AWS IoT Core endpoints and quotas
This section lists the the service endpoints and service quotas for the service. To connect programmatically to an AWS service, you use an endpoint. For more information, see AWS service endpoints.
In addition to the standard AWS endpoints, some AWS services offer the following endpoints in some or all of the AWS Regions that the service is supported in:
IPv4 endpoints — These endpoints support only IPv4 requests and have the following format:
service-name
.region
.amazonaws.comDual-stack endpoints — These endpoints support both IPv4 requests and IPv6 requests and have the following format:
service-name
.region
.api.awsFIPS endpoints — These endpoints comply with the Federal Information Processing Standards (FIPS) and can support either IPv4 requests or dual-stack (IPv4 and IPv6) requests. FIPS endpoints have the following format:
, whereservice-name
-fips.region
.ip-endpoint-type
ip-endpoint-type
isamazonaws.com
(for IPv4 requests) orapi.aws
(for IPv4 or IPv6 requests).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Note
AWS recommends that you use Regional STS endpoints within your applications, and avoid using global (legacy) STS endpoints. Regional STS endpoints reduce latency, build in redundancy, and increase session token validity. For more information about configuring your applications to use a Regional STS endpoint, see AWS STS Regionalized endpoints in the AWS SDKs and Tools Reference Guide. For more information about global (legacy) AWS STS endpoints, including how to monitor for use of this type of endpoint, see How to use Regional AWS STS endpoints in the AWS Security blog.
Service endpoints
The following sections describe the service endpoints for AWS IoT Core.
Note
You can use these endpoints to perform the operations in the AWS IoT API Reference. The endpoints in the following sections are different from the device endpoints, which provide devices an MQTT publish/subscribe interface and a subset of the API operations. For more information about the data, credential access, and job management endpoints used by devices, see AWS IoT device endpoints.
For information about connecting to and using the AWS IoT endpoints, see Connecting devices to AWS IoT in the AWS IoT Developer Guide.
Topics
AWS IoT Core - control plane endpoints
The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations. For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS IoT operations in the AWS IoT API Reference.
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 |
iot.us-east-2.amazonaws.com iot-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
US East (N. Virginia) | us-east-1 |
iot.us-east-1.amazonaws.com iot-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
US West (N. California) | us-west-1 |
iot.us-west-1.amazonaws.com iot-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
US West (Oregon) | us-west-2 |
iot.us-west-2.amazonaws.com iot-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 | iot.ap-east-1.amazonaws.com | HTTPS |
Asia Pacific (Mumbai) | ap-south-1 | iot.ap-south-1.amazonaws.com | HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 | iot.ap-northeast-2.amazonaws.com | HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 | iot.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | iot.ap-southeast-2.amazonaws.com | HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 | iot.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 |
iot.ca-central-1.amazonaws.com iot-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
Europe (Frankfurt) | eu-central-1 | iot.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | iot.eu-west-1.amazonaws.com | HTTPS |
Europe (London) | eu-west-2 | iot.eu-west-2.amazonaws.com | HTTPS |
Europe (Paris) | eu-west-3 | iot.eu-west-3.amazonaws.com | HTTPS |
Europe (Stockholm) | eu-north-1 | iot.eu-north-1.amazonaws.com | HTTPS |
Middle East (Bahrain) | me-south-1 | iot.me-south-1.amazonaws.com | HTTPS |
Middle East (UAE) | me-central-1 | iot.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | iot.sa-east-1.amazonaws.com | HTTPS |
AWS GovCloud (US-East) | us-gov-east-1 |
iot.us-gov-east-1.amazonaws.com iot-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS |
AWS GovCloud (US-West) | us-gov-west-1 |
iot.us-gov-west-1.amazonaws.com iot-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
AWS IoT Core - data plane endpoints
The AWS IoT Core - data plane endpoints are specific to each
AWS account and AWS Region. To find the AWS IoT Core - data plane
endpoint for your AWS account and AWS Region, use the describe-endpointDescribeEndpoint
REST API.
aws iot describe-endpoint --endpoint-type
iot:Data-ATS
This command returns your data plane API endpoint in the following format:
account-specific-prefix
-ats.iot.aws-region
.amazonaws.com
For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT data plane operations in the AWS IoT API Reference.
The following table contains generic representations of the AWS account-specific
endpoints for each AWS Region that AWS IoT Core supports. In the
Endpoint column, the
from your
account-specific endpoint replaces account-specific-prefix
data
shown in the generic endpoint
representation.
