Aws General

Download as pdf or txt
Download as pdf or txt
You are on page 1of 676

AWS General Reference

Reference guide
Version 1.0
AWS General Reference Reference guide

AWS General Reference: Reference guide


Copyright © 2021 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
AWS General Reference Reference guide

Table of Contents
AWS General Reference ...................................................................................................................... 1
AWS security credentials ..................................................................................................................... 2
AWS users ................................................................................................................................. 2
Tasks that require root user credentials ................................................................................. 3
AWS credentials ......................................................................................................................... 3
Console access ................................................................................................................... 4
Programmatic access .......................................................................................................... 5
Temporary access keys ........................................................................................................ 5
AWS account identifiers .............................................................................................................. 6
Finding your AWS account ID .............................................................................................. 6
Finding the canonical user ID for your AWS account ............................................................... 7
Best practices for managing AWS access keys ................................................................................ 7
Remove (or don't generate) an account access key .................................................................. 8
Use temporary security credentials (IAM roles) instead of long-term access keys ......................... 8
Manage IAM user access keys properly .................................................................................. 9
Access the mobile app using AWS access keys ...................................................................... 10
Learn more ...................................................................................................................... 10
AWS security audit guidelines .................................................................................................... 11
When you should perform a security audit .......................................................................... 11
Guidelines for auditing ...................................................................................................... 12
Review your AWS account credentials ................................................................................. 12
Review your IAM users ...................................................................................................... 12
Review your IAM groups .................................................................................................... 12
Review your IAM roles ...................................................................................................... 13
Review your IAM providers for SAML and OpenID Connect (OIDC) ........................................... 13
Review Your mobile apps .................................................................................................. 13
Review your Amazon EC2 security configuration ................................................................... 13
Review AWS policies in other services ................................................................................. 14
Monitor activity in your AWS account ................................................................................. 14
Tips for reviewing IAM policies ........................................................................................... 14
Learn more ...................................................................................................................... 15
Service endpoints and quotas ............................................................................................................ 16
Alexa for Business .................................................................................................................... 20
Service Endpoints ............................................................................................................. 20
Service Quotas ................................................................................................................. 20
AWS Amplify ........................................................................................................................... 21
Amplify endpoints ............................................................................................................ 21
Service Quotas ................................................................................................................. 22
Amazon API Gateway ................................................................................................................ 23
Service Endpoints ............................................................................................................. 23
Service Quotas ................................................................................................................. 27
Application Auto Scaling ........................................................................................................... 27
Regions and Endpoints ..................................................................................................... 28
Service Quotas ................................................................................................................. 29
AWS Application Discovery Service ............................................................................................. 30
Service Endpoints ............................................................................................................. 30
Service Quotas ................................................................................................................. 31
Amazon AppFlow ..................................................................................................................... 31
Service Endpoints ............................................................................................................. 31
Service Quotas ................................................................................................................. 32
Amazon AppStream 2.0 ............................................................................................................ 32
Service Endpoints ............................................................................................................. 33
Service Quotas ................................................................................................................. 33
AWS App Mesh ........................................................................................................................ 34

Version 1.0
iii
AWS General Reference Reference guide

Service Endpoints ............................................................................................................. 35


Service Quotas ................................................................................................................. 37
AWS AppSync .......................................................................................................................... 38
Service Endpoints ............................................................................................................. 38
Service Quotas ................................................................................................................. 40
Amazon Athena ....................................................................................................................... 41
Service Endpoints ............................................................................................................. 41
Service Quotas ................................................................................................................. 43
AWS Audit Manager .................................................................................................................. 44
Service Endpoints ............................................................................................................. 44
Service Quotas ................................................................................................................. 45
Amazon Augmented AI ............................................................................................................. 45
Service Quotas ................................................................................................................. 45
Amazon Aurora ........................................................................................................................ 46
Service Endpoints ............................................................................................................. 46
Service Quotas ................................................................................................................. 49
AWS Auto Scaling .................................................................................................................... 50
Regions and Endpoints ..................................................................................................... 50
Service Quotas ................................................................................................................. 52
Amazon EC2 Auto Scaling ......................................................................................................... 52
Regions and Endpoints ..................................................................................................... 53
Service Quotas ................................................................................................................. 55
AWS Backup ............................................................................................................................ 55
Service Endpoints ............................................................................................................. 55
Service Quotas ................................................................................................................. 57
AWS Batch .............................................................................................................................. 59
Service Endpoints ............................................................................................................. 59
Service Quotas ................................................................................................................. 60
Billing and Cost Management .................................................................................................... 60
Service Endpoints ............................................................................................................. 61
Service Quotas ................................................................................................................. 64
AWS Certificate Manager ........................................................................................................... 64
Service Endpoints ............................................................................................................. 64
Service Quotas ................................................................................................................. 66
AWS Certificate Manager Private Certificate Authority ................................................................... 67
Service Endpoints ............................................................................................................. 67
Service Quotas ................................................................................................................. 68
AWS Chatbot ........................................................................................................................... 73
Service Quotas ................................................................................................................. 73
Amazon Chime ......................................................................................................................... 73
Service Endpoints ............................................................................................................. 73
Service Quotas ................................................................................................................. 73
AWS Cloud9 ............................................................................................................................ 74
Service Endpoints ............................................................................................................. 74
Service Quotas ................................................................................................................. 75
Amazon Cloud Directory ........................................................................................................... 76
Service Endpoints ............................................................................................................. 76
AWS CloudFormation ................................................................................................................ 77
Service Endpoints ............................................................................................................. 77
StackSets regional support ................................................................................................ 79
Service Quotas ................................................................................................................. 81
Amazon CloudFront .................................................................................................................. 81
Service Endpoints ............................................................................................................. 81
Service Quotas ................................................................................................................. 81
AWS CloudHSM ........................................................................................................................ 82
Service Endpoints ............................................................................................................. 82
Service Quotas ................................................................................................................. 85

Version 1.0
iv
AWS General Reference Reference guide

AWS Cloud Map ....................................................................................................................... 85


Service Endpoints ............................................................................................................. 85
Service Quotas ................................................................................................................. 87
Amazon CloudSearch ................................................................................................................ 88
Service Endpoints ............................................................................................................. 88
Service Quotas ................................................................................................................. 88
AWS CloudShell ....................................................................................................................... 89
Service endpoints ............................................................................................................. 89
Service quotas ................................................................................................................. 89
AWS CloudTrail ........................................................................................................................ 90
Service Endpoints ............................................................................................................. 90
Service Quotas ................................................................................................................. 92
Amazon CloudWatch ................................................................................................................. 92
Service Endpoints ............................................................................................................. 92
Service Quotas ................................................................................................................. 94
Amazon CloudWatch Events ...................................................................................................... 97
Service Endpoints ............................................................................................................. 97
Service Quotas ................................................................................................................. 99
Amazon CloudWatch Logs ....................................................................................................... 100
Service Endpoints ........................................................................................................... 100
Service Quotas ............................................................................................................... 102
Amazon CloudWatch Synthetics ............................................................................................... 104
Service Endpoints ........................................................................................................... 104
Service Quotas ............................................................................................................... 106
AWS CodeArtifact ................................................................................................................... 106
Service Endpoints ........................................................................................................... 106
Service Quotas ............................................................................................................... 107
AWS CodeBuild ...................................................................................................................... 107
Service Endpoints ........................................................................................................... 108
Service Quotas ............................................................................................................... 109
AWS CodeCommit .................................................................................................................. 110
Service Endpoints ........................................................................................................... 110
Service Quotas ............................................................................................................... 112
AWS CodeDeploy .................................................................................................................... 112
Service Endpoints ........................................................................................................... 112
Service Quotas ............................................................................................................... 114
Amazon CodeGuru Profiler ...................................................................................................... 114
Service Endpoints ........................................................................................................... 114
Service Quotas ............................................................................................................... 115
Amazon CodeGuru Reviewer .................................................................................................... 115
Service Endpoints ........................................................................................................... 116
Service Quotas ............................................................................................................... 116
AWS CodePipeline .................................................................................................................. 116
Service Endpoints ........................................................................................................... 117
Service Quotas ............................................................................................................... 118
AWS CodeStar ........................................................................................................................ 119
Service Endpoints ........................................................................................................... 120
AWS CodeStar Notifications ..................................................................................................... 121
Amazon Cognito Identity ......................................................................................................... 122
Service Endpoints ........................................................................................................... 122
Service Quotas ............................................................................................................... 125
Amazon Cognito Sync ............................................................................................................. 125
Service Endpoints ........................................................................................................... 125
Service Quotas ............................................................................................................... 126
Amazon Comprehend .............................................................................................................. 126
Service Endpoints ........................................................................................................... 127
Service Quotas ............................................................................................................... 128

Version 1.0
v
AWS General Reference Reference guide

Amazon Comprehend Medical .................................................................................................. 128


Service Endpoints ........................................................................................................... 128
Service Quotas ............................................................................................................... 129
Compute Optimizer ................................................................................................................ 130
Service Endpoints ........................................................................................................... 130
Service Quotas ............................................................................................................... 131
AWS Config ........................................................................................................................... 131
Service Endpoints ........................................................................................................... 132
Service Quotas ............................................................................................................... 134
Amazon Connect .................................................................................................................... 134
Service Endpoints ........................................................................................................... 134
Service Quotas ............................................................................................................... 135
AWS Data Exchange ................................................................................................................ 135
Service Endpoints ........................................................................................................... 135
Amazon Data Lifecycle Manager ............................................................................................... 136
Service Endpoints ........................................................................................................... 136
Service Quotas ............................................................................................................... 138
AWS Data Pipeline .................................................................................................................. 138
Service Endpoints ........................................................................................................... 138
Service Quotas ............................................................................................................... 138
DataSync ............................................................................................................................... 139
Service Endpoints ........................................................................................................... 139
Service Quotas ............................................................................................................... 141
AWS Database Migration Service .............................................................................................. 141
Service Endpoints ........................................................................................................... 142
Service Quotas ............................................................................................................... 143
AWS DeepLens ....................................................................................................................... 144
Service Endpoints ........................................................................................................... 144
Service Quotas ............................................................................................................... 144
Detective ............................................................................................................................... 144
Service Endpoints ........................................................................................................... 144
Amazon DevOps Guru ............................................................................................................. 146
Service Endpoints ........................................................................................................... 146
Service quotas ................................................................................................................ 146
AWS Device Farm ................................................................................................................... 147
Service Endpoints ........................................................................................................... 147
Service Quotas ............................................................................................................... 147
AWS Direct Connect ................................................................................................................ 147
Service Endpoints ........................................................................................................... 147
Service Quotas ............................................................................................................... 149
AWS Directory Service ............................................................................................................. 149
Service Endpoints ........................................................................................................... 149
Service Quotas ............................................................................................................... 151
Amazon DocumentDB ............................................................................................................. 152
Service Endpoints ........................................................................................................... 152
Service Quotas ............................................................................................................... 153
Amazon DynamoDB ................................................................................................................ 153
Service Endpoints ........................................................................................................... 154
Service Quotas ............................................................................................................... 159
AWS Elastic Beanstalk ............................................................................................................. 159
Service Endpoints ........................................................................................................... 159
Service Quotas ............................................................................................................... 163
Amazon EBS .......................................................................................................................... 163
Service Endpoints ........................................................................................................... 164
Service Quotas ............................................................................................................... 167
Amazon EC2 .......................................................................................................................... 170
Service Endpoints ........................................................................................................... 170

Version 1.0
vi
AWS General Reference Reference guide

Service Quotas ............................................................................................................... 172


EC2 Image Builder .................................................................................................................. 173
Service Endpoints ........................................................................................................... 173
Service Quotas ............................................................................................................... 175
Amazon ECR .......................................................................................................................... 175
Service Endpoints ........................................................................................................... 176
Service Quotas ............................................................................................................... 180
Amazon ECR Public ................................................................................................................. 183
Service endpoints ........................................................................................................... 183
Service quotas ................................................................................................................ 183
Amazon ECS .......................................................................................................................... 184
Service endpoints ........................................................................................................... 184
Amazon ECS service quotas ............................................................................................. 185
AWS Fargate service quotas ............................................................................................. 187
Amazon EKS .......................................................................................................................... 188
Service Endpoints ........................................................................................................... 188
Service Quotas ............................................................................................................... 189
AWS Fargate service quotas ............................................................................................. 190
Amazon EFS ........................................................................................................................... 190
Service Endpoints ........................................................................................................... 190
Service Quotas ............................................................................................................... 193
Amazon Elastic Inference ......................................................................................................... 194
Service Endpoints ........................................................................................................... 194
Service Quotas ............................................................................................................... 194
Elastic Load Balancing ............................................................................................................. 194
Service Endpoints ........................................................................................................... 195
Service Quotas ............................................................................................................... 196
Elastic Transcoder ................................................................................................................... 198
Service Endpoints ........................................................................................................... 198
Service Quotas ............................................................................................................... 199
Amazon ElastiCache ................................................................................................................ 199
Service Endpoints ........................................................................................................... 199
Service Quotas ............................................................................................................... 201
Amazon ES ............................................................................................................................ 202
Service Endpoints ........................................................................................................... 203
Amazon EMR ......................................................................................................................... 204
Service Endpoints ........................................................................................................... 204
Service Quotas ............................................................................................................... 206
EventBridge ........................................................................................................................... 208
Service Endpoints ........................................................................................................... 208
Service Quotas ............................................................................................................... 210
Firewall Manager .................................................................................................................... 210
Service Endpoints ........................................................................................................... 210
Service Quotas ............................................................................................................... 211
Forecast ................................................................................................................................ 212
Service Endpoints ........................................................................................................... 212
Amazon Fraud Detector ........................................................................................................... 214
Service Endpoints ........................................................................................................... 214
Service Quotas ............................................................................................................... 215
FreeRTOS ............................................................................................................................... 215
Service Endpoints ........................................................................................................... 215
Service Quotas ............................................................................................................... 218
Amazon FSx ........................................................................................................................... 218
Service Endpoints ........................................................................................................... 219
Service Quotas ............................................................................................................... 220
GameLift ............................................................................................................................... 221
Service Endpoints ........................................................................................................... 221

Version 1.0
vii
AWS General Reference Reference guide

Service Quotas ............................................................................................................... 222


S3 Glacier .............................................................................................................................. 223
Service Endpoints ........................................................................................................... 223
Service Quotas ............................................................................................................... 225
Global Accelerator .................................................................................................................. 225
Service Endpoints ........................................................................................................... 225
Service Quotas ............................................................................................................... 226
AWS Glue .............................................................................................................................. 226
Service Endpoints ........................................................................................................... 226
Service Quotas ............................................................................................................... 228
AWS Glue DataBrew ................................................................................................................ 229
Service Endpoints ........................................................................................................... 229
Service Quotas ............................................................................................................... 230
AWS Ground Station ............................................................................................................... 230
Service Endpoints ........................................................................................................... 231
Service Quotas ............................................................................................................... 231
GuardDuty ............................................................................................................................. 232
Service Endpoints ........................................................................................................... 232
Service Quotas ............................................................................................................... 233
AWS Health ........................................................................................................................... 234
Service Endpoints ........................................................................................................... 234
Limits .................................................................................................................................... 234
Throttling and quotas for Amazon HealthLake ................................................................... 234
.................................................................................................................................... 235
Amazon Honeycode ................................................................................................................ 235
Service Endpoints ........................................................................................................... 235
IAM ....................................................................................................................................... 235
Service Endpoints ........................................................................................................... 235
Service Quotas ............................................................................................................... 237
IAM Access Analyzer ............................................................................................................... 238
Service endpoints ........................................................................................................... 238
Service Quotas ............................................................................................................... 240
AWS Import/Export ................................................................................................................ 240
Service Endpoints ........................................................................................................... 240
Amazon Inspector ................................................................................................................... 241
Service Endpoints ........................................................................................................... 241
Service Quotas ............................................................................................................... 242
AWS IoT 1-Click ..................................................................................................................... 242
Service Endpoints ........................................................................................................... 242
Service Quotas ............................................................................................................... 243
AWS IoT Analytics .................................................................................................................. 244
Service Endpoints ........................................................................................................... 244
Service Quotas ............................................................................................................... 245
AWS IoT Core ......................................................................................................................... 246
Service Endpoints ........................................................................................................... 246
Service Quotas ............................................................................................................... 253
AWS IoT Device Defender ........................................................................................................ 272
Service endpoints ........................................................................................................... 272
Service quotas ................................................................................................................ 274
AWS IoT Device Management ................................................................................................... 275
Service Endpoints ........................................................................................................... 275
Service Quotas ............................................................................................................... 282
AWS IoT Events ...................................................................................................................... 286
Service Endpoints ........................................................................................................... 286
Service Quotas ............................................................................................................... 287
AWS IoT Greengrass V1 ........................................................................................................... 289
Service Endpoints ........................................................................................................... 289

Version 1.0
viii
AWS General Reference Reference guide

Service Quotas ............................................................................................................... 293


AWS IoT Greengrass V2 ........................................................................................................... 295
Service Endpoints ........................................................................................................... 295
Service Quotas ............................................................................................................... 298
AWS IoT SiteWise ................................................................................................................... 299
Service Endpoints ........................................................................................................... 299
Service Quotas ............................................................................................................... 300
AWS IoT Things Graph ............................................................................................................ 303
Service Endpoints ........................................................................................................... 303
Service Quotas ............................................................................................................... 303
Amazon IVS ........................................................................................................................... 305
Service Endpoints ........................................................................................................... 306
Service Quotas ............................................................................................................... 306
Amazon Kendra ...................................................................................................................... 306
Service Endpoints ........................................................................................................... 306
Amazon Keyspaces (for Apache Cassandra) ................................................................................ 306
Service Endpoints ........................................................................................................... 307
Service Quotas ............................................................................................................... 308
AWS Key Management Service (AWS KMS) ................................................................................. 308
Service Endpoints ........................................................................................................... 308
Service Quotas ............................................................................................................... 310
Kinesis Data Analytics ............................................................................................................. 311
Service Endpoints ........................................................................................................... 311
Service Quotas ............................................................................................................... 313
Kinesis Data Firehose .............................................................................................................. 313
Service Endpoints ........................................................................................................... 313
Service Quotas ............................................................................................................... 315
Kinesis Data Streams .............................................................................................................. 315
Service Endpoints ........................................................................................................... 316
Service Quotas ............................................................................................................... 318
Kinesis Video Streams ............................................................................................................. 318
Service Endpoints ........................................................................................................... 318
Service Quotas ............................................................................................................... 319
Lake Formation ...................................................................................................................... 324
Service Endpoints ........................................................................................................... 325
Service Quotas ............................................................................................................... 326
Lambda ................................................................................................................................. 326
Service Endpoints ........................................................................................................... 327
Service Quotas ............................................................................................................... 328
AWS Launch Wizard ................................................................................................................ 329
Service Endpoints ........................................................................................................... 173
Service Quotas ............................................................................................................... 330
Amazon Lex ........................................................................................................................... 330
V2 service endpoints ....................................................................................................... 331
V1 service endpoints ....................................................................................................... 332
License Manager ..................................................................................................................... 333
Service Endpoints ........................................................................................................... 333
Service Quotas ............................................................................................................... 335
Amazon Lightsail .................................................................................................................... 335
Service Endpoints ........................................................................................................... 335
Service Quotas ............................................................................................................... 336
Amazon Location Service ......................................................................................................... 338
Service Endpoints ........................................................................................................... 338
Service Quotas ............................................................................................................... 339
Amazon Lookout for Equipment ............................................................................................... 345
Service Endpoints ........................................................................................................... 345
Service Quotas ............................................................................................................... 345

Version 1.0
ix
AWS General Reference Reference guide

Amazon Lookout for Vision ...................................................................................................... 347


Service Endpoints ........................................................................................................... 347
Service Quotas ............................................................................................................... 347
Macie .................................................................................................................................... 348
Service Endpoints ........................................................................................................... 348
Service Quotas ............................................................................................................... 350
Amazon ML ........................................................................................................................... 351
Service Endpoints ........................................................................................................... 351
Service Quotas ............................................................................................................... 351
Managed Blockchain ............................................................................................................... 352
Service Endpoints ........................................................................................................... 352
Service Quotas ............................................................................................................... 352
AWS Marketplace .................................................................................................................... 353
Service Endpoints ........................................................................................................... 353
Amazon Mechanical Turk ......................................................................................................... 355
Service Endpoints ........................................................................................................... 355
Amazon MSK ......................................................................................................................... 355
Service Endpoints ........................................................................................................... 356
MediaConnect ........................................................................................................................ 357
Service Endpoints ........................................................................................................... 357
Service Quotas ............................................................................................................... 359
MediaConvert ......................................................................................................................... 359
Service Endpoints ........................................................................................................... 359
Service Quotas ............................................................................................................... 361
MediaLive .............................................................................................................................. 362
Service Endpoints ........................................................................................................... 362
Service Quotas ............................................................................................................... 363
MediaPackage ........................................................................................................................ 364
Service Endpoints ........................................................................................................... 364
Service Quotas ............................................................................................................... 366
MediaStore ............................................................................................................................ 367
Service Endpoints ........................................................................................................... 367
Service Quotas ............................................................................................................... 368
MediaTailor ............................................................................................................................ 369
Service Endpoints ........................................................................................................... 369
Service Quotas ............................................................................................................... 370
Migration Hub ........................................................................................................................ 370
Service Endpoints ........................................................................................................... 370
Amazon MQ ........................................................................................................................... 371
Service Endpoints ........................................................................................................... 371
Service Quotas ............................................................................................................... 372
Neptune ................................................................................................................................ 373
Service Endpoints ........................................................................................................... 373
Service Quotas ............................................................................................................... 374
Network Firewall .................................................................................................................... 374
Service endpoints ........................................................................................................... 375
Service quotas ................................................................................................................ 375
Network Manager ................................................................................................................... 375
Service Endpoints ........................................................................................................... 375
Service Quotas ............................................................................................................... 375
AWS OpsWorks ...................................................................................................................... 375
Service Endpoints ........................................................................................................... 376
Service Quotas ............................................................................................................... 378
Organizations ......................................................................................................................... 378
Service Endpoints ........................................................................................................... 378
Service Quotas ............................................................................................................... 381
AWS Outposts ........................................................................................................................ 381

Version 1.0
x
AWS General Reference Reference guide

Service Endpoints ........................................................................................................... 381


Amazon Personalize ................................................................................................................ 383
Service Endpoints ........................................................................................................... 383
Amazon Pinpoint .................................................................................................................... 385
Service endpoints ........................................................................................................... 386
Service quotas ................................................................................................................ 387
Amazon Polly ......................................................................................................................... 389
Service Endpoints ........................................................................................................... 389
Service Quotas ............................................................................................................... 390
QLDB .................................................................................................................................... 391
Service Endpoints ........................................................................................................... 391
Service Quotas ............................................................................................................... 392
Amazon QuickSight ................................................................................................................ 392
Service Endpoints ........................................................................................................... 393
AWS RAM .............................................................................................................................. 394
Service Endpoints ........................................................................................................... 394
Service Quotas ............................................................................................................... 396
Amazon Redshift .................................................................................................................... 396
Service endpoints ........................................................................................................... 396
Service quotas ................................................................................................................ 398
Amazon Rekognition ............................................................................................................... 398
Service Endpoints ........................................................................................................... 399
Service Quotas ............................................................................................................... 401
Amazon RDS .......................................................................................................................... 403
Service Endpoints ........................................................................................................... 403
Service Quotas ............................................................................................................... 407
Resource Groups ..................................................................................................................... 407
Service Endpoints ........................................................................................................... 408
Service Quotas ............................................................................................................... 411
AWS RoboMaker ..................................................................................................................... 411
Service Endpoints ........................................................................................................... 412
Service Quotas ............................................................................................................... 412
Route  53 ................................................................................................................................ 415
Service Endpoints ........................................................................................................... 415
Service Quotas ............................................................................................................... 418
SageMaker ............................................................................................................................. 419
Service Endpoints ........................................................................................................... 419
Service Quotas ............................................................................................................... 423
Secrets Manager ..................................................................................................................... 431
Service Endpoints ........................................................................................................... 431
Service Quotas ............................................................................................................... 433
Security Hub .......................................................................................................................... 433
Service Endpoints ........................................................................................................... 433
AWS STS ............................................................................................................................... 435
Service Endpoints ........................................................................................................... 435
AWS SMS .............................................................................................................................. 437
Service Endpoints ........................................................................................................... 437
Service Quotas ............................................................................................................... 439
Service Quotas ....................................................................................................................... 439
Service Endpoints ........................................................................................................... 439
Service Quotas ............................................................................................................... 441
AWS Serverless Application Repository ...................................................................................... 441
Service Endpoints ........................................................................................................... 441
Service Quotas ............................................................................................................... 443
AWS Service Catalog ............................................................................................................... 443
Service Endpoints ........................................................................................................... 443
Service Quotas ............................................................................................................... 445

Version 1.0
xi
AWS General Reference Reference guide

Shield Advanced ..................................................................................................................... 446


Service Endpoints ........................................................................................................... 446
Service Quotas ............................................................................................................... 448
Amazon SES .......................................................................................................................... 448
Service Endpoints ........................................................................................................... 448
Service Quotas ............................................................................................................... 451
AWS Signer .......................................................................................................................... 452
Service Endpoints for AWS Signer with Lambda ................................................................. 452
Service Endpoints for AWS Signer with IoT ........................................................................ 454
Service Quotas ............................................................................................................... 455
Amazon SNS .......................................................................................................................... 455
Service endpoints ........................................................................................................... 455
Service quotas ................................................................................................................ 457
Amazon SQS .......................................................................................................................... 460
Service Endpoints ........................................................................................................... 461
Service Quotas ............................................................................................................... 464
Amazon S3 ............................................................................................................................ 464
Service Endpoints ........................................................................................................... 464
Service Quotas ............................................................................................................... 482
Amazon SWF ......................................................................................................................... 483
Service Endpoints ........................................................................................................... 483
Service Quotas ............................................................................................................... 485
Amazon SimpleDB .................................................................................................................. 485
Service Endpoints ........................................................................................................... 485
Service Quotas ............................................................................................................... 486
AWS SSO ............................................................................................................................... 486
Service Endpoints ........................................................................................................... 486
Service Quotas ............................................................................................................... 487
Snow Family .......................................................................................................................... 488
Service Endpoints ........................................................................................................... 488
Service Quotas ............................................................................................................... 490
Step Functions ....................................................................................................................... 490
Service Endpoints ........................................................................................................... 490
Service Quotas ............................................................................................................... 492
AWS Storage Gateway ............................................................................................................. 492
Service endpoints ........................................................................................................... 492
Service quotas ................................................................................................................ 495
AWS Support ......................................................................................................................... 495
Service Endpoints ........................................................................................................... 495
Service Quotas ............................................................................................................... 495
AWS Systems Manager ............................................................................................................ 495
Service Endpoints ........................................................................................................... 495
Service Quotas ............................................................................................................... 497
Amazon Textract .................................................................................................................... 505
Service Endpoints ........................................................................................................... 506
Service Quotas ............................................................................................................... 507
Amazon Transcribe ................................................................................................................. 508
Service Endpoints ........................................................................................................... 508
Service Quotas ............................................................................................................... 510
Amazon Transcribe Medical ...................................................................................................... 512
Service Endpoints ........................................................................................................... 512
Service Quotas ............................................................................................................... 512
AWS Transfer Family ............................................................................................................... 513
Service endpoints ........................................................................................................... 513
Service quotas ................................................................................................................ 515
Amazon Translate ................................................................................................................... 515
Service Endpoints ........................................................................................................... 515

Version 1.0
xii
AWS General Reference Reference guide

Service Quotas ............................................................................................................... 517


Amazon VPC .......................................................................................................................... 517
Service Endpoints ........................................................................................................... 517
Service Quotas ............................................................................................................... 519
AWS WAF .............................................................................................................................. 520
Service Endpoints ........................................................................................................... 520
Service Quotas ............................................................................................................... 522
AWS WAF Classic .................................................................................................................... 523
Service Endpoints ........................................................................................................... 523
Service Quotas ............................................................................................................... 526
AWS Well-Architected Tool ...................................................................................................... 528
Service Endpoints ........................................................................................................... 528
Service Quotas ............................................................................................................... 529
Amazon WorkDocs .................................................................................................................. 529
Service Endpoints ........................................................................................................... 529
Amazon WorkLink ................................................................................................................... 530
Service Endpoints ........................................................................................................... 530
Amazon WorkMail .................................................................................................................. 530
Service Endpoints ........................................................................................................... 531
Service Quotas ............................................................................................................... 532
Amazon WorkSpaces ............................................................................................................... 532
Service Endpoints ........................................................................................................... 532
Service Quotas ............................................................................................................... 533
X-Ray .................................................................................................................................... 533
Service Endpoints ........................................................................................................... 533
Service Quotas ............................................................................................................... 535
AWS resources ............................................................................................................................... 536
AWS service endpoints ............................................................................................................ 536
Regional endpoints ......................................................................................................... 536
View the service endpoints .............................................................................................. 537
FIPS endpoints ............................................................................................................... 538
Learn more .................................................................................................................... 538
Managing AWS Regions ........................................................................................................... 538
Enabling a Region .......................................................................................................... 539
Disabling a Region .......................................................................................................... 539
Describing your Regions using the AWS CLI ....................................................................... 540
AWS service quotas ................................................................................................................ 540
Tagging AWS resources ........................................................................................................... 541
Best practices ................................................................................................................. 541
Tagging categories .......................................................................................................... 542
Tag naming limits and requirements ................................................................................. 542
Common tagging strategies ............................................................................................. 543
Tagging governance ........................................................................................................ 544
Learn more .................................................................................................................... 544
Amazon Resource Names (ARNs) .............................................................................................. 544
Format .......................................................................................................................... 545
Resource ARNs ............................................................................................................... 546
AWS IP address ranges .................................................................................................................... 547
Download .............................................................................................................................. 547
Syntax ................................................................................................................................... 547
Filtering the JSON file ............................................................................................................. 549
Windows ....................................................................................................................... 549
Linux ............................................................................................................................. 550
Implementing egress control .................................................................................................... 551
Windows PowerShell ....................................................................................................... 552
jq .................................................................................................................................. 552
Python .......................................................................................................................... 552

Version 1.0
xiii
AWS General Reference Reference guide

AWS IP address ranges notifications ......................................................................................... 553


Release notes ......................................................................................................................... 554
AWS APIs ....................................................................................................................................... 556
API retries ............................................................................................................................. 556
Signing AWS API requests ....................................................................................................... 558
When to sign requests .................................................................................................... 558
Why requests are signed ................................................................................................. 558
Signing requests ............................................................................................................. 559
Signature versions .......................................................................................................... 559
Signature Version 4 signing process .................................................................................. 560
Signature Version 2 signing process .................................................................................. 593
AWS SDK support for Amazon S3 client-side encryption .............................................................. 599
AWS SDK features for Amazon S3 client-side encryption ..................................................... 600
Amazon S3 encryption client cryptographic algorithms ....................................................... 600
Document conventions .................................................................................................................... 602
AWS glossary ................................................................................................................................. 604

Version 1.0
xiv
AWS General Reference Reference guide

AWS General Reference


The AWS General Reference provides information that is useful across Amazon Web Services.

Contents

• AWS security credentials (p. 2)


• Service endpoints and quotas (p. 16)
• AWS resources (p. 536)
• AWS IP address ranges (p. 547)
• AWS APIs (p. 556)
• Document conventions (p. 602)
• AWS glossary (p. 604)

Version 1.0
1
AWS General Reference Reference guide
AWS users

AWS security credentials


When you interact with AWS, you specify your AWS security credentials to verify who you are and
whether you have permission to access the resources that you are requesting. AWS uses the security
credentials to authenticate and authorize your requests.

For example, if you want to download a protected file from an Amazon Simple Storage Service (Amazon
S3) bucket, your credentials must allow that access. If your credentials aren't authorized to download the
file, AWS denies your request. However, your AWS security credentials are not required to download a file
in an Amazon S3 bucket that is publicly shared.

Contents
• AWS account root user credentials and IAM user credentials (p. 2)
• Understanding and getting your AWS credentials (p. 3)
• Your AWS account identifiers (p. 6)
• Best practices for managing AWS access keys (p. 7)
• AWS security audit guidelines (p. 11)

AWS account root user credentials and IAM user


credentials
There are two different types of users in AWS. You are either the account owner (root user) or you are
an AWS Identity and Access Management (IAM) user. The root user is created when the AWS account
is created and IAM users are created by the root user or an IAM administrator for the account. All AWS
users have security credentials.

Root user credentials

The credentials of the account owner allow full access to all resources in the account. You cannot use
IAM policies to explicitly deny the root user access to resources. You can only use an AWS Organizations
service control policy (SCP) to limit the permissions of the root user. Because of this, we recommend that
you create an IAM user with administrator permissions to use for everyday AWS tasks and lock away the
access keys for the root user.

There are specific tasks that are restricted to the AWS account root user. For example, only the root user
can close your account. If you need to perform a task that requires the root user, sign in to the AWS
Management Console using the email address and password of the root user. For more information, see
Tasks that require root user credentials (p. 3).

IAM credentials

With IAM, you can securely control access to AWS services and resources for users in your AWS account.
For example, if you require administrator-level permissions, you can create an IAM user, grant that user
full access, and then use those credentials to interact with AWS. If you need to modify or revoke your
permissions, you can delete or modify the policies that are associated with that IAM user.

If you have multiple users that require access to your AWS account, you can create unique credentials
for each user and define who has access to which resources. You don't need to share credentials. For
example, you can create IAM users with read-only access to resources in your AWS account and distribute
those credentials to users.

Version 1.0
2
AWS General Reference Reference guide
Tasks that require root user credentials

Tasks that require root user credentials


We recommend that you use an IAM user with appropriate permissions to perform tasks and access AWS
resources. However, you can perform the tasks listed below only when you sign in as the root user of an
account.

Tasks

• Change your account settings. This includes the account name, email address, root user password,
and root user access keys. Other account settings, such as contact information, payment currency
preference, and Regions, do not require root user credentials.
• Restore IAM user permissions. If the only IAM administrator accidentally revokes their own
permissions, you can sign in as the root user to edit policies and restore those permissions.
• Activate IAM access to the Billing and Cost Management console.
• View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and
download VAT invoices from AWS Europe, but not AWS Inc or Amazon Internet Services Pvt. Ltd
(AISPL).
• Close your AWS account.
• Change your AWS Support plan or Cancel your AWS Support plan. For more information, see IAM for
AWS Support.
• Register as a seller in the Reserved Instance Marketplace.
• Configure an Amazon S3 bucket to enable MFA (multi-factor authentication) Delete.
• Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID.
• Sign up for GovCloud.

Troubleshooting

If you cannot complete any of these tasks using your root user credentials, your account might be a
member of an organization in AWS Organizations. If your organizational administrator used a service
control policy (SCP) to limit the permissions of your account, your root user permissions might be
affected. For more information, see Service control policies in the AWS Organizations User Guide.

Understanding and getting your AWS credentials


AWS requires different types of security credentials depending on how you access AWS. For example,
you need a user name and password to sign in to the AWS Management Console and you need access
keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for
PowerShell.

Considerations

• Be sure to save the following in a secure location: the email address associated with your AWS account,
the AWS account ID, your password, and your secret access keys. If you forget or lose these credentials,
you can't recover them. For security reasons, AWS doesn't provide the means for you or anyone else to
retrieve your credentials.
• We strongly recommend that you create an IAM user with administrator permissions to use for
everyday AWS tasks and lock away the password and access keys for the root user. Use the root user
only for the tasks that are restricted to the root user.
• Security credentials are account-specific. If you have access to multiple AWS accounts, you have
separate credentials for each account.
• Do not provide your AWS credentials to a third party.

Version 1.0
3
AWS General Reference Reference guide
Console access

Credentials
• Console access (p. 4)
• Programmatic access (p. 5)
• Temporary access keys (p. 5)

Console access
There are two different types of users in AWS. You are either the account owner (root user) or you are
an AWS Identity and Access Management (IAM) user. How you sign in to the AWS Management Console
depends on whether you are the root user or an IAM user.

Contents
• Root user email address and password (p. 4)
• IAM user name and password (p. 4)
• Multi-factor authentication (MFA) (p. 4)

Root user email address and password


When you first create an AWS account, you specify an email address for the account and a password
for the root user. To sign in to your AWS account as the root user, you provide this email address and
password. The root user can sign in to the AWS Management Console and change the account name,
email address, and password using the Security Credentials page. If you forget the password for the root
user, open the console sign-in page and choose Forgot password? to reset your password.

IAM user name and password


IAM users are created by the root user or an IAM administrator within the AWS account. The user who
created your IAM user should provide you with either the account alias or 12-digit AWS account ID, the
IAM user name, and the password for the IAM user. An IAM user can sign in using either the console sign-
in page or the following sign-in URL, replacing account_id_or_alias with either the account alias or
AWS account ID provided to you:

https://account_id_or_alias.signin.aws.amazon.com/console/

If you forget the password for your IAM user, contact your IAM administrator or the account owner. If
your IAM administrator gave you permissions to manage your own AWS credentials, then you can change
your password periodically, which is a security best practice, using the Security Credentials page.

Multi-factor authentication (MFA)


Multi-factor authentication (MFA) provides an extra level of security that you can apply to your AWS
account. For additional security, we recommend that you require MFA on the AWS account root user
credentials and highly privileged IAM users. For more information, see Using Multi-Factor Authentication
(MFA) in AWS in the IAM User Guide.

With MFA enabled, when you sign in to your AWS account, you are prompted for your user name and
password, plus an authentication code from an MFA device. Adding MFA provides increased security for
your AWS account settings and resources.

By default, MFA (multi-factor authentication) is not enabled. You can enable and manage MFA devices
for the AWS account root user by going to the Security Credentials page or the IAM dashboard in the
AWS Management Console. For more information about enabling MFA for IAM users, see Enabling MFA
Devices in the IAM User Guide.

Version 1.0
4
AWS General Reference Reference guide
Programmatic access

Programmatic access
You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS
Command Line Interface or AWS Tools for PowerShell.

When you create your access keys, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE)
and secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set. The
secret access key is available for download only when you create it. If you don't download your secret
access key or if you lose it, you must create a new one.

You can assign up to two access keys per user (root user or IAM user). Having two access keys is useful
when you want to rotate them. When you disable an access key, you can't use it, but it counts toward
your limit of two access keys. After you delete an access key, it's gone forever and can't be restored, but it
can be replaced with a new access key.

To create an access key when signed in as the root user

1. Sign in to the AWS Management Console as the root user. For more information, see Sign in as the
root user in the IAM User Guide.
2. In the navigation bar on the upper right, choose your account name or number and then choose My
Security Credentials.
3. Expand the Access keys (access key ID and secret access key) section.
4. Choose Create New Access Key. If you already have two access keys, this button is disabled.
5. When prompted, choose Show Access Key or Download Key File. This is your only opportunity to
save your secret access key.
6. After you've saved your secret access key in a secure location, chose Close.

To create an access key when signed in as an IAM user

1. Sign in to the AWS Management Console as an IAM user. For more information, see Sign in as an IAM
user in the IAM User Guide.
2. In the navigation bar on the upper right, choose your user name and then choose My Security
Credentials.
Tip
If you do not see the My Security Credentials page, you might be signed in as a federated
user, not an IAM user. You can create and use temporary access keys (p. 5) instead.
3. Choose AWS IAM credentials, Create access key. If you already have two access keys, the console
displays a "Limited exceeded" error.
4. When prompted, choose Download .csv file or Show secret access key. This is your only opportunity
to save your secret access key.
5. After you've saved your secret access key in a secure location, chose Close.

Temporary access keys


You can also create and use temporary access keys, known as temporary security credentials. In addition
to the access key ID and secret access key, temporary security credentials include a security token that
you must send to AWS when you use temporary security credentials. The advantage of temporary
security credentials is that they are short term. After they expire, they're no longer valid. You can use
temporary access keys in less secure environments or distribute them to grant users temporary access
to resources in your AWS account. For example, you can grant entities from other AWS accounts access
to resources in your AWS account (cross-account access). You can also grant users who don't have AWS

Version 1.0
5
AWS General Reference Reference guide
AWS account identifiers

security credentials access to resources in your AWS account (federation). For more information, see aws
sts assume-role.

Your AWS account identifiers


AWS assigns the following unique identifiers to each AWS account:

AWS account ID

A 12-digit number, such as 123456789012, that uniquely identifies an AWS account. Many AWS
resources include the account ID in their Amazon Resource Names (ARNs). The account ID portion
distinguishes resources in one account from the resources in another account. If you are an IAM user,
you can sign in to the AWS Management Console using either the account ID or account alias.
Canonical user ID

An alpha-numeric identifier, such as


79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be, that is an
obfuscated form of the AWS account ID. You can use this ID to identify an AWS account when
granting cross-account access to buckets and objects using Amazon S3. You can retrieve the
canonical user ID for your AWS account as either the root user or an IAM user.

You must be authenticated with AWS to view these identifiers.


Warning
Do not provide your AWS credentials (p. 3) to a third party that needs your AWS account
identifiers to share AWS resources with you. Doing so would give them the same access to the
AWS account that you have.

Finding your AWS account ID


You can find the AWS account ID in the AWS Management Console. The location of the account ID in
the console depends on whether you are logged in as the root user or an IAM user. The account ID is the
same whether you are logged in as the root user or an IAM user.

Prerequisite

You must be signed in to the AWS Management Console. For more information, see Signing in to the
AWS Management Console in the IAM User Guide.

To find your AWS account ID when signed in as the root user

1. In the navigation bar on the upper right, choose your account name or number and then choose My
Security Credentials.
2. Expand the Account identifiers section. The account number appears next to the label AWS Account
ID.

To find your AWS account ID when signed in as an IAM user

1. In the navigation bar on the upper right, choose your user name and then choose My Security
Credentials.
Tip
If you do not see the My Security Credentials page, you might be signed in as a federated
user, not an IAM user.
2. At the top of the page, under Account details, the account number appears next to the label AWS
account ID.

Version 1.0
6
AWS General Reference Reference guide
Finding the canonical user ID for your AWS account

To find your AWS account ID using the AWS CLI

Use the get-caller-identity command as follows:

aws sts get-caller-identity --query Account --output text

Finding the canonical user ID for your AWS account


You can find the canonical user ID for your AWS account using the AWS Management Console or the AWS
CLI. The canonical user ID for an AWS account is specific to that account. You can retrieve the canonical
user ID for your AWS account as the root user, a federated user, or an IAM user.

Prerequisites

You must have permission to list and view an Amazon S3 bucket if you are a federated user or are
accessing the information programmatically, such as through the AWS CLI.

To find the canonical user ID for your account when signed in to the console as the root user
or an IAM user

1. Sign in to the AWS Management Console as the root user or an IAM user.

For more information, see Signing in to the AWS Management Console in the IAM User Guide.
2. In the navigation bar on the upper right, choose your account name or number and then choose My
Security Credentials.
3. If you are the root user, expand Account identifiers and find Canonical User ID.

If you are an IAM user, under Account details, find Account canonical user ID.

To find the canonical user ID for your account when signed in to the console as a federated
user

1. Sign in to the AWS Management Console as a federated user.

For more information, see Signing in to the AWS Management Console in the IAM User Guide.
2. In the Amazon S3 console, to view details about a bucket, choose a bucket name.
3. Choose Permissions, and then choose Access Control List.

At the top of the page, under Access for bucket owner, the canonical user ID for the AWS account
appears.

To find the canonical user ID using the AWS CLI

Use the list-buckets command as follows:

aws s3api list-buckets --query Owner.ID --output text

Best practices for managing AWS access keys


When you use AWS programmatically, you provide your AWS access keys so that AWS can verify
your identity in programmatic calls. Your access keys consist of an access key ID (for example,

Version 1.0
7
AWS General Reference Reference guide
Remove (or don't generate) an account access key

AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/


bPxRfiCYEXAMPLEKEY).

Anyone who has your access keys has the same level of access to your AWS resources that you do.
Consequently, AWS goes to significant lengths to protect your access keys, and, in keeping with our
shared-responsibility model, you should as well.

The steps that follow can help you protect your access keys. For background information, see AWS
security credentials (p. 2).
Note
Your organization may have different security requirements and policies than those described in
this topic. The suggestions provided here are intended as general guidelines.

Remove (or don't generate) an account access key


You must use your access keys to sign requests that you make using the AWS Command Line Tools,
the AWS SDKs, or direct API calls. Anyone who has the access keys for your AWS account root user has
unrestricted access to all the resources in your account, including billing information. You cannot restrict
the permissions for your AWS account root user.

One of the best ways to protect your account is to not have access keys for your AWS account root
user. Unless you must have root user access keys (which is rare), it is best not to generate them. Instead,
the recommended best practice is to create one or more AWS Identity and Access Management (IAM)
users. Grant those IAM users the necessary permissions and use them for everyday interaction with AWS.

If you already have access keys for your account, we recommend the following: Find places in your
applications where you are currently using access keys (if any), replace the root user access keys with IAM
user access keys. Then disable and remove the root user access keys. For more information about how to
substitute one access key for another, see the post How to Rotate Access Keys for IAM Users on the AWS
Security Blog.

By default, AWS does not generate access keys for new accounts.

For information about how to create an IAM user with administrative permissions, see Creating Your First
IAM Admin User and Group in the IAM User Guide.

Use temporary security credentials (IAM roles)


instead of long-term access keys
In many scenarios, you don't need long-term access keys that never expire (as you have with an IAM
user). Instead, you can create IAM roles and generate temporary security credentials. Temporary security
credentials consist of an access key ID and a secret access key, but they also include a security token that
indicates when the credentials expire.

Long-term access keys, such as those associated with IAM users and AWS account root users, remain valid
until you manually revoke them. However, temporary security credentials obtained through IAM roles
and other features of the AWS Security Token Service expire after a short period of time. Use temporary
security credentials to help reduce your risk in case credentials are accidentally exposed.

Use an IAM role and temporary security credentials in these scenarios:

• You have an application or AWS CLI scripts running on an Amazon EC2 instance. Do not use
access keys directly in your application. Don't pass access keys to the application, embed them in the
application, or let the application read access keys from any source. Instead, define an IAM role that
has appropriate permissions for your application and launch the Amazon EC2 instance with roles for
EC2. Doing this associates an IAM role with the Amazon EC2 instance. This practice also enables the

Version 1.0
8
AWS General Reference Reference guide
Manage IAM user access keys properly

application to get temporary security credentials that it can in turn use to make programatic calls to
AWS. The AWS SDKs and the AWS CLI can get temporary credentials from the role automatically.
• You need to grant cross-account access. Use an IAM role to establish trust between accounts,
and then grant users in one account limited permissions to access the trusted account. For more
information, see Tutorial: Delegate Access Across AWS Accounts Using IAM Roles in the IAM User Guide.
• You have a mobile app. Do not embed access keys with the app, even in encrypted storage. Instead,
use Amazon Cognito to manage user identities in your app. This service lets you authenticate users
using Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC)–compatible identity
provider. You can then use the Amazon Cognito credentials provider to manage credentials that your
app uses to make requests to AWS. For more information, see Using the Amazon Cognito Credentials
Provider on the AWS Mobile Blog.
• You want to federate into AWS and your organization supports SAML 2.0. If you work for an
organization that has an identity provider that supports SAML 2.0, configure the provider to use SAML.
You can use SAML to exchange authentication information with AWS and get back a set of temporary
security credentials. For more information, see About SAML 2.0-based Federation in the IAM User
Guide.
• You want to federate into AWS and your organization has an on-premises identity store. If users
can authenticate inside your organization, you can write an application that can issue them temporary
security credentials for access to AWS resources. For more information, see Creating a URL that
Enables Federated Users to Access the AWS Management Console (Custom Federation Broker) in the
IAM User Guide.

Manage IAM user access keys properly


If you must create access keys for programmatic access to AWS, create them for IAM users, granting the
users only the permissions they require. For more information, see Managing Access Keys for IAM Users
in the IAM User Guide.
Note
Are you using an Amazon EC2 instance with an application that requires programmatic access to
AWS resources? If so, use IAM roles for EC2.

Observe these precautions when using access keys:

• Don't embed access keys directly into code. The AWS SDKs and the AWS Command Line Tools enable
you to put access keys in known locations so that you do not have to keep them in code.

Put access keys in one of the following locations:


• The AWS credentials file. The AWS SDKs and AWS CLI automatically use the credentials that you
store in the AWS credentials file.

For information about using the AWS credentials file, see the documentation for your SDK. Examples
include Set up AWS Credentials and Region for Development in the AWS SDK for Java Developer
Guide and Configuration and Credential Files in the AWS Command Line Interface User Guide.

To store credentials for the AWS SDK for .NET and the AWS Tools for Windows PowerShell, we
recommend that you use the SDK Store. For more information, see Using the SDK Store in the AWS
SDK for .NET Developer Guide.
• Environment variables. On a multitenant system, choose user environment variables, not system
environment variables.

For more information about using environment variables to store credentials, see Environment
Variables in the AWS Command Line Interface User Guide.
• Use different access keys for different applications. Do this so that you can isolate the permissions
and revoke the access keys for individual applications if they are exposed. Having separate access keys

Version 1.0
9
AWS General Reference Reference guide
Access the mobile app using AWS access keys

for different applications also generates distinct entries in AWS CloudTrail log files. This configuration
makes it easier for you to determine which application performed specific actions.
• Rotate access keys periodically. Change access keys on a regular basis. For details, see Rotating Access
Keys (AWS CLI, Tools for Windows PowerShell, and AWS API) in the IAM User Guide and How to Rotate
Access Keys for IAM Users on the AWS Security Blog.
• Remove unused access keys. If a user leaves your organization, remove the corresponding IAM user
so that the user can no longer access your resources. To find out when an access key was last used, use
the GetAccessKeyLastUsed API (AWS CLI command: aws iam get-access-key-last-used).
• Configure multi-factor authentication for your most sensitive operations. For more information, see
Using Multi-Factor Authentication (MFA) in AWS in the IAM User Guide.

Access the mobile app using AWS access keys


You can access a limited set of AWS services and features using the AWS mobile app. The mobile app
helps you support incident response while on the go. For more information and to download the app,
see AWS Console Mobile Application.

You can sign in to the mobile app using your console password or your access keys. As a best practice, do
not use root user access keys. Instead, we strongly recommend that in addition to using a password or
biometric lock on your mobile device, you create an IAM user to manage AWS resources. If you lose your
mobile device, you can remove the IAM user's access. For more information about generating access keys
for an IAM user, see Managing Access Keys for IAM Users in the IAM User Guide.

To sign in using access keys (mobile app)

1. Open the app on your mobile device.


2. If this is the first time that you're adding an identity to the device, choose Add an identity and then
choose Access keys.

If you have already signed in using another identity, choose the menu icon and choose Switch
identity. Then choose Sign in as a different identity and then Access keys.
3. On the Access keys page, enter your information:

• Access key ID – Enter your access key ID.


• Secret access key – Enter your secret access key.
• Identity name – Enter the name of the identity that will appear in the mobile app. This does not
need to match your IAM user name.
• Identity PIN – Create a personal identification number (PIN) that you will use for future sign-ins.
Note
If you enable biometrics for the AWS mobile app, you will be prompted to use your
fingerprint or facial recognition for verification instead of the PIN. If the biometrics fail,
you might be prompted for the PIN instead.
4. Choose Verify and add keys.

You can now access a select set of your resources using the mobile app.

Learn more
For more information about best practices for keeping your AWS account secure, see the following
resources:

• IAM Best Practices. Contains suggestions for using the AWS Identity and Access Management (IAM)
service to help secure your AWS resources.

Version 1.0
10
AWS General Reference Reference guide
AWS security audit guidelines

• The following pages provide guidance for setting up the AWS SDKs and the AWS CLI to use access
keys.
• Set up AWS Credentials and Region for Development in the AWS SDK for Java Developer Guide.
• Using the SDK Store in the AWS SDK for .NET Developer Guide.
• Providing Credentials to the SDK in the AWS SDK for PHP Developer Guide.
• Configuration in the Boto 3 (AWS SDK for Python) documentation.
• Using AWS Credentials in the AWS Tools for Windows PowerShell guide.
• Configuration and Credential Files in the AWS Command Line Interface User Guide.
• Granting Access Using an IAM Role. Discusses how programs written using the .NET SDK can
automatically get temporary security credentials when running on an Amazon EC2 instance. Similar
information is available for the AWS SDK for Java.

AWS security audit guidelines


You should periodically audit your security configuration to make sure it meets your current business
needs. An audit gives you an opportunity to remove unneeded IAM users, roles, groups, and policies, and
to make sure that your users and software have only the permissions that are required.

Following are guidelines for systematically reviewing and monitoring your AWS resources for security
best practices.

Contents
• When you should perform a security audit (p. 11)
• Guidelines for auditing (p. 12)
• Review your AWS account credentials (p. 12)
• Review your IAM users (p. 12)
• Review your IAM groups (p. 12)
• Review your IAM roles (p. 13)
• Review your IAM providers for SAML and OpenID Connect (OIDC) (p. 13)
• Review Your mobile apps (p. 13)
• Review your Amazon EC2 security configuration (p. 13)
• Review AWS policies in other services (p. 14)
• Monitor activity in your AWS account (p. 14)
• Tips for reviewing IAM policies (p. 14)
• Learn more (p. 15)

When you should perform a security audit


You should audit your security configuration in the following situations:

• On a periodic basis. You should perform the steps described in this document at regular intervals as a
best practice for security.
• If there are changes in your organization, such as people leaving.
• If you have stopped using one or more individual AWS services. This is important for removing
permissions that users in your account no longer need.
• If you've added or removed software in your accounts, such as applications on Amazon EC2 instances,
AWS OpsWorks stacks, AWS CloudFormation templates, etc.
• If you ever suspect that an unauthorized person might have accessed your account.

Version 1.0
11
AWS General Reference Reference guide
Guidelines for auditing

Guidelines for auditing


As you review your account's security configuration, follow these guidelines:

• Be thorough. Look at all aspects of your security configuration, including those you might not use
regularly.
• Don't assume. If you are unfamiliar with some aspect of your security configuration (for example, the
reasoning behind a particular policy or the existence of a role), investigate the business need until you
are satisfied.
• Keep things simple. To make auditing (and management) easier, use IAM groups, consistent naming
schemes, and straightforward policies.

Review your AWS account credentials


Take these steps when you audit your AWS account credentials:

1. If you're not using the root access keys for your account, you can remove them. We strongly
recommend that you do not use root access keys for everyday work with AWS, and that instead you
create IAM users.
2. If you do need to keep the access keys for your account, rotate them regularly.

Review your IAM users


Take these steps when you audit your existing IAM users:

1. List your users and then delete users that are inactive.
2. Remove users from groups that they don't need to be a part of.
3. Review the policies attached to the groups the user is in. See Tips for reviewing IAM policies (p. 14).
4. Delete security credentials that the user doesn't need or that might have been exposed. For example,
an IAM user that is used for an application does not need a password (which is necessary only to sign
in to AWS websites). Similarly, if a user does not use access keys, there's no reason for the user to have
one. For more information, see Managing Passwords for IAM Users and Managing Access Keys for IAM
Users in the IAM User Guide.

You can generate and download a credential report that lists all IAM users in your account and the
status of their various credentials, including passwords, access keys, and MFA devices. For passwords
and access keys, the credential report shows how recently the password or access key has been
used. Credentials that have not been used recently might be good candidates for removal. For more
information, see Getting Credential Reports for your AWS Account in the IAM User Guide.
5. Rotate (change) user security credentials periodically, or immediately if you ever share them with an
unauthorized person. For more information, see Managing Passwords for IAM Users and Managing
Access Keys for IAM Users in the IAM User Guide.

Review your IAM groups


Take these steps when you audit your IAM groups:

1. List your groups and then delete groups that are unused.
2. Review users in each group and remove users that don't belong.
3. Review the policies attached to the group. See Tips for reviewing IAM policies (p. 14).

Version 1.0
12
AWS General Reference Reference guide
Review your IAM roles

Review your IAM roles


Take these steps when you audit your IAM roles:

1. List your roles and then delete roles that are unused.
2. Review the role's trust policy. Make sure that you know who the principal is and that you understand
why that account or user needs to be able to assume the role.
3. Review the access policy for the role to be sure that it grants suitable permissions to whoever assumes
the role—see Tips for reviewing IAM policies (p. 14).

Review your IAM providers for SAML and OpenID


Connect (OIDC)
If you have created an IAM entity for establishing trust with a SAML or OIDC identity provider, take these
steps:

1. Delete unused providers.


2. Download and review the AWS metadata documents for each SAML provider and make sure the
documents reflect your current business needs. Alternatively, get the latest metadata documents from
the SAML IdPs that you want to establish trust with and update the provider in IAM.

Review Your mobile apps


If you have created a mobile app that makes requests to AWS, take these steps:

1. Make sure that the mobile app does not contain embedded access keys, even if they are in encrypted
storage.
2. Get temporary credentials for the app by using APIs that are designed for that purpose. We
recommend that you use Amazon Cognito to manage user identity in your app. This service lets you
authenticate users using Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC)–
compatible identity provider. You can then use the Amazon Cognito credentials provider to manage
credentials that your app uses to make requests to AWS.

If your mobile app doesn't support authentication using Login with Amazon, Facebook, Google, or any
other OIDC-compatible identity provider, you can create a proxy server that can dispense temporary
credentials to your app.

Review your Amazon EC2 security configuration


Take the following steps for each AWS Region:

1. Delete Amazon EC2 key pairs that are unused or that might be known to people outside your
organization.
2. Review your Amazon EC2 security groups:
• Remove security groups that no longer meet your needs.
• Remove rules from security groups that no longer meet your needs. Make sure you know why the
ports, protocols, and IP address ranges they permit have been allowed.
3. Terminate instances that aren't serving a business need or that might have been started by someone
outside your organization for unapproved purposes. Remember that if an instance is started with a

Version 1.0
13
AWS General Reference Reference guide
Review AWS policies in other services

role, applications that run on that instance can access AWS resources using the permissions that are
granted by that role.
4. Cancel Spot Instance requests that aren't serving a business need or that might have been made by
someone outside your organization.
5. Review your Auto Scaling groups and configurations. Shut down any that no longer meet your needs
or that might have been configured by someone outside your organization.

Review AWS policies in other services


Review the permissions for services that use resource-based policies or that support other security
mechanisms. In each case, make sure that only users and roles with a current business need have access
to the service's resources, and that the permissions granted on the resources are the fewest necessary to
meet your business needs.

• Review your Amazon S3 bucket policies and ACLs.


• Review your Amazon SQS queue policies.
• Review your Amazon SNS topic policies.
• Review your AWS OpsWorks permissions.
• Review your AWS KMS key policies.

Monitor activity in your AWS account


Follow these guidelines for monitoring AWS activity:

• Turn on AWS CloudTrail in each account and use it in each supported Region.
• Periodically examine CloudTrail log files. (CloudTrail has a number of partners who provide tools for
reading and analyzing log files.)
• Enable Amazon S3 bucket logging to monitor requests made to each bucket.
• If you believe there has been unauthorized use of your account, pay particular attention to temporary
credentials that have been issued. If temporary credentials have been issued that you don't recognize,
disable their permissions.
• Enable billing alerts in each account and set a cost threshold that lets you know if your charges exceed
your normal usage.

Tips for reviewing IAM policies


Policies are powerful and subtle, so it's important to study and understand the permissions that are
granted by each policy. Use the following guidelines when reviewing policies:

• As a best practice, attach policies to groups instead of to individual users. If an individual user has a
policy, make sure you understand why that user needs the policy.
• Make sure that IAM users, groups, and roles have only the permissions that they need.
• Use the IAM Policy Simulator to test policies that are attached to users or groups.
• Remember that a user's permissions are the result of all applicable policies—user policies, group
policies, and resource-based policies (on Amazon S3 buckets, Amazon SQS queues, Amazon SNS
topics, and AWS KMS keys). It's important to examine all the policies that apply to a user and to
understand the complete set of permissions granted to an individual user.
• Be aware that allowing a user to create an IAM user, group, role, or policy and attach a policy to the
principal entity is effectively granting that user all permissions to all resources in your account. That is,
users who are allowed to create policies and attach them to a user, group, or role can grant themselves

Version 1.0
14
AWS General Reference Reference guide
Learn more

any permissions. In general, do not grant IAM permissions to users or roles whom you do not trust
with full access to the resources in your account. The following list contains IAM permissions that you
should review closely:
• iam:PutGroupPolicy
• iam:PutRolePolicy
• iam:PutUserPolicy
• iam:CreatePolicy
• iam:CreatePolicyVersion
• iam:AttachGroupPolicy
• iam:AttachRolePolicy
• iam:AttachUserPolicy
• Make sure policies don't grant permissions for services that you don't use. For example, if you use
AWS managed policies, make sure the AWS managed policies that are in use in your account are for
services that you actually use. To find out which AWS managed policies are in use in your account, use
the IAM GetAccountAuthorizationDetails API (AWS CLI command: aws iam get-account-
authorization-details).
• If the policy grants a user permission to launch an Amazon EC2 instance, it might also allow the
iam:PassRole action, but if so it should explicitly list the roles that the user is allowed to pass to the
Amazon EC2 instance.
• Closely examine any values for the Action or Resource element that include *. It's a best practice
to grant Allow access to only the individual actions and resources that users need. However, the
following are reasons that it might be suitable to use * in a policy:
• The policy is designed to grant administrative-level privileges.
• The wildcard character is used for a set of similar actions (for example, Describe*) as a
convenience, and you are comfortable with the complete list of actions that are referenced in this
way.
• The wildcard character is used to indicate a class of resources or a resource path (e.g.,
arn:aws:iam::account-id:users/division_abc/*), and you are comfortable granting access
to all of the resources in that class or path.
• A service action does not support resource-level permissions, and the only choice for a resource is *.
• Examine policy names to make sure they reflect the policy's function. For example, although a
policy might have a name that includes "read only," the policy might actually grant write or change
permissions.

Learn more
For information about managing IAM resources, see the following:

• IAM Users and Groups in the IAM User Guide.


• Permissions and Policies in the IAM User Guide.
• IAM Roles (Delegation and Federation) in the IAM User Guide.
• IAM Policy Simulator in the Using IAM Policy Simulator guide.

For more information about Amazon EC2 security, see the following:

• Network and Security in the Amazon EC2 User Guide for Linux Instances.
• Demystifying EC2 Resource-Level Permissions on the AWS Security Blog.

For more information about monitoring an AWS account, see the re:Invent 2013 video presentation
Intrusion Detection in the Cloud.

Version 1.0
15
AWS General Reference Reference guide

Service endpoints and quotas


The following pages describe the service endpoints and service quotas for AWS services. To connect
programmatically to an AWS service, you use an endpoint. For more information, see AWS service
endpoints (p. 536). Service quotas, also referred to as limits, are the maximum number of service
resources or operations for your AWS account. For more information, see AWS service quotas (p. 540).

Click one of the following links to go to the page for that service. To view the service quotas for all AWS
services in the documentation without switching pages, view the information in the Service Endpoints
and Quotas page in the PDF instead.

Services
• Alexa for Business endpoints and quotas (p. 20)
• AWS Amplify (p. 21)
• Amazon API Gateway endpoints and quotas (p. 23)
• Application Auto Scaling endpoints and quotas (p. 27)
• AWS Application Discovery Service endpoints and quotas (p. 30)
• Amazon AppFlow (p. 31)
• Amazon AppStream 2.0 endpoints and quotas (p. 32)
• AWS App Mesh endpoints and quotas (p. 34)
• AWS AppSync endpoints and quotas (p. 38)
• Amazon Athena endpoints and quotas (p. 41)
• AWS Audit Manager (p. 44)
• Amazon Augmented AI quotas (p. 45)
• Amazon Aurora endpoints and quotas (p. 46)
• AWS Auto Scaling endpoints and quotas (p. 50)
• Amazon EC2 Auto Scaling endpoints and quotas (p. 52)
• AWS Backup endpoints and quotas (p. 55)
• AWS Batch endpoints and quotas (p. 59)
• AWS Billing and Cost Management endpoints and quotas (p. 60)
• AWS Certificate Manager endpoints and quotas (p. 64)
• AWS Certificate Manager Private Certificate Authority endpoints and quotas (p. 67)
• AWS Chatbot endpoints and quotas (p. 73)
• Amazon Chime endpoints and quotas (p. 73)
• AWS Cloud9 endpoints and quotas (p. 74)
• Amazon Cloud Directory endpoints and quotas (p. 76)
• AWS CloudFormation endpoints and quotas (p. 77)
• Amazon CloudFront endpoints and quotas (p. 81)
• AWS CloudHSM endpoints and quotas (p. 82)
• AWS Cloud Map endpoints and quotas (p. 85)
• Amazon CloudSearch endpoints and quotas (p. 88)
• AWS CloudShell endpoints and quotas (p. 89)
• AWS CloudTrail endpoints and quotas (p. 90)
• Amazon CloudWatch endpoints and quotas (p. 92)
• Amazon CloudWatch Events endpoints and quotas (p. 97)
• Amazon CloudWatch Logs endpoints and quotas (p. 100)
• Amazon CloudWatch Synthetics endpoints and quotas (p. 104)

Version 1.0
16
AWS General Reference Reference guide

• AWS CodeArtifact endpoints and quotas (p. 106)


• AWS CodeBuild endpoints and quotas (p. 107)
• AWS CodeCommit endpoints and quotas (p. 110)
• AWS CodeDeploy endpoints and quotas (p. 112)
• Amazon CodeGuru Profiler endpoints and quotas (p. 114)
• Amazon CodeGuru Reviewer endpoints and quotas (p. 115)
• AWS CodePipeline endpoints and quotas (p. 116)
• AWS CodeStar endpoints and quotas (p. 119)
• AWS CodeStar Notifications (p. 121)
• Amazon Cognito Identity endpoints and quotas (p. 122)
• Amazon Cognito Sync endpoints and quotas (p. 125)
• Amazon Comprehend endpoints and quotas (p. 126)
• Amazon Comprehend Medical (p. 128)
• AWS Compute Optimizer endpoints and quotas (p. 130)
• AWS Config and AWS Config Rules endpoints and quotas (p. 131)
• Amazon Connect endpoints and quotas (p. 134)
• AWS Data Exchange endpoints and quotas (p. 135)
• Amazon Data Lifecycle Manager endpoints and quotas (p. 136)
• AWS Data Pipeline endpoints and quotas (p. 138)
• AWS DataSync endpoints and quotas (p. 139)
• AWS Database Migration Service endpoints and quotas (p. 141)
• AWS DeepLens endpoints and quotas (p. 144)
• Amazon Detective endpoints and quotas (p. 144)
• Amazon DevOps Guru endpoints and quotas (p. 146)
• AWS Device Farm endpoints and quotas (p. 147)
• AWS Direct Connect endpoints and quotas (p. 147)
• AWS Directory Service endpoints and quotas (p. 149)
• Amazon DocumentDB endpoints and quotas (p. 152)
• Amazon DynamoDB endpoints and quotas (p. 153)
• AWS Elastic Beanstalk endpoints and quotas (p. 159)
• Amazon Elastic Block Store endpoints and quotas (p. 163)
• Amazon Elastic Compute Cloud endpoints and quotas (p. 170)
• EC2 Image Builder endpoints and quotas (p. 173)
• Amazon ECR endpoints and quotas (p. 175)
• Amazon ECR Public endpoints and quotas (p. 183)
• Amazon ECS endpoints and quotas (p. 184)
• Amazon Elastic Kubernetes Service endpoints and quotas (p. 188)
• Amazon Elastic File System endpoints and quotas (p. 190)
• Amazon Elastic Inference endpoints and quotas (p. 194)
• Elastic Load Balancing endpoints and quotas (p. 194)
• Amazon Elastic Transcoder endpoints and quotas (p. 198)
• Amazon ElastiCache endpoints and quotas (p. 199)
• Amazon Elasticsearch Service endpoints and quotas (p. 202)
• Amazon EMR endpoints and quotas (p. 204)
• Amazon EventBridge endpoints and quotas (p. 208)
• AWS Firewall Manager endpoints and quotas (p. 210)

Version 1.0
17
AWS General Reference Reference guide

• Amazon Forecast endpoints and quotas (p. 212)


• Amazon Fraud Detector endpoints and quotas (p. 214)
• FreeRTOS endpoints and quotas (p. 215)
• Amazon FSx endpoints and quotas (p. 218)
• Amazon GameLift endpoints and quotas (p. 221)
• Amazon S3 Glacier endpoints and quotas (p. 223)
• AWS Global Accelerator (p. 225)
• AWS Glue endpoints and quotas (p. 226)
• AWS Glue DataBrew endpoints and quotas (p. 229)
• AWS Ground Station endpoints and quotas (p. 230)
• Amazon GuardDuty endpoints and quotas (p. 232)
• AWS Health endpoints and quotas (p. 234)
• Quotas for Amazon HealthLake (p. 234)
• Amazon Honeycode (p. 235)
• AWS Identity and Access Management endpoints and quotas (p. 235)
• IAM Access Analyzer endpoints and quotas (p. 238)
• AWS Import/Export endpoints and quotas (p. 240)
• Amazon Inspector (p. 241)
• AWS IoT 1-Click endpoints and quotas (p. 242)
• AWS IoT Analytics endpoints and quotas (p. 244)
• AWS IoT Core endpoints and quotas (p. 246)
• AWS IoT Device Defender endpoints and quotas (p. 272)
• AWS IoT Device Management endpoints and quotas (p. 275)
• AWS IoT Events endpoints and quotas (p. 286)
• AWS IoT Greengrass V1 endpoints and quotas (p. 289)
• AWS IoT Greengrass V2 endpoints and quotas (p. 295)
• AWS IoT SiteWise endpoints and quotas (p. 299)
• AWS IoT Things Graph endpoints and quotas (p. 303)
• Amazon Interactive Video Service (p. 305)
• Amazon Kendra endpoints and quotas (p. 306)
• Amazon Keyspaces (for Apache Cassandra) endpoints and quotas (p. 306)
• AWS Key Management Service endpoints and quotas (p. 308)
• Amazon Kinesis Data Analytics endpoints and quotas (p. 311)
• Amazon Kinesis Data Firehose endpoints and quotas (p. 313)
• Amazon Kinesis Data Streams endpoints and quotas (p. 315)
• Amazon Kinesis Video Streams endpoints and quotas (p. 318)
• AWS Lake Formation endpoints and quotas (p. 324)
• AWS Lambda endpoints and quotas (p. 326)
• AWS Launch Wizard endpoints and quotas (p. 329)
• Amazon Lex endpoints and quotas (p. 330)
• AWS License Manager endpoints and quotas (p. 333)
• Amazon Lightsail endpoints and quotas (p. 335)
• Amazon Location Service endpoints and quotas (p. 338)
• Amazon Lookout for Equipment endpoints and quotas (p. 345)
• Amazon Lookout for Vision endpoints and quotas (p. 347)
• Amazon Macie endpoints and quotas (p. 348)

Version 1.0
18
AWS General Reference Reference guide

• Amazon Machine Learning endpoints and quotas (p. 351)


• Amazon Managed Blockchain endpoints and quotas (p. 352)
• AWS Marketplace endpoints and quotas (p. 353)
• Amazon Mechanical Turk endpoints and quotas (p. 355)
• Amazon Managed Streaming for Apache Kafka endpoints and quotas (p. 355)
• AWS Elemental MediaConnect endpoints and quotas (p. 357)
• AWS Elemental MediaConvert endpoints and quotas (p. 359)
• AWS Elemental MediaLive endpoints and quotas (p. 362)
• AWS Elemental MediaPackage endpoints and quotas (p. 364)
• AWS Elemental MediaStore endpoints and quotas (p. 367)
• AWS Elemental MediaTailor endpoints and quotas (p. 369)
• AWS Migration Hub endpoints and quotas (p. 370)
• Amazon MQ endpoints and quotas (p. 371)
• Amazon Neptune endpoints and quotas (p. 373)
• AWS Network Firewall endpoints and quotas (p. 374)
• Transit Gateway Network Manager (p. 375)
• AWS OpsWorks endpoints and quotas (p. 375)
• AWS Organizations endpoints and quotas (p. 378)
• AWS Outposts endpoints and quotas (p. 381)
• Amazon Personalize endpoints and quotas (p. 383)
• Amazon Pinpoint endpoints and quotas (p. 385)
• Amazon Polly endpoints and quotas (p. 389)
• Amazon QLDB endpoints and quotas (p. 391)
• Amazon QuickSight endpoints and quotas (p. 392)
• AWS Resource Access Manager endpoints and quotas (p. 394)
• Amazon Redshift endpoints and quotas (p. 396)
• Amazon Rekognition endpoints and quotas (p. 398)
• Amazon Relational Database Service endpoints and quotas (p. 403)
• AWS Resource Groups endpoints and quotas (p. 407)
• AWS RoboMaker endpoints and quotas (p. 411)
• Amazon Route 53 endpoints and quotas (p. 415)
• Amazon SageMaker endpoints and quotas (p. 419)
• AWS Secrets Manager endpoints and quotas (p. 431)
• AWS Security Hub endpoints and quotas (p. 433)
• AWS Security Token Service endpoints and quotas (p. 435)
• AWS Server Migration Service endpoints and quotas (p. 437)
• Service Quotas endpoints and quotas (p. 439)
• AWS Serverless Application Repository endpoints and quotas (p. 441)
• AWS Service Catalog endpoints and quotas (p. 443)
• AWS Shield Advanced endpoints and quotas (p. 446)
• Amazon Simple Email Service endpoints and quotas (p. 448)
• AWS Signer endpoints and quotas (p. 452)
• Amazon Simple Notification Service endpoints and quotas (p. 455)
• Amazon Simple Queue Service endpoints and quotas (p. 460)
• Amazon Simple Storage Service endpoints and quotas (p. 464)
• Amazon Simple Workflow Service endpoints and quotas (p. 483)

Version 1.0
19
AWS General Reference Reference guide
Alexa for Business

• Amazon SimpleDB endpoints and quotas (p. 485)


• AWS Single Sign-On endpoints and quotas (p. 486)
• AWS Snow Family endpoints and quotas (p. 488)
• AWS Step Functions endpoints and quotas (p. 490)
• AWS Storage Gateway endpoints and quotas (p. 492)
• AWS Support endpoints and quotas (p. 495)
• AWS Systems Manager endpoints and quotas (p. 495)
• Amazon Textract endpoints and quotas (p. 505)
• Amazon Transcribe endpoints and quotas (p. 508)
• Amazon Transcribe Medical endpoints and quotas (p. 512)
• AWS Transfer Family endpoints and quotas (p. 513)
• Amazon Translate endpoints and quotas (p. 515)
• Amazon Virtual Private Cloud endpoints and quotas (p. 517)
• AWS WAF endpoints and quotas (p. 520)
• AWS WAF Classic endpoints and quotas (p. 523)
• AWS Well-Architected Tool endpoints and quotas (p. 528)
• Amazon WorkDocs endpoints and quotas (p. 529)
• Amazon WorkLink endpoints and quotas (p. 530)
• Amazon WorkMail endpoints and quotas (p. 530)
• Amazon WorkSpaces endpoints and quotas (p. 532)
• AWS X-Ray endpoints and quotas (p. 533)

Alexa for Business endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 a4b.us-east-1.amazonaws.com HTTPS


Virginia)

Service Quotas
Resource Default

Maximum number of conference appliances 10,000

Maximum number of gateways 100

Maximum number of rooms 10,000

Version 1.0
20
AWS General Reference Reference guide
AWS Amplify

Resource Default

Maximum number of devices 100,000 (10 per room)

Maximum number of users 10,000

Maximum number of skills 100 (25 per skill group)

Maximum number of skill groups 1,000

Maximum number of profiles 100

Address books 25

Contacts per account 10,000

Contacts per address book 100

AWS Amplify
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Amplify endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 amplify.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 amplify.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 amplify.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 amplify.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 amplify.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- amplify.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- amplify.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Version 1.0
21
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- amplify.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- amplify.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- amplify.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- amplify.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- amplify.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 amplify.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 amplify.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- amplify.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 amplify.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 amplify.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- amplify.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 amplify.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas

Resource Name Description Value

Apps The maximum number of apps 25


that you can create in AWS
Amplify Console in this account
in the current Region.

