AWS Systems Manager endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service Endpoints
In addition to the ssm.* endpoints listed below, your managed
instances must also allow HTTPS (port 443) outbound traffic to the following
endpoints:
-
ec2messages.* -
ssmmessages.*
For more information about these endpoints, see Reference: ec2messages, ssmmessages, and Other API Calls in the AWS Systems Manager User Guide.
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
ssm.us-east-2.amazonaws.com ssm-fips.us-east-2.amazonaws.com ssm-facade-fips.us-east-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
ssm.us-east-1.amazonaws.com ssm-fips.us-east-1.amazonaws.com ssm-facade-fips.us-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| US West (N. California) | us-west-1 |
ssm.us-west-1.amazonaws.com ssm-fips.us-west-1.amazonaws.com ssm-facade-fips.us-west-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
ssm.us-west-2.amazonaws.com ssm-fips.us-west-2.amazonaws.com ssm-facade-fips.us-west-2.amazonaws.com |
HTTPS HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | ssm.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | ssm.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | ssm.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | ssm.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | ssm.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | ssm.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | ssm.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | ssm.ca-central-1.amazonaws.com | HTTPS |
| China (Beijing) | cn-north-1 | ssm.cn-north-1.amazonaws.com.cn | HTTPS |
| China (Ningxia) | cn-northwest-1 | ssm.cn-northwest-1.amazonaws.com.cn | HTTPS |
| Europe (Frankfurt) | eu-central-1 | ssm.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | ssm.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | ssm.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | ssm.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | ssm.eu-west-3.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | ssm.eu-north-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | ssm.me-south-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | ssm.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 |
ssm.us-gov-east-1.amazonaws.com ssm.us-gov-east-1.amazonaws.com ssm-facade.us-gov-east-1.amazonaws.com |
HTTPS HTTPS HTTPS |
| AWS GovCloud (US) | us-gov-west-1 |
ssm.us-gov-west-1.amazonaws.com ssm.us-gov-west-1.amazonaws.com ssm-facade.us-gov-west-1.amazonaws.com |
HTTPS HTTPS HTTPS |
For information about using AWS Systems Manager in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-West) Endpoints.
For information about using AWS Systems Manager in the China Regions, see:
AWS Systems Manager Distributor is available in all commercial Regions except the China (Beijing) Region and the China (Ningxia) Region. Distributor is not available in the AWS GovCloud (US-West) Endpoints.
Service Quotas
| Capability | Resource | Default |
|---|---|---|
| Automation | Concurrently running automations |
25 Each AWS account can run a maximum of 25 automation executions at one time. Concurrent executions greater than 25 are automatically added to an execution queue. |
| Automation | Concurrently running child automations |
75 Each AWS account can run a maximum of 75 child automations. Child automation executions are initiated from a parent automation execution. This quota is a cumulative total of child automation executions. Current child automation executions over the default quota of 75 are automatically added to an execution queue. |
| Automation | Number of inline automations |
5 An automation document can start another automation document. From a parent automation document, you can start a maximum of five (5) automation documents |
| Automation | Number of days an automation execution history is stored in the system |
30 |
| Automation | Additional automation executions that can be queued |
1,000 |
| Automation | Maximum duration an automation execution can run when running in the context of a user |
12 hours If you expect an automation to run longer than 12 hours, then you must run the automation by using a service role (or assume role). |
| Automation | executeScript action run time
|
10 minutes Each |
| Automation | invokeLambdaFunction action run time
|
5 minutes Each |
| Automation | Number of Automation document (playbook) attachments |
5 Each document can have up to five (5) attachments. |
| Automation | Automation document (playbook) attachment size |
256 MB Each attachment can be up to 256 MB. |
| Distributor |
Maximum number of Distributor packages per account, per Region |
200 |
| Distributor |
Maximum number of package versions per Distributor package |
25 |
| Distributor |
Maximum package size in Distributor |
20 GB |
| Distributor |
Maximum package manifest size in Distributor |
64 KB |
