account.

1000

1000

Yes

Rule evaluations per second per AWS account

The maximum number of rules that can be evaluated per second per AWS account. This quota includes rule evaluations that result from inbound Basic Ingest messages.

20000

2000

Yes

Rule size

The maximum size that a rule document definition can contain, measured by number of UTF-8 encoded characters, including white spaces.

256 Kilobytes

256 Kilobytes

No

*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)

AWS IoT Core rules engine HTTP actions limits and quotas

AWS IoT Core HTTP action

Limit display name

Description

Default value

Adjustable

HTTP Action: Maximum length of an endpoint URL

Maximum length of an endpoint URL for topic rule HTTP Action.

2 Kilobytes

No

HTTP Action: Maximum number of headers per action

Maximum number of headers per HTTP action. When specifying the list of headers to include in the HTTP request, it must contain a header key and a header value. To learn more, see https://docs.aws.amazon.com/iot/latest/developerguide/https-rule-action.html.

100

No

HTTP Action: Maximum size of a header key

Maximum size of a header key for topic rule HTTP action. The header file for a HTTP request includes this header key and a header value.

256 Bytes

No

HTTP Action: Maximum topic rule destinations per AWS account

Maximum number of topic rule destinations per AWS account for topic rule HTTPS action. You must confirm and enable HTTPS endpoints before the rules engine can use them. For more information, see https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html.

1000

No

HTTP Action: Request timeout

Request timeout for topic rule HTTP action. The AWS IoT rules engine retries the HTTPS action until the total time to complete a request exceeds the timeout quota.

3000 Milliseconds

No

Resource Value Adjustable
TCP ports used for HTTP actions 443, 8443 No

AWS IoT Core rules engine Apache Kafka actions limits and quotas

Resource Limits
Bootstrap server ports 9000-9100
Kerberos key distribution center (KDC) 88

AWS IoT Core rules engine VPC actions limits and quotas

Resource Quota
Maximum number of VPC destinations 5 per account per Region

AWS IoT Core API throttling limits

This table describes the maximum number of transactions per second (TPS) that can be made to each of these AWS IoT Core API actions.

AWS IoT Core API rate limits

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

AcceptCertificateTransfer API TPS

The maximum number of transactions per second (TPS) that can be made for the AcceptCertificateTransfer API.

10

10

Yes

AttachPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the AttachPolicy API.

15

15

Yes

AttachPrincipalPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the AttachPrincipalPolicy API.

15

15

Yes

CancelCertificateTransfer API TPS

The maximum number of transactions per second (TPS) that can be made for the CancelCertificateTransfer API.

10

10

Yes

ClearDefaultAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the ClearDefaultAuthorizer API.

10

10

Yes

CreateAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateAuthorizer API.

10

10

No

CreateCertificateFromCsr API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateCertificateFromCsr API.

15

15

Yes

CreateDomainConfiguration API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateDomainConfiguration API.

1

1

No

CreateKeysAndCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateKeysAndCertificate API.

10

10

Yes

CreatePolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the CreatePolicy API.

10

10

Yes

CreatePolicyVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the CreatePolicyVersion API.

10

10

Yes

CreateProvisioningClaim API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningClaim API.

10

10

Yes

CreateProvisioningTemplate API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplate API.

10

10

No

CreateProvisioningTemplateVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplateVersion API.

10

10

No

CreateRoleAlias API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateRoleAlias API.

10

10

No

CreateTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateTopicRule API.

5

5

No

CreateTopicRuleDestination API TPS

The maximum number of transactions per second (TPS) that can be made for the CreateTopicRuleDestination API.

5

5

No

DeleteAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteAuthorizer API.

10

10

No

DeleteCACertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteCACertificate API.

10

10

Yes

DeleteCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteCertificate API.

10

10

Yes

DeleteDomainConfiguration API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteDomainConfiguration API.

10

10

No

DeletePolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the DeletePolicy API.

10

10

Yes

DeletePolicyVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the DeletePolicyVersion API.

10

10

Yes

DeleteProvisioningTemplate API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplate API.

10

10

Yes

DeleteProvisioningTemplateVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplateVersion API.

10

10

No

DeleteRegistrationCode API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteRegistrationCode API.

10

10

Yes

DeleteRoleAlias API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteRoleAlias API.

10

10

No

DeleteTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRule API.

20

5

No

DeleteTopicRuleDestination API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRuleDestination API.

5

5

No

DeleteV2LoggingLevel API TPS

The maximum number of transactions per second (TPS) that can be made for the DeleteV2LoggingLevel API.

2

2

No

DescribeAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeAuthorizer API.

10

10

Yes

DescribeCACertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeCACertificate API.

10

10

Yes

DescribeCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeCertificate API.

10

10

Yes

DescribeCertificateTag API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeCertificateTag API.

10

10

Yes

DescribeDefaultAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeDefaultAuthorizer API.

10

10

Yes

DescribeDomainConfiguration API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeDomainConfiguration API.

10

10

Yes

DescribeEndpoint API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeEndpoint API.

10

10

No

DescribeProvisioningTemplate API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplate API.

10

10

Yes

DescribeProvisioningTemplateVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplateVersion API.