App creations per hour The maximum number of apps 25


that you can create in AWS

Version 1.0
22
AWS General Reference Reference guide
Amazon API Gateway

Resource Name Description Value


Amplify Console per hour in this
account in the current Region.

Branches per app The maximum number of 50


branches per app that you can
create in this account in the
current Region.

Webhooks per app The maximum number of 50


webhooks per app that you can
create in this account in the
current Region.

Domains per app The maximum number of 5


domains per app that you can
create in this account in the
current Region.

Subdomains per domain The maximum number of 50


subdomains per domain that
you can create in this account in
the current Region.

Build artifact size The maximum size (in GB) of 5


an app build artifact. A build
artifact is deployed by AWS
Amplify Console after a build.

Cache artifact size The maximum size (in GB) of a 5


cache artifact.

Environment cache artifact size The maximum size (in GB) of the 5
environment cache artifact.

Manual deploy ZIP file size The maximum size (in GB) of a 5
manual deploy ZIP file.

Concurrent jobs The maximum number of 5


concurrent jobs that you can
create in this account in the
current Region.

Amazon API Gateway endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
You can use the Asia Pacific (Osaka-Local) Region only in conjunction with the Asia Pacific (Tokyo)
Region. To request access to the Asia Pacific (Osaka-Local) Region, contact your sales representative.

Version 1.0
23
AWS General Reference Reference guide
Service Endpoints

For information about using Amazon API Gateway in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon API Gateway in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Amazon API Gateway includes the API Gateway Control Plane (for creating and managing APIs) and the
API Gateway Data Plane (for calling deployed APIs).

The Route 53 Hosted Zone ID column shows the Route 53 Hosted Zone IDs for API Gateway Regional
endpoints. Route 53 Hosted Zone IDs are for use with the execute-api (API Gateway component
service for API execution) domain. For edge-optimized endpoints, the Route 53 Hosted Zone ID is
Z2FDTNDATAQYW2 for all Regions.

Amazon API Gateway Control Plane

Region Region Endpoint Protocol


Name

US East us-east-2 apigateway.us-east-2.amazonaws.com HTTPS


(Ohio)
apigateway-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 apigateway.us-east-1.amazonaws.com HTTPS


Virginia)
apigateway-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 apigateway.us-west-1.amazonaws.com HTTPS


West (N.
California) apigateway-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 apigateway.us-west-2.amazonaws.com HTTPS


(Oregon)
apigateway-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 apigateway.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 apigateway.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- apigateway.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- apigateway.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- apigateway.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Version 1.0
24
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- apigateway.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- apigateway.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- apigateway.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- apigateway.ca-central-1.amazonaws.com HTTPS


(Central) central-1
apigateway-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 apigateway.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- apigateway.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- apigateway.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 apigateway.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 apigateway.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- apigateway.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 apigateway.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 apigateway.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- apigateway.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 apigateway.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- apigateway.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) apigateway-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- apigateway.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) apigateway-fips.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
25
AWS General Reference Reference guide
Service Endpoints

Amazon API Gateway Data Plane

Region Region Endpoint Protocol Route 53


Name Hosted
Zone ID

US East us-east-2 execute-api.us-east-2.amazonaws.com HTTPS ZOJJZC49E0EPZ


(Ohio)

US us-east-1 execute-api.us-east-1.amazonaws.com HTTPS Z1UJRXOUMOOFQ8


East (N.
Virginia)

US us- execute-api.us-west-1.amazonaws.com HTTPS Z2MUQ32089INYE


West (N. west-1
California)

US West us- execute-api.us-west-2.amazonaws.com HTTPS Z2OJLYMUO9EFXC


(Oregon) west-2

Africa af- execute-api.af-south-1.amazonaws.com HTTPS Z2DHW2332DAMTN


(Cape south-1
Town)

Asia ap-east-1 execute-api.ap-east-1.amazonaws.com HTTPS Z3FD1VL90ND7K5


Pacific
(Hong
Kong)

Asia ap- execute-api.ap-south-1.amazonaws.com HTTPS Z3VO1THU9YC4UR


Pacific south-1
(Mumbai)

Asia ap- execute-api.ap-northeast-2.amazonaws.com HTTPS Z20JF4UZKIW1U8


Pacific northeast-2
(Seoul)

Asia ap- execute-api.ap-southeast-1.amazonaws.com HTTPS ZL327KTPIQFUL


Pacific southeast-1
(Singapore)

Asia ap- execute-api.ap-southeast-2.amazonaws.com HTTPS Z2RPCDW04V8134


Pacific southeast-2
(Sydney)

Asia ap- execute-api.ap-northeast-1.amazonaws.com HTTPS Z1YSHQZHG15GKL


Pacific northeast-1
(Tokyo)

Canada ca- execute-api.ca-central-1.amazonaws.com HTTPS Z19DQILCV0OWEC


(Central) central-1

China cn- execute-api.cn-north-1.amazonaws.com.cn HTTPS Z3N456W6CBMXJZ


(Beijing) north-1

China cn- execute-api.cn- HTTPS Z1HSIYANU8ZW46


(Ningxia) northwest-1northwest-1.amazonaws.com.cn

Version 1.0
26
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol Route 53


Name Hosted
Zone ID

Europe eu- execute-api.eu-central-1.amazonaws.com HTTPS Z1U9ULNL0V5AJ3


(Frankfurt) central-1

Europe eu- execute-api.eu-west-1.amazonaws.com HTTPS ZLY8HYME6SFDD


(Ireland) west-1

Europe eu- execute-api.eu-west-2.amazonaws.com HTTPS ZJ5UAJN8Y3Z2Q


(London) west-2

Europe eu- execute-api.eu-south-1.amazonaws.com HTTPS Z3BT4WSQ9TDYZV


(Milan) south-1

Europe eu- execute-api.eu-west-3.amazonaws.com HTTPS Z3KY65QIEKYHQQ


(Paris) west-3

Europe eu- execute-api.eu-north-1.amazonaws.com HTTPS Z3UWIKFBOOGXPP


(Stockholm)north-1

Middle me- execute-api.me-south-1.amazonaws.com HTTPS Z20ZBPC0SS8806


East south-1
(Bahrain)

South sa-east-1 execute-api.sa-east-1.amazonaws.com HTTPS ZCMLWB8V5SYIT


America
(São
Paulo)

AWS us-gov- execute-api.us-gov-east-1.amazonaws.com HTTPS Z3SE9ATJYCRCZJ


GovCloud east-1
(US-East)

AWS us-gov- execute-api.us-gov-west-1.amazonaws.com HTTPS Z1K6XKP9SAGWDV


GovCloud west-1
(US-
West)

Service Quotas
For more information, see Quotas in Amazon API Gateway in the API Gateway Developer Guide.

Application Auto Scaling endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
27
AWS General Reference Reference guide
Regions and Endpoints

Regions and Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 application-autoscaling.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 application-autoscaling.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 application-autoscaling.us- HTTP and


West (N. west-1.amazonaws.com HTTPS
California)

US West us-west-2 application-autoscaling.us- HTTP and


(Oregon) west-2.amazonaws.com HTTPS

Africa af-south-1 application-autoscaling.af- HTTP and


(Cape south-1.amazonaws.com HTTPS
Town)

Asia ap-east-1 application-autoscaling.ap- HTTP and


Pacific east-1.amazonaws.com HTTPS
(Hong
Kong)

Asia ap- application-autoscaling.ap- HTTP and


Pacific south-1 south-1.amazonaws.com HTTPS
(Mumbai)

Asia ap- application-autoscaling.ap- HTTP and


Pacific northeast-3 northeast-3.amazonaws.com HTTPS
(Osaka-
Local)

Asia ap- application-autoscaling.ap- HTTP and


Pacific northeast-2 northeast-2.amazonaws.com HTTPS
(Seoul)

Asia ap- application-autoscaling.ap- HTTP and


Pacific southeast-1 southeast-1.amazonaws.com HTTPS
(Singapore)

Asia ap- application-autoscaling.ap- HTTP and


Pacific southeast-2 southeast-2.amazonaws.com HTTPS
(Sydney)

Asia ap- application-autoscaling.ap- HTTP and


Pacific northeast-1 northeast-1.amazonaws.com HTTPS
(Tokyo)

Canada ca- application-autoscaling.ca- HTTP and


(Central) central-1 central-1.amazonaws.com HTTPS

China cn-north-1 application-autoscaling.cn- HTTP and


(Beijing) north-1.amazonaws.com.cn HTTPS

Version 1.0
28
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn- application-autoscaling.cn- HTTP and


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn HTTPS

Europe eu- application-autoscaling.eu- HTTP and


(Frankfurt) central-1 central-1.amazonaws.com HTTPS

Europe eu-west-1 application-autoscaling.eu- HTTP and


(Ireland) west-1.amazonaws.com HTTPS

Europe eu-west-2 application-autoscaling.eu- HTTP and


(London) west-2.amazonaws.com HTTPS

Europe eu- application-autoscaling.eu- HTTP and


(Milan) south-1 south-1.amazonaws.com HTTPS

Europe eu-west-3 application-autoscaling.eu- HTTP and


(Paris) west-3.amazonaws.com HTTPS

Europe eu-north-1 application-autoscaling.eu- HTTP and


(Stockholm) north-1.amazonaws.com HTTPS

Middle me- application-autoscaling.me- HTTP and


East south-1 south-1.amazonaws.com HTTPS
(Bahrain)

South sa-east-1 application-autoscaling.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- application-autoscaling.us-gov- HTTP and


GovCloud east-1 east-1.amazonaws.com HTTPS
(US-East)

AWS us-gov- application-autoscaling.us-gov- HTTP and


GovCloud west-1 west-1.amazonaws.com HTTPS
(US-West)

For information about using Application Auto Scaling in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Application Auto Scaling in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
Default Quotas Per Region Per Account

Item Default

Maximum number of scalable targets per resource type Quotas vary depending on
resource type.

Version 1.0
29
AWS General Reference Reference guide
AWS Application Discovery Service

Item Default
Amazon DynamoDB: 3000

All other resource types: 500

Maximum number of scaling policies per scalable target 50

Includes both step scaling


policies and target tracking
policies.

Maximum number of scheduled actions per scalable target 200

Maximum number of step adjustments per scaling policy 20

For more information, see Application Auto Scaling Service Quotas in the Application Auto Scaling User
Guide.

AWS Application Discovery Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 discovery.us-east-1.amazonaws.com


Virginia)

US West us-west-2 discovery.us-west-2.amazonaws.com


(Oregon)

Asia ap- discovery.ap-southeast-2.amazonaws.com


Pacific southeast-2
(Sydney)

Asia ap- discovery.ap-northeast-1.amazonaws.com


Pacific northeast-1
(Tokyo)

Europe eu- discovery.eu-central-1.amazonaws.com


(Frankfurt) central-1

Europe eu-west-1 discovery.eu-west-1.amazonaws.com


(Ireland)

Version 1.0
30
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 discovery.eu-west-2.amazonaws.com


(London)

Service Quotas

Resource Default

Inactive agents heartbeating but not collecting data 10,000

Active agents sending data to the service 250

Total collected data for all agents, per day 10 GB

Data storage duration before being purged 90 days

Amazon AppFlow
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).
Note
You can't use IP allow listing in your Amazon S3 bucket policy to deny access to any other IP
addresses besides Amazon AppFlow IP addresses. This is because Amazon AppFlow uses a VPC
endpoint when placing data in your Amazon S3 buckets.
For more information about the IP addresses used by Amazon AppFlow, see AWS IP address
ranges in the Amazon Web Services General Reference.

Service Endpoints
Amazon AppFlow has the following endpoints:

Region Region Endpoint Protocol


Name

Asia Pacific ap- appflow.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Asia Pacific ap- appflow.ap-northeast-2.amazonaws.com HTTPS


(Seoul) northeast-2

Asia Pacific ap-south-1 appflow.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap- appflow.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Version 1.0
31
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia Pacific ap- appflow.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Canada ca-central-1 appflow.ca-central-1.amazonaws.com HTTPS


(Central)

Europe eu-central-1 appflow.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 appflow.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 appflow.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 appflow.eu-west-3.amazonaws.com HTTPS


(Paris)

South sa-east-1 appflow.sa-east-1.amazonaws.com HTTPS


America (São
Paulo)

US East (N. us-east-1 appflow.us-east-1.amazonaws.com HTTPS


Virginia)

US East us-east-2 appflow.us-east-2.amazonaws.com HTTPS


(Ohio)

US West (N. us-west-1 appflow.us-west-1.amazonaws.com HTTPS


California)

US West us-west-2 appflow.us-west-2.amazonaws.com HTTPS


(Oregon)

Service Quotas

Resource Default

Maximum number of flows per account 1,000

Maximum number of flow runs per month 10 million

Maximum number of concurrent flow runs at any time 1000

Amazon AppStream 2.0 endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
32
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 appstream2.us-east-1.amazonaws.com HTTPS


Virginia)
appstream2-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 appstream2.us-west-2.amazonaws.com HTTPS


(Oregon)
appstream2-fips.us-west-2.amazonaws.com HTTPS

Asia ap- appstream2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- appstream2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- appstream2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- appstream2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- appstream2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- appstream2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 appstream2.eu-west-1.amazonaws.com HTTPS


(Ireland)

AWS us-gov- appstream2.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) appstream2-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Stacks 10

Fleets 10

Fleet instances* • stream.standard.medium: 50


• stream.standard.large: 50
• stream.compute.large: 10
• stream.compute.xlarge: 10

Version 1.0
33
AWS General Reference Reference guide
AWS App Mesh

Resource Default
• stream.graphics-design.large:
10
• stream.graphics-design.xlarge:
10
• stream.graphics-
design.2xlarge: 10
• stream.graphics.g4dn.xlarge:
10
• stream.memory.large: 10
• stream.memory.xlarge: 10
• stream.memory.z1d.large: 10
• stream.memory.z1d.xlarge: 10

Image builder instances • stream.standard.medium: 5


• stream.standard.large: 5
• stream.compute.large: 3
• stream.compute.xlarge: 3
• stream.graphics-design.large:
3
• stream.graphics-design.xlarge:
3
• stream.graphics-
design.2xlarge: 3
• stream.graphics.g4dn.xlarge: 3
• stream.memory.large: 3
• stream.memory.xlarge: 3
• stream.memory.z1d.large: 3
• stream.memory.z1d.xlarge: 3

Images 10

Number of AWS accounts an image can be shared with 100

Concurrent image copies 2 per destination Region

Image copies (per month) 20

Users in the user pool 50

*For fleets that have Default Internet Access enabled, the quota is 100 fleet instances. If your
deployment must support more than 100 concurrent users, use a NAT gateway configuration instead.

AWS App Mesh endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
34
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 appmesh.us-east-2.amazonaws.com HTTPS


(Ohio)
appmesh.us-east-2.amazonaws.com HTTPS

appmesh-envoy-management.us- HTTPS
east-2.amazonaws.com

US East (N. us-east-1 appmesh.us-east-1.amazonaws.com HTTPS


Virginia)
appmesh.us-east-1.amazonaws.com HTTPS

appmesh-envoy-management.us- HTTPS
east-1.amazonaws.com

US us-west-1 appmesh.us-west-1.amazonaws.com HTTPS


West (N.
California) appmesh.us-west-1.amazonaws.com HTTPS

appmesh-envoy-management.us- HTTPS
west-1.amazonaws.com

US West us-west-2 appmesh.us-west-2.amazonaws.com HTTPS


(Oregon)
appmesh.us-west-2.amazonaws.com HTTPS

appmesh-envoy-management.us- HTTPS
west-2.amazonaws.com

Africa af-south-1 appmesh.af-south-1.amazonaws.com HTTPS


(Cape
Town) appmesh.af-south-1.amazonaws.com HTTPS

appmesh-envoy-management.af- HTTPS
south-1.amazonaws.com

Asia ap-east-1 appmesh.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong appmesh.ap-east-1.amazonaws.com HTTPS
Kong)
appmesh-envoy-management.ap- HTTPS
east-1.amazonaws.com

Asia ap- appmesh.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) appmesh.ap-south-1.amazonaws.com HTTPS

appmesh-envoy-management.ap- HTTPS
south-1.amazonaws.com

Asia ap- appmesh.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) appmesh.ap-northeast-2.amazonaws.com HTTPS

appmesh-envoy-management.ap- HTTPS
northeast-2.amazonaws.com

Version 1.0
35
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- appmesh.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) appmesh.ap-southeast-1.amazonaws.com HTTPS

appmesh-envoy-management.ap- HTTPS
southeast-1.amazonaws.com

Asia ap- appmesh.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) appmesh.ap-southeast-2.amazonaws.com HTTPS

appmesh-envoy-management.ap- HTTPS
southeast-2.amazonaws.com

Asia ap- appmesh.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) appmesh.ap-northeast-1.amazonaws.com HTTPS

appmesh-envoy-management.ap- HTTPS
northeast-1.amazonaws.com

Canada ca- appmesh.ca-central-1.amazonaws.com HTTPS


(Central) central-1
appmesh.ca-central-1.amazonaws.com HTTPS

appmesh-envoy-management.ca- HTTPS
central-1.amazonaws.com

Europe eu- appmesh.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
appmesh.eu-central-1.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
central-1.amazonaws.com

Europe eu-west-1 appmesh.eu-west-1.amazonaws.com HTTPS


(Ireland)
appmesh.eu-west-1.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
west-1.amazonaws.com

Europe eu-west-2 appmesh.eu-west-2.amazonaws.com HTTPS


(London)
appmesh.eu-west-2.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
west-2.amazonaws.com

Europe eu- appmesh.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
appmesh.eu-south-1.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
south-1.amazonaws.com

Version 1.0
36
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 appmesh.eu-west-3.amazonaws.com HTTPS


(Paris)
appmesh.eu-west-3.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
west-3.amazonaws.com

Europe eu-north-1 appmesh.eu-north-1.amazonaws.com HTTPS


(Stockholm)
appmesh.eu-north-1.amazonaws.com HTTPS

appmesh-envoy-management.eu- HTTPS
north-1.amazonaws.com

Middle me- appmesh.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) appmesh.me-south-1.amazonaws.com HTTPS

appmesh-envoy-management.me- HTTPS
south-1.amazonaws.com

South sa-east-1 appmesh.sa-east-1.amazonaws.com HTTPS


America
(São appmesh.sa-east-1.amazonaws.com HTTPS
Paulo)
appmesh-envoy-management.sa- HTTPS
east-1.amazonaws.com

Service Quotas

Resource Default

Maximum number of meshes per account 15

Maximum number of virtual gateways per mesh 3

Maximum number of connected Envoy processes 25


per virtual gateway

Maximum number of gateway routes per virtual 10


gateway

Maximum number of virtual services per mesh 200

Maximum number of virtual nodes per mesh 200

Maximum number of backends per virtual node 50

Maximum number of connected Envoys per virtual 10


node

Maximum number of virtual routers per mesh 200

Maximum number of routes per virtual router 50

Version 1.0
37
AWS General Reference Reference guide
AWS AppSync

Resource Default

Maximum number of weighted targets per route 10

AWS AppSync endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS AppSync Control Plane

Region Region Endpoint Protocol


Name

US East us-east-2 appsync.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 appsync.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 appsync.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 appsync.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 appsync.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- appsync.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- appsync.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- appsync.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- appsync.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
38
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- appsync.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- appsync.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 appsync.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- appsync.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- appsync.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 appsync.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 appsync.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- appsync.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 appsync.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 appsync.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- appsync.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 appsync.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS AppSync Data Plane

Region Region Endpoint Protocol


Name

US East us-east-2 <unique-id>.appsync-api.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 <unique-id>.appsync-api.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 <unique-id>.appsync-api.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
39
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia Pacific ap-south-1 <unique-id>.appsync-api.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap- <unique-id>.appsync-api.ap- HTTPS


(Singapore) southeast-1 southeast-1.amazonaws.com

Asia Pacific ap- <unique-id>.appsync-api.ap- HTTPS


(Sydney) southeast-2 southeast-2.amazonaws.com

Asia Pacific ap- <unique-id>.appsync-api.ap- HTTPS


(Tokyo) northeast-1 northeast-1.amazonaws.com

Europe eu-central-1 <unique-id>.appsync-api.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 <unique-id>.appsync-api.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas

Resource Description Default

API keys per API The maximum number of API keys per 50
GraphQL API

APIs per region The maximum number of APIs per 25


region per account
You can request a
quota increase.

Authentication providers per API The maximum number of 50


authentication providers per API

Schema document size The maximum size of the schema 1 MB


document

Functions per pipeline resolver The maximum number of functions per 10


pipeline resolver

Throttle rate per GraphQL API The maximum number of GraphQL 1,000
queries per API per second
You can request a
quota increase.

GraphQL request execution timeout The maximum GraphQL request 30 seconds


execution time for queries, mutations,
and subscriptions

Evaluated resolver template size The maximum size of the evaluated 5 MB


resolver template

Request mapping template size The maximum request mapping 64 KB


template size

Version 1.0
40
AWS General Reference Reference guide
Amazon Athena

Resource Description Default

Response mapping template size The maximum response mapping 64 KB


template size

Iterations in a foreach loop in The maximum number of iterations in 1000


mapping templates a #foreach...#end loop in mapping
templates

Resolvers executed in a single request The maximum number of resolvers that 10,000
can be executed in a single request

Subscription payload size The maximum size of the message 240 KB


received from subscriptions
(WebSockets)

Subscription payload size The maximum size of the message 128 KB


received from subscriptions (MQTT over
WebSockets)

Number of caching keys The maximum number of caching keys 10

You can request a


quota increase.

Amazon Athena endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 athena.us-east-2.amazonaws.com HTTPS


(Ohio)
athena-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 athena.us-east-1.amazonaws.com HTTPS


Virginia)
athena-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 athena.us-west-1.amazonaws.com HTTPS


West (N.
California) athena-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 athena.us-west-2.amazonaws.com HTTPS


(Oregon)
athena-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
41
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Africa af-south-1 athena.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 athena.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- athena.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- athena.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- athena.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- athena.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- athena.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- athena.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 athena.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- athena.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- athena.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 athena.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 athena.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- athena.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 athena.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 athena.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
42
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Middle me- athena.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 athena.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- athena.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) athena-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- athena.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) athena-fips.us-gov-west-1.amazonaws.com HTTPS

To download the latest version of the JDBC driver and its documentation, see Using Athena with the
JDBC Driver.

For more information about the previous versions of the JDBC driver and their documentation, see Using
the Previous Version of the JDBC Driver.

To download the latest and previous versions of the ODBC driver and their documentation, see
Connecting to Athena with ODBC.

Service Quotas
Resource Default

Number of active DDL queries. DDL queries include CREATE TABLE 20


and CREATE TABLE ADD PARTITION queries.

Number of active DML queries. DML queries include SELECT and 20


CREATE TABLE AS (CTAS) queries.

DDL query timeout 600 minutes

DML query timeout 30 minutes

Maximum allowed query string length 262144 bytes

Athena APIs have the following default quotas for the number of calls to the API per account (not per
query):

API Name Default Number of Burst Capacity


Calls per Second

BatchGetNamedQuery, ListNamedQueries, 5 up to 10
ListQueryExecutions

CreateNamedQuery, DeleteNamedQuery, 5 up to 20
GetNamedQuery

Version 1.0
43
AWS General Reference Reference guide
AWS Audit Manager

API Name Default Number of Burst Capacity


Calls per Second

BatchGetQueryExecution 20 up to 40

StartQueryExecution, StopQueryExecution 20 up to 80

GetQueryExecution, GetQueryResults 100 up to 200

For example, for StartQueryExecution, you can make up to 20 calls per second. In addition, if this API
is not called for 4 seconds, your account accumulates a burst capacity of up to 80 calls. In this case, your
application can make up to 80 calls to this API in burst mode.

If you use any of these APIs and exceed the default quota for the number of calls per second, or the
burst capacity in your account, the Athena API issues an error similar to the following: ""ClientError: An
error occurred (ThrottlingException) when calling the <API_name> operation: Rate exceeded." Reduce
the number of calls per second, or the burst capacity for the API for this account. To request a quota
increase, contact AWS Support. Open the AWS Support Center page, sign in if necessary, and choose
Create case. Choose Service limit increase. Complete and submit the form.
Note
This quota cannot be changed in the Athena Service Quotas console.

For information about quotas for databases, tables, and partitions, see Service Quotas (p. 228). If you
have not migrated to AWS Glue Data Catalog, the number of partitions per table is 20,000.

AWS Audit Manager


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS Audit Manager has the following endpoints:

Region Region Endpoint Protocol


Name

US West us-west-2 auditmanager.us-west-2.amazonaws.com HTTPS


(Oregon)

US East (N. us-east-1 auditmanager.us-east-1.amazonaws.com HTTPS


Virginia)

US West (N. us-west-1 auditmanager.us-west-1.amazonaws.com HTTPS


California)

US East us-east-2 auditmanager.us-east-2.amazonaws.com HTTPS


(Ohio)

Europe eu-west-1 auditmanager.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
44
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 auditmanager.eu-west-2.amazonaws.com HTTPS


(London)

Asia Pacific ap- auditmanager.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Europe eu-central-1 auditmanager.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Asia Pacific ap- auditmanager.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Asia Pacific ap- auditmanager.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Service Quotas
Resource Default

Maximum number of active assessments per account 100

Maximum number of custom controls per account 500

Maximum number of custom frameworks per account 100

Amazon Augmented AI quotas


The following are the service quotas for this service. Service quotas, also referred to as limits, are the
maximum number of service resources or operations for your AWS account. For more information, see
AWS service quotas.

Service Quotas
The following table shows the default, maximum quantity of each resource available to your AWS
account. Each quota in this table is a soft quota, which can be upgraded by submitting a service limit
increase support ticket. To learn how to submit a support ticket, see Creating a support case in the AWS
Support User Guide.

Resource Default

Flow definitions 100

Worker task templates (HumanTaskUi's) 100

In-flight human loops per flow definition (private 5,000


or vendor work team)
Human loops are considered in-flight when their
status is InProgress or Stopping.

In-flight human loops per flow definition (Amazon 1,000


Mechanical Turk work team)

Version 1.0
45
AWS General Reference Reference guide
Amazon Aurora

Resource Default
Human loops are considered in-flight when their
status is InProgress or Stopping.

Amazon Aurora endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Aurora with MySQL compatibility

Region Region Endpoint Protocol


Name

US East us-east-2 rds.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 rds.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 rds.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 rds.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- rds.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- rds.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- rds.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
46
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- rds.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- rds.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- rds.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 rds.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- rds.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- rds.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 rds.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- rds.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 rds.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- rds.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 rds.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
47
AWS General Reference Reference guide
Service Endpoints

Amazon Aurora with PostgreSQL compatibility

Region Region Endpoint Protocol


Name

US East us-east-2 rds.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 rds.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 rds.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 rds.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- rds.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- rds.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- rds.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- rds.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- rds.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- rds.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 rds.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- rds.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- rds.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Version 1.0
48
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 rds.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- rds.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 rds.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- rds.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 rds.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas
Resource Default Quota

Authorizations per DB security group 20

Burst balance (for instances <1 TiB) 3000 IOPS

Cross-region snapshot copy requests 5

Data API maximum result set size 1 MB

Data API requests per second 1000

DB clusters 40

DB cluster parameter groups 50

DB instances 40

DB subnet groups 50

Event subscriptions 20

Version 1.0
49
AWS General Reference Reference guide
AWS Auto Scaling

Resource Default Quota

AWS Identity and Access Management (IAM) roles per DB cluster 5

IAM roles per DB instance 5

Manual cluster snapshots 100

Parameter groups 50

Proxies 20

Reserved DB instances 40

Rules per virtual private cloud (VPC) security group 50 inbound, 50


outbound

Subnets per subnet group 20

Tags per resource 50

VPC security groups 5

AWS Auto Scaling endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Regions and Endpoints


Region Region Endpoint Protocol
Name

US East us-east-2 autoscaling-plans.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 autoscaling-plans.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 autoscaling-plans.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 autoscaling-plans.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Africa af-south-1 autoscaling-plans.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 autoscaling-plans.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Version 1.0
50
AWS General Reference Reference guide
Regions and Endpoints

Region Region Endpoint Protocol


Name

Asia ap- autoscaling-plans.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- autoscaling-plans.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- autoscaling-plans.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- autoscaling-plans.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- autoscaling-plans.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- autoscaling-plans.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 autoscaling-plans.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- autoscaling-plans.cn- HTTP and


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn HTTPS

Europe eu- autoscaling-plans.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 autoscaling-plans.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 autoscaling-plans.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- autoscaling-plans.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 autoscaling-plans.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 autoscaling-plans.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- autoscaling-plans.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 autoscaling-plans.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

Version 1.0
51
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- autoscaling-plans.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East)

AWS us-gov- autoscaling-plans.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

For information about using in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-West)
Endpoints.

For information about using in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
Default Quotas Per Region Per Account

Item Default

Maximum number of scalable resources per resource type Quotas vary depending on
resource type.

Amazon DynamoDB: 3000

Amazon EC2 Auto Scaling


groups: 200

All other resource types: 500

Maximum number of scaling plans 100

Maximum number of scaling instructions per scaling plan 500

Maximum number of target tracking configurations per scaling 10


instruction

For more information, see AWS Auto Scaling Service Quotas in the AWS Auto Scaling User Guide.

Amazon EC2 Auto Scaling endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
52
AWS General Reference Reference guide
Regions and Endpoints

Regions and Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 autoscaling.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 autoscaling.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 autoscaling.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 autoscaling.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Africa af-south-1 autoscaling.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 autoscaling.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- autoscaling.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- autoscaling.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- autoscaling.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- autoscaling.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- autoscaling.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- autoscaling.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- autoscaling.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 autoscaling.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

Version 1.0
53
AWS General Reference Reference guide
Regions and Endpoints

Region Region Endpoint Protocol


Name

China cn- autoscaling.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- autoscaling.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 autoscaling.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 autoscaling.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- autoscaling.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 autoscaling.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 autoscaling.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- autoscaling.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 autoscaling.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- autoscaling.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East)

AWS us-gov- autoscaling.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

If you specify the general endpoint (autoscaling.amazonaws.com), Amazon EC2 Auto Scaling directs your
request to the us-east-1 endpoint.

For information about using Amazon EC2 Auto Scaling in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon EC2 Auto Scaling in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Version 1.0
54
AWS General Reference Reference guide
Service Quotas

Service Quotas

Item Default

Maximum number of launch configurations per Region 200

Maximum number of Auto Scaling groups per Region 200

Maximum number of scaling policies per Auto Scaling group 50

Maximum number of scheduled actions per Auto Scaling group 125

Maximum number of lifecycle hooks per Auto Scaling group 50

Maximum number of SNS topics per Auto Scaling group 10

Maximum number of classic load balancers per Auto Scaling group 50

Maximum number of target groups per Auto Scaling group 50

Maximum number of step adjustments per scaling policy 20

For more information, see Amazon EC2 Auto Scaling Service Quotas in the Amazon EC2 Auto Scaling User
Guide.

AWS Backup endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 backup.us-east-2.amazonaws.com HTTPS


(Ohio)
backup-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 backup.us-east-1.amazonaws.com HTTPS


Virginia)
backup-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 backup.us-west-1.amazonaws.com HTTPS


West (N.
California) backup-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 backup.us-west-2.amazonaws.com HTTPS


(Oregon)
backup-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
55
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Africa af-south-1 backup.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 backup.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- backup.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- backup.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- backup.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- backup.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- backup.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- backup.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 backup.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- backup.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- backup.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 backup.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 backup.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- backup.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 backup.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 backup.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
56
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Middle me- backup.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 backup.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- backup.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) backup-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- backup.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) backup-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

API Name Default Number of Calls Per Second

CreateBackupPlan 5

CreateBackupSelection

DeleteBackupPlan

DeleteBackupSelection

DeleteBackupVault

DeleteBackupVaultAccessPolicy

DeleteBackupVaultNotifications

DescribeBackupVault

ExportBackupPlanTemplate

GetBackupPlanFromJSON

GetBackupPlanFromTemplate

PutBackupVaultNotifications

StartBackupJob

StartRestoreJob

StopBackupJob

TagResource

UntagResource

Version 1.0
57
AWS General Reference Reference guide
Service Quotas

API Name Default Number of Calls Per Second


UpdateBackupPlan

UpdateRecoveryPointLifecycle

DeleteRecoveryPoint 10

DescribeProtectedResource

DescribeBackupJob 15

DescribeRecoveryPoint

DescribeRestoreJob

GetBackupPlan

GetBackupSelection

GetBackupVaultAccessPolicy

GetBackupVaultNotifications

GetRecoveryPointRestoreMetadata

GetSupportedResourceTypes

ListBackupJobs 20

ListBackupPlans

ListBackupPlanTemplates

ListBackupPlanVersions

ListBackupSelections

ListBackupVaults

ListProtectedResources

ListRecoveryPointByResource

ListRecoveryPointsByBackupVault

ListRecoveryPointsByResource

ListRestoreJobs

ListTags

Sum of All API Calls 50

If you regularly receive throttling exceptions, consider using a rate limiter.

To request an increase in these quotas, create a case with the AWS Support Center.

For additional information, see Quotas in the AWS Backup Developer Guide.

Version 1.0
58
AWS General Reference Reference guide
AWS Batch

AWS Batch endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 batch.us-east-2.amazonaws.com HTTPS


(Ohio)
fips.batch.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 batch.us-east-1.amazonaws.com HTTPS


Virginia)
fips.batch.us-east-1.amazonaws.com HTTPS

US us-west-1 batch.us-west-1.amazonaws.com HTTPS


West (N.
California) fips.batch.us-west-1.amazonaws.com HTTPS

US West us-west-2 batch.us-west-2.amazonaws.com HTTPS


(Oregon)
fips.batch.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 batch.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- batch.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- batch.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- batch.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- batch.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- batch.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- batch.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Version 1.0
59
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn-north-1 batch.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- batch.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- batch.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 batch.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 batch.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- batch.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 batch.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 batch.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- batch.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 batch.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- batch.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) batch.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- batch.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) batch.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
AWS Batch does not have any default service quotas that you can increase. For more information about
service quotas for AWS Batch, see Service Quotas in the AWS Batch User Guide.

AWS Billing and Cost Management endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).

Version 1.0
60
AWS General Reference Reference guide
Service Endpoints

Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

AWS Billing and Cost Management includes the AWS Cost Explorer API, the AWS Cost and Usage Reports
API, the AWS Budgets API, and the AWS Price List API.

Service Endpoints
AWS Cost Explorer

Region Region Endpoint Protocol


Name

US East (N. us-east-1 ce.us-east-1.amazonaws.com HTTPS


Virginia)

China cn- ce.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

AWS Cost and Usage Reports

Region Region Endpoint Protocol


Name

US East (N. us-east-1 cur.us-east-1.amazonaws.com HTTPS


Virginia)

China cn- cur.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

AWS Budgets

Region Region Endpoint Protocol


Name

US East us-east-2 budgets.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 budgets.amazonaws.com HTTPS


Virginia)

US us-west-1 budgets.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 budgets.amazonaws.com HTTPS


(Oregon)

Asia ap- budgets.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
61
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- budgets.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- budgets.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- budgets.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- budgets.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- budgets.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 budgets.amazonaws.com.cn HTTPS


(Beijing)

China cn- budgets.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- budgets.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 budgets.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 budgets.amazonaws.com HTTPS


(London)

Europe eu-west-3 budgets.amazonaws.com HTTPS


(Paris)

South sa-east-1 budgets.amazonaws.com HTTPS


America
(São
Paulo)

AWS Price List Service

Region Region Endpoint Protocol


Name

US East (N. us-east-1 api.pricing.us-east-1.amazonaws.com HTTPS


Virginia)

Asia ap- api.pricing.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
62
AWS General Reference Reference guide
Service Endpoints

Savings Plans

Region Region Endpoint Protocol


Name

US East us-east-2 savingsplans.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 savingsplans.amazonaws.com HTTPS


Virginia)

US us-west-1 savingsplans.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 savingsplans.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 savingsplans.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 savingsplans.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- savingsplans.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- savingsplans.amazonaws.com HTTPS


(Central) central-1

Europe eu- savingsplans.amazonaws.com HTTPS


(Frankfurt) central-1

Version 1.0
63
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 savingsplans.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 savingsplans.amazonaws.com HTTPS


(London)

Europe eu-west-3 savingsplans.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 savingsplans.amazonaws.com HTTPS


(Stockholm)

Middle me- savingsplans.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 savingsplans.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
Billing and Cost Management has no increasable quotas. For more information, see Quotas in AWS
Billing and Cost Management.

AWS Certificate Manager endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 acm.us-east-2.amazonaws.com HTTPS


(Ohio)
acm-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 acm.us-east-1.amazonaws.com HTTPS


Virginia)
acm-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 acm.us-west-1.amazonaws.com HTTPS


West (N.
California) acm-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
64
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 acm.us-west-2.amazonaws.com HTTPS


(Oregon)
acm-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 acm.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 acm.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- acm.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- acm.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- acm.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- acm.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- acm.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- acm.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- acm.ca-central-1.amazonaws.com HTTPS


(Central) central-1
acm-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 acm.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- acm.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- acm.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 acm.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 acm.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
65
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- acm.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 acm.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 acm.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- acm.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 acm.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- acm.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) acm.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- acm.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) acm.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Certificate Manager in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Service Quotas

Item Default

Number of ACM certificates 1000

Number of ACM certificates per year (last 365 Twice your account quota
days)

Number of imported certificates 1000

Number of imported certificates per year (last 365 Twice your account quota
days)

Number of domain names per ACM certificate 10

Number of private CAs 10

Number of private certificates per CA (lifetime) 1,000,000

For more information, see Quotas in the AWS Certificate Manager User Guide.

Version 1.0
66
AWS General Reference Reference guide
AWS Certificate Manager Private Certificate Authority

AWS Certificate Manager Private Certificate


Authority endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 acm-pca.us-east-2.amazonaws.com HTTPS


(Ohio)
acm-pca-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 acm-pca.us-east-1.amazonaws.com HTTPS


Virginia)
acm-pca-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 acm-pca.us-west-1.amazonaws.com HTTPS


West (N.
California) acm-pca-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 acm-pca.us-west-2.amazonaws.com HTTPS


(Oregon)
acm-pca-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 acm-pca.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 acm-pca.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- acm-pca.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- acm-pca.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- acm-pca.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- acm-pca.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
67
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- acm-pca.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- acm-pca.ca-central-1.amazonaws.com HTTPS


(Central) central-1
acm-pca-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- acm-pca.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 acm-pca.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 acm-pca.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- acm-pca.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 acm-pca.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 acm-pca.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- acm-pca.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 acm-pca.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- acm-pca.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) acm-pca.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- acm-pca.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) acm-pca.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
ACM Private CA quotas are specific to an AWS account and Region. To request an increase on quotas that
are adjustable, visit the AWS Support Center, choose Create case, and choose Service limit increase.

Quotas on CAs and Certificates

Quota Description Default Adjustable

Number of private CAs The maximum number 200 ✓


of private certificate
authorities (CAs) that

Version 1.0
68
AWS General Reference Reference guide
Service Quotas

Quota Description Default Adjustable


you can create in this
account in the current
Region.

A private CA that has


been deleted counts
towards your certificate
quota until the end of
its restoration period.
For more information,
see Delete Your Private
CA.

Number of private The maximum number 1,000,000 ✓


certificates per CA of private certificates
per CA that you can
create in this account in
the current Region.

Number of revoked The maximum number 1,000,000


private certificates per of private certificates
CA per CA that you can
revoke in this account in
the current Region.

This quota reflects the


number of unexpired
certificates that can
be included in the
Certificate Revocation
List (CRL), based on the
maximum CRL size that
can be processed by
clients consuming CRLs.

The following quotas apply to the ACM Private CA API for each Region and account. ACM Private
CA throttles API requests at different rates depending on the API operation. Throttling means that
ACM Private CA rejects an otherwise valid request because the request exceeds the operation's
quota for the number of requests per second. When a request is throttled, ACM Private CA returns a
ThrottlingException error. The following table lists each API operation and the rate at which ACM
Private CA throttles requests for that operation. ACM Private CA does not guarantee a minimum request
rate for APIs.

Rate Quotas on API Requests

Quota Description Default Adjustable

The maximum
CreateCertificateAuthority 1  
number of
CreateCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

Version 1.0
69
AWS General Reference Reference guide
Service Quotas

Quota Description Default Adjustable

The maximum
CreateCertificateAuthorityAuditReport 1  
number of
CreateCertificateAuthorityAuditReport
requests that you can
perform in this account
in the current region
per second.

CreatePermission The maximum number 1  


of CreatePermission
requests that you can
perform in this account
in the current region
per second.

The maximum
DeleteCertificateAuthority 10  
number of
DeleteCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

DeletePermission The maximum number 1  


of DeletePermission
requests that you can
perform in this account
in the current region
per second.

DeletePolicy The maximum number 5  


of DeletePolicy
requests that you can
perform in this account
in the current region
per second.

The maximum
DescribeCertificateAuthority 20  
number of
DescribeCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

The maximum
DescribeCertificateAuthorityAuditReport 20  
number of
DescribeCertificateAuthorityAuditReport
requests that you can
perform in this account
in the current region
per second.

Version 1.0
70
AWS General Reference Reference guide
Service Quotas

Quota Description Default Adjustable

GetCertificate The maximum number 75 ✓


of GetCertificate
requests that you can
perform in this account
in the current region
per second.

The maximum
GetCertificateAuthorityCertificate 20  
number of
GetCertificateAuthorityCertificate
requests that you can
perform in this account
in the current region
per second.

The maximum
GetCertificateAuthorityCsr 10  
number of
GetCertificateAuthorityCsr
requests that you can
perform in this account
in the current region
per second.

GetPolicy The maximum number 5  


of GetPolicy requests
that you can perform
in this account in the
current region per
second.

The maximum
ImportCertificateAuthorityCertificate 10  
number of
ImportCertificateAuthorityCertificate
requests that you can
perform in this account
in the current region
per second.

IssueCertificate The maximum number 25 ✓


of IssueCertificate
requests that you can
perform in this account
in the current region
per second

The maximum
ListCertificateAuthorities 20  
number of
ListCertificateAuthorities
requests that you can
perform in this account
in the current region
per second.

Version 1.0
71
AWS General Reference Reference guide
Service Quotas

Quota Description Default Adjustable

ListPermissions The maximum number 5  


of ListPermissions
requests that you can
perform in this account
in the current region
per second.

ListTags The maximum number 20  


of ListTags requests
that you can perform
in this account in the
current region per
second.

PutPolicy The maximum number 5  


of PutPolicy requests
that you can perform
in this account in the
current region per
second.

The maximum
RestoreCertificateAuthority 20  
number of
RestoreCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

RevokeCertificate The maximum 20  


number of
RevokeCertificate
requests that you can
perform in this account
in the current region
per second.

The maximum
TagCertificateAuthority 10  
number of
TagCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

The maximum
UntagCertificateAuthority 10  
number of
UntagCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

Version 1.0
72
AWS General Reference Reference guide
AWS Chatbot

Quota Description Default Adjustable

The maximum
UpdateCertificateAuthority 10  
number of
UpdateCertificateAuthority
requests that you can
perform in this account
in the current region
per second.

For related information, see Quotas in the AWS Certificate Manager User Guide.

AWS Chatbot endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Quotas
Service quota Default

Amazon Chime webhook configurations per account 500

Slack channel configurations per account 500

Amazon Chime endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Chime has a single endpoint: service.chime.aws.amazon.com (HTTPS).

Service Quotas
The Service Quotas console provides information about most Amazon Chime quotas. Along with viewing
the default quotas, you can use the Service Quotas console to request quota increases for adjustable
quotas.

The following table lists additional quotas for Amazon Chime rooms and memberships.

Resource Default

Rooms per account 1,500

Version 1.0
73
AWS General Reference Reference guide
AWS Cloud9

Resource Default

Rooms per profile 1,500

Memberships per room 1,000

Memberships per profile 1,000

AWS Cloud9 endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 cloud9.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 cloud9.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 cloud9.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 cloud9.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 cloud9.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- cloud9.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cloud9.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cloud9.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cloud9.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
74
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- cloud9.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cloud9.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- cloud9.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cloud9.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cloud9.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- cloud9.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 cloud9.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cloud9.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- cloud9.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 cloud9.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas

Resource Default Adjustable

Maximum number of AWS • 100 per user Yes


Cloud9 EC2 development • 200 per account
environments

Maximum number of SSH • 100 per user Yes


environments • 200 per account
1
Maximum number of members The maximum number of No
in an environment members is equal to the
memory of the instance for that
environment divided by 60 MB,
with results rounded down. For
example, an instance with 1 GiB
of memory can have a maximum
of 17 members (which is 1 GiB

Version 1.0
75
AWS General Reference Reference guide
Amazon Cloud Directory

Resource Default Adjustable


divided by 60 MB, rounded
down).

If AWS Cloud9 cannot determine


the memory of an instance,
it defaults to a maximum of
8 users for each environment
associated with that instance.

The absolute maximum number


of members for an environment
is 25.

1
You can move an environment to attempt to increase the maximum number of members. However, the
absolute maximum number of members for an environment is still 25. For more information, see Moving
an Environment in the AWS Cloud9 User Guide.

For more information, see Quotas in the AWS Cloud9 User Guide.

Amazon Cloud Directory endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 clouddirectory.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 clouddirectory.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 clouddirectory.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- clouddirectory.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- clouddirectory.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Canada ca- clouddirectory.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Version 1.0
76
AWS General Reference Reference guide
AWS CloudFormation

Region Region Endpoint Protocol


Name

Europe eu- clouddirectory.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 clouddirectory.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 clouddirectory.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- clouddirectory.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

AWS CloudFormation endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 cloudformation.us-east-2.amazonaws.com HTTPS


(Ohio)
cloudformation-fips.us-east-2.amazonaws.com

US East (N. us-east-1 cloudformation.us-east-1.amazonaws.com HTTPS


Virginia)
cloudformation-fips.us-east-1.amazonaws.com

US West (N. us-west-1 cloudformation.us-west-1.amazonaws.com HTTPS


California)
cloudformation-fips.us-west-1.amazonaws.com

US West us-west-2 cloudformation.us-west-2.amazonaws.com HTTPS


(Oregon)
cloudformation-fips.us-west-2.amazonaws.com

Africa (Cape af-south-1 cloudformation.af-south-1.amazonaws.com HTTPS


Town)

Asia Pacific ap-east-1 cloudformation.ap-east-1.amazonaws.com HTTPS


(Hong Kong)
cloudformation-fips.ap-east-1.amazonaws.com

Asia Pacific ap-south-1 cloudformation.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Version 1.0
77
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia Pacific ap- cloudformation.ap-northeast-3.amazonaws.com HTTPS


(Osaka- northeast-3
Local)

Asia Pacific ap- cloudformation.ap-northeast-2.amazonaws.com HTTPS


(Seoul) northeast-2

Asia Pacific ap- cloudformation.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Asia Pacific ap- cloudformation.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Asia Pacific ap- cloudformation.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Canada ca-central-1 cloudformation.ca-central-1.amazonaws.com HTTPS


(Central)

China cn-north-1 cloudformation.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- cloudformation.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu-central-1 cloudformation.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 cloudformation.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cloudformation.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-south-1 cloudformation.eu-south-1.amazonaws.com HTTPS


(Milan)

Europe eu-west-3 cloudformation.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cloudformation.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle East me-south-1 cloudformation.me-south-1.amazonaws.com HTTPS


(Bahrain)

South sa-east-1 cloudformation.sa-east-1.amazonaws.com HTTPS


America
(São Paulo)

AWS us-gov- cloudformation.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- cloudformation.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
78
AWS General Reference Reference guide
StackSets regional support

For information about using AWS CloudFormation in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using AWS CloudFormation in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

StackSets regional support


StackSets are supported in the following regions:

Region Region Endpoint Protocol


Name

US East us-east-2 stacksets.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 stacksets.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 stacksets.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 stacksets.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 stacksets.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 stacksets.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- stacksets.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- stacksets.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- stacksets.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- stacksets.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- stacksets.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
79
AWS General Reference Reference guide
StackSets regional support

Region Region Endpoint Protocol


Name

Asia ap- stacksets.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- stacksets.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 stacksets.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- stacksets.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- stacksets.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 stacksets.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 stacksets.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- stacksets.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 stacksets.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 stacksets.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- stacksets.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 stacksets.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- stacksets.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- stacksets.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

For more information, see AWS CloudFormation StackSets in the AWS CloudFormation User Guide.

Version 1.0
80
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default

Stacks 200

Stack sets 100

Stack instances per stack set 2000

For more information, see AWS CloudFormation Quotas in the AWS CloudFormation User Guide.

Amazon CloudFront endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol Amazon
Name Route 53
Hosted
Zone ID*

US East (N. us-east-1 cloudfront.amazonaws.com HTTPS Z2FDTNDATAQYW2


Virginia)
Region cloudfront-fips.amazonaws.com HTTPS

Service Quotas
General

Resource Default

Data transfer rate per distribution 150 Gbps

Requests per second per distribution 250,000

Web distributions per account 200

Alternate domain names (CNAMEs) per distribution 100

Origins per distribution 25

Origin access identities per account 100

Cache behaviors per distribution 25

Whitelisted headers per cache behavior 10

Version 1.0
81
AWS General Reference Reference guide
AWS CloudHSM

Resource Default

Whitelisted cookies per cache behavior 10

SSL certificates per account when serving HTTPS requests using dedicated IP addresses (no quota 2
when serving HTTPS requests using SNI)

Custom headers that you can have Amazon CloudFront forward to the origin 10 name–value

Whitelisted query strings per cache behavior 10

Response timeout per origin 4–60 seconds

Lambda@Edge

Resource Default

Distributions per AWS account that you can create triggers for 25

Triggers per distribution 100

Requests per second 10,000

Concurrent executions 1,000

For more information, see Quotas in the Amazon CloudFront Developer Guide.

AWS CloudHSM endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS CloudHSM

Region Region Endpoint Protocol


Name

US East us-east-2 cloudhsmv2.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 cloudhsmv2.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 cloudhsmv2.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 cloudhsmv2.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
82
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Africa af-south-1 cloudhsmv2.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 cloudhsmv2.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- cloudhsmv2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cloudhsmv2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cloudhsmv2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cloudhsmv2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cloudhsmv2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cloudhsmv2.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- cloudhsmv2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cloudhsmv2.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cloudhsmv2.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- cloudhsmv2.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 cloudhsmv2.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cloudhsmv2.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- cloudhsmv2.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
83
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

South sa-east-1 cloudhsmv2.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- cloudhsmv2.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- cloudhsmv2.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

AWS CloudHSM Classic

Region Region Endpoint Protocol


Name

US East us-east-2 cloudhsm.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 cloudhsm.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 cloudhsm.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 cloudhsm.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- cloudhsm.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cloudhsm.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cloudhsm.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cloudhsm.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- cloudhsm.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cloudhsm.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
84
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- cloudhsm.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

For information about using AWS CloudHSM Classic in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Service Quotas
AWS CloudHSM

Resource Default

Clusters 4

HSMs 6

For more information, see Quotas in the AWS CloudHSM User Guide.

AWS CloudHSM Classic

Resource Default

HSM appliances 3

High-availability partition groups 20

For more information, see Quotas in the AWS CloudHSM Classic User Guide.

AWS Cloud Map endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 servicediscovery.us-east-2.amazonaws.com HTTPS


(Ohio)
servicediscovery-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
85
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 servicediscovery.us-east-1.amazonaws.com HTTPS


Virginia)
servicediscovery-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 servicediscovery.us-west-1.amazonaws.com HTTPS


West (N.
California) servicediscovery-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 servicediscovery.us-west-2.amazonaws.com HTTPS


(Oregon)
servicediscovery-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 servicediscovery.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 servicediscovery.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- servicediscovery.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- servicediscovery.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- servicediscovery.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- servicediscovery.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- servicediscovery.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- servicediscovery.ca-central-1.amazonaws.com HTTPS


(Central) central-1
servicediscovery-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 servicediscovery.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- servicediscovery.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- servicediscovery.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 servicediscovery.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
86
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 servicediscovery.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- servicediscovery.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 servicediscovery.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 servicediscovery.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- servicediscovery.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 servicediscovery.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS Cloud Map is available in the South America (São Paulo) Region with the following limitations:
the AWS Cloud Map console isn't available, you can't create HTTP namespaces, and you can't use the
DiscoverInstances API to find resources.

Service Quotas

Resource Default

Namespaces 50 per AWS Region *

Request a higher limit

Service instances 1,000 per service

2,000 per namespace

Request a higher limit

Custom attributes 30 per service instance

Any combination of private and public 8 per DNS name, per AWS Region
DNS namespaces

* When you create a namespace, we automatically create a Amazon Route 53 hosted zone. This hosted
zone counts against the quota on the number of hosted zones that you can create with an AWS account.
See Service Quotas (p. 418).

For more information, see AWS Cloud Map Quotas in the AWS Cloud Map Developer Guide.

Version 1.0
87
AWS General Reference Reference guide
Amazon CloudSearch

Amazon CloudSearch endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 cloudsearch.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 cloudsearch.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 cloudsearch.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- cloudsearch.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cloudsearch.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cloudsearch.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cloudsearch.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- cloudsearch.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cloudsearch.eu-west-1.amazonaws.com HTTPS


(Ireland)

South sa-east-1 cloudsearch.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
Resource Default

Partitions 10

Version 1.0
88
AWS General Reference Reference guide
AWS CloudShell

Resource Default

Search instances 50

For more information, see Understanding Amazon CloudSearch Quotas in the Amazon CloudSearch
Developer Guide.

AWS CloudShell endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints
Service endpoints are not yet published for AWS CloudShell.

You can currently work with AWS CloudShell in the following AWS Regions:

• US East (Ohio)
• US East (N. Virginia)
• US West (Oregon)
• Asia Pacific (Tokyo)
• Europe (Ireland)

Service quotas

Resource Default

Number of days that data is 120


retained in persistent storage
after the last time the user
launches AWS CloudShell in an
AWS Region

Maximum number of concurrent 10


shells that can be run in each
AWS Region

Usage limits per AWS Region per Reset monthly*


AWS account

*To increase monthly usage limits, contact AWS Support.

Version 1.0
89
AWS General Reference Reference guide
AWS CloudTrail

AWS CloudTrail endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 cloudtrail.us-east-2.amazonaws.com HTTPS


(Ohio)
cloudtrail-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 cloudtrail.us-east-1.amazonaws.com HTTPS


Virginia)
cloudtrail-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 cloudtrail.us-west-1.amazonaws.com HTTPS


West (N.
California) cloudtrail-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 cloudtrail.us-west-2.amazonaws.com HTTPS


(Oregon)
cloudtrail-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 cloudtrail.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 cloudtrail.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- cloudtrail.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cloudtrail.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- cloudtrail.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cloudtrail.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
90
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- cloudtrail.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cloudtrail.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cloudtrail.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 cloudtrail.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- cloudtrail.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- cloudtrail.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cloudtrail.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cloudtrail.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- cloudtrail.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 cloudtrail.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cloudtrail.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- cloudtrail.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 cloudtrail.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- cloudtrail.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) cloudtrail.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- cloudtrail.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) cloudtrail.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS CloudTrail in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

For information about using AWS CloudTrail in the China Regions, see:

Version 1.0
91
AWS General Reference Reference guide
Service Quotas

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
CloudTrail has no increasable quotas. For more information, see Quotas in AWS CloudTrail.

Amazon CloudWatch endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 monitoring.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS
monitoring-fips.us-east-2.amazonaws.com
HTTPS

US East (N. us-east-1 monitoring.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS
monitoring-fips.us-east-1.amazonaws.com
HTTPS

US us-west-1 monitoring.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California) monitoring-fips.us-west-1.amazonaws.com
HTTPS

US West us-west-2 monitoring.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS
monitoring-fips.us-west-2.amazonaws.com
HTTPS

Africa af-south-1 monitoring.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 monitoring.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- monitoring.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- monitoring.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS

Version 1.0
92
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Osaka-
Local)

Asia ap- monitoring.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- monitoring.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- monitoring.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- monitoring.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- monitoring.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 monitoring.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- monitoring.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- monitoring.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 monitoring.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 monitoring.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- monitoring.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 monitoring.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 monitoring.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- monitoring.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 monitoring.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

Version 1.0
93
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- monitoring.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East) monitoring.us-gov-east-1.amazonaws.com
HTTPS

AWS us-gov- monitoring.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West) monitoring.us-gov-west-1.amazonaws.com
HTTPS

Service Quotas

Resource Default Quota

Actions 5/alarm. This quota cannot be changed.

Alarms 10/month/customer for free. 5000 per Region, per account.


You can request a quota increase.

Alarms based on metric math expressions can have up to 10


metrics.

Anomaly detection models 500 per Region, per account.

API requests 1,000,000/month/customer for free.

Canaries 100 per Region per account in the following Regions: US


East (N. Virginia), US East (Ohio), US West (Oregon), Europe
(Ireland), and Asia Pacific (Tokyo). 20 per Region per account
in all other Regions.

You can request a quota increase.

Contributor Insights API requests GetInsightRuleReport has a quota of 20 transactions per


second (TPS), per Region. You can request a quota increase.

The following APIs have a quota of 1 TPS per Region. This


quota cannot be changed.

• DeleteInsightRules

DescribeInsightRules

DisableInsightRules

EnableInsightRules

PutInsightRule

Contributor Insights rules 100 rules per account.

You can request a quota increase.

Custom metrics No quota.

Version 1.0
94
AWS General Reference Reference guide
Service Quotas

Resource Default Quota

Dashboards Up to 500 metrics per dashboard widget. Up to 2500 metrics


per dashboard, across all widgets.

These quotas include all metrics retrieved for use in metric


math functions, even if those metrics are not displayed on
the graph.

These quotas cannot be changed.

DescribeAlarms 9 transactions per second (TPS) per Region. The maximum


number of operation requests you can make per second
without being throttled.

You can request a quota increase.

DeleteAlarms request 3 TPS per Region for each of these operations. The
maximum number of operation requests you can make per
DescribeAlarmHistory request second without being throttled.
DescribeAlarmsForMetric request These quotas cannot be changed.

DisableAlarmActions request

EnableAlarmActions request

SetAlarmState request

DeleteDashboards request 10 TPS per Region for each of these operations. The
maximum number of operation requests you can make per
GetDashboard request second without being throttled.
ListDashboards request These quotas cannot be changed.

PutDashboard request

PutAnomalyDetector 10 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.
DescribeAnomalyDetectors

DeleteAnomalyDetector 5 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.

Dimensions 10/metric. This quota cannot be changed.

Version 1.0
95
AWS General Reference Reference guide
Service Quotas

Resource Default Quota

GetMetricData 50 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.
You can request a quota increase.

180,000 Datapoints Per Second (DPS) if the StartTime


used in the API request is less than or equal to three hours
from current time. 396,000 DPS if the StartTime is more
than three hours from current time. This is the maximum
number of datapoints you can request per second using one
or more API calls without being throttled. This quota cannot
be changed.

The DPS is calculated based on estimated data points, not


actual data points. The data point estimate is caculated
using the requested time range, period, and retention
period. This means that if the actual data points in the
requested metrics are sparse or empty, throttling still occurs
if the estimated data points exceed the quota. The DPS
quota is per-Region.

GetMetricData A single GetMetricData call can include as many as 500


MetricDataQuery structures.

This quota cannot be changed.

GetMetricStatistics 400 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.

You can request a quota increase.

GetMetricWidgetImage Up to 500 metrics per image. This quota cannot be changed.

20 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.
This quota cannot be changed.

ListMetrics 25 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.

You can request a quota increase.

Metric data storage 15 months. This quota cannot be changed.

Metric data values The value of a metric data point must be within the range of
-2^360 to 2^360. Special values (for example, NaN, +Infinity,
-Infinity) are not supported. This quota cannot be changed.

MetricDatum items 20/PutMetricData request. A MetricDatum object can


contain a single value or a StatisticSet object representing
many values. This quota cannot be changed.

Metrics 10/month/customer for free.

Period Maximum value is one day (86,400 seconds). This quota


cannot be changed.

Version 1.0
96
AWS General Reference Reference guide
Amazon CloudWatch Events

Resource Default Quota

PutMetricAlarm request 3 TPS per Region. The maximum number of operation


requests you can make per second without being throttled.

You can request a quota increase.

PutMetricData request 40 KB for HTTP POST requests. PutMetricData can handle


150 transactions per second (TPS), which is the maximum
number of operation requests you can make per second
without being throttled.

You can request a quota increase.

Amazon SNS email notifications 1,000/month/customer for free.

For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.

Amazon CloudWatch Events endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 events.us-east-2.amazonaws.com HTTPS


(Ohio)
events-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 events.us-east-1.amazonaws.com HTTPS


Virginia)
events-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 events.us-west-1.amazonaws.com HTTPS


West (N.
California) events-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 events.us-west-2.amazonaws.com HTTPS


(Oregon)
events-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 events.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 events.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Version 1.0
97
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- events.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- events.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- events.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- events.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- events.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- events.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- events.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 events.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- events.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- events.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 events.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 events.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- events.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 events.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 events.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- events.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
98
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 events.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- events.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) events.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- events.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) events.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon CloudWatch Events in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

Service Quotas

Resource Default

Batch size 1 MB (maximum). This quota cannot be changed.

Data archiving Up to 5 GB of data archiving for free. This quota cannot be


changed.

DescribeLogStreams 5 transactions per second (TPS/account/Region).

Discovered log fields CloudWatch Logs Insights can discover a maximum of


1000 log event fields in a log group. This quota cannot be
changed.

Event size 256 KB (maximum). This quota cannot be changed.

Export task One active (running or pending) export task at a time, per
account. This quota cannot be changed.

FilterLogEvents 5 transactions per second (TPS)/account/Region. This quota


cannot be changed.

GetLogEvents 10 requests per second per account per Region. This quota
cannot be changed.

We recommend subscriptions if you are continuously


processing new data. If you need historical data, we
recommend exporting your data to Amazon S3.

Incoming data Up to 5 GB of incoming data for free. This quota cannot be


changed.

Log groups 20,000 log groups per account per Region. You can request a
quota increase.

There is no quota on the number of log streams that can


belong to one log group.

Version 1.0
99
AWS General Reference Reference guide
Amazon CloudWatch Logs

Resource Default

Metrics filters 100 per log group. This quota cannot be changed.

PutLogEvents 5 requests per second per log stream. Additional requests


are throttled. This quota cannot be changed.

The maximum batch size of a PutLogEvents request is 1MB.

1500 transactions per second per account per Region,


except for the following Regions where the quota is 800
transactions per second per account per Region: ap-south-1,
ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-
southeast-2, eu-central-1, eu-west-2, sa-east-1, us-east-2,
and us-west-1. You can request a quota increase.

Query concurrency A maximum of 4 concurrent CloudWatch Logs Insights


queries, including queries that have been added to
dashboards. You can request a quota increase.

Query results displayed in console In CloudWatch Logs Insights query results, a maximum of
10000 log events are displayed on the console. This quota
cannot be changed.

Subscription filters 1 per log group. This quota cannot be changed.

For more information, see CloudWatch Logs Quotas in the Amazon CloudWatch Logs User Guide.

Amazon CloudWatch Logs endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 logs.us-east-2.amazonaws.com HTTPS


(Ohio)
logs-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 logs.us-east-1.amazonaws.com HTTPS


Virginia)
logs-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 logs.us-west-1.amazonaws.com HTTPS


West (N.
California) logs-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 logs.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
100
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
logs-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 logs.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 logs.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- logs.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- logs.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- logs.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- logs.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- logs.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- logs.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- logs.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 logs.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- logs.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- logs.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 logs.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 logs.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- logs.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Version 1.0
101
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 logs.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 logs.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- logs.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 logs.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- logs.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) logs.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- logs.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) logs.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon CloudWatch Logs in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon CloudWatch Logs in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
CloudWatch Logs has the following quotas:

Resource Default quota

Batch size 1 MB (maximum). This quota can't be changed.

Data archiving Up to 5 GB of data archiving for free. This quota can't be


changed.

CreateLogStream 50 transactions per second (TPS/account/Region), after


which transactions are throttled. You can request a quota
increase.

DescribeLogGroups 5 transactions per second (TPS/account/Region). You can


request a quota increase.

DescribeLogStreams 5 transactions per second (TPS/account/Region). You can


request a quota increase.

Discovered log fields CloudWatch Logs Insights can discover a maximum of 1000
log event fields in a log group. This quota can't be changed.