| Managed Instances - Hybrid Environment | Total number of registered on-premises servers and virtual machines (VMs) in a hybrid environment |
Standard instances: 1,000 (per account per Region) Advanced instances: Advanced instances are available on a pay-per-use basis. Advanced instances also enable you to connect to your hybrid machines by using AWS Systems Manager Session Manager. For more information about activating on-premises instances for use in your hybrid environment, see Create a Managed-Instance Activation in the AWS Systems Manager User Guide. For more information about enabling advanced instances, see Using the Advanced-Instances Tier. |
| Inventory |
Inventory data collected per instance per call |
1 MB This maximum adequately supports most inventory collection scenarios. When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
| Inventory |
Inventory data collected per instance per day |
5 MB When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
| Inventory |
Custom inventory types |
20 You can add up to 20 custom inventory types. |
| Inventory |
Custom inventory type size |
200 KB This is the maximum size of the type, not the inventory collected. |
| Inventory |
Custom inventory type attributes |
50 This is the maximum number of attributes within the custom inventory type. |
| Inventory |
Inventory data expiration |
30 days If you terminate an instance, inventory data for that instance is deleted immediately. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Amazon EC2 managed instance inventory in the AWS Config Developer Guide. |
| Maintenance Windows |
Maintenance windows per account |
50 |
| Maintenance Windows |
Tasks per maintenance window |
20 |
| Maintenance Windows |
Targets per maintenance window |
100 |
| Maintenance Windows |
Instance IDs per target |
50 |
| Maintenance Windows |
Targets per task |
10 |
| Maintenance Windows |
Concurrent executions of a single maintenance window |
1 |
| Maintenance Windows |
Concurrent executions of maintenance windows |
5 |
| Maintenance Windows |
Execution history retention |
30 days |
| OpsCenter |
Total number of OpsItems allowed per account per AWS Region |
500,000 |
| OpsCenter |
Maximum number of OpsItems per account per month |
10,000 |
| OpsCenter |
Maximum operational data value size |
20 KB |
| OpsCenter |
Maximum number of associated Automation runbooks per OpsItem |
10 |
| OpsCenter |
Maximum number of Automation runbook executions stored in operational data under a single associated runbook |
10 |
| OpsCenter |
Maximum number of related resources you can specify per OpsItem |
100 |
| OpsCenter |
Maximum number of related OpsItems you can specify per OpsItem |
10 |
| OpsCenter |
Maximum length of a deduplication string |
64 characters |
| Parameter Store |
Total number of parameters allowed (per AWS account and Region) |
Standard parameters: 10,000 Advanced parameters: 100,000 For more information about advanced parameters, see About Systems Manager Advanced Parameters in the AWS Systems Manager User Guide. |
| Parameter Store |
Max size for parameter value |
Standard parameter: 4 KB Advanced parameter: 8 KB |
| Parameter Store |
Max number of parameter policies per advanced parameter |
10 |
| Parameter Store |
Max throughput (transactions per second) |
Default throughput: 40 (Shared by the following API actions: GetParameter, GetParameters, GetParametersByPath) Higher throughput: 100 (GetParametersByPath) Higher throughput: 1000 (Shared by the following API actions: GetParameter and GetParameters) For more information about Parameter Store throughput, see Increasing Parameter Store Throughput in the AWS Systems Manager User Guide. |
| Parameter Store |
Max history for a parameter |
100 past values |
| Patch Baselines |
Patch baselines per account |
50 |
| Patch Baselines |
Patch groups per patch baseline |
25 |
| Run Command | Execution history retention |
30 days The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail. |
| Session Manager |
Maximum idle time before session termination |
20 minutes |
| SSM Documents | Total documents |
500 Each AWS account can create a maximum of 500 documents per Region. |
| SSM Documents | Privately shared Systems Manager document |
1000 A single Systems Manager document can be shared with a maximum of 1000 AWS accounts. |
| SSM Documents | Publicly shared Systems Manager document |
5 Each AWS account can publicly share a maximum of five documents. |
| State Manager | Targets per State Manager association |
10,000 Each Systems Manager document can be associated with a maximum of 10,000 instances. As a best practice when creating State Manager associations, use tags as targets instead of instance IDs. |
| State Manager | Concurrent State Manager associations |
2,000 Each AWS Account can have 2,000 associations per Region at one time. |
| State Manager | State Manager association versions |
1,000 You can created a maximum of 1,000 versions of a State Manager association. |