10

10

Yes

DescribeRoleAlias API TPS

The maximum number of transactions per second (TPS) that can be made for the DescribeRoleAlias API.

10

10

Yes

DetachPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the DetachPolicy API.

15

15

Yes

DetachPrincipalPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the DetachPrincipalPolicy API.

15

15

Yes

DisableTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the DisableTopicRule API.

5

5

No

EnableTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the EnableTopicRule API.

5

5

No

GetEffectivePolicies API TPS

The maximum number of transactions per second (TPS) that can be made for the GetEffectivePolicies API.

5

5

Yes

GetLoggingOptions API TPS

The maximum number of transactions per second (TPS) that can be made for the GetLoggingOptions API.

2

2

No

GetPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the GetPolicy API.

10

10

Yes

GetPolicyVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the GetPolicyVersion API.

15

15

Yes

GetRegistrationCode API TPS

The maximum number of transactions per second (TPS) that can be made for the GetRegistrationCode API.

10

10

Yes

GetRetainedMessage API TPS

The maximum number of transactions per second that can be made for the GetRetainedMessage API.

500

50

Yes

GetTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the GetTopicRule API.

200

20

No

GetTopicRuleDestination API TPS

The maximum number of transactions per second (TPS) that can be made for the GetTopicRuleDestination API.

50

5

No

GetV2LoggingOptions API TPS

The maximum number of transactions per second (TPS) that can be made for the GetV2LoggingOptions API.

2

2

No

ListAttachedPolicies API TPS

The maximum number of transactions per second (TPS) that can be made for the ListAttachedPolicies API.

15

15

Yes

ListAuthorizers API TPS

The maximum number of transactions per second (TPS) that can be made for the ListAuthorizers API.

10

10

Yes

ListCACertificates API TPS

The maximum number of transactions per second (TPS) that can be made for the ListCACertificates API.

10

10

Yes

ListCertificates API TPS

The maximum number of transactions per second (TPS) that can be made for the ListCertificates API.

10

10

Yes

ListCertificatesByCA API TPS

The maximum number of transactions per second (TPS) that can be made for the ListCertificatesByCA API.

10

10

Yes

ListDomainConfigurations API TPS

The maximum number of transactions per second (TPS) that can be made for the ListDomainConfigurations API.

10

10

Yes

ListOutgoingCertificates API TPS

The maximum number of transactions per second (TPS) that can be made for the ListOutgoingCertificates API.

10

10

Yes

ListPolicies API TPS

The maximum number of transactions per second (TPS) that can be made for the ListPolicies API.

10

10

Yes

ListPolicyPrincipals API TPS

The maximum number of transactions per second (TPS) that can be made for the ListPolicyPrincipals API.

10

10

Yes

ListPolicyVersions API TPS

The maximum number of transactions per second (TPS) that can be made for the ListPolicyVersions API.

10

10

Yes

ListPrincipalPolicies API TPS

The maximum number of transactions per second (TPS) that can be made for the ListPrincipalPolicies API.

15

15

Yes

ListProvisioningTemplateVersions API TPS

The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplateVersions API.

10

10

Yes

ListProvisioningTemplates API TPS

The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplates API.

10

10

Yes

ListRetainedMessages API TPS

The maximum number of transactions per second that can be made for the ListRetainedMessages API.

10

10

Yes

ListRoleAliases API TPS

The maximum number of transactions per second (TPS) that can be made for the ListRoleAliases API.

10

10

Yes

ListTargetsForPolicy API TPS

The maximum number of transactions per second (TPS) that can be made for the ListTargetsForPolicy API.

10

10

Yes

ListTopicRuleDestinations API TPS

The maximum number of transactions per second (TPS) that can be made for the ListTopicRuleDestinations API.

1

1

No

ListTopicRules API TPS

The maximum number of transactions per second (TPS) that can be made for the ListTopicRules API.

1

1

No

ListV2LoggingLevels API TPS

The maximum number of transactions per second (TPS) that can be made for the ListV2LoggingLevels API.

2

2

No

RegisterCACertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the RegisterCACertificate API.

10

10

Yes

RegisterCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the RegisterCertificate API.

10

10

Yes

RegisterCertificateWithoutCA API TPS

The maximum number of transactions per second (TPS) that can be made for the RegisterCertificateWithoutCA API.

10

10

Yes

RejectCertificateTransfer API TPS

The maximum number of transactions per second (TPS) that can be made for the RejectCertificateTransfer API.

10

10

Yes

ReplaceTopicRule API TPS

The maximum number of transactions per second (TPS) that can be made for the ReplaceTopicRule API.

5

5

No

SetDefaultAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the SetDefaultAuthorizer API.

10

10

Yes

SetDefaultPolicyVersion API TPS

The maximum number of transactions per second (TPS) that can be made for the SetDefaultPolicyVersion API.

10

10

Yes

SetLoggingOptions API TPS

The maximum number of transactions per second (TPS) that can be made for the SetLoggingOptions API.

2

2

No

SetV2LoggingLevel API TPS

The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingLevel API.

2

2

No

SetV2LoggingOptions API TPS

The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingOptions API.

2

2

No

TestAuthorization API TPS

The maximum number of transactions per second (TPS) that can be made for the TestAuthorization API.