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 |
data-ats.iot.us-east-2.amazonaws.com data.iot-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
US East (N. Virginia) | us-east-1 |
data-ats.iot.us-east-1.amazonaws.com data.iot-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
US West (N. California) | us-west-1 |
data-ats.iot.us-west-1.amazonaws.com data.iot-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
US West (Oregon) | us-west-2 |
data-ats.iot.us-west-2.amazonaws.com data.iot-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 | data-ats.iot.ap-east-1.amazonaws.com | HTTPS |
Asia Pacific (Mumbai) | ap-south-1 | data-ats.iot.ap-south-1.amazonaws.com | HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 | data-ats.iot.ap-northeast-2.amazonaws.com | HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 | data-ats.iot.ap-southeast-1.amazonaws.com | HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | data-ats.iot.ap-southeast-2.amazonaws.com | HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 | data-ats.iot.ap-northeast-1.amazonaws.com | HTTPS |
Canada (Central) | ca-central-1 |
data-ats.iot.ca-central-1.amazonaws.com data.iot-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
Europe (Frankfurt) | eu-central-1 | data-ats.iot.eu-central-1.amazonaws.com | HTTPS |
Europe (Ireland) | eu-west-1 | data-ats.iot.eu-west-1.amazonaws.com | HTTPS |
Europe (London) | eu-west-2 | data-ats.iot.eu-west-2.amazonaws.com | HTTPS |
Europe (Paris) | eu-west-3 | data-ats.iot.eu-west-3.amazonaws.com | HTTPS |
Europe (Stockholm) | eu-north-1 | data-ats.iot.eu-north-1.amazonaws.com | HTTPS |
Middle East (Bahrain) | me-south-1 | data-ats.iot.me-south-1.amazonaws.com | HTTPS |
Middle East (UAE) | me-central-1 | data-ats.iot.me-central-1.amazonaws.com | HTTPS |
South America (São Paulo) | sa-east-1 | data-ats.iot.sa-east-1.amazonaws.com | HTTPS |
AWS GovCloud (US-East) | us-gov-east-1 |
data-ats.iot.us-gov-east-1.amazonaws.com data.iot-fips.us-gov-east-1.amazonaws.com |
HTTPS HTTPS |
AWS GovCloud (US-West) | us-gov-west-1 |
data-ats.iot.us-gov-west-1.amazonaws.com data.iot-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
AWS IoT Core - credential provider endpoints
The AWS IoT Core credential provider endpoints are
specific to each AWS account and AWS Region. To find the credential provider
endpoint for your AWS account and AWS Region, use the describe-endpointDescribeEndpoint
REST API.
aws iot describe-endpoint --endpoint-type iot:CredentialProvider
This command returns your credential provider API endpoint in the following format:
account-specific-prefix
.credentials.iot.aws-region
.amazonaws.com
The following table contains generic representations of the AWS account-specific
endpoints for each AWS Region that AWS IoT Core supports. In the
Endpoint column, the
from your
account-specific endpoint replaces account-specific-prefix
prefix
shown in the generic endpoint
representation.
Region Name | Region | Endpoint | Protocol |
---|---|---|---|
US East (Ohio) | us-east-2 |
data.credentials.iot-fips.us-east-2.amazonaws.com |
HTTPS |
US East (N. Virginia) | us-east-1 |
data.credentials.iot-fips.us-east-1.amazonaws.com |
HTTPS |
US West (N. California) | us-west-1 |
data.credentials.iot-fips.us-west-1.amazonaws.com |
HTTPS |
US West (Oregon) | us-west-2 |
data.credentials.iot-fips.us-west-2.amazonaws.com |
HTTPS |
Asia Pacific (Hong Kong) | ap-east-1 | prefix .credentials.iot.ap-east-1.amazonaws.com |
HTTPS |
Asia Pacific (Mumbai) | ap-south-1 | prefix .credentials.iot.ap-south-1.amazonaws.com |
HTTPS |
Asia Pacific (Seoul) | ap-northeast-2 | prefix .credentials.iot.ap-northeast-2.amazonaws.com |
HTTPS |
Asia Pacific (Singapore) | ap-southeast-1 | prefix .credentials.iot.ap-southeast-1.amazonaws.com |
HTTPS |
Asia Pacific (Sydney) | ap-southeast-2 | prefix .credentials.iot.ap-southeast-2.amazonaws.com |
HTTPS |
Asia Pacific (Tokyo) | ap-northeast-1 | prefix .credentials.iot.ap-northeast-1.amazonaws.com |
HTTPS |
Canada (Central) | ca-central-1 |
data.credentials.iot-fips.ca-central-1.amazonaws.com |
HTTPS |
Europe (Frankfurt)) | eu-central-1 | prefix .credentials.iot.eu-central-1.amazonaws.com |
HTTPS |
Europe (Ireland) | eu-west-1 | prefix .credentials.iot.eu-west-1.amazonaws.com |
HTTPS |
Europe (London) | eu-west-2 | prefix .credentials.iot.eu-west-2.amazonaws.com |
HTTPS |
Europe (Paris) | eu-west-3 | prefix .credentials.iot.eu-west-3.amazonaws.com |
HTTPS |
Europe (Stockholm) | eu-north-1 | prefix .credentials.iot.eu-north-1.amazonaws.com
|
HTTPS |
Middle East (Bahrain) | me-south-1 | prefix .credentials.iot.me-south-1.amazonaws.com |
HTTPS |
Middle East (UAE) | me-central-1 | prefix .credentials.iot.me-central-1.amazonaws.com |
HTTPS |
South America (São Paulo) | sa-east-1 | prefix .credentials.iot.sa-east-1.amazonaws.com |
HTTPS |
AWS GovCloud (US-East) | us-gov-east-1 |
data.credentials.iot-fips.us-gov-east-1.amazonaws.com |
HTTPS |
AWS GovCloud (US-West) | us-gov-west-1 |
