Amazon GuardDuty quotas

Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas can't be increased.

To view the quotas for GuardDuty, open the Service Quotas console. In the navigation pane, choose AWS services and select Amazon GuardDuty.

To request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Your AWS account has the following quotas for Amazon GuardDuty per Region.

Note

For quotas specific to GuardDuty Malware Protection for EC2, see Malware Protection for EC2 quotas.
For quotas specific to Malware Protection for S3, see Quotas in Malware Protection for S3.

GuardDuty quotas per Region
Resource	Default	Comments
Detectors	1	The maximum number of detector resources that you can create per AWS account per Region. You can't request a quota increase.
Filters	100	The maximum number of saved filters per AWS account per Region. You can't request a quota increase.
Finding retention period	90 days	The maximum number of days a finding is retained. You can't request a quota increase.
IP addresses and CIDR ranges per Trusted IP List	2,000	The maximum number of IP addresses and CIDR ranges that you can include in a single Trusted IP List. You can't request a quota increase.
IP addresses and CIDR ranges per Threat List	250,000	The maximum number of IP address and CIDR ranges that you can include in a Threat List. You can't request a quota increase.
Maximum file size	35 MB	The maximum file size for the file used to upload a list of IP addresses or CIDR ranges to include in a Trusted IP List or a Threat List. You can't request a quota increase.
Member accounts (by invitation)	5000	The maximum number of member accounts associated with a administrator account account. You can't request a quota increase.
Member accounts	50,000	The maximum number of member accounts associated with a administrator account account through AWS Organizations. This includes member accounts that are added to the organization by invitation. This default value depends on your current quota for member accounts in AWS Organizations. The number of member accounts in GuardDuty that are added through AWS Organizations can't exceed the number of member accounts in your organization. For information about number of AWS accounts in an organization, see Maximum and minimum values in the AWS Organizations User Guide.
Threat intel sets	6	The maximum number of Threat intel sets that you can add per AWS account per Region. You can't request a quota increase.
Trusted IP sets	1	The maximum number of trusted IP sets that can be uploaded and activated per AWS account per Region. You can't request a quota increase.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

GuardDuty announcements

Troubleshooting