AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Developer Guide (API Version 2015-08-24)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS Firewall Manager Limits

AWS Firewall Manager has default limits on the number of entities per account. You can request an increase in these limits.

Resource Default Limit

Accounts per organization in AWS Organizations

Varies. An invitation sent to an account counts against this limit. The count is returned if the invited account declines, the master account cancels the invitation, or the invitation expires.

Firewall Manager policies per organization in AWS Organizations

20

Tags that include or exclude resources per Firewall Manager policy

8

Rule groups per Firewall Manager administrator account 10
Primary security groups per common Firewall Manager policy 1
Audit security groups per content audit Firewall Manager policy 1
Amazon VPC instances in scope per Firewall Manager common security group policy 5

The security group policies managed by Firewall Manager are subject to standard Amazon VPC limits. For more information, see Amazon VPC Limits in the Amazon VPC User Guide.

The following limits related to AWS Firewall Manager can't be changed.

Resource Limit

Rule groups per Firewall Manager policy

2: 1 customer-created rule group and 1 AWS Marketplace rule group

Rules per rule group

10