Menu
Amazon Web Services
General Reference (Version 1.0)

AWS Service Limits

The following tables provide the default limits for AWS services for an AWS account. Unless otherwise noted, each limit is region-specific. Many services contain limits that cannot be changed. For more information about the limits for a specific service, see the documentation for that service.

AWS Trusted Advisor offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services. For more information, see Service Limits Check Questions in the Trusted Advisor FAQs.

You can take the following steps to request an increase for limits. These increases are not granted immediately, so it may take a couple of days for your increase to become effective.

To request a limit increase

  1. Open the AWS Support Center page, sign in if necessary, and choose Create case.

  2. For Regarding, choose Service Limit Increase.

  3. Complete the form. If this request is urgent, choose Phone as the method of contact instead of Web.

  4. Choose Submit.

Amazon API Gateway Limits

The following limits apply to configuring and running an API in Amazon API Gateway and can be increased upon request to optimize performances of a deployed API in Amazon API Gateway.

Resource or Operation Default Limit
Throttle rate per account per region 10000 request per second (rps) with an additional burst capacity provided by the token bucket algorithm, using a maximum bucket capacity of 5000 requests.

Note

The burst limit is determined by the API Gateway service team based on the overall RPS limits for the account. It is not a limit that a customer can control or request changes to.

API keys per account per region 500
Lambda authorizers per API 10
Client certificates per account per region 60
Documentation parts per API 2000
Resources per API 300
Stages per API 10
Usage plans per account per region 300
Usage plans per API key 10
VPC links per account per region 5

All of the per API limits can only be increased on specific APIs.

For more information about these and other limits, see Limits in Amazon API Gateway in the API Gateway Developer Guide.

Application Auto Scaling Limits

Resource Default Limit
Scalable targets 500
Scaling policies per scalable target 50
Step adjustments per scaling policy 20

AWS Application Discovery Service Limits

Resource Default Limit
Inactive agents heartbeating but not collecting data 10,000
Active agents sending data to the service 250
Total collected data for all agents, per day 10 GB
Data storage duration before being purged 90 days

Amazon AppStream 2.0 Limits

Default Limits Per Region Per Account

Resource Default Limit
Stacks 5
Fleets 5
Streaming instances 5 *
Images 5
Image builders 5
Users 5

* This is the total limit across all instance families. Certain instance families have additional limits. For the Graphics Desktop and Graphics Pro instance families, the default limit is 0. For the Graphics Design instance family, the default limit is 2.

This is the total limit across all instance families. Certain instance families have additional limits. For the Graphics Desktop and Graphics Pro instance families, the default limit is 0. For the Graphics Design instance family, the default limit is 1.

AWS AppSync Limits

Resource Default Limit
Maximum number of APIs per region 25 per account
Maximum number of API keys 50 per API
Maximum schema document size 1 MB
Maximum GraphQL query execution time 10 seconds
Maximum request/response mapping template size 64 KB
Maximum subscription payload size 128 KB
Maximum number of iterations in #foreach...#end loop in mapping templates 1000

Amazon Athena Limits

Resource Default Limit
Number of concurrent queries of the same type (DDL or SELECT) 20
Query timeout 30 minutes

For information about limits for databases, tables, and partitions, see AWS Glue Limits.

AWS Auto Scaling Limits

Resource Default Limit
Scaling plans 100
Target tracking configurations per scaling instruction 10
Target tracking configurations per scaling plan 500

Auto Scaling Limits

Resource Default Limit
Launch configurations per region 200
Auto Scaling groups per region 200
Scaling policies per Auto Scaling group 50
Scheduled actions per Auto Scaling group 125
Lifecycle hooks per Auto Scaling group 50
SNS topics per Auto Scaling group 10
Load balancers per Auto Scaling group 50
Target groups per Auto Scaling group 50
Step adjustments per scaling policy 20

For more information about these limits, see Amazon EC2 Auto Scaling Limits in the Amazon EC2 Auto Scaling User Guide.

AWS Batch Limits

AWS Batch does not have any default service limits that you can increase. For more information about service limits for AWS Batch, see Service Limits in the AWS Batch User Guide.

AWS Certificate Manager (ACM) Limits

Item Default Limit
Number of ACM certificates 100
Number of ACM certificates per year (last 365 days) Twice your account limit
Number of imported certificates 100
Number of imported certificates per year (last 365 days) Twice your account limit
Number of domain names per ACM certificate 10
Number of private CAs 10
Number of private certificates per CA 50,000

For more information about these limits, see Limits in the AWS Certificate Manager User Guide.

AWS Certificate Manager Private Certificate Authority (ACM PCA) Limits

Item Default Limit
Number of private CAs 10
Number of private certificates per CA 50,000

For more information about these limits, see Limits in the AWS Certificate Manager User Guide.

AWS Cloud9 Limits

Item Default Limit
Maximum number of AWS Cloud9 EC2 development environments
  • 20 per IAM user

  • 100 per AWS account

Maximum number of SSH environments
  • 10 per IAM user

  • 100 per AWS account

Maximum number of members in an environment 8
Maximum number of environments open at the same time 10 total per IAM user, regardless of environment type (EC2 or SSH)

For more information about these limits, see Limits in the AWS Cloud9 User Guide.

