Quotas for Amazon Verified Permissions
Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased.
To view the quotas for Verified Permissions, open the Service Quotas
console
To request a quota increase, see Requesting a Quota
Increase in the Service Quotas User Guide. If the quota is not yet
available in Service Quotas, use the limit increase
form
Your AWS account has the following quotas related to Verified Permissions.
Quotas for resources
Name | Default | Adjustable | Description |
---|---|---|---|
Policy stores per Region per account | Each supported Region: 1,000 |
Yes
|
The maximum number of policy stores. |
Policy templates per policy store | Each supported Region: 40 |
Yes
|
The maximum number of policy templates in a policy store. |
Identity sources per policy store | 1 | No | The maximum number of identity sources that you can define for a policy store. |
Authorization request size¹ | 1 MB | No | The maximum size of an authorization request. |
Policy size | 10,000 bytes | No | The maximum size of an individual policy. |
Schema size | 100,000 bytes | No | The maximum size of the schema of a policy store. |
Policy size per resource | 200,000 bytes² | No | The maximum size of all policies that reference a specific resource. |
¹ The quota for an authorization request is the same for both IsAuthorized and IsAuthorizedWithToken.
² The total size of all the policies pertaining to a single resource can't exceed 200,000 bytes. In addition, the total size of all the policies that specify "All resources" can't exceed 200,000 bytes. For template-linked policies, the size of the policy template is counted only once, plus the size of each set of parameters used to instantiate each template-linked policy.
Quotas for hierarchies
Name | Default | Adjustable | Description |
---|---|---|---|
Transitive parents per principal | 100 | No | The maximum number of transitive parents for each principal. |
Transitive parents per action | 100 | No | The maximum number of transitive parents for each action. |
Transitive parents per resource | 100 | No | The maximum number of transitive parents for each resource. |
The diagram below illustrates how transitive parents can be defined for an entity (principal, action, or resource).
Quotas for operations per second
Verified Permissions throttles requests to service endpoints in an AWS Region when application
requests exceed the quota for an API operation. Verified Permissions might return an exception when you
exceed the quota in requests per second, or you attempt simultaneous write operations.
You can view your current RPS quotas in Service Quotas
Name | Default | Adjustable | Description |
---|---|---|---|
BatchIsAuthorized requests per second per Region per account | Each supported Region: 30 |
Yes
|
The maximum number of BatchIsAuthorized requests per second. |
BatchIsAuthorizedWithToken requests per second per Region per account | Each supported Region: 30 | Yes | The maximum number of BatchIsAuthorizedWithToken requests per second. |
CreatePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of CreatePolicy requests per second. |
CreatePolicyStore requests per second per Region per account | Each supported Region: 1 | No | The maximum number of CreatePolicyStore requests per second. |
CreatePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of CreatePolicyTemplate requests per second. |
DeletePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of DeletePolicy requests per second. |
DeletePolicyStore requests per second per Region per account | Each supported Region: 1 | No | The maximum number of DeletePolicyStore requests per second. |
DeletePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of DeletePolicyTemplate requests per second. |
GetPolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetPolicy requests per second. |
GetPolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetPolicyTemplate requests per second. |
GetSchema requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of GetSchema requests per second. |
IsAuthorized requests per second per Region per account | Each supported Region: 200 |
Yes
|
The maximum number of IsAuthorized requests per second. |
IsAuthorizedWithToken requests per second per Region per account | Each supported Region: 200 |
Yes
|
The maximum number of IsAuthorizedWithToken requests per second. |
ListPolicies requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicies requests per second. |
ListPolicyStores requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicyStores requests per second. |
ListPolicyTemplates requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of ListPolicyTemplates requests per second. |
PutSchema requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of PutSchema requests per second. |
UpdatePolicy requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of UpdatePolicy requests per second. |
UpdatePolicyStore requests per second per Region per account | Each supported Region: 10 | No | The maximum number of UpdatePolicyStore requests per second. |
UpdatePolicyTemplate requests per second per Region per account | Each supported Region: 10 |
Yes
|
The maximum number of UpdatePolicyTemplate requests per second. |