AWS Service Limits
The following tables provide the default limits for AWS services for an AWS account. Unless otherwise noted, each limit is region-specific. Many services contain limits that cannot be changed. For more information about the limits for a specific service, see the documentation for that service.
AWS Trusted Advisor offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services. For more information, see Service Limits Check Questions in the Trusted Advisor FAQs.
You can take the following steps to request an increase for limits. These increases are not granted immediately, so it may take a couple of days for your increase to become effective.
To request a limit increase
-
Open the AWS Support Center page, sign in, if necessary, and then choose Create Case.
-
Under Regarding, choose Service Limit Increase.
-
Under Limit Type, choose the type of limit to increase, fill in the necessary fields in the form, and then choose your preferred method of contact.
Default Limits
- Amazon API Gateway Limits
- AWS Application Discovery Service Limits
- Amazon AppStream Limits
- Amazon AppStream 2.0 Limits
- Application Auto Scaling Limits
- Amazon Athena Limits
- Auto Scaling Limits
- AWS Batch Limits
- AWS Certificate Manager (ACM) Limits
- AWS CloudFormation Limits
- Amazon CloudFront Limits
- AWS CloudHSM Limits
- Amazon CloudSearch Limits
- AWS CloudTrail Limits
- Amazon CloudWatch Limits
- Amazon CloudWatch Events Limits
- Amazon CloudWatch Logs Limits
- AWS CodeBuild Limits
- AWS CodeCommit Limits
- AWS CodeDeploy Limits
- AWS CodePipeline Limits
- Amazon Cognito User Pools Limits
- Amazon Cognito Federated Identities Limits
- Amazon Cognito Sync Limits
- Amazon Connect Limits
- AWS Config Limits
- AWS Data Pipeline Limits
- AWS Database Migration Service Limits
- AWS Device Farm Limits
- AWS Direct Connect Limits
- AWS Directory Service Limits
- Amazon DynamoDB Limits
- Amazon EC2 Container Registry (Amazon ECR) Limits
- Amazon EC2 Container Service (Amazon ECS) Limits
- Amazon EC2 Systems Manager Limits
- AWS Elastic Beanstalk Limits
- Amazon Elastic Block Store (Amazon EBS) Limits
- Amazon Elastic Compute Cloud (Amazon EC2) Limits
- Amazon Elastic File System Limits
- Elastic Load Balancing Limits
- Amazon Elastic Transcoder Limits
- Amazon ElastiCache Limits
- Amazon Elasticsearch Service Limits
- Amazon GameLift Limits
- AWS Greengrass Limits
- AWS Identity and Access Management (IAM) Limits
- AWS Import/Export Limits
- Amazon Inspector Limits
- AWS IoT Limits
- AWS Key Management Service (AWS KMS) Limits
- Amazon Kinesis Firehose Limits
- Amazon Kinesis Streams Limits
- AWS Lambda Limits
- Amazon Lightsail Limits
- Amazon Machine Learning (Amazon ML) Limits
- AWS OpsWorks for Chef Automate Limits
- AWS OpsWorks Stacks Limits
- AWS Organizations Limits
- Amazon Polly Limits
- Amazon Pinpoint Limits
- Amazon Redshift Limits
- Amazon Relational Database Service (Amazon RDS) Limits
- Amazon Route 53 Limits
- AWS Server Migration Service Limits
- AWS Service Catalog Limits
- AWS Shield Advanced Limits
- Amazon Simple Email Service (Amazon SES) Limits
- Amazon Simple Notification Service (Amazon SNS) Limits
- Amazon Simple Queue Service (Amazon SQS)
- Amazon Simple Storage Service (Amazon S3) Limits
- Amazon Simple Workflow Service (Amazon SWF) Limits
- Amazon SimpleDB Limits
- AWS Step Functions Limits
- AWS Storage Gateway Limits
- Amazon Virtual Private Cloud (Amazon VPC) Limits
- AWS WAF Limits
- Amazon WorkMail Limits
- Amazon WorkSpaces Limits
Amazon API Gateway Limits
The following limits apply to configuring and running an API in Amazon API Gateway and can be increased upon request to optimize performances of a deployed API in Amazon API Gateway.
Resource or Operation | Default Limit |
---|---|
Throttle rate per account | 10000 request per second (rps) with an additional burst capacity provided by the token bucket algorithm, using a maximum bucket capacity of 5000 requests. |
APIs per account | 60 |
API keys per account | 500 |
Custom authorizers per API | 10 |
Client certificates per account | 60 |
Documentation parts per API | 2000 |
Resources per API | 300 |
Stages per API | 10 |
Usage plans per account | 300 |
Usage plans per API key | 10 |
All of the per API limits can only be increased on specific APIs.
Limits in Amazon API Gateway in the API Gateway Developer Guide.
AWS Application Discovery Service Limits
Resource | Default Limit |
---|---|
Inactive agents heartbeating but not collecting data | 10,000 |
Active agents sending data to the service | 250 |
Total collected data for all agents, per day | 10 GB |
Data storage duration before being purged | 90 days |
Amazon AppStream Limits
Important
This information applies only to an older version of Amazon AppStream.
An Amazon AppStream account has a service limit of up to five concurrent streaming sessions:
-
Up to two concurrent streaming application deployments using the interactive wizard.
-
Up to three streaming applications in the Building, Active, or Error states.
For more information, see Amazon AppStream Application Lifecycle in the Amazon AppStream Developer Guide.
Amazon AppStream 2.0 Limits
Important
This information applies only to the latest version, Amazon AppStream 2.0.
Default Limits Per Region
Resource | Default Limit |
---|---|
Stacks | 5 per account |
Fleets | 5 per account |
Streaming instances | 5 per account |
Images | 5 per account |
Image builders | 5 per account |
Users | 5 per account |
Application Auto Scaling Limits
Resource | Default Limit |
---|---|
Scalable targets | 500 |
Scaling policies per scalable target | 50 |
Step adjustments per scaling policy | 20 |
Amazon Athena Limits
Resource | Default Limit |
---|---|
Number of concurrent queries | 5 |
Query timeout | 30 minutes |
Number of databases | 100 |
Number of tables per database | 100 |
Number of partitions per table | 20,000 |
Auto Scaling Limits
Resource | Default Limit |
---|---|
Launch configurations per region | 100 |
Auto Scaling groups per region | 20 |
Scaling policies per Auto Scaling group | 50 |
Scheduled actions per Auto Scaling group | 125 |
Lifecycle hooks per Auto Scaling group | 50 |
SNS topics per Auto Scaling group | 10 |
Load balancers per Auto Scaling group | 50 |
Target groups per Auto Scaling group | 50 |
Step adjustments per scaling policy | 20 |
Auto Scaling Limits in the Auto Scaling User Guide.
