AWS Network Firewall quotas - AWS Network Firewall

AWS Network Firewall quotas

AWS Network Firewall is subject to the following quotas (formerly referred to as limits). These quotas are the same for all AWS Regions in which Network Firewall is available. Each Region is subject to these quotas individually. The quotas are not cumulative across Regions.

Network Firewall has the following default quotas on the maximum number of entities you can have per account per Region. You can request a modification to these quotas by creating a support case for a service limit increase at the AWS Support Center.

Resource Default quota per account per Region

Maximum number of firewalls.

5

Maximum number of firewall policies. 20

Maximum number of stateful rule groups.

50

Maximum number of stateless rule groups.

50

Network Firewall has the following quotas that can't be changed.

Resource Quota per account per Region
Maximum size of a Suricata-compatible rules string for a rule group, in bytes. 2,000,000
Maximum stateful rule group capacity. For more information, see Rule group capacity in AWS Network Firewall. 30,000
Maximum number of stateful rule groups per firewall policy. 10
Maximum number of stateful rules per firewall policy. This is the total across all rule groups that are referenced by the policy. 30,000
Maximum stateless rule group capacity. For more information, see Rule group capacity in AWS Network Firewall. 30,000
Maximum number of stateless rule groups per firewall policy. 10
Maximum number of stateless rules per firewall policy. This is the total across all rule groups that are referenced by the policy. 10,000
Required number of firewall policies per firewall. 1
Maximum number of firewalls that can use the same firewall policy. 1,000
Maximum number of firewall policies that can use the same rule group. 1,000