10

10

No

TestInvokeAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the TestInvokeAuthorizer API.

10

10

No

TransferCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the TransferCertificate API.

10

10

Yes

UpdateAuthorizer API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateAuthorizer API.

10

10

Yes

UpdateCACertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateCACertificate API.

10

10

Yes

UpdateCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateCertificate API.

10

10

Yes

UpdateCertificateMode API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateMode API.

10

10

Yes

UpdateCertificateTag API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateTag API.

10

10

Yes

UpdateDomainConfiguration API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateDomainConfiguration API.

10

10

Yes

UpdateProvisioningTemplate API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateProvisioningTemplate API.

10

10

Yes

UpdateRoleAlias API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateRoleAlias API.

10

10

Yes

UpdateTopicRuleDestination API TPS

The maximum number of transactions per second (TPS) that can be made for the UpdateTopicRuleDestination API.

5

5

No

*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)

AWS IoT Core for LoRaWAN limits and quotas

Device data quotas

The following service quotas apply to AWS IoT Core for LoRaWAN device data, which are transmitted between LoRaWAN devices, gateways, and AWS IoT Core for LoRaWAN.

AWS IoT Wireless devices API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for AssociateWirelessDeviceWithThing

TPS limit for AssociateWirelessDeviceWithThing

10

Yes

TPS limit for CreateNetworkAnalyzerConfiguration

TPS limit for CreateNetworkAnalyzerConfiguration

10

Yes

TPS limit for CreateWirelessDevice

TPS limit for CreateWirelessDevice

10

Yes

TPS limit for DeleteNetworkAnalyzerConfiguration

TPS limit for DeleteNetworkAnalyzerConfiguration

10

Yes

TPS limit for DeleteWirelessDevice

TPS limit for DeleteWirelessDevice

10

Yes

TPS limit for DisassociateWirelessDeviceFromThing

TPS limit for DisassociateWirelessDeviceFromThing

10

Yes

TPS limit for GetEventConfigurationByResourceTypes

TPS limit for GetEventConfigurationByResourceTypes

10

Yes

TPS limit for GetWirelessDevice

TPS limit for GetWirelessDevice

10

Yes

TPS limit for GetWirelessDeviceStatistics

TPS limit for GetWirelessDeviceStatistics

10

No

TPS limit for ListEventConfigurations

TPS limit for ListEventConfigurations

10

Yes

TPS limit for ListNetworkAnalyzerConfigurations

TPS limit for ListNetworkAnalyzerConfigurations

10

Yes

TPS limit for ListWirelessDevices

TPS limit for ListWirelessDevices

10

Yes

TPS limit for SendDataToWirelessDevice

TPS limit for SendDataToWirelessDevice

10

Yes

TPS limit for TestWirelessDevice

TPS limit for TestWirelessDevice

10

Yes

TPS limit for UpdateEventConfigurationByResourceTypes

TPS limit for UpdateEventConfigurationByResourceTypes

10

Yes

TPS limit for UpdateWirelessDevice

TPS limit for UpdateWirelessDevice

10

Yes

AWS IoT Core for LoRaWAN API throttling

The following tables describes the maximum number of transactions per second (TPS) that can be made to each action in the AWS IoT Wireless API, which includes AWS IoT Core for LoRaWAN and Amazon Sidewalk Integration.

AWS IoT Wireless gateway API throttling

This table describes the maximum TPS for APIs used with LoRaWAN gateways. The gateways route messages between LoRaWAN devices and AWS IoT Core for LoRaWAN.

AWS IoT Wireless gateway API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for AssociateWirelessGatewayWithCertificate

TPS limit for AssociateWirelessGatewayWithCertificate

10

No

TPS limit for AssociateWirelessGatewayWithThing

TPS limit for AssociateWirelessGatewayWithThing

10

Yes

TPS limit for CreateWirelessGateway

TPS limit for CreateWirelessGateway

10

Yes

TPS limit for CreateWirelessGatewayTask

TPS limit for CreateWirelessGatewayTask

10

No

TPS limit for CreateWirelessGatewayTaskDefinition

TPS limit for CreateWirelessGatewayTaskDefinition

10

No

TPS limit for DeleteWirelessGateway

TPS limit for DeleteWirelessGateway

10

Yes

TPS limit for DeleteWirelessGatewayTask

TPS limit for DeleteWirelessGatewayTask

10

No

TPS limit for DeleteWirelessGatewayTaskDefinition

TPS limit for DeleteWirelessGatewayTaskDefinition

10

No

TPS limit for DisassociateWirelessGatewayFromCertificate

TPS limit for DisassociateWirelessGatewayFromCertificate

10

No

TPS limit for DisassociateWirelessGatewayFromThing

TPS limit for DisassociateWirelessGatewayFromThing

10

Yes

TPS limit for GetWirelessGateway

TPS limit for GetWirelessGateway

10

Yes

TPS limit for GetWirelessGatewayCertificate

TPS limit for GetWirelessGatewayCertificate

10

No

TPS limit for GetWirelessGatewayFirmwareInformation

TPS limit for GetWirelessGatewayFirmwareInformation

10

No

TPS limit for GetWirelessGatewayStatistics

TPS limit for GetWirelessGatewayStatistics

10

No

TPS limit for GetWirelessGatewayTask

TPS limit for GetWirelessGatewayTask

10

No

TPS limit for GetWirelessGatewayTaskDefinition

TPS limit for GetWirelessGatewayTaskDefinition

10

No

TPS limit for ListWirelessGatewayTaskDefinitions

TPS limit for ListWirelessGatewayTaskDefinitions

10

No

TPS limit for ListWirelessGateways

TPS limit for ListWirelessGateways

10

Yes

TPS limit for UpdateWirelessGateway

TPS limit for UpdateWirelessGateway

10

Yes

LoRaWAN devices API throttling

This table describes the maximum TPS for APIs used with LoRaWAN devices.