AWS Batch Limits
Item | Default Limit |
---|---|
Maximum number of compute environments | 10 |
Maximum number of job queues | 5 |
Maximum number of compute environments per job queue | 3 |
For more information about these limits, see Service Limits in the AWS Batch User Guide.
AWS Certificate Manager (ACM) Limits
Item | Default Limit |
---|---|
Number of ACM-provided certificates | 100 |
Number of imported certificates | 100 |
Number of domain names per ACM-provided certificate | 10 |
For more information about these limits, see Limits in the AWS Certificate Manager User Guide.
AWS CloudFormation Limits
Resource | Default Limit |
---|---|
Stacks | 200 |
AWS CloudFormation Limits in the AWS CloudFormation User Guide.
Amazon CloudFront Limits
Resource | Default Limit |
---|---|
Data transfer rate per distribution | 40 Gbps |
Requests per second per distribution | 100,000 |
Web distributions per account | 200 |
RTMP distributions per account | 100 |
Alternate domain names (CNAMEs) per distribution | 100 |
Origins per distribution | 25 |
Cache behaviors per distribution | 25 |
Whitelisted headers per cache behavior | 10 |
Whitelisted cookies per cache behavior | 10 |
SSL certificates per account when serving HTTPS requests using dedicated IP addresses (no limit when serving HTTPS requests using SNI) | 2 |
Custom headers that you can have Amazon CloudFront forward to the origin | 10 name–value pairs |
Whitelisted query strings per cache behavior |
For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide. |
Request timeout per origin |
For more information, see Request Timeout in the Amazon CloudFront Developer Guide. |
Limits in the Amazon CloudFront Developer Guide.
AWS CloudHSM Limits
Resource | Default Limit |
---|---|
HSM appliances | 3 |
High-availability partition groups | 20 |
Clients | 800 |
Amazon CloudSearch Limits
Resource | Default Limit |
---|---|
Partitions | 10 |
Search instances | 50 |
Understanding Amazon CloudSearch Limits in the Amazon CloudSearch Developer Guide.
AWS CloudTrail Limits
Resource | Default Limit | Comments |
---|---|---|
Trails per region | 5 | This limit cannot be increased. |
Get, describe, and list APIs |
10 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. This limit cannot be increased. |
All other APIs |
1 transaction per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. This limit cannot be increased. |
Amazon CloudWatch Limits
Resource | Default Limit | Comments |
---|---|---|
3 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. You can request a limit increase. |
|
400 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. You can request a limit increase. |
|
25 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. You can request a limit increase. |
|
3 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. You can request a limit increase. |
|
150 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being throttled. You can request a limit increase. |
CloudWatch Limits in the Amazon CloudWatch User Guide.
Amazon CloudWatch Events Limits
Resource | Default Limit | Comments |
---|---|---|
Rules |
100 per region per account |
You can request a limit increase. Before requesting a limit increase, examine your rules. You may have multiple rules each matching to very specific events. Consider broadening their scope by using fewer identifiers in your Events and Event Patterns. In addition, a rule can invoke several targets each time it matches an event. Consider adding more targets to your rules. |
CloudWatch Events Limits in the Amazon CloudWatch Events User Guide.
Amazon CloudWatch Logs Limits
Resource | Default Limit | Comments |
---|---|---|
5000 log groups/account/region |
If you exceed your log group limit, you get a You can request a limit increase. |
|
5 transactions per second (TPS)/account/region |
If you experience frequent throttling, you can request a limit increase. |
|
5 transactions per second (TPS)/account/region |
This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support. |
|
10 transactions per second (TPS)/account/region |
We recommend subscriptions if you are continuously processing new data. If you need historical data, we recommend exporting your data to Amazon S3. This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support. |
CloudWatch Logs Limits in the Amazon CloudWatch Logs User Guide.
AWS CodeBuild Limits
Resource | Default Limit |
---|---|
Maximum number of build projects | 1,000 |
Maximum number of concurrent running builds | 20 |
Limits for AWS CodeBuild in the AWS CodeBuild User Guide.
AWS CodeCommit Limits
Resource | Default Limit |
---|---|
Number of repositories | 1,000 per AWS account |
Limits in AWS CodeCommit in the AWS CodeCommit User Guide.
AWS CodeDeploy Limits
Resource | Default Limit |
---|---|
Maximum number of applications associated with an AWS account in a single region | 100 |
Maxium number of concurrent deployments associated with an AWS account | 10 |
Maximum number of deployment groups associated with a single application | 100 |
Maximum number of instances in a single deployment | 500 |
Maximum number of event notification triggers in a deployment group | 10 |
Limits in AWS CodeDeploy in the AWS CodeDeploy User Guide.
AWS CodePipeline Limits
Resource | Default Limit |
---|---|
Maximum number of pipelines per region in an AWS account |
US East (N. Virginia) (us-east-1): 40 US West (Oregon) (us-west-2): 60 EU (Ireland) (eu-west-1): 60 All other supported regions: 20 |
Number of stages in a pipeline |
Minimum of 2, maximum of 10 |
Number of actions in a stage |
Minimum of 1, maximum of 20 |
Number of parallel actions in a stage | 5 |
Number of sequential actions in a stage | 5 |
Number of custom actions per region in an AWS account |
50 |
Maximum number of revisions running across all pipelines in an AWS account, per region |
Five times the number of pipelines in the region |
Maximum size of source artifacts |
500 megabytes (MB) |
Maximum number of times an action can be run per month |
1,000 per calendar month |
It may take up to two weeks to process requests for a limit increase.
Limits in AWS CodePipeline in the AWS CodePipeline User Guide.
Amazon Cognito User Pools Limits
Resource | Default Limit |
---|---|
Maximum number of apps per user pool | 25 |
Maximum number of user pools per account | 60 |
Maximum number of user import jobs per user pool | 50 |
Maximum number of identity providers per user pool | 25 |
For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.
Amazon Cognito Federated Identities Limits
Resource | Default Limit |
---|---|
Maximum number of identity pools per account | 60 |
For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.
Amazon Cognito Sync Limits
Resource | Default Limit |
---|---|
Maximum number of datasets per identity | 20 |
Maximum number of records per dataset | 1024 |
Maximum size of a single dataset | 1 MB |
For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.