Version 1.0
102
AWS General Reference Reference guide
Service Quotas

Resource Default quota


For more information, see Supported Logs and Discovered
Fields.

Extracted log fields in JSON logs CloudWatch Logs Insights can extract a maximum of 100 log
event fields from a JSON log. This quota can't be changed.

For more information, see Supported Logs and Discovered


Fields.

Event size 256 KB (maximum). This quota can't be changed.

Export task One active (running or pending) export task at a time, per
account. This quota can't be changed.

FilterLogEvents 5 transactions per second (TPS)/account/Region. This quota


can't be changed.

GetLogEvents 10 requests per second per account per Region. This quota
can't be changed.

We recommend subscriptions if you are continuously


processing new data. If you need historical data, we
recommend exporting your data to Amazon S3.

Incoming data Up to 5 GB of incoming data for free. This quota can't be


changed.

Log groups 1,000,000 log groups per account per Region. You can
request a quota increase.

There is no quota on the number of log streams that can


belong to one log group.

Metrics filters 100 per log group. This quota can't be changed.

Embedded metric format metrics 100 metrics per log event and 9 dimensions per metric.
For more information about the embedded metric format,
see Specification: Embedded Metric Format in the Amazon
CloudWatch User Guide.

PutLogEvents 5 requests per second per log stream. Additional requests


are throttled. This quota can't be changed.

The maximum batch size of a PutLogEvents request is 1MB.

800 transactions per second per account per Region,


except for the following Regions where the quota is 1500
transactions per second per account per Region: US East (N.
Virginia), US West (Oregon), and Europe (Ireland). You can
request a quota increase.

Query execution timeout Queries in CloudWatch Logs Insights time out after 15
minutes. This time limit can't be changed.

Queried log groups A maximum of 20 log groups can be queried in a single


CloudWatch Logs Insights query. This quota can't be
changed.

Version 1.0
103
AWS General Reference Reference guide
Amazon CloudWatch Synthetics

Resource Default quota

Query concurrency A maximum of 10 concurrent CloudWatch Logs Insights


queries, including queries that have been added to
dashboards. You can request a quota increase.

Query results availability Results from a query are retrievable for 7 days. This
availability time can't be changed.

Query results displayed in console By default, up to 1000 rows of query results are displayed
on the console. You can use the limit command in a
query to increase this to as many as 10,000 rows. For more
information, see CloudWatch Logs Insights Query Syntax.

Resource policies Up to 10 CloudWatch Logs resource policies per Region per


account. This quota can't be changed.

Saved queries You can save as many as 1000 CloudWatch Logs Insights
queries, per Region per account. This quota can't be
changed.

Subscription filters 2 per log group. This quota can't be changed.

Amazon CloudWatch Synthetics endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 synthetics.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 synthetics.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 synthetics.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 synthetics.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 synthetics.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Version 1.0
104
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap-east-1 synthetics.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- synthetics.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- synthetics.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- synthetics.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- synthetics.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- synthetics.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- synthetics.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 synthetics.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- synthetics.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- synthetics.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 synthetics.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 synthetics.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- synthetics.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 synthetics.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 synthetics.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- synthetics.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
105
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 synthetics.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- synthetics.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- synthetics.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas

Resource Default

Canaries 100 per Region per account in the following Regions: US


East (N. Virginia), US East (Ohio), US West (Oregon), Europe
(Ireland), and Asia Pacific (Tokyo). 20 per Region per account
in all other Regions.

You can request a quota increase.

For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.

AWS CodeArtifact endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 codeartifact.us-west-2.amazonaws.com HTTPS


(Oregon)

US East (N. us-east-1 codeartifact.us-east-1.amazonaws.com HTTPS


Virginia)

US East us-east-2 codeartifact.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
106
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 codeartifact.eu-west-1.amazonaws.com HTTPS


(Ireland)

Asia Pacific ap- codeartifact.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Europe eu-central-1 codeartifact.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Asia Pacific ap-south-1 codeartifact.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap- codeartifact.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Asia Pacific ap- codeartifact.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Europe eu-north-1 codeartifact.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Service Quotas

Resource Quota

Maximum number of domains per AWS account 10

Maximum number of repositories per domain 1000

Maximum number of assets per package version 100

Maximum asset file size 1 GB

Maximum package version metadata file size 100 KB

Maximum number of direct upstream repositories 10


allowed for one repository

AWS CodeBuild endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
107
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 codebuild.us-east-2.amazonaws.com HTTPS


(Ohio)
codebuild-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 codebuild.us-east-1.amazonaws.com HTTPS


Virginia)
codebuild-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 codebuild.us-west-1.amazonaws.com HTTPS


West (N.
California) codebuild-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 codebuild.us-west-2.amazonaws.com HTTPS


(Oregon)
codebuild-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 codebuild.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 codebuild.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- codebuild.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- codebuild.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- codebuild.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codebuild.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- codebuild.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- codebuild.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 codebuild.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- codebuild.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
108
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- codebuild.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codebuild.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codebuild.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- codebuild.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 codebuild.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 codebuild.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- codebuild.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 codebuild.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- codebuild.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) codebuild-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- codebuild.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) codebuild-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS CodeBuild in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas

Resource Default

Maximum number of build 1,000


projects

Maximum number of concurrent 20


running builds *

Version 1.0
109
AWS General Reference Reference guide
AWS CodeCommit

* Quotas for the maximum number of concurrent running builds vary, depending on the compute type.
For some compute types, the default is 20. To request a higher concurrent build quota or if you get a
"Cannot have more than X active builds for the account" error, contact AWS support.

For more information, see Quotas for CodeBuild in the AWS CodeBuild User Guide.

AWS CodeCommit endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 codecommit.us-east-2.amazonaws.com HTTPS


(Ohio)
codecommit-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 codecommit.us-east-1.amazonaws.com HTTPS


Virginia)
codecommit-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 codecommit.us-west-1.amazonaws.com HTTPS


West (N.
California) codecommit-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 codecommit.us-west-2.amazonaws.com HTTPS


(Oregon)
codecommit-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 codecommit.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- codecommit.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- codecommit.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- codecommit.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codecommit.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
110
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- codecommit.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- codecommit.ca-central-1.amazonaws.com HTTPS


(Central) central-1
codecommit-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 codecommit.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- codecommit.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- codecommit.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codecommit.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codecommit.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- codecommit.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 codecommit.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 codecommit.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- codecommit.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 codecommit.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- codecommit.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) codecommit-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- codecommit.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) codecommit-fips.us-gov-west-1.amazonaws.com HTTPS

For information about Git connection endpoints, including SSH and HTTPS information, see Regions and
Git Connection Endpoints for CodeCommit.

Version 1.0
111
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default

Number of repositories 1,000 per AWS account

For more information, see Quotas in CodeCommit in the AWS CodeCommit User Guide.

AWS CodeDeploy endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 codedeploy.us-east-2.amazonaws.com HTTPS


(Ohio)
codedeploy-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 codedeploy.us-east-1.amazonaws.com HTTPS


Virginia)
codedeploy-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 codedeploy.us-west-1.amazonaws.com HTTPS


West (N.
California) codedeploy-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 codedeploy.us-west-2.amazonaws.com HTTPS


(Oregon)
codedeploy-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 codedeploy.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 codedeploy.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- codedeploy.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- codedeploy.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Version 1.0
112
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- codedeploy.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- codedeploy.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codedeploy.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- codedeploy.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- codedeploy.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 codedeploy.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- codedeploy.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- codedeploy.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codedeploy.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codedeploy.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- codedeploy.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 codedeploy.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 codedeploy.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- codedeploy.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 codedeploy.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- codedeploy.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) codedeploy-fips.us-gov-east-1.amazonaws.com HTTPS

Version 1.0
113
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- codedeploy.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) codedeploy-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS CodeDeploy in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using AWS CodeDeploy in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
Resource Default

Maximum number of applications associated with an AWS account 1000


in a single Region

Maximum number of concurrent deployments associated with an 100


AWS account

Maximum number of deployment groups associated with a single 1000


application

Maximum number of instances in a single deployment 500

Maximum number of event notification triggers in a deployment 10


group

For more information, see Quotas in CodeDeploy in the AWS CodeDeploy User Guide.

Amazon CodeGuru Profiler endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 codeguru-profiler.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
114
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

US East (N. us-east-1 codeguru-profiler.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 codeguru-profiler.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- codeguru-profiler.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codeguru-profiler.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- codeguru-profiler.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- codeguru-profiler.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codeguru-profiler.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codeguru-profiler.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 codeguru-profiler.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Service Quotas

Resource Default

Maximum number of profiling 50


groups per AWS account

Amazon CodeGuru Reviewer endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
115
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 codeguru-reviewer.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 codeguru-reviewer.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 codeguru-reviewer.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- codeguru-reviewer.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- codeguru-reviewer.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- codeguru-reviewer.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Europe eu- codeguru-reviewer.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codeguru-reviewer.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codeguru-reviewer.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 codeguru-reviewer.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Service Quotas
Resource Default

Maximum number of analyzed 5,000


CodeCommit pull requests per
month

AWS CodePipeline endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
116
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 codepipeline.us-east-2.amazonaws.com HTTPS


(Ohio)
codepipeline-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 codepipeline.us-east-1.amazonaws.com HTTPS


Virginia)
codepipeline-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 codepipeline.us-west-1.amazonaws.com HTTPS


West (N.
California) codepipeline-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 codepipeline.us-west-2.amazonaws.com HTTPS


(Oregon)
codepipeline-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 codepipeline.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- codepipeline.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- codepipeline.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- codepipeline.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codepipeline.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- codepipeline.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- codepipeline.ca-central-1.amazonaws.com HTTPS


(Central) central-1
codepipeline-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- codepipeline.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codepipeline.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codepipeline.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
117
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- codepipeline.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 codepipeline.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 codepipeline.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 codepipeline.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- codepipeline.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) codepipeline-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Length of time before an action times out Approval action: 7 days

AWS CloudFormation deployment action: 3


days

CodeBuild build action and test action: 8 hours

CodeDeploy and CodeDeploy ECS (blue/green)


deployment actions: 5 days

AWS Lambda invoke action: 24 hours


Note
While the action is running,
CodePipeline periodically contacts
Lambda for a status. The Lambda
function replies with a status,
where the action execution is either
successful, failed, or still in progress.
After 24 hours, if the Lambda
function has either sent no reply or
replied that the action execution is
still in progress, the CodePipeline
action times out. If the action times
out, CodePipeline sets the Lambda
invoke action state to failed.
Lambda has a separate timeout for
Lambda functions that is not related
to the CodePipeline action timeout.

Amazon S3 deployment action: 20 minutes

Version 1.0
118
AWS General Reference Reference guide
AWS CodeStar

Resource Default
AWS Step Functions invoke action: 7 days

Custom actions: 24 hours

All other actions: 1 hour


Note
The Amazon ECS deployment action
timeout is configurable up to one
hour (the default timeout).

Maximum number of total pipelines per Region in an 300


AWS account
Note
Pipelines configured for either polling
or event-based change detection are
counted toward this quota.

Maximum number of pipelines set to polling for 60


source changes, per AWS Region
Note
We recommend you configure your
pipeline to use event-based change
detection, such as webhooks or
Amazon CloudWatch Events. See
Change Detection Methods to Start
Pipelines for instructions for your
source type.

Maximum number of webhooks per Region in an AWS 300


account

Number of custom actions per Region in an AWS 50


account

It may take up to two weeks to process requests for a quota increase.

For more information, see Quotas in CodePipeline in the AWS CodePipeline User Guide.

AWS CodeStar endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
119
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
AWS CodeStar

Region Region Endpoint Protocol


Name

US East us-east-2 codestar.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 codestar.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 codestar.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 codestar.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- codestar.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- codestar.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- codestar.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- codestar.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- codestar.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- codestar.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 codestar.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codestar.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 codestar.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
120
AWS General Reference Reference guide
AWS CodeStar Notifications

AWS CodeStar Notifications


Region Region Endpoint Protocol
Name

US East us-east-2 codestar-notifications.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 codestar-notifications.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 codestar-notifications.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 codestar-notifications.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 codestar-notifications.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- codestar-notifications.ap- HTTPS


Pacific south-1 south-1.amazonaws.com
(Mumbai)

Asia ap- codestar-notifications.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- codestar-notifications.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- codestar-notifications.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- codestar-notifications.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- codestar-notifications.ca- HTTPS


(Central) central-1 central-1.amazonaws.com

Europe eu- codestar-notifications.eu- HTTPS


(Frankfurt) central-1 central-1.amazonaws.com

Europe eu-west-1 codestar-notifications.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 codestar-notifications.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 codestar-notifications.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
121
AWS General Reference Reference guide
Amazon Cognito Identity

Region Region Endpoint Protocol


Name

Europe eu-north-1 codestar-notifications.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- codestar-notifications.me- HTTPS


East south-1 south-1.amazonaws.com
(Bahrain)

South sa-east-1 codestar-notifications.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Amazon Cognito Identity endpoints and quotas


Amazon Cognito Identity includes Amazon Cognito user pools and Amazon Cognito identity pools
(federated identities).

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Cognito User Pools

Region Region Endpoint Protocol


Name

US East us-east-2 cognito-idp.us-east-2.amazonaws.com HTTPS


(Ohio)
cognito-idp-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 cognito-idp.us-east-1.amazonaws.com HTTPS


Virginia)
cognito-idp-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 cognito-idp.us-west-1.amazonaws.com HTTPS


West (N.
California) cognito-idp-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 cognito-idp.us-west-2.amazonaws.com HTTPS


(Oregon)
cognito-idp-fips.us-west-2.amazonaws.com HTTPS

Asia ap- cognito-idp.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cognito-idp.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Version 1.0
122
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- cognito-idp.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cognito-idp.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cognito-idp.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cognito-idp.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- cognito-idp.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cognito-idp.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cognito-idp.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 cognito-idp.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cognito-idp.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 cognito-idp.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- cognito-idp.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) cognito-idp-fips.us-gov-west-1.amazonaws.com HTTPS

Amazon Cognito Identity Pools


Region Region Endpoint Protocol
Name

US East us-east-2 cognito-identity.us-east-2.amazonaws.com HTTPS


(Ohio)
cognito-identity-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 cognito-identity.us-east-1.amazonaws.com HTTPS


Virginia)
cognito-identity-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 cognito-identity.us-west-1.amazonaws.com HTTPS


West (N.
California)

Version 1.0
123
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 cognito-identity.us-west-2.amazonaws.com HTTPS


(Oregon)
cognito-identity-fips.us-west-2.amazonaws.com HTTPS

Asia ap- cognito-identity.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cognito-identity.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cognito-identity.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cognito-identity.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cognito-identity.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- cognito-identity.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 cognito-identity.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- cognito-identity.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cognito-identity.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cognito-identity.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 cognito-identity.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 cognito-identity.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 cognito-identity.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- cognito-identity.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) cognito-identity-fips.us-gov- HTTPS
west-1.amazonaws.com

Version 1.0
124
AWS General Reference Reference guide
Service Quotas

Service Quotas
Amazon Cognito User Pools
Resource Default

Maximum number of apps per user pool 1000

Maximum number of user pools per account 1000

Maximum number of user import jobs per user 50


pool

Maximum number of groups per user pool 300

Maximum number of identity providers per user 300


pool

Maximum number of resource servers per user 25


pool

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Federated Identities Quotas


Resource Default

Maximum number of identity pools per account 1000

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Sync endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 cognito-sync.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 cognito-sync.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 cognito-sync.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
125
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- cognito-sync.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- cognito-sync.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- cognito-sync.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- cognito-sync.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- cognito-sync.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- cognito-sync.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 cognito-sync.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 cognito-sync.eu-west-2.amazonaws.com HTTPS


(London)

Service Quotas

Resource Default

Maximum number of datasets per identity 20

Maximum number of records per dataset 1024

Maximum size of a single dataset 1 MB

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Comprehend endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
126
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Amazon Comprehend

Region Region Endpoint Protocol


Name

US East us-east-2 comprehend.us-east-2.amazonaws.com HTTPS


(Ohio)
comprehend-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 comprehend.us-east-1.amazonaws.com HTTPS


Virginia)
comprehend-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 comprehend.us-west-2.amazonaws.com HTTPS


(Oregon)
comprehend-fips.us-west-2.amazonaws.com HTTPS

Asia ap- comprehend.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- comprehend.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- comprehend.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- comprehend.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- comprehend.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- comprehend.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- comprehend.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 comprehend.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 comprehend.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- comprehend.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) comprehend-fips.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
127
AWS General Reference Reference guide
Service Quotas

Service Quotas
Amazon Comprehend

Resource Default

Transactions per second for the 20


DetectDominantLanguage, DetectEntities,
DetectKeyPhrases, and DetectSentiment
operations

Transactions per second for the 10


BatchDetectDominantLanguage,
BatchDetectEntities,
BatchDetectKeyPhrases, and
BatchDetectSentiment operations

Transactions per second for the 1


StartTopicsDetectionJob operation

Transactions per second for the 10


DescribeTopicsDetectionJob and
ListTopicDetectionJobs operations

Maximum concurrent jobs 10

You can request an increase for any of the quotas using the Amazon Comprehend service quotas increase
form.

For more information, see Guidelines and Quotas in the Amazon Comprehend Developer Guide.

Amazon Comprehend Medical


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Comprehend Medical

Region Region Endpoint Protocol


Name

US East us-east-2 comprehendmedical.us-east-2.amazonaws.com HTTPS


(Ohio)
comprehendmedical-fips.us- HTTPS
east-2.amazonaws.com

US East (N. us-east-1 comprehendmedical.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
128
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name
comprehendmedical-fips.us- HTTPS
east-1.amazonaws.com

US West us-west-2 comprehendmedical.us-west-2.amazonaws.com HTTPS


(Oregon)
comprehendmedical-fips.us- HTTPS
west-2.amazonaws.com

Asia ap- comprehendmedical.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Canada ca- comprehendmedical.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu-west-1 comprehendmedical.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 comprehendmedical.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- comprehendmedical.us-gov- HTTPS


GovCloud west-1 west-1.amazonaws.com
(US-West) HTTPS
comprehendmedical-fips.us-gov-
west-1.amazonaws.com

Service Quotas

Resource Default

Transactions per second (TPS) for the DetectEntities- 100


v2, DetectEntities, DetectPHI, InferRxNorm, and
InferICD10CM operations

Characters per second (CPS) for the DetectEntities- 40,000


v2, DetectEntities, DetectPHI, InferRxNorm, and
InferICD10CM operations

Transactions per second (TPS) for the 5


StartEntitiesDetectionV2Job, StartPHIDetectionJob,
StopEntitiesDetectionV2Job, StopPHIDetectionJob,
StartICD10CMInferenceJob, StartRxNormInferenceJob,
StopICD10CMInferenceJob, and StopRxNormInferenceJob
operations

Transactions per second (TPS) for the 10


ListEntitiesDetectionV2Jobs, ListPHIDetectionJobs,
DescribeEntitiesDetectionV2Job,
DescribePHIDetectionJob, ListICD10CMInferenceJobs,
ListRxNormInferenceJobs, DescribeICD10CMInferenceJob,
and DescribeRxNormInferenceJob operations

Version 1.0
129
AWS General Reference Reference guide
Compute Optimizer

You can request an increase for any of the quotas using the Amazon Comprehend Medical service quotas
increase form.

Character encoding for Amazon Comprehend Medical is in UTF-8. Amazon Comprehend Medical
operations have the following quotas:

Description Quota

Maximum document size (UTF-8 characters) for DetectEntities, 20,000 bytes


DetectEntities-v2, and DetectPHI operations.

Maximum document size (UTF-8 characters) for InferICD10CM 10,000 bytes


and InferRxNorm operations.

Maximum size of text analysis batch jobs (all files) 10 Gb

Maximum size of ontology linking batch analysis jobs (all files) 5 Gb

Minimum size of batch jobs (all files) 1 byte

Maximum individual file size for batch jobs 40 Kb

Maximum number of files for batch jobs 5 million

Amazon Comprehend Medical processes documents in English (us-en).

AWS Compute Optimizer endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 compute-optimizer.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 compute-optimizer.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 compute-optimizer.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 compute-optimizer.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- compute-optimizer.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
130
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- compute-optimizer.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- compute-optimizer.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- compute-optimizer.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- compute-optimizer.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- compute-optimizer.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- compute-optimizer.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 compute-optimizer.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 compute-optimizer.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 compute-optimizer.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 compute-optimizer.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 compute-optimizer.sa-east-1.amazonaws.com HTTPS


America
(Sao
Paulo)

Service Quotas
Resource Default

API calls 5 per second, per account

AWS Config and AWS Config Rules endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
131
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 config.us-east-2.amazonaws.com HTTPS


(Ohio)
config-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 config.us-east-1.amazonaws.com HTTPS


Virginia)
config-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 config.us-west-1.amazonaws.com HTTPS


West (N.
California) config-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 config.us-west-2.amazonaws.com HTTPS


(Oregon)
config-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 config.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 config.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- config.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- config.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- config.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- config.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- config.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- config.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
132
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Canada ca- config.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 config.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- config.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- config.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 config.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 config.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- config.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 config.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 config.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- config.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 config.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- config.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) config.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- config.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) config.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Config in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

For information about using AWS Config in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Version 1.0
133
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default Notes

Number of AWS Config rules per Region 250 You can request a
in your account quota increase.

Maximum Number of Configuration 50 You can request a


Aggregators quota increase.

Amazon Connect endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 connect.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 connect.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- connect.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- connect.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- connect.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- connect.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-2 connect.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- connect.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

The Amazon Connect Participant Service has a single endpoint: participant.connect.


[REGION].amazonaws.com (HTTPS).

Version 1.0
134
AWS General Reference Reference guide
Service Quotas

The Amazon Connect Contact Lens Service has a single endpoint: contact-lens.[REGION].amazonaws.com
(HTTPS).

The Amazon Connect Customer Profiles Service has a single endpoint: profile.[REGION].amazonaws.com
(HTTPS).

The AppIntegrations Service has a single endpoint: app-integrations.[REGION].amazonaws.com (HTTPS).

Service Quotas
For the list of service quotas, see Amazon Connect Service Quotas in the Amazon Connect Administrator
Guide.

AWS Data Exchange endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 dataexchange.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 dataexchange.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 dataexchange.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 dataexchange.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- dataexchange.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- dataexchange.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- dataexchange.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- dataexchange.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
135
AWS General Reference Reference guide
Amazon Data Lifecycle Manager

Region Region Endpoint Protocol


Name

Europe eu- dataexchange.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 dataexchange.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 dataexchange.eu-west-2.amazonaws.com HTTPS


(London)

Amazon Data Lifecycle Manager endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 dlm.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 dlm.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 dlm.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 dlm.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 dlm.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 dlm.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- dlm.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- dlm.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3

Version 1.0
136
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Osaka-
Local)

Asia ap- dlm.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- dlm.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- dlm.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- dlm.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- dlm.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 dlm.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- dlm.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- dlm.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 dlm.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 dlm.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- dlm.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 dlm.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 dlm.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- dlm.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 dlm.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
137
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- dlm.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- dlm.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas
You can create up to 100 lifecycle policies per Region.

AWS Data Pipeline endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 datapipeline.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 datapipeline.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- datapipeline.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- datapipeline.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu-west-1 datapipeline.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas
Attribute Value Adjustable

Number of pipelines 100 Yes

Version 1.0
138
AWS General Reference Reference guide
DataSync

Attribute Value Adjustable

Number of objects per pipeline 100 Yes

Number of active instances per object 5 Yes

Number of fields per object 50 No

Number of UTF8 bytes per field name 256 No


or identifier

Number of UTF8 bytes per field 10,240 No

Number of UTF8 bytes per object 15,360 (including field names) No

Rate of creation of an instance from an 1 per 5 minutes No


object

Retries of a pipeline activity 5 per task No

Minimum delay between retry attempts 2 minutes No

Minimum scheduling interval 15 minutes No

Maximum number of roll-ups into a 32 No


single object

Maximum number of EC2 instances per 1 No


Ec2Resource object

For more additional, see AWS Data Pipeline Quotas in the AWS Data Pipeline Developer Guide.

AWS DataSync endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 datasync.us-east-2.amazonaws.com HTTPS


(Ohio)
datasync-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 datasync.us-east-1.amazonaws.com HTTPS


Virginia)
datasync-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 datasync.us-west-1.amazonaws.com HTTPS


West (N.
California) datasync-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
139
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 datasync.us-west-2.amazonaws.com HTTPS


(Oregon)
datasync-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 datasync.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 datasync.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- datasync.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- datasync.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- datasync.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- datasync.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- datasync.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- datasync.ca-central-1.amazonaws.com HTTPS


(Central) central-1
datasync-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- datasync.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 datasync.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 datasync.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- datasync.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 datasync.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 datasync.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
140
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Middle me- datasync.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 datasync.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- datasync.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) datasync-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- datasync.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) datasync-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS DataSync in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

Service Quotas

Resource Value

Maximum number of tasks you can create in account per 10


AWS Region
Note
You can make a request for this quota to be
increased to 64.

Maximum number of files for per task 20 million

Maximum throughput per task 10 Gbps

These quotas can be increased upon request.

AWS Database Migration Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
141
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 dms.us-east-2.amazonaws.com HTTPS


(Ohio)
dms-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 dms.us-east-1.amazonaws.com HTTPS


Virginia)
dms-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 dms.us-west-1.amazonaws.com HTTPS


West (N.
California) dms-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 dms.us-west-2.amazonaws.com HTTPS


(Oregon)
dms-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 dms.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 dms.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- dms.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- dms.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- dms.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- dms.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- dms.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- dms.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 dms.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- dms.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
142
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- dms.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 dms.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 dms.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- dms.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 dms.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 dms.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- dms.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 dms.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- dms.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) dms.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- dms.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) dms.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Replication instances 60

Total amount of storage 30,000 GiB

Replication subnet groups 60

Subnets per replication subnet group 60

Endpoints 1000

Tasks 600

Endpoints per instance 100

Version 1.0
143
AWS General Reference Reference guide
AWS DeepLens

AWS DeepLens endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 deeplens.us-east-1.amazonaws.com HTTPS


Virginia)

Service Quotas
Resource Default Adjustable
upon
Request

Devices per account 200 Yes

Projects per account 200 Yes

Models per account 200 Yes

Versions per project 100 No

Amazon Detective endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 api.detective.us-east-2.amazonaws.com HTTPS


(Ohio)
api.detective-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 api.detective.us-east-1.amazonaws.com HTTPS


Virginia)
api.detective-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
144
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 api.detective.us-west-1.amazonaws.com HTTPS


West (N.
California) api.detective-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 api.detective.us-west-2.amazonaws.com HTTPS


(Oregon)
api.detective-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 api.detective.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 api.detective.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- api.detective.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- api.detective.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- api.detective.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- api.detective.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- api.detective.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- api.detective.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- api.detective.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 api.detective.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 api.detective.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- api.detective.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 api.detective.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 api.detective.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
145
AWS General Reference Reference guide
Amazon DevOps Guru

Region Region Endpoint Protocol


Name

Middle me- api.detective.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 api.detective.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Amazon DevOps Guru endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

Europe eu-west-1 devops-guru.eu-west-1.amazonaws.com HTTPS


(Ireland)

US West us-west-2 devops-guru.us-west-2.amazonaws.com HTTPS


(Oregon)

US East (N. us-east-1 devops-guru.us-east-1.amazonaws.com HTTPS


Virginia)

US East us-east-2 devops-guru.us-east-2.amazonaws.com HTTPS


(Ohio)

Asia Pacific ap- devops-guru.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Service quotas
Resource Quota

Maximum number of Amazon Simple Notification 2


Service topics you can specify at once

Maximum number of AWS CloudFormation stacks 200


you can specify

For more information, see Quotas in Amazon DevOps Guru in the Amazon DevOps Guru User Guide.

Version 1.0
146
AWS General Reference Reference guide
AWS Device Farm

AWS Device Farm endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US West us-west-2 devicefarm.us-west-2.amazonaws.com HTTPS


(Oregon)

Service Quotas
Resource Default

App file size you can upload 4 GB

Number of devices that AWS Device Farm can test during a run 5

Number of devices you can include in a test run None

Number of runs you can schedule None

Duration of a test session 150 minutes

AWS Direct Connect endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 directconnect.us-east-2.amazonaws.com HTTPS


(Ohio)
directconnect-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 directconnect.us-east-1.amazonaws.com HTTPS


Virginia)
directconnect-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
147
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 directconnect.us-west-1.amazonaws.com HTTPS


West (N.
California) directconnect-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 directconnect.us-west-2.amazonaws.com HTTPS


(Oregon)
directconnect-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 directconnect.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 directconnect.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- directconnect.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- directconnect.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- directconnect.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- directconnect.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- directconnect.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- directconnect.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- directconnect.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 directconnect.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- directconnect.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- directconnect.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 directconnect.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
148
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 directconnect.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- directconnect.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 directconnect.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 directconnect.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- directconnect.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 directconnect.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- directconnect.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) directconnect.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- directconnect.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) directconnect.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Direct Connect in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using AWS Direct Connect in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
For more information, see AWS Direct Connect Quotas in the AWS Direct Connect User Guide.

AWS Directory Service endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
149
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 ds.us-east-2.amazonaws.com HTTPS


(Ohio)
ds-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 ds.us-east-1.amazonaws.com HTTPS


Virginia)
ds-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 ds.us-west-1.amazonaws.com HTTPS


West (N.
California) ds-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 ds.us-west-2.amazonaws.com HTTPS


(Oregon)
ds-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 ds.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ds.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ds.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ds.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ds.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ds.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ds.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ds.ca-central-1.amazonaws.com HTTPS


(Central) central-1
ds-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 ds.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- ds.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
150
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- ds.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ds.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ds.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ds.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ds.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ds.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ds.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ds.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ds.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) ds-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- ds.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) ds-fips.us-gov-west-1.amazonaws.com HTTPS

For a list of supported Region endpoints by directory type, see Region Availability for AWS Directory
Service.

For information about using AWS Directory Service in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using AWS Directory Service in the China (Beijing) Region, see China (Beijing)
Region Endpoints.

Service Quotas
For a list of Simple AD service quotas, see Limits for Simple AD.

For a list of AD Connector service quotas, see Limits for AD Connector.

For a list of AWS Managed Microsoft AD service quotas, see Limits for AWS Managed Microsoft AD.

Version 1.0
151
AWS General Reference Reference guide
Amazon DocumentDB

Amazon DocumentDB endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 rds.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US West us-west-2 rds.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Asia ap- rds.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- rds.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- rds.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- rds.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- rds.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- rds.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn- rds.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- rds.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 rds.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Version 1.0
152
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 rds.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

South sa-east-1 rds.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

For information on finding and connecting to your cluster or instance endpoints, see Working with
Amazon DocumentDB Endpoints in the Amazon DocumentDB Developer Guide.

Service Quotas

Resource Default

Clusters 40

Cluster parameter groups 50

Event subscriptions 20

Instances 40

Manual cluster snapshots 100

Read replicas per cluster 15

Subnet groups 50

Subnets per subnet group 20

Tags per resource 50

VPC security groups per instance 5

For more information, see Amazon DocumentDB Service Quotas in the Amazon DocumentDB Developer
Guide.

Amazon DynamoDB endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
153
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
DynamoDB

Region Region Endpoint Protocol


Name

US East us-east-2 dynamodb.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS
dynamodb-fips.us-east-2.amazonaws.com
HTTPS

US East (N. us-east-1 dynamodb.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS
dynamodb-fips.us-east-1.amazonaws.com
HTTPS

US us-west-1 dynamodb.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California) dynamodb-fips.us-west-1.amazonaws.com
HTTPS

US West us-west-2 dynamodb.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS
dynamodb-fips.us-west-2.amazonaws.com
HTTPS

Africa af-south-1 dynamodb.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 dynamodb.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- dynamodb.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- dynamodb.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- dynamodb.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- dynamodb.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- dynamodb.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Version 1.0
154
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- dynamodb.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- dynamodb.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS
dynamodb-fips.ca-central-1.amazonaws.com
HTTPS

China cn-north-1 dynamodb.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- dynamodb.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- dynamodb.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 dynamodb.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 dynamodb.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- dynamodb.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 dynamodb.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 dynamodb.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- dynamodb.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 dynamodb.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- dynamodb.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East) dynamodb.us-gov-east-1.amazonaws.com
HTTPS

AWS us-gov- dynamodb.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West) dynamodb.us-gov-west-1.amazonaws.com
HTTPS

For information about using Amazon DynamoDB in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon DynamoDB in the China Regions, see:

Version 1.0
155
AWS General Reference Reference guide
Service Endpoints

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

DynamoDB Accelerator (DAX)

Region Region Endpoint Protocol


Name

US East us-east-2 dax.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 dax.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 dax.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 dax.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Asia ap- dax.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- dax.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- dax.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- dax.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

China cn- dax.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- dax.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 dax.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 dax.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu-west-3 dax.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

South sa-east-1 dax.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

Version 1.0
156
AWS General Reference Reference guide
Service Endpoints

Amazon DynamoDB Streams

Region Region Endpoint Protocol


Name

US East us-east-2 streams.dynamodb.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 streams.dynamodb.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 streams.dynamodb.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 streams.dynamodb.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Africa af-south-1 streams.dynamodb.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 streams.dynamodb.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- streams.dynamodb.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- streams.dynamodb.ap- HTTP and


Pacific northeast-3 northeast-3.amazonaws.com HTTPS
(Osaka-
Local)

Asia ap- streams.dynamodb.ap- HTTP and


Pacific northeast-2 northeast-2.amazonaws.com HTTPS
(Seoul)

Asia ap- streams.dynamodb.ap- HTTP and


Pacific southeast-1 southeast-1.amazonaws.com HTTPS
(Singapore)

Asia ap- streams.dynamodb.ap- HTTP and


Pacific southeast-2 southeast-2.amazonaws.com HTTPS
(Sydney)

Asia ap- streams.dynamodb.ap- HTTP and


Pacific northeast-1 northeast-1.amazonaws.com HTTPS
(Tokyo)

Canada ca- streams.dynamodb.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 streams.dynamodb.cn- HTTP and


(Beijing) north-1.amazonaws.com.cn HTTPS

Version 1.0
157
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

China cn- streams.dynamodb.cn- HTTP and


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn HTTPS

Europe eu- streams.dynamodb.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 streams.dynamodb.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 streams.dynamodb.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- streams.dynamodb.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 streams.dynamodb.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 streams.dynamodb.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- streams.dynamodb.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 streams.dynamodb.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- streams.dynamodb.us-gov- HTTP and


GovCloud east-1 east-1.amazonaws.com HTTPS
(US-East)
streams.dynamodb.us-gov- HTTPS
east-1.amazonaws.com

AWS us-gov- streams.dynamodb.us-gov- HTTP and


GovCloud west-1 west-1.amazonaws.com HTTPS
(US-West)
streams.dynamodb.us-gov- HTTPS
west-1.amazonaws.com

For information about using Amazon DynamoDB Streams in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

For information about using Amazon DynamoDB Streams in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Version 1.0
158
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default

US East (N. Virginia), US East (Ohio), US West (N. California), US 40,000 read capacity units and
West (Oregon), South America (São Paulo), Europe (Frankfurt), 40,000 write capacity units
Europe (Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
Pacific (Singapore), Asia Pacific (Sydney), China (Beijing) Regions:

Maximum capacity units per table or global secondary index

US East (N. Virginia), US East (Ohio), US West (N. California), US 80,000 read capacity units and
West (Oregon), South America (São Paulo), Europe (Frankfurt), 80,000 write capacity units
Europe (Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
Pacific (Singapore), Asia Pacific (Sydney), China (Beijing) Regions:

Maximum capacity units per account

All other Regions: 10,000 read capacity units and


10,000 write capacity units
Maximum capacity units per table or global secondary index

All other Regions: 20,000 read capacity units and


20,000 write capacity units
Maximum capacity units per account

Maximum number of tables 256

For more information, see Quotas in Amazon DynamoDB in the Amazon DynamoDB Developer Guide.

AWS Elastic Beanstalk endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Elastic Beanstalk

Region Region Endpoint Protocol Route 53


Name Hosted
Zone ID

US East us-east-2 elasticbeanstalk.us-east-2.amazonaws.com HTTPS Z14LCN19Q5QHIC


(Ohio)
elasticbeanstalk-fips.us- HTTPS  
east-2.amazonaws.com

US us-east-1 elasticbeanstalk.us-east-1.amazonaws.com HTTPS Z117KPS5GTRQ2G


East (N.
Virginia) HTTPS  

Version 1.0
159
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol Route 53


Name Hosted
Zone ID
elasticbeanstalk-fips.us-
east-1.amazonaws.com

US us- elasticbeanstalk.us-west-1.amazonaws.com HTTPS Z1LQECGX5PH1X


West (N. west-1
California) elasticbeanstalk-fips.us- HTTPS  
west-1.amazonaws.com

US West us- elasticbeanstalk.us-west-2.amazonaws.com HTTPS Z38NKT9BP95V3O


(Oregon) west-2
elasticbeanstalk-fips.us- HTTPS  
west-2.amazonaws.com

Africa af- elasticbeanstalk.af-south-1.amazonaws.com HTTPS Z1EI3BVKMKK4AM


(Cape south-1
Town)

Asia ap-east-1 elasticbeanstalk.ap-east-1.amazonaws.com HTTPS ZPWYUBWRU171A


Pacific
(Hong
Kong)

Asia ap- elasticbeanstalk.ap- HTTPS Z18NTBI3Y7N9TZ


Pacific south-1 south-1.amazonaws.com
(Mumbai)

Asia ap- elasticbeanstalk.ap- HTTPS ZNE5GEY1TIAGY


Pacific northeast-3northeast-3.amazonaws.com
(Osaka-
Local)

Asia ap- elasticbeanstalk.ap- HTTPS Z3JE5OI70TWKCP


Pacific northeast-2northeast-2.amazonaws.com
(Seoul)

Asia ap- elasticbeanstalk.ap- HTTPS Z16FZ9L249IFLT


Pacific southeast-1southeast-1.amazonaws.com
(Singapore)

Asia ap- elasticbeanstalk.ap- HTTPS Z2PCDNR3VC2G1N


Pacific southeast-2southeast-2.amazonaws.com
(Sydney)

Asia ap- elasticbeanstalk.ap- HTTPS Z1R25G3KIG2GBW


Pacific northeast-1northeast-1.amazonaws.com
(Tokyo)

Canada ca- elasticbeanstalk.ca- HTTPS ZJFCZL7SSZB5I


(Central) central-1 central-1.amazonaws.com

China cn- elasticbeanstalk.cn- HTTPS


(Beijing) north-1 north-1.amazonaws.com.cn

China cn- elasticbeanstalk.cn- HTTPS


(Ningxia) northwest-1northwest-1.amazonaws.com.cn

Version 1.0
160
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol Route 53


Name Hosted
Zone ID

Europe eu- elasticbeanstalk.eu- HTTPS Z1FRNW7UH4DEZJ


(Frankfurt) central-1 central-1.amazonaws.com

Europe eu- elasticbeanstalk.eu-west-1.amazonaws.com HTTPS Z2NYPWQ7DFZAZH


(Ireland) west-1

Europe eu- elasticbeanstalk.eu-west-2.amazonaws.com HTTPS Z1GKAAAUGATPF1


(London) west-2

Europe eu- elasticbeanstalk.eu- HTTPS Z10VDYYOA2JFKM


(Milan) south-1 south-1.amazonaws.com

Europe eu- elasticbeanstalk.eu-west-3.amazonaws.com HTTPS Z5WN6GAYWG5OB


(Paris) west-3

Europe eu- elasticbeanstalk.eu-north-1.amazonaws.com HTTPS Z23GO28BZ5AETM


(Stockholm)north-1

Middle me- elasticbeanstalk.me- HTTPS Z2BBTEKR2I36N2


East south-1 south-1.amazonaws.com
(Bahrain)

South sa-east-1 elasticbeanstalk.sa-east-1.amazonaws.com HTTPS Z10X7K2B4QSOFV


America
(São
Paulo)

AWS us-gov- elasticbeanstalk.us-gov- HTTPS Z35TSARG0EJ4VU


GovCloud east-1 east-1.amazonaws.com
(US-East) HTTPS  
elasticbeanstalk.us-gov-
east-1.amazonaws.com

AWS us-gov- elasticbeanstalk.us-gov- HTTPS Z4KAURWC4UUUG


GovCloud west-1 west-1.amazonaws.com
(US- HTTPS  
West) elasticbeanstalk.us-gov-
west-1.amazonaws.com

For information about using AWS Elastic Beanstalk in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Elastic Beanstalk Health Service

Region Region Endpoint Protocol


Name

US East us-east-2 elasticbeanstalk-health.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
161
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 elasticbeanstalk-health.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 elasticbeanstalk-health.us- HTTPS


West (N. west-1.amazonaws.com
California)

US West us-west-2 elasticbeanstalk-health.us- HTTPS


(Oregon) west-2.amazonaws.com

Asia ap-east-1 elasticbeanstalk-health.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific south-1 south-1.amazonaws.com
(Mumbai)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific northeast-3 northeast-3.amazonaws.com
(Osaka-
Local)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- elasticbeanstalk-health.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- elasticbeanstalk-health.ca- HTTPS


(Central) central-1 central-1.amazonaws.com

China cn-north-1 elasticbeanstalk-health.cn- HTTPS


(Beijing) north-1.amazonaws.com.cn

China cn- elasticbeanstalk-health.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- elasticbeanstalk-health.eu- HTTPS


(Frankfurt) central-1 central-1.amazonaws.com

Europe eu-west-1 elasticbeanstalk-health.eu- HTTPS


(Ireland) west-1.amazonaws.com

Europe eu-west-2 elasticbeanstalk-health.eu- HTTPS


(London) west-2.amazonaws.com

Version 1.0
162
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 elasticbeanstalk-health.eu- HTTPS


(Paris) west-3.amazonaws.com

Europe eu-north-1 elasticbeanstalk-health.eu- HTTPS


(Stockholm) north-1.amazonaws.com

Middle me- elasticbeanstalk-health.me- HTTPS


East south-1 south-1.amazonaws.com
(Bahrain)

South sa-east-1 elasticbeanstalk-health.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- elasticbeanstalk-health.us-gov- HTTPS


GovCloud east-1 east-1.amazonaws.com
(US-East)

AWS us-gov- elasticbeanstalk-health.us-gov- HTTPS


GovCloud west-1 west-1.amazonaws.com
(US-West)

Service Quotas

Resource Default

Applications 75

Application Versions 1000

Configuration Templates 2000

Environments 200

Amazon Elastic Block Store endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Topics
• Service Endpoints (p. 164)
• Service Quotas (p. 167)

Version 1.0
163
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Use the Amazon EBS endpoints in Amazon Elastic Compute Cloud (Amazon EC2) to manage EBS
volumes, snapshots, and encryption. For more information, see Amazon EBS Actions in the Amazon EC2
API Reference.

Use the EBS direct API endpoints to directly read the data on your EBS snapshots, and identify the
difference between two snapshots. For more information, see Accessing the Contents of an EBS
Snapshot in the Amazon Elastic Compute Cloud User Guide.

Topics
• Endpoints for Amazon EBS in Amazon EC2 (p. 164)
• Endpoints for the EBS direct APIs (p. 166)

Endpoints for Amazon EBS in Amazon EC2

Region Region Endpoint Protocol


Name

US East us-east-2 ec2.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 ec2.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 ec2.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 ec2.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ec2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ec2.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- ec2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Version 1.0
164
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- ec2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ec2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ec2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ec2.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 ec2.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- ec2.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- ec2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ec2.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ec2.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ec2.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ec2.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ec2.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ec2.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- ec2.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
165
AWS General Reference Reference guide
Service Endpoints

Endpoints for the EBS direct APIs

Region Region Endpoint Protocol


Name

US East us-east-2 ebs.us-east-2.amazonaws.com HTTPS


(Ohio)
ebs-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 ebs.us-east-1.amazonaws.com HTTPS


Virginia)
ebs-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 ebs.us-west-1.amazonaws.com HTTPS


West (N.
California) ebs-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 ebs.us-west-2.amazonaws.com HTTPS


(Oregon)
ebs-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 ebs.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ebs.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ebs.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- ebs.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ebs.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ebs.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ebs.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ebs.ca-central-1.amazonaws.com HTTPS


(Central) central-1
ebs-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 ebs.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Version 1.0
166
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn- ebs.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- ebs.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ebs.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ebs.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 ebs.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ebs.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Europe eu- ebs.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Africa af-south-1 ebs.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Middle me- ebs.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ebs.sa-east-1.amazonaws.com HTTPS


America
(Sao
Paulo)

AWS us-gov- ebs.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- ebs.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US)

Service Quotas

Resource Default Adjustable

Snapshots per Region 100,000 Yes

Concurrent snapshot copies per destination 20 No


Region

Snapshots enabled for fast snapshot restore 50 Yes

Version 1.0
167
AWS General Reference Reference guide
Service Quotas

General Purpose SSD (gp2) volumes

Resource Default Adjustable

Concurrent snapshots per General Purpose SSD 5 No


(gp2) volume

Storage across General Purpose SSD (gp2) 300 Yes


volumes, in TiB

Storage modifications across General Purpose SSD 100 Yes


(gp2) volumes, in TiB

General Purpose SSD (gp3) volumes

Resource Default Adjustable

Concurrent snapshots per General Purpose SSD 5 No


(gp3) volume

Storage across General Purpose SSD (gp3) 300 Yes


volumes, in TiB

Storage modifications across General Purpose SSD 100 Yes


(gp3) volumes, in TiB

Provisioned IOPS SSD (io1) volumes

Resource Default Adjustable

Concurrent snapshots per Provisioned IOPS SSD 5 No


(io1) volume

Storage across Provisioned IOPS SSD (io1) 300 Yes


volumes, in TiB

IOPS across Provisioned IOPS SSD (io1) volumes 300,000 Yes

Storage modifications across Provisioned IOPS 100 Yes


SSD (io1) volumes, in TiB

IOPS modifications across Provisioned IOPS SSD 100,000 Yes


(io1) volumes

Provisioned IOPS SSD (io2) volumes

Resource Default Adjustable

Concurrent snapshots per Provisioned IOPS SSD 5 No


(io2) volume

Storage across Provisioned IOPS SSD (io2) 20 Yes


volumes, in TiB

IOPS across Provisioned IOPS SSD (io2) volumes 100,000 Yes

Version 1.0
168
AWS General Reference Reference guide
Service Quotas

Resource Default Adjustable

Storage modifications across Provisioned IOPS 20 Yes


SSD (io2) volumes, in TiB

IOPS modifications across Provisioned IOPS SSD 100,000 Yes


(io2) volumes

Throughput Optimized HDD (st1) volumes

Resource Default Adjustable

Concurrent snapshots per Throughput Optimized 1 No


HDD (st1) volume

Storage across Throughput Optimized HDD (st1) 300 Yes


volumes, in TiB

Storage modifications across Throughput 100 Yes


Optimized HDD (st1) volumes, in TiB

Cold HDD (sc1) volumes

Resource Default Adjustable

Concurrent snapshots per Cold HDD (sc1) volume 1 No

Storage across Cold HDD (sc1) volumes, in TiB 300 Yes

Storage modifications across Cold HDD (sc1) 100 Yes


volumes, in TiB

Magnetic (standard) volumes

Resource Default Adjustable

Concurrent snapshots per Magnetic (standard) 5 No


volume

Storage across Magnetic (standard) volumes, in 300 Yes


TiB

Storage modifications across Magnetic (standard) 100 Yes


volumes, in TiB

EBS direct APIs

Resource Default

GetSnapshotBlock requests per account per 1,000 per second


Region

ListChangedBlocks requests per account per 50 per second


Region

Version 1.0
169
AWS General Reference Reference guide
Amazon EC2

Resource Default

ListSnapshotBlocks requests per account per 50 per second


Region

PutSnapshotBlock requests per account per 1,000 per second


Region

GetSnapshotBlock requests per snapshot 1,000 per second

PutSnapshotBlock requests per snapshot 1,000 per second

StartSnapshot requests per account 10 per second

CompleteSnapshots requests per account 10 per second

Pending snapshots 100 per account

Amazon Elastic Compute Cloud endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 ec2.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS
ec2-fips.us-east-2.amazonaws.com
HTTPS
api.ec2.us-east-2.aws
HTTPS

US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS
ec2-fips.us-east-1.amazonaws.com
HTTPS
api.ec2.us-east-1.aws
HTTPS

US us-west-1 ec2.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California) ec2-fips.us-west-1.amazonaws.com
HTTPS

US West us-west-2 ec2.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS
ec2-fips.us-west-2.amazonaws.com
HTTPS
api.ec2.us-west-2.aws

Version 1.0
170
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
HTTPS

Africa af-south-1 ec2.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- ec2.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai) api.ec2.ap-south-1.aws
HTTPS

Asia ap- ec2.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- ec2.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- ec2.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- ec2.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- ec2.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- ec2.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS
ec2-fips.ca-central-1.amazonaws.com
HTTPS

China cn-north-1 ec2.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- ec2.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- ec2.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 ec2.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS
api.ec2.eu-west-1.aws
HTTPS

Version 1.0
171
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 ec2.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- ec2.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 ec2.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- ec2.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São api.ec2.sa-east-1.aws
Paulo) HTTPS

AWS us-gov- ec2.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East) ec2.us-gov-east-1.amazonaws.com
HTTPS

AWS us-gov- ec2.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West) ec2.us-gov-west-1.amazonaws.com
HTTPS

Service Quotas

Resource Default

On-Demand Instances Quotas vary depending on instance type. For


more information, see On-Demand Instance
Quotas.

Spot Instances For more information, see Spot Instance Quotas.

Reserved Instances 20 regional and 20 zonal per month per


Availability Zone. For more information, see
Reserved Instance Quotas.

Elastic IP addresses for EC2-Classic 5

Security groups for EC2-Classic per Region 500

Rules per security group for EC2-Classic 100

Security group rules per instance for EC2-Classic 800 (calculated as rules per security group
multiplied by security groups per instance). If you
reference other security groups in your rules, we

Version 1.0
172
AWS General Reference Reference guide
EC2 Image Builder

Resource Default
recommend using security group names of 22
characters or less.

Key pairs 5,000

Launch Templates Up to 5,000 launch templates per Region and


10,000 versions per launch template.

Dedicated Hosts Up to two Dedicated Hosts per instance family,


per Region.

Placement groups 500

Concurrent AMI copies Destination Regions can have up to 100


concurrent AMI copies.

BYOIP CIDR ranges 5

Throttle on the emails that can be sent from your Throttle applied
Amazon EC2 account

EC2 Image Builder endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 imagebuilder.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 imagebuilder.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 imagebuilder.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 imagebuilder.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 imagebuilder.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 imagebuilder.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Version 1.0
173
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- imagebuilder.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- imagebuilder.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- imagebuilder.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- imagebuilder.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- imagebuilder.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- imagebuilder.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 imagebuilder.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- imagebuilder.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- imagebuilder.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 imagebuilder.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 imagebuilder.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- imagebuilder.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 imagebuilder.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 imagebuilder.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- imagebuilder.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 imagebuilder.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
174
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- imagebuilder.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- imagebuilder.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas
Unless otherwise noted, each quota is per AWS Region. Please contact AWS Support to request an
increase in your service quota.

Resource Default

The maximum number of concurrent builds that can be in progress in this account 100 builds per
in the current Region. account per
Region

The maximum number of EC2 Image Builder components that you can create in 1,000 components
an account in the current Region. per account per
Region

The maximum size of the data field of an EC2 Image Builder component. 16 KB

The maximum number of EC2 Image Builder image pipelines that you can create 75 image pipelines
in an account in the current Region. per account per
Region

The maximum number of EC2 Image Builder image recipes that you can create in 1,000 image
an account in the current Region. recipes per
account per
Region

The maximum number of EC2 Image Builder components that can be associated 20 components
with a single EC2 Image Builder image recipe. per image per
Region

The maximum number of EC2 Image Builder infrastructure configurations that 1,000
you can create in an account in the current Region. configurations
per account per
Region

The maximum number of EC2 Image Builder distribution configurations that you 1,000
can create in an account in the current Region. configurations
per account per
Region

Amazon ECR endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
175
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The ecr and api.ecr endpoints are used for calls to the Amazon ECR API. API actions such as
DescribeImages and CreateRepository go to this endpoint. While the two endpoints function
the same, the api.ecr endpoint is recommended and the default when using the AWS CLI or AWS
SDKs. When connecting to Amazon ECR through an AWS PrivateLink VPC endpoint, you must use the
api.ecr endpoint to make API calls. For more information, see Amazon ECR Interface VPC Endpoints
(AWS PrivateLink) in the Amazon Elastic Container Registry User Guide.

For more information about FIPS endpoints, see FIPS endpoints (p. 538).

Region Region Endpoint Protocol


Name

US East us-east-2 ecr.us-east-2.amazonaws.com HTTPS


(Ohio)
api.ecr.us-east-2.amazonaws.com HTTPS

ecr-fips.us-east-2.amazonaws.com HTTPS

dkr.ecr-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 ecr.us-east-1.amazonaws.com HTTPS


Virginia)
api.ecr.us-east-1.amazonaws.com HTTPS

ecr-fips.us-east-1.amazonaws.com HTTPS

dkr.ecr-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 ecr.us-west-1.amazonaws.com HTTPS


West (N.
California) api.ecr.us-west-1.amazonaws.com HTTPS

ecr-fips.us-west-1.amazonaws.com HTTPS

dkr.ecr-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 ecr.us-west-2.amazonaws.com HTTPS


(Oregon)
api.ecr.us-west-2.amazonaws.com HTTPS

ecr-fips.us-west-2.amazonaws.com HTTPS

dkr.ecr-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 ecr.af-south-1.amazonaws.com HTTPS


(Cape
Town) api.ecr.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 ecr.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong api.ecr.ap-east-1.amazonaws.com HTTPS
Kong)

Version 1.0
176
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- ecr.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) api.ecr.ap-south-1.amazonaws.com HTTPS

Asia ap- ecr.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) api.ecr.ap-northeast-2.amazonaws.com HTTPS

Asia ap- ecr.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) api.ecr.ap-southeast-1.amazonaws.com HTTPS

Asia ap- ecr.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) api.ecr.ap-southeast-2.amazonaws.com HTTPS

Asia ap- ecr.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) api.ecr.ap-northeast-1.amazonaws.com HTTPS

Canada ca- ecr.ca-central-1.amazonaws.com HTTPS


(Central) central-1
api.ecr.ca-central-1.amazonaws.com HTTPS

China cn-north-1 ecr.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)
api.ecr.cn-north-1.amazonaws.com.cn HTTPS

China cn- ecr.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1
api.ecr.cn-northwest-1.amazonaws.com.cn HTTPS

Europe eu- ecr.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
api.ecr.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ecr.eu-west-1.amazonaws.com HTTPS


(Ireland)
api.ecr.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 ecr.eu-west-2.amazonaws.com HTTPS


(London)
api.ecr.eu-west-2.amazonaws.com HTTPS

Europe eu- ecr.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
api.ecr.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 ecr.eu-west-3.amazonaws.com HTTPS


(Paris)
api.ecr.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 ecr.eu-north-1.amazonaws.com HTTPS


(Stockholm)
api.ecr.eu-north-1.amazonaws.com HTTPS

Version 1.0
177
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Middle me- ecr.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) api.ecr.me-south-1.amazonaws.com HTTPS

South sa-east-1 ecr.sa-east-1.amazonaws.com HTTPS


America
(São api.ecr.sa-east-1.amazonaws.com HTTPS
Paulo)

AWS us-gov- ecr.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) api.ecr.us-gov-east-1.amazonaws.com HTTPS

ecr-fips.us-gov-east-1.amazonaws.com HTTPS

dkr.ecr-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- ecr.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) api.ecr.us-gov-west-1.amazonaws.com HTTPS

ecr-fips.us-gov-west-1.amazonaws.com HTTPS

dkr.ecr-fips.us-gov-west-1.amazonaws.com HTTPS

Docker and OCI client endpoints


The Docker and OCI client endpoints are used for the Docker Registry APIs. Docker client commands such
as push and pull use this endpoint.

For more information about FIPS endpoints, see FIPS endpoints (p. 538).

Region Region Endpoint Protocol


Name

US East us-east-2 <registry-id>.dkr.ecr.us-east-2.amazonaws.com HTTPS


(Ohio)
<registry-id>.dkr.ecr-fips.us-east-2.amazonaws.com

US East (N. us-east-1 <registry-id>.dkr.ecr.us-east-1.amazonaws.com HTTPS


Virginia)
<registry-id>.dkr.ecr-fips.us-east-1.amazonaws.com

US West (N. us-west-1 <registry-id>.dkr.ecr.us-west-1.amazonaws.com HTTPS


California)
<registry-id>.dkr.ecr-fips.us-west-1.amazonaws.com

US West us-west-2 <registry-id>.dkr.ecr.us-west-2.amazonaws.com HTTPS


(Oregon)
<registry-id>.dkr.ecr-fips.us-west-2.amazonaws.com

Asia Pacific ap-east-1 <registry-id>.dkr.ecr.ap-east-1.amazonaws.com HTTPS


(Hong Kong)

Asia Pacific ap-south-1 <registry-id>.dkr.ecr.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Version 1.0
178
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia Pacific ap- <registry-id>.dkr.ecr.ap-northeast-2.amazonaws.com HTTPS


(Seoul) northeast-2

Asia Pacific ap- <registry-id>.dkr.ecr.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Asia Pacific ap- <registry-id>.dkr.ecr.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Asia Pacific ap- <registry-id>.dkr.ecr.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Canada ca-central-1 <registry-id>.dkr.ecr.ca-central-1.amazonaws.com HTTPS


(Central)

China cn-north-1 <registry-id>.dkr.ecr.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- <registry-id>.dkr.ecr.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu-central-1 <registry-id>.dkr.ecr.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 <registry-id>.dkr.ecr.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 <registry-id>.dkr.ecr.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 <registry-id>.dkr.ecr.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 <registry-id>.dkr.ecr.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle East me-south-1 <registry-id>.dkr.ecr.me-south-1.amazonaws.com HTTPS


(Bahrain)

South sa-east-1 <registry-id>.dkr.ecr.sa-east-1.amazonaws.com HTTPS


America
(São Paulo)

AWS us-gov- <registry-id>.dkr.ecr.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) <registry-id>.dkr.ecr-fips.us-gov-
east-1.amazonaws.com

AWS us-gov- <registry-id>.dkr.ecr.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) <registry-id>.dkr.ecr-fips.us-gov-
west-1.amazonaws.com

For information about using Amazon ECR in the China Regions, see:

• China (Beijing) Region Endpoints

Version 1.0
179
AWS General Reference Reference guide
Service Quotas

• China (Ningxia) Region Endpoints

Service Quotas
The following table provides the default limits for Amazon Elastic Container Registry (Amazon ECR).

Service quota Description Default quota value

Registered repositories The maximum number of 10,000


repositories that you can create
per Region.

Image per repository The maximum number of 10,000


images per repository.

The following table provides the default rate quotas for each of the Amazon ECR API actions involved
with the image push and image pull actions.

Amazon ECR action API operation Description Default quota value

Authentication Rate of The rate of 200


GetAuthorizationToken GetAuthorizationToken
requests API requests that you
can make per second,
per Region.

Image push Rate of The rate of 200


BatchCheckLayerAvailability
BatchCheckLayerAvailability
requests API requests that you
can make per second,
per Region.

When an image is
pushed to a repository,
each image layer is
checked to verify if
it has been uploaded
before. If it has been
uploaded, then the
image layer is skipped.

Rate of The rate of 10


InitiateLayerUpload InitiateLayerUpload API
requests requests that you can
make per second, per
Region.

When an image
is pushed, the
InitiateLayerUpload
API is called once
per image layer that
has not already been
uploaded. Whether
or not an image layer

Version 1.0
180
AWS General Reference Reference guide
Service Quotas

Amazon ECR action API operation Description Default quota value


has been uploaded
is determined by the
BatchCheckLayerAvailability
API action.

Rate of The rate of 10


CompleteLayerUpload CompleteLayerUpload
requests API requests that you
can make per second,
per Region.

When an image
is pushed, the
CompleteLayerUpload
API is called once
per each new image
layer to verify that the
upload has completed.

Rate of The rate of 260


UploadLayerPart UploadLayerPart API
requests requests that you can
make per second, per
Region.

When an image is
pushed, each new
image layer is uploaded
in parts. The maximum
size of each image layer
part can be 20,971,520
bytes (or about 20MB).
The UploadLayerPart
API is called once per
each new image layer
part.

Rate of PutImage The rate of PutImage 10


requests API requests that you
can make per second,
per Region.

When an image is
pushed and all new
image layers have been
uploaded, the PutImage
API is called once to
create or update the
image manifest and the
tags associated with the
image.

Version 1.0
181
AWS General Reference Reference guide
Service Quotas

Amazon ECR action API operation Description Default quota value

Image pull Rate of BatchGetImage The rate of 1,000


requests BatchGetImage API
requests that you can
make per second, per
Region.

When an image
is pulled, the
BatchGetImage API is
called once to retrieve
the image manifest.

Rate of The rate of 1,500


GetDownloadUrlForLayer GetDownloadUrlForLayer
requests API requests that you
can make per second,
per Region.

When an image
is pulled, the
GetDownloadUrlForLayer
API is called once per
image layer that is not
already cached.

The following table provides other quotas for Amazon ECR and Docker images that cannot be changed.
Note
The layer part information mentioned in the following table is only applicable if you are calling
the Amazon ECR API actions directly to initiate multipart uploads for image push operations.
This is a rare action. We recommend that you use the Docker CLI to pull, tag, and push images.

Service quota Description Quota value

Layer parts The maximum number of layer 1,000


parts. This is only applicable
if you are using Amazon ECR
API actions directly to initiate
multipart uploads for image
push operations.

Maximum layer size The maximum size (MiB) of a 10,000


layer. **

Minimum layer part size The minimum size (MiB) of a 5


layer part. This is only applicable
if you are using Amazon ECR
API actions directly to initiate
multipart uploads for image
push operations.

Maximum layer part size The maximum size (MiB) of a 10


layer part. This is only applicable
if you are using Amazon ECR
API actions directly to initiate

Version 1.0
182
AWS General Reference Reference guide
Amazon ECR Public

Service quota Description Quota value


multipart uploads for image
push operations.

Tags per image The maximum number of tags 1000


per image.

Lifecycle policy length The maximum number of 30,720


characters in a lifecycle policy.

Rules per lifecycle policy The maximum number of rules 50


in a lifecycle policy.

Rate of image scans The maximum number of image 1


scans per image, per day.

** The maximum layer size listed here is calculated by multiplying the maximum layer part size (10 MiB)
by the maximum number of layer parts (1,000).

For more information, see Amazon ECR Service Quotas in the Amazon Elastic Container Registry User
Guide.

Amazon ECR Public endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints
The ecr-public and api.ecr-public endpoints are used for calls to the Amazon ECR Public API.
API actions such as DescribeImages and CreateRepository go to this endpoint. While the two
endpoints function the same, the api.ecr-public endpoint is recommended and the default when
using the AWS CLI or AWS SDKs.

Region Region Endpoint Protocol


Name

US East (N. us-east-1 ecr-public.us-east-1.amazonaws.com HTTPS


Virginia)
api.ecr-public.us-east-1.amazonaws.com HTTPS

Service quotas
For more information, see Amazon ECR Public service quotas in the Amazon ECR Public user guide.

Version 1.0
183
AWS General Reference Reference guide
Amazon ECS

Amazon ECS endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 ecs.us-east-2.amazonaws.com HTTPS


(Ohio)
ecs-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 ecs.us-east-1.amazonaws.com HTTPS


Virginia)
ecs-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 ecs.us-west-1.amazonaws.com HTTPS


West (N.
California) ecs-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 ecs.us-west-2.amazonaws.com HTTPS


(Oregon)
ecs-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 ecs.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ecs.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ecs.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ecs.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ecs.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ecs.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ecs.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
184
AWS General Reference Reference guide
Amazon ECS service quotas

Region Region Endpoint Protocol


Name

Canada ca- ecs.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 ecs.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- ecs.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- ecs.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ecs.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ecs.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ecs.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ecs.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ecs.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ecs.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ecs.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ecs.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) ecs-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- ecs.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) ecs-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon ECS in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Amazon ECS service quotas


The following are Amazon ECS service quotas.

Version 1.0
185
AWS General Reference Reference guide
Amazon ECS service quotas

Most of these service quotas, but not all, are listed under the Amazon Elastic Container Service (Amazon
ECS) namespace in the Service Quotas console. To request a quota increase, see Requesting a quota
increase in the Service Quotas User Guide.

Service quota Description Default quota value Adjustable

Clusters The maximum number 10,000 Yes


of clusters in this
account in the current
Region.

Container instances per The maximum number 2,000 Yes


cluster of container instances
per cluster.

Services per cluster The maximum number 5,000 Yes


of services per cluster.

Tasks per service The maximum number 5,000 Yes


of tasks per service (the
desired count).
Note
Services
configured to
use service
discovery
have a limit
of 1,000 tasks
per service.
This is due to
a Route 53
service quota.

Tasks launched (count) The maximum number 10 No


per run-task of tasks that can be
launched per RunTask
API action.

Container instances per The maximum 10 No


start-task number of container
instances specified in a
StartTask API action.

Revisions per task The maximum number 1,000,000 No


definition family of revisions per task
definition family.
Deregistering a task
definition revision does
not exclude it from
being included in this
limit.

Task definition size limit The maximum size, in 32 No


KiB, of a task definition.

Task definition max The maximum 10 No


containers number of containers

Version 1.0
186
AWS General Reference Reference guide
AWS Fargate service quotas

Service quota Description Default quota value Adjustable


definitions within a task
definition.

Subnets specified in an The maximum 16 No


awsvpcConfiguration number of subnets
specified within an
awsvpcConfiguration.

Security groups The maximum number 5 No


specified in an of security groups
awsvpcConfiguration specified within an
awsvpcConfiguration.

Target groups per The maximum number 5 No


service of target groups per
service, if using an
Application Load
Balancer or a Network
Load Balancer.

Classic Load Balancers The maximum number 1 No


per service of Classic Load
Balancers per service.

Tags per resource The maximum number 50 No


of tags per resource.
This applies to task
definitions, clusters,
tasks, and services.

For more information, see Amazon ECS service quotas in the Amazon Elastic Container Service Developer
Guide.

AWS Fargate service quotas


The following are Amazon ECS on AWS Fargate service quotas.

These service quotas are listed under the AWS Fargate namespace in the Service Quotas console. To
request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Service quota Description Default quota value Adjustable

Fargate On-Demand The maximum number 500 Yes


resource count of Amazon ECS tasks
and Amazon EKS pods
running concurrently on
Fargate in this account
in the current Region.

Fargate Spot resource The maximum number 500 Yes


count of Amazon ECS tasks
running concurrently
on Fargate Spot in this
account in the current
Region.

Version 1.0
187
AWS General Reference Reference guide
Amazon EKS

Amazon Elastic Kubernetes Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 eks.us-east-2.amazonaws.com HTTPS


(Ohio)
fips.eks.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 eks.us-east-1.amazonaws.com HTTPS


Virginia)
fips.eks.us-east-1.amazonaws.com HTTPS

US us-west-1 eks.us-west-1.amazonaws.com HTTPS


West (N.
California) fips.eks.us-west-1.amazonaws.com HTTPS

US West us-west-2 eks.us-west-2.amazonaws.com HTTPS


(Oregon)
fips.eks.us-west-2.amazonaws.com HTTPS

Africa af-south-1 eks.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 eks.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- eks.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- eks.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- eks.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- eks.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
188
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- eks.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- eks.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 eks.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- eks.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- eks.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 eks.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 eks.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- eks.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 eks.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 eks.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- eks.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 eks.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- eks.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) eks.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- eks.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) eks.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Maximum number of Amazon EKS clusters (per 100


region, per account

Version 1.0
189
AWS General Reference Reference guide
AWS Fargate service quotas

Resource Default

Maximum number of managed node groups per 10


cluster

Maximum number nodes per managed node 100


group

Maximum number Fargate profiles per cluster 10

Maximum number selectors per Fargate profile 5

Maximum number of label pairs per Fargate 100


profile selector

Maximum number of concurrent Fargate pods (per 100


region, per account)

Maximum number Fargate pod launches per 1, with temporary burst up to 10


second (per region, per account)

AWS Fargate service quotas


The following are Amazon EKS on AWS Fargate service quotas.

These service quotas are listed under the AWS Fargate namespace in the Service Quotas console. To
request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Service quota Description Default quota value Adjustable

Fargate On-Demand The maximum number 500 Yes


resource count of Amazon ECS tasks
and Amazon EKS pods
running concurrently on
Fargate in this account
in the current Region.