AWS IoT Wireless devices API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for AssociateWirelessDeviceWithThing

TPS limit for AssociateWirelessDeviceWithThing

10

Yes

TPS limit for CreateNetworkAnalyzerConfiguration

TPS limit for CreateNetworkAnalyzerConfiguration

10

Yes

TPS limit for CreateWirelessDevice

TPS limit for CreateWirelessDevice

10

Yes

TPS limit for DeleteNetworkAnalyzerConfiguration

TPS limit for DeleteNetworkAnalyzerConfiguration

10

Yes

TPS limit for DeleteWirelessDevice

TPS limit for DeleteWirelessDevice

10

Yes

TPS limit for DisassociateWirelessDeviceFromThing

TPS limit for DisassociateWirelessDeviceFromThing

10

Yes

TPS limit for GetEventConfigurationByResourceTypes

TPS limit for GetEventConfigurationByResourceTypes

10

Yes

TPS limit for GetWirelessDevice

TPS limit for GetWirelessDevice

10

Yes

TPS limit for GetWirelessDeviceStatistics

TPS limit for GetWirelessDeviceStatistics

10

No

TPS limit for ListEventConfigurations

TPS limit for ListEventConfigurations

10

Yes

TPS limit for ListNetworkAnalyzerConfigurations

TPS limit for ListNetworkAnalyzerConfigurations

10

Yes

TPS limit for ListWirelessDevices

TPS limit for ListWirelessDevices

10

Yes

TPS limit for SendDataToWirelessDevice

TPS limit for SendDataToWirelessDevice

10

Yes

TPS limit for TestWirelessDevice

TPS limit for TestWirelessDevice

10

Yes

TPS limit for UpdateEventConfigurationByResourceTypes

TPS limit for UpdateEventConfigurationByResourceTypes

10

Yes

TPS limit for UpdateWirelessDevice

TPS limit for UpdateWirelessDevice

10

Yes

Device Profiles and destination API throttling

This table describes device profiles and service profiles and destinations that can route messages to other AWS services.

AWS IoT Wireless device profiles and destination API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for CreateDestination

TPS limit for CreateDestination

10

Yes

TPS limit for CreateDeviceProfile

TPS limit for CreateDeviceProfile

10

Yes

TPS limit for CreateServiceProfile

TPS limit for CreateServiceProfile

10

Yes

TPS limit for DeleteDestination

TPS limit for DeleteDestination

10

Yes

TPS limit for DeleteDeviceProfile

TPS limit for DeleteDeviceProfile

10

Yes

TPS limit for DeleteServiceProfile

TPS limit for DeleteServiceProfile

10

Yes

TPS limit for GetDestination

TPS limit for GetDestination

10

Yes

TPS limit for GetDeviceProfile

TPS limit for GetDeviceProfile

10

Yes

TPS limit for GetServiceProfile

TPS limit for GetServiceProfile

10

Yes

TPS limit for ListDestinations

TPS limit for ListDestinations

10

Yes

TPS limit for ListDeviceProfiles

TPS limit for ListDeviceProfiles

10

Yes

TPS limit for ListServiceProfiles

TPS limit for ListServiceProfiles

10

Yes

TPS limit for UpdateDestination

TPS limit for UpdateDestination

10

Yes

Sidewalk and logging API throttling

This table describes the maximum TPS for Amazon Sidewalk APIs and APIs that are used for log levels based on resource types.

AWS IoT Wireless Sidewalk and logging API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for AssociateAwsAccountWithPartnerAccount

TPS limit for AssociateAwsAccountWithPartnerAccount

10

Yes

TPS limit for GetLogLevelsByResourceTypes

TPS limit for GetLogLevelsByResourceTypes

10

Yes

TPS limit for GetPartnerAccount

TPS limit for GetPartnerAccount

10

Yes

TPS limit for GetResourceLogLevel

TPS limit for GetResourceLogLevel

10

Yes

TPS limit for ListPartnerAccounts

TPS limit for ListPartnerAccounts

10

Yes

TPS limit for PutResourceLogLevel

TPS limit for PutResourceLogLevel

10

Yes

TPS limit for ResetAllResourceLogLevels

TPS limit for ResetAllResourceLogLevels

10

Yes

TPS limit for ResetResourceLogLevel

TPS limit for ResetResourceLogLevel

10

Yes

TPS limit for UpdateLogLevelsByResourceTypes

TPS limit for UpdateLogLevelsByResourceTypes

10

Yes

TPS limit for UpdatePartnerAccount

TPS limit for UpdatePartnerAccount

10

Yes

Tagging and GetServiceEndpoint API throttling

This table describes the maximum TPS for the GetServiceEndpoint API and APIs used for tagging resources.