Amazon Connect Limits
Configuration area (per AWS account) | Limit |
---|---|
Maximum Amazon Connect instances |
3 |
Resource | Default Limit |
---|---|
Maximum users |
500 |
Maximum phone numbers |
10 |
Maximum queues |
50 |
Maximum queues per routing profile |
50 |
Maximum routing profiles |
100 |
Maximum hours of operation |
100 |
Maximum transfer destinations |
100 |
Maximum prompts |
500 |
Maximum agent status |
50 |
Maximum security profiles |
100 |
Maximum contact flows |
100 |
Maximum groups per level |
50 |
Maximum reports |
500 |
Maximum scheduled reports |
50 |
Maximum active calls |
100 |
Maximum sustained incoming call rate per second |
1 |
Dialable outbound destination countries |
US |
For information about additional documented limits, see Service Limits in the Amazon Connect Administrator Guide.
AWS Config Limits
Resource | Default Limit | Notes |
---|---|---|
Number of AWS Config rules per region in your account | 50 |
You can request a limit increase. |
AWS Data Pipeline Limits
Attribute | Limit | Adjustable |
---|---|---|
Number of pipelines | 100 | Yes |
Number of objects per pipeline | 100 | Yes |
Number of active instances per object | 5 | Yes |
Number of fields per object | 50 | No |
Number of UTF8 bytes per field name or identifier | 256 | No |
Number of UTF8 bytes per field | 10,240 | No |
Number of UTF8 bytes per object | 15,360 (including field names) | No |
Rate of creation of an instance from an object | 1 per 5 minutes | No |
Retries of a pipeline activity | 5 per task | No |
Minimum delay between retry attempts | 2 minutes | No |
Minimum scheduling interval | 15 minutes | No |
Maximum number of roll-ups into a single object | 32 | No |
Maximum number of EC2 instances per Ec2Resource object | 1 | No |
For additional limits, see AWS Data Pipeline Limits in the AWS Data Pipeline Developer Guide.
AWS Database Migration Service Limits
Resource | Default Limit |
---|---|
Replication instances | 20 |
Total amount of storage | 6 TB |
Replication subnet groups | 20 |
Subnets per replication subnet group | 20 |
Endpoints | 100 |
Tasks | 200 |
Endpoints per instance | 20 |
AWS Device Farm Limits
Resource | Default Limit | Comments |
---|---|---|
App file size you can upload |
4 GB |
|
Number of devices that AWS Device Farm can test during a run |
5 |
This limit can be increased to 100 upon request. |
Number of devices you can include in a test run |
None |
|
Number of runs you can schedule |
None |
|
Duration of a remote access session |
60 minutes |
AWS Direct Connect Limits
Resource | Default Limit | Comment |
---|---|---|
Virtual interfaces per AWS Direct Connect connection | 50 | This limit cannot be increased. |
Active AWS Direct Connect connections per region per account | 10 | To increase this limit, submit a request. |
Routes per Border Gateway Protocol (BGP) session on a private virtual interface | 100 | This limit cannot be increased. |
Routes per Border Gateway Protocol (BGP) session on a public virtual interface | 1,000 | This limit cannot be increased. |
Connections per link aggregation group (LAG) | 4 | To increase this limit, submit a request. |
Link aggregation groups (LAGs) per region | 10 | To increase this limit, submit a request. |
AWS Directory Service Limits
Resource | Default Limit |
---|---|
AD Connector directories | 10 |
AWS Directory Service for Microsoft Active Directory (Enterprise Edition) directories | 10 |
Simple AD directories | 10 |
Manual snapshots | 5 per Microsoft AD |
Manual snapshots | 5 per Simple AD |
For information about additional documented limits, including limits on Amazon Cloud Directory, see AWS Directory Service Limits in the AWS Directory Service Admin Guide.
Amazon DynamoDB Limits
Resource | Default Limit |
---|---|
US East (N. Virginia) Region:
Maximum capacity units per table or global secondary index |
40,000 read capacity units and 40,000 write capacity units |
US East (N. Virginia) Region:
Maximum capacity units per account |
80,000 read capacity units and 80,000 write capacity units |
All other regions:
Maximum capacity units per table or global secondary index |
10,000 read capacity units and 10,000 write capacity units |
All other regions:
Maximum capacity units per account |
20,000 read capacity units and 20,000 write capacity units |
Maximum number of tables | 256 |
Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide.
Amazon EC2 Container Registry (Amazon ECR) Limits
Resource | Default Limit |
---|---|
Maximum number of repositories per account | 1,000 |
Maximum number of images per repository | 1,000 |
For information about additional documented limits, see Amazon ECR Service Limits in the Amazon EC2 Container Registry User Guide.
Amazon EC2 Container Service (Amazon ECS) Limits
Resource | Default Limit |
---|---|
Number of clusters per region per account | 1000 |
Number of container instances per cluster | 1000 |
Number of services per cluster | 500 |
For information about additional documented limits, see Amazon ECS Service Limits in the Amazon EC2 Container Service Developer Guide.
Amazon EC2 Systems Manager Limits
Resource | Default Limit |
---|---|
Managed instances |
500 Each AWS account can register/activate a maximum of 500 managed instances in a region. |
Systems Manager documents |
200 Each AWS account can create a maximum of 200 documents per region. |
Privately shared Systems Manager document |
1000 A single Systems Manager document can be shared with a maximum of 1000 AWS accounts. |
Publicly shared Systems Manager document |
5 Each AWS account can publicly share a maximum of five documents. |
Document associations |
10,000 Each Systems Manager document can be associated with a maximum of 10,000 instances. |
Inventory data collected per instance per call |
1 MB This maximum adequately supports most inventory collection scenarios. When this limit is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
Inventory data collected per instance per day |
5 MB When this limit is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
Custom Inventory Types |
20 You can add up to 20 custom inventory types. |
Custom Inventory Type Size |
4 KB This is the maximum size of the type, not the inventory collected. |
Custom Inventory Type Attributes |
50 This is the maximum number of attributes within the custom inventory type. |
Inventory data expiration |
30 days If you terminate an instance, inventory data for that instance is deleted immediately. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Amazon EC2 managed instance inventory in the AWS Config Developer Guide. |
Maintenance Windows per account |
50 |
Tasks per Maintenance Window |
20 |
Targets per Maintenance Window |
50 |
Instance IDs per target |
50 |
Targets per task |
10 |
Concurrent executions of a single Maintenance Window |
1 |
Concurrent executions of Maintenance Windows |
5 |
Maintenance Window execution history retention |
30 days |
Maximum number of parameters per account |
1000 |
Max size for parameter value |
4096 characters |
Max history for a parameter |
100 past values |
Patch baselines per account |
25 |
Patch groups per patch baseline |
25 |
AWS Elastic Beanstalk Limits
Resource | Default Limit |
---|---|
Applications | 75 |
Application Versions | 1000 |
Environments | 200 |
Amazon Elastic Block Store (Amazon EBS) Limits
Resource | Default Limit |
---|---|
Number of EBS volumes | 5,000 |
Number of EBS snapshots | 10,000 |
Total volume storage of General Purpose SSD (gp2 ) volumes
|
20 TiB |
Total volume storage of Provisioned IOPS SSD (io1 ) volumes
|
20 TiB |
Total volume storage of Throughput Optimized HDD (st1 )
|
20 TiB |
Total volume storage of Cold HDD (sc1 )
|
20 TiB |
Total volume storage of Magnetic volumes | 20 TiB |
Total provisioned IOPS | 40,000 |
Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.