AWS CloudFormation Limits

Resource Default Limit
Stacks 200
Stack sets 20
Stack instances per stack set 500

For more information about these limits, see AWS CloudFormation Limits in the AWS CloudFormation User Guide.

Amazon CloudFront Limits

General Limits

Resource Default Limit
Data transfer rate per distribution 40 Gbps
Requests per second per distribution 100,000
Web distributions per account 200
RTMP distributions per account 100
Alternate domain names (CNAMEs) per distribution 100
Origins per distribution 25
Cache behaviors per distribution 25
Whitelisted headers per cache behavior 10
Whitelisted cookies per cache behavior 10
SSL certificates per account when serving HTTPS requests using dedicated IP addresses (no limit when serving HTTPS requests using SNI) 2
Custom headers that you can have Amazon CloudFront forward to the origin 10 name–value pairs

Whitelisted query strings per cache behavior

For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.

Response timeout per origin

For more information, see Response Timeout in the Amazon CloudFront Developer Guide.

Lambda@Edge Limits

Resource Default Limit
Distributions per AWS account that you can create triggers for 25
Triggers per distribution 25
Requests per second 10,000
Concurrent executions 1,000

For more information about these limits, see Limits in the Amazon CloudFront Developer Guide.

AWS CloudHSM Limits

Resource Default Limit
Clusters 4
HSMs 6

For more information about these limits, see Limits in the AWS CloudHSM User Guide.

AWS CloudHSM Classic Limits

Resource Default Limit
HSM appliances 3
High-availability partition groups 20

For more information about these limits, see Limits in the AWS CloudHSM Classic User Guide.

Amazon CloudSearch Limits

Resource Default Limit
Partitions 10
Search instances 50

For more information about these limits, see Understanding Amazon CloudSearch Limits in the Amazon CloudSearch Developer Guide.

AWS CloudTrail Limits

CloudTrail has no increaseable limits. For more information, see Limits in AWS CloudTrail.

Amazon CloudWatch Limits

Resource Default Limit Comments

Alarms

10 per month per customer for free. 5000 per region per account.

For the 5000 per region per account limit, you can request a limit increase.

DescribeAlarms

9 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

GetMetricData

50 transactions per second (TPS).

180,000 Datapoints Per Second (DPS) if the StartTime used in the API request is less than or equal to three hours from current time. 90,000 DPS if the StartTime is more than three hours from current time.

The maximum number of operation requests you can make per second without being throttled.

This is the maximum number of datapoints you can request per second using one or more API calls without being throttled.

You can request a limit increase for both of these limits.

GetMetricStatistics

400 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

ListMetrics

25 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

PutMetricAlarm

3 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

PutMetricData

150 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled.

You can request a limit increase.

For more information about these and other CloudWatch limits, see CloudWatch Limits in the Amazon CloudWatch User Guide.

Amazon CloudWatch Events Limits

Resource Default Limit Comments

Invocations

750 per second (after 750 invocations, the invocations are throttled; that is, they still happen but they are delayed). If the invocation of a target fails due to a problem with the target service, account throttling, etc., new attempts are made for up to 24 hours for a specific invocation.

You can request a limit increase.

Rules

100 per region per account

You can request a limit increase.

Before requesting a limit increase, examine your rules. You may have multiple rules each matching to very specific events. Consider broadening their scope by using fewer identifiers in your Events and Event Patterns. In addition, a rule can invoke several targets each time it matches an event. Consider adding more targets to your rules.

PutEvents

10 entries per request and 400 requests per second. Each request can be up to 256 KB in size.

You can request a limit increase.

For more information about these and other CloudWatch Events limits, see CloudWatch Events Limits in the Amazon CloudWatch Events User Guide.

Amazon CloudWatch Logs Limits

Resource Default Limit Comments

CreateLogGroup

5000 log groups/account/Region

If you exceed your log group limit, you get a ResourceLimitExceeded exception.

You can request a limit increase.

DescribeLogStreams

5 transactions per second (TPS)/account/Region

If you experience frequent throttling, you can request a limit increase.

FilterLogEvents

5 transactions per second (TPS)/account/region

This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support.

GetLogEvents

10 transactions per second (TPS)/account/Region

We recommend subscriptions if you are continuously processing new data. If you need historical data, we recommend exporting your data to Amazon S3. This limit can be changed only in special circumstances. If you experience frequent throttling, contact AWS Support.

PutLogEvents

1500 transactions per second per account per Region, except for the following Regions where the limit is 800 transactions per second per account per Region: ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, eu-central-1, eu-west-2, sa-east-1, us-east-2, and us-west-1.

You can request a limit increase.

The maximum batch size of a PutLogEvents request is 1MB.

5 requests per second per log stream. Additional requests are throttled. This limit cannot be changed.

For more information about these and other CloudWatch Logs limits, see CloudWatch Logs Limits in the Amazon CloudWatch Logs User Guide.

