AWS Private Certificate Authority endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
AWS Private CA endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
acm-pca.us-east-2.amazonaws.com acm-pca-fips.us-east-2.amazonaws.com |
https HTTPS |
| US East (N. Virginia) | us-east-1 |
acm-pca.us-east-1.amazonaws.com acm-pca-fips.us-east-1.amazonaws.com |
https HTTPS |
| US West (N. California) | us-west-1 |
acm-pca.us-west-1.amazonaws.com acm-pca-fips.us-west-1.amazonaws.com |
https HTTPS |
| US West (Oregon) | us-west-2 |
acm-pca.us-west-2.amazonaws.com acm-pca-fips.us-west-2.amazonaws.com |
https HTTPS |
| Africa (Cape Town) | af-south-1 | acm-pca.af-south-1.amazonaws.com | https |
| Asia Pacific (Hong Kong) | ap-east-1 | acm-pca.ap-east-1.amazonaws.com | https |
| Asia Pacific (Hyderabad) | ap-south-2 | acm-pca.ap-south-2.amazonaws.com | https |
| Asia Pacific (Jakarta) | ap-southeast-3 | acm-pca.ap-southeast-3.amazonaws.com | https |
| Asia Pacific (Melbourne) | ap-southeast-4 | acm-pca.ap-southeast-4.amazonaws.com | https |
| Asia Pacific (Mumbai) | ap-south-1 | acm-pca.ap-south-1.amazonaws.com | https |
| Asia Pacific (Osaka) | ap-northeast-3 | acm-pca.ap-northeast-3.amazonaws.com | https |
| Asia Pacific (Seoul) | ap-northeast-2 | acm-pca.ap-northeast-2.amazonaws.com | https |
| Asia Pacific (Singapore) | ap-southeast-1 | acm-pca.ap-southeast-1.amazonaws.com | https |
| Asia Pacific (Sydney) | ap-southeast-2 | acm-pca.ap-southeast-2.amazonaws.com | https |
| Asia Pacific (Tokyo) | ap-northeast-1 | acm-pca.ap-northeast-1.amazonaws.com | https |
| Canada (Central) | ca-central-1 |
acm-pca.ca-central-1.amazonaws.com acm-pca-fips.ca-central-1.amazonaws.com |
https HTTPS |
| Canada West (Calgary) | ca-west-1 |
acm-pca.ca-west-1.amazonaws.com acm-pca-fips.ca-west-1.amazonaws.com |
https HTTPS |
| Europe (Frankfurt) | eu-central-1 | acm-pca.eu-central-1.amazonaws.com | https |
| Europe (Ireland) | eu-west-1 | acm-pca.eu-west-1.amazonaws.com | https |
| Europe (London) | eu-west-2 | acm-pca.eu-west-2.amazonaws.com | https |
| Europe (Milan) | eu-south-1 | acm-pca.eu-south-1.amazonaws.com | https |
| Europe (Paris) | eu-west-3 | acm-pca.eu-west-3.amazonaws.com | https |
| Europe (Spain) | eu-south-2 | acm-pca.eu-south-2.amazonaws.com | https |
| Europe (Stockholm) | eu-north-1 | acm-pca.eu-north-1.amazonaws.com | https |
| Europe (Zurich) | eu-central-2 | acm-pca.eu-central-2.amazonaws.com | https |
| Israel (Tel Aviv) | il-central-1 | acm-pca.il-central-1.amazonaws.com | https |
| Middle East (Bahrain) | me-south-1 | acm-pca.me-south-1.amazonaws.com | https |
| Middle East (UAE) | me-central-1 | acm-pca.me-central-1.amazonaws.com | https |
| South America (São Paulo) | sa-east-1 | acm-pca.sa-east-1.amazonaws.com | https |
| AWS GovCloud (US-East) | us-gov-east-1 | acm-pca.us-gov-east-1.amazonaws.com | https |
| AWS GovCloud (US-West) | us-gov-west-1 | acm-pca.us-gov-west-1.amazonaws.com | https |
AWS Private CA Connector for Active Directory endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 | pca-connector-ad.us-east-2.amazonaws.com | HTTPS |
| US East (N. Virginia) | us-east-1 | pca-connector-ad.us-east-1.amazonaws.com | HTTPS |
| US West (N. California) | us-west-1 | pca-connector-ad.us-west-1.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | pca-connector-ad.us-west-2.amazonaws.com | HTTPS |
| Africa (Cape Town) | af-south-1 | pca-connector-ad.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | pca-connector-ad.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | pca-connector-ad.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | pca-connector-ad.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | pca-connector-ad.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | pca-connector-ad.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | pca-connector-ad.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | pca-connector-ad.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | pca-connector-ad.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | pca-connector-ad.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | pca-connector-ad.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | pca-connector-ad.ca-central-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | pca-connector-ad.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | pca-connector-ad.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | pca-connector-ad.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | pca-connector-ad.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | pca-connector-ad.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | pca-connector-ad.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | pca-connector-ad.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | pca-connector-ad.eu-central-2.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | pca-connector-ad.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | pca-connector-ad.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | pca-connector-ad.sa-east-1.amazonaws.com | HTTPS |
AWS Private CA quotas
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Number of private certificate authorities (CAs) | Each supported Region: 200 |
Yes |
The maximum number of private certificate authorities (CAs) that you can create in this account in the current Region. |
| Number of private certificates per CA | Each supported Region: 1,000,000 |
Yes |