Amazon Elastic Compute Cloud (Amazon EC2) Limits
Resource | Default Limit |
---|---|
Elastic IP addresses for EC2-Classic | 5 |
Security groups for EC2-Classic per instance | 500 |
Rules per security group for EC2-Classic | 100 |
Key pairs | 5,000 |
Throttle on the emails that can be sent from your Amazon EC2 account | Throttle applied |
On-Demand Instances | Limits vary depending on instance type. For more information, see How many instances can I run in Amazon EC2. |
Spot Instances | Limits vary depending on instance type, region, and account. For more information, see Spot Instance Limits. |
Reserved Instances | 20 Reserved Instances per Availability Zone, per month, plus 20 regional Reserved Instances. |
Dedicated Hosts | Up to two Dedicated Hosts per instance family, per region can be allocated. |
AMI Copies | Destination regions are limited to 50 concurrent AMI copies at a time, with no more than 25 of those coming from a single source region. |
For information about related limits for EC2-VPC, see Amazon Virtual Private Cloud (Amazon VPC) Limits.
For information about viewing your current limits, see Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.
Amazon Elastic File System Limits
Resource | Default Limit |
---|---|
Total throughput per file system | 3 GB/s for all connected clients |
Amazon EFS Limits in the Amazon Elastic File System User Guide.
Elastic Load Balancing Limits
Elastic Load Balancing supports two types of load balancers: Application Load Balancers and Classic Load Balancers.
Application Load Balancers
Resource | Default Limit |
---|---|
Load balancers per region | 20 † |
Target groups per region | 200 |
Listeners per load balancer | 10 |
Targets per load balancer | 1000 |
Subnets per Availability Zone per load balancer | 1 |
Security groups per load balancer | 5 |
Rules per load balancer (not counting default rules) | 100 |
Number of times a target can be registered per load balancer | 100 |
Load balancers per target group | 1 |
Targets per target group | 1000 |
Classic Load Balancers
Resource | Default Limit |
---|---|
Load balancers per region | 20 † |
Listeners per load balancer | 100 |
Security groups per load balancer | 5 |
Subnets per Availability Zone per load balancer | 1 |
† This limit includes both your Application LoadBalancers and your Classic Load Balancers. This limit can be increased upon request.
Amazon Elastic Transcoder Limits
Resource | Default Limit |
---|---|
Pipelines per region | 4 |
User-defined presets | 50 |
Maximum number of jobs processed simultaneously by each pipeline |
US East (N. Virginia) Region – 20 US West (N. California) Region – 12 US West (Oregon) Region – 20 Asia Pacific (Mumbai) Region – 12 Asia Pacific (Singapore) Region – 12 Asia Pacific (Sydney) Region – 12 Asia Pacific (Tokyo) Region – 12 EU (Ireland) Region – 20 |
It may take up to two weeks to process requests for a limit increase.
Amazon Elastic Transcoder limits in the Amazon Elastic Transcoder Developer Guide.
Amazon ElastiCache Limits
For information on ElastiCache terminology, see ElastiCache Components and Features.
Resource | Default Limit | Description |
---|---|---|
Nodes per region | 100 | The maximum number of nodes across all clusters in a region. This limit applies to both your reserved and nonreserved nodes within the given region. You can have up to 100 reserved nodes and 100 nonreserved nodes in the same region. |
Nodes per cluster (Memcached) | 20 | The maximum number of nodes in an individual Memcached cluster. |
Nodes per shard (Redis) | 6 | The maximum number of nodes in an individual Redis shard (node group). One node is the read/write Primary. All other nodes are read-only Replicas. |
Shards per Cluster (Redis cluster mode disabled) | 1 | The maximum number of shards (node groups) in a Redis (cluster mode disabled) cluster. |
Shards per Cluster (Redis cluster mode enabled) | 15 | The maximum number of shards (node groups) in a Redis (cluster mode enabled) cluster. |
Parameter groups per region | 20 | The maximum number of parameters groups you can create in a region. |
Security groups per region | 50 | The maximum number of security groups you can create in a region. |
Subnet groups per region | 50 | The maximum number of subnet groups you can create in a region. |
Subnets per subnet group | 20 | The maximum number of subnets you can define for a subnet group. |
These limits are global limits per customer account. To exceed these limits, make your request using the ElastiCache Node request form.
Amazon Elasticsearch Service Limits
Resource | Default Limit |
---|---|
Number of Amazon ES instances per cluster | 20 (except for T2 instance types, which have a maximum of 10).
Note The default limit is 20 instances per domain. To request an increase up to 100 instances per domain, create a case with the AWS Support Center. |
Amazon GameLift Limits
Resource | Default Limit |
---|---|
Aliases | 20 |
Fleets | 20 |
Builds | 1000 |
Total size of builds | 100 GB |
Log upload size per game session | 200 MB |
On-demand instances | Limits vary depending on instance type;
20 instances per account, regardless of instance type |
Server processes per instance |
1 with GameLift SDK v2.x 50 with GameLift SDK v3.x and up |
Player sessions per game session | 200 |
Scaling Amazon Elastic Compute Cloud (Amazon EC2) Instances in the Amazon GameLift Developer Guide.