data.credentials.iot-fips.us-gov-west-1.amazonaws.com |
HTTPS |
AWS IoT FIPS endpoints
AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2
Service quotas
Contents
- AWS IoT Core thing resource limits and quotas
- AWS IoT Core thing group resource limits and quotas
- AWS IoT Core bulk thing registration limits and quotas
- AWS IoT Core billing group restrictions
- AWS IoT Core rules engine limits and quotas
- AWS IoT Core API throttling limits
- AWS IoT Core Device Shadow service limits and quotas
- AWS IoT Core Fleet Provisioning limits and quotas
- AWS IoT Core message broker and protocol limits and quotas
- AWS IoT Core credential provider limits and quotas
- AWS IoT Core security and identity limits and quotas
- MQTT-based File Delivery
- AWS IoT Core Device Advisor limits and quotas
Note
For the limits and quotas for the AWS IoT Core device location feature, see AWS IoT Core device location Service quotas.
AWS IoT Core thing resource limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
The maximum number of propagating attributes you can add. When creating or updating a thing type, you can add propagating attributes to the published MQTT 5 messages. A propagating attribute is a key-value pair that describes aspects of an IoT resource. |
20 |
No |
|
|
Maximum number of thing attributes for a thing with a thing type. Thing types are optional and make it easier to discover things. Things with a thing type can have up to 50 attributes. |
50 |
|
|
Maximum number of thing attributes for a thing without a thing type. Things without a thing type can have up to three attributes. |
3 |
No |
Maximum size of a thing name, which is 128 bytes of UTF-8 encoded characters. |
128 Bytes |
No |
|
Number of thing types that can be associated with a thing, which can be zero or one. Thing types are optional and their use makes it easier to discover things. |
1 |
No |
|
The size of thing attributes per thing, which is 47 kilobytes. Thing attributes are optional name-value pairs that store information about the thing, which makes their use easier to discover things. |
47 Kilobytes |
Note
Thing types
The number of thing types that can be defined in an AWS account is not limited.Thing types allow you to store description and configuration information that is common to all things associated with the same thing type.
AWS IoT Core thing group resource limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
The maximum depth of a hierarchy of thing groups. When you build a hierarchy of groups, the policy attached to the parent group is inherited by its child group, and by all the things in the group and its child groups. This makes it easier to manage permissions for large number of things. |
7 |
No |
|
Maximum number of attributes associated with a thing group. Attributes are name-value pairs you can use to store information about a group. You can add, delete, or update the attributes of a group. |
50 |
No |
|
The maximum number of direct child groups that a thing group can have in a thing group hierarchy. |
100 |
No |
|
Maximum number of dynamic groups. |
100 |
No |
|
A thing can be added to a maximum of 10 thing groups. But you cannot add a thing to more than one group in the same hierarchy. This means that a thing cannot be added to two groups that share a common parent. |
10 |
No |
|
Maximum size of a thing group attribute name, in chars. |
128 |
No |
|
Maximum size of a thing group attribute value, in chars. |
800 |
No |
|
Maximum thing group name size. |
128 Bytes |
No |
Note
Thing group assignment
The maximum number of things that can be assigned to a thing group is not limited.
AWS IoT Core bulk thing registration limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
For any given AWS account, only one bulk registration task can run at a time. |
1 |
No |
|
After the bulk registration task (which can be long lived) is complete, data related to bulk thing registration is permanently deleted after 30 days. |
2592000 Seconds |
No |
|
Each line in an Amazon S3 input JSON file can't exceed 256K in length. |
256000 |
No |
|
Any pending or incomplete bulk registration tasks are terminated after 30 days. |
2592000 Seconds |
No |
For more information about the JSON file used for bulk registration, see Amazon S3 input JSON file.
AWS IoT Core billing group restrictions
-
A thing can belong to exactly one billing group.
-
Unlike thing groups, billing groups cannot be organized into hierarchies.
-
For its usage to be registered for tagging or billing purposes, a device must:
-
Be registered as a thing in AWS IoT Core.
-
Communicate with AWS IoT Core using MQTT only.
-
Authenticate with AWS IoT Core using only its thing name as the client ID.
-
Use an X.509 certificate or Amazon Cognito Identity to authenticate.
For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning. You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a thing.
-
-
The maximum number of billing groups per AWS account is 20,000.
