AWS IAM Identity Center endpoints and quotas
To connect programmatically to an AWS service, you use an endpoint. AWS services offer the following endpoint types in some or all of the AWS Regions that the service supports: IPv4 endpoints, dual-stack endpoints, and FIPS endpoints. Some services provide global endpoints. For more information, see AWS service endpoints.
Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
The following are the service endpoints and service quotas for this service.
Service endpoints
IAM Identity Center
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 | sso.us-east-2.amazonaws.com | HTTPS |
| US East (N. Virginia) | us-east-1 | sso.us-east-1.amazonaws.com | HTTPS |
| US West (N. California) | us-west-1 | sso.us-west-1.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | sso.us-west-2.amazonaws.com | HTTPS |
| Africa (Cape Town) | af-south-1 | sso.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | sso.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | sso.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | sso.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 | sso.ap-southeast-5.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | sso.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | sso.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | sso.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | sso.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | sso.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | sso.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | sso.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | sso.ca-central-1.amazonaws.com | HTTPS |
| Canada West (Calgary) | ca-west-1 | sso.ca-west-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | sso.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | sso.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | sso.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | sso.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | sso.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | sso.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | sso.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | sso.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | sso.il-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | sso.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | sso.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | sso.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | sso.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 | sso.us-gov-west-1.amazonaws.com | HTTPS |
Identity Store
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 | identitystore.us-east-2.amazonaws.com | HTTPS |
| US East (N. Virginia) | us-east-1 | identitystore.us-east-1.amazonaws.com | HTTPS |
| US West (N. California) | us-west-1 | identitystore.us-west-1.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | identitystore.us-west-2.amazonaws.com | HTTPS |
| Africa (Cape Town) | af-south-1 | identitystore.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | identitystore.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | identitystore.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | identitystore.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 | identitystore.ap-southeast-5.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | identitystore.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | identitystore.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | identitystore.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | identitystore.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | identitystore.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | identitystore.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Thailand) | ap-southeast-7 | identitystore.ap-southeast-7.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | identitystore.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | identitystore.ca-central-1.amazonaws.com | HTTPS |
| Canada West (Calgary) | ca-west-1 | identitystore.ca-west-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | identitystore.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | identitystore.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | identitystore.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | identitystore.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | identitystore.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | identitystore.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | identitystore.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | identitystore.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | identitystore.il-central-1.amazonaws.com | HTTPS |
| Mexico (Central) | mx-central-1 | identitystore.mx-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | identitystore.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | identitystore.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | identitystore.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | identitystore.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 | identitystore.us-gov-west-1.amazonaws.com | HTTPS |
Service quotas
| Name | Default | Adjustable | Description |
|---|---|---|---|
| File size of service provider SAML 2.0 certificates (in PEM format) | Each supported Region: 2 Kilobytes | No | The maximum file size (in KB) of service provider SAML 2.0 certificates (in PEM format). |
| Number of groups supported in IAM Identity Center | Each supported Region: 100,000 | No | The maximum number of groups supported in IAM Identity Center. |
| Number of permission sets allowed in IAM Identity Center | Each supported Region: 2,000 |
Yes |
The default number of permission sets in IAM Identity Center. |
| Number of permission sets allowed per AWS account | Each supported Region: 500 |
Yes |
The default number of permission sets allowed per AWS account. |
| Number of unique groups that can be used to evaluate the permissions for a user | Each supported Region: 1,000 | No | The maximum number of unique groups that can be used to evaluate the permissions for a user. Before displaying the users available AWS accounts and application icons in the AWS access portal, IAM Identity Center evaluates the users effective permissions by evaluating their group memberships. |
| Number of users supported in IAM Identity Center | Each supported Region: 100,000 |
Yes |
The default number of users supported in IAM Identity Center. |
| Total number of AWS accounts or applications that can be configured | Each supported Region: 3,000 |
Yes |
The default total number of AWS accounts or applications (total combined) that can be configured. For example, you might configure 2750 accounts and 250 applications, resulting in a total of 3000 accounts and applications. |
For more information, see AWS IAM Identity Center quotas in the AWS IAM Identity Center User Guide.