Amazon Elastic File System endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 elasticfilesystem.us-east-2.amazonaws.com HTTPS


(Ohio)
elasticfilesystem-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
190
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 elasticfilesystem.us-east-1.amazonaws.com HTTPS


Virginia)
elasticfilesystem-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 elasticfilesystem.us-west-1.amazonaws.com HTTPS


West (N.
California) elasticfilesystem-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 elasticfilesystem.us-west-2.amazonaws.com HTTPS


(Oregon)
elasticfilesystem-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 elasticfilesystem.af-south-1.amazonaws.com HTTPS


(Cape
Town) elasticfilesystem-fips.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 elasticfilesystem.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong elasticfilesystem-fips.ap-east-1.amazonaws.com HTTPS
Kong)

Asia ap- elasticfilesystem.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) elasticfilesystem-fips.ap-south-1.amazonaws.com HTTPS

Asia ap- elasticfilesystem.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) elasticfilesystem-fips.ap- HTTPS
northeast-2.amazonaws.com

Asia ap- elasticfilesystem.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) elasticfilesystem-fips.ap- HTTPS
southeast-1.amazonaws.com

Asia ap- elasticfilesystem.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) elasticfilesystem-fips.ap- HTTPS
southeast-2.amazonaws.com

Asia ap- elasticfilesystem.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) elasticfilesystem-fips.ap- HTTPS
northeast-1.amazonaws.com

Canada ca- elasticfilesystem.ca-central-1.amazonaws.com HTTPS


(Central) central-1
elasticfilesystem-fips.ca- HTTPS
central-1.amazonaws.com

China cn-north-1 elasticfilesystem.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)
elasticfilesystem-fips.cn- HTTPS
north-1.amazonaws.com.cn

Version 1.0
191
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

China cn- elasticfilesystem.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn
HTTPS
elasticfilesystem-fips.cn-
northwest-1.amazonaws.com.cn

Europe eu- elasticfilesystem.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
elasticfilesystem-fips.eu- HTTPS
central-1.amazonaws.com

Europe eu-west-1 elasticfilesystem.eu-west-1.amazonaws.com HTTPS


(Ireland)
elasticfilesystem-fips.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 elasticfilesystem.eu-west-2.amazonaws.com HTTPS


(London)
elasticfilesystem-fips.eu-west-2.amazonaws.com HTTPS

Europe eu- elasticfilesystem.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
elasticfilesystem-fips.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 elasticfilesystem.eu-west-3.amazonaws.com HTTPS


(Paris)
elasticfilesystem-fips.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 elasticfilesystem.eu-north-1.amazonaws.com HTTPS


(Stockholm)
elasticfilesystem-fips.eu-north-1.amazonaws.com HTTPS

Middle me- elasticfilesystem.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) elasticfilesystem-fips.me-south-1.amazonaws.com HTTPS

South sa-east-1 elasticfilesystem.sa-east-1.amazonaws.com HTTPS


America
(São elasticfilesystem-fips.sa-east-1.amazonaws.com HTTPS
Paulo)

AWS us-gov- elasticfilesystem.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) elasticfilesystem-fips.us-gov- HTTPS
east-1.amazonaws.com

AWS us-gov- elasticfilesystem.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) elasticfilesystem-fips.us-gov- HTTPS
west-1.amazonaws.com

For information about using Amazon Elastic File System in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

For information about using Amazon Elastic File System in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Version 1.0
192
AWS General Reference Reference guide
Service Quotas

Service Quotas

Resource AWS Region Maximum Maximum


metered bursting read
throughput throughput

Total bursting throughput for all US East (Ohio) Region 3 GiB/s 5 GiB/s
connected clients
US East (N. Virginia) Region 3 GiB/s 5 GiB/s

US West (N. California) Region 1 GiB/s 3 GiB/s

US West (Oregon) Region 3 GiB/s 5 GiB/s

Africa (Cape Town) Region 1 GiB/s 3 GiB/s

Asia Pacific (Hong Kong) Region 1 GiB/s 3 GiB/s

Asia Pacific (Mumbai) Region 1 GiB/s 3 GiB/s

Asia Pacific (Seoul) Region 1 GiB/s 3 GiB/s

Asia Pacific (Singapore) Region 1 GiB/s 3 GiB/s

Asia Pacific (Sydney) Region 3 GiB/s 5 GiB/s

Asia Pacific (Tokyo) Region 1 GiB/s 3 GiB/s

Asia Pacific (Tokyo) Region 1 GiB/s 3 GiB/s

Canada (Central) Region 1 GiB/s 3 GiB/s

China (Beijing) Region 1 GiB/s 3 GiB/s

China (Ningxia) Region 1 GiB/s 3 GiB/s

Europe (Frankfurt) Region 1 GiB/s 3 GiB/s

Europe (Ireland) Region 3 GiB/s 5 GiB/s

Europe (London) Region 1 GiB/s 3 GiB/s

Europe (Milan) Region 1 GiB/s 3 GiB/s

Europe (Paris) Region 1 GiB/s 3 GiB/s

Europe (Stockholm) Region 1 GiB/s 3 GiB/s

Middle East (Bahrain) Region 1 GiB/s 3 GiB/s

South America (São Paulo) 1 GiB/s 3 GiB/s


Region

Total provisioned throughput for All AWS Regions 1 GiB/s 3 GiB/s


all connected clients

For more information, see Amazon EFS Quotas in the Amazon Elastic File System User Guide.

Version 1.0
193
AWS General Reference Reference guide
Amazon Elastic Inference

Amazon Elastic Inference endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 api.elastic-inference.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 api.elastic-inference.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 api.elastic-inference.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- api.elastic-inference.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- api.elastic-inference.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Europe eu-west-1 api.elastic-inference.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas

Resource Default Adjustable

Maximum number of Elastic Inference accelerators 5 Yes

Elastic Load Balancing endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
194
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Route 53 Route 53 Hosted


Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)

US East us-east-2 elasticloadbalancing.us- Z3AADJGX6KTTL2 ZLMOA37VPKANP


(Ohio) east-2.amazonaws.com

elasticloadbalancing-
fips.us-
east-2.amazonaws.com

US East (N. us-east-1 elasticloadbalancing.us- Z35SXDOTRQ7X7K Z26RNL4JYFTOTI


Virginia) east-1.amazonaws.com

elasticloadbalancing-
fips.us-
east-1.amazonaws.com

US West (N. us-west-1 elasticloadbalancing.us- Z368ELLRRE2KJ0 Z24FKFUX50B4VW


California) west-1.amazonaws.com

elasticloadbalancing-
fips.us-
west-1.amazonaws.com

US West us-west-2 elasticloadbalancing.us- Z1H1FL5HABSF5 Z18D5FSROUN65G


(Oregon) west-2.amazonaws.com

elasticloadbalancing-
fips.us-
west-2.amazonaws.com

Africa (Cape af-south-1 elasticloadbalancing.af- Z268VQBMOI5EKX Z203XCE67M25HM


Town) south-1.amazonaws.com

Asia Pacific ap-east-1 elasticloadbalancing.ap- Z3DQVH9N71FHZ0 Z12Y7K3UBGUAD1


(Hong Kong) east-1.amazonaws.com

Asia Pacific ap-south-1 elasticloadbalancing.ap- ZP97RAFLXTNZK ZVDDRBQ08TROA


(Mumbai) south-1.amazonaws.com

Asia Pacific ap- elasticloadbalancing.ap- Z5LXEXXYW11ES Z1GWIQ4HH19I5X


(Osaka- northeast-3 northeast-3.amazonaws.com
Local)

Asia Pacific ap- elasticloadbalancing.ap- ZWKZPGTI48KDX ZIBE1TIR4HY56


(Seoul) northeast-2 northeast-2.amazonaws.com

Asia Pacific ap- elasticloadbalancing.ap- Z1LMS91P8CMLE5 ZKVM4W9LS7TM


(Singapore) southeast-1 southeast-1.amazonaws.com

Asia Pacific ap- elasticloadbalancing.ap- Z1GM3OXH4ZPM65 ZCT6FZBF4DROD


(Sydney) southeast-2 southeast-2.amazonaws.com

Version 1.0
195
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Route 53 Route 53 Hosted


Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)

Asia Pacific ap- elasticloadbalancing.ap- Z14GRHDCWA56QT Z31USIVHYNEOWT


(Tokyo) northeast-1 northeast-1.amazonaws.com

Canada ca-central-1 elasticloadbalancing.ca- ZQSVJUPU6J1EY Z2EPGBW3API2WT


(Central) central-1.amazonaws.com

China cn-north-1 elasticloadbalancing.cn- Z1GDH35T77C1KE Z3QFB96KMJ7ED6


(Beijing) north-1.amazonaws.com.cn

China cn- elasticloadbalancing.cn- ZM7IZAIOVVDZF ZQEIKTCZ8352D


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu-central-1 elasticloadbalancing.eu- Z215JYRZR1TBD5 Z3F0SRJ5LGBH90


(Frankfurt) central-1.amazonaws.com

Europe eu-west-1 elasticloadbalancing.eu- Z32O12XQLNTSW2 Z2IFOLAFXWLO4F


(Ireland) west-1.amazonaws.com

Europe eu-west-2 elasticloadbalancing.eu- ZHURV8PSTC4K8 ZD4D7Y8KGAS4G


(London) west-2.amazonaws.com

Europe eu-south-1 elasticloadbalancing.eu- Z3ULH7SSC9OV64 Z23146JA1KNAFP


(Milan) south-1.amazonaws.com

Europe eu-west-3 elasticloadbalancing.eu- Z3Q77PNBQS71R4 Z1CMS0P5QUZ6D5


(Paris) west-3.amazonaws.com

Europe eu-north-1 elasticloadbalancing.eu- Z23TAZ6LKFMNIO Z1UDT6IFJ4EJM


(Stockholm) north-1.amazonaws.com

Middle East me-south-1 elasticloadbalancing.me- ZS929ML54UICD Z3QSRYVP46NYYV


(Bahrain) south-1.amazonaws.com

South sa-east-1 elasticloadbalancing.sa- Z2P70J7HTTTPLU ZTK26PT1VY4CU


America east-1.amazonaws.com
(São Paulo)

AWS us-gov- elasticloadbalancing.us- Z166TLBEWOO7G0 Z1ZSMQQ6Q24QQ8


GovCloud east-1 gov-east-1.amazonaws.com
(US-East)

AWS us-gov- elasticloadbalancing.us- Z33AYJ8TM3BH4J ZMG1MZ2THAWF1


GovCloud west-1 gov-
(US-West) west-1.amazonaws.com

Service Quotas
Elastic Load Balancing supports multiple types of load balancers.

Version 1.0
196
AWS General Reference Reference guide
Service Quotas

Application Load Balancers

Resource Default

Application Load Balancers per Region 50

Target groups per Region 3000 *

Listeners per load balancer 50

Targets per load balancer 1000

Subnets per Availability Zone per load balancer 1

Security groups per load balancer 5

Rules per load balancer (not counting default rules) 100

Certificates per load balancer (not counting default certificates) 25

Number of times a target can be registered per load balancer 100

Load balancers per target group 1

Targets per target group (instances or IP addresses) 1000

Targets per target group (Lambda functions) 1

Network Load Balancers

Resource Default

Network Load Balancers per Region 50

Target groups per Region 3000 *

Listeners per load balancer 50

Subnets per Availability Zone per load balancer 1

Targets per load balancer per Availability Zone 500

Targets per load balancer 500

Certificates per load balancer (not counting default certificates) 25

Load balancers per target group 1

* This quota is shared by target groups for your Application Load Balancers and Network Load Balancers.

Gateway Load Balancer

Resource Default

Gateway Load Balancers per Region 20

Gateway Load Balancers per VPC 10

Target groups with GENEVE protocol per Availability Zone 100

Version 1.0
197
AWS General Reference Reference guide
Elastic Transcoder

Resource Default

Targets per Availability Zone per target group with GENEVE 300
protocol

Classic Load Balancers

Resource Default

Classic Load Balancers per Region 20

Listeners per load balancer 100

Security groups per load balancer 5

Registered instances per load balancer 1,000

Subnets per Availability Zone per load balancer 1

Amazon Elastic Transcoder endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 elastictranscoder.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 elastictranscoder.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 elastictranscoder.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- elastictranscoder.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- elastictranscoder.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- elastictranscoder.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
198
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- elastictranscoder.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu-west-1 elastictranscoder.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas
Resource Default

Pipelines per Region 4

User-defined presets 50

Maximum number of jobs processed 100 per pipeline


simultaneously by each pipeline

Maximum number of jobs queued in each pipeline 1,000,000

Maximum number of outputs 30 per job

Maximum rate at which you can submit requests You can submit two requests per second per AWS
to create a job account at a sustained rate; brief bursts of 100
requests per second are allowed.

Maximum rate at which you can submit requests You can submit four requests per second per AWS
to read a job account at a sustained rate; brief bursts of 50
requests per second are allowed.

It may take up to two weeks to process requests for a quota increase.

For more information, see Amazon Elastic Transcoder quotas in the Amazon Elastic Transcoder Developer
Guide.

Amazon ElastiCache endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 elasticache.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
199
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
elasticache-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 elasticache.us-east-1.amazonaws.com HTTPS


Virginia)
elasticache-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 elasticache.us-west-1.amazonaws.com HTTPS


West (N.
California) elasticache-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 elasticache.us-west-2.amazonaws.com HTTPS


(Oregon)
elasticache-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 elasticache.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 elasticache.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- elasticache.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- elasticache.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- elasticache.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- elasticache.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- elasticache.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- elasticache.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- elasticache.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 elasticache.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- elasticache.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
200
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- elasticache.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 elasticache.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 elasticache.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- elasticache.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 elasticache.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 elasticache.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- elasticache.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 elasticache.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- elasticache.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- elasticache.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) elasticache.us-gov-west-1.amazonaws.com HTTPS

The Asia Pacific (Osaka-Local) Region is a local Region that is available to select AWS customers who
request access. Customers wishing to use the Asia Pacific (Osaka-Local) Region should speak with their
sales representative. The Asia Pacific (Osaka-Local) Region supports a single Availability Zone.

For information about using Amazon ElastiCache in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Service Quotas
For information on ElastiCache terminology, see ElastiCache Components and Features.

Resource Default Description

Nodes per Region 300 The maximum number of nodes


across all clusters in a Region.
This quota applies to both your
reserved and non-reserved
nodes within the given Region.
You can have up to 300 reserved

Version 1.0
201
AWS General Reference Reference guide
Amazon ES

Resource Default Description


nodes and 300 non-reserved
nodes in the same Region.

Nodes per cluster (Memcached) 40 The maximum number of nodes


in an individual Memcached
cluster.

Nodes per cluster  per instance 90 The maximum number of nodes


type (Redis cluster mode in an individual Redis cluster.
enabled) You must also specify the
instance type with your request.

Nodes per shard (Redis) 6 The maximum number of nodes


in an individual Redis shard
(node group). One node is the
read/write Primary. All other
nodes are read-only Replicas.
This quota cannot be increased.

Shards per Cluster 1 The maximum number of shards


(Redis cluster mode disabled) (node groups) in a Redis (cluster
mode disabled) cluster.

Parameter groups per Region 150 The maximum number of


parameters groups you can
create in a Region.

Security groups per Region 50 The maximum number of


security groups you can create in
a Region.

Subnet groups per Region 150 The maximum number of subnet


groups you can create in a
Region.

Subnets per subnet group 20 The maximum number of


subnets you can define for a
subnet group.

These quotas are global quotas per customer account. To exceed these quotas, make your request using
the ElastiCache Node request form.

Amazon Elasticsearch Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
202
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 es.us-east-2.amazonaws.com HTTPS


(Ohio)
es-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 es.us-east-1.amazonaws.com HTTPS


Virginia)
es-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 es.us-west-1.amazonaws.com HTTPS


West (N.
California) es-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 es.us-west-2.amazonaws.com HTTPS


(Oregon)
es-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 es.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 es.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- es.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- es.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- es.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- es.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- es.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- es.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 es.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- es.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
203
AWS General Reference Reference guide
Amazon EMR

Region Region Endpoint Protocol


Name

Europe eu- es.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 es.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 es.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- es.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 es.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 es.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- es.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 es.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- es.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) es-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- es.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) es-fips.us-gov-west-1.amazonaws.com HTTPS

Amazon EMR endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 elasticmapreduce.us-east-2.amazonaws.com HTTPS


(Ohio)
elasticmapreduce-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
204
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 elasticmapreduce.us-east-1.amazonaws.com HTTPS


Virginia)
elasticmapreduce-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 elasticmapreduce.us-west-1.amazonaws.com HTTPS


West (N.
California) elasticmapreduce-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 elasticmapreduce.us-west-2.amazonaws.com HTTPS


(Oregon)
elasticmapreduce-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 elasticmapreduce.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 elasticmapreduce.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- elasticmapreduce.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- elasticmapreduce.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- elasticmapreduce.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- elasticmapreduce.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- elasticmapreduce.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- elasticmapreduce.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- elasticmapreduce.ca-central-1.amazonaws.com HTTPS


(Central) central-1
elasticmapreduce-fips.ca- HTTPS
central-1.amazonaws.com

China cn-north-1 elasticmapreduce.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- elasticmapreduce.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Version 1.0
205
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- elasticmapreduce.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 elasticmapreduce.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 elasticmapreduce.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- elasticmapreduce.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 elasticmapreduce.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 elasticmapreduce.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- elasticmapreduce.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 elasticmapreduce.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- elasticmapreduce.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) elasticmapreduce.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- elasticmapreduce.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) elasticmapreduce.us-gov-west-1.amazonaws.com HTTPS

If you specify the general endpoint (elasticmapreduce.amazonaws.com), Amazon EMR directs your
request to an endpoint in the default Region. For accounts created on or after March 8, 2013, the default
Region is us-west-2; for older accounts, the default Region is us-east-1.

For information about using Amazon EMR in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

For information about using Amazon EMR in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas

Resource Default

Clusters per AWS account 500

Version 1.0
206
AWS General Reference Reference guide
Service Quotas

Resource Default

Instances per cluster Amazon EC2 quotas for On-Demand, Spot, and
Reserved Instances apply. For more information,
see Service Quotas for Amazon EC2 (p. 170).

Amazon EBS volumes per cluster instance 25

Amazon EMR notebooks per cluster Dependent on master node instance type. For
more information, see Notebook Limits Per
Cluster in the Amazon EMR Management Guide.

Amazon EMR throttles the following API requests for each AWS account on a per-Region basis. For
more information about how throttling is applied, see API Request Throttling in the Amazon EC2 API
Reference. You can request an increase to API throttling quotas for your AWS account. To request a quota
adjustment, create a case using the AWS Support Center.

API Action Bucket Maximum Capacity Bucket Refill Rate (per second)

DescribeJobFlows 20 0.2

RunJobFlow 10 0.5

TerminateJobFlows 10 0.5

AddJobFlowSteps 10 0.5

AddInstanceGroups 5 0.2

ModifyInstanceGroups 5 0.2

SetTerminationProtection 5 0.2

SetVisibleToAllUsers 5 0.2

ListClusters 20 0.5

DescribeCluster 10 1.0

ListSteps 10 0.5

DescribeStep 10 0.5

ListInstanceGroups 5 0.5

ListBootstrapActions 5 0.5

ListInstances 10 0.5

AddTags 5 0.5

RemoveTags 5 0.5

At the AWS account level, the 25 5


bucket maximum capacity and
refill rate for the sum of all API
actions listed above

Version 1.0
207
AWS General Reference Reference guide
EventBridge

Amazon EventBridge endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 events.us-east-2.amazonaws.com HTTPS


(Ohio)
events-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 events.us-east-1.amazonaws.com HTTPS


Virginia)
events-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 events.us-west-1.amazonaws.com HTTPS


West (N.
California) events-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 events.us-west-2.amazonaws.com HTTPS


(Oregon)
events-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 events.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 events.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- events.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- events.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- events.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- events.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
208
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- events.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- events.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- events.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 events.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- events.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- events.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 events.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 events.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- events.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 events.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 events.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- events.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 events.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- events.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) events.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- events.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) events.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon EventBridge in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Version 1.0
209
AWS General Reference Reference guide
Service Quotas

Service Quotas
For more information, see EventBridge Quotas in the Amazon EventBridge User Guide.

AWS Firewall Manager endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 fms.us-east-2.amazonaws.com HTTPS


(Ohio)
fms-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 fms.us-east-1.amazonaws.com HTTPS


Virginia)
fms-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 fms.us-west-1.amazonaws.com HTTPS


West (N.
California) fms-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 fms.us-west-2.amazonaws.com HTTPS


(Oregon)
fms-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 fms.af-south-1.amazonaws.com HTTPS


(Cape
Town) fms-fips.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 fms.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong fms-fips.ap-east-1.amazonaws.com HTTPS
Kong)

Asia ap- fms.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) fms-fips.ap-south-1.amazonaws.com HTTPS

Asia ap- fms.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) fms-fips.ap-northeast-2.amazonaws.com HTTPS

Asia ap- fms.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) fms-fips.ap-southeast-1.amazonaws.com HTTPS

Version 1.0
210
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- fms.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) fms-fips.ap-southeast-2.amazonaws.com HTTPS

Asia ap- fms.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) fms-fips.ap-northeast-1.amazonaws.com HTTPS

Canada ca- fms.ca-central-1.amazonaws.com HTTPS


(Central) central-1
fms-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- fms.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
fms-fips.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 fms.eu-west-1.amazonaws.com HTTPS


(Ireland)
fms-fips.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 fms.eu-west-2.amazonaws.com HTTPS


(London)
fms-fips.eu-west-2.amazonaws.com HTTPS

Europe eu- fms.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
fms-fips.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 fms.eu-west-3.amazonaws.com HTTPS


(Paris)
fms-fips.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 fms.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- fms.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) fms-fips.me-south-1.amazonaws.com HTTPS

South sa-east-1 fms.sa-east-1.amazonaws.com HTTPS


America
(São fms-fips.sa-east-1.amazonaws.com HTTPS
Paulo)

Service Quotas
AWS Firewall Manager has default quotas on the number of entities per account. You can request an
increase in these quotas.

Resource Default

Accounts per organization in AWS Organizations Varies. An


invitation sent
to an account
counts against this

Version 1.0
211
AWS General Reference Reference guide
Forecast

Resource Default
quota. The count
is returned if the
invited account
declines, the
master account
cancels the
invitation, or the
invitation expires.

Firewall Manager policies per organization in AWS Organizations 20

Tags to specified include or exclude per Firewall Manager policy 8

The following quotas related to Firewall Manager can't be changed.

Resource Value

Rule groups per AWS Firewall Manager administrator account 3

Rule groups per Firewall Manager policy 2: 1 customer-


created rule
group and 1 AWS
Marketplace rule
group

Rules per rule group 10

Amazon Forecast endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Forecast

Region Region Endpoint Protocol


Name

US East us-east-2 forecast.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 forecast.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 forecast.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
212
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- forecast.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- forecast.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- forecast.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- forecast.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- forecast.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- forecast.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 forecast.eu-west-1.amazonaws.com HTTPS


(Ireland)

Amazon Forecast Query

Region Region Endpoint Protocol


Name

US East us-east-2 forecastquery.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 forecastquery.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 forecastquery.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- forecastquery.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- forecastquery.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- forecastquery.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
213
AWS General Reference Reference guide
Amazon Fraud Detector

Region Region Endpoint Protocol


Name

Asia ap- forecastquery.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- forecastquery.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- forecastquery.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 forecastquery.eu-west-1.amazonaws.com HTTPS


(Ireland)

Amazon Fraud Detector endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 frauddetector.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 frauddetector.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 frauddetector.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- frauddetector.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- frauddetector.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Europe eu-west-1 frauddetector.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
214
AWS General Reference Reference guide
Service Quotas

Service Quotas
Machine learning model

Resource Default Limit

Training data size 5 GB per model training

Number of custom models per account 100

Number of versions per custom model 5000

Number of deployed model versions 20

Number of concurrent training jobs per custom 3


model

Applications and Evaluations

Resource Default Limit

Number of variables per account 5000

Number of rules per account 5000

Number of outcomes per account 5000

Number of applications per account 100

Number of evaluations per application 100

Number of models per evaluation 10

getEventEvaluation

Resource Default Limit

Maximum event evaluations per account 200 TPS

Maximum size of payload per call 256 KB

FreeRTOS endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The following tables provide a list of Region-specific endpoints that FreeRTOS supports for Over-the-Air
functionality. The FreeRTOS console is also supported in these Regions.

Version 1.0
215
AWS General Reference Reference guide
Service Endpoints

FreeRTOS OTA Control Plane

Region Region Endpoint Protocol


Name

US East us-east-2 iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- iot.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
216
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu-west-2 iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

For information about using FreeRTOS in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

FreeRTOS OTA Data Plane

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefix.iot.us-east-2.amazonaws.com MQTT

US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com MQTT


Virginia)

US West (N. us-west-1 prefix.iot.us-west-1.amazonaws.com MQTT


California)

US West us-west-2 prefix.iot.us-west-2.amazonaws.com MQTT


(Oregon)

Asia Pacific ap-east-1 prefix.iot.ap-east-1.amazonaws.com MQTT


(Hong Kong)

Asia Pacific ap-south-1 prefix.iot.ap-south-1.amazonaws.com MQTT


(Mumbai)

Asia Pacific ap-northeast-2 prefix.iot.ap-northeast-2.amazonaws.com MQTT


(Seoul)

Asia Pacific ap-southeast-1 prefix.iot.ap-southeast-1.amazonaws.com MQTT


(Singapore)

Asia Pacific ap-southeast-2 prefix.iot.ap-southeast-2.amazonaws.com MQTT


(Sydney)

Version 1.0
217
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 prefix.iot.ap-northeast-1.amazonaws.com MQTT


(Tokyo)

Canada ca-central-1 prefix.iot.ca-central-1.amazonaws.com MQTT


(Central)

Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com MQTT


(Frankfurt)

Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com MQTT


(Ireland)

Europe eu-west-2 prefix.iot.eu-west-2.amazonaws.com MQTT


(London)

Europe (Paris) eu-west-3 prefix.iot.eu-west-3.amazonaws.com MQTT

Europe eu-north-1 prefix.iot.eu-north-1.amazonaws.com MQTT


(Stockholm)

Middle East me-south-1 prefix.iot.me-south-1.amazonaws.com MQTT


(Bahrain)

South America sa-east-1 prefix.iot.sa-east-1.amazonaws.com MQTT


(São Paulo)

Service Quotas
FreeRTOS OTA Resource Quotas

Resource Default

File size 16MB

FreeRTOS OTA Throttling

API Transactions Per Second

CreateOTAUpdate 10 TPS

DeleteOTAUpdate 5 TPS

GetOTAUpdate 15 TPS

ListOTAUpdates 15 TPS

Amazon FSx endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
218
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 fsx.us-east-2.amazonaws.com HTTPS


(Ohio)
fsx-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 fsx.us-east-1.amazonaws.com HTTPS


Virginia)
fsx-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 fsx.us-west-1.amazonaws.com HTTPS


West (N.
California) fsx-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 fsx.us-west-2.amazonaws.com HTTPS


(Oregon)
fsx-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 fsx.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 fsx.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- fsx.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- fsx.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- fsx.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- fsx.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- fsx.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- fsx.ca-central-1.amazonaws.com HTTPS


(Central) central-1
fsx-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 fsx.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- fsx.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
219
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- fsx.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 fsx.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 fsx.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- fsx.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 fsx.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 fsx.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- fsx.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 fsx.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- fsx.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) fsx-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- fsx.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) fsx-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Amazon FSx for Lustre

Resource Default Can be increased up to

Number of file systems 100 Thousands

Number of file updates from 10 million / month Hundreds of millions / month


linked S3 bucket per file system

Total number of user-initiated 500 Thousands


backups for all file systems

Total storage for all file systems 100,800 GiB. This is the default Petabytes
value.

For more information, see FSx Lustre Quotas in the Amazon FSx for Lustre User Guide.

Version 1.0
220
AWS General Reference Reference guide
GameLift

Amazon FSx for Windows File Server

Resource Default Can Be Increased Up To

Number of file systems 100 Thousands

Total storage for all file systems 512 TiB Multiple PiBs

Total throughput capacity for all 10 GBps Hundreds of GBps


file systems

Total number of user-initiated 500 Thousands


backups for all file system

For more information, see FSx for Windows Quotas in the Amazon FSx for Windows File Server User Guide.

Amazon GameLift endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 gamelift.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 gamelift.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 gamelift.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 gamelift.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- gamelift.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- gamelift.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- gamelift.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
221
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- gamelift.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- gamelift.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- gamelift.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 gamelift.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- gamelift.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 gamelift.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 gamelift.eu-west-2.amazonaws.com HTTPS


(London)

South sa-east-1 gamelift.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas

Resource Default

Aliases 20

Fleets 20

Builds 1000

Scripts 1000

Total combined size of uploaded builds and scripts 100 GB

Log upload size per game session 200 MB

On-demand instances Per instance type: quotas vary.

Per account: 20 instances max, regardless of


instance type.

For more information, see Scaling Amazon Elastic


Compute Cloud (Amazon EC2) Instances for
Amazon GameLift.

Server processes per instance GameLift SDK v2.x: 1

Version 1.0
222
AWS General Reference Reference guide
S3 Glacier

Resource Default
GameLift SDK v3.x and up: 50

Player sessions per game session 200

Matchmakers per account 100

VPC peering connections For quotas on active and pending VPC peering
connections, see Amazon VPC (p. 519).

The expiry time for an Amazon GameLift VPC


peering authorization is 24 hours.

Amazon S3 Glacier endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 glacier.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS
glacier-fips.us-east-2.amazonaws.com
HTTPS

US East (N. us-east-1 glacier.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS
glacier-fips.us-east-1.amazonaws.com
HTTPS

US us-west-1 glacier.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California) glacier-fips.us-west-1.amazonaws.com
HTTPS

US West us-west-2 glacier.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS
glacier-fips.us-west-2.amazonaws.com
HTTPS

Africa af-south-1 glacier.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 glacier.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Version 1.0
223
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- glacier.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- glacier.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- glacier.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- glacier.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- glacier.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- glacier.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- glacier.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS
glacier-fips.ca-central-1.amazonaws.com
HTTPS

China cn-north-1 glacier.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- glacier.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- glacier.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 glacier.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 glacier.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- glacier.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 glacier.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 glacier.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- glacier.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

Version 1.0
224
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 glacier.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- glacier.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East) glacier.us-gov-east-1.amazonaws.com
HTTPS

AWS us-gov- glacier.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West) glacier.us-gov-west-1.amazonaws.com
HTTPS

For information about using Amazon S3 Glacier in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon S3 Glacier in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
Resource Default

Number of vaults per account 1000

Number of provisioned capacity units 2

AWS Global Accelerator


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol Amazon
Name Route 53
Hosted
Zone ID*

US West us-west-2 globalaccelerator.amazonaws.com HTTPS Z2BJ6XQ5FK7U4H


(Oregon)
Region

Version 1.0
225
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default

Number of accelerators for each AWS account 20

Number of listeners for each accelerator 10

Number of port ranges for each listener 10

Number of endpoints for each endpoint group 10

In addition, there are quotas for Elastic IP addresses, Network Load Balancers, and Application Load
Balancers that are used as endpoints for an accelerator. For more information, see the following:

• Elastic IP Address Quota in the Amazon EC2 User Guide for Linux Instances.
• Quotas for Your Network Load Balancers in the User Guide for Network Load Balancers.
• Quotas for Your Application Load Balancers in the User Guide for Application Load Balancers.

AWS Glue endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 glue.us-east-2.amazonaws.com HTTPS


(Ohio)
glue-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 glue.us-east-1.amazonaws.com HTTPS


Virginia)
glue-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 glue.us-west-1.amazonaws.com HTTPS


West (N.
California) glue-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 glue.us-west-2.amazonaws.com HTTPS


(Oregon)
glue-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 glue.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 glue.ap-east-1.amazonaws.com HTTPS


Pacific

Version 1.0
226
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Hong
Kong)

Asia ap- glue.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- glue.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- glue.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- glue.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- glue.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- glue.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 glue.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- glue.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- glue.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 glue.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 glue.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- glue.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 glue.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 glue.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- glue.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
227
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 glue.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- glue.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) glue-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- glue.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) glue-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Number of databases per account 10,000

Number of tables per database 200,000

Number of partitions per table 10,000,000

Number of table versions per table 100,000

Number of functions per database 100

Number of tables per account 1,000,000

Number of partitions per account 20,000,000

Number of table versions per account 1,000,000

Number of connections per account 1,000

Number of functions per account 100

Number of concurrent crawlers per account 50

Number of crawlers per account 1000

Number of jobs per account 1000

Number of triggers per account 1000

Number of workflows per account 250

Number of concurrent job runs per account 50

Number of concurrent job runs per job 1,000

Number of jobs per trigger 50

Number of development endpoints per account 25

Number of security configurations per account 250

Version 1.0
228
AWS General Reference Reference guide
AWS Glue DataBrew

Resource Default

Maximum DPUs used by a development endpoint at one time 50

Maximum DPUs used by a role at one time 300

Number of machine learning transforms per account 100

Maximum label file size in MB 10

Maximum number of concurrent task runs per machine learning 3


transform for this account

Total number of concurrent machine learning transform task runs 30


for machine learning transforms for this account

Some of the quotas for AWS Glue vary for the AWS GovCloud (US-West) Region. For more information,
see AWS Glue in the AWS GovCloud (US) User Guide.

AWS Glue DataBrew endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 databrew.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 databrew.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 databrew.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 databrew.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- databrew.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- databrew.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
229
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- databrew.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- databrew.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- databrew.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 databrew.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 databrew.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 databrew.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 databrew.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Service Quotas

Resource Default

Concurrent jobs per AWS account 10

Datasets per AWS account 100

Jobs per AWS account 100

Open projects per AWS account 10

Projects per AWS account 100

Recipes per AWS account 100

Schedules per AWS account 10

Versions per recipe 100

AWS Ground Station endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
230
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 groundstation.us-east-2.amazonaws.com HTTPS


(Ohio)
groundstation-fips.us-east-2.amazonaws.com HTTPS

US West us-west-2 groundstation.us-west-2.amazonaws.com HTTPS


(Oregon)
groundstation-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 groundstation.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap- groundstation.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Europe eu-west-1 groundstation.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-north-1 groundstation.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- groundstation.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Service Quotas

Resource Default

Maximum lead time allowed for scheduling a contact 7 days

Maximum contact duration permitted 20 minutes

Maximum scheduled contact duration permitted 1000 minutes

Maximum number of scheduled contacts allowed 100

Maximum number of configs allowed 100

Maximum number of dataflow endpoint groups allowed 100

Maximum number of mission profiles allowed 100

Maximum number of dataflow endpoints per group allowed 20

For more information, see the AWS Ground Station User Guide.

Version 1.0
231
AWS General Reference Reference guide
GuardDuty

Amazon GuardDuty endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 guardduty.us-east-2.amazonaws.com HTTPS


(Ohio)
guardduty-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 guardduty.us-east-1.amazonaws.com HTTPS


Virginia)
guardduty-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 guardduty.us-west-1.amazonaws.com HTTPS


West (N.
California) guardduty-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 guardduty.us-west-2.amazonaws.com HTTPS


(Oregon)
guardduty-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 guardduty.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 guardduty.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- guardduty.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- guardduty.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- guardduty.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- guardduty.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- guardduty.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
232
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Canada ca- guardduty.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 guardduty.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- guardduty.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- guardduty.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 guardduty.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 guardduty.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- guardduty.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 guardduty.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 guardduty.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- guardduty.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 guardduty.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- guardduty.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) guardduty.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- guardduty.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) guardduty.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Detectors 1

Filters 100

Trusted IP sets 1

Threat intel sets 6

Version 1.0
233
AWS General Reference Reference guide
AWS Health

Resource Default

GuardDuty member accounts 5000

GuardDuty finding retention time 90 days

AWS Health endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS Health has a single endpoint: health.us-east-1.amazonaws.com (HTTPS).

Quotas for Amazon HealthLake


Throttling and quotas for Amazon HealthLake
The following table describes throttling limits for resource management within Amazon HealthLake. For
information about limits that can be changed while the service is in preview, see AWS Service Limits.

Description Limit

CreateFHIRDatastore and DeleteFHIRDatastore 4 requests per 5 minutes

DescribeFHIRDatstore and ListFHIRDatastores 1 TPS

CreateResource, ReadResource, UpdateResource, 1 TPS


DeleteResource, GetCapabilities

SearchWithGet and SearchWithPost 0.2 TPS

StartFHIRImportJob and StartFHIRExportJob 1 request per minute

DescribeFHIRImportJob and 1 TPS


DescribeFHIRExportJob

The following table describes the Data Store service quotas for HealthLake for the preview period.

Description Limit

Maximum active Data Stores per account 2 Data Stores

Maximum number of Data Stores being created 2 Data Store


per account

Version 1.0
234
AWS General Reference Reference guide
Amazon Honeycode

Description Limit

Maximum characters for a medical note 10,000 characters


within the DocumentReference ResourceType
(CreateResource/UpdateResource)

Maximum resources for ingestion per Data Store 500,000

The following table lists the quotas for Import jobs for the preview period.

Description Limit

Maximum job size 1 GB

Maximum file size 50 MB

Maximum number of files 100

Maximum number of Import jobs per Data Store 4

Supported file extension '.ndjson'

Amazon Honeycode
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Honeycode has a single endpoint: honeycode.us-west-2.amazonaws.com (HTTPS).

AWS Identity and Access Management endpoints


and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 iam.amazonaws.com HTTPS


(Ohio)

Version 1.0
235
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 iam.amazonaws.com HTTPS


Virginia)
iam-fips.amazonaws.com HTTPS

US us-west-1 iam.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 iam.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 iam.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 iam.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- iam.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- iam.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- iam.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iam.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iam.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iam.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- iam.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 iam.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- iam.cn-north-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- iam.amazonaws.com HTTPS


(Frankfurt) central-1

Version 1.0
236
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 iam.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 iam.amazonaws.com HTTPS


(London)

Europe eu- iam.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 iam.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 iam.amazonaws.com HTTPS


(Stockholm)

Middle me- iam.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 iam.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- iam.us-gov.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- iam.us-gov.amazonaws.com HTTPS


GovCloud west-1
(US-West) iam.us-gov.amazonaws.com HTTPS

Service Quotas
AWS allows you to request an increase to default quotas for IAM entities. You can use Service Quotas to
manage your IAM quotas. For adjustable IAM quotas, you can request a quota increase. Smaller increases
are automatically approved in Service Quotas and are completed within a few minutes. Larger requests
above the maximum autoapproved increase are submitted to AWS Support. Some adjustable quotas
can't be increased above the maximum autoapproved increase amount. You can track your request case
in the AWS Support console.

To request a quota increase, sign in to the AWS Management Console and open the Service Quotas
console at https://console.aws.amazon.com/servicequotas/. In the navigation pane, choose AWS
services. On the navigation bar, choose the US East (N. Virginia) Region. Then search for IAM. Choose
AWS Identity and Access Management (IAM), choose a quota, and follow the directions to request a
quota increase. For more information, see Requesting a Quota Increase in the Service Quotas User Guide.

The following quotas are adjustable.

Resource Default Maximum autoapproval

ACL (Assume role policy) size per 2048 characters 4096 characters
role

Version 1.0
237
AWS General Reference Reference guide
IAM Access Analyzer

Resource Default Maximum autoapproval

Customer managed policies in 1500 5000


an AWS account

Groups in an AWS account 300 500

Roles in an AWS account 1000 5000

Managed policies attached to an 10 20


IAM role

Managed policies attached to an 10 20


IAM user

Virtual MFA devices (assigned or Equal to the user quota for the Not applicable
unassigned) in an AWS account account

Instance profiles in an AWS 1000 5000


account

Server certificates stored in an 20 1000


AWS account

These quotas can be changed. For information about other quotas that cannot be changed, see IAM and
STS Quotas in the IAM User Guide.

IAM Access Analyzer endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 access-analyzer.us-east-2.amazonaws.com HTTPS


(Ohio)
access-analyzer-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 access-analyzer.us-east-1.amazonaws.com HTTPS


Virginia)
access-analyzer-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 access-analyzer.us-west-1.amazonaws.com HTTPS


West (N.
California) access-analyzer-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 access-analyzer.us-west-2.amazonaws.com HTTPS


(Oregon)
access-analyzer-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
238
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

Africa af-south-1 access-analyzer.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 access-analyzer.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- access-analyzer.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- access-analyzer.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- access-analyzer.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- access-analyzer.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- access-analyzer.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- access-analyzer.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- access-analyzer.ca-central-1.amazonaws.com HTTPS


(Central) central-1
access-analyzer-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 access-analyzer.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- access-analyzer.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- access-analyzer.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 access-analyzer.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 access-analyzer.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- access-analyzer.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Version 1.0
239
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 access-analyzer.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 access-analyzer.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- access-analyzer.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 access-analyzer.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- access-analyzer.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) access-analyzer.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- access-analyzer.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) access-analyzer.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Maximum number of analyzers with an account 1


zone of trust

Maximum number of analyzers with an 5


organization zone of trust

Maximum number of archive rules per analyzer 100

AWS Import/Export endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Endpoint Protocol

importexport.amazonaws.com HTTPS

Version 1.0
240
AWS General Reference Reference guide
Amazon Inspector

Amazon Inspector
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 inspector.us-east-2.amazonaws.com HTTPS


(Ohio)
inspector-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 inspector.us-east-1.amazonaws.com HTTPS


Virginia)
inspector-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 inspector.us-west-1.amazonaws.com HTTPS


West (N.
California) inspector-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 inspector.us-west-2.amazonaws.com HTTPS


(Oregon)
inspector-fips.us-west-2.amazonaws.com HTTPS

Asia ap- inspector.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- inspector.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- inspector.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- inspector.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- inspector.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 inspector.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 inspector.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 inspector.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
241
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- inspector.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) inspector-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- inspector.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) inspector-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Inspector in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Service Quotas
Resource Default

Running agents 500

Assessment runs 50,000

Assessment templates 500

Assessment targets 50

For more information, see the Amazon Inspector User Guide.

AWS IoT 1-Click endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS IoT 1-Click Projects API
The following table lists the service endpoints for AWS IoT 1-Click Projects. For more information, see
the AWS IoT 1-Click Projects API Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 projects.iot1click.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 projects.iot1click.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
242
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

US West us-west-2 projects.iot1click.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- projects.iot1click.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- projects.iot1click.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 projects.iot1click.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 projects.iot1click.eu-west-2.amazonaws.com HTTPS


(London)

AWS IoT 1-Click Devices API


The following table lists the service endpoint for AWS IoT 1-Click Devices. For more information, see the
AWS IoT 1-Click Devices API Reference.

Region Region Endpoint Protocol


Name

US West us-west-2 devices.iot1click.us-west-2.amazonaws.com HTTPS


(Oregon)

Service Quotas
API Transactions per Second Adjustable

10
AssociateDeviceWithPlacement No

ClaimDevicesByClaimCode 10 No

CreatePlacement 10 No

CreateProject 10 No

DeletePlacement 10 No

DeleteProject 10 No

DescribeDevice 10 No

DescribePlacement 10 No

DescribeProject 10 No

10
DisassociateDeviceFromPlacement No

FinalizeDeviceClaim 10 No

Version 1.0
243
AWS General Reference Reference guide
AWS IoT Analytics

API Transactions per Second Adjustable

GetDeviceMethods 10 No

GetDevicesInPlacement 10 No

InitiateDeviceClaim 10 No

InvokeDeviceMethod 10 No

ListDeviceEvents 10 No

ListDevices 10 No

ListPlacements 10 No

ListProjects 10 No

ListTagsForResource 10 No

TagResource 10 No

UnclaimDevice 10 No

UntagResource 10 No

UpdateDeviceState 10 No

UpdatePlacement 10 No

UpdateProject 10 No

AWS IoT Analytics endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 iotanalytics.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 iotanalytics.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 iotanalytics.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- iotanalytics.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
244
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- iotanalytics.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

China cn-north-1 iotanalytics.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- iotanalytics.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 iotanalytics.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas
API Default Description Adjustable

StartPipelineReprocessing 1,000 transactions you can make Yes


for every 24 hours to reprocess
the same channel messages
through a pipeline

SampleChannelData 1 transaction per second per Yes


channel

CreateDatasetContent 1 transaction per second per Yes


data set

RunPipelineActivity 1 transaction per second Yes

Other management APIs 20 transactions per second Yes

BatchPutMessage 100,000 messages or 500MB Yes


total message size per second
per channel

100 messages per batch Yes

128Kb per message No

Resource Default Description Adjustable

Channel 50 per account Yes

Data store 25 per account Yes

Column 100 per schema Yes

Pipeline 100 per account Yes

Activities 25 per pipeline No

Data set 100 per account Yes

Version 1.0
245
AWS General Reference Reference guide
AWS IoT Core

Resource Default Description Adjustable

Minimum SQL data set refresh 1 minute No


interval

Minimum container data set 15 minutes Yes


refresh interval

Concurrent data set content 2 data sets simultaneously No


generation

Container datasets that can be 10 No


triggered from a single SQL
dataset

Concurrent container dataset 20 No


runs

AWS IoT Core endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The following sections describe the service endpoints for AWS IoT Core.
Note
You can use these endpoints to perform the operations in the AWS IoT API Reference. The
endpoints in the following sections are different from the device endpoints, which provide
devices an MQTT publish/subscribe interface and a subset of the API operations. For more
information about the data, credential access, and job management endpoints used by devices,
see AWS IoT device endpoints.
For information about connecting to and using the AWS IoT endpoints, see Connecting devices
to AWS IoT in the AWS IoT Developer Guide.

For information about using AWS IoT in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-
West) Endpoints.

For information about using AWS IoT in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Topics
• Control Plane API Endpoints (p. 247)
• Data Plane API Endpoints (p. 248)
• Jobs Data Plane API Endpoints (p. 250)
• Secure Tunneling API Endpoints (p. 251)

Version 1.0
246
AWS General Reference Reference guide
Service Endpoints

Control Plane API Endpoints


The following table contains AWS Region-specific endpoints that AWS IoT Core supports for group
management operations. For more information, see AWS IoT operations in the AWS IoT API Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- iot.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Version 1.0
247
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu-west-1 iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- iot.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

For information about using AWS IoT in the AWS GovCloud (US) Regions, see AWS GovCloud (US)
Endpoints.

For information about using AWS IoT in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Data Plane API Endpoints


The following table contains AWS Region-specific endpoints that AWS IoT Core supports for shadow
and MQTT data operations. For more information, see AWS IoT data plane operations in the AWS IoT API
Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 data.iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 data.iot.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
248
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 data.iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 data.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 data.iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- data.iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- data.iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- data.iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- data.iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- data.iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- data.iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 data.iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- data.iot.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- data.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 data.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 data.iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 data.iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 data.iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
249
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Middle me- data.iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 data.iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- data.iot.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- data.iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Jobs Data Plane API Endpoints


The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data
operations. For more information, see AWS IoT jobs data plane operations in the AWS IoT API Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 data.jobs.iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 data.jobs.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 data.jobs.iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 data.jobs.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 data.jobs.iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- data.jobs.iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- data.jobs.iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- data.jobs.iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
250
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- data.jobs.iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- data.jobs.iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- data.jobs.iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 data.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- data.jobs.iot.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- data.jobs.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 data.jobs.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 data.jobs.iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 data.jobs.iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 data.jobs.iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- data.jobs.iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 data.jobs.iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- data.jobs.iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US)

Secure Tunneling API Endpoints


The following table contains AWS Region-specific endpoints that AWS IoT Core supports for secure
tunneling operations. For more information, see AWS IoT secure tunneling operations in the AWS IoT API
Reference.

Version 1.0
251
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 api.tunneling.iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 api.tunneling.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 api.tunneling.iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 api.tunneling.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- api.tunneling.iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- api.tunneling.iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- api.tunneling.iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- api.tunneling.iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- api.tunneling.iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- api.tunneling.iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 api.tunneling.iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- api.tunneling.iot.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- api.tunneling.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 api.tunneling.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 api.tunneling.iot.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
252
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 api.tunneling.iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- api.tunneling.iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- api.tunneling.iot.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- api.tunneling.iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas
Contents

AWS IoT Core Bulk Thing Registration (p. 254)

AWS IoT Core Rules Engine (p. 254)

AWS IoT Core Throttling (p. 255)

AWS IoT Core for LoRaWAN limits (p. 260)

Billing Group Restrictions (p. 262)

Device Shadows (p. 262)

AWS IoT Core Fleet Provisioning (p. 264)

AWS IoT Core Message Broker (p. 264)

Protocols (p. 268)

Security and Identity (p. 269)

Streaming service (p. 270)

Things (p. 271)

Thing Groups (p. 272)

Version 1.0
253
AWS General Reference Reference guide
Service Quotas

AWS IoT Core Bulk Thing Registration

Resource Default Note

Allowed registration tasks 1 For any given AWS account, only


one bulk registration task can
run at a time.

Data retention policy 30 days After the bulk registration task


(which can be long lived) is
complete, data related to bulk
thing registration is permanently
deleted after 30 days.

Maximum line length 256K Each line in an Amazon S3 input


JSON file can't exceed 256K in
length.

Registration task termination 30 days Any pending or incomplete bulk


registration tasks are terminated
after 30 days.

AWS IoT Core Rules Engine

Resource Description Quota Adjustable

Rule evaluations The maximum number 20,000 Yes


per second per AWS rules that can be
account evaluated per second
per AWS account. This
quota includes rule
evaluations that result
from inbound Basic
Ingest messages.

Maximum number of The maximum number 10 No


actions per rule of entries in the rule's
actions property.

Maximum number of The maximum number 1,000 Yes


rules per AWS account rule actions that can be
defined in a single AWS
account.

Rule size The maximum number 256 KB No


of UTF-8 encoded
characters, including
white space characters)
that a rule document
can contain.

Version 1.0
254
AWS General Reference Reference guide
Service Quotas

AWS IoT Core Rules Engine HTTP Actions

Resource Quota Adjustable

Maximum length of an endpoint 2 KiB No


URL

Maximum number of headers 100 No


per action

Maximum size of a header key 256 bytes No

Maximum topic rule destinations 1,000 No


per AWS account

Ports allowed for HTTP action 443 and 8443 No

Request timeout 3,000 ms No

AWS IoT Core Rules Engine Apache Kafka Actions

Resource Limits

Bootstrap server ports 9000-9100

Kerberos key distribution center (KDC) 88

AWS IoT Core Rules Engine VPC Actions

Resource Quota

Maximum number of VPC destinations 5 per account per region

AWS IoT Core Throttling


This table describes the maximum number of transactions per second (TPS) that can be made to each
AWS IoT API.

API Quota (tps) Adjustable

AcceptCertificateTransfer 10 Yes

AddThingToBillingGroup 60 Yes

AddThingToThingGroup 60 Yes

AssociateTargetsWithJob 10  

AttachPolicy 15 Yes

AttachPrincipalPolicy 15 Yes

AttachThingPrincipal 15  

Version 1.0
255
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

CancelCertificateTransfer 10 Yes

CancelJob 10  

CancelJobExecution 10  

ClearDefaultAuthorizer 10 Yes

CreateAuthorizer 10 Yes

CreateBillingGroup 25 Yes

CreateCertificateFromCsr 15 Yes

CreateDomainConfiguration 10 Yes

CreateDynamicThingGroup 5 Yes

CreateJob 10  

CreateKeysAndCertificate 10 Yes

CreatePolicy 10 Yes

CreatePolicyVersion 10 Yes

CreateProvisioningClaim 10 Yes

CreateProvisioningTemplate 10 Yes

10
CreateProvisioningTemplateVersion Yes

CreateRoleAlias 10 Yes

CreateThing 15 Yes

CreateThingGroup 25 Yes

CreateThingType 15 Yes

CreateTopicRule 5 No

CreateTopicRuleDestination 5 No

DeleteAuthorizer 10 Yes

DeleteBillingGroup 15 Yes

DeleteCertificate 10 Yes

DeleteDomainConfiguration 10 Yes

DeleteCACertificate 10 Yes

DeleteDynamicThingGroup 5 Yes

DeleteJob 10  

DeleteJobExecution 10  

DeletePolicy 10 Yes

Version 1.0
256
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

DeletePolicyVersion 10 Yes

DeleteProvisioningTemplate 10 Yes

10
DeleteProvisioningTemplateVersion Yes

DeleteRegistrationCode 10 Yes

DeleteRoleAlias 10 Yes

DeleteThing 15 Yes

DeleteThingGroup 15 Yes

DeleteThingType 15 Yes

DeprecateThingType 15 Yes

DeleteTopicRule 20 No

DeleteTopicRuleDestination 5 No

DeleteV2LoggingLevel 2 No

DescribeAuthorizer 10 Yes

DescribeBillingGroup 100 Yes

DescribeCertificate 10 Yes

DescribeCertificateTag 10 Yes

DescribeCACertificate 10 Yes

DescribeDomainConfiguration10 Yes

DescribeEndpoint 10 Yes

DescribeDefaultAuthorizer 10 Yes

DescribeJob 10  

DescribeJobExecution 10  

10
DescribeProvisioningTemplate Yes

10
DescribeProvisioningTemplateVersion Yes

DescribeRoleAlias 10 Yes

DescribeThing 350 Yes

DescribeThingGroup 100 Yes

DescribeThingType 10 Yes

DetachThingPrincipal 15 Yes

DisableTopicRule 5 No

EnableTopicRule 5 No

Version 1.0
257
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

DetachPrincipalPolicy 15 Yes

DetachPolicy 15 Yes

GetEffectivePolicies 50 Yes

GetJobDocument 10  

GetLoggingOptions 2 No

GetPolicy 10 Yes

GetPolicyVersion 15 Yes

GetRegistrationCode 10 Yes

GetTopicRule 200 No

GetTopicRuleDestination 50 No

GetV2LoggingOptions 2 No

ListAttachedPolicies 15 Yes

ListAuthorizers 10 Yes

ListBillingGroups 10 Yes

ListCACertificates 10 Yes

ListCertificates 10 Yes

ListDomainConfigurations 10 Yes

ListCertificatesByCA 10 Yes

ListJobExecutionsForJob 10  

ListJobExecutionsForThing 10  

ListJobs 10  

ListOutgoingCertificates 10 Yes

ListPolicies 10 Yes

ListPolicyPrincipals 10 Yes

ListPolicyVersions 10 Yes

ListPrincipalPolicies 15 Yes

ListPrincipalThings 10 Yes

ListProvisioningTemplates 10 Yes

10
ListProvisioningTemplateVersions Yes

ListRoleAliases 10 Yes

ListTagsForResource 10 Yes

Version 1.0
258
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

ListTargetsForPolicy 10 Yes

ListThingGroups 10 Yes

ListThingGroupsForThing 10 Yes

ListThingPrincipals 10 Yes

ListThings 10 Yes

ListThingsInBillingGroup 25 Yes

ListThingsInThingGroup 25 Yes

ListThingTypes 10 Yes

ListTopicRuleDestinations 1 No

ListTopicRules 1 No

ListV2LoggingLevels 2 No

RegisterCertificate 10 Yes

10
RegisterCertificateWithoutCA Yes

RegisterCACertificate 10 Yes

RegisterThing 10 Yes

RejectCertificateTransfer 10 Yes

RemoveThingFromBillingGroup15 Yes

RemoveThingFromThingGroup 15 Yes

ReplaceTopicRule 5 No

SetDefaultAuthorizer 10 Yes

SetDefaultPolicyVersion 10 Yes

SetLoggingOptions 2 No

SetV2LoggingLevel 2 No

SetV2LoggingOptions 2 No

TagResource 10 Yes

TestAuthorization 10 Yes

TestInvokeAuthorizer 10 Yes

TransferCertificate 10 Yes

UntagResource 10 Yes

UpdateAuthorizer 10 Yes

UpdateBillingGroup 15 Yes

Version 1.0
259
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

UpdateCertificate 10 Yes

UpdateCertificateMode 10 Yes

UpdateCertificateTag 10 Yes

UpdateDomainConfiguration 10 Yes

UpdateCACertificate 10 Yes

UpdateDynamicThingGroup 5 Yes

UpdateJob 10  

UpdateProvisioningTemplate 10 Yes

UpdateRoleAlias 10 Yes

UpdateThing 10 Yes

UpdateThingGroup 15 Yes

UpdateTopicRuleDestination 5 No

AWS IoT Core for LoRaWAN limits


AWS IoT Core for LoRaWAN device data limits

Description Quota (messages/second) Adjustable

Uplink messages (Messages from 50 Yes


devices received by AWS IoT
Core for LoRaWAN)

Downlink messages (Messages 10 Yes


from AWS IoT Core for LoRaWAN
received by devices)

This table describes the maximum number of transactions per second (TPS) that can be made to each
acton in the AWS IoT Wireless API.

AWS IoT Core for LoRaWAN and Amazon Sidewalk Integration API throttling

API Quota (tps) Adjustable

10
AssociateAwsAccountWithPartnerAccount Yes

10
AssociateWirelessDeviceWithThing Yes

10
AssociateWirelessGatewayWithCertificate No

10
AssociateWirelessGatewayWithThing Yes

CreateDestination 10 Yes

CreateDeviceProfile 10 Yes

Version 1.0
260
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

CreateServiceProfile 10 Yes

CreateWirelessDevice 10 Yes

CreateWirelessGateway 10 Yes

CreateWirelessGatewayTask 10 No

10
CreateWirelessGatewayTaskDefinition No

DeleteDestination 10 Yes

DeleteDeviceProfile 10 Yes

DeleteServiceProfile 10 Yes

DeleteWirelessDevice 10 Yes

DeleteWirelessGateway 10 Yes

DeleteWirelessGatewayTask 10 No

10
DeleteWirelessGatewayTaskDefinition No

10
DisassociateAwsAccountFromPartnerAccountt Yes

10
DisassociateWirelessDeviceFromThing Yes

10
DisassociateWirelessGatewayFromCertificate No

10
DisassociateWirelessGatewayFromThing Yes

GetDestination 10 Yes

GetDeviceProfile 10 Yes

GetPartnerAccount 10 Yes

GetServiceEndpoint 10 No

GetServiceProfile 10 Yes

GetWirelessDevice 10 Yes

GetWirelessDeviceStatistics10 No

GetWirelessGateway 10 Yes

10
GetWirelessGatewayCertificate No

10
GetWirelessGatewayFirmwareInformation No

10
GetWirelessGatewayStatistics No

GetWirelessGatewayTask 10 No

10
GetWirelessGatewayTaskDefinition No

ListDestinations 10 Yes

ListDeviceProfiles 10 Yes

Version 1.0
261
AWS General Reference Reference guide
Service Quotas

API Quota (tps) Adjustable

ListPartnerAccounts 10 Yes

ListServiceProfiles 10 Yes

ListTagsForResource 10 Yes

ListWirelessDevices 10 Yes

10
ListWirelessGatewayTaskDefinitions No

ListWirelessGateways 10 Yes

SendDataToWirelessDevice 10 Yes

TagResource 10 Yes

TestWirelessDevice 10 Yes

UntagResource 10 Yes

UpdateDestination 10 Yes

UpdatePartnerAccount 10 Yes

UpdateWirelessDevice 10 Yes

UpdateWirelessGateway 10 Yes

Billing Group Restrictions


• A thing can belong to exactly one billing group.
• Unlike thing groups, billing groups cannot be organized into hierarchies.
• For its usage to be registered for tagging or billing purposes, a device must:
• Be registered as a thing in AWS IoT Core.
• Communicate with AWS IoT Core using MQTT only.
• Authenticate with AWS IoT Core using only its thing name as the client ID.
• Use an X.509 certificate or Amazon Cognito Identity to authenticate.

For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning.
You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a
thing.
• The maximum number of billing groups per AWS account is 20,000.

Device Shadows
The Device Shadow Service API is subject to these per-account limits, depending on the region.

Device Shadow Service API limits

Region Limit Adjustable

• ap-northeast-1 4,000 Device Shadow API Yes


• ap-northeast-2 requests/second per account
• ap-south-1

Version 1.0
262
AWS General Reference Reference guide
Service Quotas

Region Limit Adjustable


• ap-southeast-1
• ap-southeast-2
• cn-north-1
• eu-central-1
• eu-west-1
• eu-west-2
• us-east-1
• us-east-2
• us-west-1
• us-west-2

All other regions 400 Device Shadow API Yes


requests/second per account

Device Shadow Service resources are subject to these limits.

Device Shadow Service resource limits

Resource Description Adjustable

Maximum depth of JSON device The maximum number of levels  


state documents in the desired or reported
section of the JSON device state
document is 5. For example:

"desired": {
"one": {
"two": {
"three": {
"four": {
"five":{
}
}
}
}
}
}

Maximum number of in-flight, The Device Shadow service  


unacknowledged messages per supports up to 10 in-flight
thing unacknowledged messages per
thing on a single connection.
When this quota is reached,
all new shadow requests are
rejected with a 429 error code
until the number of in-flight
requests drop below the limit.

Maximum number of JSON Unlimited.  


objects per AWS account

Maximum number of shadows in Unlimited.  


an AWS account

Version 1.0
263
AWS General Reference Reference guide
Service Quotas

Resource Description Adjustable

Maximum size of a JSON state Each individual shadow Yes


document document must be 8KB or
less in size. Metadata doesn't
contribute to the document size
for service quotas or pricing.

Maximum thing name size 128 bytes of UTF-8 encoded  


characters.

Maximum shadow name size 64 bytes of UTF-8 encoded  


characters.

Requests per second per thing The Device Shadow service No


supports up to 20 requests per
second per thing. This quota is
per thing, not per API.

Note
AWS IoT Core deletes a device shadow after the creating account is deleted or upon customer
request. For operational purposes, AWS IoT service backups are retained for 6 months.

AWS IoT Core Fleet Provisioning

Resource Quota

Maximum number of fleet provisioning template 5


versions per template

Maximum number of fleet provisioning templates 256


per customer

Maximum size of fleet provisioning template 10 KiB

Maximum number of provisioning claims that can 10 tps


be generated per second by trusted user

AWS IoT Core Message Broker

Resource Description Default Adjustable

Connect requests per AWS IoT Core restricts 500 Yes


second per account an account to a
maximum number
of MQTT CONNECT
requests per second.

Connect requests per AWS IoT Core restricts 1 No


second per client ID MQTT CONNECT
requests from the
same accountId and
clientId to 1 MQTT

Version 1.0
264
AWS General Reference Reference guide
Service Quotas

Resource Description Default Adjustable


CONNECT operation per
second.

Inbound publish Inbound publish 20,000 Yes


requests per second per requests count for
account all the messages
that AWS IoT Core
processes before
routing the messages
to the subscribed
clients or the rules
engine. For example,
a single message
published on $aws/
things/device/
shadow/update
topic can result in
publishing 3 additional
messages to $aws/
things/device/
shadow/update/
accepted, $aws/
things/device/
shadow/update/
documents, and $aws/
things/device/
shadow/delta topics.
In this case, AWS IoT
Core counts those as
4 inbound publish
requests. However, a
single message to an
unreserved topic like
a/b is counted as a
single inbound publish
request.

Maximum concurrent The maximum 500,000 Yes


client connections per number of concurrent
account connections allowed
per account.

Maximum inbound AWS IoT Core restricts 100 No


unacknowledged QoS 1 the number of
publish requests unacknowledged
inbound publish
requests per client.
When this quota
is reached, no new
publish requests are
accepted from this
client until a PUBACK
message is returned by
the server.

Version 1.0
265
AWS General Reference Reference guide
Service Quotas

Resource Description Default Adjustable

Maximum outbound AWS IoT Core restricts 100 No


unacknowledged QoS 1 the number of
publish requests unacknowledged
outbound publish
requests per client.
When this quota
is reached, no new
publish requests are
sent to the client until
the client acknowledges
the publish requests.

Maximum retry interval AWS IoT Core 1 hour No


for delivering QoS 1 retries delivery of
messages unacknowledged
quality of service
1 (QoS 1) publish
requests to a client
for up to one hour. If
AWS IoT Core does
not receive a PUBACK
message from the client
after one hour, it drops
the publish requests.

Outbound publish Outbound publish 20,000 Yes


requests per second per requests count for
account every message that
resulted in matching
a client's subscription
or matching a rules
engine subscription.
For example, 2 clients
are subscribed to topic
filter a/b and a rule
is subscribed to topic
filter a/#. An inbound
publish request on topic
a/b results in a total
of 3 outbound publish
requests.

Version 1.0
266
AWS General Reference Reference guide
Service Quotas

Resource Description Default Adjustable

Persistent session The duration for 1 hour Yes


expiry period which the message
broker stores an MQTT
persistent session. The
expiry period begins
when the message
broker detects the
session has become
disconnected. After
the expiry period has
elapsed, the message
broker terminates the
session and discards
any associated queued
messages. You can
adjust this to a value
from 1 hour to 7 days
by using the standard
limit increase process.

Persistent session AWS IoT Core restricts 500 Yes


message requests per an account to a
second per account maximum number of
persisted message per
second per account.
This limit applies when
AWS IoT Core stores
the messages send
to offline persistent
sessions.

Publish requests per AWS IoT Core restricts 100 No


second per connection each client connection
to a maximum number
of inbound and
outbound publish
requests per second.
This limit includes
messages sent to offline
persistent session.
Publish requests that
exceed that quota are
discarded.

Subscriptions per AWS IoT Core restricts 500,000 Yes


account an account to a
maximum number of
subscriptions across all
active connections.

Version 1.0
267
AWS General Reference Reference guide
Service Quotas

Resource Description Default Adjustable

Subscriptions per AWS IoT Core supports 50 No


connection 50 subscriptions per
connection. AWS IoT
Core might reject
subscription requests
on the same connection
in excess of this amount
and the connection is
closed. Clients should
validate the SUBACK
message to ensure
that their subscription
requests have been
successfully processed.

Subscriptions per AWS IoT Core restricts 500 Yes


second per account an account to a
maximum number
of subscriptions
per second. For
example, if there are
2 MQTT SUBSCRIBE
requests sent within
a second, each with
3 subscriptions (topic
filters), AWS IoT Core
counts those as 6
subscriptions.

Throughput per second Data received or sent 512 KiB No


per connection over a client connection
is processed at a
maximum throughput
rate. Data that
exceeds the maximum
throughput is delayed
in processing.

Protocols

Resource Description

Client ID size 128 bytes of UTF-8 encoded characters.

Connection inactivity (keep-alive interval) For MQTT (or MQTT over WebSocket) connections,
a client can request a keep-alive interval between
30—1200 seconds as part of the MQTT CONNECT
message. AWS IoT Core starts the keep-alive
timer for a client when sending CONNACK in
response to the CONNECT message. This timer
is reset whenever AWS IoT receives a PUBLISH,
SUBSCRIBE, PING, or PUBACK message from the
client. AWS IoT Core disconnects a client whose

Version 1.0
268
AWS General Reference Reference guide
Service Quotas

Resource Description
keep-alive timer has reached 1.5x the specified
keep-alive interval (i.e., by a factor of 1.5).

The default keep-alive interval is 1200 seconds.


If a client requests a keep-alive interval of zero,
the default keep-alive interval is used. If a client
requests a keep-alive interval greater than 1200
seconds, the default keep-alive interval is used.
If a client requests a keep-alive interval shorter
than 30 seconds but greater than zero, the server
treats the client as though it requested a keep-
alive interval of 30 seconds.

Maximum number of slashes in topic and topic A topic in a publish or subscribe request can have
filter no more than 7 forward slashes (/). This excludes
the first 3 slashes in the mandatory segments for
Basic Ingest topics ($AWS/rules/rule-name/).

Maximum subscriptions per subscribe request A single SUBSCRIBE request has a quota of 8
subscriptions.

Message size The payload for every publish request can be no


larger than 128 KB. AWS IoT Core rejects publish
and connect requests larger than this size.

Restricted client ID prefix $ is reserved for AWS IoT Core-generated client


IDs.

Restricted topic prefix Topics that start with $ are reserved by AWS IoT
Core. They are not supported for publishing and
subscribing except for using the specific topic
names defined by AWS IoT Core services (for
example, the Device Shadow service).

Topic size The topic passed to AWS IoT Core when sending
a publish request can be no larger than 256 bytes
of UTF-8 encoded characters. This excludes the
first 3 mandatory segments for Basic Ingest topics
($AWS/rules/rule-name/).

WebSocket connection duration The WebSocket connection quota is 24 hours. If


the quota is exceeded, the WebSocket connection
is closed when the client or server attempts to
send a message.

Security and Identity

Resource Default Adjustable

Maximum number of AWS IoT 100 No


Core role aliases

Maximum number of CA 10  
certificates with the same

Version 1.0
269
AWS General Reference Reference guide
Service Quotas

Resource Default Adjustable


subject field allowed per AWS
account per Region

Maximum number of device 15 Yes


certificates that can be
registered per second

Maximum number of named 5  


policy versions

Maximum number of policies 10  


that can be attached to a
certificate or Amazon Cognito
identity

Maximum policy document size 2048 characters (excluding No


white space)

Custom authentication: 10 No
maximum number of authorizers
per account

Custom authentication: 300 No


minimum connection
duration (value of
DisconnectAfterInSecs)

Custom authentication: 86,400 No


maximum connection
duration (value of
DisconnectAfterInSecs)

Custom authentication: 300 No


minimum policy
refresh rate (value of
RefreshAfterInSecs)

Custom authentication: 86,400 No


maximum policy
refresh rate (value of
RefreshAfterInSecs)

Streaming service
Streaming Service Resource Quotas

Resource Default Adjustable

Streams per account 10000* Yes

Files per stream 10 No

File size 24 MB No

Maximum data block size 128 KB No

Minimum data block size 256 bytes No

Version 1.0
270
AWS General Reference Reference guide
Service Quotas

Resource Default Adjustable

Maximum block offset specified 98,304 No


in a stream file request

Maximum blocks that can 98,304 No


be requested per stream file
request

Maximum block bitmap size 12,288 bytes No

* For additional information, see Using the AWS IoT Streaming service in devices in the AWS IoT
Developer Guide.

Streaming Service Throttling

API Transactions Per Second

CreateStream 15 TPS

DeleteStream 15 TPS

DescribeStream 15 TPS

ListStreams 15 TPS

UpdateStream 15 TPS

Things

Resource Default Adjustable

Maximum number of thing 50 Yes


attributes for a thing with a
thing type

Maximum number of thing 3 No


attributes for a thing without a
thing type

Maximum number of groups to 10 No


which a thing can belong

Maximum number of thing types Unlimited.  


in an AWS account

Number of thing types that can 1  


be associated with a thing

Maximum thing name size 128 bytes of UTF-8 encoded  


characters.

Size of thing attributes per thing 47 KB Yes

Version 1.0
271
AWS General Reference Reference guide
AWS IoT Device Defender

Thing Groups

Resource Default Adjustable

Maximum number of thing 10 No


groups a thing can belong to

Maximum number of things in a Unlimited No


thing group

Maximum depth of a thing 7 No


group hierarchy

Maximum number of attributes 50 No


associated with a thing group

Maximum number of direct child 100 No


groups

Maximum number of dynamic 100 No


groups

Maximum thing group name size 128 bytes of UTF-8 encoded No


characters.

Maximum size of a thing group 128 No


attribute name, in chars.

Maximum size of a thing group 800 No


attribute value, in chars.

AWS IoT Device Defender endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

Version 1.0
272
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- iot.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
273
AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol


Name

AWS us-gov- iot.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service quotas
Audits

Resource Quota Adjustable

Number of scheduled audits 5 maximum No

Number of simultaneous in 10 maximum No


progress on-demand audits

Time that audit findings are 90 days maximum No


stored after being reported

The following service quotas apply to mitigation actions and audit mitigation action tasks:

Audit mitigation actions

Resource Quota

Number of audit mitigation action tasks running 10 tasks maximum


at the same time

Number of mitigation actions in an AWS account 100 actions maximum

Retention period for audit mitigation action tasks 90 days

Detect

Resource Quota Description Adjustable

Behaviors per security 100 maximum   No


profile

Custom metrics per 100 maximum   Yes


account

Dimensions per account 10 maximum   Yes

Device Defender Detect 30 days maximum Violations are stored for No


violations 30 days after they have
been generated.

