AWS Client VPN quotas
Your AWS account has the following quotas, formerly referred to as limits, related to Client VPN endpoints. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased.
To request a quota increase for an adjustable quota, choose Yes in the Adjustable column. For more information, see Requesting a quota increase in the Service Quotas User Guide.
Client VPN quotas
Name | Default | Adjustable |
---|---|---|
Authorization rules per Client VPN endpoint | 50 | Yes |
Client VPN endpoints per Region | 5 | Yes |
Concurrent client connections per Client VPN endpoint |
This value depends on the number of subnet associations per endpoint.
|
Yes |
Concurrent operations per Client VPN endpoint † | 10 | No |
Entries in a client certificate revocation list for Client VPN endpoints | 20,000 | No |
Routes per Client VPN endpoint | 10 | Yes |
† Operations include:
-
Associate or disassociate subnets
-
Create or delete routes
-
Create or delete inbound and outbound rules
-
Create or delete security groups
Users and groups quotas
When you configure users and groups for Active Directory or a SAML-based IdP, the following quotas apply:
-
Users can belong to a maximum of 200 groups. We ignore any groups after the 200th group.
-
The maximum length for the group ID is 255 characters.
-
The maximum length for the name ID is 255 characters. We truncate characters after the 255th character.
General considerations
Take the following into consideration when you use Client VPN endpoints:
-
If you use Active Directory to authenticate the user, the Client VPN endpoint must belong to the same account as the AWS Directory Service resource used for Active Directory authentication.
-
If you use SAML-based federated authentication to authenticate a user, the Client VPN endpoint must belong to the same account as the IAM SAML identity provider that you create to define the IdP-to-AWS trust relationship. The IAM SAML identity provider can be shared across multiple Client VPN endpoints in the same AWS account.