AWS Systems Manager endpoints and quotas - AWS General Reference

AWS Systems Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service Endpoints

Note

In addition to the ssm.* endpoints listed below, your managed instances must also allow HTTPS (port 443) outbound traffic to the following endpoints:

  • ec2messages.*

  • ssmmessages.*

For more information about these endpoints, see Reference: ec2messages, ssmmessages, and Other API Calls in the AWS Systems Manager User Guide.

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2

ssm.us-east-2.amazonaws.com

ssm-fips.us-east-2.amazonaws.com

HTTPS

HTTPS

US East (N. Virginia) us-east-1

ssm.us-east-1.amazonaws.com

ssm-fips.us-east-1.amazonaws.com

HTTPS

HTTPS

US West (N. California) us-west-1

ssm.us-west-1.amazonaws.com

ssm-fips.us-west-1.amazonaws.com

HTTPS

HTTPS

US West (Oregon) us-west-2

ssm.us-west-2.amazonaws.com

ssm-fips.us-west-2.amazonaws.com

HTTPS

HTTPS

Africa (Cape Town) af-south-1 ssm.af-south-1.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 ssm.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 ssm.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 ssm.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 ssm.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 ssm.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 ssm.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1

ssm.ca-central-1.amazonaws.com

ssm-fips.ca-central-1.amazonaws.com

HTTPS

HTTPS

China (Beijing) cn-north-1 ssm.cn-north-1.amazonaws.com.cn HTTPS
China (Ningxia) cn-northwest-1 ssm.cn-northwest-1.amazonaws.com.cn HTTPS
Europe (Frankfurt) eu-central-1 ssm.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 ssm.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 ssm.eu-west-2.amazonaws.com HTTPS
Europe (Milan) eu-south-1 ssm.eu-south-1.amazonaws.com HTTPS
Europe (Paris) eu-west-3 ssm.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 ssm.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 ssm.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 ssm.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

ssm.us-gov-east-1.amazonaws.com

ssm.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US) us-gov-west-1

ssm.us-gov-west-1.amazonaws.com

ssm.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

For information about using AWS Systems Manager in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-West) Endpoints.

For information about using AWS Systems Manager in the China Regions, see:

AWS Systems Manager Distributor is available in all commercial Regions except the China (Beijing) Region and the China (Ningxia) Region. Distributor is not available in the AWS GovCloud (US-West) Endpoints.

Service Quotas

Capability Resource Default
AWS AppConfig Maximum number of applications 100
AWS AppConfig Maximum number of deployment strategies 20
AWS AppConfig Maximum number of environments per application 20
AWS AppConfig Maximum number of configuration profiles per application 100
AWS AppConfig Storage limit for AWS AppConfig hosted configuration store 1 GB
AWS AppConfig Configuration size limit

AWS AppConfig hosted configuration store: 64 KB

Amazon S3: 1 MB

AWS AppConfig Maximum throughput (transactions per second) 1000 TPS (applies to GetConfiguration)
Automation Concurrently running automations

100

Each AWS account can run 100 automations simultaneously. This includes child automations (automations that are started by another automation), and rate control automations. If you attempt to run more automations than this, Systems Manager adds the additional automations to a queue and displays a status of Pending.

Automation Automation queue

1000

If you attempt to run more automations than the concurrent automation limit, subsequent automations are added to a queue. Each AWS account can queue 1,000 automations. When an automation completes (or reaches a terminal state), the first automation in the queue is started.

Automation Concurrently running rate control automations

25

Each AWS account can run 25 rate control automations simultaneously. If you attempt to run more rate control automations than the concurrent rate control automation limit, Systems Manager adds the subsequent rate control automations to a queue and displays a status of Pending.

Automation Rate control automation queue

1000

If you attempt to run more automations than the concurrent rate control automation limit, subsequent automations are added to a queue. Each AWS account can queue 1,000 rate control automations. When an automation completes (or reaches a terminal state), the first automation in the queue is started.

Automation Number of levels of nested automation

5

A parent-level Automation document can start a child-level Automation document. This represents one level of nested automation. The child-level Automation document can start another Automation document, resulting in two levels of nested automation. This can continue up to a maximum of five (5) levels below the top-level parent Automation document.

Automation Number of days an automation execution history is stored in the system

30

Automation Additional automation executions that can be queued

1,000

Automation Maximum duration an automation execution can run when running in the context of a user

12 hours

If you expect an automation to run longer than 12 hours, then you must run the automation by using a service role (or assume role).

Automation executeScript action run time

10 minutes

Each executeScript action can run up to a maximum duration of 10 minutes.

Automation invokeLambdaFunction action run time

5 minutes

Each invokeLambdaFunction action can run up to a maximum duration of five (5) minutes.