Version 1.0
274
AWS General Reference Reference guide
AWS IoT Device Management

Resource Quota Description Adjustable

Device metric reporting Throttled to 1 value per A device can report a Yes
metric per device per 5 value for every metric
minutes for every device at most
once every 5 minutes.

Number of device-side 3500 per second   Yes


metric reports that can maximum
be sent from all devices
in an account

Number of value 1000 maximum   No


elements (counts, IP
addresses, ports) per
Security Profile

Security Profiles per 5 maximum   No


target (thing group or
user account)

ML Detect

Resource Quota Adjustable

Number of Detect mitigation 5 maximum Yes


action tasks that can be running
at the same time

Retention period for Detect 90 days maximum Yes


mitigation action tasks

Retention period for models 30 days maximum No


(time after which models are
expired)

AWS IoT Device Management endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 iot.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 iot.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
275
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

US West (N. us-west-1 iot.us-west-1.amazonaws.com HTTPS


California)

US West us-west-2 iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap-east-1 iot.ap-east-1.amazonaws.com HTTPS


(Hong Kong)

Asia Pacific ap-south-1 iot.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap-northeast-2 iot.ap-northeast-2.amazonaws.com HTTPS


(Seoul)

Asia Pacific ap-southeast-1 iot.ap-southeast-1.amazonaws.com HTTPS


(Singapore)

Asia Pacific ap-southeast-2 iot.ap-southeast-2.amazonaws.com HTTPS


(Sydney)

Asia Pacific ap-northeast-1 iot.ap-northeast-1.amazonaws.com HTTPS


(Tokyo)

Canada ca-central-1 iot.ca-central-1.amazonaws.com HTTPS


(Central)

China (Beijing) cn-north-1 iot.cn-north-1.amazonaws.com.cn HTTPS

China (Ningxia) cn- iot.cn-northwest-1.amazonaws.com.cn HTTPS


northwest-1

Europe eu-central-1 iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe (Paris) eu-west-3 iot.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle East me-south-1 iot.me-south-1.amazonaws.com HTTPS


(Bahrain)

South America sa-east-1 iot.sa-east-1.amazonaws.com HTTPS


(São Paulo)

AWS GovCloud us-gov-east-1 iot.us-gov-east-1.amazonaws.com HTTPS, MQTT


(US-East)

AWS GovCloud us-gov-west-1 iot.us-gov-west-1.amazonaws.com HTTPS


(US-West)

Version 1.0
276
AWS General Reference Reference guide
Service Endpoints

For information about using AWS IoT in the AWS GovCloud (US) Regions, see AWS GovCloud (US)
Endpoints.

For information about using AWS IoT in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

AWS IoT Device Management supports additional endpoints for working with jobs. These endpoints
add an account specific prefix to the endpoints already listed and can be used with both the MQTT and
HTTPS protocols. To look up your account-specific prefix, use the describe-endpoint command:

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefix.iot.us-east-2.amazonaws.com MQTT

US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com MQTT


Virginia)

US West (N. us-west-1 prefix.iot.us-west-1.amazonaws.com MQTT


California)

US West us-west-2 prefix.iot.us-west-2.amazonaws.com MQTT


(Oregon)

Asia Pacific ap-east-1 prefix.iot.ap-east-1.amazonaws.com MQTT


(Hong Kong)

Asia Pacific ap-south-1 prefix.iot.ap-south-1.amazonaws.com MQTT


(Mumbai)

Asia Pacific ap-northeast-2 prefix.iot.ap-northeast-2.amazonaws.com MQTT


(Seoul)

Asia Pacific ap-southeast-1 prefix.iot.ap-southeast-1.amazonaws.com MQTT


(Singapore)

Asia Pacific ap-southeast-2 prefix.iot.ap-southeast-2.amazonaws.com MQTT


(Sydney)

Asia Pacific ap-northeast-1 prefix.iot.ap-northeast-1.amazonaws.com MQTT


(Tokyo)

Canada ca-central-1 prefix.iot.ca-central-1.amazonaws.com MQTT


(Central)

China (Beijing) cn-north-1 prefix.iot.cn-north-1.amazonaws.com.cn MQTT

China (Ningxia) cn- prefix.iot.cn-northwest-1.amazonaws.com.cn MQTT


northwest-1

Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com MQTT


(Frankfurt)

Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com MQTT


(Ireland)

Europe eu-west-2 prefix.iot.eu-west-2.amazonaws.com MQTT


(London)

Version 1.0
277
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Europe (Paris) eu-west-3 prefix.iot.eu-west-3.amazonaws.com MQTT

Europe eu-north-1 prefix.iot.eu-north-1.amazonaws.com MQTT


(Stockholm)

Middle East me-south-1 prefix.iot.me-south-1.amazonaws.com MQTT


(Bahrain)

South America sa-east-1 prefix.iot.sa-east-1.amazonaws.com MQTT


(São Paulo)

AWS GovCloud us-gov-east-1 prefix.iot.us-gov-east-1.amazonaws.com MQTT


(US-East)

AWS GovCloud us-gov-west-1 prefix.iot.us-gov-west-1.amazonaws.com MQTT


(US-West)

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefix.jobs.iot.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 prefix.jobs.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US West (N. us-west-1 prefix.jobs.iot.us-west-1.amazonaws.com HTTPS


California)

US West us-west-2 prefix.jobs.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap-east-1 prefix.jobs.iot.ap-east-1.amazonaws.com HTTPS


(Hong Kong)

Asia Pacific ap-south-1 prefix.jobs.iot.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap-northeast-2 prefix.jobs.iot.ap-northeast-2.amazonaws.com HTTPS


(Seoul)

Asia Pacific ap-southeast-1 prefix.jobs.iot.ap-southeast-1.amazonaws.com HTTPS


(Singapore)

Asia Pacific ap-southeast-2 prefix.jobs.iot.ap-southeast-2.amazonaws.com HTTPS


(Sydney)

Asia Pacific ap-northeast-1 prefix.jobs.iot.ap-northeast-1.amazonaws.com HTTPS


(Tokyo)

Canada ca-central-1 prefix.jobs.iot.ca-central-1.amazonaws.com HTTPS


(Central)

China (Beijing) cn-north-1 prefix.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS

China (Ningxia) cn- prefix.jobs.iot.cn-northwest-1.amazonaws.com.cn HTTPS


northwest-1

Version 1.0
278
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Europe eu-central-1 prefix.jobs.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 prefix.jobs.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 prefix.jobs.iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe (Paris) eu-west-3 prefix.jobs.iot.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 prefix.jobs.iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle East me-south-1 prefix.jobs.iot.me-south-1.amazonaws.com HTTPS


(Bahrain)

South America sa-east-1 prefix.jobs.iot.sa-east-1.amazonaws.com HTTPS


(São Paulo)

AWS GovCloud us-gov-east-1 prefix.jobs.iot.us-gov-east-1.amazonaws.com HTTPS


(US-East)

AWS GovCloud us-gov-west-1 prefix.jobs.iot.us-gov-west-1.amazonaws.com HTTPS


(US-West)

AWS IoT supports additional endpoints for secure tunneling.

Secure Tunneling Management APIs Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 api.tunneling.iot.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 api.tunneling.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 api.tunneling.iot.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 api.tunneling.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- api.tunneling.iot.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
279
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- api.tunneling.iot.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- api.tunneling.iot.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- api.tunneling.iot.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- api.tunneling.iot.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- api.tunneling.iot.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 api.tunneling.iot.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- api.tunneling.iot.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- api.tunneling.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 api.tunneling.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 api.tunneling.iot.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 api.tunneling.iot.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- api.tunneling.iot.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- api.tunneling.iot.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- api.tunneling.iot.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
280
AWS General Reference Reference guide
Service Endpoints

Secure Tunneling Device Connection Endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 wss://data.tunneling.iot.us- HTTPS


east-2.amazonaws.com

US East (N. us-east-1 wss://data.tunneling.iot.us- HTTPS


Virginia) east-1.amazonaws.com

US West (N. us-west-1 wss://data.tunneling.iot.us- HTTPS


California) west-1.amazonaws.com

US West us-west-2 wss://data.tunneling.iot.us- HTTPS


(Oregon) west-2.amazonaws.com

Asia Pacific ap-south-1 wss://data.tunneling.iot.ap- HTTPS


(Mumbai) south-1.amazonaws.com

Asia Pacific ap-northeast-2 wss://data.tunneling.iot.ap- HTTPS


(Seoul) northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 wss://data.tunneling.iot.ap- HTTPS


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 wss://data.tunneling.iot.ap- HTTPS


(Sydney) southeast-2.amazonaws.com

Asia Pacific ap-northeast-1 wss://data.tunneling.iot.ap- HTTPS


(Tokyo) northeast-1.amazonaws.com

Asia Pacific ap-east-1 wss://data.tunneling.iot.ap- HTTPS


(Hong Kong) east-1.amazonaws.com

Canada ca-central-1 wss://data.tunneling.iot.ca- HTTPS


(Central) central-1.amazonaws.com

China (Beijing) cn-north-1 wss://data.tunneling.iot.cn- HTTPS


north-1.amazonaws.com.cn

China (Ningxia) cn- wss://data.tunneling.iot.cn- HTTPS


northwest-1 northwest-1.amazonaws.com.cn

Europe eu-central-1 wss://data.tunneling.iot.eu- HTTPS


(Frankfurt) central-1.amazonaws.com

Europe eu-west-1 wss://data.tunneling.iot.eu- HTTPS


(Ireland) west-1.amazonaws.com

Europe eu-west-2 wss://data.tunneling.iot.eu- HTTPS


(London) west-2.amazonaws.com

Europe (Paris) eu-west-3 wss://data.tunneling.iot.eu- HTTPS


west-3.amazonaws.com

Europe eu-north-1 wss://data.tunneling.iot.eu- HTTPS


(Stockholm) north-1.amazonaws.com

South America sa-east-1 wss://data.tunneling.iot.sa- HTTPS


(São Paulo) east-1.amazonaws.com

Version 1.0
281
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Middle East me-south-1 wss://data.tunneling.iot.me- HTTPS


(Bahrain) south-1.amazonaws.com

AWS GovCloud us-gov-east-1 wss://data.tunneling.iot.us-gov- HTTPS


(US-East) east-1.amazonaws.com

AWS GovCloud us-gov-west-1 wss://data.tunneling.iot.us-gov- HTTPS


(US-West) west-1.amazonaws.com

Service Quotas
Contents

AWS IoT Fleet Indexing (p. 282)

AWS IoT Jobs (p. 283)

AWS IoT Secure Tunneling (p. 285)

AWS IoT Fleet Indexing

Resource Default Notes

Maximum length of a custom 1024  


field name

Maximum number of custom 5  


fields

Maximum number of dynamic 100  


groups in the fleet index

Maximum number of queries per 15  


second

Maximum number of query 500  


results

Maximum number of query 5  


terms per query

Maximum number of things in Unlimited  


the fleet index

Maximum number of * wildcard 2  


operators per query term

Maximum number of ? wildcard 5  


operators per query term

Maximum query length 1000 UTF-8 encoded characters.

Version 1.0
282
AWS General Reference Reference guide
Service Quotas

AWS IoT Fleet Indexing Throttling

API Max Calls Per Second

DescribeIndex 10

GetCardinality 15

GetIndexingConfiguration 20

GetPercentiles 15

GetStatistics 15

ListIndices 5

SearchIndex 15

UpdateIndexingConfiguration 1

AWS IoT Jobs

Resource Minimum Maximum Notes

Active snapshot and 0 1000 The maximum number


continuous jobs of active jobs is 1000
(both snapshot and
continuous jobs
contribute to the limit).

Data retention N/A 730 days Job data and job


execution data for
inactive jobs (jobs that
aren't IN_PROGRESS) is
purged after 730 days.

Job document variable 0 10 Jobs allows variable


substitution substitution for up to
10 pre-signed URLs
in the Job Doc. Only
pre-signed URLs are
supported as variables.

Comment N/A 2028 characters  

Description N/A 2028 characters  

Document N/A 32768 bytes The maximum size of


a document that can
be sent to an AWS IoT
device is 32 KB.

DocumentSource N/A 1350 characters

ExpiresInSec 60 seconds 3600 seconds The lifetime of pre


signed URLs must be
configured greater than

Version 1.0
283
AWS General Reference Reference guide
Service Quotas

Resource Minimum Maximum Notes


60 seconds and less
than 1 hour.

JobId 1 character 64 characters  

1
MaximumJobExecutionsPerMinute 1000 Configures the roll out
speed for a job.

MaxResults 1 250  

StatusDetail map 1 character 128 characters  


key size

StatusDetail map 1 key:value pair 10 key:value pairs  


key:value pairs

StatusDetail map 1 character 1024 characters  


value size

Targets 1 100  

DescribeJobExecutionN/A 200 TPS per account If invoking one or more


and of these read APIs in

GetPendingJobExectuions the data plane causes
the associated AWS
account to exceed 200
read transactions per
second (TPS) in total,
then the offending
API invocation is
throttled to maintain
the maximum allowed
200 read TPS per AWS
account. Be aware that

in the control plane ,
DescribeJobExecution
has a quota of 10 TPS
per invocation.

1
inProgressTimeoutInMinutes 10080 Values are in minutes (1
property of minute to 7 days).
TimeoutConfig

N/A
StartNextPendingJobExecution 200 TPS per account If invoking one or more
and of these write APIs in

UpdateJobExecution the data plane causes
the associated AWS
account to exceed 200
write transactions per
second (TPS) in total,
then the offending
API invocation is
throttled to maintain
the maximum allowed
200 write TPS per AWS
account.

Version 1.0
284
AWS General Reference Reference guide
Service Quotas

Resource Minimum Maximum Notes

stepTimeoutInMinutes1 10080 Values are in minutes


value passed with (1 minute to 7 days).
UpdateJobExecution A value of -1 is also
and valid when using the
StartNextPendingJobExecution UpdateJobExecution
API and discards a
previously set timer.


For definitions of data plane and control plane, see What are the ways for accessing AWS IoT Core?

AWS IoT Secure Tunneling

Resource Quota

Maximum bandwidth per tunnel 800 kbps

Maximum services per tunnel 3

Maximum connection rate 10 TPS

Maximum tunnel lifetime 12 hours

Tagging See Tag Restrictions in the Amazon EC2 User


Guide.

API Transactions per second

CloseTunnel 1

DescribeTunnel 10

ListTagsForResource 10

ListTunnels 10

OpenTunnel 1

TagResource 10

UntagResource 10

Fleet Hub for AWS IoT Device Management

Resource Quota

Web applications 10 per region per account

Alarms 100 per region per account

Version 1.0
285
AWS General Reference Reference guide
AWS IoT Events

AWS IoT Events endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Control Plane Endpoints
The following table contains AWS Region-specific endpoints that AWS IoT Events supports for control
plane operations. For more information, see AWS IoT Events operations in the AWS IoT Events API
Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 iotevents.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 iotevents.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 iotevents.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- iotevents.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iotevents.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iotevents.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iotevents.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

China cn-north-1 iotevents.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- iotevents.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 iotevents.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 iotevents.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
286
AWS General Reference Reference guide
Service Quotas

Data Plane Endpoints


The following table contains AWS Region-specific endpoints that AWS IoT Events supports for data
plane operations. For more information, see AWS IoT Events data operations in the AWS IoT Events API
Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 data.iotevents.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 data.iotevents.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 data.iotevents.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- data.iotevents.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- data.iotevents.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- data.iotevents.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- data.iotevents.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

China cn-north-1 data.iotevents.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- data.iotevents.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 data.iotevents.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 data.iotevents.eu-west-2.amazonaws.com HTTPS


(London)

Service Quotas

Resource Description Default Adjustable

Detector models per The maximum number 10 no


input of detector models that
can be associated with
a single input.

Version 1.0
287
AWS General Reference Reference guide
Service Quotas

Resource Description Default Adjustable

Message size The maximum size of a 1 yes


message (in Kilobytes).

Messages per detector The maximum number 10 no


per second of messages that can be
sent to a detector in a
second.

Total messages The maximum number 1000 yes


evaluated per second of messages evaluated
per second for all
detectors in this
account.

Detectors per detector The maximum number 100,000 yes


model of detectors that can be
created by a detector
model.

Detector model The maximum size (in 512 no


definition size Kilobytes) of a detector
model definition.

Detector models The maximum number 50 yes


of detector models for
this account.

Detector model The maximum number 500 yes


versions of versions of a single
detector model for this
account.

Inputs The maximum number 50 yes


of inputs for this
account.

Trigger expressions The maximum number 20 yes


of trigger expressions
per state.

State variables per The maximum number 50 yes


detector model of state variables in
definition a detector model
definition.

Timers scheduled per The maximum number 5 yes


detector of timers that can
be scheduled by a
detector.

API Default Description Adjustable?

BatchPutMessage 1000 transactions per second yes

Version 1.0
288
AWS General Reference Reference guide
AWS IoT Greengrass V1

AWS IoT Greengrass V1 endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass supports for group
management operations.

Region Region Endpoint Protocol


Name

US East us-east-2 greengrass.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 greengrass.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 greengrass.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- greengrass.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- greengrass.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- greengrass.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- greengrass.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- greengrass.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

China cn-north-1 greengrass.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- greengrass.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 greengrass.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
289
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu-west-2 greengrass.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- greengrass.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) greengrass-fips.us-gov-east-1.amazonaws.com HTTPS

greengrass.us-gov-east-1.amazonaws.com HTTPS

greengrass-ats.iot.us-gov-east-1.amazonaws.com MQTT and


HTTPS

AWS us-gov- greengrass.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) greengrass.us-gov-west-1.amazonaws.com HTTPS

greengrass-ats.iot.us-gov-west-1.amazonaws.com MQTT and


HTTPS

For information about using AWS IoT Greengrass V1 in the AWS GovCloud Region, see AWS GovCloud
Endpoints.

For information about using AWS IoT Greengrass V1 in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

AWS IoT Device Operations


The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.

To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefix-ats.iot.us-east-2.amazonaws.com HTTPS, MQTT

US East (N. us-east-1 prefix-ats.iot.us-east-1.amazonaws.com HTTPS, MQTT


Virginia)

US West us-west-2 prefix-ats.iot.us-west-2.amazonaws.com HTTPS, MQTT


(Oregon)

Asia Pacific ap-south-1 prefix-ats.iot.ap-south-1.amazonaws.com HTTPS, MQTT


(Mumbai)

Asia Pacific ap-northeast-2 prefix-ats.iot.ap-northeast-2.amazonaws.com HTTPS, MQTT


(Seoul)

Asia Pacific ap-southeast-1 prefix-ats.iot.ap-southeast-1.amazonaws.com HTTPS, MQTT


(Singapore)

Version 1.0
290
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-southeast-2 prefix-ats.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT


(Sydney)

Asia Pacific ap-northeast-1 prefix-ats.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT


(Tokyo)

China (Beijing) cn-north-1 prefix.ats.iot.cn-north-1.amazonaws.com.cn HTTPS, MQTT

Europe eu-central-1 prefix-ats.iot.eu-central-1.amazonaws.com HTTPS, MQTT


(Frankfurt)

Europe eu-west-1 prefix-ats.iot.eu-west-1.amazonaws.com HTTPS, MQTT


(Ireland)

Europe eu-west-2 prefix-ats.iot.eu-west-2.amazonaws.com HTTPS, MQTT


(London)

AWS GovCloud us-gov-west-1 prefix-ats.iot.us-gov-west-1.amazonaws.com HTTPS, MQTT


(US-West)

AWS GovCloud us-gov-east-1 prefix-ats.iot.us-gov-east-1.amazonaws.com HTTPS, MQTT


(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 292), but we
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.

Discovery Operations
The following table contains AWS Region-specific ATS endpoints for device discovery operations using
the AWS IoT Greengrass Discovery API. This is a data plane API.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 greengrass-ats.iot.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 greengrass-ats.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 greengrass-ats.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap-south-1 greengrass-ats.iot.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap-northeast-2 greengrass-ats.iot.ap- HTTPS


(Seoul) northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 greengrass-ats.iot.ap- HTTPS


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 greengrass-ats.iot.ap- HTTPS


(Sydney) southeast-2.amazonaws.com

Version 1.0
291
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 greengrass-ats.iot.ap- HTTPS


(Tokyo) northeast-1.amazonaws.com

China (Beijing) cn-north-1 greengrass.ats.iot.cn-north-1.amazonaws.com.cn HTTPS

Europe eu-central-1 greengrass-ats.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 greengrass-ats.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 greengrass-ats.iot.eu-west-2.amazonaws.com HTTPS


(London)

AWS GovCloud us-gov-west-1 greengrass-ats.iot.us-gov-west-1.amazonaws.com HTTPS


(US-West)

AWS GovCloud us-gov-east-1 greengrass-ats.iot.us-gov-east-1.amazonaws.com HTTPS


(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 292), but we
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.

Supported Legacy Endpoints


We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.

When using legacy Verisign endpoints, you must use Verisign root CA certificates.

AWS IoT Device Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com HTTPS, MQTT


Virginia)

US West us-west-2 prefix.iot.us-west-2.amazonaws.com HTTPS, MQTT


(Oregon)

Asia Pacific ap- prefix.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT


(Sydney) southeast-2

Asia Pacific ap- prefix.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT


(Tokyo) northeast-1

Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com HTTPS, MQTT


(Frankfurt)

Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com HTTPS, MQTT


(Ireland)

Version 1.0
292
AWS General Reference Reference guide
Service Quotas

To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.
Discovery Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 greengrass.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 greengrass.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap- greengrass.iot.ap-southeast-2.amazonaws.com HTTPS


(Sydney) southeast-2

Asia Pacific ap- greengrass.iot.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Europe eu-central-1 greengrass.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe eu-west-1 greengrass.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas
AWS IoT Greengrass Cloud API

Description Default

Maximum number of AWS IoT devices per AWS 2500


IoT Greengrass group.

Maximum number of Lambda functions per group. 200

Maximum number of resources per Lambda 20


function.

Maximum number of resources per group. 200

Maximum number of transactions per second See the section called “TPS” (p. 293).
(TPS) on the AWS IoT Greengrass APIs.

Maximum number of subscriptions per group. 10000

Maximum number of subscriptions that specify 50


Cloud as the source per group.

Maximum length of a core thing name. 124 bytes of UTF-8 encoded characters.

TPS
The default quota for the maximum number of transactions per second on the AWS IoT Greengrass APIs
depends on the API and the AWS Region where AWS IoT Greengrass is used.

Version 1.0
293
AWS General Reference Reference guide
Service Quotas

For most APIs and supported AWS Regions (p. 289), the default quota is 30. Exceptions are noted in the
following tables.

API exceptions

API Default

CreateDeployment 20

AWS Region exceptions

AWS Region Default

China (Beijing) 10

AWS GovCloud (US-West) 10

AWS GovCloud (US-East) 10

This quota applies per account and per API. For example, in the US East (N. Virginia) Region, each account
has a default quota of 30 TPS, which is the aggregate of all API operation requests. Each API (such as
CreateGroupVersion or ListFunctionDefinitions) has a quota of 30 TPS. This includes control
plane and data plane operations. Requests that exceed the account or API quotas are throttled. To
request account and API quota increases, including quotas for specific APIs, contact your AWS Enterprise
Support representative.

AWS IoT Greengrass Core

Description Default

Maximum number of routing table entries that 50 (matches AWS IoT subscription quota)
specify Cloud as the source.

Maximum size of messages sent by an AWS IoT 128 KB (matches AWS IoT message size quota)
device.

Maximum message queue size in the Greengrass 2.5 MB


core router.
Greater when using custom MQTT settings

Maximum length of a topic string. 256 bytes of UTF-8 encoded characters.

Maximum number of forward slashes (/) in a topic 7


or topic filter.

Minimum disk space needed to run the Greengrass 128 MB


Core software.
400 MB when using OTA updates

Minimum RAM to run the Greengrass Core 128 MB


software.
198 MB when using stream manager

The Greengrass Core software provides a service to detect the IP addresses of your Greengrass core
devices. It sends this information to the AWS IoT Greengrass cloud service and allows AWS IoT devices to
download the IP address of the Greengrass core they need to connect to.

Version 1.0
294
AWS General Reference Reference guide
AWS IoT Greengrass V2

Do not use this feature if any of the following is true:

• The IP address of a Greengrass core device changes frequently.


• The Greengrass core device is not always available to AWS IoT devices in its group.
• The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine
which address to use.
• Your organization's security policies don't allow you to send devices' IP addresses to the AWS Cloud.

AWS IoT Greengrass V2 endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass supports for
operations to manage components, devices, and deployments.

Region Region Endpoint Protocol


Name

US East us-east-2 greengrass.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 greengrass.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 greengrass.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- greengrass.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- greengrass.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- greengrass.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- greengrass.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- greengrass.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
295
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu- greengrass.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 greengrass.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 greengrass.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- greengrass.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US) greengrass.us-gov-west-1.amazonaws.com HTTPS

greengrass-ats.iot.us-gov-west-1.amazonaws.com MQTT and


HTTPS

AWS us-gov- greengrass.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US) greengrass.us-gov-east-1.amazonaws.com HTTPS

greengrass-ats.iot.us-gov-east-1.amazonaws.com MQTT and


HTTPS

For information about using AWS IoT Greengrass V2 in the AWS GovCloud Region, see AWS GovCloud
Endpoints.

AWS IoT Device Operations


The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.

To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefix-ats.iot.us-east-2.amazonaws.com HTTPS, MQTT

US East (N. us-east-1 prefix-ats.iot.us-east-1.amazonaws.com HTTPS, MQTT


Virginia)

US West us-west-2 prefix-ats.iot.us-west-2.amazonaws.com HTTPS, MQTT


(Oregon)

Asia Pacific ap-south-1 prefix-ats.iot.ap-south-1.amazonaws.com HTTPS, MQTT


(Mumbai)

Asia Pacific ap-northeast-2 prefix-ats.iot.ap-northeast-2.amazonaws.com HTTPS, MQTT


(Seoul)

Asia Pacific ap-southeast-1 prefix-ats.iot.ap-southeast-1.amazonaws.com HTTPS, MQTT


(Singapore)

Asia Pacific ap-southeast-2 prefix-ats.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT


(Sydney)

Version 1.0
296
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 prefix-ats.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT


(Tokyo)

Europe eu-central-1 prefix-ats.iot.eu-central-1.amazonaws.com HTTPS, MQTT


(Frankfurt)

Europe eu-west-1 prefix-ats.iot.eu-west-1.amazonaws.com HTTPS, MQTT


(Ireland)

Europe eu-west-2 prefix-ats.iot.eu-west-2.amazonaws.com HTTPS, MQTT


(London)

AWS GovCloud us-gov-west-1 prefix-ats.iot.us-gov-west-1.amazonaws.com HTTPS, MQTT


(US-West)

AWS GovCloud us-gov-east-1 prefix-ats.iot.us-gov-east-1.amazonaws.com HTTPS, MQTT


(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 298), but we
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.

Date Plane Operations


The following table contains AWS Region-specific ATS endpoints for data plane API operations, such as
ResolveComponentCandidates.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 greengrass-ats.iot.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 greengrass-ats.iot.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 greengrass-ats.iot.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap-south-1 greengrass-ats.iot.ap-south-1.amazonaws.com HTTPS


(Mumbai)

Asia Pacific ap-northeast-2 greengrass-ats.iot.ap- HTTPS


(Seoul) northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 greengrass-ats.iot.ap- HTTPS


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 greengrass-ats.iot.ap- HTTPS


(Sydney) southeast-2.amazonaws.com

Asia Pacific ap-northeast-1 greengrass-ats.iot.ap- HTTPS


(Tokyo) northeast-1.amazonaws.com

Europe eu-central-1 greengrass-ats.iot.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Version 1.0
297
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Europe eu-west-1 greengrass-ats.iot.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 greengrass-ats.iot.eu-west-2.amazonaws.com HTTPS


(London)

AWS GovCloud us-gov-west-1 greengrass-ats.iot.us-gov-west-1.amazonaws.com HTTPS


(US-West)

AWS GovCloud us-gov-east-1 greengrass-ats.iot.us-gov-east-1.amazonaws.com HTTPS


(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 298), but we
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.

Supported Legacy Endpoints


We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.

When using legacy Verisign endpoints, you must use Verisign root CA certificates.

Region Name Region Endpoint Protocol

US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com HTTPS, MQTT


Virginia)

US West us-west-2 prefix.iot.us-west-2.amazonaws.com HTTPS, MQTT


(Oregon)

Asia Pacific ap-southeast-2 prefix.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT


(Sydney)

Asia Pacific ap-northeast-1 prefix.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT


(Tokyo)

Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com HTTPS, MQTT


(Frankfurt)

Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com HTTPS, MQTT


(Ireland)

To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.

Service Quotas
The following tables describe quotas in AWS IoT Greengrass V2. For more information about quotas and
how to request quota increases, see AWS service quotas (p. 540).

Version 1.0
298
AWS General Reference Reference guide
AWS IoT SiteWise

Quotas for components


Resource Quota Adjustable Notes

Maximum number of 5,000 components per Yes  


components Region

Maximum number of 5,000 versions per Yes  


component versions component per Region

Maximum size of 8 KB No  
component recipe

Maximum total size of 2 GB No This quota applies to


component artifacts the sum of all artifacts
for a component.

Request rate for 1 request per second No  


CreateComponentVersion per Region

Quotas for deployments


Resource Quota Adjustable Notes

Maximum size of 4 KB No The deployment


deployment document document includes
for a thing deployment the component
configurations,
deployment
configurations, and
payload overhead.

Maximum size of 16 KB No The deployment


deployment document document includes
for a thing group the component
deployment configurations,
deployment
configurations, and
payload overhead.

AWS IoT SiteWise endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 iotsitewise.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
299
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

US West us-west-2 iotsitewise.us-west-2.amazonaws.com HTTPS


(Oregon)

Europe eu- iotsitewise.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 iotsitewise.eu-west-1.amazonaws.com HTTPS


(Ireland)

Asia ap- iotsitewise.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- iotsitewise.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

China cn-north-1 iotsitewise.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Service Quotas
Quotas for Assets and Asset Models

Resource Quota Adjustable Notes

Number of asset 100 Yes  


models per Region per
AWS account

Number of assets per 10,000 Yes  


asset model

Number of child assets 100 Yes  


per parent asset

Depth of asset 10 Yes  


hierarchy tree

Number of asset 10 No  
hierarchy definitions
per asset model

Number of properties 200 Yes  


per asset model

Number of property 10 Yes  


variables per property
formula expression

Number of functions 10 Yes  


per property formula
expression

Version 1.0
300
AWS General Reference Reference guide
Service Quotas

Resource Quota Adjustable Notes

Depth of property tree 10 Yes For example, a


per asset model model with a
transform property
C that consumes a
transform property
B that consumes a
measurement property
A has a depth of 3.

Number of asset 20 Yes  


models per hierarchy
tree

Number of directly 20 Yes This quota limits how


dependent properties many properties can
per asset model directly depend on
a single property, as
defined in property
formula expressions.

Number of dependent 30 Yes This quota limits how


properties per asset many properties can
model directly or indirectly
depend on a single
property, as defined
in property formula
expressions.

Request rate for model 10 requests per second Yes This quota applies to
API actions and logging per Region per AWS API operations such as
options account CreateAssetModel
and logging options.

Request rate for asset 30 requests per second Yes This quota applies to
API actions per Region per AWS API operations such
account as CreateAsset and
AssociateAssets.

Quotas for Asset Property Data

Resource Quota Adjustable Notes

Request rate for asset 1,000 requests per Yes This quota applies to
property data API second per Region per API operations such as
actions AWS account GetAssetPropertyValue
and
BatchPutAssetPropertyValue.

Number of data points 10 data points No This quota applies to


per second per data the maximum number
quality per asset of timestamp-quality-
property value (TQV) data
points with the same
timestamp in seconds
per data quality for

Version 1.0
301
AWS General Reference Reference guide
Service Quotas

Resource Quota Adjustable Notes


each asset property.
You can store up to
this number of good-
quality, uncertain-
quality, and bad-quality
data points for any
given second for each
asset property.

Rate of data entries 10 entries per asset Yes This quota applies to
ingested per asset property BatchPutAssetPropertyValue
property entries from all sources,
including gateways,
AWS IoT Core rules, and
API calls.

Rate of data points 1,000 data points per Yes Timestamp-quality-


ingested second per Region per value (TQV) data points.
AWS account

Rate of data points 10,000 data points per Yes This quota applies
computed second per Region per to the number of
AWS account timestamp-quality-
value (TQV) data
points output by
transform and metric
computations.

Number of data points 200,000 No Timestamp-quality-


processed per metric value (TQV) data points.
computation

Quotas for AWS IoT SiteWise Gateways

Resource Quota Adjustable

Number of gateways per Region 100 Yes


per AWS account

Number of OPC-UA sources per 100 No


gateway

Quotas for AWS IoT SiteWise Monitor

Resource Quota Adjustable

Number of portals per Region 100 Yes


per AWS account

Number of projects per portal 100 Yes

Number of dashboards per 100 Yes


project

Version 1.0
302
AWS General Reference Reference guide
AWS IoT Things Graph

Resource Quota Adjustable

Number of root assets per 1 No


project

Number of visualizations per 10 Yes


dashboard

Number of metrics per 5 Yes


dashboard visualization

AWS IoT Things Graph endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 iotthingsgraph.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 iotthingsgraph.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- iotthingsgraph.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- iotthingsgraph.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- iotthingsgraph.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu-west-1 iotthingsgraph.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas

Description Default Adjustable?

Flow (workflow) definition 10 KB yes


document size.

Version 1.0
303
AWS General Reference Reference guide
Service Quotas

Description Default Adjustable?

Maximum number of flows 5 per second yes


triggered.

Maximum number of steps 50 per second yes


executed per flow configuration
deployment.

Total flow configurations in a 100 yes


namespace.

Total entities (properties, states, 500 yes


events, actions, capabilities,
mappings, devices, and services)
in a namespace.

Total flow definitions in a 100 yes


namespace.

Entity definition document size 1 MB no


(for properties, states, events,
actions, capabilities, mappings,
devices, and services).

Device action timeout. 1 minute no

API Max Calls Per Second Adjustable?

AssociateEntityToThing 10 yes

10
CreateDeploymentConfiguration yes

CreateFlowTemplate 10 yes

CreateSystemInstance 20 yes

CreateSystemTemplate 10 yes

10
DeleteDeploymentConfiguration yes

DeleteFlowTemplate 10 yes

DeleteNamespace 10 yes

DeleteSystemInstance 10 yes

DeleteSystemTemplate 10 yes

DeployConfigurationToTarget10 yes

DeploySystemInstance 10 yes

10
DeprecateDeploymentConfiguration yes

DeprecateFlowTemplate 10 yes

DeprecateSystemTemplate 10 yes

DescribeNamespace 10 yes

Version 1.0
304
AWS General Reference Reference guide
Amazon IVS

API Max Calls Per Second Adjustable?

DissociateEntityFromThing 10 yes

GetDeploymentConfiguration 10 yes

GetEntities 10 yes

GetFlowTemplate 10 yes

GetFlowTemplateRevisions 10 yes

GetNamespaceDeletionStatus 10 yes

GetRecentUploads 10 yes

GetSystemInstance 10 yes

GetSystemTemplate 10 yes

GetSystemTemplateRevisions 10 yes

GetUploadStatus 10 yes

ListFlowExecutionMessages 10 yes

ListMappingPaths 10 yes

10
SearchDeploymentConfigurations yes

SearchEntities 10 yes

SearchFlowExecutions 10 yes

SearchFlowTemplates 10 yes

SearchSystemInstances 10 yes

SearchSystemTemplates 10 yes

SearchThings 10 yes

UndeploySystemInstance 10 yes

UpdateFlowTemplate 10 yes

UpdateSystemTemplate 10 yes

UploadEntityDefinitions 10 yes

ValidateEntityDefinitions 10 yes

Amazon Interactive Video Service


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
305
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Name Region Endpoint Protocol

US West (Oregon) us-west-2 ivs.us- HTTPS


west-2.amazonaws.com

US East (Virginia) us-east-1 ivs.us- HTTPS


east-1.amazonaws.com

EU West (Dublin) eu-west-1 ivs.eu- HTTPS


west-1.amazonaws.com

Service Quotas
For more information, see Service Quotas in the Amazon IVS User Guide.

Amazon Kendra endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 kendra.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 kendra.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- kendra.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Europe eu-west-1 kendra.eu-west-1.amazonaws.com HTTPS


(Ireland)

Amazon Keyspaces (for Apache Cassandra)


endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
306
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 cassandra.us-east-2.amazonaws.com TLS


(Ohio)

US East (N. us-east-1 cassandra.us-east-1.amazonaws.com TLS


Virginia)

US us-west-1 cassandra.us-west-1.amazonaws.com TLS


West (N.
California)

US West us-west-2 cassandra.us-west-2.amazonaws.com TLS


(Oregon)

Asia ap-east-1 cassandra.ap-east-1.amazonaws.com TLS


Pacific
(Hong
Kong)

Asia ap- cassandra.ap-south-1.amazonaws.com TLS


Pacific south-1
(Mumbai)

Asia ap- cassandra.ap-northeast-2.amazonaws.com TLS


Pacific northeast-2
(Seoul)

Asia ap- cassandra.ap-southeast-1.amazonaws.com TLS


Pacific southeast-1
(Singapore)

Asia ap- cassandra.ap-southeast-2.amazonaws.com TLS


Pacific southeast-2
(Sydney)

Asia ap- cassandra.ap-northeast-1.amazonaws.com TLS


Pacific northeast-1
(Tokyo)

Canada ca- cassandra.ca-central-1.amazonaws.com TLS


(Central) central-1

China cn-north-1 cassandra.cn-north-1.amazonaws.com.cn TLS


(Beijing)

China cn- cassandra.cn-northwest-1.amazonaws.com.cn TLS


(Ningxia) northwest-1

Europe eu- cassandra.eu-central-1.amazonaws.com TLS


(Frankfurt) central-1

Version 1.0
307
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 cassandra.eu-west-1.amazonaws.com TLS


(Ireland)

Europe eu-west-2 cassandra.eu-west-2.amazonaws.com TLS


(London)

Europe eu-west-3 cassandra.eu-west-3.amazonaws.com TLS


(Paris)

Europe eu-north-1 cassandra.eu-north-1.amazonaws.com TLS


(Stockholm)

Middle me- cassandra.me-south-1.amazonaws.com TLS


East south-1
(Bahrain)

South sa-east-1 cassandra.sa-east-1.amazonaws.com TLS


America
(São
Paulo)

For information about using Amazon Keyspaces (for Apache Cassandra) in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
For information about Amazon Keyspaces service quotas, see Quotas for Amazon Keyspaces (for Apache
Cassandra) in the Amazon Keyspaces (for Apache Cassandra) Developer Guide.

AWS Key Management Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 kms.us-east-2.amazonaws.com HTTPS


(Ohio)
kms-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
308
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 kms.us-east-1.amazonaws.com HTTPS


Virginia)
kms-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 kms.us-west-1.amazonaws.com HTTPS


West (N.
California) kms-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 kms.us-west-2.amazonaws.com HTTPS


(Oregon)
kms-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 kms.af-south-1.amazonaws.com HTTPS


(Cape
Town) kms-fips.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 kms.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong kms-fips.ap-east-1.amazonaws.com HTTPS
Kong)

Asia ap- kms.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) kms-fips.ap-south-1.amazonaws.com HTTPS

Asia ap- kms.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka- kms-fips.ap-northeast-3.amazonaws.com HTTPS
Local)

Asia ap- kms.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) kms-fips.ap-northeast-2.amazonaws.com HTTPS

Asia ap- kms.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) kms-fips.ap-southeast-1.amazonaws.com HTTPS

Asia ap- kms.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) kms-fips.ap-southeast-2.amazonaws.com HTTPS

Asia ap- kms.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) kms-fips.ap-northeast-1.amazonaws.com HTTPS

Canada ca- kms.ca-central-1.amazonaws.com HTTPS


(Central) central-1
kms-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 kms.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- kms.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
309
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- kms.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
kms-fips.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kms.eu-west-1.amazonaws.com HTTPS


(Ireland)
kms-fips.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 kms.eu-west-2.amazonaws.com HTTPS


(London)
kms-fips.eu-west-2.amazonaws.com HTTPS

Europe eu- kms.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
kms-fips.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 kms.eu-west-3.amazonaws.com HTTPS


(Paris)
kms-fips.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 kms.eu-north-1.amazonaws.com HTTPS


(Stockholm)
kms-fips.eu-north-1.amazonaws.com HTTPS

Middle me- kms.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) kms-fips.me-south-1.amazonaws.com HTTPS

South sa-east-1 kms.sa-east-1.amazonaws.com HTTPS


America
(São kms-fips.sa-east-1.amazonaws.com HTTPS
Paulo)

AWS us-gov- kms.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) kms-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- kms.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) kms-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

Customer master keys (CMKs) 10,000

Aliases per CMK 50

Grants per CMK 50,000

Grants for a given principal per CMK 500

Key policy document size 32 KB (32,768 bytes)

Version 1.0
310
AWS General Reference Reference guide
Kinesis Data Analytics

Resource Default

Requests per second Varies by API operation; see Request quotas in the
AWS Key Management Service Developer Guide.

All quotas in the preceding table are calculated separately for each AWS Region in each AWS account.

For more information about these quotas, see Quotas in the AWS Key Management Service Developer
Guide.

Amazon Kinesis Data Analytics endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 kinesisanalytics.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 kinesisanalytics.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 kinesisanalytics.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 kinesisanalytics.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 kinesisanalytics.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- kinesisanalytics.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- kinesisanalytics.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- kinesisanalytics.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
311
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- kinesisanalytics.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- kinesisanalytics.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- kinesisanalytics.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 kinesisanalytics.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- kinesisanalytics.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- kinesisanalytics.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 kinesisanalytics.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 kinesisanalytics.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- kinesisanalytics.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 kinesisanalytics.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 kinesisanalytics.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- kinesisanalytics.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 kinesisanalytics.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- kinesisanalytics.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- kinesisanalytics.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
312
AWS General Reference Reference guide
Service Quotas

Service Quotas
Kinesis Data Analytics for SQL Applications

Resource Default

Kinesis Processing Units (KPUs) 8

Input Parallelism for SQL applications 64 input streams

Applications 50

For more information, see Quotas in the Amazon Kinesis Data Analytics for SQL Applications Developer
Guide.

Kinesis Data Analytics for Apache Flink

Resource Default

Kinesis Processing Units (KPUs) 32

Snapshots 1000

Applications 50

For more information, see Quotas in the Amazon Kinesis Data Analytics for Apache Flink Developer Guide.

Amazon Kinesis Data Firehose endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 firehose.us-east-2.amazonaws.com HTTPS


(Ohio)
firehose-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 firehose.us-east-1.amazonaws.com HTTPS


Virginia)
firehose-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 firehose.us-west-1.amazonaws.com HTTPS


West (N.
California) firehose-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
313
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 firehose.us-west-2.amazonaws.com HTTPS


(Oregon)
firehose-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 firehose.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 firehose.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- firehose.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- firehose.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- firehose.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- firehose.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- firehose.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- firehose.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 firehose.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- firehose.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- firehose.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 firehose.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 firehose.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- firehose.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 firehose.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
314
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-north-1 firehose.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- firehose.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 firehose.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- firehose.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) firehose-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- firehose.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) firehose-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Delivery streams per Region 50

Delivery stream capacity for US East (N. Virginia), US West (Oregon), 2,000 transactions/second
and Europe (Ireland) †
5,000 records/second

5 MB/second

Delivery stream capacity for other Regions where Kinesis Data 1,000 transactions/second
Firehose is available †
1,000 records/second

1 MB/second

† The three capacity quotas scale proportionally. For example, if you increase the throughput quota to 2
MB/second in Asia Pacific (Singapore), the other quotas increase to 2,000 transactions/second and 2,000
records/second.

For more information, see Amazon Kinesis Data Firehose Quotas in the Amazon Kinesis Data Firehose
Developer Guide.

Amazon Kinesis Data Streams endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
315
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 kinesis.us-east-2.amazonaws.com HTTPS


(Ohio)
kinesis-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 kinesis.us-east-1.amazonaws.com HTTPS


Virginia)
kinesis-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 kinesis.us-west-1.amazonaws.com HTTPS


West (N.
California) kinesis-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 kinesis.us-west-2.amazonaws.com HTTPS


(Oregon)
kinesis-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 kinesis.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 kinesis.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- kinesis.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- kinesis.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- kinesis.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- kinesis.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- kinesis.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- kinesis.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
316
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Canada ca- kinesis.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 kinesis.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- kinesis.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- kinesis.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 kinesis.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 kinesis.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- kinesis.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 kinesis.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 kinesis.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- kinesis.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 kinesis.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- kinesis.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) kinesis.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- kinesis.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) kinesis.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Kinesis Data Streams in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

For information about using Amazon Kinesis Data Streams in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Version 1.0
317
AWS General Reference Reference guide
Service Quotas

Service Quotas

Resource Default

Shards per Region US East (N. Virginia) Region – 500

US West (Oregon) Region – 500

Europe (Ireland) Region – 500

All other supported Regions – 200

For more information, see Amazon Kinesis Data Streams Quotas in the Amazon Kinesis Data Streams
Developer Guide.

Amazon Kinesis Video Streams endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 kinesisvideo.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 kinesisvideo.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 kinesisvideo.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 kinesisvideo.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- kinesisvideo.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- kinesisvideo.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Version 1.0
318
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- kinesisvideo.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- kinesisvideo.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- kinesisvideo.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- kinesisvideo.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- kinesisvideo.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 kinesisvideo.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 kinesisvideo.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 kinesisvideo.eu-west-3.amazonaws.com HTTPS


(Paris)

South sa-east-1 kinesisvideo.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
The quotas below are either soft [s], which can be upgraded by submitting a support ticket, or hard [h],
which cannot be increased.

Control Plane API Quotas


The following section describes quotas for Control Plane APIs.

When an account-level Request quota is reached, a ClientLimitExceededException is thrown.

When an account-level Streams quota is reached, or a stream-level quota is reached, a


StreamLimitExceededException is thrown.

Control Plane API quotas

API Account Account Stream-level Relevant Exceptions and Notes


Quota: Quota: quota
Request Streams

CreateStream 50 TPS [s] 2500 streams   Devices, CLIs, SDK-driven access,


per account and the console can all invoke
[s] in US East this API. Only one API call

Version 1.0
319
AWS General Reference Reference guide
Service Quotas

API Account Account Stream-level Relevant Exceptions and Notes


Quota: Quota: quota
Request Streams
(N. Virginia) succeeds if the stream doesn’t
and US West already exist.
(Oregon)
regions. 1000
streams per
account [s]
in all other
supported
regions.
Note
This
quota
can be
increased
up to
100,000
(or
more)
streams
per
account
[s].
Sign in
to the
AWS
Management
Console
at
https://
console.aws.amazon.com/
and
submit
a
service
quota
increase
case
for
Kinesis
Video
Streams
to
request
an
increase
of this
limit.

DescribeStream 300 TPS [h] N/A 5 TPS [h]  

UpdateStream 50 TPS [h] N/A 5 TPS [h]  

ListStreams 50 TPS [h] N/A    

Version 1.0
320
AWS General Reference Reference guide
Service Quotas

API Account Account Stream-level Relevant Exceptions and Notes


Quota: Quota: quota
Request Streams

DeleteStream 50 TPS [h] N/A 5 TPS [h]  

GetDataEndpoint300 TPS [h] N/A 5 TPS [h] Called every 45 minutes to


refresh the streaming token for
most PutMedia/GetMedia use
cases. Caching data endpoints
is safe if the application reloads
them on failure.

UpdateDataRetention
50 TPS [h] N/A 5 TPS [h]  

TagStream 50 TPS [h] N/A 5 TPS [h]  

UntagStream 50 TPS [h] N/A 5 TPS [h]  

ListTagsForStream
50 TPS [h] N/A 5 TPS [h]  

Media and Archived Media API Quotas


The following section describes quotas for Media and Archived Media APIs.

When a stream-level quota is exceeded, a StreamLimitExceededException is thrown.

When a connection-level quota is reached, a ConnectionLimitExceededException is thrown.

The following errors or acks are thrown when a fragment-level quota is reached:

• A MIN_FRAGMENT_DURATION_REACHED ack is returned for a fragment below the minimum duration.


• A MAX_FRAGMENT_DURATION_REACHED ack is returned for a fragment above the maximum duration.
• A MAX_FRAGMENT_SIZE ack is returned for a fragment above the maximum data size.
• A FragmentLimitExceeded exception is thrown if a fragment quota is reached in a
GetMediaForFragmentList operation.

Data Plane API quotas

API Stream- Connection- Bandwidth Fragment- Relevant Exceptions and


level quota level quota quota level quota Notes

PutMedia 5 TPS [h] 1 [s] 12.5 MB/ • Minimum A typical PutMedia request
second, or fragment contains data for several
100 Mbps [s] duration: seconds, resulting in a
1 second lower TPS per stream.
[h] In the case of multiple
• Maximum concurrent connections
fragment that exceed quotas, the last
duration: connection is accepted.
10
seconds
[h]
• Maximum
fragment

Version 1.0
321
AWS General Reference Reference guide
Service Quotas

API Stream- Connection- Bandwidth Fragment- Relevant Exceptions and


level quota level quota quota level quota Notes
size: 50
MB [h]
• Maximum
number of
tracks: 3
[s]

GetHLSStreamingSessionURL
5 TPS Burst, N/A N/A N/A Only 10 sessions per
1 TPS stream can be active at a
Sustained time [s]. After the quota
[h] has been reached, the
oldest session is revoked
when a new session is
created.

GetDASHStreamingSessionURL
5 TPS Burst, N/A N/A N/A Only 10 sessions per
1 TPS stream can be active at a
Sustained time [s]. After the quota
[h] has been reached, the
oldest session is revoked
when a new session is
created.

GetMedia 5 TPS [h] 3 [s] 25 MB/s or N/A Only three clients can
200 Mbps [s] concurrently receive
content from the media
stream at any moment
of time. Further client
connections are rejected.
A unique consuming client
shouldn’t need more
than 2 or 3 TPS because
after the connection is
established, we anticipate
that the application will
read continuously.

If a typical fragment is
approximately 5 MB, this
quota means ~75 MB/ sec
per Kinesis video stream.
Such a stream would have
an outgoing bitrate of 2x
the streams' maximum
incoming bitrate.

ListFragments 5 TPS [h] N/A N/A N/A  

GetMediaForFragmentList
5 TPS [h] 5 [s] 25 MB/s or Maximum Five fragment-based
200 MbpsA number of consuming applications can
[s] fragments: concurrently get media.
1000 [h] Further connections are
rejected.

Version 1.0
322
AWS General Reference Reference guide
Service Quotas

Video Playback Protocol API quotas


API Session-level quota Fragment-level quota

GetDASHManifestPlaylist 5 TPS [h] Maximum number of fragments


per playlist: 1000 [h]

GetHLSMasterPlaylist 5 TPS [h] N/A

GetHLSMediaPlaylist 5 TPS [h] Maximum number of fragments


per playlist: 1000 [h]

GetMP4InitFragment 5 TPS [h] N/A

GetMP4MediaFragment 10 TPS [h] N/A

GetTSFragment 10 TPS [h] N/A

Kinesis Video Streams with WebRTC Control Plane API Quotas


The following section describes service quotas for the control plane APIs.

Control Plane API Service Quotas


API Account Account Channel-level Relevant Exceptions and Notes
service quota: service quota: service quota
Request Channels

CreateSignalingChannel
50 TPS [s] 10000    
signaling
channels per
account [s]
per region,
in all other
supported
regions.

DescribeSignalingChannel
300 TPS [h] N/A 5 TPS [h]  

UpdateSignalingChannel
50 TPS [h] N/A 5 TPS [h]  

ListSignalingChannels
50 TPS [h] N/A    

DeleteStream 50 TPS [h] N/A 5 TPS [h]  

GetSignalingChannelEndpoint
300 TPS [h] N/A    

TagResource 50 TPS [h] N/A 5 TPS [h]  

UntagResource 50 TPS [h] N/A 5 TPS [h]  

ListTagsForResource
50 TPS [h] N/A 5 TPS [h]  

Kinesis Video Streams with WebRTC Signaling API Service


Quotas
The following section describes service quotas for the signaling component in Kinesis Video Streams with
WebRTC.

Version 1.0
323
AWS General Reference Reference guide
Lake Formation

• ConnectAsMaster
• API - 3 TPS per channel (hard)
• Maximum number of master connections per signaling channel - 1 (hard)
• Connection duration limit - 1 hour (hard)
• Idle connection timeout - 10 minutes (hard)
• When a client receives the GO_AWAY message from the server, connection is terminated after a grace
period of 1 minute (hard)
• ConnectAsViewer
• API - 3 TPS per channel (hard)
• Maximum number of viewer connections per channel - 10 (soft)
• Connection duration limit - 1 hour (hard)
• Idle connection timeout - 10 minutes (hard)
• Once a client receives the GO_AWAY message from the server, connection is terminated after a grace
period of 1 minute (hard)
• SendSDPOffer
• API: 5 TPS per WebSocket connection (hard)
• Message payload size limit - 10k (hard)
• SendSDPAnswer
• API: 5 TPS per WebSocket connection (hard)
• Message payload size limit - 10k (hard)
• SendICECandidate
• API: 20 TPS per WebSocket connection (hard)
• Message payload size limit - 10k (hard)
• SendAlexaOffertoMaster
• API: 5 TPS per signaling channel (hard)
• GetIceServerConfig
• API: 5 TPS per signaling channel (hard)
• Disconnect
• N/A

Kinesis Video Streams with WebRTC TURN Service Quotas


The following section describes service quotas for the Traversal Using Relays around NAT (TURN)
component in Kinesis Video Streams with WebRTC.

• Bit Rate - 5Mbps (hard)


• Credential Lifecycle - 5 minutes (hard)
• Number of allocations - 50 per signaling channel (hard)

AWS Lake Formation endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, Version
see AWS service quotas (p. 540).
1.0
324
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 lakeformation.us-east-2.amazonaws.com HTTPS


(Ohio)
lakeformation-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 lakeformation.us-east-1.amazonaws.com HTTPS


Virginia)
lakeformation-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 lakeformation.us-west-1.amazonaws.com HTTPS


West (N.
California) lakeformation-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 lakeformation.us-west-2.amazonaws.com HTTPS


(Oregon)
lakeformation-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 lakeformation.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- lakeformation.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- lakeformation.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- lakeformation.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- lakeformation.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- lakeformation.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- lakeformation.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 lakeformation.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Europe eu- lakeformation.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 lakeformation.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
325
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 lakeformation.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- lakeformation.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 lakeformation.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 lakeformation.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 lakeformation.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- lakeformation.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) lakeformation-fips.us-gov- HTTPS
west-1.amazonaws.com

Service Quotas
The following quotas apply per catalog.

Resource Default

Number of subfolders in Amazon S3 path 20

Length of path which can be registered 700

Number of admins 10

Number of registered paths per catalog 10,000

Number of cross-account grants 1,600

AWS Lambda endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
326
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 lambda.us-east-2.amazonaws.com HTTPS


(Ohio)
lambda-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 lambda.us-east-1.amazonaws.com HTTPS


Virginia)
lambda-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 lambda.us-west-1.amazonaws.com HTTPS


West (N.
California) lambda-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 lambda.us-west-2.amazonaws.com HTTPS


(Oregon)
lambda-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 lambda.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 lambda.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- lambda.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- lambda.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- lambda.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- lambda.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- lambda.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- lambda.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- lambda.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Version 1.0
327
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn-north-1 lambda.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- lambda.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- lambda.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 lambda.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 lambda.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- lambda.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 lambda.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 lambda.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- lambda.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 lambda.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- lambda.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) lambda-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- lambda.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) lambda-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Lambda in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

Service Quotas
AWS Lambda quotas the amount of compute and storage resources that you can use to run and store
functions. The following quotas apply per Region and can be increased. To request an increase, use the
Support Center console.

Resource Default

Concurrent executions 1,000

Function and layer storage 75 GB

Version 1.0
328
AWS General Reference Reference guide
AWS Launch Wizard

For more information, see AWS Lambda Quotas in the AWS Lambda Developer Guide.

AWS Launch Wizard endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 appwizard.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 appwizard.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 appwizard.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 appwizard.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Africa af-south-1 appwizard.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 appwizard.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- appwizard.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- appwizard.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- appwizard.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- appwizard.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- appwizard.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Version 1.0
329
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Canada ca- appwizard.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

Europe eu- appwizard.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 appwizard.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 appwizard.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- appwizard.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 appwizard.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 appwizard.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- appwizard.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 appwizard.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- appwizard.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East)

AWS us-gov- appwizard.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

Service Quotas
Launch Wizard allows for a maximum of 50 active applications (with status in progress or
completed) for any given application type. If you want to increase this limit, contact AWS Support.

Amazon Lex endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
330
AWS General Reference Reference guide
V2 service endpoints

V2 service endpoints
Model building endpoints

Region name Region Endpoint Protocol

US East (N. Virginia) us-east-1 models-v2-lex.us- HTTPS


east-1.amazonaws.com

US West (Oregon) us-west-2 models-v2-lex.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 models-v2-lex.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 models-v2-lex.ap- HTTPS


southeast-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 models-v2-lex.ap- HTTPS


northeast-1.amazonaws.com

Europe (Frankfurt) eu-central-1 models-v2-lex.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 models-v2-lex.eu- HTTPS


west-1.amazonaws.com

Europe (London) eu-west-2 models-v2-lex.eu- HTTPS


west-2.amazonaws.com

Runtime endpoints

Region name Region Endpoint Protocol

US East (N. Virginia) us-east-1 runtime-v2-lex.us- HTTPS


east-1.amazonaws.com

US West (Oregon) us-west-2 runtime-v2-lex.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 runtime-v2-lex.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 runtime-v2-lex.ap- HTTPS


southeast-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 runtime-v2-lex.ap- HTTPS


northeast-1.amazonaws.com

Europe (Frankfurt) eu-central-1 runtime-v2-lex.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 runtime-v2-lex.eu- HTTPS


west-1.amazonaws.com

Version 1.0
331
AWS General Reference Reference guide
V1 service endpoints

Region name Region Endpoint Protocol

Europe (London) eu-west-2 runtime-v2-lex.eu- HTTPS


west-2.amazonaws.com

V1 service endpoints
Model building endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 models.lex.us-east-1.amazonaws.com HTTPS


Virginia)
models-fips.lex.us-east-1.amazonaws.com HTTPS

US West us-west-2 models.lex.us-west-2.amazonaws.com HTTPS


(Oregon)
models-fips.lex.us-west-2.amazonaws.com HTTPS

Asia ap- models.lex.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- models.lex.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- models.lex.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- models.lex.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 models.lex.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 models.lex.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- models.lex.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) models-fips.lex.us-gov-west-1.amazonaws.com HTTPS

Runtime endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 runtime.lex.us-east-1.amazonaws.com HTTPS


Virginia)
runtime-fips.lex.us-east-1.amazonaws.com HTTPS

Version 1.0
332
AWS General Reference Reference guide
License Manager

Region Region Endpoint Protocol


Name

US West us-west-2 runtime.lex.us-west-2.amazonaws.com HTTPS


(Oregon)
runtime-fips.lex.us-west-2.amazonaws.com HTTPS

Asia ap- runtime.lex.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- runtime.lex.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- runtime.lex.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- runtime.lex.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 runtime.lex.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 runtime.lex.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- runtime.lex.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) runtime-fips.lex.us-gov-west-1.amazonaws.com HTTPS

AWS License Manager endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 license-manager.us-east-2.amazonaws.com HTTPS


(Ohio)
license-manager-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 license-manager.us-east-1.amazonaws.com HTTPS


Virginia)
license-manager-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 license-manager.us-west-1.amazonaws.com HTTPS


West (N.
California) license-manager-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
333
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 license-manager.us-west-2.amazonaws.com HTTPS


(Oregon)
license-manager-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 license-manager.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 license-manager.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- license-manager.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- license-manager.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- license-manager.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- license-manager.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- license-manager.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- license-manager.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 license-manager.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- license-manager.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- license-manager.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 license-manager.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 license-manager.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- license-manager.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 license-manager.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
334
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-north-1 license-manager.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- license-manager.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 license-manager.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- license-manager.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) license-manager-fips.us-gov- HTTPS
east-1.amazonaws.com

AWS us-gov- license-manager.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) license-manager-fips.us-gov- HTTPS
west-1.amazonaws.com

Service Quotas

Resource Default

Number of license configurations per resource 10

Total number of license configurations 25

Amazon Lightsail endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 lightsail.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 lightsail.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
335
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

US West us-west-2 lightsail.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- lightsail.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- lightsail.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- lightsail.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- lightsail.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- lightsail.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- lightsail.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- lightsail.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 lightsail.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 lightsail.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 lightsail.eu-west-3.amazonaws.com HTTPS


(Paris)

Service Quotas
New AWS accounts may start with quotas that are lower than those described here.

Resource Default Comment

Number of instances 20 per Region This quota can be increased by


contacting support.

Number of databases 40 per Region This quota cannot be increased.

Number of static IP addresses 5 per Region This quota can be increased by


contacting support.

Number of parallel SSH connections 5 per Region, per This quota cannot be increased.
using the browser-based SSH client account

Version 1.0
336
AWS General Reference Reference guide
Service Quotas

Resource Default Comment

Number of parallel RDP connections 1 per Region, per This quota cannot be increased.
using the browser-based RDP client account

Number of DNS zones (or domains) 3 per account This quota cannot be increased.

Number of load balancers 5 per Region This quota cannot be increased.

Amount of attached block storage disk 20,000 GB per These quotas cannot be increased.
space Region

16 TB per disk
maximum, or 8 GB
per disk minimum

Each instance can


have up to 15
attached disks,
and 1 boot volume
disk

Number of certificates 10 active per This quota cannot be increased.


Region, per
account

20 total per
Region, per
account in the last
365 days

Number of tags 50 per resource This quota cannot be increased.

Number of container services 100 per Region This quota cannot be increased.

Maximum number of nodes per 20 This quota cannot be increased.


container service

Number of deployment versions per 50 deployment This quota cannot be increased.


container service versions

Number of containers per deployment 10 containers This quota cannot be increased.


on a container service

Number of stored container images per 150 stored This quota cannot be increased.
container service container images

Number of custom domains per 4 custom domains This quota cannot be increased.
container service

Number of certificates that can be 4 certificates This quota cannot be increased.


attached per container service
Subject to
certificates quota
described earlier in
this list.

Number of days container logs are 4 days This quota cannot be increased.
stored

Version 1.0
337
AWS General Reference Reference guide
Amazon Location Service

The following table provides the quotas for Lightsail content delivery network distributions.

Resource Default

Data transfer rate per distribution 150 Gbps

Distributions per account 20

Custom domain names per distribution 10

You can specify up to 10


domains for a Lightsail SSL/
TLS certificate. You can then use
the certificate to enable custom
domains on your Lightsail
distribution.

Origins per distribution 1 instance or 1 load balancer

You can attach as many


instances to your load balancer
as you would like - up to your
Lightsail account instance quota.

Default behavior (default cache behavior) per distribution 1

Directory and file overrides per distribution You can create up to 25


directory and file overrides,
and you can specify one cache
behavior per override.

Allowed headers per cache behavior 10

Allowed cookies per cache behavior 10

Allowed query strings per cache behavior 10

Response timeout per origin 4–60 seconds

Amazon Location Service endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Location is available in the following AWS Regions:

Region name Region code

US East (N. Virginia) us-east-1

US East (Ohio) us-east-2

Version 1.0
338
AWS General Reference Reference guide
Service Quotas

Region name Region code

US West (Oregon) us-west-2

Europe (Ireland) eu-west-1

Asia Pacific (Tokyo) ap-northeast-1

The general syntax for an Amazon Location regional endpoint is as follows:

protocol://service-code.geo.region-code.amazonaws.com

Within this syntax, Amazon Location uses the following service codes:

Service Service code

Amazon Location Maps maps

Amazon Location Places places

Amazon Location Geofences geofencing

Amazon Location Trackers tracking

For example, the regional endpoint for Amazon Location Maps for US East (N. Virginia) would be:
https://maps.geo.us-east-1.amazonaws.com.

Service Quotas
The following table lists the service quotas for Amazon Location, also referred to as limits, or the
maximum number of service resources or operations for your AWS account.
Note
Some quotas can be increased. For more information, see the AWS Support Center.

Resource Description Quota Adjustable

Map resources per The maximum number 20 Yes


account of Map resources that
you can create per
account.

Place Index resources The maximum number 20 Yes


per account of Place Index resources
that you can create per
account.

Tracker resources per The maximum number 100 Yes


account of Tracker resources
that you can create per
account.

Geofence Collection The maximum number 1000 Yes


resources per account of Geofence Collection
resources that you can
create per account.

Version 1.0
339
AWS General Reference Reference guide
Service Quotas

Resource Description Quota Adjustable

Geofences per The maximum number 50000 Yes


Geofence Collection of Geofences that you
can create per Geofence
Collection.

Tracker consumers per The maximum number 10 Yes


tracker of Geofence Collection
that Tracker resource
can be associated with.

Rate of CreateMap API The maximum number 10 Yes


requests of CreateMap requests
that you can make per
second. Additional
requests are throttled.

Rate of DeleteMap API The maximum number 10 Yes


requests of DeleteMap requests
that you can make per
second. Additional
requests are throttled.

Rate of DescribeMap The maximum number 10 Yes


API requests of DescribeMap
requests that you
can make per second.
Additional requests are
throttled.

Rate of ListMaps API The maximum number 10 Yes


requests of ListMaps requests
that you can make per
second. Additional
requests are throttled.

Rate of GetMapGlyphs The maximum number 50 Yes


API requests of GetMapGlyphs
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 50 Yes


GetMapSprites API of GetMapSprites
requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
GetMapStyleDescriptor
API requests GetMapStyleDescriptor
requests that you
can make per second.
Additional requests are
throttled.

Version 1.0
340
AWS General Reference Reference guide
Service Quotas

Resource Description Quota Adjustable

Rate of GetMapTile The maximum number 500 Yes


API requests of GetMapTile
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 10 Yes


CreatePlaceIndex of CreatePlaceIndex
API requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 10 Yes


DeletePlaceIndex of DeletePlaceIndex
API requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 10 Yes


DescribePlaceIndex number of
API requests DescribePlaceIndex
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 10 Yes


ListPlaceIndexes of ListPlaceIndexes
API requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
SearchPlaceIndexForPosition
API requests SearchPlaceIndexForPosition
requests that you
can make per second.
Additional requests are
throttled.

During preview release: During preview 10,000 No


Maximum monthly release, the
maximum number of
SearchPlaceIndexForPosition
API requests with SearchPlaceIndexForPosition
results stored. requests you can make
per month for a Place
index resource with
IntendedUse set to
Storage.

Version 1.0
341
AWS General Reference Reference guide
Service Quotas

Resource Description Quota Adjustable

Rate of The maximum 50 Yes


number of
SearchPlaceIndexForText
API requests SearchPlaceIndexForText
requests that you
can make per second.
Additional requests are
throttled.

During preview release: During preview 1,000 No


Maximum monthly release, the
SearchPlaceIndexForText maximum number of
API requests with SearchPlaceIndexforText
results stored. requests you can make
per month for a Place
index resource with
IntendedUse set to
Storage.

Rate of The maximum number 10 Yes


CreateTracker API of CreateTracker
requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 10 Yes


DeleteTracker API of DeleteTracker
requests requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 10 Yes


DescribeTracker API of DescribeTracker
requests requests that you
can make per second.
Additional requests are
throttled.

Rate of ListTrackers The maximum number 10 Yes


API requests of ListTrackers
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 10 Yes


number of
AssociateTrackerConsumer
API requests AssociateTrackerConsumer
requests that you
can make per second.
Additional requests are
throttled.

Version 1.0
342
AWS General Reference Reference guide
Service Quotas

Resource Description Quota Adjustable

Rate of The maximum 10 Yes


number of
DisassociateTrackerConsumer
API requests DisassociateTrackerConsumerrequests
that you can make per
second. Additional
requests are throttled.

Rate of The maximum 10 Yes


ListTrackerConsumersnumber of
API requests ListTrackerConsumers
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
BatchGetDevicePosition
API requests BatchGetDevicePosition
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
BatchUpdateDevicePosition
API requests BatchUpdateDevicePosition
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


GetDevicePosition number of
API requests GetDevicePosition
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
GetDevicePositionHistory
API requests GetDevicePositionHistory
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 10 Yes


number of
CreateGeofenceCollection
API requests CreateGeofenceCollection
requests that you
can make per second.
Additional requests are
throttled.

Version 1.0
343
AWS General Reference Reference guide
Service Quotas

Resource Description Quota Adjustable

Rate of The maximum 10 Yes


number of
DeleteGeofenceCollection
API requests DeleteGeofenceCollection
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 10 Yes


number of
DescribeGeofenceCollection
API requests DescribeGeofenceCollection
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


BatchDeleteGeofence number of
API requests BatchDeleteGeofence
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum 50 Yes


number of
BatchEvaluateGeofences
API requests BatchEvaluateGeofences
requests that you
can make per second.
Additional requests are
throttled.

Rate of The maximum number 50 Yes


BatchPutGeofence of BatchPutGeofence
API requests requests that you
can make per second.
Additional requests are
throttled.

Rate of GetGeofence The maximum number 50 Yes


API requests of GetGeofence
requests that you
can make per second.
Additional requests are
throttled.

Rate of PutGeofence The maximum number 50 Yes


API requests of PutGeofence
requests that you
can make per second.
Additional requests are
throttled.

Version 1.0
344
AWS General Reference Reference guide
Amazon Lookout for Equipment

Resource Description Quota Adjustable

Rate of The maximum number 50 Yes


ListGeofences API of ListGeofences
requests requests that you
can make per second.
Additional requests are
throttled.

