Quotas for Amazon Verified Permissions
Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased.
To view the quotas for Verified Permissions, open the Service Quotas
console
To request a quota increase, see Requesting a Quota
Increase in the Service Quotas User Guide. If the quota is not yet
available in Service Quotas, use the limit increase
form
Your AWS account has the following quotas related to Verified Permissions.
Quotas for resources
Name | Default | Adjustable | Description |
---|---|---|---|
Policy stores per Region per account | Each supported Region: 30,000 |
Yes
|
The maximum number of policy stores. |
Policy templates per policy store | Each supported Region: 40 |
Yes
|
The maximum number of policy templates in a policy store. |
Identity sources per policy store | 1 | No | The maximum number of identity sources that you can define for a policy store. |
Authorization request size¹ | 1 MB | No | The maximum size of an authorization request. |
Policy size | 10,000 bytes | No | The maximum size of an individual policy. |
Schema size | 200,000 bytes | No | The maximum size of the schema of a policy store. |
Policy size per resource | 200,000 bytes² | Yes | The maximum size of all policies that reference a specific resource. |
¹ The quota for an authorization request is the same for both IsAuthorized and IsAuthorizedWithToken.
² The default limit for the total size of all the policies scoped for a single resource is 200,000 bytes. Similarly, the total size of all the policies,
where the scope leaves the resource undefined, thereby applying to all resources, is limited by default to 200,000 bytes. Note that for template-linked policies the size
of the policy template is counted only once, plus the size of each set of parameters used to instantiate each template-linked policy. This limit can be raised, provided that your policy design meets
certain constraints. If you need to explore this option, contact Support
Quotas for hierarchies
Note
The following quotas are aggregated, meaning they are added together. The maximum number of transitive parents for the group is what's listed. For example, if the limit of Transitive parents per principal is 100 that means there could be 100 parents of principals and 0 parents for both actions and resources, or any combination of parents that add up to 100 total parents.
Name | Default | Adjustable | Description |
---|---|---|---|
Transitive parents per principal | 100 | No | The maximum number of transitive parents for each principal. |
Transitive parents per action | 100 | No | The maximum number of transitive parents for each action. |
Transitive parents per resource | 100 | No | The maximum number of transitive parents for each resource. |
The diagram below illustrates how transitive parents can be defined for an entity (principal, action, or resource).

Quotas for operations per second
Verified Permissions throttles requests to service endpoints in an AWS Region when application
requests exceed the quota for an API operation. Verified Permissions might return an exception when you
exceed the quota in requests per second, or you attempt simultaneous write operations.
You can view your current RPS quotas in Service Quotas
Name | Default | Adjustable | Description |
---|---|---|---|
BatchGetPolicy requests per second per Region per account | Each supported Region: 10 | Yes |
The maximum number of BatchGetPolicy requests per second. |
BatchIsAuthorized requests per second per Region per account | Each supported Region: 30 |
Yes
|
The maximum number of BatchIsAuthorized requests per second. |
BatchIsAuthorizedWithToken requests per second per Region per account | Each supported Region: 30 | Yes | The maximum number of BatchIsAuthorizedWithToken requests per second. |
CreatePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of CreatePolicy requests per second. |
CreatePolicyStore requests per second per Region per account | Each supported Region: 1 | No | The maximum number of CreatePolicyStore requests per second. |
CreatePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of CreatePolicyTemplate requests per second. |
DeletePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of DeletePolicy requests per second. |
DeletePolicyStore requests per second per Region per account | Each supported Region: 1 | No | The maximum number of DeletePolicyStore requests per second. |
DeletePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of DeletePolicyTemplate requests per second. |
GetPolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetPolicy requests per second. |
GetPolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetPolicyTemplate requests per second. |
GetSchema requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetSchema requests per second. |
IsAuthorized requests per second per Region per account | Each supported Region: 200 |
Yes
|
The maximum number of IsAuthorized requests per second. |
IsAuthorizedWithToken requests per second per Region per account | Each supported Region: 200 |
Yes
|
The maximum number of IsAuthorizedWithToken requests per second. |
ListPolicies requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicies requests per second. |
ListPolicyStores requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicyStores requests per second. |
ListPolicyTemplates requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicyTemplates requests per second. |
PutSchema requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of PutSchema requests per second. |
UpdatePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of UpdatePolicy requests per second. |
UpdatePolicyStore requests per second per Region per account | Each supported Region: 10 | No | The maximum number of UpdatePolicyStore requests per second. |
UpdatePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of UpdatePolicyTemplate requests per second. |