AWS IoT Core rules engine limits and quotas
This section describes the limits and quotas of the AWS IoT Core rules engine.
Limit display name |
Description |
Default value |
Default value in select AWS Regions* |
Adjustable |
---|---|---|---|---|
The maximum number of entries in the rule's actions property. |
10 |
10 |
No |
|
The maximum number of rules that can be defined in a single AWS account. |
1000 |
1000 |
||
The maximum number of rules that can be evaluated per second per AWS account. This quota includes rule evaluations that result from inbound Basic Ingest messages. |
20000 |
2000 |
||
The maximum size that a rule document definition can contain, measured by number of UTF-8 encoded characters, including white spaces. |
256 Kilobytes |
256 Kilobytes |
No |
*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)
AWS IoT Core rules engine HTTP actions limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
Maximum length of an endpoint URL for topic rule HTTP Action. |
2 Kilobytes |
No |
|
Maximum number of headers per HTTP action. When specifying the list of headers to include in the HTTP request, it must contain a header key and a header value. To learn more, see https://docs.aws.amazon.com/iot/latest/developerguide/https-rule-action.html. |
100 |
No |
|
Maximum size of a header key for topic rule HTTP action. The header file for a HTTP request includes this header key and a header value. |
256 Bytes |
No |
|
|
Maximum number of topic rule destinations per AWS account for topic rule HTTPS action. You must confirm and enable HTTPS endpoints before the rules engine can use them. For more information, see https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html. |
1000 |
No |
Request timeout for topic rule HTTP action. The AWS IoT rules engine retries the HTTPS action until the total time to complete a request exceeds the timeout quota. |
3000 Milliseconds |
No |
Resource | Value | Adjustable |
---|---|---|
TCP ports used for HTTP actions | 443, 8443 | No |
AWS IoT Core rules engine Apache Kafka actions limits and quotas
Resource | Limits |
---|---|
Bootstrap server ports | 9000-9100 |
Kerberos key distribution center (KDC) | 88 |
AWS IoT Core rules engine VPC actions limits and quotas
Resource | Quota |
---|---|
Maximum number of VPC destinations | 5 per account per Region |
AWS IoT Core API throttling limits
This table describes the maximum number of transactions per second (TPS) that can be made to each of these AWS IoT Core API actions.
Limit display name |
Description |
Default value |
Default value in select AWS Regions* |
Adjustable |
---|---|---|---|---|
The maximum number of transactions per second (TPS) that can be made for the AcceptCertificateTransfer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the AddThingToBillingGroup API. |
60 |
60 |
||
The maximum number of transactions per second (TPS) that can be made for the AddThingToThingGroup API. |
100 |
60 |
||
The maximum number of transactions per second (TPS) that can be made for the AttachPolicy API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the AttachPrincipalPolicy API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the AttachThingPrincipal API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the CancelCertificateTransfer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ClearDefaultAuthorizer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateAuthorizer API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateBillingGroup API. |
25 |
25 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateCertificateFromCsr API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateCertificateProvider API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateDomainConfiguration API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateDynamicThingGroup API. |
5 |
5 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateKeysAndCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the CreatePolicy API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the CreatePolicyVersion API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningClaim API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplate API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateProvisioningTemplateVersion API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateRoleAlias API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateThing API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateThingGroup API. |
25 |
25 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateThingType API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the CreateTopicRule API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the CreateTopicRuleDestination API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteAuthorizer API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteBillingGroup API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteCACertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteCertificateProvider API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteDomainConfiguration API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteDynamicThingGroup API. |
5 |
5 |
||
The maximum number of transactions per second (TPS) that can be made for the DeletePolicy API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeletePolicyVersion API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteProvisioningTemplateVersion API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteRegistrationCode API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteRoleAlias API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteThing API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteThingGroup API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteThingType API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRule API. |
20 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteTopicRuleDestination API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeleteV2LoggingLevel API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DeprecateThingType API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeAuthorizer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeBillingGroup API. |
100 |
100 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeCACertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeCertificateProvider API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeCertificateTag API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeDefaultAuthorizer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeDomainConfiguration API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeEndpoint API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the DescribeEventConfigurations API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeProvisioningTemplateVersion API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeRoleAlias API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeThing API. |
350 |
350 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeThingGroup API. |
100 |
100 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeThingRegistrationTask API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the DescribeThingType API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the DetachPolicy API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DetachPrincipalPolicy API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the DetachThingPrincipal API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the DisableTopicRule API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the EnableTopicRule API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the GetEffectivePolicies API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the GetLoggingOptions API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the GetPolicy API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the GetPolicyVersion API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the GetRegistrationCode API. |
10 |
10 |
||
The maximum number of transactions per second that can be made for the GetRetainedMessage API. |
500 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the GetTopicRule API. |
200 |
20 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the GetTopicRuleDestination API. |