The maximum number of private certificates per certificate authority (CA) that you can create in this account in the current Region. |
| Number of revoked private certificates per CA | Each supported Region: 1,000,000 | No | The maximum number of private certificates per certificate authority (CA) that you can revoke in this account in the current Region. |
| Rate of CreateCertificateAuthority requests | Each supported Region: 1 | No | The maximum number of CreateCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of CreateCertificateAuthorityAuditReport requests | Each supported Region: 1 | No | The maximum number of CreateCertificateAuthorityAuditReport requests that you can perform in this account in the current region per second. |
| Rate of CreatePermission requests | Each supported Region: 1 | No | The maximum number of CreatePermission requests that you can perform in this account in the current region per second. |
| Rate of DeleteCertificateAuthority requests | Each supported Region: 10 | No | The maximum number of DeleteCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of DeletePermission requests | Each supported Region: 1 | No | The maximum number of DeletePermission requests that you can perform in this account in the current region per second. |
| Rate of DeletePolicy requests | Each supported Region: 5 | No | The maximum number of DeletePolicy requests that you can perform in this account in the current region per second. |
| Rate of DescribeCertificateAuthority requests | Each supported Region: 20 | No | The maximum number of DescribeCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of DescribeCertificateAuthorityAuditReport requests | Each supported Region: 20 | No | The maximum number of DescribeCertificateAuthorityAuditReport requests that you can perform in this account in the current region per second. |
| Rate of GetCertificate requests | Each supported Region: 75 |
Yes |
The maximum number of GetCertificate requests that you can perform in this account in the current region per second. |
| Rate of GetCertificateAuthorityCertificate requests | Each supported Region: 20 | No | The maximum number of GetCertificateAuthorityCertificate requests that you can perform in this account in the current region per second. |
| Rate of GetCertificateAuthorityCsr requests | Each supported Region: 10 | No | The maximum number of GetCertificateAuthorityCsr requests that you can perform in this account in the current region per second. |
| Rate of GetPolicy requests | Each supported Region: 5 | No | The maximum number of GetPolicy requests that you can perform in this account in the current region per second. |
| Rate of ImportCertificateAuthorityCertificate requests | Each supported Region: 10 | No | The maximum number of ImportCertificateAuthorityCertificate requests that you can perform in this account in the current region per second. |
| Rate of IssueCertificate requests | Each supported Region: 25 |
Yes |
The maximum number of IssueCertificate requests that you can perform in this account in the current region per second. |
| Rate of ListCertificateAuthorities requests | Each supported Region: 20 | No | The maximum number of ListCertificateAuthorities requests that you can perform in this account in the current region per second. |
| Rate of ListPermissions requests | Each supported Region: 5 | No | The maximum number of ListPermissions requests that you can perform in this account in the current region per second. |
| Rate of ListTags requests | Each supported Region: 20 | No | The maximum number of ListTags requests that you can perform in this account in the current region per second. |
| Rate of PutPolicy requests | Each supported Region: 5 | No | The maximum number of PutPolicy requests that you can perform in this account in the current region per second. |
| Rate of RestoreCertificateAuthority requests | Each supported Region: 20 | No | The maximum number of RestoreCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of RevokeCertificate requests | Each supported Region: 20 | No | The maximum number of RevokeCertificate requests that you can perform in this account in the current region per second. |
| Rate of TagCertificateAuthority requests | Each supported Region: 10 | No | The maximum number of TagCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of UntagCertificateAuthority requests | Each supported Region: 10 | No | The maximum number of UntagCertificateAuthority requests that you can perform in this account in the current region per second. |
| Rate of UpdateCertificateAuthority requests | Each supported Region: 10 | No | The maximum number of UpdateCertificateAuthority requests that you can perform in this account in the current region per second. |
AWS Private CA Connector for Active Directory quotas
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Number of connectors | Each supported Region: 10 |
Yes |
The maximum number of connectors that you can create in this account in the current region. |
| Number of group access control entries per template | Each supported Region: 100 |
Yes |
The maximum number of group access control entries per template that you can create in this account in the current Region. |
| Number of templates per connector | Each supported Region: 100 |
Yes |
The maximum number of templates per connector that you can create in this account in the current Region. |
| Rate of CreateConnector requests | Each supported Region: 2 |