Amazon Lookout for Equipment endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region name Region Endpoint Protocol

US East (N. Virginia) us-east-1 lookoutequipment.us- HTTPS


east-1.amazonaws.com

Europe (Ireland) eu-west-1 lookoutequipment.eu- HTTPS


west-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 lookoutequipment.ap- HTTPS


northeast-2.amazonaws.com

Service Quotas
Data Ingestion

Resource Default

Maximum number of components per dataset 3000

Maximum number of columns across components, 3000


excluding time stamp, per dataset

Maximum number of files per component per 1000


dataset

Maximum length of component name 200 characters

Maximum byte size of data per dataset 50 GB

Maximum byte size of data per file 5 GB

Version 1.0
345
AWS General Reference Reference guide
Service Quotas

Training

Resource Default

Maximum number of rows in training data, after 1.5 million


resampling

Maximum number of rows in evaluation data, 1.5 million


after resampling

Maximum number of components in training data 300

Maximum number of columns across components, 300


excluding time stamp, in training data

Maximum timespan of training data 180 days

Maximum number of models with training in 15


progress per dataset

Inference

Resource Default

Maximum size of raw data in inference input data 5 MB


(5 minute scheduling frequency)

Maximum size of raw data in inference input data 10 MB


(10 minute scheduling frequency)

Maximum size of raw data in inference input data 15 MB


(15 minute scheduling frequency)

Maximum size of raw data in inference input data 30 MB


(30 minute scheduling frequency)

Maximum size of raw data in inference input data 60 MB


(1 hour scheduling frequency)

Maximum number of rows in inference input data, 300 MB


after resampling (5 minute scheduling frequency)

Maximum number of rows in inference input 600 MB


data, after resampling (10 minute scheduling
frequency)

Maximum number of rows in inference input 900 MB


data, after resampling (15 minute scheduling
frequency)

Maximum number of rows in inference input 1800 MB


data, after resampling (30 minute scheduling
frequency)

Maximum number of rows in inference input data, 3600 MB


after resampling (1 hour scheduling frequency)

Version 1.0
346
AWS General Reference Reference guide
Amazon Lookout for Vision

Resource Default

Maximum number of files per component per 60


inference execution

Amazon Lookout for Vision endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 lookoutvision.us- HTTPS


east-1.amazonaws.com

US West (Oregon) us-west-2 lookoutvision.us- HTTPS


west-2.amazonaws.com

US East (Ohio) us-east-2 lookoutvision.us- HTTPS


east-2.amazonaws.com

Europe (Frankfurt) eu-central-1 lookoutvision.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 lookoutvision.eu- HTTPS


west-1.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 lookoutvision.ap- HTTPS


northeast-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 lookoutvision.ap- HTTPS


northeast-2.amazonaws.com

Service Quotas
Resource Default

Transactions per second per account for individual Amazon Lookout • In all regions that Amazon
for Vision data plane operations: Lookout for Vision supports –
10
• DetectAnomalies

Transactions per second per account for individual Amazon Lookout In each Region that Amazon
for Vision control plane operations: Lookout for Vision supports – 5

• CreateDataset
• CreateModel
• CreateProject

Version 1.0
347
AWS General Reference Reference guide
Macie

Resource Default
• DeleteDataset
• DeleteModel
• DeleteProject
• DescribeDataset
• DescribeModel
• DescribeProject
• ListDatasetEntries
• ListModels
• ListProjects
• StartModel
• StopModel
• UpdateDatasetEntries

Maximum number of Amazon Lookout for Vision projects per 100


account.

Maximum number of Amazon Lookout for Vision models per 100


project.

Maximum number of concurrent Amazon Lookout for Vision 2


training jobs per account.

Maximum number of concurrently running Amazon Lookout for 2


Vision models per account.

Maximum number of concurrently running Amazon Lookout for 2


Vision trial detections per account.

Maximum inference units per started model. 5

For more information, see Amazon Lookout for Vision Quotas.

Amazon Macie endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Macie

Region Region Endpoint Protocol


Name

US East us-east-2 macie2.us-east-2.amazonaws.com HTTPS


(Ohio)
macie2-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
348
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 macie2.us-east-1.amazonaws.com HTTPS


Virginia)
macie2-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 macie2.us-west-1.amazonaws.com HTTPS


West (N.
California) macie2-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 macie2.us-west-2.amazonaws.com HTTPS


(Oregon)
macie2-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 macie2.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 macie2.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- macie2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- macie2.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- macie2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- macie2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- macie2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- macie2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- macie2.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- macie2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 macie2.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 macie2.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
349
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- macie2.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 macie2.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 macie2.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- macie2.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 macie2.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Amazon Macie Classic

Region Region Endpoint Protocol


Name

US East (N. us-east-1 macie.us-east-1.amazonaws.com HTTPS


Virginia)
macie-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 macie.us-west-2.amazonaws.com HTTPS


(Oregon)
macie-fips.us-west-2.amazonaws.com HTTPS

Service Quotas
Amazon Macie
For information about Amazon Macie quotas, see Amazon Macie Quotas in the Amazon Macie User Guide.

Amazon Macie Classic

Resource Default

Full data classification 3 TB per month

Macie member accounts 10

S3 buckets/prefixes specified for data classification 250 (this quota cannot be


changed)

Version 1.0
350
AWS General Reference Reference guide
Amazon ML

Amazon Machine Learning endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 machinelearning.us-east-1.amazonaws.com HTTPS


Virginia)

Europe eu-west-1 machinelearning.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas

Resource Default

Data file size* 100 GB

Batch prediction input size 1 TB

Batch prediction input (number of records) 100 million

Number of variables in a data file (schema) 1,000

Recipe complexity (number of processed output variables) 10,000

Transactions Per Second for each real-time prediction endpoint 200

Total Transactions Per Second for all real-time prediction endpoints 10,000

Total RAM for all real-time prediction endpoints 10 GB

Number of simultaneous jobs 25

Longest run time for any job 7 days

Number of classes for multiclass ML models 100

ML model size 2 GB

The size of your data files is restricted to ensure that jobs finish in a timely manner. Jobs that have been
running for more than seven days are automatically terminated, resulting in a FAILED status.

For more information, see Amazon ML Quotas in the Amazon Machine Learning Developer Guide.

Version 1.0
351
AWS General Reference Reference guide
Managed Blockchain

Amazon Managed Blockchain endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 managedblockchain.us-east-1.amazonaws.com HTTPS


Virginia)

Asia ap- managedblockchain.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- managedblockchain.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- managedblockchain.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Europe eu-west-1 managedblockchain.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 managedblockchain.eu-west-2.amazonaws.com HTTPS


(London)

Service Quotas
For information about attributes of Starter Edition and Standard Edition networks, such as the number
of members per network, peer nodes per member, available instance types, and more, see Amazon
Managed Blockchain Pricing.

Resource Default

Starter Edition networks

Maximum number of Starter Edition networks in 4


which an AWS account can own a member.

Maximum number of Hyperledger Fabric channels 3


per Starter Edition network.

Standard Edition networks

Version 1.0
352
AWS General Reference Reference guide
AWS Marketplace

Resource Default

Maximum number of Standard Edition networks 2


in which an AWS account can own a member.

Maximum number of Hyperledger Fabric channels 8


per Standard Edition network.

AWS Marketplace endpoints and quotas


AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy,
and manage third-party software and services that customers need to build solutions and run their
businesses.

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The AWS Marketplace website is available globally. The AWS Marketplace console is available in the
US East (N. Virginia) Region. The product vendor determines the Regions in which their products are
available.

AWS Marketplace Commerce Analytics

Region Region Endpoint Protocol


Name

US East (N. us-east-1 marketplacecommerceanalytics.us- HTTPS


Virginia) east-1.amazonaws.com

AWS Marketplace Entitlement Service

Region Region Endpoint Protocol


Name

US East (N. us-east-1 entitlement.marketplace.us- HTTPS


Virginia) east-1.amazonaws.com

AWS Marketplace Metering Service

Region Region Endpoint Protocol


Name

US East us-east-2 metering.marketplace.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
353
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 metering.marketplace.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 metering.marketplace.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 metering.marketplace.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 metering.marketplace.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 metering.marketplace.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- metering.marketplace.ap- HTTPS


Pacific south-1 south-1.amazonaws.com
(Mumbai)

Asia ap- metering.marketplace.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- metering.marketplace.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- metering.marketplace.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- metering.marketplace.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- metering.marketplace.ca- HTTPS


(Central) central-1 central-1.amazonaws.com

Europe eu- metering.marketplace.eu- HTTPS


(Frankfurt) central-1 central-1.amazonaws.com

Europe eu-west-1 metering.marketplace.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 metering.marketplace.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- metering.marketplace.eu- HTTPS


(Milan) south-1 south-1.amazonaws.com

Europe eu-west-3 metering.marketplace.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
354
AWS General Reference Reference guide
Amazon Mechanical Turk

Region Region Endpoint Protocol


Name

Europe eu-north-1 metering.marketplace.eu- HTTPS


(Stockholm) north-1.amazonaws.com

Middle me- metering.marketplace.me- HTTPS


East south-1 south-1.amazonaws.com
(Bahrain)

South sa-east-1 metering.marketplace.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- metering.marketplace.us-gov- HTTPS


GovCloud east-1 east-1.amazonaws.com
(US-East)

AWS us-gov- metering.marketplace.us-gov- HTTPS


GovCloud west-1 west-1.amazonaws.com
(US-West)

Amazon Mechanical Turk endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Endpoint Protocol

Sandbox endpoint mturk-requester-sandbox.us-east-1.amazonaws.com HTTPS


for Amazon
Mechanical Turk
actions.

Production mturk-requester.us-east-1.amazonaws.com HTTPS


endpoint for
Amazon Mechanical
Turk actions.

Amazon Managed Streaming for Apache Kafka


endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
355
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 kafka.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 kafka.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 kafka.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 kafka.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 kafka.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- kafka.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- kafka.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- kafka.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- kafka.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- kafka.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- kafka.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 kafka.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- kafka.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- kafka.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Version 1.0
356
AWS General Reference Reference guide
MediaConnect

Region Region Endpoint Protocol


Name

Europe eu-west-1 kafka.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 kafka.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- kafka.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 kafka.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 kafka.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- kafka.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 kafka.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- kafka.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- kafka.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

AWS Elemental MediaConnect endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 mediaconnect.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 mediaconnect.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
357
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 mediaconnect.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 mediaconnect.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 mediaconnect.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- mediaconnect.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- mediaconnect.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- mediaconnect.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- mediaconnect.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- mediaconnect.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- mediaconnect.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mediaconnect.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mediaconnect.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 mediaconnect.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 mediaconnect.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 mediaconnect.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
358
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default Comments

Entitlements 50 per flow The maximum number of


entitlements that you can grant
on a flow.

Flows 20 per AWS Region The maximum number of flows


that you can create in each AWS
Region.

Outputs 50 per flow The maximum number of


outputs that a flow can have.

Sources 2 per flow The maximum number of


sources that you can assign to a
flow.

VPC interfaces 2 per flow The maximum number of VPC


interfaces that a flow can have.

AWS Elemental MediaConvert endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Use these endpoints only to request an account-specific endpoint, using the DescribeEndpoints
operation. Send all your transcoding requests to the account-specific endpoint that the service returns.
For more information, see Getting Started with the API in the MediaConvert API Reference.

Region Region Endpoint Protocol


Name

US East us-east-2 mediaconvert.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 mediaconvert.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 mediaconvert.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 mediaconvert.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
359
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- mediaconvert.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- mediaconvert.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- mediaconvert.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- mediaconvert.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- mediaconvert.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- mediaconvert.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn- subscribe.mediaconvert.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- mediaconvert.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mediaconvert.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mediaconvert.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 mediaconvert.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 mediaconvert.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 mediaconvert.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- mediaconvert.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
360
AWS General Reference Reference guide
Service Quotas

Service Quotas

Resource Default

Backlog of jobs waiting to be 100,000


processed, per queue

Concurrent jobs across all on-demand Varies by Region.


queues, baseline
40 in these
The initial number of jobs that your Regions:
account can run concurrently, spread
across all of your on-demand queues in • US East (N.
all Regions. Virginia)
• US West (N.
California)
• Europe (Ireland)

20 in all other
Regions

Concurrent jobs processed per on- Varies by Region.


demand queue, peak
200 in these
When you have a sustained load of Regions:
queued on-demand jobs, MediaConvert
dynamically scales the number of jobs • US East (N.
that you can run at once to match your Virginia)
workload. The scaling stops at this peak • US West (N.
quota. California)
• Europe (Ireland)

100 in all other


Regions

Concurrent jobs processed per reserved Equal to the


queue number of
reserved
transcoding slots
(RTS) purchased in
the contract.

Custom job templates, per account 100

Custom output presets, per account 100

Queues (on-demand) per Region, per 10


account

Queues (reserved) per Region, per 30


account

Request rate for DescribeEndpoints 0.01667 TPS


(Once per 60
seconds)

Version 1.0
361
AWS General Reference Reference guide
MediaLive

Resource Default
This endpoint is
specific to your
AWS account and
won't change.
Request this
endpoint once,
and then hardcode
or cache it.

Request rate for DescribeEndpoints, in 0


a burst

Request rate for CreateJob 5 TPS (5


transactions per
second)

Request rate for requests other than 2 TPS (2


CreateJob and DescribeEndpoints transactions per
second)

Request rate for requests other than 100 TPS (100


DescribeEndpoints, in a burst transactions per
second)

AWS Elemental MediaLive endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
When you submit requests using the AWS CLI or SDKs, either leave the Region and endpoint unspecified,
or specify us-east-1 as the Region. When you submit requests using the MediaLive API, use the us-east-1
Region to sign requests. For more information about signing MediaLive API requests, see Signature
Version 4 signing process (p. 560).

Region Region Endpoint Protocol


Name

US East us-east-2 medialive.us-east-2.amazonaws.com HTTPS


(Ohio)
medialive-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 medialive.us-east-1.amazonaws.com HTTPS


Virginia)
medialive-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 medialive.us-west-2.amazonaws.com HTTPS


(Oregon)
medialive-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
362
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- medialive.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- medialive.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- medialive.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- medialive.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- medialive.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- medialive.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 medialive.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 medialive.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 medialive.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 medialive.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 medialive.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas

Resource or Operation Default Quota Comments

Channels 5 The maximum number of channels that you ca


account in the current Region.

Channels with HEVC 5 The maximum number of channels that include


outputs that you can create in this account in th

Channels with UHD 1 The maximum number of channels that include


you can create in this account in the current Re

Version 1.0
363
AWS General Reference Reference guide
MediaPackage

Resource or Operation Default Quota Comments


For information about the maximum number o
these channels, see AWS Elemental MediaLive f
limits.

Inputs of type push (not 5 The maximum number of push inputs (not inclu
including VPC push inputs) inputs) that you can create in this account in th

Inputs of type pull 100 The maximum number of pull inputs that you c
account in the current Region.

Inputs of type VPC push 50 The maximum number of VPC push inputs that
this account in the current Region.

Inputs of type Elemental 1 The maximum number of Elemental Link input


Link in this account in the current Region.

Input security groups 5 The maximum number of input security groups


in this account in the current Region.

Multiplexes 2 The maximum number of channels that you ca


current Region in this account in the current Re

Reservations 50 The maximum number of reservations that you


account in the current Region.

AWS Elemental MediaPackage endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
These are the endpoints for live content workflows.

Region Region Endpoint Protocol


Name

US East (N. us-east-1 mediapackage.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 mediapackage.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 mediapackage.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
364
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- mediapackage.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- mediapackage.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- mediapackage.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- mediapackage.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- mediapackage.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- mediapackage.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mediapackage.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mediapackage.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 mediapackage.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 mediapackage.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 mediapackage.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

These are the endpoints for video on demand (VOD) content workflows.

Region Region Endpoint Protocol


Name

US East (N. us-east-1 mediapackage-vod.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 mediapackage-vod.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 mediapackage-vod.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
365
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- mediapackage-vod.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- mediapackage-vod.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- mediapackage-vod.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- mediapackage-vod.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- mediapackage-vod.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Europe eu- mediapackage-vod.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mediapackage-vod.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mediapackage-vod.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 mediapackage-vod.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 mediapackage-vod.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 mediapackage-vod.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
You can request increases on the following quotas. For more information about AWS Elemental
MediaPackage quotas, including quotas that can't be increased, see Quotas in the AWS Elemental
MediaPackage User Guide.

Live Content

Resource Default

Maximum channels per account 30

Maximum endpoints per channel 10

Version 1.0
366
AWS General Reference Reference guide
MediaStore

VOD Content

Resource Default

Maximum packaging groups 10

Maximum packaging configurations per 10


packaging group

Maximum assets per packaging group 1000

AWS Elemental MediaStore endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 mediastore.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 mediastore.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- mediastore.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- mediastore.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- mediastore.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- mediastore.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mediastore.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mediastore.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 mediastore.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
367
AWS General Reference Reference guide
Service Quotas

Service Quotas

Resource or Default Comments


Operation

Containers 100 The maximum number of containers that you can


create in this account.

DeleteObject 100 transactions per The maximum number of operation requests that
second (TPS) you can make per second. Additional requests are
throttled.

You can request a quota increase.

DescribeObject 1,000 TPS The maximum number of operation requests that


you can make per second. Additional requests are
throttled.

You can request a quota increase.

Folder levels 10 The maximum number of folder levels that you


can create in a container. You can create as many
folders as you want, as long as they are not nested
more than 10 levels within a container.

Folders Unlimited You can create as many folders as you want, as


long as they are not nested more than 10 levels
within a container.

GetObject – 1,000 TPS The maximum number of operation requests that


Standard upload you can make per second. Additional requests are
availability throttled.

You can request a quota increase.

GetObject – 25 TPS The maximum number of operation requests that


Streaming upload you can make per second. Additional requests are
availability throttled.

You can request a quota increase.

ListItems 5 TPS The maximum number of operation requests that


you can make per second. Additional requests are
throttled.

You can request a quota increase.

Object size 25 MB The maximum file size of a single object.

Objects Unlimited You can upload as many objects as you want to a


folder or container in your account.

PutObject – 100 TPS The maximum number of operation requests that


Standard upload you can make per second. Additional requests are
availability throttled.

You can request a quota increase. In the request,


specify the requested TPS and average object size.

Version 1.0
368
AWS General Reference Reference guide
MediaTailor

Resource or Default Comments


Operation

PutObject – 10 TPS The maximum number of operation requests that


Streaming upload you can make per second. Additional requests are
availability throttled.

You can request a quota increase. In the request,


specify the requested TPS and average object size.

Rules in an object 10 The maximum number of rules that you can


lifecycle policy include in an object lifecycle policy.

Rules in a metric 5 The maximum number of rules that you can


policy include in a metric policy.

You can request a quota increase.

For more information, see Quotas in the AWS Elemental MediaStore User Guide.

AWS Elemental MediaTailor endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 api.mediatailor.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US West us-west-2 api.mediatailor.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Asia ap- api.mediatailor.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- api.mediatailor.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- api.mediatailor.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Europe eu- api.mediatailor.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Version 1.0
369
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-1 api.mediatailor.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Service Quotas
Resource Default Comment

Transactions 10,000 concurrent This is an account-level quota.


transactions per
second across Your transactions per second are
all request types largely dependent on how often the
(such as manifest player requests updated manifests. For
requests and example, a player with eight second
tracking requests segments might update the manifest
for client-side every eight seconds. The player, then,
reporting). generates 0.125 transactions per
second.

For more information about AWS Elemental MediaTailor quotas, including quotas that can't be increased,
see Quotas in the AWS Elemental MediaTailor User Guide.

AWS Migration Hub endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The migration tools that integrate with AWS Migration Hub send migration status to the Migration Hub
in the home region you choose. For information about choosing a home region, see The AWS Migration
Hub Home Region in the AWS Migration Hub User Guide.

Region Region Endpoint Protocol


Name

US East (N. us-east-1 mgh.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 mgh.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- mgh.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
370
AWS General Reference Reference guide
Amazon MQ

Region Region Endpoint Protocol


Name

Asia ap- mgh.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- mgh.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mgh.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mgh.eu-west-2.amazonaws.com HTTPS


(London)

Amazon MQ endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 mq.us-east-2.amazonaws.com HTTPS


(Ohio)
mq-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 mq.us-east-1.amazonaws.com HTTPS


Virginia)
mq-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 mq.us-west-1.amazonaws.com HTTPS


West (N.
California) mq-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 mq.us-west-2.amazonaws.com HTTPS


(Oregon)
mq-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 mq.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- mq.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
371
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Asia ap- mq.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- mq.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- mq.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- mq.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- mq.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- mq.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 mq.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 mq.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- mq.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 mq.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 mq.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- mq.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 mq.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
For more information, see Amazon MQ Quotas in the Amazon MQ Developer Guide.

Version 1.0
372
AWS General Reference Reference guide
Neptune

Amazon Neptune endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 rds.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 rds.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 rds.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- rds.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- rds.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- rds.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- rds.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- rds.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- rds.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn- rds.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Version 1.0
373
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- rds.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 rds.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu-west-3 rds.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- rds.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 rds.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East)

AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

Service Quotas

Resource Default

US East (N. Virginia) Region: Maximum instances is 3.

Maximum instances

AWS Network Firewall endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
374
AWS General Reference Reference guide
Service endpoints

Service endpoints
AWS Network Firewall has a single endpoint: network-firewall.amazonaws.com. It supports HTTPS
requests only.

Region Region Endpoint Protocol


Name

US East (N. us-east-1 network-firewall.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 network-firewall.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- network-firewall.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Europe eu-west-1 network-firewall.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service quotas
For a listing of Network Firewall quotas, see AWS Network Firewall quotas in the Network Firewall
developer guide.

Transit Gateway Network Manager


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US West us-west-2 networkmanager.us-west-2.amazonaws.com HTTPS


(Oregon)

Service Quotas
For more information, see Network Manager Quotas.

AWS OpsWorks endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
375
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS OpsWorks CM
You can create and manage AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet
Enterprise servers in the following Regions. Resources can be managed only in the Region in which
they are created. Resources that are created in one Regional endpoint are not available, nor can they be
cloned to, another Regional endpoint.

Region Region Endpoint Protocol


Name

US East us-east-2 opsworks-cm.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 opsworks-cm.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 opsworks-cm.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 opsworks-cm.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- opsworks-cm.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- opsworks-cm.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- opsworks-cm.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- opsworks-cm.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 opsworks-cm.eu-west-1.amazonaws.com HTTPS


(Ireland)

AWS OpsWorks Stacks


You can create and manage AWS OpsWorks resources in all Regions except AWS GovCloud (US-West) and
the China (Beijing) Region. The Canada (Central) Region Region is API-only; you cannot create stacks in
Canada (Central) Region by using the AWS Management Console. Resources can be managed only in the
Region in which they are created. Resources that are created in one Regional endpoint are not available,
nor can they be cloned to, another Regional endpoint.

Version 1.0
376
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 opsworks.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 opsworks.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 opsworks.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 opsworks.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- opsworks.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- opsworks.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- opsworks.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- opsworks.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- opsworks.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- opsworks.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- opsworks.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 opsworks.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 opsworks.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 opsworks.eu-west-3.amazonaws.com HTTPS


(Paris)

South sa-east-1 opsworks.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
377
AWS General Reference Reference guide
Service Quotas

Service Quotas
AWS OpsWorks CM

Resource Default

Chef or Puppet servers 5

User-initiated (manual) backup generations 10

Automated (scheduled) backup generations 30

AWS OpsWorks Stacks

Resource Default

Stacks 40

Layers per stack 40

Instances per stack 40

Apps per stack 40

AWS Organizations endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Note
Because AWS Organizations is a global service, there is a single global endpoint for all of the
AWS Regions in each partition.

Region Region Endpoint Protocol


Name

US East us-east-2 organizations.us-east-1.amazonaws.com HTTPS


(Ohio)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

US East (N. us-east-1 organizations.us-east-1.amazonaws.com HTTPS


Virginia)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
378
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 organizations.us-east-1.amazonaws.com HTTPS


West (N.
California) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 organizations.us-east-1.amazonaws.com HTTPS


(Oregon)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Africa af-south-1 organizations.us-east-1.amazonaws.com HTTPS


(Cape
Town) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap-east-1 organizations.us-east-1.amazonaws.com HTTPS


Pacific
(Hong organizations.us-east-1.amazonaws.com HTTPS
Kong)
organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific northeast-3
(Osaka- organizations.us-east-1.amazonaws.com HTTPS
Local)
organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Asia ap- organizations.us-east-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
379
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Canada ca- organizations.us-east-1.amazonaws.com HTTPS


(Central) central-1
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

China cn-north-1 organizations.cn-northwest-1.amazonaws.com.cn HTTPS


(Beijing)
organizations.cn-northwest-1.amazonaws.com.cn HTTPS

China cn- organizations.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1
organizations.cn-northwest-1.amazonaws.com.cn HTTPS

Europe eu- organizations.us-east-1.amazonaws.com HTTPS


(Frankfurt) central-1
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-1 organizations.us-east-1.amazonaws.com HTTPS


(Ireland)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-2 organizations.us-east-1.amazonaws.com HTTPS


(London)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Europe eu- organizations.us-east-1.amazonaws.com HTTPS


(Milan) south-1
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-3 organizations.us-east-1.amazonaws.com HTTPS


(Paris)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Europe eu-north-1 organizations.us-east-1.amazonaws.com HTTPS


(Stockholm)
organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Middle me- organizations.us-east-1.amazonaws.com HTTPS


East south-1
(Bahrain) organizations.us-east-1.amazonaws.com HTTPS

organizations-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
380
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 organizations.us-east-1.amazonaws.com HTTPS


America
(São organizations.us-east-1.amazonaws.com HTTPS
Paulo)
organizations-fips.us-east-1.amazonaws.com HTTPS

AWS us-gov- organizations.us-gov-west-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) organizations.us-gov-west-1.amazonaws.com HTTPS

organizations.us-gov-west-1.amazonaws.com HTTPS

AWS us-gov- organizations.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) organizations.us-gov-west-1.amazonaws.com HTTPS

organizations.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Accounts per organization Varies. Contact Customer


Support.

Invitations sent per day 20

For more information, see Quotas of AWS Organizations in the AWS Organizations User Guide.

AWS Outposts endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 outposts.us-east-2.amazonaws.com HTTPS


(Ohio)
outposts-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 outposts.us-east-1.amazonaws.com HTTPS


Virginia)
outposts-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
381
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 outposts.us-west-1.amazonaws.com HTTPS


West (N.
California) outposts-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 outposts.us-west-2.amazonaws.com HTTPS


(Oregon)
outposts-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 outposts.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 outposts.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- outposts.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- outposts.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- outposts.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- outposts.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- outposts.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- outposts.ca-central-1.amazonaws.com HTTPS


(Central) central-1
outposts-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- outposts.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 outposts.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 outposts.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- outposts.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 outposts.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
382
AWS General Reference Reference guide
Amazon Personalize

Region Region Endpoint Protocol


Name

Europe eu-north-1 outposts.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- outposts.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 outposts.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- outposts.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) outposts.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- outposts.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) outposts.us-gov-west-1.amazonaws.com HTTPS

Amazon Personalize endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Personalize

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 personalize.us- HTTPS


east-1.amazonaws.com

US East (Ohio) us-east-2 personalize.us- HTTPS


east-2.amazonaws.com

US West (Oregon) us-west-2 personalize.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 personalize.ap- HTTPS


northeast-1.amazonaws.com

Asia Pacific (Mumbai) ap-south-1 personalize.ap- HTTPS


south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 personalize.ap- HTTPS


northeast-2.amazonaws.com

Version 1.0
383
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

Asia Pacific (Singapore) ap-southeast-1 personalize.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 personalize.ap- HTTPS


southeast-2.amazonaws.com

Canada (Central) ca-central-1 personalize.ca- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 personalize.eu- HTTPS


west-1.amazonaws.com

Europe (Frankfurt) eu-central-1 personalize.eu- HTTPS


central-1.amazonaws.com

Amazon Personalize Events

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 personalize-events.us- HTTPS


east-1.amazonaws.com

US East (Ohio) us-east-2 personalize-events.us- HTTPS


east-2.amazonaws.com

US West (Oregon) us-west-2 personalize-events.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 personalize-events.ap- HTTPS


northeast-1.amazonaws.com

Asia Pacific (Mumbai) ap-south-1 personalize-events.ap- HTTPS


south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 personalize-events.ap- HTTPS


northeast-2.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 personalize-events.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 personalize-events.ap- HTTPS


southeast-2.amazonaws.com

Canada (Central) ca-central-1 personalize-events.ca- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 personalize-events.eu- HTTPS


west-1.amazonaws.com

Europe (Frankfurt) eu-central-1 personalize-events.eu- HTTPS


central-1.amazonaws.com

Version 1.0
384
AWS General Reference Reference guide
Amazon Pinpoint

Amazon Personalize Runtime

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 personalize-runtime.us- HTTPS


east-1.amazonaws.com

US East (Ohio) us-east-2 personalize-runtime.us- HTTPS


east-2.amazonaws.com

US West (Oregon) us-west-2 personalize-runtime.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 personalize-runtime.ap- HTTPS


northeast-1.amazonaws.com

Asia Pacific (Mumbai) ap-south-1 personalize-runtime.ap- HTTPS


south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 personalize-runtime.ap- HTTPS


northeast-2.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 personalize-runtime.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 personalize-runtime.ap- HTTPS


southeast-2.amazonaws.com

Canada (Central) ca-central-1 personalize-runtime.ca- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 personalize-runtime.eu- HTTPS


west-1.amazonaws.com

Europe (Frankfurt) eu-central-1 personalize-runtime.eu- HTTPS


central-1.amazonaws.com

Amazon Pinpoint endpoints and quotas


Amazon Pinpoint includes the Amazon Pinpoint API and the Amazon Pinpoint SMS and Voice API.

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
385
AWS General Reference Reference guide
Service endpoints

Service endpoints
Amazon Pinpoint API

Region Region Endpoint Protocol


Name

US East (N. us-east-1 pinpoint.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 pinpoint.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- pinpoint.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- pinpoint.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- pinpoint.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- pinpoint.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- pinpoint.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- pinpoint.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- pinpoint.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 pinpoint.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 pinpoint.eu-west-2.amazonaws.com HTTPS


(London)

AWS us-gov- pinpoint.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Note
You can't use the Amazon Pinpoint API to send SMS messages in the Asia Pacific (Seoul) Region.

Version 1.0
386
AWS General Reference Reference guide
Service quotas

Amazon Pinpoint SMS and Voice API

Region Region Endpoint Protocol


Name

US East (N. us-east-1 sms-voice.pinpoint.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 sms-voice.pinpoint.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- sms-voice.pinpoint.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- sms-voice.pinpoint.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Europe eu- sms-voice.pinpoint.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 sms-voice.pinpoint.eu-west-1.amazonaws.com HTTPS


(Ireland)

Note
The Amazon Pinpoint SMS and Voice API is not available in the following Regions:

• Asia Pacific (Seoul) Region


• Asia Pacific (Singapore) Region
• Asia Pacific (Tokyo) Region
• Canada (Central) Region
• Europe (London) Region

Service quotas
Resource Default

Active campaigns per account 200 per account.


Note
An active campaign is
a campaign that hasn't
completed or failed.
Active campaigns have
a status of SCHEDULED,
EXECUTING, or
PENDING_NEXT_RUN.

Concurrent endpoint import jobs per account 10 per account.

Message sends per campaign activity 100 million.

Total file size per endpoint import job 1 GB per import job.

Version 1.0
387
AWS General Reference Reference guide
Service quotas

Resource Default

SMS account spend threshold USD$1.00 per account.

Maximum number of Amazon SNS topics for two-way SMS 100,000 per account.

Number of emails that you can send in a 24-hour period (sending 200 emails per 24-hour period
quota) for accounts in the sandbox.

Number of emails that you can send each second (sending rate) 1 email per second for accounts
in the sandbox.

Email recipient addresses Accounts in the sandbox can


only send email to recipients
whose email addresses or
domains have been verified.

Number of voice messages that you can send in a 24-hour period. 20 messages per 24-hour period
for accounts in the sandbox.

Number of voice messages that you can send per minute. 5 messages per minute for
accounts in the sandbox.

Voice message length. 30 second length for accounts in


the sandbox.

Ability to send voice messages to international phone numbers. Accounts in the sandbox can
only send messages to recipients
in the following countries and
Regions:

• Australia
• Canada
• China
• Germany
• Hong Kong
• Israel
• Japan
• Mexico
• Singapore
• Sweden
• The United States
• The United Kingdom

The sandbox for the email channel is separate from the sandbox for the voice channel. To gain
production access for both channels, you have to complete the request form for both channels.

To learn more about requesting production access for the email channel, see Requesting production
access for email. To learn more about requesting production access for the voice channel, see Requesting
production access (Voice).

For more information, see Amazon Pinpoint quotas in the Amazon Pinpoint Developer Guide.

Version 1.0
388
AWS General Reference Reference guide
Amazon Polly

Amazon Polly endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 polly.us-east-2.amazonaws.com HTTPS


(Ohio)
polly-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 polly.us-east-1.amazonaws.com HTTPS


Virginia)
polly-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 polly.us-west-1.amazonaws.com HTTPS


West (N.
California) polly-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 polly.us-west-2.amazonaws.com HTTPS


(Oregon)
polly-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 polly.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- polly.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- polly.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- polly.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- polly.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- polly.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- polly.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Version 1.0
389
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn- polly.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- polly.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 polly.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 polly.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 polly.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 polly.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- polly.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 polly.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- polly.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) polly-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Throttle rate per IP address

100 transactions (requests) per second (tps) with a burst quota of 120 tps

Throttle Rate per Operation

Operation Default

Lexicon  

DeleteLexicon Any 2 transactions per second (tps) from these operations


combined.
PutLexicon
Maximum allowed burst of 4 tps.
GetLexicon

ListLexicons

Speech

DescribeVoices 80 rps with a burst quota of 100 tps

SynthesizeSpeech 80 rps with a burst quota of 100 tps

Version 1.0
390
AWS General Reference Reference guide
QLDB

Amazon QLDB endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon QLDB Control Plane

Region Region Endpoint Protocol


Name

US East us-east-2 qldb.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 qldb.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 qldb.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- qldb.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- qldb.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- qldb.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- qldb.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- qldb.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 qldb.eu-west-1.amazonaws.com HTTPS


(Ireland)

Amazon QLDB Transactional Data Plane

Region Region Endpoint Protocol


Name

US East us-east-2 session.qldb.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
391
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

US East (N. us-east-1 session.qldb.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 session.qldb.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- session.qldb.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- session.qldb.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- session.qldb.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- session.qldb.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu- session.qldb.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 session.qldb.eu-west-1.amazonaws.com HTTPS


(Ireland)

Service Quotas

Resource Default

The maximum number of active ledgers that you can create in this 5
account in the current Region

The maximum number of active journal exports to Amazon S3 per 2


ledger

The maximum number of active journal streams to Kinesis Data 5


Streams per ledger

For more information, see Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.

Amazon QuickSight endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
392
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
QuickSight

Region Region Endpoint Protocol


Name

US East us-east-2 quicksight.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 quicksight.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 quicksight.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- quicksight.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- quicksight.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- quicksight.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- quicksight.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- quicksight.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- quicksight.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- quicksight.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 quicksight.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 quicksight.eu-west-2.amazonaws.com HTTPS


(London)

South sa-east-1 quicksight.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- quicksight.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
393
AWS General Reference Reference guide
AWS RAM

For information about using Amazon QuickSight in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon QuickSight in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

QuickSight Websites
Region Name Region Endpoint

US East (Ohio) us-east-2 https://us-east-2.quicksight.amazonaws.com

US East (N. Virginia) us-east-1 https://us-east-1.quicksight.amazonaws.com

US West (Oregon) us-west-2 https://us-west-2.quicksight.aws.amazon.com

Asia Pacific ap-southeast-1 https://ap-southeast-1.quicksight.aws.amazon.com


(Singapore)

Asia Pacific (Sydney) ap-southeast-2 https://ap-southeast-2.quicksight.aws.amazon.com

Asia Pacific (Tokyo) ap-northeast-1 https://ap-northeast-1.quicksight.aws.amazon.com

Europe (Frankfurt) eu-central-1 https://eu-central-1.quicksight.aws.amazon.com

Europe (Ireland) eu-west-1 https://eu-west-1.quicksight.aws.amazon.com

Europe (London) eu-west-2 https://eu-west-2.quicksight.aws.amazon.com

AWS Resource Access Manager endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 ram.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 ram.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 ram.us-west-1.amazonaws.com HTTPS


West (N.
California)

Version 1.0
394
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 ram.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 ram.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ram.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ram.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ram.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ram.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ram.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ram.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ram.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 ram.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- ram.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- ram.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ram.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ram.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ram.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ram.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
395
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-north-1 ram.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ram.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ram.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ram.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- ram.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas

Resource Default

Maximum number of resource shares per account 5,000

Maximum number of shared principals per account 5,000

Maximum number of shared resources per account 5,000

Maximum number of pending invitations per account 20

Amazon Redshift endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 redshift.us-east-2.amazonaws.com HTTPS


(Ohio)
redshift-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
396
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 redshift.us-east-1.amazonaws.com HTTPS


Virginia)
redshift-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 redshift.us-west-1.amazonaws.com HTTPS


West (N.
California) redshift-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 redshift.us-west-2.amazonaws.com HTTPS


(Oregon)
redshift-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 redshift.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 redshift.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- redshift.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- redshift.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- redshift.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- redshift.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- redshift.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- redshift.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- redshift.ca-central-1.amazonaws.com HTTPS


(Central) central-1
redshift-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 redshift.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- redshift.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
397
AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol


Name

Europe eu- redshift.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 redshift.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 redshift.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- redshift.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 redshift.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 redshift.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- redshift.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 redshift.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- redshift.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) redshift.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- redshift.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) redshift.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Redshift in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using Amazon Redshift in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service quotas
For information about Amazon Redshift quotas and limits, see Quotas and limits in Amazon Redshift in
the Amazon Redshift Cluster Management Guide.

Amazon Rekognition endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
398
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 rekognition.us-east-2.amazonaws.com HTTPS


(Ohio)
rekognition-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 rekognition.us-east-1.amazonaws.com HTTPS


Virginia)
rekognition-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 rekognition.us-west-1.amazonaws.com HTTPS


West (N.
California) rekognition-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 rekognition.us-west-2.amazonaws.com HTTPS


(Oregon)
rekognition-fips.us-west-2.amazonaws.com HTTPS

Asia ap- rekognition.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- rekognition.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- rekognition.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- rekognition.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- rekognition.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- rekognition.ca-central-1.amazonaws.com HTTPS


(Central) central-1
rekognition-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- rekognition.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 rekognition.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 rekognition.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
399
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

AWS us-gov- rekognition.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) rekognition-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Rekognition in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

The following are differences for certain Amazon Rekognition features and AWS Regions.

Amazon Rekognition Video streaming API


The Amazon Rekognition Video streaming API is available in the following regions only.

• US East (N. Virginia)


• US West (Oregon)
• Asia Pacific (Tokyo)
• Europe (Frankfurt)
• Europe (Ireland)

Amazon Rekognition Custom Labels


Amazon Rekognition Custom Labels is available in the following regions only.

• US East (N. Virginia)


• US East (Ohio)
• US West (Oregon)
• Europe (Ireland)
• Asia Pacific (Singapore)
• Asia Pacific (Sydney)
• Asia Pacific (Tokyo)
• Asia Pacific (Seoul)

Canada (Central) Region


The Canada (Central) Region supports the following operations only.

• CompareFaces
• CreateCollection
• DeleteCollection
• DeleteFaces
• DescribeCollection
• DetectFaces
• IndexFaces
• ListCollections
• ListFaces
• SearchFaces

Version 1.0
400
AWS General Reference Reference guide
Service Quotas

• SearchFacesByImage

Service Quotas
The quotas listed on this page are defaults. You can request a quota increase for Amazon Rekognition
using the AWS Support Center. To request a quota increase for a Amazon Rekognition Transactions Per
Second (TPS) limit, follow the instructions at Default Quotas in Amazon Rekognition.
Note
These limits may be different in different regions. Making a case to change a limit affects the
API operation you request, in the region you request it. Other API operations and regions are not
affected.

Resource Default

Transactions per second per account for individual Amazon • US East (Ohio) Region – 5
Rekognition Image data plane operations: • US East (N. Virginia) Region –
50
• CompareFaces
• US West (N. California) Region
• DetectFaces –5
• DetectLabels
• US West (Oregon) Region – 50
• DetectModerationLabels • Asia Pacific (Mumbai) Region –
• DetectText 5
• GetCelebrityInfo • Asia Pacific (Seoul) Region – 5
• IndexFaces • Asia Pacific (Singapore) Region
• ListFaces –5
• RecognizeCelebrities • Asia Pacific (Sydney) Region –
• SearchFaces 5
• SearchFacesByImage • Asia Pacific (Tokyo) Region – 5
• Canada (Central) – 5 (For
supported operations, see
Service Endpoints (p. 399)).
• Europe (Frankfurt) Region – 5
• Europe (Ireland) Region – 50
• Europe (London) Region – 5
• AWS GovCloud (US-West) – 5

Transactions per second per account for the personal protective In each Region that Amazon
equipment data plane operation: Rekognition Image supports – 5

• DetectProtectiveEquipment

Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Image control plane operations: Rekognition Image supports – 5

• CreateCollection
• DeleteCollection
• DeleteFaces
• DescribeCollection
• ListCollections

Transactions per second per account for individual stored video In each Region that Amazon
start operations: Rekognition Video supports – 5

Version 1.0
401
AWS General Reference Reference guide
Service Quotas

Resource Default
• StartCelebrityRecognition Note that
• StartContentModeration StartCelebrityRecognition is not
available in the AWS GovCloud
• StartFaceDetection
region.
• StartFaceSearch
• StartLabelDetection
• StartPersonTracking
• StartTextDetection
• StartSegmentDetection

Transactions per second per account for individual Amazon • US East (Ohio) Region – 5
Rekognition Video stored video get operations: • US East (N. Virginia) Region –
20
• GetCelebrityRecognition
• US West (N. California) Region
• GetContentModeration –5
• GetFaceDetection
• US West (Oregon) Region – 20
• GetFaceSearch • Asia Pacific (Mumbai) Region –
• GetLabelDetection 5
• GetPersonTracking • Asia Pacific (Seoul) Region – 5
• GetTextDetection • Asia Pacific (Singapore) Region
• GetSegmentDetection –5
• Asia Pacific (Sydney) Region –
5
• Asia Pacific (Tokyo) Region – 5
• Europe (Frankfurt) Region – 5
• Europe (Ireland) Region – 20
• Europe (London) Region – 5
• AWS GovCloud (US-
West) –20 (Note that
GetCelebrityRecognition is not
available in this region.)

Maximum number of concurrent stored video jobs per account 20

Maximum number of streaming video stream processors per In each Region that Amazon
account that can simultaneously exist Rekognition Video supports – 10

Transactions per second per account for individual streaming video In each Region that Amazon
operations: Rekognition Video supports – 1

• CreateStreamProcessor
• DeleteStreamProcessor
• DescribeStreamProcessor
• ListStreamProcessors
• StartStreamProcessor
• StopStreamProcessor

Version 1.0
402
AWS General Reference Reference guide
Amazon RDS

Resource Default

Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Custom Labels control plane operations: Rekognition Custom Labels
supports – 5
• CreateProject
• CreateProjectVersion
• DeleteProject
• DeleteProjectVersion
• DescribeProjects
• DescribeProjectVersions
• StartProjectVersion
• StopProjectVersion

Maximum number of Amazon Rekognition Custom Labels projects 100


per account.

Maximum number of Amazon Rekognition Custom Labels models 100


per project.

Maximum number of concurrent Amazon Rekognition Custom • All regions except Asia Pacific
Labels training jobs per account. (Sydney) – 2
• Asia Pacific (Sydney) – 1

Maximum number of concurrently running Amazon Rekognition 2


Custom Labels models per account.

Maximum inference units per started model. 5

Maximum number of images per dataset. 250,000

For more information, see Amazon Rekognition Quotas.

Amazon Relational Database Service endpoints


and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon RDS

Region Region Endpoint Protocol


Name

US East us-east-2 rds.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
403
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
rds-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTPS


Virginia)
rds-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 rds.us-west-1.amazonaws.com HTTPS


West (N.
California) rds-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 rds.us-west-2.amazonaws.com HTTPS


(Oregon)
rds-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 rds.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- rds.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- rds.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- rds.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- rds.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- rds.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- rds.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- rds.ca-central-1.amazonaws.com HTTPS


(Central) central-1
rds-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 rds.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- rds.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
404
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu- rds.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 rds.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- rds.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 rds.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- rds.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 rds.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) rds.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) rds.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Relational Database Service in the AWS GovCloud (US-West)
Region, see AWS GovCloud (US-West) Endpoints.

For information about using Amazon Relational Database Service in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Amazon RDS Performance Insights

Region Region Endpoint Protocol


Name

US East us-east-2 pi.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 pi.us-east-1.amazonaws.com HTTPS


Virginia)

Version 1.0
405
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 pi.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 pi.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap-east-1 pi.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- pi.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- pi.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- pi.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- pi.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- pi.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- pi.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 pi.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- pi.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- pi.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 pi.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 pi.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 pi.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 pi.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
406
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 pi.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
Resource Default Quota

Authorizations per DB security group 20

Burst balance (for instances <1 TiB) 3000 IOPS

Cross-region snapshot copy requests 5

DB instances 40

DB security groups 25

DB subnet groups 50

Event subscriptions 20

IAM roles per DB instance 5

Manual snapshots 100

Option groups 20

Parameter groups 50

Proxies 20

Read replicas per primary 5

Reserved DB instances 40

Rules per security group 20

Rules per virtual private cloud (VPC) security group 50 inbound, 50


outbound

Subnets per subnet group 20

Tags per resource 50

Total storage for all DB instances 100 TB

VPC security groups 5

AWS Resource Groups endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
407
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Resource Groups

Region Region Endpoint Protocol


Name

US East us-east-2 resource-groups.us-east-2.amazonaws.com HTTPS


(Ohio)
resource-groups-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 resource-groups.us-east-1.amazonaws.com HTTPS


Virginia)
resource-groups-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 resource-groups.us-west-1.amazonaws.com HTTPS


West (N.
California) resource-groups-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 resource-groups.us-west-2.amazonaws.com HTTPS


(Oregon)
resource-groups-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 resource-groups.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 resource-groups.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- resource-groups.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- resource-groups.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- resource-groups.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- resource-groups.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- resource-groups.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Version 1.0
408
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- resource-groups.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- resource-groups.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 resource-groups.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- resource-groups.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- resource-groups.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 resource-groups.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 resource-groups.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- resource-groups.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 resource-groups.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 resource-groups.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- resource-groups.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 resource-groups.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- resource-groups.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) resource-groups.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- resource-groups.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) resource-groups.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
409
AWS General Reference Reference guide
Service Endpoints

Resource Groups Tagging API

Region Region Endpoint Protocol


Name

US East us-east-2 tagging.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 tagging.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 tagging.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 tagging.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 tagging.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 tagging.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- tagging.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- tagging.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- tagging.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- tagging.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- tagging.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- tagging.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- tagging.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 tagging.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

Version 1.0
410
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

China cn- tagging.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- tagging.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 tagging.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 tagging.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- tagging.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 tagging.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 tagging.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- tagging.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 tagging.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- tagging.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- tagging.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Service Quotas
Service Quotas for AWS Resource Groups are set on a per Region basis. When you request a service quota
increase, you must specify the AWS Region in which you want the increased quota.

Resource Default

Resource groups per account 100

AWS RoboMaker endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
411
AWS General Reference Reference guide
Service Endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 robomaker.us-east-1.amazonaws.com HTTPS


Virginia)

US East us-east-2 robomaker.us-east-2.amazonaws.com HTTPS


(Ohio)

US West us-west-2 robomaker.us-west-2.amazonaws.com HTTPS


(Oregon)

Europe eu-west-1 robomaker.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-central-1 robomaker.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Asia Pacific ap- robomaker.ap-southeast-1.amazonaws.com HTTPS


(Singapore) southeast-1

Asia Pacific ap- robomaker.ap-northeast-1.amazonaws.com HTTPS


(Tokyo) northeast-1

Service Quotas
Resource Default Adjustable Comments

Robot application 40 Yes The maximum number


of robot applications
you can create in this
account in the current
Region.

Robot application 40 Yes The maximum number


versions of versions you can
create for a Robot
Application.

Simulation application 40 Yes The maximum


number of simulation
applications you can
create in this account in
the current Region.

Simulation application 40 Yes The maximum number


versions of versions you can
create for a Simulation
Application.

Version 1.0
412
AWS General Reference Reference guide
Service Quotas

Resource Default Adjustable Comments

Concurrent simulation • US West (Oregon) Yes The maximum


jobs Region – 10 number of concurrent
• US East (N. Virginia) simulation jobs you can
Region – 10 run in this account in
the current Region.
• All other supported
regions – 5

Simulation job creation • US West (Oregon) No The maximum number


rate per minute Region – 10 of simulation jobs you
• US East (N. Virginia) can create per minute
Region – 10 in this account in the
current Region.
• All other supported
regions – 5

Minimum simulation 5 No The minimum duration


duration in minutes that you can
specify for a simulation
job.

Simulation duration 14 No The maximum


duration in days that a
simulation job can run
for including restarts.

Simulation job 90 No The maximum duration


retention time in days a simulation
job is retained. After
this time, you can no
longer retrieve or view
the simulation job.

Batch timeout 14 No The maximum timeout


in days for a simulation
job batch.

Minimum batch timeout 5 No The minimum timeout


in minutes that you can
specify for a simulation
job batch.

Concurrent simulation 5 Yes The maximum


job batches number of concurrent
simulation job batches
you can run in this
account in the current
Region.

Simulation job requests 20 Yes The maximum number


per batch of simulation job
requests that can
be submitted in a
StartSimulationJobBatch
call.

Version 1.0
413
AWS General Reference Reference guide
Service Quotas

Resource Default Adjustable Comments

Concurrent world 3 Yes The maximum number


generation jobs of concurrent world
generation jobs that
you can run in this
account in this region.

Concurrent world 3 Yes The maximum number


export jobs of concurrent world
export jobs that you
can run in this account
in this region.

Worlds per generation 50 No The maximum number


job of worlds in a world
generation job request.

Worlds per export job 1 No The maximum number


of worlds in a world
export job request.

World templates 40 Yes The maximum number


of world templates that
you can create in this
account in this region.

Robots 100 Yes The maximum number


of robots you can create
in this account in the
current Region.

Fleets 20 Yes The maximum number


of fleets you can create
in this account in the
current Region.

Robots per fleet 100 Yes The maximum number


of robots you can
register to a fleet.

Deployment job 90 No The maximum duration


retention time in days a deployment
job is retained. After
this time, you can no
longer retrieve or view
the deployment job.

Concurrent deployment 5 Yes The maximum


jobs number of concurrent
deployment jobs you
can run in this account
in the current Region.

Source size 5 No The maximum size (in


GB) for any source of
robot application or
simulation application.

Version 1.0
414
AWS General Reference Reference guide
Route 53

Amazon Route 53 endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Hosted zones, records, health checks, DNS query logs, reusable
delegation sets, traffic policies, and cost allocation tags
When you use the AWS CLI or SDKs to submit requests, you can either leave the Region and endpoint
unspecified, or specify the applicable Region:

• Route 53 in AWS Regions other than the AWS Beijing and Ningxia (China) Regions: specify us-east-1 as
the Region.
• Route 53 in China regions: specify cn-northwest-1.

When you use the Route 53 API to submit requests, use the same Regions as above to sign requests.
For more information about signing Route 53 API requests, see Signature Version 4 signing
process (p. 560).

Region Region Endpoint Protocol


Name

US East us-east-2 route53.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 route53.amazonaws.com HTTPS


Virginia)

US us-west-1 route53.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 route53.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 route53.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 route53.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- route53.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- route53.amazonaws.com HTTPS


Pacific northeast-3

Version 1.0
415
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Osaka-
Local)

Asia ap- route53.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- route53.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- route53.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- route53.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- route53.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 route53.amazonaws.com.cn HTTPS


(Beijing)

China cn- route53.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- route53.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 route53.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 route53.amazonaws.com HTTPS


(London)

Europe eu- route53.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 route53.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 route53.amazonaws.com HTTPS


(Stockholm)

Middle me- route53.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 route53.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
416
AWS General Reference Reference guide
Service Endpoints

Requests for domain registration

Region Region Endpoint Protocol


Name

US East (N. us-east-1 route53domains.us-east-1.amazonaws.com HTTPS


Virginia)

Requests for Route 53 Resolver

Region Region Endpoint Protocol


Name

US East us-east-2 route53resolver.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 route53resolver.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 route53resolver.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 route53resolver.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 route53resolver.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 route53resolver.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- route53resolver.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- route53resolver.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- route53resolver.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- route53resolver.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- route53resolver.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
417
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Canada ca- route53resolver.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- route53resolver.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 route53resolver.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 route53resolver.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- route53resolver.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 route53resolver.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 route53resolver.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- route53resolver.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 route53resolver.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- route53resolver.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- route53resolver.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Requests for Route 53 Auto Naming


Amazon Route 53 auto naming has been released as a separate service, AWS Cloud Map. For a list of
service endpoints, see Service Endpoints (p. 85). For AWS Cloud Map documentation, see AWS Cloud
Map Documentation.

Service Quotas
DNS and Domain Registration

Resource Default

Hosted zones 500

Domains 50

Resource record sets per hosted zone 10,000

Version 1.0
418
AWS General Reference Reference guide
SageMaker

Resource Default

Reusable delegation sets 100

Hosted zones that can use the same reusable delegation set 100

Amazon VPCs that you can associate with a private hosted zone 100

Health checks 200

Traffic policies 50

Traffic policy records 5

Route 53 Resolver

Resource Default

Endpoints per AWS Region 4 per AWS account

Rules per AWS Region 1,000 per AWS account

Associations between rules and VPCs per AWS Region 2,000 per AWS account

For more information, see Route 53 Quotas in the Amazon Route 53 Developer Guide.

Amazon SageMaker endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
The following table provides a list of Region-specific endpoints that SageMaker supports for training
and deploying models. This include creating and managing notebook instances, training jobs, model,
endpoint configurations, and endpoints.

Region Region Endpoint Protocol


Name

US East us-east-2 api.sagemaker.us-east-2.amazonaws.com HTTPS


(Ohio)
api-fips.sagemaker.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 api.sagemaker.us-east-1.amazonaws.com HTTPS


Virginia)
api-fips.sagemaker.us-east-1.amazonaws.com HTTPS

US us-west-1 api.sagemaker.us-west-1.amazonaws.com HTTPS


West (N.
California) api-fips.sagemaker.us-west-1.amazonaws.com HTTPS

Version 1.0
419
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 api.sagemaker.us-west-2.amazonaws.com HTTPS


(Oregon)
api-fips.sagemaker.us-west-2.amazonaws.com HTTPS

Africa af-south-1 api.sagemaker.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 api.sagemaker.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- api.sagemaker.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- api.sagemaker.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- api.sagemaker.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- api.sagemaker.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- api.sagemaker.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- api.sagemaker.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 api.sagemaker.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- api.sagemaker.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- api.sagemaker.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 api.sagemaker.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 api.sagemaker.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- api.sagemaker.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 api.sagemaker.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
420
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Europe eu-north-1 api.sagemaker.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- api.sagemaker.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 api.sagemaker.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- api.sagemaker.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) api-fips.sagemaker.us-gov- HTTPS
west-1.amazonaws.com
HTTPS
api.sagemaker.us-gov-west-1.amazonaws.com

The following table provides a list of Region-specific endpoints that Amazon SageMaker supports for
making inference requests against models hosted in SageMaker.

Region Region Endpoint Protocol


Name

US East us-east-2 runtime.sagemaker.us-east-2.amazonaws.com HTTPS


(Ohio)
runtime-fips.sagemaker.us- HTTPS
east-2.amazonaws.com

US East (N. us-east-1 runtime.sagemaker.us-east-1.amazonaws.com HTTPS


Virginia)
runtime-fips.sagemaker.us- HTTPS
east-1.amazonaws.com

US us-west-1 runtime.sagemaker.us-west-1.amazonaws.com HTTPS


West (N.
California) runtime-fips.sagemaker.us- HTTPS
west-1.amazonaws.com

US West us-west-2 runtime.sagemaker.us-west-2.amazonaws.com HTTPS


(Oregon)
runtime-fips.sagemaker.us- HTTPS
west-2.amazonaws.com

Africa af-south-1 runtime.sagemaker.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 runtime.sagemaker.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Version 1.0
421
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- runtime.sagemaker.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- runtime.sagemaker.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- runtime.sagemaker.ap- HTTPS


Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

Asia ap- runtime.sagemaker.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- runtime.sagemaker.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- runtime.sagemaker.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 runtime.sagemaker.cn- HTTPS


(Beijing) north-1.amazonaws.com.cn

China cn- runtime.sagemaker.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- runtime.sagemaker.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 runtime.sagemaker.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 runtime.sagemaker.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- runtime.sagemaker.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 runtime.sagemaker.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 runtime.sagemaker.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- runtime.sagemaker.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 runtime.sagemaker.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
422
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- runtime.sagemaker.us-gov- HTTPS


GovCloud west-1 west-1.amazonaws.com
(US-West) HTTPS
runtime.sagemaker.us-gov-
west-1.amazonaws.com

Service Quotas
SageMaker quotas for new accounts might be different from the default quotas listed here. If you receive
an error that you've exceeded your quota, contact customer service to request a quota increase for the
resources you want to use.

On-demand and Spot instance quotas are tracked and modified separately. For example, with the default
quotas, you could run up to 20 training jobs with on-demand ml.m4.xlarge instances and up to 20
training jobs with Managed Spot ml.m4.xlarge instances simultaneously. Request quota increases for on-
demand and spot instances separately.

Amazon SageMaker Notebooks

Resource Default

ml.t2.medium instances 30

ml.t2.large instances 30

ml.t2.xlarge instances 30

ml.t2.2xlarge instances 30

ml.t3.medium instances 30

ml.t3.large instances 30

ml.t3.xlarge instances 30

ml.t3.2xlarge instances 30

ml.m4.xlarge instances 30

ml.m4.2xlarge instances 30

ml.m4.4xlarge instances 15

ml.m4.10xlarge instances 8

ml.m4.16xlarge instances 8

ml.m5.xlarge instances 30

ml.m5.2xlarge instances 30

ml.m5.4xlarge instances 15

ml.m5.12xlarge instances 5

ml.m5.24xlarge instances 3

Version 1.0
423
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.c4.xlarge instances 30

ml.c4.2xlarge instances 30

ml.c4.4xlarge instances 30

ml.c4.8xlarge instances 30

ml.c5.xlarge instances 30

ml.c5.2xlarge instances 30

ml.c5.4xlarge instances 8

ml.c5.9xlarge instances 8

ml.c5.18xlarge instances 8

ml.c5d.xlarge instances 30

ml.c5d.2xlarge instances 30

ml.c5d.4xlarge instances 8

ml.c5d.9xlarge instances 8

ml.c5d.18xlarge instances 8

ml.p2.xlarge instances 1

ml.p2.8xlarge instances 1

ml.p2.16xlarge instances 1

ml.p3.2xlarge instances 3

ml.p3.8xlarge instances 3

ml.p3.16xlarge instances 3

Number of notebook instances 30

Amazon SageMaker Automatic Model Tuning

Resource Default

Number of concurrent hyperparameter tuning jobs 100

Number of hyperparameters that can be searched (every possible 20


value in a categorical hyperparameter counts against this quota)

Number of metrics defined per hyperparameter tuning job 20

Number of parallel training jobs per hyperparameter tuning job 10

Number of training jobs per hyperparameter tuning job 500

Maximum run time for a hyperparameter tuning job 30 days

Version 1.0
424
AWS General Reference Reference guide
Service Quotas

Amazon SageMaker Processing

Resource Default

ml.c4.2xlarge 20

ml.c4.4xlarge 20

ml.c4.8xlarge 20

ml.c4.xlarge 20

ml.c5.18xlarge 5

ml.c5.2xlarge 20

ml.c5.4xlarge 5

ml.c5.9xlarge 5

ml.c5.xlarge 20

ml.m4.10xlarge 5

ml.m4.16xlarge 5

ml.m4.2xlarge 20

ml.m4.4xlarge 10

ml.m4.xlarge 20

ml.m5.12xlarge 4

ml.m5.24xlarge 4

ml.m5.2xlarge 20

ml.m5.4xlarge 10

ml.m5.large 20

ml.m5.xlarge 65

ml.p2.16xlarge 4

ml.p2.8xlarge 4

ml.p2.xlarge 4

ml.p3.16xlarge 4

ml.p3.2xlarge 4

ml.p3.8xlarge 4

ml.r5.12xlarge 20

ml.r5.16xlarge 20

ml.r5.24xlarge 20

ml.r5.2xlarge 20

Version 1.0
425
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.r5.4xlarge 20

ml.r5.8xlarge 20

ml.r5.large 20

ml.r5.xlarge 20

ml.t3.2xlarge 5

ml.t3.large 20

ml.t3.medium 50

ml.t3.xlarge 10

Longest run time for a processing job 5 days

Number of instances across processing jobs 75

Number of instances for a processing job 20

Size of EBS volume for an instance 1 TB

Amazon SageMaker Training and Managed Spot Training

Resource Default

ml.m4.xlarge instances 20

ml.m4.2xlarge instances 20

ml.m4.4xlarge instances 10

ml.m4.10xlarge instances 5

ml.m4.16xlarge instances 5

ml.m5.large instances 20

ml.m5.xlarge instances 20

ml.m5.2xlarge instances 20

ml.m5.4xlarge instances 10

ml.m5.12xlarge instances 3

ml.m5.24xlarge instances 2

ml.c4.xlarge instances 20

ml.c4.2xlarge instances 20

ml.c4.4xlarge instances 20

ml.c4.8xlarge instances 20

ml.c5.xlarge instances 20

Version 1.0
426
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.c5.2xlarge instances 20

ml.c5.4xlarge instances 5

ml.c5.9xlarge instances 5

ml.c5.18xlarge instances 5

ml.p2.xlarge instances 1

ml.p2.8xlarge instances 1

ml.p2.16xlarge instances 1

ml.p3.2xlarge instances 2

ml.p3.8xlarge instances 2

ml.p3.16xlarge instances 2

Longest run time for a training job 5 days

Number of instances across training jobs 20

Number of instances for a training job 20

Size of EBS volume for an instance 1 TB

Amazon SageMaker Hosting

Resource Default

ml.t2.medium instances 30

ml.t2.large instances 30

ml.t2.xlarge instances 30

ml.t2.2xlarge instances 30

ml.m4.xlarge instances 30

ml.m4.2xlarge instances 30

ml.m4.4xlarge instances 15

ml.m4.10xlarge instances 8

ml.m4.16xlarge instances 8

ml.m5.large instances 30

ml.m5.xlarge instances 30

ml.m5.2xlarge instances 30

ml.m5.4xlarge instances 15

ml.m5.12xlarge instances 5

Version 1.0
427
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.m5.24xlarge instances 3

ml.m5d.large instances 30

ml.m5d.xlarge instances 30

ml.m5d.2xlarge instances 30

ml.m5d.4xlarge instances 15

ml.m5d.12xlarge instances 5

ml.m5d.24xlarge instances 3

ml.c4.large instances 30

ml.c4.xlarge instances 30

ml.c4.2xlarge instances 30

ml.c4.4xlarge instances 30

ml.c4.8xlarge instances 30

ml.c5.large instances 30

ml.c5.xlarge instances 30

ml.c5.2xlarge instances 30

ml.c5.4xlarge instances 8

ml.c5.9xlarge instances 8

ml.c5.18xlarge instances 8

ml.c5d.large instances 30

ml.c5d.xlarge instances 30

ml.c5d.2xlarge instances 30

ml.c5d.4xlarge instances 8

ml.c5d.9xlarge instances 8

ml.c5d.18xlarge instances 8

ml.p2.xlarge instances 3

ml.p2.8xlarge instances 3

ml.p2.16xlarge instances 3

ml.p3.2xlarge instances 3

ml.p3.8xlarge instances 3

ml.p3.16xlarge instances 3

ml.g4dn.xlarge instances 3

Version 1.0
428
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.g4dn.2xlarge instances 3

ml.g4dn.4xlarge instances 3

ml.g4dn.8xlarge instances 3

ml.g4dn.12xlarge instances 3

ml.g4dn.16xlarge instances 3

ml.r5.large instances 8

ml.r5.xlarge instances 8

ml.r5.2xlarge instances 4

ml.r5.4xlarge instances 4

ml.r5.12xlarge instances 5

ml.r5.24xlarge instances 5

ml.r5d.large instances 8

ml.r5d.xlarge instances 8

ml.r5d.2xlarge instances 4

ml.r5d.4xlarge instances 4

ml.r5d.12xlarge instances 5

ml.r5d.24xlarge instances 5

Number of instances across active endpoints 30

Number of instances for an endpoint 30

Total TPS for all endpoints 10,000

Maximum payload size for endpoint invocation 5 MB

Inference timeout for endpoint invocation 60 seconds

Amazon SageMaker Batch Transform

Resource Default

ml.m4.xlarge instances 20

ml.m4.2xlarge instances 20

ml.m4.4xlarge instances 10

ml.m4.10xlarge instances 5

ml.m4.16xlarge instances 5

ml.m5.large instances 20

Version 1.0
429
AWS General Reference Reference guide
Service Quotas

Resource Default

ml.m5.xlarge instances 20

ml.m5.2xlarge instances 20

ml.m5.4xlarge instances 10

ml.m5.12xlarge instances 3

ml.m5.24xlarge instances 2

ml.c4.xlarge instances 20

ml.c4.2xlarge instances 20

ml.c4.4xlarge instances 20

ml.c4.8xlarge instances 20

ml.c5.xlarge instances 20

ml.c5.2xlarge instances 20

ml.c5.4xlarge instances 5

ml.c5.9xlarge instances 5

ml.c5.18xlarge instances 5

ml.p2.xlarge instances 2

ml.p2.8xlarge instances 2

ml.p2.16xlarge instances 2

ml.p3.2xlarge instances 2

ml.p3.8xlarge instances 2

ml.p3.16xlarge instances 2

Longest run time for a transform job 5 days

Number of instances for a transform job 20

Maximum payload size for mini-batch inference 100 MB

Inference timeout for mini-batch inference 60 minutes

Amazon SageMaker Ground Truth

Resource Default

Concurrent labeling jobs 20

Dataset objects per labeling job 100,000

Version 1.0
430
AWS General Reference Reference guide
Secrets Manager

AWS Secrets Manager endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 secretsmanager.us-east-2.amazonaws.com HTTPS


(Ohio)
secretsmanager-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 secretsmanager.us-east-1.amazonaws.com HTTPS


Virginia)
secretsmanager-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 secretsmanager.us-west-1.amazonaws.com HTTPS


West (N.
California) secretsmanager-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 secretsmanager.us-west-2.amazonaws.com HTTPS


(Oregon)
secretsmanager-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 secretsmanager.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 secretsmanager.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- secretsmanager.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- secretsmanager.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- secretsmanager.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- secretsmanager.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
431
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- secretsmanager.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- secretsmanager.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- secretsmanager.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 secretsmanager.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- secretsmanager.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- secretsmanager.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 secretsmanager.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 secretsmanager.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- secretsmanager.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 secretsmanager.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 secretsmanager.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- secretsmanager.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 secretsmanager.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- secretsmanager.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) secretsmanager-fips.us-gov- HTTPS
east-1.amazonaws.com

AWS us-gov- secretsmanager.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) secretsmanager-fips.us-gov- HTTPS
west-1.amazonaws.com

Version 1.0
432
AWS General Reference Reference guide
Service Quotas

Service Quotas
The listed Service Quotas are available on a per region basis. For instance, Secrets Manager allows an
endpoint in us-east-2 a maximum number of 40,000 secrets and allows an endpoint in us-east-1 a
maximum of 40,000 secrets.

Resource Default

Max number of secrets in an AWS account 40,000

Max number of versions in a secret Approximately 100

Max number of labels you can attach to a version 20

Max number of versions a label can be attached to at the same time 1

Maximum length of a secret 65536 bytes

Maximum length of a resource-based policy - JSON text 20480 bytes

AWS Security Hub endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 securityhub.us-east-2.amazonaws.com HTTPS


(Ohio)
securityhub-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 securityhub.us-east-1.amazonaws.com HTTPS


Virginia)
securityhub-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 securityhub.us-west-1.amazonaws.com HTTPS


West (N.
California) securityhub-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 securityhub.us-west-2.amazonaws.com HTTPS


(Oregon)
securityhub-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 securityhub.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 securityhub.ap-east-1.amazonaws.com HTTPS


Pacific

Version 1.0
433
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Hong
Kong)

Asia ap- securityhub.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- securityhub.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- securityhub.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- securityhub.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- securityhub.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- securityhub.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 securityhub.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- securityhub.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- securityhub.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 securityhub.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 securityhub.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- securityhub.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 securityhub.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 securityhub.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- securityhub.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
434
AWS General Reference Reference guide
AWS STS

Region Region Endpoint Protocol


Name

South sa-east-1 securityhub.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- securityhub.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) securityhub-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- securityhub.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) securityhub-fips.us-gov-west-1.amazonaws.com HTTPS

AWS Security Token Service endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
By default, the AWS Security Token Service (AWS STS) is available as a global service, and all STS
requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional
STS endpoints to reduce latency, build in redundancy, and increase session token validity. Most Regional
endpoints are active by default, but you must manually enable endpoints for some Regions, such as Asia
Pacific (Hong Kong). You can deactivate STS endpoints for any Regions that are enabled by default if you
do not intend to use those Regions.