50 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the GetV2LoggingOptions API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListAttachedPolicies API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the ListAuthorizers API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListBillingGroups API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListCACertificates API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListCertificateProviders API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListCertificates API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListCertificatesByCA API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListDomainConfigurations API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListOutgoingCertificates API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPolicies API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPolicyPrincipals API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPolicyVersions API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPrincipalPolicies API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPrincipalThings API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListPrincipalThingsV2 API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplateVersions API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListProvisioningTemplates API. |
10 |
10 |
||
The maximum number of transactions per second that can be made for the ListRetainedMessages API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListRoleAliases API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListTagsForResource API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListTargetsForPolicy API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingGroups API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingGroupsForThing API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingPrincipals API. |
20 |
20 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingPrincipalsV2 API. |
20 |
20 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingRegistrationTasks API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingRegistrationTaskReports API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingTypes API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThings API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingsInBillingGroup API. |
25 |
25 |
||
The maximum number of transactions per second (TPS) that can be made for the ListThingsInThingGroup API. |
25 |
25 |
||
The maximum number of transactions per second (TPS) that can be made for the ListTopicRuleDestinations API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListTopicRules API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the ListV2LoggingLevels API. |
2 |
2 |
No |
|
|
The maximum number of resource-specific logging configurations that can be defined in a single AWS account. |
1000 |
1000 |
No |
The maximum number of transactions per second (TPS) that can be made for the RegisterCACertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the RegisterCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the RegisterCertificateWithoutCA API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the RegisterThing API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the RejectCertificateTransfer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the RemoveThingFromBillingGroup API. |
30 |
30 |
||
The maximum number of transactions per second (TPS) that can be made for the RemoveThingFromThingGroup API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the ReplaceTopicRule API. |
5 |
5 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the SetDefaultAuthorizer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the SetDefaultPolicyVersion API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the SetLoggingOptions API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingLevel API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the SetV2LoggingOptions API. |
2 |
2 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the StartThingRegistrationTask API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the StopThingRegistrationTask API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the TagResource API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the TestAuthorization API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the TestInvokeAuthorizer API. |
10 |
10 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the TransferCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UntagResource API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateAuthorizer API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateBillingGroup API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateCACertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateCertificate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateMode API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateProvider API. |
1 |
1 |
No |
|
The maximum number of transactions per second (TPS) that can be made for the UpdateCertificateTag API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateDomainConfiguration API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateDynamicThingGroup API. |
5 |
5 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateEventConfigurations API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateProvisioningTemplate API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateRoleAlias API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateThing API. |
100 |
50 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateThingGroup API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateThingGroupsForThing API. |
10 |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateThingType API. |
15 |
15 |
||
The maximum number of transactions per second (TPS) that can be made for the UpdateTopicRuleDestination API. |
5 |
5 |
No |
*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), Europe (Paris), Asia Pacific (Hong Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)
AWS IoT Core Device Shadow service limits and quotas
Limit display name |
Description |
Default value |
Default value in select AWS Regions* |
Adjustable |
---|---|---|---|---|
Number of device shadow API requests per second per account. This value is adjustable and subject to per-account quotas, depending on the region. |
4000 |
400 |
||
The maximum number of levels in the desired or reported section of the JSON device state document is 8. |
8 |
8 |
No |
|
|
The Device Shadow service supports up to 10 in-flight unacknowledged messages per thing on a single connection. When this quota is reached, all new shadow requests are rejected with a 429 error code until the number of in-flight requests drop below the limit. |
10 |
10 |
No |
Maximum size of a thing shadow name, which is 64 bytes of UTF-8 encoded characters. |
64 Bytes |
64 Bytes |
No |
|
Each individual shadow document must be 8KB or less in size. Metadata doesn't contribute to the document size for service quotas or pricing. |
8 Kilobytes |
8 Kilobytes |
||
Maximum size of a thing name, which is 128 bytes of UTF-8 encoded characters. |
128 Bytes |
128 Bytes |
No |
|
The Device Shadow service supports up to 20 requests per second per shadow. This limit applies to both HTTP and MQTT API calls for GetThingShadow, UpdateThingShadow, DeleteThingShadow, and ListNamedShadowsForThing (classic shadows only). |
20 |
20 |
*Select AWS Regions: Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), South America (São Paulo), Canada (Central), Middle East (Bahrain), Middle East (UAE), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West)
The levels in the desired
and reported
sections of the
Device Shadow's JSON state document are counted as shown here for the
desired
object.
"desired": { "one": { "two": { "three": { "four": { "five":{ } } } } } }
Note
AWS IoT Core deletes a Device Shadow document after the creating account is deleted or upon customer request. For operational purposes, AWS IoT service backups are retained for 6 months.
AWS IoT Core Fleet Provisioning limits and quotas
Following are throttling limits for some fleet provisioning APIs per AWS account.