AWS IoT Wireless tagging and GetServiceEndpoint API throttling

Limit display name

Description

Default value

Adjustable

TPS limit for GetServiceEndpoint

TPS limit for GetServiceEndpoint

10

No

TPS limit for ListTagsForResource

TPS limit for ListTagsForResource

10

Yes

TPS limit for TagResource

TPS limit for TagResource

10

Yes

TPS limit for UntagResource

TPS limit for UntagResource

10

Yes

Additional AWS IoT Wireless API limits

AWS IoT Wireless limits and quotas

Limit display name

Description

Default value

Adjustable

TPS limit for AssociateMulticastGroupWithFuotaTask

TPS limit for AssociateMulticastGroupWithFuotaTask

10

Yes

TPS limit for AssociateWirelessDeviceWithFuotaTask

TPS limit for AssociateWirelessDeviceWithFuotaTask

10

Yes

TPS limit for AssociateWirelessDeviceWithMulticastGroup

TPS limit for AssociateWirelessDeviceWithMulticastGroup

10

Yes

TPS limit for CancelMulticastGroupSession

TPS limit for CancelMulticastGroupSession

10

Yes

TPS limit for CreateFuotaTask

TPS limit for CreateFuotaTask

10

Yes

TPS limit for CreateMulticastGroup

TPS limit for CreateMulticastGroup

10

Yes

TPS limit for DeleteFuotaTask

TPS limit for DeleteFuotaTask

10

Yes

TPS limit for DeleteMulticastGroup

TPS limit for DeleteMulticastGroup

10

Yes

TPS limit for DeleteQueuedMessages

TPS limit for DeleteQueuedMessages

10

Yes

TPS limit for DisassociateAwsAccountFromPartnerAccount

TPS limit for DisassociateAwsAccountFromPartnerAccount

10

Yes

TPS limit for DisassociateMulticastGroupFromFuotaTask

TPS limit for DisassociateMulticastGroupFromFuotaTask

10

Yes

TPS limit for DisassociateWirelessDeviceFromFuotaTask

TPS limit for DisassociateWirelessDeviceFromFuotaTask

10

Yes

TPS limit for DisassociateWirelessDeviceFromMulticastGroup

TPS limit for DisassociateWirelessDeviceFromMulticastGroup

10

Yes

TPS limit for GetFuotaTask

TPS limit for GetFuotaTask

10

Yes

TPS limit for GetMulticastGroup

TPS limit for GetMulticastGroup

10

Yes

TPS limit for GetMulticastGroupSession

TPS limit for GetMulticastGroupSession

10

Yes

TPS limit for GetNetworkAnalyzerConfiguration

TPS limit for GetNetworkAnalyzerConfiguration

10

Yes

TPS limit for GetPosition

TPS limit for GetPosition

10

Yes

TPS limit for GetPositionConfiguration

TPS limit for GetPositionConfiguration

10

Yes

TPS limit for GetResourceEventConfiguration

TPS limit for GetResourceEventConfiguration

10

Yes

TPS limit for ListFuotaTasks

TPS limit for ListFuotaTasks

10

Yes

TPS limit for ListMulticastGroups

TPS limit for ListMulticastGroups

10

Yes

TPS limit for ListMulticastGroupsByFuotaTask

TPS limit for ListMulticastGroupsByFuotaTask

10

Yes

TPS limit for ListPositionConfigurations

TPS limit for ListPositionConfigurations

10

Yes

TPS limit for ListQueuedMessages

TPS limit for ListQueuedMessages

10

Yes

TPS limit for PutPositionConfiguration

TPS limit for PutPositionConfiguration

10

Yes

TPS limit for SendDataToMulticastGroup

TPS limit for SendDataToMulticastGroup

10

Yes

TPS limit for StartBulkAssociateWirelessDeviceWithMulticastGroup

TPS limit for StartBulkAssociateWirelessDeviceWithMulticastGroup

10

Yes

TPS limit for StartBulkDisassociateWirelessDeviceFromMulticastGroup

TPS limit for StartBulkDisassociateWirelessDeviceFromMulticastGroup

10

Yes

TPS limit for StartFuotaTask

TPS limit for StartFuotaTask

10

Yes

TPS limit for StartMulticastGroupSession

TPS limit for StartMulticastGroupSession

10

Yes

TPS limit for StartNetworkAnalyzerStream

TPS limit for StartNetworkAnalyzerStream

10

Yes

TPS limit for UpdateFuotaTask

TPS limit for UpdateFuotaTask

10

Yes

TPS limit for UpdateMulticastGroup

TPS limit for UpdateMulticastGroup

10

Yes

TPS limit for UpdateNetworkAnalyzerConfiguration

TPS limit for UpdateNetworkAnalyzerConfiguration

10

Yes

TPS limit for UpdatePosition

TPS limit for UpdatePosition

10

Yes

TPS limit for UpdateResourceEventConfiguration

TPS limit for UpdateResourceEventConfiguration

10

Yes

AWS IoT Core Device Shadow service limits and quotas

AWS IoT Core Device Shadow actions

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

Device Shadow API requests/second per account

Number of device shadow API requests per second per account. This value is adjustable and subject to per-account quotas, depending on the region.