For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

Region Region Endpoint Protocol


Name

US East us-east-2 sts.us-east-2.amazonaws.com HTTPS


(Ohio)
sts-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 sts.us-east-1.amazonaws.com HTTPS


Virginia)
sts-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 sts.us-west-1.amazonaws.com HTTPS


West (N.
California) sts-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 sts.us-west-2.amazonaws.com HTTPS


(Oregon)
sts-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
435
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Africa af-south-1 sts.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 sts.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- sts.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- sts.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- sts.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- sts.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- sts.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- sts.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- sts.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 sts.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- sts.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- sts.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 sts.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 sts.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- sts.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 sts.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
436
AWS General Reference Reference guide
AWS SMS

Region Region Endpoint Protocol


Name

Europe eu-north-1 sts.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- sts.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 sts.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- sts.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- sts.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

For information about using AWS Security Token Service in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

For information about using AWS Security Token Service in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

AWS Server Migration Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 sms.us-east-2.amazonaws.com HTTPS


(Ohio)
sms-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 sms.us-east-1.amazonaws.com HTTPS


Virginia)
sms-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
437
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 sms.us-west-1.amazonaws.com HTTPS


West (N.
California) sms-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 sms.us-west-2.amazonaws.com HTTPS


(Oregon)
sms-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 sms.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 sms.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- sms.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- sms.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- sms.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- sms.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- sms.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- sms.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 sms.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- sms.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- sms.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 sms.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 sms.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- sms.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Version 1.0
438
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 sms.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 sms.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- sms.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 sms.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- sms.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) sms-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- sms.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) sms-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Concurrent VM migrations 50 per account

Maximum duration of service usage per VM (not per account), 90 days


beginning with the initial replication of a VM. We terminate an
ongoing replication after this period, unless a customer requests a
quota increase.

Service Quotas endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 servicequotas.us-east-2.amazonaws.com HTTPS


(Ohio)

Version 1.0
439
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 servicequotas.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 servicequotas.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 servicequotas.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 servicequotas.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 servicequotas.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- servicequotas.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- servicequotas.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- servicequotas.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- servicequotas.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- servicequotas.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- servicequotas.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- servicequotas.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- servicequotas.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 servicequotas.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 servicequotas.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
440
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- servicequotas.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 servicequotas.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 servicequotas.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- servicequotas.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 servicequotas.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas
None of the quotas for this service can be increased. The Service Quotas console provides information
about the quotas for the service. Along with viewing the default quotas, you can use the Service Quotas
console to request quota increases for adjustable quotas.

AWS Serverless Application Repository endpoints


and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 serverlessrepo.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 serverlessrepo.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 serverlessrepo.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 serverlessrepo.us-west-2.amazonaws.com HTTPS


(Oregon)

Version 1.0
441
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap-east-1 serverlessrepo.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- serverlessrepo.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- serverlessrepo.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- serverlessrepo.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- serverlessrepo.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- serverlessrepo.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- serverlessrepo.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 serverlessrepo.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- serverlessrepo.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- serverlessrepo.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 serverlessrepo.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 serverlessrepo.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 serverlessrepo.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 serverlessrepo.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- serverlessrepo.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 serverlessrepo.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
442
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- serverlessrepo.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) serverlessrepo.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- serverlessrepo.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) serverlessrepo.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Serverless Application Repository in the AWS GovCloud (US-West)
Region, see AWS GovCloud (US-West) Endpoints.

Service Quotas
Resource Default

Public applications (per AWS account per AWS Region) 100

Free Amazon S3 storage for code packages (per AWS account per 5 GB
AWS Region)

Application policy length 6,144 characters

For more information, see AWS Serverless Application Repository Quotas in the AWS Serverless
Application Repository Developer Guide.

AWS Service Catalog endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 servicecatalog.us-east-2.amazonaws.com HTTPS


(Ohio)
servicecatalog-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 servicecatalog.us-east-1.amazonaws.com HTTPS


Virginia)
servicecatalog-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 servicecatalog.us-west-1.amazonaws.com HTTPS


West (N.
California) servicecatalog-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
443
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 servicecatalog.us-west-2.amazonaws.com HTTPS


(Oregon)
servicecatalog-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 servicecatalog.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 servicecatalog.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- servicecatalog.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- servicecatalog.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- servicecatalog.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- servicecatalog.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- servicecatalog.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- servicecatalog.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- servicecatalog.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 servicecatalog.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 servicecatalog.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- servicecatalog.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 servicecatalog.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 servicecatalog.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- servicecatalog.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

Version 1.0
444
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 servicecatalog.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- servicecatalog.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) servicecatalog-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- servicecatalog.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) servicecatalog-fips.us-gov- HTTPS
west-1.amazonaws.com

Service Quotas

Regional quotas Default

Portfolios 100

Products 350

Portfolio quotas Default

Users, groups, and roles per portfolio 100

Products per portfolio 150

Tags per portfolio 20

Shared accounts per portfolio 5000

Tag values per tag key 25

Product quotas Default

Users, groups, and roles per product 200

Product versions per product 100

Tags per product 20

Tag values per tag key 25

Provisioned product quotas Default

Tags per provisioned product 50

Version 1.0
445
AWS General Reference Reference guide
Shield Advanced

Constraint quotas Default

Constraints per product per portfolio 100

Service action quotas Default

Service actions per region 200

Service action associations per product version 25

AWS Shield Advanced endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 shield.us-east-1.amazonaws.com HTTPS


(Ohio)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

US East (N. us-east-1 shield.us-east-1.amazonaws.com HTTPS


Virginia)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 shield.us-east-1.amazonaws.com HTTPS


West (N.
California) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 shield.us-east-1.amazonaws.com HTTPS


(Oregon)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Africa af-south-1 shield.us-east-1.amazonaws.com HTTPS


(Cape
Town) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap-east-1 shield.us-east-1.amazonaws.com HTTPS


Pacific

Version 1.0
446
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Hong shield.us-east-1.amazonaws.com HTTPS
Kong)
shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap- shield.us-east-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap- shield.us-east-1.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap- shield.us-east-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap- shield.us-east-1.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Asia ap- shield.us-east-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Canada ca- shield.us-east-1.amazonaws.com HTTPS


(Central) central-1
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Europe eu- shield.us-east-1.amazonaws.com HTTPS


(Frankfurt) central-1
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-1 shield.us-east-1.amazonaws.com HTTPS


(Ireland)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-2 shield.us-east-1.amazonaws.com HTTPS


(London)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
447
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- shield.us-east-1.amazonaws.com HTTPS


(Milan) south-1
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Europe eu-west-3 shield.us-east-1.amazonaws.com HTTPS


(Paris)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Europe eu-north-1 shield.us-east-1.amazonaws.com HTTPS


(Stockholm)
shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

Middle me- shield.us-east-1.amazonaws.com HTTPS


East south-1
(Bahrain) shield.us-east-1.amazonaws.com HTTPS

shield-fips.us-east-1.amazonaws.com HTTPS

South sa-east-1 shield.us-east-1.amazonaws.com HTTPS


America
(São shield.us-east-1.amazonaws.com HTTPS
Paulo)
shield-fips.us-east-1.amazonaws.com HTTPS

Service Quotas
AWS Shield Advanced offers advanced monitoring and protection for Elastic IP addresses, CloudFront
distributions, Route 53 hosted zones, or Elastic Load Balancing load balancers. You can monitor and
protect up to 1000 of each of these resource types per account. If you want to increase these quotas,
contact the AWS Support Center.

Amazon Simple Email Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
API Endpoints

Version 1.0
448
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 email.us- HTTPS


east-2.amazonaws.com

US East (N. us-east-1 email.us- HTTPS


Virginia) east-1.amazonaws.com

email-fips.us-
east-1.amazonaws.com

US West (N. us-west-1 email.us- HTTPS


California) west-1.amazonaws.com

US West (Oregon) us-west-2 email.us- HTTPS


west-2.amazonaws.com

email-fips.us-
west-2.amazonaws.com

Asia Pacific ap-south-1 email.ap- HTTPS


(Mumbai) south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 email.ap- HTTPS


northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 email.ap- HTTPS


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 email.ap- HTTPS


(Sydney) southeast-2.amazonaws.com

Asia Pacific ap-northeast-1 email.ap- HTTPS


(Tokyo) northeast-1.amazonaws.com

Canada (Central) ca-central-1 email.ca- HTTPS


central-1.amazonaws.com

Europe (Frankfurt) eu-central-1 email.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 email.eu- HTTPS


west-1.amazonaws.com

Europe (London) eu-west-2 email.eu- HTTPS


west-2.amazonaws.com

Europe (Paris) eu-west-3 email.eu- HTTPS


west-3.amazonaws.com

Europe eu-north-1 email.eu- HTTPS


(Stockholm) north-1.amazonaws.com

Middle East me-south-1 email.me- HTTPS


(Bahrain) south-1.amazonaws.com

South America sa-east-1 email.sa- HTTPS


(São Paulo) east-1.amazonaws.com

AWS GovCloud us-gov-west-1 email.us-gov- HTTPS


(US) west-1.amazonaws.com

Version 1.0
449
AWS General Reference Reference guide
Service Endpoints

Region Name Region Endpoint Protocol


email-fips.us-gov-
west-1.amazonaws.com

SMTP Endpoints
Note
SMTP endpoints are not currently available in Middle East (Bahrain).

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 email-smtp.us- SMTP


east-2.amazonaws.com

US East (N. us-east-1 email-smtp.us- SMTP


Virginia) east-1.amazonaws.com

email-smtp-
fips.us-
east-1.amazonaws.com

US West (N. us-west-1 email-smtp.us- SMTP


California) west-1.amazonaws.com

US West (Oregon) us-west-2 email-smtp.us- SMTP


west-2.amazonaws.com

email-smtp-
fips.us-
west-2.amazonaws.com

Asia Pacific ap-south-1 email-smtp.ap- SMTP


(Mumbai) south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 email-smtp.ap- SMTP


northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 email-smtp.ap- SMTP


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 email-smtp.ap- SMTP


(Sydney) southeast-2.amazonaws.com

Asia Pacific ap-northeast-1 email-smtp.ap- SMTP


(Tokyo) northeast-1.amazonaws.com

Canada (Central) ca-central-1 email-smtp.ca- SMTP


central-1.amazonaws.com

Europe (Frankfurt) eu-central-1 email-smtp.eu- SMTP


central-1.amazonaws.com

Europe (Ireland) eu-west-1 email-smtp.eu- SMTP


west-1.amazonaws.com

Europe (London) eu-west-2 email-smtp.eu- SMTP


west-2.amazonaws.com

Version 1.0
450
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Europe (Paris) eu-west-3 email-smtp.eu- SMTP


west-3.amazonaws.com

Europe eu-north-1 email-smtp.eu- SMTP


(Stockholm) north-1.amazonaws.com

South America sa-east-1 email-smtp.sa- SMTP


(São Paulo) east-1.amazonaws.com

AWS GovCloud us-gov-west-1 email- SMTP


(US) smtp.us-gov-
west-1.amazonaws.com

email-smtp-
fips.us-gov-
west-1.amazonaws.com

Email Receiving Endpoints

Amazon SES doesn't support email receiving in the following Regions: US East (Ohio), US West (N.
California) Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney),
Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (London), Europe (Paris), Europe
(Stockholm), Middle East (Bahrain), South America (São Paulo), and AWS GovCloud (US).

Region Name Region Receiving


Endpoint

US East (N. us-east-1 inbound-smtp.us-


Virginia) east-1.amazonaws.com

US West (Oregon) us-west-2 inbound-smtp.us-


west-2.amazonaws.com

Europe (Ireland) eu-west-1 inbound-smtp.eu-


west-1.amazonaws.com

Service Quotas
The following are the default quotas for Amazon SES in the sandbox environment.

Resource Default

Daily sending quota 200 messages per 24-hour


period.

Maximum send rate 1 email per second.


Note
The rate at which
Amazon SES accepts
your messages might be
less than the maximum
send rate.

Version 1.0
451
AWS General Reference Reference guide
AWS Signer

Resource Default

Recipient address verification All recipient addresses must be


verified.

For more information, see Quotas in Amazon SES in the Amazon Simple Email Service Developer Guide.

AWS Signer endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints for AWS Signer with Lambda

Region Region Endpoint Protocol


Name

US East us-east-2 signer.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 signer.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 signer.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 signer.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 signer.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 signer.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- signer.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- signer.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- signer.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
452
AWS General Reference Reference guide
Service Endpoints for AWS Signer with Lambda

Region Region Endpoint Protocol


Name

Asia ap- signer.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- signer.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- signer.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 signer.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- signer.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- signer.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 signer.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 signer.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- signer.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 signer.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 signer.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- signer.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 signer.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- signer.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- signer.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
453
AWS General Reference Reference guide
Service Endpoints for AWS Signer with IoT

Service Endpoints for AWS Signer with IoT

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 signer.us- HTTPS


east-2.amazonaws.com

US East (N. Virginia) us-east-1 signer.us- HTTPS


east-1.amazonaws.com

US West (N. California) us-west-1 signer.us- HTTPS


west-1.amazonaws.com

US West (Oregon) us-west-2 signer.us- HTTPS


west-2.amazonaws.com

Africa (Cape Town) af-south-1 signer.af- HTTPS


south-1.amazonaws.com

Asia Pacific (Hong ap-east-1 signer.ap- HTTPS


Kong) east-1.amazonaws.com

Asia Pacific (Mumbai) ap-south-1 signer.ap- HTTPS


south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 signer.ap- HTTPS


northeast-2.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 signer.ap- HTTPS


southeast-1.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 signer.ap- HTTPS


southeast-2.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 signer.ap- HTTPS


northeast-1.amazonaws.com

Canada (Central) ca-central-1 signer.ca- HTTPS


central-1.amazonaws.com

China (Beijing) cn-north-1 acm.cn- HTTPS


north-1.amazonaws.com.cn

China (Ningxia) cn-northwest-1 acm.cn- HTTPS


northwest-1.amazonaws.com.cn

Europe (Frankfurt) eu-central-1 signer.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 signer.eu- HTTPS


west-1.amazonaws.com

Europe (London) eu-west-2 signer.eu- HTTPS


west-2.amazonaws.com

Europe (Milan) eu-south-1 signer.eu- HTTPS


south-1.amazonaws.com

Version 1.0
454
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Europe (Paris) eu-west-3 signer.eu- HTTPS


west-3.amazonaws.com

Europe (Stockholm) eu-north-1 signer.eu- HTTPS


north-1.amazonaws.com

Middle East (Bahrain) me-south-1 signer.me- HTTPS


south-1.amazonaws.com

South America (São sa-east-1 signer.sa- HTTPS


Paulo) east-1.amazonaws.com

AWS GovCloud (US- us-gov-east-1 signer.us-gov- HTTPS


East) east-1.amazonaws.com

AWS GovCloud (US) us-gov-west-1 signer.us-gov- HTTPS


west-1.amazonaws.com

For information about using AWS Signer in the AWS GovCloud (US-West) Region, see AWS GovCloud (US-
West) Endpoints.

Service Quotas
You can make 5 calls per second to the StartSigningJob API operation. You can make 25 calls per
second to all other AWS Signer API operations. These quotas apply to each AWS region and each AWS
account.

Amazon Simple Notification Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 sns.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS

US East (N. us-east-1 sns.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 sns.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

Version 1.0
455
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 sns.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Africa af-south-1 sns.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 sns.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- sns.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- sns.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- sns.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- sns.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- sns.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- sns.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- sns.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 sns.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- sns.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- sns.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 sns.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 sns.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- sns.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Version 1.0
456
AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol


Name

Europe eu-west-3 sns.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 sns.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- sns.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 sns.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- sns.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East)

AWS us-gov- sns.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West)

Notes

• FIFO topics are supported in all Regions except the following:


• Asia Pacific (Osaka-Local)
• AWS GovCloud (US-East)
• AWS GovCloud (US-West)
• For information about using Amazon Simple Notification Service in the AWS GovCloud (US-
West) Region, see AWS GovCloud (US-West) Endpoints.
• For information about using Amazon Simple Notification Service in the China Regions, see:
• China (Beijing) Region Endpoints
• China (Ningxia) Region Endpoints

Service quotas
The following quotas determine how many Amazon SNS resources you can create in your AWS account,
and they determine the rate at which you can issue Amazon SNS API requests.

Amazon SNS resource


To request an increase, submit an SNS Quota Increase case.

Resource Default

Topics • Standard: 100,000 per


account
• FIFO: 1,000 per account

Version 1.0
457
AWS General Reference Reference guide
Service quotas

Resource Default

Subscriptions • Standard: 12,500,000 per


topic

For Kinesis Data Firehose


delivery streams, 5 per topic,
per subscription owner
• FIFO: 100 per topic

Pending subscriptions 5,000 per account

Account spend threshold for SMS 1.00 USD per account

Delivery rate for promotional SMS messages 20 messages per second

Delivery rate for transactional SMS messages 20 messages per second

Delivery rate for email messages 10 messages per second

Subscription filter policies 200 per account

Amazon SNS API throttling


The following quotas throttle the rate at which you can issue Amazon SNS API requests.

Hard
The following quotas cannot be increased.

API Transactions per second

ListEndpointsByPlatformApplication 30

ListTopics 30

ListPlatformApplications 15

ListSubscriptions 30

ListSubscriptionsByTopic 30

Subscribe 100

Unsubscribe 100

Soft
The following quotas vary by AWS Region.

Publish API throttling

API AWS Regions Standard topics FIFO topics

Publish US East (N. Virginia) 30,000 transactions per 300 transactions per
Region second second or 10 MB per
second, per topic,
whichever comes first

Version 1.0
458
AWS General Reference Reference guide
Service quotas

API AWS Regions Standard topics FIFO topics

US West (Oregon) 9,000 transactions per


Region second

Europe (Ireland) Region

US East (Ohio) Region 1,500 transactions per


second
US West (N. California)
Region

Asia Pacific (Mumbai)


Region

Asia Pacific (Seoul)


Region

Asia Pacific (Singapore)


Region

Asia Pacific (Sydney)


Region

Asia Pacific (Tokyo)


Region

Europe (Frankfurt)
Region

Africa (Cape Town) 300 transactions per


Region second

Asia Pacific (Hong


Kong) Region

Asia Pacific (Osaka-


Local) Region

Canada (Central) Region

China (Beijing) Region

China (Ningxia) Region

Europe (London) Region

Europe (Milan) Region

Europe (Paris) Region

Europe (Stockholm)
Region

Middle East (Bahrain)


Region

South America (São


Paulo) Region

Version 1.0
459
AWS General Reference Reference guide
Amazon SQS

Other API throttling

APIs AWS Regions Transactions per second

CheckIfPhoneNumberIsOptedOut US East (N. Virginia) Region 3,000

ConfirmSubscription US West (Oregon) Region 900

CreatePlatformApplication Europe (Ireland) Region

CreatePlatformEndpoint US East (Ohio) Region 150

CreateTopic US West (N. California) Region

DeleteEndpoint Asia Pacific (Mumbai) Region

DeletePlatformApplication Asia Pacific (Seoul) Region

DeleteTopic Asia Pacific (Singapore) Region

GetEndpointAttributes Asia Pacific (Sydney) Region

GetPlatformApplicationAttributes Asia Pacific (Tokyo) Region

GetSMSAttributes Europe (Frankfurt) Region

GetSubscriptionAttributes Africa (Cape Town) Region 30

GetTopicAttributes Asia Pacific (Hong Kong) Region

ListPhoneNumbersOptedOut Asia Pacific (Osaka-Local) Region

OptInPhoneNumber Canada (Central) Region

SetEndpointAttributes China (Beijing) Region

SetPlatformApplicationAttributes China (Ningxia) Region

SetSMSAttributes Europe (London) Region

SetSubscriptionAttributes Europe (Milan) Region

SetTopicAttributes Europe (Paris) Region

Europe (Stockholm) Region

Middle East (Bahrain) Region

South America (São Paulo)


Region

Amazon Simple Queue Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).

Version 1.0
460
AWS General Reference Reference guide
Service Endpoints

Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon SQS

Region Region Endpoint Protocol


Name

US East us-east-2 sqs.us-east-2.amazonaws.com HTTP and


(Ohio) HTTPS
sqs-fips.us-east-2.amazonaws.com
HTTPS

US East (N. us-east-1 sqs.us-east-1.amazonaws.com HTTP and


Virginia) HTTPS
sqs-fips.us-east-1.amazonaws.com
HTTPS

US us-west-1 sqs.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California) sqs-fips.us-west-1.amazonaws.com
HTTPS

US West us-west-2 sqs.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS
sqs-fips.us-west-2.amazonaws.com
HTTPS

Africa af-south-1 sqs.af-south-1.amazonaws.com HTTP and


(Cape HTTPS
Town)

Asia ap-east-1 sqs.ap-east-1.amazonaws.com HTTP and


Pacific HTTPS
(Hong
Kong)

Asia ap- sqs.ap-south-1.amazonaws.com HTTP and


Pacific south-1 HTTPS
(Mumbai)

Asia ap- sqs.ap-northeast-3.amazonaws.com HTTP and


Pacific northeast-3 HTTPS
(Osaka-
Local)

Asia ap- sqs.ap-northeast-2.amazonaws.com HTTP and


Pacific northeast-2 HTTPS
(Seoul)

Asia ap- sqs.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Version 1.0
461
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- sqs.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- sqs.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- sqs.ca-central-1.amazonaws.com HTTP and


(Central) central-1 HTTPS

China cn-north-1 sqs.cn-north-1.amazonaws.com.cn HTTP and


(Beijing) HTTPS

China cn- sqs.cn-northwest-1.amazonaws.com.cn HTTP and


(Ningxia) northwest-1 HTTPS

Europe eu- sqs.eu-central-1.amazonaws.com HTTP and


(Frankfurt) central-1 HTTPS

Europe eu-west-1 sqs.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

Europe eu-west-2 sqs.eu-west-2.amazonaws.com HTTP and


(London) HTTPS

Europe eu- sqs.eu-south-1.amazonaws.com HTTP and


(Milan) south-1 HTTPS

Europe eu-west-3 sqs.eu-west-3.amazonaws.com HTTP and


(Paris) HTTPS

Europe eu-north-1 sqs.eu-north-1.amazonaws.com HTTP and


(Stockholm) HTTPS

Middle me- sqs.me-south-1.amazonaws.com HTTP and


East south-1 HTTPS
(Bahrain)

South sa-east-1 sqs.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

AWS us-gov- sqs.us-gov-east-1.amazonaws.com HTTP and


GovCloud east-1 HTTPS
(US-East) sqs.us-gov-east-1.amazonaws.com
HTTPS

AWS us-gov- sqs.us-gov-west-1.amazonaws.com HTTP and


GovCloud west-1 HTTPS
(US-West) sqs.us-gov-west-1.amazonaws.com
HTTPS

For information about using Amazon Simple Queue Service in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

Version 1.0
462
AWS General Reference Reference guide
Service Endpoints

For information about using Amazon Simple Queue Service in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Amazon SQS Legacy Endpoints


If you use the AWS CLI or SDK for Python, you can use the following legacy endpoints.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 us- HTTP and HTTPS


east-2.queue.amazonaws.com

US East (N. Virginia) us-east-1 queue.amazonaws.com HTTP and HTTPS

US West (N. California) us-west-1 us- HTTP and HTTPS


west-1.queue.amazonaws.com

US West (Oregon) us-west-2 us- HTTP and HTTPS


west-2.queue.amazonaws.com

Africa (Cape Town) af-south-1 af- HTTP


south-1.queue.amazonaws.com

Asia Pacific (Mumbai) ap-south-1 ap- HTTP and HTTPS


south-1.queue.amazonaws.com

Asia Pacific (Osaka- ap-northeast-3 ap- HTTP and HTTPS


Local) northeast-3.queue.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 ap- HTTP and HTTPS


northeast-2.queue.amazonaws.com

Asia Pacific (Singapore) ap-southeast-1 ap- HTTP and HTTPS


southeast-1.queue.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 ap- HTTP and HTTPS


southeast-2.queue.amazonaws.com

Asia Pacific (Tokyo) ap-northeast-1 ap- HTTP and HTTPS


northeast-1.queue.amazonaws.com

Canada (Central) ca-central-1 ca- HTTP and HTTPS


central-1.queue.amazonaws.com

China (Beijing) cn-north-1 cn- HTTP and HTTPS


north-1.queue.amazonaws.com

China (Ningxia) cn-northwest-1 cn- HTTP and HTTPS


northwest-1.queue.amazonaws.com

Europe (Frankfurt) eu-central-1 eu- HTTP and HTTPS


central-1.queue.amazonaws.com

Europe (Ireland) eu-west-1 eu- HTTP and HTTPS


west-1.queue.amazonaws.com

Version 1.0
463
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Europe (London) eu-west-2 eu- HTTP and HTTPS


west-2.queue.amazonaws.com

Europe (Paris) eu-west-3 eu- HTTP and HTTPS


west-3.queue.amazonaws.com

Europe (Stockholm) eu-north-1 eu- HTTP and HTTPS


north-1.queue.amazonaws.com

South America (São sa-east-1 sa- HTTP and HTTPS


Paulo) east-1.queue.amazonaws.com

Service Quotas
For more information, see Amazon SQS Quotas in the Amazon Simple Queue Service Developer Guide and
the "Quotas and Restrictions" section of the Amazon SQS FAQs.

Amazon Simple Storage Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon S3 Endpoints
When you use the REST API to send requests to the endpoints shown in the table below, you can use the
virtual-hosted style and path-style methods. For more information, see Virtual Hosting of Buckets.

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

US East us-east-2 Standard endpoints: us-east-2 HTTP and Versions 4


(Ohio) HTTPS only
• s3.us-east-2.amazonaws.com
• s3-fips.us-
east-2.amazonaws.com
• s3.dualstack.us-
east-2.amazonaws.com**
• s3-fips.dualstack.us-
east-2.amazonaws.com**
• account-id.s3-control.us-
east-2.amazonaws.com

Version 1.0
464
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support
• account-id.s3-control-
fips.us-east-2.amazonaws.com
• account-id.s3-
control.dualstack.us-
east-2.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-
east-2.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-
east-2.amazonaws.com
• s3-accesspoint-fips.us-
east-2.amazonaws.com
• s3-accesspoint.dualstack.us-
east-2.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-
east-2.amazonaws.com**

Version 1.0
465
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

US East (N. us-east-1 Standard endpoints: us-east-1 HTTP and Versions 2


Virginia) HTTPS and 4
• s3.us-east-1.amazonaws.com
• s3-fips.us-
east-1.amazonaws.com
• s3.amazonaws.com
• s3.dualstack.us-
east-1.amazonaws.com**
• s3-fips.dualstack.us-
east-1.amazonaws.com**
• account-id.s3-control.us-
east-1.amazonaws.com
• account-id.s3-control-
fips.us-east-1.amazonaws.com
• account-id.s3-
control.dualstack.us-
east-1.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-
east-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-
east-1.amazonaws.com
• s3-accesspoint-fips.us-
east-1.amazonaws.com
• s3-accesspoint.dualstack.us-
east-1.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-
east-1.amazonaws.com**

Version 1.0
466
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

US West (N. us-west-1 Standard endpoints: us-west-1 HTTP and Versions 2


California) HTTPS and 4
• s3.us-west-1.amazonaws.com
• s3-fips.us-
west-1.amazonaws.com
• s3.dualstack.us-
west-1.amazonaws.com**
• s3-fips.dualstack.us-
west-1.amazonaws.com**
• account-id.s3-control.us-
west-1.amazonaws.com
• account-id.s3-
control-fips.us-
west-1.amazonaws.com
• account-id.s3-
control.dualstack.us-
west-1.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-
west-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-
west-1.amazonaws.com
• s3-accesspoint-fips.us-
west-1.amazonaws.com
• s3-accesspoint.dualstack.us-
west-1.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-
west-1.amazonaws.com**

Version 1.0
467
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

US West us-west-2 Standard endpoints: us-west-2 HTTP and Versions 2


(Oregon) HTTPS and 4
• s3.us-west-2.amazonaws.com
• s3-fips.us-
west-2.amazonaws.com
• s3.dualstack.us-
west-2.amazonaws.com**
• s3-fips.dualstack.us-
west-2.amazonaws.com**
• account-id.s3-control.us-
west-2.amazonaws.com
• account-id.s3-
control-fips.us-
west-2.amazonaws.com
• account-id.s3-
control.dualstack.us-
west-2.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-
west-2.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-
west-2.amazonaws.com
• s3-accesspoint-fips.us-
west-2.amazonaws.com
• s3-accesspoint.dualstack.us-
west-2.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-
west-2.amazonaws.com**

Version 1.0
468
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Africa af-south-1 Standard endpoints: af-south-1 HTTP and Version 4


(Cape HTTPS only
Town) • s3.af-south-1.amazonaws.com
• s3.dualstack.af-
south-1.amazonaws.com**
• account-id.s3-control.af-
south-1.amazonaws.com
• account-id.s3-
control.dualstack.af-
south-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.af-
south-1.amazonaws.com
• s3-accesspoint.dualstack.af-
south-1.amazonaws.com**

Asia Pacific ap-east-1 Standard endpoints: ap-east-1 HTTP and Version 4


(Hong HTTPS only
Kong)*** • s3.ap-east-1.amazonaws.com
• s3.dualstack.ap-
east-1.amazonaws.com**
• account-id.ap-
east-1.amazonaws.com
• account-id.s3-
control.dualstack.ap-
east-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
east-1.amazonaws.com
• s3-accesspoint.dualstack.ap-
east-1.amazonaws.com**

Version 1.0
469
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Asia Pacific ap-south-1 Standard endpoints: ap-south-1 HTTP and Version 4


(Mumbai) HTTPS only
• s3.ap-
south-1.amazonaws.com
• s3.dualstack.ap-
south-1.amazonaws.com**
• account-id.s3-control.ap-
south-1.amazonaws.com
• account-id.s3-
control.dualstack.ap-
south-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
south-1.amazonaws.com
• s3-accesspoint.dualstack.ap-
south-1.amazonaws.com**

Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4


(Osaka- northeast-3 northeast-3 HTTPS only
Local)**** • s3.ap-
northeast-3.amazonaws.com
• s3.dualstack.ap-
northeast-3.amazonaws.com**
• account-id.s3-control.ap-
northeast-3.amazonaws.com
• account-id.s3-
control.dualstack.ap-
northeast-3.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
northeast-3.amazonaws.com
• s3-accesspoint.dualstack.ap-
northeast-3.amazonaws.com**

Version 1.0
470
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4


(Seoul) northeast-2 northeast-2 HTTPS only
• s3.ap-
northeast-2.amazonaws.com
• s3.dualstack.ap-
northeast-2.amazonaws.com**
• account-id.s3-control.ap-
northeast-2.amazonaws.com
• account-id.s3-
control.dualstack.ap-
northeast-2.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
northeast-2.amazonaws.com
• s3-accesspoint.dualstack.ap-
northeast-2.amazonaws.com**

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2


(Singapore) southeast-1 southeast-1 HTTPS and 4
• s3.ap-
southeast-1.amazonaws.com
• s3.dualstack.ap-
southeast-1.amazonaws.com**
• account-id.s3-control.ap-
southeast-1.amazonaws.com
• account-id.s3-
control.dualstack.ap-
southeast-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
southeast-1.amazonaws.com
• s3-accesspoint.ap-
southeast-1.amazonaws.com**

Version 1.0
471
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2


(Sydney) southeast-2 southeast-2 HTTPS and 4
• s3.ap-
southeast-2.amazonaws.com
• s3.dualstack.ap-
southeast-2.amazonaws.com**
• account-id.s3-control.ap-
southeast-2.amazonaws.com
• account-id.s3-
control.dualstack.ap-
southeast-2.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
southeast-2.amazonaws.com
• s3-accesspoint.dualstack.ap-
southeast-2.amazonaws.com**

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2


(Tokyo) northeast-1 northeast-1 HTTPS and 4
• s3.ap-
northeast-1.amazonaws.com
• s3.dualstack.ap-
northeast-1.amazonaws.com**
• account-id.s3-control.ap-
northeast-1.amazonaws.com
• account-id.s3-
control.dualstack.ap-
northeast-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ap-
northeast-1.amazonaws.com
• s3-accesspoint.dualstack.ap-
northeast-1.amazonaws.com**

Version 1.0
472
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Canada ca- Standard endpoints: ca- HTTP and Version 4


(Central) central-1 central-1 HTTPS only
• s3.ca-
central-1.amazonaws.com
• s3-fips.ca-
central-1.amazonaws.com
• s3.dualstack.ca-
central-1.amazonaws.com**
• s3-fips.dualstack.ca-
central-1.amazonaws.com**
• account-id.s3-control.ca-
central-1.amazonaws.com
• account-id.s3-
control-fips.ca-
central-1.amazonaws.com
• account-id.s3-
control.dualstack.ca-
central-1.amazonaws.com**
• account-id.s3-control-
fips.dualstack.ca-
central-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.ca-
central-1.amazonaws.com
• s3-accesspoint-fips.ca-
central-1.amazonaws.com
• s3-accesspoint.dualstack.ca-
central-1.amazonaws.com**
• s3-accesspoint-
fips.dualstack.ca-
central-1.amazonaws.com**

Version 1.0
473
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

China cn-north-1 Valid endpoint name for this cn-north-1 HTTP and Version 4
(Beijing) Region: HTTPS only

• s3.cn-
north-1.amazonaws.com.cn
• s3.dualstack.cn-
north-1.amazonaws.com.cn
• account-id.s3-control.cn-
north-1.amazonaws.com.cn
• account-id.s3-
control.dualstack.cn-
north-1.amazonaws.com.cn

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.cn-
north-1.amazonaws.com
• s3-accesspoint.dualstack.cn-
north-1.amazonaws.com

China cn- Valid endpoint name for this cn- HTTP and Version 4
(Ningxia) northwest-1 Region: northwest-1 HTTPS only

• s3.cn-
northwest-1.amazonaws.com.cn
• s3.dualstack.cn-
northwest-1.amazonaws.com.cn
• account-id.s3-control.cn-
northwest-1.amazonaws.com.cn
• account-id.s3-
control.dualstack.cn-
northwest-1.amazonaws.com.cn

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.cn-
northwest-1.amazonaws.com
• s3-accesspoint.dualstack.cn-
northwest-1.amazonaws.com

Version 1.0
474
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Europe eu- Standard endpoints: eu- HTTP and Version 4


(Frankfurt) central-1 central-1 HTTPS only
• s3.eu-
central-1.amazonaws.com
• s3.dualstack.eu-
central-1.amazonaws.com**
• account-id.s3-control.eu-
central-1.amazonaws.com
• account-id.s3-
control.dualstack.eu-
central-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
central-1.amazonaws.com
• s3-accesspoint.dualstack.eu-
central-1.amazonaws.com**

Europe eu-west-1 Standard endpoints: EU or eu- HTTP and Versions 2


(Ireland) west-1 HTTPS and 4
• s3.eu-west-1.amazonaws.com
• s3.dualstack.eu-
west-1.amazonaws.com**
• account-id.s3-control.eu-
west-1.amazonaws.com
• account-id.s3-
control.dualstack.eu-
west-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
west-1.amazonaws.com
• s3-accesspoint.dualstack.eu-
west-1.amazonaws.com**

Version 1.0
475
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Europe eu-west-2 Standard endpoints: eu-west-2 HTTP and Version 4


(London) HTTPS only
• s3.eu-west-2.amazonaws.com
• s3.dualstack.eu-
west-2.amazonaws.com**
• account-id.s3-control.eu-
west-2.amazonaws.com
• account-id.s3-
control.dualstack.eu-
west-2.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
west-2.amazonaws.com
• s3-accesspoint.dualstack.eu-
west-2.amazonaws.com**

Europe eu-south-1 Standard endpoints: eu-south-1 HTTP and Version 4


(Milan) HTTPS only
• s3.eu-
south-1.amazonaws.com
• s3.dualstack.eu-
south-1.amazonaws.com**
• account-id.s3-control.eu-
south-1.amazonaws.com
• account-id.s3-
control.dualstack.eu-
south-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
south-1.amazonaws.com
• s3-accesspoint.dualstack.eu-
south-1.amazonaws.com**

Version 1.0
476
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

Europe eu-west-3 Standard endpoints: eu-west-3 HTTP and Version 4


(Paris) HTTPS only
• s3.eu-west-3.amazonaws.com
• s3.dualstack.eu-
west-3.amazonaws.com
• account-id.s3-control.eu-
west-3.amazonaws.com
• account-id.s3-
control.dualstack.eu-
west-3.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
west-3.amazonaws.com
• s3-accesspoint.dualstack.eu-
west-3.amazonaws.com**

Europe eu-north-1 Standard endpoints: eu-north-1 HTTP and Version 4


(Stockholm) HTTPS only
• s3.eu-
north-1.amazonaws.com
• s3.dualstack.eu-
north-1.amazonaws.com
• account-id.s3-control.eu-
north-1.amazonaws.com
• account-id.s3-
control.dualstack.eu-
north-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.eu-
north-1.amazonaws.com
• s3-accesspoint.dualstack.eu-
north-1.amazonaws.com**

Version 1.0
477
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

South sa-east-1 Standard endpoints: sa-east-1 HTTP and Versions 2


America HTTPS and 4
(São Paulo) • s3.sa-east-1.amazonaws.com
• s3.dualstack.sa-
east-1.amazonaws.com**
• account-id.s3-control.sa-
east-1.amazonaws.com
• account-id.s3-
control.dualstack.sa-
east-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.sa-
east-1.amazonaws.com
• s3-accesspoint.dualstack.sa-
east-1.amazonaws.com**

Middle East me-south-1 Standard endpoints: me-south-1 HTTP and Versions 4


(Bahrain) HTTPS only
• s3.me-
south-1.amazonaws.com
• s3.dualstack.me-
south-1.amazonaws.com**
• account-id.s3-control.me-
south-1.amazonaws.com
• account-id.s3-
control.dualstack.me-
south-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.me-
south-1.amazonaws.com
• s3-accesspoint.dualstack.me-
south-1.amazonaws.com**

Version 1.0
478
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

AWS us-gov- Standard endpoints: us-gov- HTTP and  


GovCloud east-1 east-1 HTTPS
(US-East) • s3.us-gov-
east-1.amazonaws.com
• s3-fips.us-gov-
east-1.amazonaws.com
• s3.dualstack.us-gov-
east-1.amazonaws.com**
• s3-fips.dualstack.us-gov-
east-1.amazonaws.com**
• account-id.s3-control.us-
gov-east-1.amazonaws.com
• account-id.s3-
control-fips.us-gov-
east-1.amazonaws.com
• account-id.s3-
control.dualstack.us-gov-
east-1.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-gov-
east-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-gov-
east-1.amazonaws.com
• s3-accesspoint-fips.us-gov-
east-1.amazonaws.com
• s3-accesspoint.dualstack.us-
gov-east-1.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-gov-
east-1.amazonaws.com**

Version 1.0
479
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Location Protocol Signature


Name Constraint Version(s)
Support

AWS us-gov- Standard endpoints: us-gov- HTTP and  


GovCloud west-1 west-1 HTTPS
(US) • s3.us-gov-
west-1.amazonaws.com
• s3-fips.us-gov-
west-1.amazonaws.com
• s3.dualstack.us-gov-
west-1.amazonaws.com**
• s3-fips.dualstack.us-gov-
west-1.amazonaws.com**
• account-id.s3-control.us-
gov-west-1.amazonaws.com
• account-id.s3-
control-fips.us-gov-
west-1.amazonaws.com
• account-id.s3-
control.dualstack.us-gov-
west-1.amazonaws.com**
• account-id.s3-control-
fips.dualstack.us-gov-
west-1.amazonaws.com**

Amazon S3 Access Points


endpoints (HTTPS only):

• s3-accesspoint.us-gov-
west-1.amazonaws.com
• s3-accesspoint-fips.us-gov-
west-1.amazonaws.com
• s3-accesspoint.dualstack.us-
gov-west-1.amazonaws.com**
• s3-accesspoint-
fips.dualstack.us-gov-
west-1.amazonaws.com**

**Amazon S3 dual-stack endpoints support requests to S3 buckets over IPv6 and IPv4. For more
information, see Using Dual-Stack Endpoints.

***You must enable this Region before you can use it.

****You can use the Asia Pacific (Osaka-Local) Region only in conjunction with the Asia Pacific (Tokyo)
Region. To request access to the Asia Pacific (Osaka-Local) Region, contact your sales representative.

When using the preceding endpoints the following additional considerations apply:

• The s3-control endpoints are used with Amazon S3 account-level operations


• The s3-accesspoint endpoints are used only to make requests through Amazon S3 Access Points. For
more information, see Working with Amazon S3 Access Points.

Version 1.0
480
AWS General Reference Reference guide
Service Endpoints

• Amazon S3 renamed the US Standard Region to the US East (N. Virginia) Region to be consistent with
AWS Regional naming conventions. There is no change to the endpoint, and you do not need to make
any changes to your application.
• If you use a Region other than the US East (N. Virginia) endpoint to create a bucket, you must set the
LocationConstraint bucket parameter to the same Region. Both the AWS SDK for Java and AWS SDK
for .NET use an enumeration for setting location constraints (Region for Java, S3Region for .NET). For
more information, see PUT Bucket in the Amazon Simple Storage Service API Reference.

Amazon S3 Website Endpoints


When you configure your bucket as a website, the website is available using the following Region-specific
website endpoints. Note that the website endpoints are different than the REST API endpoints listed in
the preceding table. For more information about hosting websites on Amazon S3, see Hosting Websites
on Amazon S3 in the Amazon Simple Storage Service Developer Guide. You need the hosted zone IDs
when using the Amazon Route 53 API to add an alias record to your hosted zone.
Note
The website endpoints do not support HTTPS or Amazon S3 Access Points.

Region Name Website Endpoint Route 53 Hosted


Zone ID

US East (Ohio) s3-website.us-east-2.amazonaws.com Z2O1EMRO9K5GLX

US East (N. s3-website-us-east-1.amazonaws.com Z3AQBSTGFYJSTF 


Virginia)

US West (N. s3-website-us-west-1.amazonaws.com Z2F56UZL2M1ACD 


California)

US West s3-website-us-west-2.amazonaws.com Z3BJ6K6RIION7M


(Oregon)

Africa (Cape s3-website.af-south-1.amazonaws.com Z11KHD8FBVPUYU


Town)

Asia Pacific s3-website.ap-east-1.amazonaws.com ZNB98KWMFR0R6


(Hong Kong)

Asia Pacific s3-website.ap-south-1.amazonaws.com Z11RGJOFQNVJUP


(Mumbai)

Asia Pacific s3-website.ap-northeast-3.amazonaws.com Z2YQB5RD63NC85


(Osaka-Local)

Asia Pacific s3-website.ap-northeast-2.amazonaws.com Z3W03O7B5YMIYP


(Seoul)

Asia Pacific s3-website-ap-southeast-1.amazonaws.com Z3O0J2DXBE1FTB


(Singapore)

Asia Pacific s3-website-ap-southeast-2.amazonaws.com Z1WCIGYICN2BYD


(Sydney)

Asia Pacific s3-website-ap-northeast-1.amazonaws.com Z2M4EHUR26P7ZW


(Tokyo)

Canada (Central) s3-website.ca-central-1.amazonaws.com Z1QDHH18159H29

Version 1.0
481
AWS General Reference Reference guide
Service Quotas

Region Name Website Endpoint Route 53 Hosted


Zone ID

China (Ningxia) s3-website.cn-northwest-1.amazonaws.com.cn Not supported

Europe s3-website.eu-central-1.amazonaws.com Z21DNDUVLTQW6Q


(Frankfurt)

Europe (Ireland) s3-website-eu-west-1.amazonaws.com Z1BKCTXD74EZPE

Europe (London) s3-website.eu-west-2.amazonaws.com Z3GKZC51ZF0DB4

Europe (Milan) s3-website.eu-south-1.amazonaws.com Not supported

Europe (Paris) s3-website.eu-west-3.amazonaws.com Z3R1K369G5AVDG

Europe s3-website.eu-north-1.amazonaws.com Z3BAZG2TWCNX0D


(Stockholm)

Middle s3-website.me-south-1.amazonaws.com Not supported


East(Bahrain)

South America s3-website-sa-east-1.amazonaws.com Z7KQH4QJS55SO


(São Paulo)

AWS GovCloud s3-website.us-gov-east-1.amazonaws.com Z2NIFVYYW2VKV1


(US-East)

AWS GovCloud s3-website-us-gov-west-1.amazonaws.com Z31GFT0UA1I2HV


(US)

For information about using Amazon Simple Storage Service in the AWS GovCloud (US-West) Region, see
AWS GovCloud (US-West) Endpoints.

For information about using Amazon Simple Storage Service in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas

Resource Default Notes

Buckets 100 per account By default, you can create up to 100


buckets per AWS account. However, you
can request a quota increase of up to
1,000 buckets per AWS account.

Replication transfer rate 1 Gbps The maximum S3 Replication Time


Control transfer rate that you can
replicate from the source Region per
AWS account.

Version 1.0
482
AWS General Reference Reference guide
Amazon SWF

Amazon Simple Workflow Service endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 swf.us-east-2.amazonaws.com HTTPS


(Ohio)
swf-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 swf.us-east-1.amazonaws.com HTTPS


Virginia)
swf-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 swf.us-west-1.amazonaws.com HTTPS


West (N.
California) swf-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 swf.us-west-2.amazonaws.com HTTPS


(Oregon)
swf-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 swf.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 swf.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- swf.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- swf.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- swf.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- swf.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Version 1.0
483
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- swf.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- swf.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- swf.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 swf.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- swf.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- swf.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 swf.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 swf.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- swf.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 swf.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 swf.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- swf.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 swf.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- swf.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) swf.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- swf.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) swf.us-gov-west-1.amazonaws.com HTTPS

For information about using Amazon Simple Workflow Service in the AWS GovCloud (US-West) Region,
see AWS GovCloud (US-West) Endpoints.

For information about using Amazon Simple Workflow Service in the China Regions, see:

Version 1.0
484
AWS General Reference Reference guide
Service Quotas

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
For more information, see Amazon SWF Quotas in the Amazon Simple Workflow Service Developer Guide.

Amazon SimpleDB endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 sdb.amazonaws.com HTTP and


Virginia) HTTPS

US us-west-1 sdb.us-west-1.amazonaws.com HTTP and


West (N. HTTPS
California)

US West us-west-2 sdb.us-west-2.amazonaws.com HTTP and


(Oregon) HTTPS

Asia ap- sdb.ap-southeast-1.amazonaws.com HTTP and


Pacific southeast-1 HTTPS
(Singapore)

Asia ap- sdb.ap-southeast-2.amazonaws.com HTTP and


Pacific southeast-2 HTTPS
(Sydney)

Asia ap- sdb.ap-northeast-1.amazonaws.com HTTP and


Pacific northeast-1 HTTPS
(Tokyo)

Europe eu-west-1 sdb.eu-west-1.amazonaws.com HTTP and


(Ireland) HTTPS

South sa-east-1 sdb.sa-east-1.amazonaws.com HTTP and


America HTTPS
(São
Paulo)

Version 1.0
485
AWS General Reference Reference guide
Service Quotas

Service Quotas

Resource Default

Domains 250

For more information, see Amazon SimpleDB Quotas in the Amazon SimpleDB Developer Guide.

AWS Single Sign-On endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS SSO

Region Region Endpoint Protocol


Name

US East us-east-2 sso.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 sso.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 sso.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- sso.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- sso.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- sso.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- sso.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- sso.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Version 1.0
486
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Canada ca- sso.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- sso.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 sso.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 sso.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-north-1 sso.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Identity Store

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 identitystore.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 identitystore.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 identitystore.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia Pacific ap-southeast-1 identitystore.ap-southeast-1.amazonaws.com HTTPS


(Singapore)

Asia Pacific ap-southeast-2 identitystore.ap-southeast-2.amazonaws.com HTTPS


(Sydney)

Canada (Central) ca-central-1 identitystore.ca-central-1.amazonaws.com HTTPS

Europe eu-central-1 identitystore.eu-central-1.amazonaws.com HTTPS


(Frankfurt)

Europe (Ireland) eu-west-1 identitystore.eu-west-1.amazonaws.com HTTPS

Europe (London) eu-west-2 identitystore.eu-west-2.amazonaws.com HTTPS

Europe eu-north-1 identitystore.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Service Quotas
For a list of AWS SSO service quotas, see AWS Single Sign-On Quotas.

Version 1.0
487
AWS General Reference Reference guide
Snow Family

AWS Snow Family endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS Snow Family devices are available in the following AWS Regions.
AWS Snowcone is only available in the following AWS Regions:

• US East (N. Virginia)


• US West (N. California)
• US West (Oregon)
• Europe (Ireland)
• Europe (Frankfurt)

Region Region Endpoint Protocol


Name

US East us-east-2 snowball.us-east-2.amazonaws.com


(Ohio) HTTPS
snowball-fips.us-east-2.amazonaws.com

US East (N. us-east-1 snowball.us-east-1.amazonaws.com


Virginia) HTTPS
snowball-fips.us-east-1.amazonaws.com

US us-west-1 snowball.us-west-1.amazonaws.com
West (N. HTTPS
California) snowball-fips.us-west-1.amazonaws.com

US West us-west-2 snowball.us-west-2.amazonaws.com


(Oregon) HTTPS
snowball-fips.us-west-2.amazonaws.com

Africa af-south-1 snowball.af-south-1.amazonaws.com


(Cape
Town)

Asia ap-east-1 snowball.ap-east-1.amazonaws.com


Pacific
(Hong
Kong)

Asia ap- snowball.ap-south-1.amazonaws.com


Pacific south-1 HTTPS
(Mumbai) snowball-fips.ap-south-1.amazonaws.com

Asia ap- snowball.ap-northeast-3.amazonaws.com


Pacific northeast-3 HTTPS
snowball-fips.ap-northeast-3.amazonaws.com

Version 1.0
488
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name
(Osaka-
Local)

Asia ap- snowball.ap-northeast-2.amazonaws.com


Pacific northeast-2 HTTPS
(Seoul) snowball-fips.ap-northeast-2.amazonaws.com

Asia ap- snowball.ap-southeast-1.amazonaws.com


Pacific southeast-1 HTTPS
(Singapore) snowball-fips.ap-southeast-1.amazonaws.com

Asia ap- snowball.ap-southeast-2.amazonaws.com


Pacific southeast-2 HTTPS
(Sydney) snowball-fips.ap-southeast-2.amazonaws.com

Asia ap- snowball.ap-northeast-1.amazonaws.com


Pacific northeast-1 HTTPS
(Tokyo) snowball-fips.ap-northeast-1.amazonaws.com

Canada ca- snowball.ca-central-1.amazonaws.com


(Central) central-1 HTTPS
snowball-fips.ca-central-1.amazonaws.com

China cn-north-1 snowball.cn-north-1.amazonaws.com.cn


(Beijing) HTTPS
snowball-fips.cn-north-1.amazonaws.com.cn

China cn- snowball.cn-northwest-1.amazonaws.com.cn


(Ningxia) northwest-1 HTTPS
snowball-fips.cn-northwest-1.amazonaws.com.cn

Europe eu- snowball.eu-central-1.amazonaws.com


(Frankfurt) central-1 HTTPS
snowball-fips.eu-central-1.amazonaws.com

Europe eu-west-1 snowball.eu-west-1.amazonaws.com


(Ireland) HTTPS
snowball-fips.eu-west-1.amazonaws.com

Europe eu-west-2 snowball.eu-west-2.amazonaws.com


(London) HTTPS
snowball-fips.eu-west-2.amazonaws.com

Europe eu- snowball.eu-south-1.amazonaws.com


(Milan) south-1

Europe eu-west-3 snowball.eu-west-3.amazonaws.com


(Paris) HTTPS
snowball-fips.eu-west-3.amazonaws.com

Europe eu-north-1 snowball.eu-north-1.amazonaws.com


(Stockholm)

South sa-east-1 snowball.sa-east-1.amazonaws.com


America HTTPS
(São snowball-fips.sa-east-1.amazonaws.com
Paulo)

Version 1.0
489
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- snowball.us-gov-east-1.amazonaws.com


GovCloud east-1 HTTPS
(US-East) snowball-fips.us-gov-east-1.amazonaws.com

AWS us-gov- snowball.us-gov-west-1.amazonaws.com


GovCloud west-1 HTTPS
(US-West) snowball-fips.us-gov-west-1.amazonaws.com

For information about using AWS Snow Family in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

Service Quotas
Resource Default Comments

Snowball Edge and AWS Snowcone devices 1 To increase this quota, contact AWS
Support.

AWS Step Functions endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 states.us-east-2.amazonaws.com HTTPS


(Ohio)
states-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 states.us-east-1.amazonaws.com HTTPS


Virginia)
states-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 states.us-west-1.amazonaws.com HTTPS


West (N.
California) states-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 states.us-west-2.amazonaws.com HTTPS


(Oregon)
states-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 states.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Version 1.0
490
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap-east-1 states.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- states.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- states.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- states.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- states.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- states.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- states.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- states.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 states.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- states.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- states.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 states.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 states.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- states.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 states.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 states.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Version 1.0
491
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Middle me- states.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 states.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- states.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) states-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- states.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) states.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
For more information, see AWS Step Functions Quotas in the AWS Step Functions Developer Guide.

AWS Storage Gateway endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints
AWS Storage Gateway
For AWS Regions that the hardware appliance is supported in, see Storage Gateway hardware appliance
regions (p. 494).

Region Region Endpoint Protocol


Name

US East us-east-2 storagegateway.us-east-2.amazonaws.com HTTPS


(Ohio)
storagegateway-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 storagegateway.us-east-1.amazonaws.com HTTPS


Virginia)
storagegateway-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 storagegateway.us-west-1.amazonaws.com HTTPS


West (N.
California) storagegateway-fips.us-west-1.amazonaws.com HTTPS

Version 1.0
492
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 storagegateway.us-west-2.amazonaws.com HTTPS


(Oregon)
storagegateway-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 storagegateway.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 storagegateway.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- storagegateway.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- storagegateway.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- storagegateway.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- storagegateway.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- storagegateway.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- storagegateway.ca-central-1.amazonaws.com HTTPS


(Central) central-1
storagegateway-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 storagegateway.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- storagegateway.cn- HTTPS


(Ningxia) northwest-1 northwest-1.amazonaws.com.cn

Europe eu- storagegateway.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 storagegateway.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 storagegateway.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- storagegateway.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 storagegateway.eu-west-3.amazonaws.com HTTPS


(Paris)

Version 1.0
493
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

Europe eu-north-1 storagegateway.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- storagegateway.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 storagegateway.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- storagegateway.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) storagegateway-fips.us-gov- HTTPS
east-1.amazonaws.com

AWS us-gov- storagegateway.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) storagegateway-fips.us-gov- HTTPS
west-1.amazonaws.com

For information about using Storage Gateway in the AWS GovCloud (US) Regions, see AWS GovCloud
(US) endpoints in the AWS GovCloud (US) User Guide.

For information about using Storage Gateway in the China Regions, see:

• China (Beijing) Region endpoints


• China (Ningxia) Region endpoints

Storage Gateway hardware appliance regions


The Storage Gateway hardware appliance is available for shipping worldwide where it is legally allowed
and permitted for exporting by the US government.

Storage Gateway hardware appliance is supported in the following AWS Regions.

• US East (Ohio)
• US East (N. Virginia)
• US West (N. California)
• US West (Oregon)
• Asia Pacific (Mumbai)
• Asia Pacific (Seoul)
• Asia Pacific (Singapore)
• Asia Pacific (Sydney)
• Asia Pacific (Tokyo)
• Canada (Central)
• Europe (Frankfurt)
• Europe (Ireland)
• Europe (London)

Version 1.0
494
AWS General Reference Reference guide
Service quotas

• Europe (Paris)
• Europe (Stockholm)
• South America (São Paulo)

Service quotas
For more information, see AWS Storage Gateway quotas in the AWS Storage Gateway User Guide.

AWS Support endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS Support has a single endpoint: support.us-east-1.amazonaws.com (HTTPS).

Service Quotas
The following table describes the current quotas and restrictions for AWS Support.

Resource Default

The maximum number of AWS Support cases that 10 per hour


you can create.

The maximum number of AWS Support API 5


operations that you can perform per second.

The maximum number of AWS Trusted Advisor 100


API operations that you can perform per second.

AWS Systems Manager endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Note
In addition to the ssm.* endpoints listed below, your managed instances must also allow
HTTPS (port 443) outbound traffic to the following endpoints:

• ec2messages.*
• ssmmessages.*

Version 1.0
495
AWS General Reference Reference guide
Service Endpoints

For more information about these endpoints, see Reference: ec2messages, ssmmessages, and
Other API Calls in the AWS Systems Manager User Guide.

Region Region Endpoint Protocol


Name

US East us-east-2 ssm.us-east-2.amazonaws.com HTTPS


(Ohio)
ssm-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 ssm.us-east-1.amazonaws.com HTTPS


Virginia)
ssm-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 ssm.us-west-1.amazonaws.com HTTPS


West (N.
California) ssm-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 ssm.us-west-2.amazonaws.com HTTPS


(Oregon)
ssm-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 ssm.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ssm.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ssm.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- ssm.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ssm.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ssm.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ssm.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ssm.ca-central-1.amazonaws.com HTTPS


(Central) central-1
ssm-fips.ca-central-1.amazonaws.com HTTPS

China cn-north-1 ssm.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- ssm.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Version 1.0
496
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu- ssm.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ssm.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ssm.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ssm.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ssm.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ssm.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ssm.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ssm.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ssm.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) ssm.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- ssm.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) ssm.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Systems Manager in the AWS GovCloud (US-West) Region, see AWS
GovCloud (US-West) Endpoints.

For information about using AWS Systems Manager in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

AWS Systems Manager Distributor is available in all commercial Regions except the China (Beijing)
Region and the China (Ningxia) Region. Distributor is not available in the AWS GovCloud (US-West)
Endpoints.

Service Quotas

Capability Resource Default

AWS AppConfig Maximum number of applications 100

Version 1.0
497
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

AWS AppConfig Maximum number of deployment 20


strategies

AWS AppConfig Maximum number of environments per 20


application

AWS AppConfig Maximum number of configuration 100


profiles per application

AWS AppConfig Storage limit for AWS AppConfig hosted 1 GB


configuration store

AWS AppConfig Configuration size limit AWS AppConfig hosted


configuration store: 64 KB

Amazon S3: 1 MB

AWS AppConfig Maximum throughput (transactions per 1000 TPS (applies to


second) GetConfiguration)

Automation Concurrently running automations 100

Each AWS account can


run 100 automations
simultaneously. This
includes child automations
(automations that are
started by another
automation), and rate
control automations. If
you attempt to run more
automations than this,
Systems Manager adds the
additional automations to a
queue and displays a status
of Pending.

Automation Automation queue 1000

If you attempt to run more


automations than the
concurrent automation limit,
subsequent automations
are added to a queue. Each
AWS account can queue
1,000 automations. When
an automation completes
(or reaches a terminal state),
the first automation in the
queue is started.

Version 1.0
498
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Automation Concurrently running rate control 25


automations
Each AWS account can run
25 rate control automations
simultaneously. If you
attempt to run more
rate control automations
than the concurrent rate
control automation limit,
Systems Manager adds the
subsequent rate control
automations to a queue and
displays a status of Pending.

Automation Rate control automation queue 1000

If you attempt to run


more automations than
the concurrent rate
control automation limit,
subsequent automations are
added to a queue. Each AWS
account can queue 1,000
rate control automations.
When an automation
completes (or reaches a
terminal state), the first
automation in the queue is
started.

Automation Number of levels of nested automation 5

A parent-level Automation
document can start a child-
level Automation document.
This represents one level
of nested automation. The
child-level Automation
document can start another
Automation document,
resulting in two levels of
nested automation. This can
continue up to a maximum
of five (5) levels below the
top-level parent Automation
document.

Automation Number of days an automation 30


execution history is stored in the system

Automation Additional automation executions that 1,000


can be queued

Version 1.0
499
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Automation Maximum duration an automation 12 hours


execution can run when running in the
context of a user If you expect an automation
to run longer than 12 hours,
then you must run the
automation by using a
service role (or assume role).

Automation executeScript action run time 10 minutes

Each executeScript
action can run up to a
maximum duration of 10
minutes.

Automation executeScript action maximum Up to 100KB.


output

Automation invokeLambdaFunction action run 5 minutes


time
Each
invokeLambdaFunction
action can run up to a
maximum duration of five
(5) minutes.

Automation invokeLambdaFunction action Up to 200KB.


maximum output

Automation Number of Automation document 5


(playbook) attachments
Each document can have up
to five (5) attachments.

Automation Automation document (playbook) 256 MB


attachment size
Each attachment can be up
to 256 MB.

Distributor Maximum number of attachments in a 20


Distributor package

Distributor Maximum size per attachment in a 1 GB


Distributor package

Distributor Maximum number of files in a Distributor 100


package

Distributor Maximum number of Distributor 500


packages per account, per Region

Distributor Maximum number of package versions 25


per Distributor package

Distributor Maximum package size in Distributor 20 GB

Distributor Maximum package manifest size in 64 KB


Distributor

Version 1.0
500
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Explorer Maximum number of resource data syncs 5


(per account per Region)

Inventory Maximum number of resource data syncs 5


(per account per Region)

Inventory Inventory data collected per instance per 1 MB


call
This maximum adequately
supports most inventory
collection scenarios. When
this quota is reached, no
new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.

Inventory Inventory data collected per instance per 5 MB


day
When this quota is reached,
no new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.

Inventory Custom inventory types 20

You can add up to 20


custom inventory types.

Inventory Custom inventory type size 200 KB

This is the maximum size of


the type, not the inventory
collected.

Inventory Custom inventory type attributes 50

This is the maximum


number of attributes within
the custom inventory type.

Version 1.0
501
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Inventory Inventory data expiration 30 days

If you terminate an
instance, inventory data
for that instance is deleted
immediately. For running
instances, inventory data
older than 30 days is
deleted. If you need to store
inventory data longer than
30 days, you can use AWS
Config to record history
or periodically query and
upload the data to an
Amazon S3 bucket. For more
information, see, Recording
Amazon EC2 managed
instance inventory in the
AWS Config Developer Guide.

Maintenance Windows Maintenance windows per account 50

Maintenance Windows Tasks per maintenance window 20

Maintenance Windows Targets per maintenance window 100

Maintenance Windows Instance IDs per target 50

Maintenance Windows Targets per task 10

Maintenance Windows Concurrent executions of a single 1


maintenance window

Maintenance Windows Concurrent executions of maintenance 5


windows

Maintenance Windows Execution history retention 30 days

Version 1.0
502
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Managed Instances - Hybrid Total number of registered on-premises Standard instances: 1,000
Environment servers and virtual machines (VMs) in a (per account per Region)
hybrid environment
Advanced instances:
Advanced instances are
available on a pay-per-use
basis. Advanced instances
also enable you to connect
to your hybrid machines
by using AWS Systems
Manager Session Manager.
For more information about
activating on-premises
instances for use in your
hybrid environment, see
Create a Managed-Instance
Activation in the AWS
Systems Manager User
Guide. For more information
about enabling advanced
instances, see Using the
Advanced-Instances Tier.

OpsCenter Total number of OpsItems allowed per 500,000


account per AWS Region

OpsCenter Maximum number of OpsItems per 10,000


account per month

OpsCenter Maximum operational data value size 20 KB

OpsCenter Maximum number of associated 10


Automation runbooks per OpsItem

OpsCenter Maximum number of Automation 10


runbook executions stored in operational
data under a single associated runbook

OpsCenter Maximum number of related resources 100


you can specify per OpsItem

OpsCenter Maximum number of related OpsItems 10


you can specify per OpsItem

OpsCenter Maximum length of a deduplication 64 characters


string

OpsCenter Duration before an OpsItem is 36 months


automatically archived by the system
(regardless of status)

Version 1.0
503
AWS General Reference Reference guide
Service Quotas

Capability Resource Default

Parameter Store Total number of parameters allowed Standard parameters:


10,000
(per AWS account and Region)
Advanced parameters:
100,000

For more information about


advanced parameters, see
About Systems Manager
Advanced Parameters in the
AWS Systems Manager User
Guide.

Parameter Store Max size for parameter value Standard parameter: 4 KB

Advanced parameter: 8 KB

Parameter Store Max number of parameter policies per 10


advanced parameter

Parameter Store Max throughput (transactions per Default throughput: 40


second) (Shared by the following
API actions: GetParameter,
GetParameters,
GetParametersByPath)

Higher throughput: 100


(GetParametersByPath)

Higher throughput: 2000


(Shared by the following API
actions: GetParameter and
GetParameters)

For more information


about Parameter Store
throughput, see Increasing
Parameter Store Throughput
in the AWS Systems Manager
User Guide.

Parameter Store Max history for a parameter 100 past values

Patch Baselines Patch baselines per account 50

Patch Baselines Patch groups per patch baseline 25

Run Command Execution history retention 30 days

The history of each


command is available for
up to 30 days. In addition,
you can store a copy of all
log files in Amazon Simple
Storage Service or have an
audit trail of all API calls in
AWS CloudTrail.

Version 1.0
504
AWS General Reference Reference guide
Amazon Textract

Capability Resource Default

Session Manager Maximum idle time before session Default: 20 minutes


termination
Configurable to between 1
and 60 minutes.

SSM Documents Total documents 500

Each AWS account can


create a maximum of 500
documents per Region.

SSM Documents Document versions 1000

A single SSM document can


have a maximum of 1,000
versions.

SSM Documents Privately shared Systems Manager 1000


document
A single Systems Manager
document can be shared
with a maximum of 1000
AWS accounts.

SSM Documents Publicly shared Systems Manager 5


document
Each AWS account can
publicly share a maximum of
five documents.

State Manager Concurrent State Manager associations 2,000

Each AWS Account can


have 2,000 associations per
Region at one time.

State Manager State Manager association versions 1,000

You can created a maximum


of 1,000 versions of a State
Manager association.

Amazon Textract endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
505
AWS General Reference Reference guide
Service Endpoints

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 textract.us-east-2.amazonaws.com HTTPS


(Ohio)
textract-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 textract.us-east-1.amazonaws.com HTTPS


Virginia)
textract-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 textract.us-west-1.amazonaws.com HTTPS


West (N.
California) textract-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 textract.us-west-2.amazonaws.com HTTPS


(Oregon)
textract-fips.us-west-2.amazonaws.com HTTPS

Asia ap- textract.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- textract.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- textract.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- textract.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Canada ca- textract.ca-central-1.amazonaws.com HTTPS


(Central) central-1
textract-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- textract.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 textract.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 textract.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 textract.eu-west-3.amazonaws.com HTTPS


(Paris)

AWS us-gov- textract.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) textract-fips.us-gov-east-1.amazonaws.com HTTPS

Version 1.0
506
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- textract.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) textract-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default

Transactions per second per account for synchronous operations: For AnalyzeDocument:

• AnalyzeDocument US East (N. Virginia) Region – 2


• DetectDocumentText
US West (Oregon) Region - 2

All other Regions that Amazon


Textract supports – 1

For DetectDocumentText:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

All other Regions that Amazon


Textract supports – 1

Transactions per second per account for all start (asynchronous) For StartDocumentAnalysis Text:
operations:
All Regions Amazon Textract
• StartDocumentAnalysis supports – 2
• StartDocumentTextDetection
For
StartDocumentTextDetection:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

All other Regions that Amazon


Textract supports – 1

Transactions per second per account for all get (asynchronous) For GetDocumentAnalysis:
operations:
US East (N. Virginia) Region – 10
• GetDocumentAnalysis
US West (Oregon) Region - 10
• GetDocumentTextDetection
All other Regions that Amazon
Textract supports – 1

For GetDocumentTextDetection:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

Version 1.0
507
AWS General Reference Reference guide
Amazon Transcribe

Resource Default
All other Regions that Amazon
Textract supports – 1

Maximum number of asynchronous jobs per account that can US East (N. Virginia) Region –
simultaneously exist 600

US West (Oregon) Region - 600

All other Regions that Amazon


Textract supports – 100

For more information, see Amazon Textract Quotas.

Amazon Transcribe endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Transcribe

Region Region Endpoint Protocol


Name

US East us-east-2 transcribe.us-east-2.amazonaws.com HTTPS


(Ohio)
fips.transcribe.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 transcribe.us-east-1.amazonaws.com HTTPS


Virginia)
fips.transcribe.us-east-1.amazonaws.com HTTPS

US us-west-1 transcribe.us-west-1.amazonaws.com HTTPS


West (N.
California) fips.transcribe.us-west-1.amazonaws.com HTTPS

US West us-west-2 transcribe.us-west-2.amazonaws.com HTTPS


(Oregon)
fips.transcribe.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 transcribe.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- transcribe.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
508
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- transcribe.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- transcribe.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- transcribe.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- transcribe.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- transcribe.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 cn.transcribe.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- cn.transcribe.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- transcribe.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 transcribe.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 transcribe.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 transcribe.eu-west-3.amazonaws.com HTTPS


(Paris)

Middle me- transcribe.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 transcribe.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- transcribe.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) fips.transcribe.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- transcribe.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) fips.transcribe.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
509
AWS General Reference Reference guide
Service Quotas

Amazon Transcribe Streaming

Region Region Endpoint Protocol


Name

US East us-east-2 transcribestreaming.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 transcribestreaming.us-east-1.amazonaws.com HTTPS


Virginia)

US West us-west-2 transcribestreaming.us-west-2.amazonaws.com HTTPS


(Oregon)

Asia ap- transcribestreaming.ap- HTTPS


Pacific northeast-2 northeast-2.amazonaws.com
(Seoul)

Asia ap- transcribestreaming.ap- HTTPS


Pacific southeast-2 southeast-2.amazonaws.com
(Sydney)

Asia ap- transcribestreaming.ap- HTTPS


Pacific northeast-1 northeast-1.amazonaws.com
(Tokyo)

Canada ca- transcribestreaming.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- transcribestreaming.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 transcribestreaming.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 transcribestreaming.eu-west-2.amazonaws.com HTTPS


(London)

South sa-east-1 transcribestreaming.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Service Quotas

Resource Default

Number of concurrent 100


batch transcription jobs

Transactions per second, 10


StartTranscriptionJob
operation

Version 1.0
510
AWS General Reference Reference guide
Service Quotas

Resource Default

Number of concurrent 5
HTTP/2 streams for
streaming transcription

Number of 5
StartStreamTranscription
Websocket requests

Transactions per second, 5


StartStreamTranscription
operation

Number of concurrently 3
training custom language
models

Total number of custom 10


language models per
account

Number of channels for 2


channel identification

Total number of 100


vocabularies per account

Number of pending 10
vocabularies

Transactions per second, 20


GetTranscriptionJob
operation

Transactions per second, 5


DeleteTranscriptionJob
operation

Transactions per second, 5


ListTranscriptionJobs
operation

Transactions per second, 10


CreateVocabulary
and UpdateVocabulary
operations

Transactions per second, 5


DeleteVocabulary
operation

Transactions per second, 20


GetVocabulary
operation

Transactions per second, 5


ListVocabularies
operation

Version 1.0
511
AWS General Reference Reference guide
Amazon Transcribe Medical

For more information, see Guidelines and Quotas in the Amazon Transcribe Developer Guide.