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateCertificateFromCsr MQTT API. |
20 |
||
The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning CreateKeysAndCertificate MQTT API. |
10 |
||
The maximum number of transactions per second (TPS) that can be made for the Fleet Provisioning RegisterThing MQTT API. |
10 |
Fleet provisioning also has these limits, which can't be changed.
Resource | Description | Limit |
---|---|---|
Versions per fleet provisioning template | The maximum number of versions that a fleet provisioning template can have. Each template version has a version ID and a creation date for devices that connect to AWS IoT using fleet previsioning. | 5 |
Fleet provisioning templates per customer | The maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT. | 256 |
Fleet provisioning template size | The maximum size of a fleet provisioning template in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT. | 10 Kilobytes |
AWS IoT Core message broker and protocol limits and quotas
Note
The limits listed below are per AWS Regions.
Limit display name |
Description |
Default value |
Default value in select AWS Regions* |
Adjustable |
---|---|---|---|---|
Size of the client ID, which is 128 bytes of UTF-8 encoded characters. |
128 Bytes |
128 Bytes |
No |
|
The maximum number of MQTT CONNECT requests per second per account. |
3000 |
100 |
||
AWS IoT Core restricts MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second. |
1 |
1 |
No |
|
The default keep-alive interval is used when a client requests a keep-alive interval of zero or > 1200 seconds. If a client requests a keep-alive interval < 30 seconds but more than zero, the server treats the client as though it requested a keep-alive interval of 30 seconds. In VPC endpoints, MQTT keep alive periods can not exceed 230 seconds. |
1200 Seconds |
1200 Seconds |
No |
|
Inbound publish requests counts all messages that IoT Core processes before routing them to the clients or rules engine. Ex: A single message published on reserved topic can result in publishing 3 additional messages for shadow update, documents and delta, hence counted as 4 requests; whereas on an unreserved topic like a/b is counted as 1 request. |
20000 |
2000 |
||
The payload for every publish request can be no larger than 128 KB. AWS IoT Core rejects publish and connect requests larger than this size. |
128 Kilobytes |
128 Kilobytes |
No |
|
The maximum size for MQTT5 Content Type (UTF-8 string). |
256 Bytes |
256 Bytes |
No |
|
The maximum size for MQTT5 Correlation Data. |
8 Kilobytes |
8 Kilobytes |
No |
|
The maximum value of MQTT 5 Topic Alias topics that a client can specify per connection allowed. If the client attempts to publish with Topic Alias topics greater than the maximum value, the client will be disconnected. |
8 |
8 |
||
The maximum MQTT5 packet size (variable header and payload) |
146 Kilobytes |
146 Kilobytes |
No |
|
The maximum MQTT5 lifetime of a message in seconds. |
604800 Seconds |
604800 Seconds |
No |
|
The maximum total size per packet in kilobytes for MQTT5 User Property keys and values. |
8 Kilobytes |
8 Kilobytes |
No |
|
The maximum number of concurrent connections allowed per account. |
500000 |
100000 |
||
AWS IoT Core restricts the number of unacknowledged inbound publish requests per MQTT client. When this quota is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server. |
100 |
100 |
No |
|
The number of stored retained messages per account.When this limit is reached, no new retained messages are stored for this account and all retained publishes with payloads greater than 0 bytes are throttled. |
500000 |
100000 |
||
A topic in a publish or subscribe request can have no more than 7 forward slashes (/). This excludes the first 3 slashes in the mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/). |
7 |
7 |
No |
|
AWS IoT Core restricts the number of unacknowledged outbound publish requests per client. When this quota is reached, no new publish requests are sent to the client until the client acknowledges the publish requests. |
100 |
100 |
No |
|
AWS IoT Core retries delivery of unacknowledged quality of service 1 (QoS 1) publish requests to a connected client for up to one hour for MQTT 3 subscribers and sixteen minutes for MQTT 5 subscribers, after which it drops the publish requests. |
960 Seconds |
960 Seconds |
No |
|
A single SUBSCRIBE request has a quota of 8 subscriptions. |
8 |
8 |
No |
|
To connect to AWS IoT Core, clients can specify a maximum packet size that it supports. Clients cannot set this value to less than 512 bytes. Clients that specify values less than 512 bytes will not be allowed to connect. |
512 Bytes |
512 Bytes |
No |
|
Outbound publish requests count for every message that resulted in matching a client's subscription. For example, 2 clients are subscribed to topic filter a/b. An inbound publish request on topic a/b results in a total of 2 outbound publish requests. For topics with a large number of subscribers, message delivery is subject to increased latency. |
20000 |
2000 |
||
The duration for which the message broker stores an MQTT persistent session. The expiry period begins when the message broker detects the session has become disconnected. After the expiry period has elapsed, the message broker terminates the session and discards any associated queued messages. You can adjust this to a value from 1 hour to 7 days. |
3600 Seconds |