Automation Number of Automation document (playbook) attachments

5

Each document can have up to five (5) attachments.

Automation Automation document (playbook) attachment size

256 MB

Each attachment can be up to 256 MB.

Distributor

Maximum number of attachments in a Distributor package

20

Distributor

Maximum size per attachment in a Distributor package

1 GB

Distributor

Maximum number of Distributor packages per account, per Region

200

Distributor

Maximum number of package versions per Distributor package

25

Distributor

Maximum package size in Distributor

20 GB

Distributor

Maximum package manifest size in Distributor

64 KB

Explorer

Maximum number of resource data syncs (per account per Region)

5

Inventory

Maximum number of resource data syncs (per account per Region)

5

Inventory

Inventory data collected per instance per call

1 MB

This maximum adequately supports most inventory collection scenarios. When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Inventory

Inventory data collected per instance per day

5 MB

When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration.

Inventory

Custom inventory types

20

You can add up to 20 custom inventory types.

Inventory

Custom inventory type size

200 KB

This is the maximum size of the type, not the inventory collected.

Inventory

Custom inventory type attributes

50

This is the maximum number of attributes within the custom inventory type.

Inventory

Inventory data expiration

30 days

If you terminate an instance, inventory data for that instance is deleted immediately. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Amazon EC2 managed instance inventory in the AWS Config Developer Guide.

Maintenance Windows

Maintenance windows per account

50

Maintenance Windows

Tasks per maintenance window

20

Maintenance Windows

Targets per maintenance window

100

Maintenance Windows

Instance IDs per target

50

Maintenance Windows

Targets per task

10

Maintenance Windows

Concurrent executions of a single maintenance window

1

Maintenance Windows

Concurrent executions of maintenance windows

5

Maintenance Windows

Execution history retention

30 days

Managed Instances - Hybrid Environment Total number of registered on-premises servers and virtual machines (VMs) in a hybrid environment

Standard instances: 1,000 (per account per Region)

Advanced instances: Advanced instances are available on a pay-per-use basis. Advanced instances also enable you to connect to your hybrid machines by using AWS Systems Manager Session Manager. For more information about activating on-premises instances for use in your hybrid environment, see Create a Managed-Instance Activation in the AWS Systems Manager User Guide. For more information about enabling advanced instances, see Using the Advanced-Instances Tier.

OpsCenter

Total number of OpsItems allowed per account per AWS Region

500,000

OpsCenter

Maximum number of OpsItems per account per month

10,000

OpsCenter

Maximum operational data value size

20 KB

OpsCenter

Maximum number of associated Automation runbooks per OpsItem

10

OpsCenter

Maximum number of Automation runbook executions stored in operational data under a single associated runbook

10

OpsCenter

Maximum number of related resources you can specify per OpsItem

100

OpsCenter

Maximum number of related OpsItems you can specify per OpsItem

10

OpsCenter

Maximum length of a deduplication string

64 characters

OpsCenter

Duration before an OpsItem is automatically archived by the system (regardless of status)

36 months

Parameter Store

Total number of parameters allowed

(per AWS account and Region)

Standard parameters: 10,000

Advanced parameters: 100,000

For more information about advanced parameters, see About Systems Manager Advanced Parameters in the AWS Systems Manager User Guide.

Parameter Store

Max size for parameter value

Standard parameter: 4 KB

Advanced parameter: 8 KB

Parameter Store

Max number of parameter policies per advanced parameter

10

Parameter Store

Max throughput (transactions per second)

Default throughput: 40 (Shared by the following API actions: GetParameter, GetParameters, GetParametersByPath)

Higher throughput: 100 (GetParametersByPath)

Higher throughput: 1000 (Shared by the following API actions: GetParameter and GetParameters)

For more information about Parameter Store throughput, see Increasing Parameter Store Throughput in the AWS Systems Manager User Guide.

Parameter Store

Max history for a parameter

100 past values

Patch Baselines

Patch baselines per account

50

Patch Baselines

Patch groups per patch baseline

25

Run Command Execution history retention

30 days

The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail.

Session Manager

Maximum idle time before session termination

20 minutes

SSM Documents Total documents

500

Each AWS account can create a maximum of 500 documents per Region.

SSM Documents Privately shared Systems Manager document

1000

A single Systems Manager document can be shared with a maximum of 1000 AWS accounts.

SSM Documents Publicly shared Systems Manager document

5

Each AWS account can publicly share a maximum of five documents.

State Manager Concurrent State Manager associations

2,000

Each AWS Account can have 2,000 associations per Region at one time.

State Manager State Manager association versions

1,000

You can created a maximum of 1,000 versions of a State Manager association.