AWS CodeBuild Limits

Resource Default Limit
Maximum number of build projects 1,000
Maximum number of concurrent running builds * 20

* Limits for the maximum number of concurrent running builds vary, depending on the compute type. For some compute types, the default is 20. To request a higher concurrent build limit or if you get a "Cannot have more than X active builds for the account" error, contact AWS support.

For more information about these limits, see Limits for AWS CodeBuild in the AWS CodeBuild User Guide.

AWS CodeCommit Limits

Resource Default Limit
Number of repositories 1,000 per AWS account

For more information about these limits, see Limits in AWS CodeCommit in the AWS CodeCommit User Guide.

AWS CodeDeploy Limits

Resource Default Limit
Maximum number of applications associated with an AWS account in a single region 100
Maximum number of concurrent deployments associated with an AWS account 100
Maximum number of deployment groups associated with a single application 100
Maximum number of instances in a single deployment 500
Maximum number of event notification triggers in a deployment group 10

For more information about these limits, see Limits in AWS CodeDeploy in the AWS CodeDeploy User Guide.

AWS CodePipeline Limits

This table lists the configurable limits for AWS CodePipeline.

Resource Default Limit

Maximum number of total pipelines per region in an AWS account

300

Maximum number of pipelines per region with change detection set to periodically checking for source changes

US East (N. Virginia) (us-east-1): 40

US West (Oregon) (us-west-2): 60

EU (Ireland) (eu-west-1): 60

All other supported regions: 20

Note

Instead of using periodic checks, configure your pipeline to use the recommended change-detection method for your source type. For example, configure your AWS CodeCommit pipeline to use Amazon CloudWatch Events for change detection. See Change-detection Methods for instructions specific to your source type.

Number of stages in a pipeline

Minimum of 2, maxi­mum of 10

Number of actions in a stage

Minimum of 1, maxi­mum of 20

Maximum number of parallel actions in a stage 10
Maximum number of sequential actions in a stage 10
Maximum number of webhooks per region in an AWS account 300

Number of custom actions per region in an AWS account

50

It may take up to two weeks to process requests for a limit increase.

For more information about these limits, see Limits in AWS CodePipeline in the AWS CodePipeline User Guide.

Amazon Cognito User Pools Limits

Resource Default Limit
Maximum number of apps per user pool 25
Maximum number of user pools per account 60
Maximum number of user import jobs per user pool 50
Maximum number of identity providers per user pool 25
Maximum number of resource servers per user pool 25
Maximum number of scopes per resource server 60

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Federated Identities Limits

Resource Default Limit
Maximum number of identity pools per account 60

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Sync Limits

Resource Default Limit
Maximum number of datasets per identity 20
Maximum number of records per dataset 1024
Maximum size of a single dataset 1 MB

For information about additional documented limits, see Limits in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Comprehend Limits

Resource Default Limit
Transactions per second for the DetectDominantLanguage, DetectEntities, DetectKeyPhrases, and DetectSentiment operations 20
Transactions per second for the BatchDetectDominantLanguage, BatchDetectEntities, BatchDetectKeyPhrases, and BatchDetectSentiment operations 10
Transactions per second for the StartTopicsDetectionJob operation 1
Transactions per second for the DescribeTopicsDetectionJob and ListTopicDetectionJobs operations 10
Maximum concurrent jobs 10

You can request an increase for any of the limits using the Amazon Comprehend service limits increase form.

For information about additional documented limits, see Guidelines and Limits in the Amazon Comprehend Developer Guide.

AWS Config Limits

Resource Default Limit Notes
Number of AWS Config rules per region in your account 50

You can request a limit increase.

Amazon Connect Limits

Item Default limit

Amazon Connect instances

5

Users per instance

500

Phone numbers per instance

10

Queues per instance

50

Queues per routing profile

50

Routing profiles per instance

100

Hours of operation per instance

100

Quick connects per instance

100

Prompts per instance

500

Agent status per instance

50

Security profiles per instance

100

Contact flows per instance

100

Groups per level

50

Reports per instance

500

Scheduled reports per instance

50

Concurrent active calls per instance

100

Phone Number Porting

You can port your US phone numbers from your current carrier to Amazon Connect. For information about how to port your phone number, see Port Your Current Phone Number.

Country Whitelisting for Outbound Calls You can place calls to the following countries when you create a new instance:
  • Australia

  • Canada

  • China

  • Germany

  • Hong Kong

  • Israel

  • Japan

  • Mexico

  • Singapore

  • Sweden

  • United States

  • United Kingdom

The table provides the default limits for new Amazon Connect instances. Because the limits have been adjusted over time, the limits in place for your account may be different than the limits described here. There might be differences between the instances created for your account. For example, if you created an instance during the period when the default limit for concurrent active calls was set to 10, your instance is limited to 10 concurrent active calls. If you create a new instance today, the limit for the instance is 100 concurrent active calls.

To start, you can create five instances per AWS account in each of AWS Regions where Amazon Connect is available. If you need more instances, or an increase (or decrease) to any of the service limits, you can request an change using the Amazon Connect service limits increase form. You must be signed in to your AWS account to access the form.