3600 Seconds |
||
AWS IoT Core restricts each client connection to a maximum number of inbound and outbound publish requests per second. This limit includes messages sent to offline persistent session. Publish requests that exceed that quota are discarded. |
100 |
100 |
No |
|
AWS IoT Core restricts an account to a maximum number of queued messages per second per account. This limit applies when AWS IoT Core stores the messages send to offline persistent sessions. |
500 |
500 |
||
|
The maximum rate that AWS IoT Core can accept inbound publish requests of MQTT messages with the RETAIN flag set.This rate includes all inbound publish requests whether invoked by the HTTP or MQTT protocol. |
500 |
50 |
|
|
MQTT/HTTP publish requests with RETAIN flag set made to the same topic per second. |
1 |
1 |
No |
The maximum number of shared subscription groups per account. |
100 |
100 |
No |
|
The maximum number of subscriptions in a shared subscription group. |
100 |
100 |
No |
|
The maximum number of subscribe and unsubscribe requests that AWS IoT Core can accept per second in a shared subscription group. |
100 |
100 |
No |
|
AWS IoT Core restricts an account to a maximum number of subscriptions across all active connections. |
500000 |
100000 |
||
AWS IoT Core restricts the number of subscriptions per connection. AWS IoT Core rejects subscription requests on the same connection in excess of this amount. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed. |
50 |
50 |
||
AWS IoT Core restricts an account to a maximum number of subscriptions per second. For example, if there are 2 MQTT SUBSCRIBE requests sent within a second, each with 3 subscriptions (topic filters), AWS IoT Core counts those as 6 subscriptions. |
3000 |
200 |
||
Data received or sent over a client connection is processed at a maximum throughput rate. Data that exceeds the maximum throughput is delayed in processing. |
512 Kilobytes |
512 Kilobytes |
No |
|
The topic passed to AWS IoT Core when sending a publish request can be no larger than 256 bytes of UTF-8 encoded characters. This excludes the first 3 mandatory segments for Basic Ingest topics ($AWS/rules/rule-name/). |
256 Bytes |
256 Bytes |
No |
|
The WebSocket connection lifetime is 24 hours. If the lifetime is exceeded, The WebSocket connection will be closed. |
86400 Seconds |
86400 Seconds |
No |
*Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), Europe (Paris), Asia Pacific (Hong Kong), South America (São Paulo), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central), China (Ningxia)
AWS IoT Core credential provider limits and quotas
Limit display name |
Description |
Default value |
Default value in select AWS Regions* |
Adjustable |
---|---|---|---|---|
The maximum number of transactions per second (TPS) that can be made for the AssumeRoleWithCertificate API. |
50 |
100 |
||
Maximum number of AWS IoT Core role aliases registered in your AWS account. AWS IoT role alias allows connected devices to authenticate to AWS IoT using X.509 certificates and obtain short-lived AWS credentials from an IAM role that is associated with the role alias. |
100 |
100 |
No |
*Select AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Ireland)
Note
Large Region limits apply to AWS Regions: US East (N. Virginia), US West (Oregon), and Europe (Ireland)
AWS IoT Core security and identity limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
|
Configurable endpoints: maximum number of domain configurations per account |
10 |
|
|
Custom authentication: maximum number of authorizers that can be active in your AWS account. |
32 |
No |
|
Custom authentication: maximum number of authorizers that can be registered to your AWS account. Authorizers have a lambda function that implements custom authentication and authorization. |
100 |
No |
|
The maximum number of CA certificates with the same subject field allowed per AWS account per region. If you have more than one CA certificate with the same subject field, you must specify the CA certificate that was used to sign the device certificate being registered. |
10 |
No |
|
The maximum number of device certificates that can be registered per second. You can select up to 15 files to register. |
15 |
|
|
Maximum number of domain configurations per AWS account per AWS Region. |
10 |
|
|
Maximum number of fleet provisioning template versions per template. Each template version has a version ID and a creation date for devices connecting to AWS IoT using fleet previsioning. |
5 |
No |
Maximum number of fleet provisioning templates per customer. Use fleet provisioning templates to generate certificates and private keys for your devices to securely connect to AWS IoT. |
256 |
No |
|
The maximum number of named policy versions. A managed AWS IoT policy can have up to five versions. To update a policy, create a new policy version. If the policy has five versions, you must delete an existing version before creating a new one. |
5 |
No |
|
|
The maximum number of policies that can be attached to a client certificate or an Amazon Cognito identity, which is 10. Amazon Cognito identity enables you to create temporary, limited-privilege AWS credentials for use in mobile and web applications. |
10 |
No |
|
The maximum number of provisioning claims that can be generated per second by a trusted user. A trusted user can be an end user or installation technician who uses a mobile app or web application to configure the device in its deployed location. |