AWS Greengrass Limits
AWS Greengrass Cloud API Limits
Description | Limit |
---|---|
Maximum number of AWS IoT devices in a group. | 200 |
Maximum number of Lambda functions in a group. | 200 |
Maximum number of transactions per second (TPS) on the AWS Greengrass API. | 30 |
Maximum number of subscriptions per AWS Greengrass group. | 1000 |
Maximum number of subscriptions that specify Cloud as the source
per AWS Greengrass group.
|
50 |
Maximum length of a Core thing name. | 124 bytes of UTF-8 encoded characters. |
AWS Greengrass core Limits
Description | Limit |
---|---|
Maximum number of routing table entries that specify "Cloud" as the source. | 50 (matches AWS IoT subscription limit) |
Maximum size of messages sent by an AWS IoT device. | 128 KB (matches AWS IoT message size limit) |
Maximum message queue size in the Greengrass core router. | 2.5 MB |
Maxium length of a topic string | 256 bytes of UTF-8 encoded characters. |
Maximum number of forward slashes '/' in a topic or topic filter. | 7 |
Minimum disk space needed to run the Greengrass core software | 128 MB |
Minimum RAM to run the Greengrass core software | 128 MB |
Automatic IP detection should not be used when: |
|
The Greengrass core software provides a service to automatically detect the IP address(es) of your Greengrass core devices. It sends this information to the AWS Greengrass cloud service and allows AWS IoT devices to download the IP address of the Greengrass core they need to connect to. This feature should not be used in the following circumstances:
-
The IP address of a Greengrass core device changes frequently.
-
The Greengrass core device must always be available to AWS IoT devices in it's group.
-
The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine which address to use.
-
Sending IP addresses to the cloud raises security concerns.
AWS Identity and Access Management (IAM) Limits
Resource | Default Limit |
---|---|
Groups per account | 100 |
Instance profiles | 100 |
Roles | 250 |
Server certificates | 20 |
Users | 5000 |
Limitations on IAM Entities and Objects in the IAM User Guide.
AWS Import/Export Limits
AWS Snowball (Snowball)
Resource | Default Limit | Comments |
---|---|---|
Snowball | 1 |
To increase this limit, contact AWS Support. |
Amazon Inspector Limits
Resource | Default Limit |
---|---|
Running agents | 500 |
Assessment runs | 50,000 |
Assessment templates | 500 |
Assessment targets | 50 |
For more information, see the Amazon Inspector User Guide.
AWS IoT Limits
Thing Limits
Resource | Limit |
---|---|
Thing name size | 128 bytes of UTF-8 encoded characters. This limit applies for both the thing registry and Thing Shadow services. |
Maximum number of thing attributes for a thing with a thing type | 50 |
Maximum number of thing attribute for a thing without a thing type | 3 |
Number of thing types that can be associated with a thing | 1 |
Maximum number of thing types in an AWS account | Unlimited |
Message Broker Limits
Client ID size | 128 bytes of UTF-8 encoded characters. |
Connection inactivity (keep-alive interval) |
By default, an MQTT client connection is disconnected after 30 minutes of inactivity. When the client sends a PUBLISH, SUBSCRIBE, PING, or PUBACK message, the inactivity timer is reset. A client can request a shorter keep-alive interval by specifying a value between 5-1,200 seconds in the MQTT CONNECT message sent to the server. If a keep-alive value is specified, the server disconnects the client if it does not receive a PUBLISH, SUBSCRIBE, PINGREQ, or PUBACK message within a period 1.5 times the requested interval. The keep-alive timer starts after the sender sends a CONNACK. If a client sends a keep-alive value of zero, the default keep-alive behavior remains in place. If a client requests a keep-alive shorter than 5 seconds, the server treats the client as though it requested a keep-alive interval of 5 seconds. The keep-alive timer begins immediately after the server returns a CONNACK to the client. There might be a brief delay between the client's sending of a CONNECT message and the start of keep-alive behavior. |
Connect requests per second per account |
AWS IoT limits an account to a maximum of 300 MQTT CONNECT requests per second. |
Maximum number of slashes in topic and topic filter |
A topic provided while publishing a message or a topic filter provided while subscribing can have no more than 7 forward slashes (/). |
Maximum inbound unacknowledged messages |
The message broker allows 100 in-progress unacknowledged messages per client. (This limit is applied across all messages that require ACK.) When this limit is reached, no new messages are accepted from this client until an ACK is returned by the server. |
Maximum outbound unacknowledged messages |
The message broker allows only 100 in-progress unacknowledged messages per client. (This limit is applied across all messages that require ACK.) When this limit is reached, no new messages are sent to the client until the client acknowledges the in-progress messages. |
Maximum retry interval for delivering QoS 1 messages | If a connected client is unable to receive an ACK on a QoS 1 message for one hour, the message broker drops the message. The client might be unable to receive the message if it has 100 in-flight messages, it is being throttled due to large payloads, or other errors. |
Maximum subscriptions per subscribe call |
A single SUBSCRIBE call is limited to request a maximum of eight subscriptions. |
Message size |
The payload for every PUBLISH message is limited to 128 KB. The AWS IoT service rejects messages larger than this size. |
Publish requests per second per account |
9000 per second per account (inbound publishes - max. 3000 per second, outbound publishes - max. 6000 per second) Inbound publishes count for all the messages that the message broker processes
before routing the messages to the subscribed clients or the rules engine. For
example, a single message published on
Outbound publishes count for every message that resulted in matching a
client's subscription or matching a rules engine subscription. For example, two
clients are subscribed to topic filter Note Inbound and outbound publishes cannot be traded for each other, for example, if only 1,000 inbound publishes per second are used, the maximum outbound publishes per second remains 6,000. |
Restricted client ID prefix | '$' is reserved for internally generated client IDs. |
Restricted topic prefix | Topics beginning with '$' are considered reserved and are not supported for publishing and subscribing except when working with the Thing Shadows service. |
Subscriptions per second per account |
AWS IoT limits an account to a maximum of 500 subscriptions per second. For example, if there are two MQTT SUBSCRIBE calls within a second with 3 subscriptions (topic filters) each, AWS IoT counts those as 6 subscriptions towards this limit. |
Subscriptions per session |
The message broker limits each client session to subscribe to up to 50 subscriptions. A SUBSCRIBE request that pushes the total number of subscriptions past 50 results in the connection being disconnected. |