There is also a service limit for the countries to which you can place outbound calls from your instance. If you already have an instance, the countries that you are allowed to call might be different that those listed in the following table because we have changed the service limits over time. You can submit a service limit increase request to allow calling to additional countries, or to limit the countries that you can call from your instance.

Note

Amazon Connect is not available to customers in India using Amazon Web Services through Amazon Internet Services Pvt. Ltd (AISPL). You will receive an error message if you try to create an instance in Amazon Connect.

AWS Data Pipeline Limits

Attribute Limit Adjustable
Number of pipelines 100 Yes
Number of objects per pipeline 100 Yes
Number of active instances per object 5 Yes
Number of fields per object 50 No
Number of UTF8 bytes per field name or identifier 256 No
Number of UTF8 bytes per field 10,240 No
Number of UTF8 bytes per object 15,360 (including field names) No
Rate of creation of an instance from an object 1 per 5 minutes No
Retries of a pipeline activity 5 per task No
Minimum delay between retry attempts 2 minutes No
Minimum scheduling interval 15 minutes No
Maximum number of roll-ups into a single object 32 No
Maximum number of EC2 instances per Ec2Resource object 1 No

For additional limits, see AWS Data Pipeline Limits in the AWS Data Pipeline Developer Guide.

AWS Database Migration Service Limits

Resource Default Limit
Replication instances 20
Total amount of storage 6 TB
Replication subnet groups 20
Subnets per replication subnet group 20
Endpoints 100
Tasks 200
Endpoints per instance 20

AWS Device Farm Limits

Resource Default Limit Comments

App file size you can upload

4 GB

Number of devices that AWS Device Farm can test during a run

5

This limit can be increased to 100 upon request.

Number of devices you can include in a test run

None

Number of runs you can schedule

None

Duration of a remote access session

60 minutes

AWS Direct Connect Limits

For more information about these limits, see AWS Direct Connect Limits in the AWS Direct Connect User Guide.

AWS Directory Service Limits

Resource Default Limit
AD Connector directories 10
AWS Directory Service for Microsoft Active Directory directories 10
Simple AD directories 10
Manual snapshots 5 per AWS Managed Microsoft AD
Manual snapshots 5 per Simple AD

For information about additional documented limits, including limits on Amazon Cloud Directory, see AWS Directory Service Limits in the AWS Directory Service Admin Guide.

Amazon DynamoDB Limits

Resource Default Limit
US East (N. Virginia) Region:

Maximum capacity units per table or global secondary index

40,000 read capacity units and 40,000 write capacity units
US East (N. Virginia) Region:

Maximum capacity units per account

80,000 read capacity units and 80,000 write capacity units
All other regions:

Maximum capacity units per table or global secondary index

10,000 read capacity units and 10,000 write capacity units
All other regions:

Maximum capacity units per account

20,000 read capacity units and 20,000 write capacity units
Maximum number of tables 256

For more information about these limits, see Limits in Amazon DynamoDB in the Amazon DynamoDB Developer Guide.

AWS Elastic Beanstalk Limits

Resource Default Limit
Applications 75
Application Versions 1000
Environments 200

Amazon Elastic Block Store (Amazon EBS) Limits

Resource Default Limit
Number of EBS snapshots 10,000
Concurrent snapshots allowed for a single volume 5 for io1, gp2, magnetic; 1 for st1, sc1

Concurrent snapshot copy requests to a single destination region

5
Total volume storage of General Purpose SSD (gp2) volumes 100 TiB
Total volume storage of Provisioned IOPS SSD (io1) volumes 100 TiB
Total volume storage of Throughput Optimized HDD (st1) 300 TiB
Total volume storage of Cold HDD (sc1) 300 TiB
Total volume storage of Magnetic volumes (standard) 20 TiB
Total provisioned IOPS 200,000

For more information about these limits, see Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.

Amazon Elastic Compute Cloud (Amazon EC2) Limits

Resource Default Limit
Instances Limits vary depending on instance type and purchasing option. For more information, see How many instances can I run in Amazon EC2.
Elastic IP addresses for EC2-Classic 5
Security groups for EC2-Classic per instance 500
Rules per security group for EC2-Classic 100
Key pairs 5,000
Launch Templates Up to 1,000 launch templates per region and 10,000 versions per launch template.
Dedicated Hosts Up to two Dedicated Hosts per instance family, per region.
Placement groups 500
Concurrent AMI copies Destination regions are limited to 50 concurrent AMI copies at a time, with no more than 25 of those coming from a single source region.
Throttle on the emails that can be sent from your Amazon EC2 account Throttle applied

For information about related limits for EC2-VPC, see Amazon Virtual Private Cloud (Amazon VPC) Limits.

For information about viewing your current limits, see Amazon EC2 Service Limits in the Amazon EC2 User Guide for Linux Instances.

Amazon Elastic Container Registry (Amazon ECR) Limits

Resource Default Limit
Maximum number of repositories per account 1,000
Maximum number of images per repository 1,000

For information about additional documented limits, see Amazon ECR Service Limits in the Amazon Elastic Container Registry User Guide.