Yes |
The maximum number of CreateConnector requests that you can perform in this account in the current region per second. |
| Rate of CreateDirectoryRegistration requests | Each supported Region: 10 |
Yes |
The maximum number of CreateDirectoryRegistration requests that you can perform in this account in the current region per second. |
| Rate of CreateServicePrincipalName requests | Each supported Region: 10 |
Yes |
The maximum number of CreateServicePrincipalName requests that you can perform in this account in the current region per second. |
| Rate of CreateTemplate requests | Each supported Region: 10 |
Yes |
The maximum number of CreateTemplate requests that you can perform in this account in the current region per second. |
| Rate of CreateTemplateGroupAccessControlEntry requests | Each supported Region: 10 |
Yes |
The maximum number of CreateTemplateGroupAccessControlEntry requests that you can perform in this account in the current region per second. |
| Rate of DeleteConnector requests | Each supported Region: 2 |
Yes |
The maximum number of DeleteConnector requests that you can perform in this account in the current region per second. |
| Rate of DeleteDirectoryRegistration requests | Each supported Region: 5 |
Yes |
The maximum number of DeleteDirectoryRegistration requests that you can perform in this account in the current region per second. |
| Rate of DeleteServicePrincipalName requests | Each supported Region: 5 |
Yes |
The maximum number of DeleteServicePrincipalName requests that you can perform in this account in the current region per second. |
| Rate of DeleteTemplate requests | Each supported Region: 5 |
Yes |
The maximum number of DeleteTemplate requests that you can perform in this account in the current region per second. |
| Rate of DeleteTemplateGroupAccessControlEntry requests | Each supported Region: 5 |
Yes |
The maximum number of DeleteTemplateGroupAccessControlEntry requests that you can perform in this account in the current region per second. |
| Rate of GetConnector requests | Each supported Region: 50 |
Yes |
The maximum number of GetConnector requests that you can perform in this account in the current region per second. |
| Rate of GetDirectoryRegistration requests | Each supported Region: 50 |
Yes |
The maximum number of GetDirectoryRegistration requests that you can perform in this account in the current region per second. |
| Rate of GetPolicies requests | Each supported Region: 10 |
Yes |
The maximum number of GetPolicies requests that you can perform in this account in the current region per second. |
| Rate of GetServicePrincipalName requests | Each supported Region: 50 |
Yes |
The maximum number of GetServicePrincipalName requests that you can perform in this account in the current region per second. |
| Rate of GetTemplate requests | Each supported Region: 50 |
Yes |
The maximum number of GetTemplate requests that you can perform in this account in the current region per second. |
| Rate of GetTemplateGroupAccessControlEntry requests | Each supported Region: 50 |
Yes |
The maximum number of GetTemplateGroupAccessControlEntry requests that you can perform in this account in the current region per second. |
| Rate of ListConnectors requests | Each supported Region: 50 |
Yes |
The maximum number of ListConnectors requests that you can perform in this account in the current region per second. |
| Rate of ListDirectoryRegistrations requests | Each supported Region: 50 |
Yes |
The maximum number of ListDirectoryRegistrations requests that you can perform in this account in the current region per second. |
| Rate of ListServicePrincipalNames requests | Each supported Region: 50 |
Yes |
The maximum number of ListServicePrincipalNames requests that you can perform in this account in the current region per second. |
| Rate of ListTagsForResource requests | Each supported Region: 50 |
Yes |
The maximum number of ListTagsForResource requests that you can perform in this account in the current region per second. |
| Rate of ListTemplateGroupAccessControlEntries requests | Each supported Region: 50 |
Yes |
The maximum number of ListTemplateGroupAccessControlEntries requests that you can perform in this account in the current region per second. |
| Rate of ListTemplates requests | Each supported Region: 50 |
Yes |
The maximum number of ListTemplates requests that you can perform in this account in the current region per second. |
| Rate of RequestSecurityToken requests | Each supported Region: 10 |
Yes |
The maximum number of RequestSecurityToken requests that you can perform in this account in the current region per second. |
| Rate of TagResource requests | Each supported Region: 50 |
Yes |
The maximum number of TagResource requests that you can perform in this account in the current region per second. |
| Rate of UntagResource requests | Each supported Region: 50 |
Yes |
The maximum number of UntagResource requests that you can perform in this account in the current region per second. |
| Rate of UpdateTemplate requests | Each supported Region: 10 |
Yes |
The maximum number of UpdateTemplate requests that you can perform in this account in the current region per second. |
| Rate of UpdateTemplateGroupAccessControlEntry requests | Each supported Region: 10 |
Yes |
The maximum number of UpdateTemplateGroupAccessControlEntry requests that you can perform in this account in the current region per second. |