Throughput per connection |
AWS IoT limits the ingress and egress rate on each client connection to 512 KB/s. Data sent or received at a higher rate is throttled to this throughput. |
Topic size | The topic passed to the message broker when publishing a message cannot exceed 256 bytes of UTF-8 encoded characters. |
WebSocket connection duration |
WebSocket connections are limited to 24 hours. If the limit is exceeded, the WebSocket connection is automatically closed when an attempt is made to send a message by the client or server. To maintain an active WebSocket connection for longer than 24 hours, simply close and reopen the WebSocket connection from the client side before the time limit elapses. AWS IoT supports keep-alive values specified in MQTT CONNECT messages. When a client specifies a keep-alive value, the client tells the server to disconnect the client and transmit any last-will message associated with the MQTT session if the server does not receive a message (PUBLISH, SUBSCRIBE, PUBACK, PINGREQ) within 1.5 times the keep-alive period. AWS IoT supports keep-alive values between 5 seconds and 20 minutes. If a client requests no keep-alive (that is, sets the field to 0 in the MQTT CONNECT message), the server sets the keep-alive value to 20 minutes, which corresponds to the maximum idle time supported by AWS IoT of 30 minutes. Most MQTT clients (including the AWS SDK clients) support keep-alive values by sending a PINGREQ if the keep-alive period expires without the transmission of any other message by the client. |
Device Shadow Limits
Maximum depth of JSON device state documents | The maximum number of levels in the desired or
reported section of the JSON device state document is 5. For example:
|
Maximum number of in-flight, unacknowledged messages | The Thing Shadows service supports up to 10 in-flight unacknowledged messages. When this limit is reached, all new shadow requests is rejected with a 429 error code. |
Maximum number of JSON objects per AWS account | There is no limit on the number of JSON objects per AWS account. |
Maximum size of a JSON state document | 8 KB. |
Maximum size of a thing name | 128 bytes of UTF-8 encoded characters. |
Shadow lifetime | A thing shadow is deleted by AWS IoT up to six months after the creating account is deleted or per customer request. For operational purposes, AWS IoT service backups are kept for 6 months |
Security and Identity Limits
Maximum number of CA certificates with the same subject field allowed per AWS account per region | 10 |
Maximum number of policies that can be attached to a certificate or Amazon Cognito identity | 10 |
Maximum number of named policy versions | 5 |
Maximum policy document size | 2048 characters (excluding white space) |
Maximum number of device certificates that can be registered per second | 15 |
Throttling Limits
API | Transaction per Second |
---|---|
AcceptCertificateTransfer | 10 |
AttachPrincipalPolicy | 15 |
AttachThingPrincipal | 15 |
CancelCertificateTransfer | 10 |
CreateCertificateFromCsr | 15 |
CreatePolicy | 10 |
CreatePolicyVersion | 10 |
CreateThing | 15 |
CreateThingType | 15 |
DeleteCertificate | 10 |
DeleteCACertificate | 10 |
DeletePolicy | 10 |
DeletePolicyVersion | 10 |
DeleteThing | 15 |
DeleteThingType | 15 |
DeprecateThingType | 15 |
DescribeCertificate | 10 |
DescribeCACertificate | 10 |
DescribeThing | 10 |
DescribeThingType | 10 |
DetachThingPrincipal | 15 |
DetachPrincipalPolicy | 15 |
DeleteRegistrationCode | 10 |
GetPolicy | 10 |
GetPolicyVersion | 15 |
GetRegistrationCode | 10 |
ListCACertificates | 10 |
ListCertificates | 10 |
ListCertificatesByCA | 10 |
ListOutgoingCertificates | 10 |
ListPolicies | 10 |
ListPolicyPrincipals | 10 |
ListPolicyVersions | 10 |
ListPrincipalPolicies | 15 |
ListPrincipalThings | 10 |
ListThings | 10 |
ListThingPrincipals | 10 |
ListThingTypes | 10 |
RegisterCertificate | 10 |
RegisterCACertificate | 10 |
RejectCertificateTransfer | 10 |
SetDefaultPolicyVersion | 10 |
TransferCertificate | 10 |
UpdateCertificate | 10 |
UpdateCACertificate | 10 |
UpdateThing | 10 |
AWS IoT Rules Engine Limits
Maximum number of rules per AWS account | 1000 |
Actions per rule | A maximum of 10 actions can be defined per rule. |
Rule size | Up to 256 KB of UTF-8 encoded characters (including white space). |
AWS Key Management Service (AWS KMS) Limits
Resource | Default Limit |
---|---|
Customer Master Keys (CMKs) | 1000 |
Aliases | 1100 |
Grants per CMK | 2500 |
Grants for a given principal per CMK | 500 |
Requests per second | Varies by API operation; see Limits in the AWS Key Management Service Developer Guide. |
All limits in the preceding table apply per region and per AWS account.
Limits in the AWS Key Management Service Developer Guide.
Amazon Kinesis Firehose Limits
Resource | Default Limit |
---|---|
Delivery streams per region |
20 |
Delivery stream capacity † |
2,000 transactions/second 5,000 records/second 5 MB/second |
† The three capacity limits scale proportionally. For example, if you increase the throughput limit to 10MB/second, the other limits increase to 4,000 transactions/second and 10,000 records/second.
Amazon Kinesis Firehose Limits in the Amazon Kinesis Firehose Developer Guide.
Amazon Kinesis Streams Limits
Resource | Default Limit |
---|---|
Shards per region |
US East (N. Virginia) Region – 500 US West (Oregon) Region – 500 EU (Ireland) Region – 500 All other supported regions – 200 |
Amazon Kinesis Streams Limits in the Amazon Kinesis Streams Developer Guide.
AWS Lambda Limits
Resource | Limit |
---|---|
Concurrent requests safety throttle per account | 100 |
AWS Lambda Limits in the AWS Lambda Developer Guide.
Amazon Lightsail Limits
Resource | Default Limit | Comment |
---|---|---|
Number of instances | 20 per account | This limit cannot be increased. |
Number of Elastic IP addresses | 5 per account | This limit cannot be increased. |
Number of parallel SSH connections | 3 x the number of instances in the account | This limit cannot be increased. |
Number of hosted zones | 3 per account | This limit cannot be increased. |
Amazon Machine Learning (Amazon ML) Limits
Resource | Default Limit |
---|---|
Data file size* | 100 GB |
Batch prediction input size | 1 TB |
Batch prediction input (number of records) | 100 million |
Number of variables in a data file (schema) | 1,000 |
Recipe complexity (number of processed output variables) | 10,000 |
Transactions Per Second for each real-time prediction endpoint | 200 |
Total Transactions Per Second for all real-time prediction endpoints | 10,000 |
Total RAM for all real-time prediction endpoints | 10 GB |
Number of simultaneous jobs | 25 |
Longest run time for any job | 7 days |
Number of classes for multiclass ML models | 100 |
ML model size | 2 GB |
Note
The size of your data files is limited to ensure that jobs finish in a timely manner. Jobs that have been running for more than seven days are automatically terminated, resulting in a FAILED status.
Amazon ML Limits in the Amazon Machine Learning Developer Guide.