Amazon Elastic Container Service (Amazon ECS) Limits

Resource Default Limit
Number of clusters per region per account 1000
Number of container instances per cluster 1000
Number of services per cluster 500
Number of tasks using the EC2 launch type per service (the desired count) 1000
Number of tasks using the Fargate launch type, per region, per account 20
Number of public IP addresses for tasks using the Fargate launch type 20

For information about additional documented limits, see Amazon ECS Service Limits in the Amazon Elastic Container Service Developer Guide.

Amazon Elastic Container Service for Kubernetes (Amazon EKS) Limits

Resource Default Limit
Maximum number of Amazon EKS clusters 3

For information about additional documented limits, see Amazon EKS Service Limits in the Amazon EKS User Guide.

Amazon Elastic File System Limits

Following are the limits for Amazon EFS that can be increased by contacting AWS Support.

Resource Default Limit
Total throughput per file system for all connected clients

US East (Ohio) Region – 3 GB/s

US East (N. Virginia) Region – 3 GB/s

US West (N. California) Region – 1 GB/s

US West (Oregon) Region – 3 GB/s

EU (Frankfurt) Region – 1 GB/s

EU (Ireland) Region – 3 GB/s

Asia Pacific (Sydney) Region – 3 GB/s

For more information about these limits, see Amazon EFS Limits in the Amazon Elastic File System User Guide.

Elastic Load Balancing Limits

Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.

Application Load Balancers

Resource Default Limit
Load balancers per region 20
Target groups per region 3000
Listeners per load balancer 50
Targets per load balancer 1000
Subnets per Availability Zone per load balancer 1
Security groups per load balancer 5
Rules per load balancer (not counting default rules) 100
Certificates per load balancer (not counting default certificates) 25
Number of times a target can be registered per load balancer 100
Load balancers per target group 1
Targets per target group 1000

This limit includes both your Application Load Balancers and your Classic Load Balancers. This limit can be increased upon request.

Network Load Balancers

Resource Default Limit
Network Load Balancers per region 20
Target groups per region 3000 *
Listeners per load balancer 50
Subnets per Availability Zone per load balancer 1
Targets per load balancer per Availability Zone 500
Targets per load balancer 500
Load balancers per target group 1

* This limit is shared by target groups for your Application Load Balancers and Network Load Balancers.

Classic Load Balancers

Resource Default Limit
Load balancers per region 20
Listeners per load balancer 100
Security groups per load balancer 5
Registered instances per load balancer 1,000
Subnets per Availability Zone per load balancer 1

This limit includes both your Application Load Balancers and your Classic Load Balancers. This limit can be increased upon request.

Amazon Elastic Transcoder Limits

Resource Default Limit
Pipelines per region 4
User-defined presets 50
Maximum number of jobs processed simultaneously by each pipeline

US East (N. Virginia) Region – 20

US West (N. California) Region – 12

US West (Oregon) Region – 20

Asia Pacific (Mumbai) Region – 12

Asia Pacific (Singapore) Region – 12

Asia Pacific (Sydney) Region – 12

Asia Pacific (Tokyo) Region – 12

EU (Ireland) Region – 20

It may take up to two weeks to process requests for a limit increase.

For more information about these limits, see Amazon Elastic Transcoder limits in the Amazon Elastic Transcoder Developer Guide.

Amazon ElastiCache Limits

For information on ElastiCache terminology, see ElastiCache Components and Features.

Resource Default Limit Description
Nodes per region 100 The maximum number of nodes across all clusters in a region. This limit applies to both your reserved and nonreserved nodes within the given region. You can have up to 100 reserved nodes and 100 nonreserved nodes in the same region.
Nodes per cluster (Memcached) 20 The maximum number of nodes in an individual Memcached cluster.
Nodes per shard (Redis) 6 The maximum number of nodes in an individual Redis shard (node group). One node is the read/write Primary. All other nodes are read-only Replicas.
Shards per Cluster (Redis cluster mode disabled) 1 The maximum number of shards (node groups) in a Redis (cluster mode disabled) cluster.
Shards per Cluster (Redis cluster mode enabled) 15 The maximum number of shards (node groups) in a Redis (cluster mode enabled) cluster.
Parameter groups per region 20 The maximum number of parameters groups you can create in a region.
Security groups per region 50 The maximum number of security groups you can create in a region.
Subnet groups per region 50 The maximum number of subnet groups you can create in a region.
Subnets per subnet group 20 The maximum number of subnets you can define for a subnet group.

These limits are global limits per customer account. To exceed these limits, make your request using the ElastiCache Node request form.

Amazon Elasticsearch Service Limits

Resource Default Limit
Number of Amazon ES instances per cluster 20 (except for T2 instance types, which have a maximum of 10).

Note

The default limit is 20 instances per domain. To request an increase up to 100 instances per domain, create a case with the AWS Support Center.

AWS Firewall Manager Limits

AWS Firewall Manager has default limits on the number of entities per account. You can request an increase in these limits.

Resource Default Limit

Accounts per organization in AWS Organizations

Varies. An invitation sent to an account counts against this limit. The count is returned if the invited account declines, the master account cancels the invitation, or the invitation expires.

