Amazon Macie quotas - Amazon Macie

Amazon Macie quotas

Your AWS account has certain default quotas, formerly referred to as limits, for each AWS service. These quotas are the maximum number of service resources or operations for your account. This topic lists the quotas that apply to Amazon Macie resources and operations for your account. Unless otherwise noted, each quota applies to your account in each AWS Region.

Some quotas can be increased, while others cannot. To request an increase to a quota, use the Service Quotas console. To learn how to request an increase, see Requesting a quota increase in the Service Quotas User Guide. If a quota isn't available on the Service Quotas console, use the limit increase form in AWS Support Center to request an increase to the quota.


  • Member accounts by invitation: 1,000

  • Member accounts through AWS Organizations: 5,000


  • Findings per sensitive data discovery job: 100,000 + 5% of the objects in the job. This quota applies only to the Amazon Macie console and the Amazon Macie API. There isn't a quota for the number of finding events that Macie publishes to Amazon EventBridge or the number of sensitive data discovery results that Macie creates for a job.

  • Detection locations per sensitive data finding: 15 occurrences

  • Filter and suppression rules per account: 1,000

Sensitive data discovery

  • Monthly sensitive data discovery per account: 5 TB. This quota is eligible for increase. To increase the quota to as much as 1,000 TB (1 PB), use the Service Quotas console to request the increase. To request an increase for more than 1 PB, use the limit increase form to request the increase.

  • Amazon Simple Storage Service (Amazon S3) buckets per sensitive data discovery job: 1,000. If your account is the Macie administrator account for an organization, the buckets can span as many as 1,000 accounts in your organization.

  • Custom data identifiers per sensitive data discovery job: 30

  • Extraction of compressed or archive files:

    • Nested archive depth: 10

    • Extracted files: 1,000,000

  • File sizes

    • Adobe Portable Document Format (PDF) file: 1,024 MB

    • Apache Avro object container: 8 GB

    • Apache Parquet file: 8 GB

    • GNU Zip compressed archive (.gz or .gzip file): 8 GB

    • Microsoft Excel workbook (.xls or .xlsx file): 512 MB

    • Microsoft Word document (.doc or .docx file): 512 MB

    • TAR archive (.tar file): 20 GB

    • Text file: 20 GB

    • ZIP compressed archive (.zip file): 8 GB

  • Detection locations in sensitive data discovery results: 1,000 per sensitive data detection type

  • Detection of full names: 1,000 per file unless the file is an archive file. For archive files, Macie detects and reports the total number of full names that were detected across individual files in the archive, for as many as 1,000 occurrences in each individual file.