AWS OpsWorks for Chef Automate Limits
Resource | Default Limit |
---|---|
Chef servers | 5 |
User-initiated (manual) backup generations | 10 |
Automated (scheduled) backup generations | 30 |
AWS OpsWorks Stacks Limits
Resource | Default Limit |
---|---|
Stacks | 40 |
Layers per stack | 40 |
Instances per stack | 40 |
Apps per stack | 40 |
AWS Organizations Limits
Resource | Default Limit |
---|---|
Accounts per organization | 20 |
Invitations sent per day | 20 |
Limits of AWS Organizations in the AWS Organizations User Guide.
Amazon Polly Limits
-
Throttle rate per IP address: 100 transactions (requests) per second (tps) with a burst limit of 120 tps.
-
Throttle rate per operation:
Throttle Rate per Operation
Operation
Limit
Lexicon
DeleteLexicon
PutLexicon
GetLexicon
ListLexicons
Any 2 transactions per second (tps) from these operations combined.
Maximum allowed burst of 4 tps.
Speech
DescribeVoices
80 rps with a burst limit of 100 tps
SynthesizeSpeech
80 rps with a burst limit of 100 tps
Amazon Pinpoint Limits
Resource | Default Limit |
---|---|
Active campaigns per account | 100 |
Apps per account | 100 |
Concurrent endpoint import jobs per account | 2 |
Custom event types per app | 1500 |
Endpoint custom attributes per app | 40 |
Endpoints per mobile app user | 10 |
Message sends per campaign activity | 100 million |
Segments per app | 200 |
Total file size per endpoint import job | 1 GB |
Amazon Redshift Limits
Resource | Default Limit |
---|---|
Nodes per cluster | 101 |
Nodes | 200 |
Reserved Nodes | 200 |
Snapshots | 20 |
Parameter Groups | 20 |
Security Groups | 20 |
Subnet Groups | 20 |
Subnets per Subnet Group | 20 |
Event Subscriptions | 20 |
Limits in Amazon Redshift in the Amazon Redshift Cluster Management Guide.
Amazon Relational Database Service (Amazon RDS) Limits
Resource | Default Limit |
---|---|
Clusters | 40 |
Cluster parameter groups | 50 |
DB Instances | 40 |
Event subscriptions | 20 |
Manual snapshots | 100 |
Manual cluster snapshots | 50 |
Option groups | 20 |
Parameter groups | 50 |
Read replicas per master | 5 |
Reserved instances (purchased per month) | 40 |
Rules per security group | 20 |
Security groups | 25 |
Security groups (VPC) | 5 |
Subnet groups | 50 |
Subnets per subnet group | 20 |
Tags per resource | 50 |
Total storage for all DB instances | 100 TB |
Amazon Route 53 Limits
Resource | Default Limit |
---|---|
Hosted zones | 500 |
Domains | 50 |
Resource record sets per hosted zone | 10,000 |
Reusable delegation sets | 100 |
Hosted zones that can use the same reusable delegation set | 100 |
Amazon VPCs that you can associate with a private hosted zone | 100 |
Health checks | 50 |
Traffic policies | 50 |
Policy records | 5 |
Amazon Route 53 Limits in the Amazon Route 53 Developer Guide.
AWS Server Migration Service Limits
Resource | Default Limit |
---|---|
Concurrent VM migrations | 50 per account |
Maximum duration of service usage per VM (not per account), beginning with the initial replication of a VM. We terminate an ongoing replication after this period, unless a customer requests a limit increase. |
90 days |
AWS Service Catalog Limits
Resource | Default Limit |
---|---|
Portfolios | 25 per account |
Users, groups, and roles | 25 per portfolio |
Products | 25 per portfolio, 100 total per account |
Product versions | 50 per product |
Constraints | 25 per product per portfolio |
Tags | 20 per product, 20 per portfolio, 50 per provisioned product |
Stacks | 200 (AWS CloudFormation limit) |
AWS Shield Advanced Limits
AWS Shield Advanced offers advanced monitoring and protection for up to 100 CloudFront distributions, Amazon Route 53 hosted zones or Elastic Load Balancing resources combined.
Amazon Simple Email Service (Amazon SES) Limits
The following are the default limits for Amazon SES in the sandbox environment.
Resource | Default Limit |
---|---|
Daily sending quota | 200 messages per 24-hour period. |
Maximum send rate | 1 email per second.
Note The rate at which Amazon SES accepts your messages might be less than the maximum send rate. |
Recipient address verification | All recipient addresses must be verified. |
Limits in Amazon SES in the Amazon Simple Email Service Developer Guide.
Amazon Simple Notification Service (Amazon SNS) Limits
Resource | Default Limit |
---|---|
Topics | 100,000 |
Account spend threshold for SMS | 1.00 USD |
Delivery rate for promotional SMS messages | 20 messages per second |
Delivery rate for transactional SMS messages | 20 messages per second |
To increase any of these limits, submit a request.
Amazon SNS API Throttling Limits
API | Transaction per Second |
---|---|
ListEndpointsByPlatformApplication | 30 |
ListTopics | 30 |
ListPlatformApplications | 15 |
ListSubscriptions | 30 |
ListSubscriptionsByTopic | 30 |
Subscribe | 100 |
Unsubscribe | 100 |
Amazon Simple Queue Service (Amazon SQS)
Amazon SQS Limits in the Amazon Simple Queue Service Developer Guide and the "Limits and Restrictions" section of the Amazon SQS FAQs.
Amazon Simple Storage Service (Amazon S3) Limits
Resource | Default Limit |
---|---|
Buckets | 100 per account |
Amazon S3 limits in the Amazon Simple Storage Service Developer Guide.
Amazon Simple Workflow Service (Amazon SWF) Limits
Amazon SWF Limits in the Amazon Simple Workflow Service Developer Guide.
Amazon SimpleDB Limits
Resource | Default Limit |
---|---|
Domains | 250 |
Amazon SimpleDB Limits in the Amazon SimpleDB Developer Guide.
AWS Step Functions Limits
AWS Step Functions Limits in the AWS Step Functions Developer Guide.
AWS Storage Gateway Limits
AWS Storage Gateway Limits in the AWS Storage Gateway User Guide.