Firewall Manager policies per organization in AWS Organizations

20

Tags to specified include or exclude per Firewall Manager policy

8

The following limits related to Firewall Manager can't be changed.

Resource Limit
Rule groups per AWS Firewall Manager administrator account 3

Rule groups per Firewall Manager policy

1

Rules per rule group

10

Amazon GameLift Limits

Resource Default Limit
Aliases 20
Fleets 20
Builds 1000
Total size of builds 100 GB
Log upload size per game session 200 MB
On-demand instances

Per instance type: limits vary.

Per account: 20 instances max, regardless of instance type.

For more information, see Scaling Amazon Elastic Compute Cloud (Amazon EC2) Instances for Amazon GameLift.

Server processes per instance

GameLift SDK v2.x: 1

GameLift SDK v3.x and up: 50

Player sessions per game session 200
Matchmakers per account 100
VPC peering connections For limits on active and pending VPC peering connections, see Amazon Virtual Private Cloud (Amazon VPC) Limits.

The expiry time for an Amazon GameLift VPC peering authorization is 24 hours.

Amazon Glacier Limits

Resource Default Limit
Number of vaults per account 1000
Number of provisioned capacity units 2

AWS Glue Limits

Resource Default Limit
Number of databases per account 10,000
Number of tables per database 100,000
Number of partitions per table 1,000,000
Number of table versions per table 100,000
Number of tables per account 1,000,000
Number of partitions per account 10,000,000
Number of table versions per account 1,000,000
Number of connections per account 1,000
Number of crawlers per account 25
Number of jobs per account 25
Number of triggers per account 25
Number of concurrent job runs per account 30
Number of concurrent job runs per job 3
Number of jobs per trigger 10
Number of development endpoints per account 5
Maximum DPUs used by a development endpoint at one time 5
Maximum DPUs used by a role at one time 100

AWS Greengrass Limits

AWS Greengrass Cloud API Limits

Description Limit
Maximum number of AWS IoT devices in a group. 200
Maximum number of Lambda functions in a group. 200
Maximum number of resources per Lambda function. 10
Maximum number of resources per group. 50
Maximum number of transactions per second (TPS) on the AWS Greengrass API. 30
Maximum number of subscriptions per AWS Greengrass group. 1000
Maximum number of subscriptions that specify Cloud as the source per AWS Greengrass group. 50
Maximum length of a Core thing name. 124 bytes of UTF-8 encoded characters.

AWS Greengrass core Limits

Description Limit
Maximum number of routing table entries that specify "Cloud" as the source. 50 (matches AWS IoT subscription limit)
Maximum size of messages sent by an AWS IoT device. 128 KB (matches AWS IoT message size limit)
Maximum message queue size in the Greengrass core router. 2.5 MB
Maximum length of a topic string 256 bytes of UTF-8 encoded characters.
Maximum number of forward slashes '/' in a topic or topic filter. 7
Minimum disk space needed to run the Greengrass core software 128 MB
Minimum RAM to run the Greengrass core software 128 MB
Automatic IP detection should not be used when:
  • IP address changes are frequent.

  • Interruption of the Greengrass core service is unacceptable.

  • The Greengrass core is multi-homed or Greengrass devices cannot reliably determine which IP address to use.

  • Reporting of Greengrass core IP addresses to the cloud may raise security concerns.

The Greengrass core software provides a service to automatically detect the IP address(es) of your Greengrass core devices. It sends this information to the AWS Greengrass cloud service and allows AWS IoT devices to download the IP address of the Greengrass core they need to connect to. This feature should not be used in the following circumstances:

  • The IP address of a Greengrass core device changes frequently.

  • The Greengrass core device must always be available to AWS IoT devices in it's group.

  • The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine which address to use.

  • Sending IP addresses to the cloud raises security concerns.

Amazon GuardDuty Limits

Resource Default Limit
Detectors 1
Trusted IP sets 1
Threat intel sets 6
GuardDuty member accounts 1000
GuardDuty finding retention time 90 days

For more information, see the Amazon GuardDuty User Guide.

AWS Identity and Access Management (IAM) Limits

Resource Default Limit
Customer managed policies in an AWS account 1500
Groups in an AWS account 300
Roles in an AWS account 1000
Users in an AWS account

5000 (If you need to add a large number of users, consider using temporary security credentials.)

Virtual MFA devices (assigned or unassigned) in an AWS account Equal to the user quota for the account
Instance profiles in an AWS account 1000
Server certificates stored in an AWS account 20

For more information about these limits, see Limitations on IAM Entities and Objects in the IAM User Guide.

AWS Import/Export Limits

AWS Snowball (Snowball)

Resource Default Limit Comments
Snowball 1

To increase this limit, contact AWS Support.

Amazon Inspector Limits

Resource Default Limit
Running agents 500
Assessment runs 50,000
Assessment templates 500
Assessment targets 50

For more information, see the Amazon Inspector User Guide.