4000

400

Yes

Maximum depth of JSON device state documents

The maximum number of levels in the desired or reported section of the JSON device state document is 5.

5

5

No

Maximum number of in-flight, unacknowledged messages per thing

The Device Shadow service supports up to 10 in-flight unacknowledged messages per thing on a single connection. When this quota is reached, all new shadow requests are rejected with a 429 error code until the number of in-flight requests drop below the limit.

10

10

No

Maximum shadow name size

Maximum size of a thing shadow name, which is 64 bytes of UTF-8 encoded characters.

64 Bytes

64 Bytes

No

Maximum size of a JSON state document

Each individual shadow document must be 8KB or less in size. Metadata doesn't contribute to the document size for service quotas or pricing.

8 Kilobytes

8 Kilobytes

Yes

Maximum thing name size

Maximum size of a thing name, which is 128 bytes of UTF-8 encoded characters.

128 Bytes

128 Bytes

No

Requests per second per thing

The Device Shadow service supports up to 20 requests per second per thing. This quota is per thing, not per API.

20

20

Yes

*Select AWS Regions: Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), South America (São Paulo), Canada (Central), Middle East (Bahrain), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West)

The levels in the desired and reported sections of the Device Shadow's JSON state document are counted as shown here for the desired object.

"desired": { "one": { "two": { "three": { "four": { "five":{ } } } } } }
Note

AWS IoT Core deletes a Device Shadow document after the creating account is deleted or upon customer request. For operational purposes, AWS IoT service backups are retained for 6 months.

AWS IoT Core Fleet Provisioning limits and quotas

Following are throttling limits for some fleet provisioning APIs per AWS account.

AWS IoT Core fleet provisioning limits and quotas

Limit display name

Description

Default value

Adjustable

Fleet Provisioning CreateCertificateFromCsr MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateCertificateFromCsr MQTT API.

100

Yes

Fleet Provisioning CreateKeysAndCertificate MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateKeysAndCertificate MQTT API.

10

Yes

Fleet Provisioning RegisterThing MQTT API TPS

The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning RegisterThing MQTT API.

10

Yes

Fleet provisioning also has these limits, which can't be changed.

Resource Description Limit
Versions per fleet provisioning template The maximum number of versions that a fleet provisioning template can have. Each template version has a version ID and a creation date for devices that connect to AWS IoT using fleet previsioning. 5
Fleet provisioning templates per customer The maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT. 256
Fleet provisioning template size The maximum size of a fleet provisioning template in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT. 10 Kilobytes

AWS IoT Core message broker and protocol limits and quotas

AWS IoT Core message broker limits and quotas

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

Client ID size

Size of the client ID, which is 128 bytes of UTF-8 encoded characters.

128 Bytes

128 Bytes

No

Connect requests per second per account

The maximum number of MQTT CONNECT requests per second per account.

500

100

Yes

Connect requests per second per client ID

AWS IoT Core restricts MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second.

1

1

No

Connection inactivity (keep-alive interval)

The default keep-alive interval is 1200 seconds. It is used when a client requests a keep-alive interval of zero. If a client requests an interval > 1200 seconds, the default interval is used. If a client requests a keep-alive interval < 30 seconds but > zero, the server treats the client as though it requested a keep-alive interval of 30 seconds.

1200 Seconds

1200 Seconds

No

Inbound publish requests per second per account

Inbound publish requests counts all messages that IoT Core processes before routing them to the clients or rules engine. Ex: A single message published on reserved topic can result in publishing 3 additional messages for shadow update, documents and delta, hence counted as 4 requests; whereas on an unreserved topic like a/b is counted as 1 request.

20000

2000

Yes

Maximum concurrent client connections per account

The maximum number of concurrent connections allowed per account.

500000

100000

Yes

Maximum inbound unacknowledged QoS 1 publish requests

AWS IoT Core restricts the number of unacknowledged inbound publish requests per client. When this quota is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server.

100

100

No

Maximum number of retained messages per account

The number of stored retained messages per account.When this limit is reached, no new retained messages are stored for this account and all retained publishes with payloads greater than 0 bytes are throttled.

5000

500

Yes

Maximum number of slashes in topic and topic filter

A topic in a publish or subscribe request can have no more than 7 forward slashes (/). This excludes the first 3 slashes in the mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).

7

7

No

Maximum outbound unacknowledged QoS 1 publish requests

AWS IoT Core restricts the number of unacknowledged outbound publish requests per client. When this quota is reached, no new publish requests are sent to the client until the client acknowledges the publish requests.

100

100

No

Maximum retry interval for delivering QoS 1 messages

AWS IoT Core retries delivery of unacknowledged quality of service 1 (QoS 1) publish requests to a client for up to one hour. If AWS IoT Core does not receive a PUBACK message from the client after one hour, it drops the publish requests.

3600 Seconds

3600 Seconds

No

Maximum subscriptions per subscribe request

A single SUBSCRIBE request has a quota of 8 subscriptions.

8

8

No

Message size

The payload for every publish request can be no larger than 128 KB. AWS IoT Core rejects publish and connect requests larger than this size.