Amazon Virtual Private Cloud (Amazon VPC) Limits
Resource | Default limit | Comments |
---|---|---|
VPCs per region |
5 |
The limit for Internet gateways per region is directly correlated to this one. Increasing this limit increases the limit on Internet gateways per region by the same amount. To increase this limit, submit a request. |
Subnets per VPC |
200 |
To increase this limit, submit a request. |
Internet gateways per region |
5 |
This limit is directly correlated with the limit on VPCs per region. You cannot increase this limit individually; the only way to increase this limit is to increase the limit on VPCs per region. Only one Internet gateway can be attached to a VPC at a time. |
Egress-only Internet gateways per region | 5 | This limit is directly correlated with the limit on VPCs per region. You cannot increase this limit individually; the only way to increase this limit is to increase the limit on VPCs per region. Only one egress-only Internet gateway can be attached to a VPC at a time. |
Virtual private gateways per region |
5 |
To increase this limit, contact AWS Support; however, only one virtual private gateway can be attached to a VPC at a time. |
Customer gateways per region |
50 |
To increase this limit, contact AWS Support. |
VPN connections per region |
50 |
To increase this limit, submit a request. |
VPN connections per VPC (per virtual private gateway) |
10 |
To increase this limit, submit a request. |
Route tables per VPC |
200 |
Including the main route table. You can associate one route table to one or more subnets in a VPC. |
Routes per route table (non-propagated routes) |
50 |
This is the limit for the number of non-propagated entries per route table. You can submit a request for an increase of up to a maximum of 100; however, network performance may be impacted. This limit is enforced separately for IPv4 routes and IPv6 routes (50 each, and a maximum of 100 each). |
BGP advertised routes per route table (propagated routes) |
100 |
You can have up to 100 propagated routes per route table. This limit cannot be increased. If you require more than 100 prefixes, advertise a default route. |
Elastic IP addresses per region for each AWS account |
5 |
This is the limit for the number of VPC Elastic IP addresses you can allocate within a region. This is a separate limit from the Amazon EC2 Elastic IP address limit. To increase this limit, submit a request. |
Security groups per VPC |
500 |
To increase this limit, you can submit a request. |
Inbound or outbound rules per security group |
50 |
You can have 50 inbound and 50 outbound rules per security group (giving a total of 100 combined inbound and outbound rules). To increase or decrease this limit, you can contact AWS Support — a limit change applies to both inbound and outbound rules. However, the multiple of the limit for inbound or outbound rules per security group and the limit for security groups per network interface cannot exceed 250. For example, if you increase the limit to 100, we decrease your number of security groups per network interface to 2. This limit is enforced separately for IPv4 rules and IPv6 rules. A rule that references a security group counts as one rule for IPv4 and one rule for IPv6. |
Security groups per network interface |
5 |
To increase or decrease this limit, you can contact AWS Support. The maximum is 16. The multiple of the limit for security groups per network interface and the limit for rules per security group cannot exceed 250. For example, if you want 10 security groups per network interface, we decrease your number of rules per security group to 25. |
Network interfaces per instance |
- |
This limit varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type. |
Network interfaces per region |
350 |
This limit is the greater of either the default limit (350) or your On-Demand Instance limit multiplied by 5. The default limit for On-Demand Instances is 20. If your On-Demand Instance limit is below 70, the default limit of 350 applies. You can increase the number of network interfaces per region by contacting AWS Support, or by increasing your On-Demand Instance limit. |
Network ACLs per VPC |
200 |
You can associate one network ACL to one or more subnets in a VPC. This limit is not the same as the number of rules per network ACL. |
Rules per network ACL |
20 |
This is the one-way limit for a single network ACL, where the limit for ingress rules is 20, and the limit for egress rules is 20. This limit includes both IPv4 and IPv6 rules, and includes the default deny rules (rule number 32767 for IPv4 and 32768 for IPv6, or an asterisk * in the Amazon VPC console). This limit can be increased upon request up to a maximum if 40; however, network performance may be impacted due to the increased workload to process the additional rules. |
Active VPC peering connections per VPC |
50 |
To increase this limit, contact AWS Support. The maximum limit is 125 peering connections per VPC. The number of entries per route table should be increased accordingly; however, network performance may be impacted. |
Outstanding VPC peering connection requests |
25 |
This is the limit for the number of outstanding VPC peering connection requests that you've requested from your account. To increase this limit, contact AWS Support. |
Expiry time for an unaccepted VPC peering connection request |
1 week (168 hours) |
To increase this limit, contact AWS Support. |
VPC endpoints per region |
20 |
To increase this limit, contact AWS Support. The maximum limit is 255 endpoints per VPC, regardless of your endpoint limit per region. |
Flow logs per single network interface, single subnet, or single VPC in a region |
2 | You can effectively have 6 flow logs per network interface if you create 2 flow logs for the subnet, and 2 flow logs for the VPC in which your network interface resides. This limit cannot be increased. |
NAT gateways per Availability Zone | 5 | To increase this limit, submit a request. A
NAT gateway in the pending , active , or deleting
state counts against your limit.
|
Amazon VPC Limits in the Amazon VPC User Guide.
AWS WAF Limits
AWS WAF has default limits on the number of entities per account. You can request an increase in these limits.
Resource | Default Limit |
---|---|
Web ACLs per AWS account |
50 |
Rules per AWS account |
100 |
Conditions per AWS account |
100 of each condition type (For example: 100 Size constraint conditions, 100 IP match conditions, etc.) |
Requests per Second | 10,000 per web ACL* |
*This limit applies only to AWS WAF on an Application Load Balancer. Requests per Second (RPS) limits for AWS WAF on CloudFront are the same as the RPS limits support by CloudFront described in the CloudFront developer guide.
The following limits on AWS WAF entities can't be changed.
Resource | Limit |
---|---|
Rules per web ACL |
10 |
Conditions per rule |
10 |
IP address ranges (in CIDR notation) per IP match condition |
10,000 |
Filters per cross-site scripting match condition |
10 |
Filters per size constraint condition |
10 |
Filters per SQL injection match condition |
10 |
Filters per string match condition |
10 |
In string match conditions, the number of characters in HTTP header names, when you've configured AWS WAF to inspect the headers in web requests for a specified value |
40 |
In string match conditions, the number of bytes in the value tfor which AWS WAF should search |
50 |
These limits are the same for all regions in which AWS WAF is available. Each region is subject to these limits individually. That is, the limits are not cumulative across regions.
Amazon WorkMail Limits
The following limits apply to Amazon WorkMail.
Resource | Default Limit |
---|---|
Organizations per region | 5 |
Users per organization | 1,000 |
Messages sent per user per day | 1,000 messages, regardless of destination. |
Recipients addressed per user per day | Users can send emails to a maximum of 10,000 recipients external to the organization, and a maximum of 500,000 recipients internal to the organization. |
Number of recipients per message | 500
This is a hard limit and cannot be changed. |
Number of domains per organization | 100
This is a hard limit and cannot be changed. |
Number of aliases per user | 100
This is a hard limit and cannot be changed. |
Amazon WorkSpaces Limits
Resource | Default Limit |
---|---|
WorkSpaces | 1 |
Graphics WorkSpaces | 0 |
Images | 5 |