AWS IoT Limits

Thing Limits

Resource Limit
Thing name size 128 bytes of UTF-8 encoded characters. This limit applies for both the thing registry and Thing Shadow services.
Maximum number of thing attributes for a thing with a thing type 50
Maximum number of thing attribute for a thing without a thing type 3
Number of thing types that can be associated with a thing 1
Maximum number of thing types in an AWS account Unlimited

Message Broker Limits

Resource Description Limit Adjustable
Maximum concurrent client connections per account The maximum number of concurrent connections allowed per account. 500,000 Yes
Connect requests per second per account AWS IoT limits an account to a maximum number of MQTT CONNECT requests per second. 500 Yes

Connect requests per second per client ID

AWS IoT limits MQTT CONNECT requests from the same accountId and clientId to 1 MQTT CONNECT operation per second.

1 No
Subscriptions per account AWS IoT limits an account to a maximum number of subscriptions across all active connections. 500,000 Yes
Subscriptions per second per account AWS IoT limits an account to a maximum number of subscriptions per second. For example, if there are two MQTT SUBSCRIBE requests within a second with 3 subscriptions (topic filters) each, AWS IoT counts those as 6 subscriptions towards this limit. 500 Yes
Subscriptions per connection AWS IoT supports 50 subscriptions per connection. Subscription requests on the same connection in excess of this amount may be rejected by AWS IoT and the connection will be closed. Clients should validate the SUBACK message to ensure that their subscription requests have been successfully processed. 50 No
Publish requests per second per connection AWS IoT limits each client connection to a maximum number of inbound and outbound publish requests per second. Publish requests exceeding that limit will be discarded. 100 No
Inbound publish requests per second per account Inbound publish requests count for all the messages that AWS IoT processes before routing the messages to the subscribed clients or the rules engine. For example, a single message published on $aws/things/device/shadow/update topic can result in publishing three additional messages to $aws/things/device/shadow/update/accepted, $aws/things/device/shadow/update/documents, and $aws/things/device/shadow/delta topics. In this case, AWS IoT counts those as 4 inbound publish requests towards this limit. However, a single message to an unreserved topic like a/b is counted only as a single inbound publish request. 20,000 Yes
Outbound publish requests per second per account Outbound publish requests count for every message that resulted in matching a client's subscription or matching a rules engine subscription. For example, two clients are subscribed to topic filter a/b and a rule is subscribed to topic filter a/#. An inbound publish request on topic a/b results in a total of 3 outbound publish requests. 20,000 Yes
Throughput per second per connection Data received or sent over a client connection is processed at a maximum throughput rate. Data exceeding the maximum throughput will be delayed in processing. 512 KiB No
Maximum inbound unacknowledged QoS 1 publish requests AWS IoT limits the number of unacknowledged inbound publish requests per client. When this limit is reached, no new publish requests are accepted from this client until a PUBACK message is returned by the server. 100 No
Maximum outbound unacknowledged QoS 1publish requests AWS IoT limits the number of unacknowledged outbound publish requests per client. When this limit is reached, no new publish requests are sent to the client until the client acknowledges the publish requests. 100 No
Maximum retry interval for delivering QoS 1 messages AWS IoT will retry delivery of unacknowledged quality-of-service 1 (QoS 1) publish requests to a client for up to one hour. If AWS IoT does not receive a PUBACK message from the client after one hour, it will drop the publish requests. 1 hour No

Protocol Limits

Resource Description
Connection inactivity (keep-alive interval) For MQTT (or MQTT over WebSockets) connections, a client can request a keep-alive interval between 30 - 1200 seconds as part of the MQTT CONNECT message. AWS IoT starts the keep-alive timer for a client when sending CONNACK in response to the CONNECT message. This timer is reset whenever AWS IoT receives a PUBLISH, SUBSCRIBE, PING, or PUBACK message from the client. AWS IoT will disconnect a client whose keep-alive timer has reached 1.5x the specified keep-alive interval (i.e., by a factor of 1.5).The default keep-alive interval is 1200 seconds. If a client requests a keep-alive interval of zero, the default keep-alive interval will be used. If a client requests a keep-alive interval greater than 1200 seconds, the default keep-alive interval will be used. If a client requests a keep-alive interval shorter than 30 seconds but greater than zero, the server treats the client as though it requested a keep-alive interval of 30 seconds.
WebSocket connection duration WebSocket connections are limited to 24 hours. If the limit is exceeded, the WebSocket connection is automatically closed when an attempt is made to send a message by the client or server.
Maximum subscriptions per subscribe request A single SUBSCRIBE request is limited a maximum of eight subscriptions.
Message size The payload for every publish request is limited to 128 KB. The AWS IoT service rejects publish and connect requests larger than this size.
Client ID size 128 bytes of UTF-8 encoded characters.
Restricted client ID prefix $ is reserved for AWS IoT generated client IDs.
Topic size The topic passed to the AWS IoT when sending a publish request is limited to 256 bytes of UTF-8 encoded characters.
Restricted topic prefix Topics beginning with $ are reserved by AWS IoT and are not supported for publishing and subscribing except for using the specific topic names defined by AWS IoT services (i.e., Thing Shadow).
Maximum number of slashes in topic and topic filter A topic in a publish or subscribe request is limited to 7 forward slashes (/).