128 Kilobytes

128 Kilobytes

No

Outbound publish requests per second per account

Outbound publish requests count for every message that resulted in matching a client's subscription. For example, 2 clients are subscribed to topic filter a/b. An inbound publish request on topic a/b results in a total of 2 outbound publish requests.

20000

2000

Yes

Persistent session expiry period

The duration for which the message broker stores an MQTT persistent session. The expiry period begins when the message broker detects the session has become disconnected. After the expiry period has elapsed, the message broker terminates the session and discards any associated queued messages. You can adjust this to a value from 1 hour to 7 days.

3600 Seconds

3600 Seconds

Yes

Publish requests per second per connection

AWS IoT Core restricts each client connection to a maximum number of inbound and outbound publish requests per second. This limit includes messages sent to offline persistent session. Publish requests that exceed that quota are discarded.

100

100

No

Queued messages per second per account

AWS IoT Core restricts an account to a maximum number of queued messages per second per account. This limit applies when AWS IoT Core stores the messages send to offline persistent sessions.

500

500

Yes

Retained message inbound publish requests per second per account

The maximum rate that AWS IoT Core can accept inbound publish requests of MQTT messages with the RETAIN flag set.This rate includes all inbound publish requests whether invoked by the HTTP or MQTT protocol.

500

50

Yes

Retained message inbound publish requests per second per topic

MQTT/HTTP publish requests with RETAIN flag set made to the same topic per second.

1

1

No

Subscriptions per account

AWS IoT Core restricts an account to a maximum number of subscriptions across all active connections.

500000

100000

Yes

Subscriptions per connection

AWS IoT Core supports 50 subscriptions per connection. AWS IoT Core might reject subscription requests on the same connection in excess of this amount and the connection is closed. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed.

50

50

No

Subscriptions per second per account

AWS IoT Core restricts an account to a maximum number of subscriptions per second. For example, if there are 2 MQTT SUBSCRIBE requests sent within a second, each with 3 subscriptions (topic filters), AWS IoT Core counts those as 6 subscriptions.

500

200

Yes

Throughput per second per connection

Data received or sent over a client connection is processed at a maximum throughput rate. Data that exceeds the maximum throughput is delayed in processing.

512 Kilobytes

512 Kilobytes

No

Topic size

The topic passed to AWS IoT Core when sending a publish request can be no larger than 256 bytes of UTF-8 encoded characters. This excludes the first 3 mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/).

256 Bytes

256 Bytes

No

WebSocket connection duration

The WebSocket connection lifetime is 24 hours. If the lifetime is exceeded, The WebSocket connection will be closed.

86400 Seconds

86400 Seconds

No

*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)

AWS IoT Core protocol-related limits and quotas

These limits are now found in AWS IoT Core message broker and protocol limits and quotas.

AWS IoT Core credential provider limits and quotas

AWS IoT Core credential limits and quotas

Limit display name

Description

Default value

Default value in select AWS Regions*

Adjustable

AssumeRoleWithCertificate API TPS

The maximum number of transactions per second (TPS) that can be made for the AssumeRoleWithCertificate API.

50

100

Yes

Maximum number of AWS IoT Core role aliases

Maximum number of AWS IoT Core role aliases registered in your AWS account. AWS IoT role alias allows connected devices to authenticate to AWS IoT using X.509 certificates and obtain short-lived AWS credentials from an IAM role that is associated with the role alias.

100

100

No

*Select AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Ireland)

Note

Large Region limits apply to AWS Regions: US East (N. Virginia), US West (Oregon), and Europe (Ireland)

AWS IoT Core security and identity limits and quotas

AWS IoT Core security and identity limits and quotas

Limit display name

Description

Default value

Adjustable

Configurable endpoints: maximum number of domain configurations per account

Configurable endpoints: maximum number of domain configurations per account

10

Yes

Custom authentication: maximum number of authorizers per account

Custom authentication: maximum number of authorizers that can be registered to your AWS account. Authorizers have a lambda function that implements custom authentication and authorization.

10

No

Maximum number of CA certificates with the same subject field allowed per AWS account per Region

The maximum number of CA certificates with the same subject field allowed per AWS account per region. If you have more than one CA certificate with the same subject field, you must specify the CA certificate that was used to sign the device certificate being registered.

10

No

Maximum number of device certificates that can be registered per second

The maximum number of device certificates that can be registered per second. You can select up to 15 files to register.

15

Yes

Maximum number of domain configurations per account per region

Maximum number of domain configurations per AWS account per AWS Region.

10

Yes

Maximum number of fleet provisioning template versions per template

Maximum number of fleet provisioning template versions per template. Each template version has a version ID and a creation date for devices connecting to AWS IoT using fleet previsioning.

5

No

Maximum number of fleet provisioning templates per customer

Maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT.

256

No

Maximum number of named policy versions

The maximum number of named policy versions. A managed AWS IoT policy can have up to five versions. To update a policy, create a new policy version. If the policy has five versions, you must delete an existing version before creating a new one.

5

No

Maximum number of policies that can be attached to a certificate or Amazon Cognito identity

The maximum number of policies that can be attached to a client certificate or an Amazon Cognito identity, which is 10. Amazon Cognito identity enables you to create temporary, limited-privilege AWS credentials for use in mobile and web applications.