10 |
No |
The maximum size of the policy document, which is 2048 characters excluding white spaces. |
2048 |
No |
|
Maximum size of fleet provisioning templates in Kilobytes. Fleet provisioning templates allow you to generate certificates and private keys for your devices to securely connect to AWS IoT. |
10 Kilobytes |
No |
Resource | Description | Default | Adjustable |
---|---|---|---|
Maximum number of domain names per server certificate | When you're providing the server certificates for AWS IoT custom domain configuration, certificates can have a maximum of four domain names. | 4 | No |
Custom authentication: minimum connection duration (value of
DisconnectAfterInSecs ) |
The Lambda function of a custom authorizer
uses a DisconnectAfterInSecs parameter to indicate the
maximum duration (in seconds) of the connection to the AWS IoT Core
gateway. The connection is terminated if it exceeds this value. The
minimum value for DisconnectAfterInSecs is 300. If the
value is less than 300, a client can be disconnected by AWS IoT Core. A
connection can't last less than 300 seconds (the minimum
value). |
300 | No |
Custom authentication: maximum connection duration (value of
DisconnectAfterInSecs ) |
The Lambda function of a custom authorizer
uses a DisconnectAfterInSecs parameter to indicate the
maximum duration (in seconds) of the connection to the AWS IoT Core
gateway. The connection is terminated if it exceeds this value. The
maximum value for DisconnectAfterInSecs is 86,400. If
the value is more than 86,400, a client can be disconnected by
AWS IoT Core. A connection can't last longer than 86,400 seconds (the
maximum value). This applies to all custom authentication
connections (MQTT and WSS). |
86,400 | No |
Custom authentication: minimum policy refresh rate (value of
RefreshAfterInSecs ) |
The Lambda function of a custom authorizer
uses a RefreshAfterInSeconds parameter to indicate the
interval (in seconds) between policy refreshes when connected to the
AWS IoT Core gateway. When this interval passes, AWS IoT Core invokes the
Lambda function to allow for policy refreshes. |
300 | No |
Custom authentication: maximum policy refresh rate (value of
RefreshAfterInSecs ) |
The maximum time interval between policy
refreshes when connected to the AWS IoT Core gateway, defined by the
value of RefreshAfterInSeconds . |
86,400 | No |
MQTT-based File Delivery
Resource | Description | Default | Adjustable |
---|---|---|---|
Streams per account | The maximum number of streams per account. | 10,000* | No |
Files per stream | The maximum number of files per stream. | 10 | No |
File size | The maximum file size (in MB). | 24 MB | No |
Maximum data block size | The maximum data block size. | 128 KB | No |
Minimum data block size | The minimum data block size. | 256 bytes | No |
Maximum block offset specified in a stream file request | The maximum block offset specified in a stream file request. | 98,304 | No |
Maximum blocks that can be requested per stream file request | The maximum number of blocks that can be requested per stream file request. | 98,304 | No |
Maximum block bitmap size | The maximum block bitmap size. | 12,288 bytes | No |
* For additional information, see Using AWS IoT MQTT-based file delivery in devices in the AWS IoT Developer Guide.
API | Transactions Per Second |
---|---|
CreateStream | 15 TPS |
DeleteStream | 15 TPS |
DescribeStream | 15 TPS |
ListStreams | 15 TPS |
UpdateStream | 15 TPS |
AWS IoT Core Device Advisor limits and quotas
Limit display name |
Description |
Default value |
Adjustable |
---|---|---|---|
The maximum number of test devices that can be concurrently connected per test suite run. |
1 |
No |
|
The maximum number of suites an AWS account can run concurrently. |
1 |
No |
|
The maximum number of connections to an account-specific test endpoint. |
5 |
No |
|
The maximum number of MQTT Connect requests sent from a test device per second per account. |
5 |
No |
|
The maximum number of MQTT Connect requests sent from a test device per second per client ID. |
1 |
No |
|
The maximum number of CreateSuiteDefinition API requests you can make per second. |
1 |
No |
|
The maximum number of DeleteSuiteDefinition API requests you can make per second. |
10 |
No |
|
The maximum number of GetSuiteDefinition API requests you can make per second. |
10 |
No |
|
The maximum number of GetSuiteRun API requests you can make per second. |
10 |
No |
|
The maximum number of GetSuiteRunReport API requests you can make per second. |
10 |
No |
|
The maximum number of ListSuiteDefinitions API requests you can make per second. |
10 |
No |
|
The maximum number of ListSuiteRuns API requests you can make per second. |
10 |
No |
|
The maximum number of ListTagsForResource API requests you can make per second. |
10 |
No |
|
The maximum number of ListTestCases API requests you can make per second. |
10 |
No |
|
The maximum number of StartSuiteRun API requests you can make per second. |
1 |
No |
|
The maximum number of TagResource API requests you can make per second. |
10 |
No |
|
The maximum number of UntagResource API requests you can make per second. |
10 |
No |
|
The maximum number of UpdateSuiteDefinition API requests you can make per second. |
10 |
No |
|
The maximum time until a test case fails if not completed. |
10800 Seconds |
No |
|
The maximum number of test cases in one test suite. |
50 |
No |