Device Shadow Limits

Maximum depth of JSON device state documents The maximum number of levels in the desired or reported section of the JSON device state document is 5. For example:
"desired": { "one": { "two": { "three": { "four": { "five":{ } } } } } }
Maximum number of in-flight, unacknowledged messages per thing

The Thing Shadows service supports up to 10 in-flight unacknowledged messages per thing. When this limit is reached, all new shadow requests are rejected with a 429 error code.

Maximum number of JSON objects per AWS account There is no limit on the number of JSON objects per AWS account.
Maximum size of a JSON state document 8 KB.
Maximum size of a thing name 128 bytes of UTF-8 encoded characters.
Maximum number of shadows in an AWS account Unlimited
Requests per second per thing The Thing Shadows service supports up to 20 requests per second per thing. Note that this limit is per thing and not per API.

Security and Identity Limits

Maximum number of CA certificates with the same subject field allowed per AWS account per region 10
Maximum number of policies that can be attached to a certificate or Amazon Cognito identity 10
Maximum number of named policy versions 5
Maximum policy document size 2048 characters (excluding white space)
Maximum number of device certificates that can be registered per second 15

AWS IoT Throttling Limits

API Transactions per Second
AcceptCertificateTransfer 10
AssociateTargetsWithJob 10
AttachPrincipalPolicy 15
AttachPolicy 15
AttachThingPrincipal 15
CancelCertificateTransfer 10
CancelJob 10
CancelJobExecution 10
CreateCertificateFromCsr 15
CreateJob 10
CreatePolicy 10
CreatePolicyVersion 10
CreateThing 15
CreateThingType 15
DeleteCertificate 10
DeleteCACertificate 10
DeleteJob 10
DeleteJobExecution 10
DeletePolicy 10
DeletePolicyVersion 10
DeleteThing 15
DeleteThingType 15
DeprecateThingType 15
DescribeCertificate 10
DescribeCACertificate 10
DescribeJob 10
DescribeJobExecution 10
DescribeThing 10
DescribeThingType 10
DetachThingPrincipal 15
DetachPrincipalPolicy 15
DeleteRegistrationCode 10
GetJobDocument 10
GetPolicy 10
GetPolicyVersion 15
GetRegistrationCode 10
ListCACertificates 10
ListCertificates 10
ListCertificatesByCA 10
ListJobExecutionsForJob 10
ListJobExecutionsForThing 10
ListJobs 10
ListOutgoingCertificates 10
ListPolicies 10
ListPolicyPrincipals 10
ListPolicyVersions 10
ListPrincipalPolicies 15
ListPrincipalThings 10
ListThings 10
ListThingPrincipals 10
ListThingTypes 10
RegisterCertificate 10
RegisterCACertificate 10
RejectCertificateTransfer 10
SetDefaultPolicyVersion 10
TransferCertificate 10
UpdateCertificate 10
UpdateCACertificate 10
UpdateThing 10

AWS IoT Rules Engine Limits

Maximum number of rules per AWS account 1000
Actions per rule A maximum of 10 actions can be defined per rule.
Rule size Up to 256 KB of UTF-8 encoded characters (including white space).

AWS IoT Job Limits

Resource Min Max Note
JobId 1 character 64 characters The JobId length must not exceed 64 characters.
Document N/A 32768 bytes The maximum size of a document that can be sent to an AWS IoT device is 32 KB.
DocumentSource N/A 1350 characters

The maximum job document source size is 1350 characters.

Description N/A 2028 characters The maximum job description size is 2028 characters.
Targets 1 100 The number of targets a job can have.
ExpiresInSec 60 seconds 3600 seconds The lifetime of pre-signed URLs must be configured greater than 60 seconds and less than 1 hour.
Comment N/A 2028 characters The maximum comment size is 2028 characters.
MaxResults 1 250 The maximum list result per page is 250.
MaximumJobExecutionsPerMinute 1 1000 Configures the rollout speed for a job.
Active snapshot jobs 0 100 The maximum number of active snapshot jobs is 100 (irrespective of the number of active continuous jobs).
Active continuous jobs 0 100 The maximum number of active continuous jobs is 100 (irrespective of the number of active snapshot jobs).
Job document variable substitution 0 10 Up to 10 variables substitutions, including the presign URL, are allowed in a job document.
Data retention N/A 365 days Job data and job execution data will be purged after 365 days.
StatusDetail map key:value pairs 1 key:value pair 10 key:value pairs
StatusDetail map key size 1 character 128 characters
StatusDetail map value size 1 character 128 characters
DescribeJobExecution and GetPendingJobExectuions N/A 200 TPS per account If invoking one or more of these "read" APIs in the data plane causes the associated AWS account to exceed 200 read transactions per second (TPS) in total, then the offending API invocation(s) will be throttled to maintain the maximum allowed 200 read TPS per AWS account. Be aware that in the control plane, DescribeJobExecution is limited to 10 TPS per invocation.
StartNextPendingJobExecution and