AWS Single Sign-On endpoints and quotas - AWS General Reference

AWS Single Sign-On endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

AWS SSO

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 sso.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 sso.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 sso.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 sso.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 sso.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 sso.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 sso.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 sso.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 sso.ca-central-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 sso.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 sso.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 sso.eu-west-2.amazonaws.com HTTPS
Europe (Paris) eu-west-3 sso.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 sso.eu-north-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 sso.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1

sso.us-gov-west-1.amazonaws.com

sso.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Identity Store

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 identitystore.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 identitystore.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 identitystore.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 identitystore.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 identitystore.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 identitystore.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 identitystore.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 identitystore.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 identitystore.ca-central-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 identitystore.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 identitystore.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 identitystore.eu-west-2.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 identitystore.eu-north-1.amazonaws.com HTTPS
AWS GovCloud (US-West) us-gov-west-1

identitystore.us-gov-west-1.amazonaws.com

identitystore.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Service quotas

Name Default Adjustable
File size of service provider SAML certificates (in PEM format) All supported Regions: 2 Kilobytes No
Number of groups supported in AWS SSO All supported Regions: 10,000 No
Number of permission sets allowed in AWS SSO All supported Regions: 500 Yes
Number of permission sets allowed per AWS account All supported Regions: 50 Yes
Number of unique directory groups that can be assigned All supported Regions: 2,500 Yes
Number of unique groups that can be used to evaluate the permissions for a user All supported Regions: 500 No
Number of users supported in AWS SSO All supported Regions: 50,000 No
Total number of AWS accounts or applications that can be configured All supported Regions: 500 Yes

For more information, see AWS Single Sign-On quotas in the AWS Single Sign-On User Guide.