10

No

Maximum number of provisioning claims that can be generated per second by trusted user

The maximum number of provisioning claims that can be generated per second by a trusted user. A trusted user can be an end user or installation technician who uses a mobile app or web application to configure the device in its deployed location.

10

No

Maximum policy document size

The maximum size of the policy document, which is 2048 characters excluding white spaces.

2048

No

Maximum size of fleet provisioning template

Maximum size of fleet provisioning templates in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT.

10 Kilobytes

No

Additional AWS IoT Core security limits
Resource Description Default Adjustable
Maximum number of domain names per server certificate When you're providing the server certificates for AWS IoT custom domain configuration, certificates can have a maximum of four domain names. 4 No
Custom authentication: minimum connection duration (value of DisconnectAfterInSecs) The Lambda function of a custom authorizer uses a DisconnectAfterInSeconds parameter to indicate the maximum duration (in seconds) of the connection to the AWS IoT Core gateway. The connection is terminated if it exceeds this value. 300 No
Custom authentication: maximum connection duration (value of DisconnectAfterInSecs) The maximum duration (in seconds) of the connection to the AWS IoT Core gateway, defined by the value of DisconnectAfterInSecs. 86,400 No
Custom authentication: minimum policy refresh rate (value of RefreshAfterInSecs) The Lambda function of a custom authorizer uses a RefreshAfterInSeconds parameter to indicate the interval (in seconds) between policy refreshes when connected to the AWS IoT Core gateway. When this interval passes, AWS IoT Core invokes the Lambda function to allow for policy refreshes. 300 No
Custom authentication: maximum policy refresh rate (value of RefreshAfterInSecs) The maximum time interval between policy refreshes when connected to the AWS IoT Core gateway, defined by the value of RefreshAfterInSeconds. 86,400 No

MQTT-based File Delivery

MQTT-based File Delivery Resource Quotas
Resource Description Default Adjustable
Streams per account The maximum number of streams per account. 10,000* No
Files per stream The maximum number of files per stream. 10 No
File size The maximum file size (in MB). 24 MB No
Maximum data block size The maximum data block size. 128 KB No
Minimum data block size The minimum data block size. 256 bytes No
Maximum block offset specified in a stream file request The maximum block offset specified in a stream file request. 98,304 No
Maximum blocks that can be requested per stream file request The maximum number of blocks that can be requested per stream file request. 98,304 No
Maximum block bitmap size The maximum block bitmap size. 12,288 bytes No

* For additional information, see Using AWS IoT MQTT-based file delivery in devices in the AWS IoT Developer Guide.

MQTT-based File Delivery Throttling
API Transactions Per Second
CreateStream 15 TPS
DeleteStream 15 TPS
DescribeStream 15 TPS
ListStreams 15 TPS
UpdateStream 15 TPS

AWS IoT Core Device Advisor limits and quotas

AWS IoT Core Device Advisor limits and quotas

Limit display name

Description

Default value

Adjustable

Concurrently connected devices

The maximum number of test devices that can be concurrently connected per test suite run.

1

No

Concurrently running test suites

The maximum number of suites an AWS account can run concurrently.

1

No

Connections per test endpoint

The maximum number of connections to an account-specific test endpoint.

5

No

MQTT CONNECT requests per account

The maximum number of MQTT Connect requests sent from a test device per second per account.

5

No

MQTT CONNECT requests per client ID

The maximum number of MQTT Connect requests sent from a test device per second per client ID.

1

No

Rate of CreateSuiteDefinition API requests

The maximum number of CreateSuiteDefinition API requests you can make per second.

1

No

Rate of DeleteSuiteDefinition API requests

The maximum number of DeleteSuiteDefinition API requests you can make per second.

10

No

Rate of GetSuiteDefinition API requests

The maximum number of GetSuiteDefinition API requests you can make per second.

10

No

Rate of GetSuiteRun API requests

The maximum number of GetSuiteRun API requests you can make per second.

10

No

Rate of GetSuiteRunReport API requests

The maximum number of GetSuiteRunReport API requests you can make per second.

10

No

Rate of ListSuiteDefinitions API requests

The maximum number of ListSuiteDefinitions API requests you can make per second.

10

No

Rate of ListSuiteRuns API requests

The maximum number of ListSuiteRuns API requests you can make per second.

10

No

Rate of ListTagsForResource API requests

The maximum number of ListTagsForResource API requests you can make per second.

10

No

Rate of ListTestCases API requests

The maximum number of ListTestCases API requests you can make per second.

10

No

Rate of StartSuiteRun API requests

The maximum number of StartSuiteRun API requests you can make per second.

1

No

Rate of TagResource API requests

The maximum number of TagResource API requests you can make per second.

10

No

Rate of UntagResource API requests

The maximum number of UntagResource API requests you can make per second.

10

No

Rate of UpdateSuiteDefinition API requests

The maximum number of UpdateSuiteDefinition API requests you can make per second.

10

No

Test case execution time

The maximum time until a test case fails if not completed.

10800 Seconds

No

Test cases per test suite

The maximum number of test cases in one test suite.

50

No