Amazon Transcribe Medical endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Amazon Transcribe Medical

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 transcribestreaming.us- HTTPS


east-1.amazonaws.com

US East (Ohio) us-east-2 transcribestreaming.us- HTTPS


east-2.amazonaws.com

US West (Oregon) us-west-2 transcribestreaming.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Sydney) ap-southeast-2 transcribestreaming.ap- HTTPS


southeast-2.amazonaws.com

Canada (Central) ca-central-1 transcribestreaming.ca- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 transcribestreaming.eu- HTTPS


west-1.amazonaws.com

Service Quotas
Resource Default

Number of concurrent 100


batch transcription jobs

Transactions per second, 10


StartMedicalTranscriptionJob
operation

Number of 5
StartMedicalStreamTranscription
Websocket requests

Transactions per second, 5


StartMedicalStreamTranscription
operation

Version 1.0
512
AWS General Reference Reference guide
AWS Transfer Family

Resource Default

Transactions per second, 20


GetMedicalTranscriptionJob
operation

Transactions per second, 5


DeleteMedicalTranscriptionJob
operation

Transactions per second, 5


ListMedicalTranscriptionJobs
operation

Transactions per second, 5


ListMedicalTranscriptionJobs
operation

Transactions per second, 10


CreateMedicalVocabulary
operation

Transactions per second, 10


UpdateMedicalVocabulary
operation

Transactions per second, 5


DeleteMedicalVocabulary
operation

Transactions per second, 20


GetMedicalVocabulary
operation

Transactions per second, 5


ListMedicalVocabularies
operation

AWS Transfer Family endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 transfer.us-east-2.amazonaws.com HTTPS


(Ohio)
transfer-fips.us-east-2.amazonaws.com HTTPS

Version 1.0
513
AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol


Name

US East (N. us-east-1 transfer.us-east-1.amazonaws.com HTTPS


Virginia)
transfer-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 transfer.us-west-1.amazonaws.com HTTPS


West (N.
California) transfer-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 transfer.us-west-2.amazonaws.com HTTPS


(Oregon)
transfer-fips.us-west-2.amazonaws.com HTTPS

Asia ap- transfer.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- transfer.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- transfer.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- transfer.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- transfer.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- transfer.ca-central-1.amazonaws.com HTTPS


(Central) central-1
transfer-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- transfer.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 transfer.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 transfer.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 transfer.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 transfer.eu-north-1.amazonaws.com HTTPS


(Stockholm)

South sa-east-1 transfer.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

Version 1.0
514
AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol


Name

AWS us-gov- transfer.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) transfer-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- transfer.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) transfer-fips.us-gov-west-1.amazonaws.com HTTPS

For information about using AWS Transfer Family in the AWS GovCloud (US) Regions, see AWS GovCloud
(US) endpoints in the AWS GovCloud (US) User Guide.

Service quotas
Resource Default Comments

Servers per customer 10  

Simultaneous sessions per server 10,000  

Users per server 10,000 This quota applies to service


managed servers only.

SSH keys per user 10 This quota applies to service


managed servers only.

Maximum file size 5 TiB  

Amazon Translate endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 translate.us-east-2.amazonaws.com HTTPS


(Ohio)
translate-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 translate.us-east-1.amazonaws.com HTTPS


Virginia)
translate-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 translate.us-west-1.amazonaws.com HTTPS


West (N.
California)

Version 1.0
515
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US West us-west-2 translate.us-west-2.amazonaws.com HTTPS


(Oregon)
translate-fips.us-west-2.amazonaws.com HTTPS

Asia ap-east-1 translate.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- translate.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- translate.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- translate.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- translate.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- translate.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- translate.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- translate.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 translate.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 translate.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu-west-3 translate.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 translate.eu-north-1.amazonaws.com HTTPS


(Stockholm)

AWS us-gov- translate.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) translate-fips.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
516
AWS General Reference Reference guide
Service Quotas

Service Quotas
Resource Default

Maximum number of parallel batch translation 10


jobs

Maximum number of custom terminology files per 100


AWS account per AWS Region

For more information, see Guidelines and Quotas in the Amazon Translate Developer Guide.

Amazon Virtual Private Cloud endpoints and


quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 ec2.us-east-2.amazonaws.com HTTPS


(Ohio)

US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTPS


Virginia)

US us-west-1 ec2.us-west-1.amazonaws.com HTTPS


West (N.
California)

US West us-west-2 ec2.us-west-2.amazonaws.com HTTPS


(Oregon)

Africa af-south-1 ec2.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- ec2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Version 1.0
517
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- ec2.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- ec2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- ec2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- ec2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- ec2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- ec2.ca-central-1.amazonaws.com HTTPS


(Central) central-1

Europe eu- ec2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 ec2.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 ec2.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- ec2.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 ec2.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- ec2.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- ec2.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East)

Version 1.0
518
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

AWS us-gov- ec2.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West)

If you specify the general endpoint (ec2.amazonaws.com), Amazon VPC directs your request to the us-
east-1 endpoint.

For information about using Amazon VPC in the AWS GovCloud (US-West) Region, see AWS GovCloud
(US-West) Endpoints.

For information about using Amazon VPC in the China Regions, see:

• China (Beijing) Region Endpoints


• China (Ningxia) Region Endpoints

Service Quotas
Unless otherwise noted, you can submit a request to increase these quotas.

Amazon VPC
For more information, see Amazon VPC quotas in the Amazon VPC User Guide:

Amazon VPC DNS


For more information, see DNS quotas in the Amazon VPC User Guide.

Traffic Mirroring
For more information, see Traffic Mirroring quotas and considerations in Amazon VPC Traffic Mirroring.

Transit Gateways
For more information, see Quotas for your transit gateways in Amazon VPC Transit Gateways.

Transit Gateway Network Manager


For more information, see Network manager quotas in Amazon VPC Transit Gateways.

AWS Client VPN


For more information, see AWS Client VPN quotas in the AWS Client VPN Administrator Guide.

AWS Site-to-Site VPN


For more information, see Site-to-Site VPN quotas in the AWS Site-to-Site VPN User Guide.

Version 1.0
519
AWS General Reference Reference guide
AWS WAF

AWS WAF endpoints and quotas


Note
This page provides information related the latest version of AWS WAF, released in November
2019. The names of the entities that you use to access AWS WAF, like endpoints and
namespaces, all have the versioning information added, like V2 or v2, to distinguish from the
prior version.

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS WAF has a single endpoint: wafv2.amazonaws.com. It supports HTTPS requests only.

Region Region Endpoint Protocol


Name

US East us-east-2 wafv2.us-east-2.amazonaws.com HTTPS


(Ohio)
wafv2-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 wafv2.us-east-1.amazonaws.com HTTPS


Virginia)
wafv2-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 wafv2.us-west-1.amazonaws.com HTTPS


West (N.
California) wafv2-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 wafv2.us-west-2.amazonaws.com HTTPS


(Oregon)
wafv2-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 wafv2.af-south-1.amazonaws.com HTTPS


(Cape
Town) wafv2-fips.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 wafv2.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong wafv2-fips.ap-east-1.amazonaws.com HTTPS
Kong)

Asia ap- wafv2.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) wafv2-fips.ap-south-1.amazonaws.com HTTPS

Asia ap- wafv2.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) wafv2-fips.ap-northeast-2.amazonaws.com HTTPS

Asia ap- wafv2.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) wafv2-fips.ap-southeast-1.amazonaws.com HTTPS

Version 1.0
520
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- wafv2.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) wafv2-fips.ap-southeast-2.amazonaws.com HTTPS

Asia ap- wafv2.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) wafv2-fips.ap-northeast-1.amazonaws.com HTTPS

Canada ca- wafv2.ca-central-1.amazonaws.com HTTPS


(Central) central-1
wafv2-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- wafv2.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
wafv2-fips.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 wafv2.eu-west-1.amazonaws.com HTTPS


(Ireland)
wafv2-fips.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 wafv2.eu-west-2.amazonaws.com HTTPS


(London)
wafv2-fips.eu-west-2.amazonaws.com HTTPS

Europe eu- wafv2.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
wafv2-fips.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 wafv2.eu-west-3.amazonaws.com HTTPS


(Paris)
wafv2-fips.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 wafv2.eu-north-1.amazonaws.com HTTPS


(Stockholm)
wafv2-fips.eu-north-1.amazonaws.com HTTPS

Middle me- wafv2.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) wafv2-fips.me-south-1.amazonaws.com HTTPS

South sa-east-1 wafv2.sa-east-1.amazonaws.com HTTPS


America
(São wafv2-fips.sa-east-1.amazonaws.com HTTPS
Paulo)

AWS us-gov- wafv2.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) wafv2-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- wafv2.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) wafv2-fips.us-gov-west-1.amazonaws.com HTTPS

Version 1.0
521
AWS General Reference Reference guide
Service Quotas

Service Quotas
AWS WAF has default quotas on the number of entities per account. You can request an increase in these
quotas.

Resource Default

Web ACLs per Region 100

Rule groups per Region 100

Web ACL capacity units (WCUs) per web ACL 1,500

WCUs per rule group 1,500

IP sets per Region 100

Requests per second per web ACL (applies only to Application Load Balancers) 10,000

*This quota applies only to AWS WAF on an Application Load Balancer and Amazon API Gateway API.
Requests per Second (RPS) quotas for AWS WAF on CloudFront are the same as the RPS quotas support
by CloudFront described in the Amazon CloudFront Developer Guide.

The following quotas on AWS WAF entities can't be changed.

Resource Default

Maximum number of references (to IP sets and regex pattern sets) per rule group 50

Maximum number of references (to IP sets, regex pattern sets, and rule groups) 50
per web ACL

IP addresses in CIDR notation per IP set 10,000

Unique IP addresses that can be blocked per rate-based rule 10,000

Maximum characters allowed for a string match statement 200

Maximum characters allowed for each regex pattern 200

Unique regex patterns per regex set 10

Regex sets per Region 10

Maximum size of a web request body that can be inspected 8 KB

Maximum number of rate-based rules per account 10

Minimum request rate that can be defined for a rate-based rule 100

These quotas are the same for all Regions in which AWS WAF is available. Each Region is subject to these
quotas individually. That is, the quotas are not cumulative across regions.

Version 1.0
522
AWS General Reference Reference guide
AWS WAF Classic

AWS WAF Classic endpoints and quotas


Note
This page provides information related to AWS WAF Classic. If you created AWS WAF resources,
like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated your
web ACLs over yet, you need to use AWS WAF Classic to access those resources. Otherwise, do
not use this version.
For information related to the latest version of AWS WAF, see AWS WAF endpoints and
quotas (p. 520).

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
AWS WAF Classic for CloudFront distributions has a single endpoint: waf.amazonaws.com. It supports
HTTPS requests only.

Region Region Endpoint Protocol


Name

US East us-east-2 waf.amazonaws.com HTTPS


(Ohio)
waf-fips.amazonaws.com HTTPS

US East (N. us-east-1 waf.amazonaws.com HTTPS


Virginia)
waf-fips.amazonaws.com HTTPS

US us-west-1 waf.amazonaws.com HTTPS


West (N.
California) waf-fips.amazonaws.com HTTPS

US West us-west-2 waf.amazonaws.com HTTPS


(Oregon)
waf-fips.amazonaws.com HTTPS

Africa af-south-1 waf.amazonaws.com HTTPS


(Cape
Town) waf-fips.amazonaws.com HTTPS

Asia ap-east-1 waf.amazonaws.com HTTPS


Pacific
(Hong waf-fips.amazonaws.com HTTPS
Kong)

Asia ap- waf.amazonaws.com HTTPS


Pacific south-1
(Mumbai) waf-fips.amazonaws.com HTTPS

Asia ap- waf.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) waf-fips.amazonaws.com HTTPS

Version 1.0
523
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

Asia ap- waf.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) waf-fips.amazonaws.com HTTPS

Asia ap- waf.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) waf-fips.amazonaws.com HTTPS

Asia ap- waf.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) waf-fips.amazonaws.com HTTPS

Canada ca- waf.amazonaws.com HTTPS


(Central) central-1
waf-fips.amazonaws.com HTTPS

Europe eu- waf.amazonaws.com HTTPS


(Frankfurt) central-1
waf-fips.amazonaws.com HTTPS

Europe eu-west-1 waf.amazonaws.com HTTPS


(Ireland)
waf-fips.amazonaws.com HTTPS

Europe eu-west-2 waf.amazonaws.com HTTPS


(London)
waf-fips.amazonaws.com HTTPS

Europe eu- waf.amazonaws.com HTTPS


(Milan) south-1
waf-fips.amazonaws.com HTTPS

Europe eu-west-3 waf.amazonaws.com HTTPS


(Paris)
waf-fips.amazonaws.com HTTPS

Europe eu-north-1 waf.amazonaws.com HTTPS


(Stockholm)
waf-fips.amazonaws.com HTTPS

Middle me- waf.amazonaws.com HTTPS


East south-1
(Bahrain) waf-fips.amazonaws.com HTTPS

South sa-east-1 waf.amazonaws.com HTTPS


America
(São waf-fips.amazonaws.com HTTPS
Paulo)

AWS us-gov- waf.amazonaws.com HTTPS


GovCloud east-1
(US-East)

AWS us-gov- waf.amazonaws.com HTTPS


GovCloud west-1
(US-West)

Version 1.0
524
AWS General Reference Reference guide
Service Endpoints

AWS WAF Classic for Application Load Balancers and API Gateway APIs has the following endpoints:

Region Region Endpoint Protocol


Name

US East us-east-2 waf-regional.us-east-2.amazonaws.com HTTPS


(Ohio)
waf-regional-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 waf-regional.us-east-1.amazonaws.com HTTPS


Virginia)
waf-regional-fips.us-east-1.amazonaws.com HTTPS

US us-west-1 waf-regional.us-west-1.amazonaws.com HTTPS


West (N.
California) waf-regional-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 waf-regional.us-west-2.amazonaws.com HTTPS


(Oregon)
waf-regional-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 waf-regional.af-south-1.amazonaws.com HTTPS


(Cape
Town) waf-regional-fips.af-south-1.amazonaws.com HTTPS

Asia ap-east-1 waf-regional.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong waf-regional-fips.ap-east-1.amazonaws.com HTTPS
Kong)

Asia ap- waf-regional.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai) waf-regional-fips.ap-south-1.amazonaws.com HTTPS

Asia ap- waf-regional.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul) waf-regional-fips.ap-northeast-2.amazonaws.com HTTPS

Asia ap- waf-regional.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore) waf-regional-fips.ap-southeast-1.amazonaws.com HTTPS

Asia ap- waf-regional.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney) waf-regional-fips.ap-southeast-2.amazonaws.com HTTPS

Asia ap- waf-regional.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo) waf-regional-fips.ap-northeast-1.amazonaws.com HTTPS

Canada ca- waf-regional.ca-central-1.amazonaws.com HTTPS


(Central) central-1
waf-regional-fips.ca-central-1.amazonaws.com HTTPS

Europe eu- waf-regional.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1
waf-regional-fips.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 waf-regional.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
525
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name
waf-regional-fips.eu-west-1.amazonaws.com HTTPS

Europe eu-west-2 waf-regional.eu-west-2.amazonaws.com HTTPS


(London)
waf-regional-fips.eu-west-2.amazonaws.com HTTPS

Europe eu- waf-regional.eu-south-1.amazonaws.com HTTPS


(Milan) south-1
waf-regional-fips.eu-south-1.amazonaws.com HTTPS

Europe eu-west-3 waf-regional.eu-west-3.amazonaws.com HTTPS


(Paris)
waf-regional-fips.eu-west-3.amazonaws.com HTTPS

Europe eu-north-1 waf-regional.eu-north-1.amazonaws.com HTTPS


(Stockholm)
waf-regional-fips.eu-north-1.amazonaws.com HTTPS

Middle me- waf-regional.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain) waf-regional-fips.me-south-1.amazonaws.com HTTPS

South sa-east-1 waf-regional.sa-east-1.amazonaws.com HTTPS


America
(São waf-regional-fips.sa-east-1.amazonaws.com HTTPS
Paulo)

AWS us-gov- waf-regional.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) waf-regional-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- waf-regional.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) waf-regional-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
AWS WAF Classic has default quotas on the number of entities per account. You can request an increase
in these quotas.

Resource Default

Web ACLs per AWS account 50

Rules per AWS account 100

Rate-based-rules per AWS account per Region 5

Conditions per AWS account 100 of each


condition type
(For example: 100
size constraint
conditions, 100 IP
match conditions,
and so on. The

Version 1.0
526
AWS General Reference Reference guide
Service Quotas

Resource Default
exception is regex
match conditions.
You can have
a maximum of
10 regex match
conditions per
account per
Region. This
quota cannot be
increased.)

Requests per Second 10,000 per web


ACL*

*This quota applies only to AWS WAF Classic on an Application Load Balancer and API Gateway. Requests
per Second (RPS) quotas for AWS WAF Classic on CloudFront are the same as the RPS quotas support by
CloudFront described in the Amazon CloudFront Developer Guide.

The following quotas on AWS WAF Classic entities can't be changed.

Resource Default

Rule groups per web ACL 2: 1 customer-


created rule
group and 1 AWS
Marketplace rule
group

Rules per web ACL 10

Conditions per rule 10

IP address ranges (in CIDR notation) per IP match condition 10,000

IP addresses blocked per rate-based rule 10,000

Minimum rate-based rule rate limit per 5 minute period 100

Filters per cross-site scripting match condition 10

Filters per size constraint condition 10

Filters per SQL injection match condition 10

Filters per string match condition 10

In string match conditions, the number of characters in HTTP header names, 40


when you've configured AWS WAF to inspect the headers in web requests for a
specified value

In string match conditions, the number of characters in the value that you want 50
AWS WAF to search for

In regex match conditions, the number of characters in the pattern that you want 70
AWS WAF to search for

In regex match conditions, the number of patterns per pattern set 10

Version 1.0
527
AWS General Reference Reference guide
AWS Well-Architected Tool

Resource Default

In regex match conditions, the number of pattern sets per regex condition 1

The number of pattern sets per AWS account per Region 5

GeoMatchSets per AWS account per Region 50

Locations per GeoMatchSet 50

These quotas are the same for all Regions in which AWS WAF Classic is available. Each Region is subject
to these quotas individually. That is, the quotas are not cumulative across regions.

AWS Well-Architected Tool endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 wellarchitected.us- HTTPS


east-2.amazonaws.com

US East (N. us-east-1 wellarchitected.us- HTTPS


Virginia) east-1.amazonaws.com

US West (N. us-west-1 wellarchitected.us- HTTPS


California) west-1.amazonaws.com

US West (Oregon) us-west-2 wellarchitected.us- HTTPS


west-2.amazonaws.com

Asia Pacific (Hong ap-east-1 wellarchitected.ap- HTTPS


Kong) east-1.amazonaws.com

Asia Pacific ap-south-1 wellarchitected.ap- HTTPS


(Mumbai) south-1.amazonaws.com

Asia Pacific (Seoul) ap-northeast-2 wellarchitected.ap- HTTPS


northeast-2.amazonaws.com

Asia Pacific ap-southeast-1 wellarchitected.ap- HTTPS


(Singapore) southeast-1.amazonaws.com

Asia Pacific ap-southeast-2 wellarchitected.ap- HTTPS


(Sydney) southeast-2.amazonaws.com

Asia Pacific ap-northeast-1 wellarchitected.ap- HTTPS


(Tokyo) northeast-1.amazonaws.com

Version 1.0
528
AWS General Reference Reference guide
Service Quotas

Region Name Region Endpoint Protocol

Canada (Central) ca-central-1 wellarchitected.ca- HTTPS


central-1.amazonaws.com

Europe (Frankfurt) eu-central-1 wellarchitected.eu- HTTPS


central-1.amazonaws.com

Europe (Ireland) eu-west-1 wellarchitected.eu- HTTPS


west-1.amazonaws.com

Europe (London) eu-west-2 wellarchitected.eu- HTTPS


west-2.amazonaws.com

Europe (Paris) eu-west-3 wellarchitected.eu- HTTPS


west-3.amazonaws.com

Europe eu-north-1 wellarchitected.eu- HTTPS


(Stockholm) north-1.amazonaws.com

Middle East me-south-1 wellarchitected.me- HTTPS


(Bahrain) south-1.amazonaws.com

South America sa-east-1 wellarchitected.sa- HTTPS


(São Paulo) east-1.amazonaws.com

Service Quotas
Resource Default

Maximum number of AWS accounts and IAM users 20


that a workload can be shared with

Amazon WorkDocs endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 workdocs.us-east-1.amazonaws.com HTTPS


Virginia)
workdocs-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 workdocs.us-west-2.amazonaws.com HTTPS


(Oregon)
workdocs-fips.us-west-2.amazonaws.com HTTPS

Version 1.0
529
AWS General Reference Reference guide
Amazon WorkLink

Region Region Endpoint Protocol


Name

Asia ap- workdocs.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- workdocs.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- workdocs.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Europe eu-west-1 workdocs.eu-west-1.amazonaws.com HTTPS


(Ireland)

Amazon WorkLink endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 worklink.us- HTTPS


east-1.amazonaws.com

US East (Ohio) us-east-2 worklink.us- HTTPS


east-2.amazonaws.com

US West (Oregon) us-west-2 worklink.us- HTTPS


west-2.amazonaws.com

Europe (Ireland) eu-west-1 worklink.eu- HTTPS


west-1.amazonaws.com

Amazon WorkMail endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Version 1.0
530
AWS General Reference Reference guide
Service Endpoints

Service Endpoints
Region Name Region Service Endpoint

US East (N. Virginia) us-east-1 Amazon WorkMail https://workmail.us-


SDK east-1.amazonaws.com

US East (N. Virginia) us-east-1 Autodiscover autodiscover-service.mail.us-


east-1.awsapps.com

US East (N. Virginia) us-east-1 Exchange Web ews.mail.us-east-1.awsapps.com


Service

US East (N. Virginia) us-east-1 Exchange Active mobile.mail.us-east-1.awsapps.com


Sync

US East (N. Virginia) us-east-1 MAPI Proxy outlook.mail.us-east-1.awsapps.com

US East (N. Virginia) us-east-1 IMAPS imap.mail.us-east-1.awsapps.com

US East (N. Virginia) us-east-1 SMTP via TLS (port smtp.mail.us-east-1.awsapps.com


465)

US West (Oregon) us-west-2 Amazon WorkMail https://workmail.us-


SDK west-2.amazonaws.com

US West (Oregon) us-west-2 Autodiscover autodiscover-service.mail.us-


west-2.awsapps.com

US West (Oregon) us-west-2 Exchange Web ews.mail.us-west-2.awsapps.com


Service

US West (Oregon) us-west-2 Exchange Active mobile.mail.us-west-2.awsapps.com


Sync

US West (Oregon) us-west-2 MAPI Proxy outlook.mail.us-west-2.awsapps.com

US West (Oregon) us-west-2 IMAPS imap.mail.us-west-2.awsapps.com

US West (Oregon) us-west-2 SMTP via TLS (port smtp.mail.us-west-2.awsapps.com


465)

Europe (Ireland) eu-west-1 Amazon WorkMail https://workmail.eu-


SDK west-1.amazonaws.com

Europe (Ireland) eu-west-1 Autodiscover autodiscover-service.mail.eu-


west-1.awsapps.com

Europe (Ireland) eu-west-1 Exchange Web ews.mail.eu-west-1.awsapps.com


Service

Europe (Ireland) eu-west-1 Exchange Active mobile.mail.eu-west-1.awsapps.com


Sync

Europe (Ireland) eu-west-1 MAPI Proxy outlook.mail.eu-west-1.awsapps.com

Europe (Ireland) eu-west-1 IMAPS imap.mail.eu-west-1.awsapps.com

Europe (Ireland) eu-west-1 SMTP via TLS (port smtp.mail.eu-west-1.awsapps.com


465)

Version 1.0
531
AWS General Reference Reference guide
Service Quotas

Service Quotas
For more information, see Amazon WorkMail Quotas.

Amazon WorkSpaces endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 workspaces.us-east-1.amazonaws.com HTTPS


Virginia)
workspaces-fips.us-east-1.amazonaws.com HTTPS

US West us-west-2 workspaces.us-west-2.amazonaws.com HTTPS


(Oregon)
workspaces-fips.us-west-2.amazonaws.com HTTPS

Asia ap- workspaces.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- workspaces.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- workspaces.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- workspaces.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- workspaces.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn- workspaces.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- workspaces.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 workspaces.eu-west-1.amazonaws.com HTTPS


(Ireland)

Europe eu-west-2 workspaces.eu-west-2.amazonaws.com HTTPS


(London)

Version 1.0
532
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

South sa-east-1 workspaces.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- workspaces.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) workspaces-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas

Resource Default

WorkSpaces per Region 1

Graphics WorkSpaces per Region 0

GraphicsPro WorkSpaces per Region 0

Images per Region 40

Connection aliases per Region 20

IP access control groups per Region 100

Rules per IP access control group 10

IP access control groups per directory 25

AWS X-Ray endpoints and quotas


The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 536).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 540).

Service Endpoints

Region Region Endpoint Protocol


Name

US East us-east-2 xray.us-east-2.amazonaws.com HTTPS


(Ohio)
xray-fips.us-east-2.amazonaws.com HTTPS

US East (N. us-east-1 xray.us-east-1.amazonaws.com HTTPS


Virginia)
xray-fips.us-east-1.amazonaws.com HTTPS

Version 1.0
533
AWS General Reference Reference guide
Service Endpoints

Region Region Endpoint Protocol


Name

US us-west-1 xray.us-west-1.amazonaws.com HTTPS


West (N.
California) xray-fips.us-west-1.amazonaws.com HTTPS

US West us-west-2 xray.us-west-2.amazonaws.com HTTPS


(Oregon)
xray-fips.us-west-2.amazonaws.com HTTPS

Africa af-south-1 xray.af-south-1.amazonaws.com HTTPS


(Cape
Town)

Asia ap-east-1 xray.ap-east-1.amazonaws.com HTTPS


Pacific
(Hong
Kong)

Asia ap- xray.ap-south-1.amazonaws.com HTTPS


Pacific south-1
(Mumbai)

Asia ap- xray.ap-northeast-3.amazonaws.com HTTPS


Pacific northeast-3
(Osaka-
Local)

Asia ap- xray.ap-northeast-2.amazonaws.com HTTPS


Pacific northeast-2
(Seoul)

Asia ap- xray.ap-southeast-1.amazonaws.com HTTPS


Pacific southeast-1
(Singapore)

Asia ap- xray.ap-southeast-2.amazonaws.com HTTPS


Pacific southeast-2
(Sydney)

Asia ap- xray.ap-northeast-1.amazonaws.com HTTPS


Pacific northeast-1
(Tokyo)

Canada ca- xray.ca-central-1.amazonaws.com HTTPS


(Central) central-1

China cn-north-1 xray.cn-north-1.amazonaws.com.cn HTTPS


(Beijing)

China cn- xray.cn-northwest-1.amazonaws.com.cn HTTPS


(Ningxia) northwest-1

Europe eu- xray.eu-central-1.amazonaws.com HTTPS


(Frankfurt) central-1

Europe eu-west-1 xray.eu-west-1.amazonaws.com HTTPS


(Ireland)

Version 1.0
534
AWS General Reference Reference guide
Service Quotas

Region Region Endpoint Protocol


Name

Europe eu-west-2 xray.eu-west-2.amazonaws.com HTTPS


(London)

Europe eu- xray.eu-south-1.amazonaws.com HTTPS


(Milan) south-1

Europe eu-west-3 xray.eu-west-3.amazonaws.com HTTPS


(Paris)

Europe eu-north-1 xray.eu-north-1.amazonaws.com HTTPS


(Stockholm)

Middle me- xray.me-south-1.amazonaws.com HTTPS


East south-1
(Bahrain)

South sa-east-1 xray.sa-east-1.amazonaws.com HTTPS


America
(São
Paulo)

AWS us-gov- xray.us-gov-east-1.amazonaws.com HTTPS


GovCloud east-1
(US-East) xray-fips.us-gov-east-1.amazonaws.com HTTPS

AWS us-gov- xray.us-gov-west-1.amazonaws.com HTTPS


GovCloud west-1
(US-West) xray-fips.us-gov-west-1.amazonaws.com HTTPS

Service Quotas
Resource Default Can be increased

Trace and service graph retention 30 days no

Trace data modification 7 days no

(The time to update recorded data at no


additional cost.)

Segment document size 64kB no

Trace document size 100kB-500kB


no

Indexed annotations per trace 50 no

Custom sampling rules per Region 25 no

Groups in an account 25 yes

Tags per group 50 yes

Tags per custom sampling rule 50 yes

Version 1.0
535
AWS General Reference Reference guide
AWS service endpoints

AWS resources
The following pages provide information that helps you work with AWS resources.

Contents
• AWS service endpoints (p. 536)
• Managing AWS Regions (p. 538)
• AWS service quotas (p. 540)
• Tagging AWS resources (p. 541)
• Amazon Resource Names (ARNs) (p. 544)

AWS service endpoints


To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the
entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI)
automatically use the default endpoint for each service in an AWS Region. But you can specify an
alternate endpoint for your API requests.

If a service supports Regions, the resources in each Region are independent of similar resources in other
Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region.
When you do, the instance or queue is independent of instances or queues in all other Regions.

Contents
• Regional endpoints (p. 536)
• View the service endpoints (p. 537)
• FIPS endpoints (p. 538)
• Learn more (p. 538)

Regional endpoints
Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The
general syntax of a Regional endpoint is as follows.

protocol://service-code.region-code.amazonaws.com

For example, https://dynamodb.us-west-2.amazonaws.com is the endpoint for the Amazon


DynamoDB service in the US West (Oregon) Region.

The following table lists the name and code of each Region.

Region Name Code

US East (Ohio) us-east-2

US East (N. Virginia) us-east-1

Version 1.0
536
AWS General Reference Reference guide
View the service endpoints

Region Name Code

US West (N. California) us-west-1

US West (Oregon) us-west-2

Africa (Cape Town) af-south-1

Asia Pacific (Hong Kong) ap-east-1

Asia Pacific (Mumbai) ap-south-1

Asia Pacific (Osaka-Local) ap-northeast-3

Asia Pacific (Seoul) ap-northeast-2

Asia Pacific (Singapore) ap-southeast-1

Asia Pacific (Sydney) ap-southeast-2

Asia Pacific (Tokyo) ap-northeast-1

Canada (Central) ca-central-1

China (Beijing) cn-north-1

China (Ningxia) cn-northwest-1

Europe (Frankfurt) eu-central-1

Europe (Ireland) eu-west-1

Europe (London) eu-west-2

Europe (Milan) eu-south-1

Europe (Paris) eu-west-3

Europe (Stockholm) eu-north-1

Middle East (Bahrain) me-south-1

South America (São Paulo) sa-east-1

Some services, such as IAM, do not support Regions. The endpoints for these services do not include
a Region. Other services, such as Amazon EC2, support Regions but let you specify an endpoint that
does not include a Region, such as https://ec2.amazonaws.com. When you use an endpoint with
no Region, AWS routes the Amazon EC2 request to US East (N. Virginia) (us-east-1), which is the default
Region for API calls.

View the service endpoints


You can view the AWS service endpoints using the following options:

• Open Service endpoints and quotas (p. 16), search for the service name, and click the link to open
the page for that service. To view the supported endpoints for all AWS services in the documentation
without switching pages, view the information in the Service Endpoints and Quotas page in the PDF
instead.
• To programmatically check for service availability using the SDK for Java, see Checking for Service
Availability in an AWS Region in the AWS SDK for Java Developer Guide.

Version 1.0
537
AWS General Reference Reference guide
FIPS endpoints

• To programmatically view Region and service information using Systems Manager, see Calling AWS
Service, Region, and Endpoint Public Parameters in the AWS Systems Manager User Guide. For
information about how to use public parameters, see Query for AWS Regions, Endpoints, and More
Using AWS Systems Manager Parameter Store.
• To see the supported AWS services in each Region (without endpoints), see the Region Table.

FIPS endpoints
Some AWS services offer FIPS endpoints in selected Regions. Unlike standard AWS endpoints, FIPS
endpoints use a TLS software library that complies with Federal Information Processing Standard
(FIPS) 140-2. These endpoints might be required by enterprises that interact with the United States
government. For more information, see Federal Information Processing Standard (FIPS) 140-2 on the
AWS Compliance site.

To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS SDK or tool to
specify a custom endpoint. For example, the AWS Command Line Interface provides the --endpoint-
url option. The following example uses the FIPS endpoint for the US West (Oregon) Region with an
operation for AWS Key Management Service (AWS KMS).

aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com

Minimum TLS version for FIPS endpoints


By March 31, 2021, AWS will revoke the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints and
require a minimum version of TLS 1.2. This change applies to all AWS Regions. No other AWS endpoints
are affected by this change. For more information, see Which AWS Services require a minimum version
of TLS 1.2 for FIPS endpoints on the FIPS page.

AWS encourages you to be proactive in maintaining security standards to avoid impacting availability
and to protect the integrity of data in transit. We recommend that you review your client applications to
confirm that they support TLS 1.2. We recommend that you test TLS 1.2 in a staging environment before
you introduce configuration changes to your applications in production.

Learn more
You can find endpoint information from the following sources:

• To learn about enabling Regions that are disabled by default, see Managing AWS Regions (p. 538).
• For information about the AWS services and endpoints available in the China Regions, see China
(Beijing) Region Endpoints and China (Ningxia) Region Endpoints.
• For information about the AWS services and endpoints available in AWS GovCloud (US), see Service
Endpoints in the AWS GovCloud (US) User Guide.

Managing AWS Regions


An AWS Region is a collection of AWS resources in a geographic area. Each AWS Region is isolated and
independent of the other Regions. Regions provide fault tolerance, stability, and resilience, and can also
reduce latency. They enable you to create redundant resources that remain available and unaffected by a
Regional outage. For a list of Region names and codes, see this table (p. 536).

The resources that you create in one Region do not exist in any other Region unless you explicitly use a
replication feature offered by an AWS service. For example, Amazon S3 and Amazon EC2 support cross-

Version 1.0
538
AWS General Reference Reference guide
Enabling a Region

Region replication. Some services, such as AWS Identity and Access Management (IAM), do not have
Regional resources.

You can use policy conditions to control access to AWS services in an AWS Region. For a table of AWS
services supported in each Region (without endpoints), see the Region Table.

Regions introduced before March 20, 2019 are enabled by default. You can begin creating and managing
resources in these Regions immediately. You cannot enable or disable a Region that is enabled by
default.

Enabling a Region
If a Region is disabled by default, you must enable it before you can create and manage resources. The
following Regions are disabled by default:

• Africa (Cape Town)


• Asia Pacific (Hong Kong)
• Europe (Milan)
• Middle East (Bahrain)

When you enable a Region, AWS performs actions to prepare your account in that Region, such as
distributing your IAM resources to the Region. This process takes a few minutes for most accounts, but
this can take several hours. You cannot use the Region until this process is complete.

Requirements

To enable a Region that is disabled by default, you must have permission to enable Regions. To view an
example IAM policy, see Allow enabling and disabling AWS Regions in the IAM User Guide.

To enable a Region

1. Sign in to the AWS Management Console.


2. In the upper right corner of the console, choose your account name or number and then choose My
Account.
3. In the AWS Regions section, next to the name of the Region that you want to enable, choose
Enable.
4. In the dialog box, review the informational text and choose Enable Region.
5. Wait until the Region is ready to use.

Disabling a Region
After you disable a Region, the resources in this Region are immediately unavailable. However, they are
not deleted. You cannot disable a Region that is enabled by default.

Requirements

• To disable a Region, you must have permission to disable Regions. To view an example IAM policy, see
Allow enabling and disabling AWS Regions in the IAM User Guide.
• Before you disable a Region, we recommend that you remove all resources from that Region. After you
disable a Region, you can no longer view or manage resources in that Region. However, resources in
that Region can continue to incur charges. For more information, see Enabling and disabling Regions in
the AWS Billing and Cost Management User Guide.

Version 1.0
539
AWS General Reference Reference guide
Describing your Regions using the AWS CLI

To disable a Region

1. Sign in to the AWS Management Console.


2. In the upper right corner of the console, choose your account name or number and then choose My
Account.
3. In the AWS Regions section, next to the name of the Region that you want to disable, choose
Disable.
4. In the dialog box, review the informational text and choose Disable Region.

Describing your Regions using the AWS CLI


Use the describe-regions command to describe the Regions available for your account, whether they are
enabled or disabled.

aws ec2 describe-regions --all-regions

If the Region is enabled by default, the output includes the following:

"OptInStatus": "opt-in-not-required"

If the Region is not enabled, the output includes the following:

"OptInStatus": "not-opted-in"

After an opt-in Region is enabled, the output includes the following:

"OptInStatus": "opted-in"

AWS service quotas


Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless
otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other
quotas cannot be increased.

Service Quotas is an AWS service that helps you manage your quotas for over 100 AWS services, from
one location. Along with looking up the quota values, you can also request a quota increase from the
Service Quotas console.

To view your quotas

You can view your quotas using the following options:

• Open the Service endpoints and quotas (p. 16) page in the documentation, search for the service
name, and click the link to go to the page for that service. To view the service quotas for all AWS
services in the documentation without switching pages, view the information in the Service Endpoints
and Quotas page in the PDF instead.
• Open the Service Quotas console. In the navigation pane, choose AWS services and select a service.
• Use the list-service-quotas and list-aws-default-service-quotas AWS CLI commands.

Version 1.0
540
AWS General Reference Reference guide
Tagging AWS resources

To request a quota increase

You can request a quota increase using Service Quotas and AWS Support Center. If a service is not yet
available in Service Quotas, use AWS Support Center instead. Increases are not granted immediately. It
might take a couple of days for your increase to become effective.

• (Recommended) Open the Service Quotas console. In the navigation pane, choose AWS services.
Select a service, select a quota, and follow the directions to request a quota increase. For more
information, see Requesting a Quota Increase in the Service Quotas User Guide.
• Use the request-service-quota-increase AWS CLI command.
• Open the AWS Support Center page, sign in if necessary, and choose Create case. Choose Service limit
increase. Complete and submit the form.

Tagging AWS resources


You can assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a
user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
You can create tags to categorize resources by purpose, owner, environment, or other criteria.
Important
Do not add personally identifiable information (PII) or other confidential or sensitive
information in tags. Tags are accessible to many AWS services, including billing. Tags are not
intended to be used for private or sensitive data.

This topic describes commonly used tagging categories and strategies to help you implement a
consistent and effective tagging strategy. The following sections assume basic knowledge of AWS
resources, tagging, detailed billing, and AWS Identity and Access Management (IAM).

Each tag has two parts:

• A tag key (for example, CostCenter, Environment, or Project). Tag keys are case sensitive.
• A tag value (for example, 111122223333 or Production). Like tag keys, tag values are case sensitive.

You can use tags to categorize resources by purpose, owner, environment, or other criteria. For more
information, see AWS Tagging Strategies.

You can add, change, or remove tags one resource at a time from each resource’s service console, service
API, or the AWS CLI.

Best practices
As you create a tagging strategy for AWS resources, follow best practices:

• Do not store personally identifiable information (PII) or other confidential or sensitive information in
tags.
• Use a standardized, case-sensitive format for tags, and apply it consistently across all resource types.
• Consider tag guidelines that support multiple purposes, like managing resource access control, cost
tracking, automation, and organization.
• Use automated tools to help manage resource tags. AWS Resource Groups and the Resource Groups
Tagging API enable programmatic control of tags, making it easier to automatically manage, search,
and filter tags and resources.
• Use too many tags rather than too few tags.

Version 1.0
541
AWS General Reference Reference guide
Tagging categories

• Remember that it is easy to change tags to accommodate changing business requirements, but
consider the consequences of future changes. For example, changing access control tags means you
must also update the policies that reference those tags and control access to your resources.

Tagging categories
Companies that are most effective in their use of tags typically create business-relevant tag groupings
to organize their resources along technical, business, and security dimensions. Companies that use
automated processes to manage their infrastructure also include additional, automation-specific tags.

Technical Tags Tags for Automation Business Tags Security Tags

• Name – Identify • Date/Time – Identify • Project – Identify • Confidentiality –


individual resources the date or time a projects that the An identifier for
• Application ID – resource should be resource supports the specific data
Identify resources started, stopped, • Owner – Identify who confidentiality level a
that are related to a deleted, or rotated is responsible for the resource supports
specific application • Opt in/Opt out – resource • Compliance –
• Application Role – Indicate whether • Cost Center/Business An identifier for
Describe the function a resource should Unit – Identify workloads that
of a particular be included in an the cost center must adhere to
resource (such as automated activity or business unit specific compliance
web server, message such as starting, associated with a requirements
broker, database) stopping, or resizing resource, typically for
instances cost allocation and
• Cluster – Identify
resource farms that • Security – Determine tracking
share a common requirements, such • Customer – Identify
configuration and as encryption or a specific client that
perform a specific enabling of Amazon a particular group of
function for an VPC flow logs; resources serves
application identify route tables
or security groups
• Environment –
that need extra
Distinguish between
scrutiny
development, test,
and production
resources
• Version – Help
distinguish between
versions of resources
or applications

Tag naming limits and requirements


The following basic naming and usage requirements apply to tags:

• Each resource can have a maximum of 50 user created tags.


Note
System created tags that begin with aws: are reserved for AWS use, and do not count against
this limit. You can't edit or delete a tag that begins with the aws: prefix.
• For each resource, each tag key must be unique, and each tag key can have only one value.
• The tag key must be a minimum of 1 and a maximum of 128 Unicode characters in UTF-8.

Version 1.0
542
AWS General Reference Reference guide
Common tagging strategies

• The tag value must be a minimum of 0 and a maximum of 256 Unicode characters in UTF-8.
Note
Some services don't permit tags with an empty value (length of 0).
• Allowed characters can vary by AWS service. For information about what characters you can use to tag
resources in a particular AWS service, see its documentation. In general, allowed characters in tags are
letters, numbers, spaces representable in UTF-8, and the following characters: _ . : / = + - @ .
• Tag keys and values are case sensitive. As a best practice, decide on a strategy for capitalizing tags,
and consistently implement that strategy across all resource types. For example, decide whether to use
Costcenter, costcenter, or CostCenter, and use the same convention for all tags. Avoid using
similar tags with inconsistent case treatment.

Common tagging strategies


This section describes common tagging strategies to help identify and manage AWS resources.

Tags for resource organization


Tags are a good way to organize AWS resources in the AWS Management Console. You can configure tags
to be displayed with resources, and can search and filter by tag. With the AWS Resource Groups service,
you can create groups of AWS resources based on one or more tags or portions of tags. You can also
create groups based on their occurrence in an AWS CloudFormation stack. Using Resource Groups and
Tag Editor, you can consolidate and view data for applications that consist of multiple services, resources,
and Regions in one place.

Tags for cost allocation


AWS Cost Explorer and detailed billing reports let you break down AWS costs by tag. Typically, you
use business tags such as cost center/business unit, customer, or project to associate AWS costs with
traditional cost-allocation dimensions. But a cost allocation report can include any tag. This lets you
associate costs with technical or security dimensions, such as specific applications, environments, or
compliance programs. The following is an example of a partial cost allocation report.

For some services, you can use an AWS-generated createdBy tag for cost allocation purposes, to help
account for resources that might otherwise go uncategorized. The createdBy tag is available only for
supported AWS services and resources. Its value contains data associated with specific API or console
events. For more information, see AWS-Generated Cost Allocation Tags in the AWS Billing and Cost
Management User Guide.

Tags for automation


Resource or service-specific tags are often used to filter resources during automation activities.
Automation tags are used to opt in or opt out of automated tasks or to identify specific versions of

Version 1.0
543
AWS General Reference Reference guide
Tagging governance

resources to archive, update, or delete. For example, you can run automated start or stop scripts that
turn off development environments during nonbusiness hours to reduce costs. In this scenario, Amazon
Elastic Compute Cloud (Amazon EC2) instance tags are a simple way to identify instances to opt out of
this action. For scripts that find and delete stale, out-of-date, or rolling Amazon EBS snapshots, snapshot
tags can add an extra dimension of search criteria.

Tags for access control


IAM policies support tag-based conditions, letting you constrain IAM permissions based on specific tags
or tag values. For example, IAM user or role permissions can include conditions to limit EC2 API calls to
specific environments (such as development, test, or production) based on their tags. The same strategy
can be used to limit API calls to specific Amazon Virtual Private Cloud (Amazon VPC) networks. Support
for tag-based, resource-level IAM permissions is service specific. When you use tag-based conditions for
access control, be sure to define and restrict who can modify the tags. For more information about using
tags to control API access to AWS resources, see AWS Services That Work with IAM in the IAM User Guide.

Tagging governance
An effective tagging strategy uses standardized tags and applies them consistently and
programmatically across AWS resources. You can use both reactive and proactive approaches for
governing tags in your AWS environment.

• Reactive governance is for finding resources that are not properly tagged using tools such as the
Resource Groups Tagging API, AWS Config Rules, and custom scripts. To find resources manually, you
can use Tag Editor and detailed billing reports.
• Proactive governance uses tools such as AWS CloudFormation, AWS Service Catalog, tag policies in
AWS Organizations, or IAM resource-level permissions to ensure standardized tags are consistently
applied at resource creation.

For example, you can use the AWS CloudFormation Resource Tags property to apply tags to
resource types. In AWS Service Catalog, you can add portfolio and product tags that are combined and
applied to a product automatically when it is launched. More rigorous forms of proactive governance
include automated tasks. For example, you can use the Resource Groups Tagging API to search an AWS
environment’s tags, or run scripts to quarantine or delete improperly tagged resources.

Learn more
This page provides general information on tagging AWS resources. For more information about tagging
resources in a particular AWS service, see its documentation. The following are also good sources of
information about tagging:

• For a list of services that support tagging, see the Resource Groups Tagging API Reference.
• For information about Tag Editor, see Working with Tag Editor in the AWS Resource Groups User Guide.
• For information about using tags to control access to AWS resources, see Control Access Using IAM
Tags in the IAM User Guide.

Amazon Resource Names (ARNs)


Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to
specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database
Service (Amazon RDS) tags, and API calls.

Contents

Version 1.0
544
AWS General Reference Reference guide
Format

• Format (p. 545)


• Resource ARNs (p. 546)

Format
The following are the general formats for ARNs. The specific formats depend on the resource. To use an
ARN, replace the italicized text with the resource-specific information. Be aware that the ARNs for
some resources omit the Region, the account ID, or both the Region and the account ID.

arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id

partition

The partition in which the resource is located. A partition is a group of AWS Regions. Each AWS
account is scoped to one partition.

The following are the supported partitions:


• aws -AWS Regions
• aws-cn - China Regions
• aws-us-gov - AWS GovCloud (US) Regions
service

The service namespace that identifies the AWS product. For example, s3 for Amazon S3 resources.
region

The Region. For example, us-east-2 for US East (Ohio).


account-id

The ID of the AWS account that owns the resource, without the hyphens. For example,
123456789012.
resource-id

The resource identifier. This part of the ARN can be the name or ID of the resource or a resource
path (p. 545). For example, user/Bob for an IAM user or instance/i-1234567890abcdef0 for
an EC2 instance. Some resource identifiers include a parent resource (sub-resource-type/parent-
resource/sub-resource) or a qualifier such as a version (resource-type:resource-name:qualifier).

Paths in ARNs
Resource ARNs can include a path. For example, in Amazon S3, the resource identifier is an object name
that can include slashes (/) to form a path. Similarly, IAM user names and group names can include
paths.

Paths can include a wildcard character, namely an asterisk (*). For example, if you are writing an IAM
policy, you can specify all IAM users that have the path product_1234 using a wildcard as follows:

arn:aws:iam::123456789012:user/Development/product_1234/*

Similarly, you can specify user/* to mean all users or group/* to mean all groups, as in the following
examples:

Version 1.0
545
AWS General Reference Reference guide
Resource ARNs

"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"

You cannot use a wildcard to specify all users in the Principal element in a resource-based policy or a
role trust policy. Groups are not supported as principals in any policy.

The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a
path:

arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*

You cannot use a wildcard in the portion of the ARN that specifies the resource type, such as the term
user in an IAM ARN.

The following is not allowed:

arn:aws:iam::123456789012:u*

Resource ARNs
The documentation for AWS Identity and Access Management (IAM) lists the ARNs supported by each
service for use in resource-level permissions. For more information, see Actions, Resources, and Condition
Keys for AWS Services in the IAM User Guide.

Version 1.0
546
AWS General Reference Reference guide
Download

AWS IP address ranges


Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current
ranges, download the .json file. To maintain history, save successive versions of the .json file on your
system. To determine whether there have been changes since the last time that you saved the file, check
the publication time in the current file and compare it to the publication time in the last file that you
saved.

Contents
• Download (p. 547)
• Syntax (p. 547)
• Filtering the JSON file (p. 549)
• Implementing egress control (p. 551)
• AWS IP address ranges notifications (p. 553)
• Release notes (p. 554)

Download
Download ip-ranges.json.

If you access this file programmatically, it is your responsibility to ensure that the application downloads
the file only after successfully verifying the TLS certificate presented by the server.

Syntax
The syntax of ip-ranges.json is as follows.

{
"syncToken": "0123456789",
"createDate": "yyyy-mm-dd-hh-mm-ss",
"prefixes": [
{
"ip_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
],
"ipv6_prefixes": [
{
"ipv6_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
]
}

syncToken

The publication time, in Unix epoch time format.

Version 1.0
547
AWS General Reference Reference guide
Syntax

Type: String

Example: "syncToken": "1416435608"


createDate

The publication date and time.

Type: String

Example: "createDate": "2014-11-19-23-29-02"


prefixes

The IP prefixes for the IPv4 address ranges.

Type: Array
ipv6_prefixes

The IP prefixes for the IPv6 address ranges.

Type: Array
ip_prefix

The public IPv4 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges. For example, prefix 96.127.0.0/17 in the file may be advertised as 96.127.0.0/21,
96.127.8.0/21, 96.127.32.0/19, and 96.127.64.0/18.

Type: String

Example: "ip_prefix": "198.51.100.2/24"


ipv6_prefix

The public IPv6 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges.

Type: String

Example: "ipv6_prefix": "2001:db8:1234::/64"


network_border_group

The name of the network border group, which is a unique set of Availability Zones or Local Zones
from where AWS advertises IP addresses.

Type: String

Example: "network_border_group": "us-west-2-lax-1"


region

The AWS Region or GLOBAL for edge locations. The CLOUDFRONT and ROUTE53 ranges are GLOBAL.

Type: String

Valid values: ap-east-1 | ap-northeast-1 | ap-northeast-2 | ap-northeast-3 | ap-south-1


| ap-southeast-1 | ap-southeast-2 | ca-central-1 | cn-north-1 | cn-northwest-1 | eu-
central-1 | eu-north-1 | eu-west-1 | eu-west-2 | eu-west-3 | sa-east-1 | us-east-1 |
us-east-2 | us-gov-east-1 | us-gov-west-1 | us-west-1 | us-west-2 | GLOBAL

Example: "region": "us-east-1"

Version 1.0
548
AWS General Reference Reference guide
Filtering the JSON file

service

The subset of IP address ranges. The addresses listed for API_GATEWAY are egress only. Specify
AMAZON to get all IP address ranges (meaning that every subset is also in the AMAZON subset).
However, some IP address ranges are only in the AMAZON subset (meaning that they are not also
available in another subset).

Type: String

Valid values: AMAZON | AMAZON_APPFLOW | AMAZON_CONNECT | API_GATEWAY | CHIME_MEETINGS


| CHIME_VOICECONNECTOR | CLOUD9 | CLOUDFRONT | CODEBUILD | DYNAMODB | EC2 |
EC2_INSTANCE_CONNECT | GLOBALACCELERATOR | KINESIS_VIDEO_STREAMS | ROUTE53 |
ROUTE53_HEALTHCHECKS | S3 | WORKSPACES_GATEWAYS

Example: "service": "AMAZON"

Filtering the JSON file


You can download a command line tool to help you filter the information to just what you are looking
for.

Windows
The AWS Tools for Windows PowerShell includes a cmdlet, Get-AWSPublicIpAddressRange, to parse
this JSON file. The following examples demonstrate its use. For more information, see Querying the
Public IP Address Ranges for AWS and Get-AWSPublicIpAddressRange.

Example 1. Get the creation date

PS C:\> Get-AWSPublicIpAddressRange -OutputPublicationDate

Wednesday, August 22, 2018 9:22:35 PM

Example 2. Get the information for a specific Region

PS C:\> Get-AWSPublicIpAddressRange -Region us-east-1

IpPrefix Region NetworkBorderGroup Service


-------- ------ ------- -------
23.20.0.0/14 us-east-1 us-east-1 AMAZON
50.16.0.0/15 us-east-1 us-east-1 AMAZON
50.19.0.0/16 us-east-1 us-east-1 AMAZON
...

Example 3. Get all IP addresses

PS C:\> (Get-AWSPublicIpAddressRange).IpPrefix
23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...
2406:da00:ff00::/64
2600:1fff:6000::/40
2a01:578:3::/64
2600:9000::/28

Version 1.0
549
AWS General Reference Reference guide
Linux

Example 4. Get all IPv4 addresses

PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select


IpPrefix

IpPrefix
--------
23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...

Example 5. Get all IPv6 addresses

PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv6"} | select


IpPrefix

IpPrefix
--------
2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...

Example 6. Get all IP addresses for a specific service

PS C:\> Get-AWSPublicIpAddressRange -ServiceKey CODEBUILD | select IpPrefix

IpPrefix
--------
52.47.73.72/29
13.55.255.216/29
52.15.247.208/29
...

Linux
The following example commands use the jq tool to parse a local copy of the JSON file.

Example 1. Get the creation date

$ jq .createDate < ip-ranges.json

"2016-02-18-17-22-15"

Example 2. Get the information for a specific Region

$ jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json

{
"ip_prefix": "23.20.0.0/14",
"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "50.16.0.0/15",
"region": "us-east-1",
"network_border_group": "us-east-1",

Version 1.0
550
AWS General Reference Reference guide
Implementing egress control

"service": "AMAZON"
},
{
"ip_prefix": "50.19.0.0/16",
"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
...

Example 3. Get all IPv4 addresses

$ jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json

23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...

Example 4. Get all IPv6 addresses

$ jq -r '.ipv6_prefixes | .[].ipv6_prefix' < ip-ranges.json

2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...

Example 5. Get all IPv4 addresses for a specific service

$ jq -r '.prefixes[] | select(.service=="CODEBUILD") | .ip_prefix' < ip-ranges.json

52.47.73.72/29
13.55.255.216/29
52.15.247.208/29
...

Example 6. Get all IPv4 addresses for a specific service in a specific Region

$ jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="CODEBUILD")


| .ip_prefix' < ip-ranges.json

34.228.4.208/28

Example 7. Get information for a certain network border group

$ jq -r '.prefixes[] | select(.region=="us-west-2") | select(.network_border_group=="us-


west-2-lax-1") | .ip_prefix' < ip-ranges.json

us-west-2-lax-1

Implementing egress control


To allow an instance to access only AWS services, create a security group with rules that allow outbound
traffic to the CIDR blocks in the AMAZON list, minus the CIDR blocks that are also in the EC2 list. IP
addresses in the EC2 list can be assigned to EC2 instances.

Version 1.0
551
AWS General Reference Reference guide
Windows PowerShell

Windows PowerShell
The following PowerShell example shows you how to get the IP addresses that are in the AMAZON list but
not the EC2 list. Copy the script and save it in a file named Select_address.ps1.

$amazon_addresses = Get-AWSPublicIpAddressRange -ServiceKey amazon


$ec2_addresses = Get-AWSPublicIpAddressRange -ServiceKey ec2

ForEach ($address in $amazon_addresses)


{
if( $ec2_addresses.IpPrefix -notcontains $address.IpPrefix)
{
($address).IpPrefix
}
}

You can run this script as follows:

PS C:\> .\Select_address.ps1
13.32.0.0/15
13.35.0.0/16
13.248.0.0/20
13.248.16.0/21
13.248.24.0/22
13.248.28.0/22
27.0.0.0/22
43.250.192.0/24
43.250.193.0/24
...

jq
The following example shows you how to get the IP addresses that are in the AMAZON list but not the
EC2 list, for all Regions:

jq -r '[.prefixes[] | select(.service=="AMAZON").ip_prefix] - [.prefixes[] |


select(.service=="EC2").ip_prefix] | .[]' < ip-ranges.json

52.94.22.0/24
52.94.17.0/24
52.95.154.0/23
52.95.212.0/22
54.239.0.240/28
54.239.54.0/23
52.119.224.0/21
...

The following example shows you how to filter the results to one Region:

jq -r '[.prefixes[] | select(.region=="us-east-1" and .service=="AMAZON").ip_prefix] -


[.prefixes[] | select(.region=="us-east-1" and .service=="EC2").ip_prefix] | .[]' < ip-
ranges.json

Python
The following python script shows you how to get the IP addresses that are in the AMAZON list but not
the EC2 list. Copy the script and save it in a file named get_ips.py.

Version 1.0
552
AWS General Reference Reference guide
AWS IP address ranges notifications

#!/usr/bin/env python
import requests

ip_ranges = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json').json()
['prefixes']
amazon_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "AMAZON"]
ec2_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "EC2"]

amazon_ips_less_ec2=[]

for ip in amazon_ips:
if ip not in ec2_ips:
amazon_ips_less_ec2.append(ip)

for ip in amazon_ips_less_ec2: print(str(ip))

You can run this script as follows:

$ python ./get_ips.py
13.32.0.0/15
13.35.0.0/16
13.248.0.0/20
13.248.16.0/21
13.248.24.0/22
13.248.28.0/22
27.0.0.0/22
43.250.192.0/24
43.250.193.0/24
...

AWS IP address ranges notifications


Whenever there is a change to the AWS IP address ranges, we send notifications to subscribers of the
AmazonIpSpaceChanged topic. The payload contains information in the following format:

{
"create-time":"yyyy-mm-ddThh:mm:ss+00:00",
"synctoken":"0123456789",
"md5":"6a45316e8bc9463c9e926d5d37836d33",
"url":"https://ip-ranges.amazonaws.com/ip-ranges.json"
}

create-time

The creation date and time.

Notifications could be delivered out of order. Therefore, we recommend that you check the
timestamps to ensure the correct order.
synctoken

The publication time, in Unix epoch time format.


md5

The cryptographic hash value of the ip-ranges.json file. You can use this value to check whether
the downloaded file is corrupted.
url

The location of the ip-ranges.json file.

Version 1.0
553
AWS General Reference Reference guide
Release notes

If you want to be notified whenever there is a change to the AWS IP address ranges, you can subscribe as
follows to receive notifications using Amazon SNS.

To subscribe to AWS IP address range notifications

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.


2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must select this
Region because the SNS notifications that you are subscribing to were created in this Region.
3. In the navigation pane, choose Subscriptions.
4. Choose Create subscription.
5. In the Create subscription dialog box, do the following:

a. For Topic ARN, copy the following Amazon Resource Name (ARN):

arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged

b. For Protocol, choose the protocol to use (for example, Email).


c. For Endpoint, type the endpoint to receive the notification (for example, your email address).
d. Choose Create subscription.
6. You'll be contacted on the endpoint that you specified and asked to confirm your subscription. For
example, if you specified an email address, you'll receive an email message with the subject line
AWS Notification - Subscription Confirmation. Follow the directions to confirm your
subscription.

Notifications are subject to the availability of the endpoint. Therefore, you might want to check the
JSON file periodically to ensure that you've got the latest ranges. For more information about Amazon
SNS reliability, see https://aws.amazon.com/sns/faqs/#Reliability.

If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from AWS IP address ranges notifications

1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.


2. In the navigation pane, choose Subscriptions.
3. Select the check box for the subscription.
4. Choose Actions, Delete subscriptions.
5. When prompted for confirmation, choose Delete.

For more information about Amazon SNS, see the Amazon Simple Notification Service Developer Guide.

Release notes
The following table describes updates to the AWS IP address ranges. We also add new Region codes with
each Region launch.

Description Release date

Added the KINESIS_VIDEO_STREAMS service November 19, 2020


code.

Added the CHIME_MEETINGS and June 19, 2020


CHIME_VOICECONNECTOR service codes.

Version 1.0
554
AWS General Reference Reference guide
Release notes

Description Release date

Added the AMAZON_APPFLOW service code. June 9, 2020

Add support for the network border group. April 7, 2020

Added the WORKSPACES_GATEWAYS service code. March 30, 2020

Added the API_GATEWAY service code. September 26, 2019

Added the EC2_INSTANCE_CONNECT service June 26, 2019


code.

Added the DYNAMODB service code. April 25, 2019

Added the GLOBALACCELERATOR service code. December 20, 2018

Added the AMAZON_CONNECT service code. June 20, 2018

Added the CLOUD9 service code. June 20, 2018

Added the CODEBUILD service code. April 19, 2018

Added the S3 service code. February 28, 2017

Added support for IPv6 address ranges. August 22, 2016

Initial release November 19, 2014

Version 1.0
555
AWS General Reference Reference guide
API retries

AWS APIs
The following pages provide information that is useful when using an AWS API.

Contents
• Error retries and exponential backoff in AWS (p. 556)
• Signing AWS API requests (p. 558)
• AWS SDK support for Amazon S3 client-side encryption (p. 599)

Error retries and exponential backoff in AWS


Numerous components on a network, such as DNS servers, switches, load balancers, and others can
generate errors anywhere in the life of a given request. The usual technique for dealing with these error
responses in a networked environment is to implement retries in the client application. This technique
increases the reliability of the application and reduces operational costs for the developer.

Each AWS SDK implements automatic retry logic. The AWS SDK for Java automatically retries requests,
and you can configure the retry settings using the ClientConfiguration class. For example, you
might want to turn off the retry logic for a web page that makes a request with minimal latency and no
retries. Use the ClientConfiguration class and provide a maxErrorRetry value of 0 to turn off the
retries.

If you're not using an AWS SDK, you should retry original requests that receive server (5xx) or throttling
errors. However, client errors (4xx) indicate that you need to revise the request to correct the problem
before trying again.

In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow
control. The idea behind exponential backoff is to use progressively longer waits between retries for
consecutive error responses. You should implement a maximum delay interval, as well as a maximum
number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed
values, and should be set based on the operation being performed, as well as other local factors, such as
network latency.

Most exponential backoff algorithms use jitter (randomized delay) to prevent successive collisions.
Because you aren't trying to avoid such collisions in these cases, you don't need to use this random
number. However, if you use concurrent clients, jitter can help your requests succeed faster. For more
information, see the blog post for Exponential Backoff and Jitter.

The following pseudo code shows one way to poll for a status using an incremental delay.

Do some asynchronous operation.

retries = 0

DO
wait for (2^retries * 100) milliseconds

status = Get the result of the asynchronous operation.

IF status = SUCCESS
retry = false
ELSE IF status = NOT_READY
retry = true
ELSE IF status = THROTTLED

Version 1.0
556
AWS General Reference Reference guide
API retries

retry = true
ELSE
Some other error occurred, so stop calling the API.
retry = false
END IF

retries = retries + 1

WHILE (retry AND (retries < MAX_RETRIES))

The following code demonstrates how to implement this incremental delay in Java.

public enum Results {


SUCCESS,
NOT_READY,
THROTTLED,
SERVER_ERROR
}

/*
* Performs an asynchronous operation, then polls for the result of the
* operation using an incremental delay.
*/
public static void doOperationAndWaitForResult() {
// Do some asynchronous operation.
long token = asyncOperation();

int retries = 0;
boolean retry = false;

do {
long waitTime = Math.min(getWaitTimeExp(retries), MAX_WAIT_INTERVAL);
System.out.print(waitTime + "\n");

try {
// Wait for the result.
Thread.sleep(waitTime);

// Get the result of the asynchronous operation.


Results result = getAsyncOperationResult(token);

if (Results.SUCCESS == result) {
retry = false;
} else if (Results.NOT_READY == result) {
retry = true;
} else if (Results.THROTTLED == result) {
retry = true;
} else if (Results.SERVER_ERROR == result) {
retry = true;
} else {
// Some other error occurred, so stop calling the API.
retry = false;
}

} catch (IllegalArgumentException | InterruptedException e) {


System.out.println("Error sleeping thread: " + e.getMessage());
} catch (IOException e) {
System.out.println("Error retrieving result: " + e.getMessage());
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
} while (retry && (retries++ < MAX_RETRIES));
}

/*

Version 1.0
557
AWS General Reference Reference guide
Signing AWS API requests

* Returns the next wait interval, in milliseconds, using an exponential


* backoff algorithm.
*/
public static long getWaitTimeExp(int retryCount) {
if (0 == retryCount) {
return 0;
}

long waitTime = ((long) Math.pow(2, retryCount) * 100L);

return waitTime;
}

Signing AWS API requests


When you send HTTP requests to AWS, you sign the requests so that AWS can identify who sent them.
You sign requests with your AWS access key, which consists of an access key ID and secret access key.
Some requests do not need to be signed, such as anonymous requests to Amazon Simple Storage
Service (Amazon S3) and some API operations in AWS Security Token Service (AWS STS) such as
AssumeRoleWithWebIdentity.
Note
You need to learn how to sign HTTP requests only when you manually create them. When you
use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to make requests to
AWS, these tools automatically sign the requests for you with the access key that you specify
when you configure the tools. When you use these tools, you don't need to learn how to sign
requests yourself.
To learn how to create, view, and download access key IDs and secret access keys, see
Programmatic access (p. 5).

When to sign requests


When you write custom code to send HTTP requests to AWS, you need to include code to sign the
requests. You might do this for the following reasons:

• You are working with a programming language for which there is no AWS SDK.
• You want complete control over how a request is sent to AWS.

You don't need to sign a request when you use the AWS Command Line Interface (AWS CLI) or one of the
AWS SDKs. These tools manage the connection details, such as calculating signatures, handling request
retries, and error handling. In most cases, they also contain sample code, tutorials, and other resources to
help you get started writing applications that interact with AWS.

Why requests are signed


The signing process helps secure requests in the following ways:

• Verify the identity of the requester

Signing makes sure that the request has been sent by someone with a valid access key. For more
information, see Understanding and getting your AWS credentials (p. 3).
• Protect data in transit

To prevent tampering with a request while it's in transit, some of the request elements are used to
calculate a hash (digest) of the request, and the resulting hash value is included as part of the request.

Version 1.0
558
AWS General Reference Reference guide
Signing requests

When an AWS service receives the request, it uses the same information to calculate a hash and
matches it against the hash value in your request. If the values don't match, AWS denies the request.
• Protect against potential replay attacks

In most cases, a request must reach AWS within five minutes of the time stamp in the request.
Otherwise, AWS denies the request.

Signing requests
To sign a request, you first calculate a hash (digest) of the request. Then you use the hash value, some
other information from the request, and your secret access key to calculate another hash known as the
signature. Then you add the signature to the request in one of the following ways:

• Using the HTTP Authorization header.


• Adding a query string value to the request. Because the signature is part of the URL in this case, this
type of URL is called a presigned URL.

Signature versions
AWS supports two signature versions: Signature Version 4 and Signature Version 2. You should use
Signature Version 4. All AWS services support Signature Version 4, except Amazon SimpleDB which
requires Signature Version 2. For AWS services that support both versions, we recommend that you use
Signature Version 4.

All AWS Regions support Signature Version 4.

Version 1.0
559
AWS General Reference Reference guide
Signature Version 4 signing process

Signature Version 4 signing process


Signature Version 4 is the process to add authentication information to AWS requests sent by HTTP. For
security, most requests to AWS must be signed with an access key, which consists of an access key ID and
secret access key. These two keys are commonly referred to as your security credentials. For details on
how to obtain credentials for your account, see Understanding and getting your AWS credentials (p. 3).
Important
When you use the AWS Command Line Interface (AWS CLI) or one of the AWS SDKs to
make requests to AWS, these tools automatically sign the requests for you with the security
credentials you specify when you configure the tools. When you use these tools, you don't need
to learn how to sign requests yourself. However, when you manually create HTTP requests to
access AWS services, you must sign requests that require signing yourself.

How Signature Version 4 works

1. Create a canonical request.


2. Use the canonical request and additional metadata to create a string for signing.
3. Derive a signing key from your AWS secret access key. Then use the signing key, and the string from
the previous step, to create a signature.
4. Add the resulting signature to the HTTP request in a header or as a query string parameter.

When an AWS service receives the request, it performs the same steps that you did to calculate the
signature you sent in your request. AWS then compares its calculated signature to the one you sent with
the request. If the signatures match, the request is processed. If the signatures don't match, the request
is denied.

For more information, see the following resources:

• To get started with the signing process, see Signing AWS requests with Signature Version 4 (p. 563).
• For sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 582).
• If you have questions about Signature Version 4, post your question in the AWS Identity and Access
Management forum.

Version 1.0
560
AWS General Reference Reference guide
Signature Version 4 signing process

Changes in Signature Version 4


Signature Version 4 is the current AWS signing protocol. It includes several changes from the previous
Signature Version 2:

• To sign your message, you use a signing key that is derived from your secret access key rather than
using the secret access key itself. For more information about deriving keys, see Task 3: Calculate the
signature for AWS Signature Version 4 (p. 574).
• You derive your signing key from the credential scope, which means that you don't need to include the
key itself in the request. Credential scope is represented by a slash-separated string of dimensions in
the following order:
1. Date information as an eight-digit string representing the year (YYYY), month (MM), and day (DD)
of the request (for example, 20150830). For more information about handling dates, see Handling
dates in Signature Version 4 (p. 578).
2. Region information as a lowercase alphanumeric string. Use the Region name that is part of the
service's endpoint. For services with a globally unique endpoint such as IAM, use us-east-1.
3. Service name information as a lowercase alphanumeric string (for example, iam). Use the
service name that is part of the service's endpoint. For example, the IAM endpoint is https://
iam.amazonaws.com, so you use the string iam as part of the Credential parameter.
4. A special termination string: aws4_request.
• You use the credential scope in each signing task:
• If you add signing information to the query string, include the credential scope as part of the X-
Amz-Credential parameter when you create the canonical request in Task 1: Create a canonical
request for Signature Version 4 (p. 566).
• You must include the credential scope as part of your string to sign in Task 2: Create a string to sign
for Signature Version 4 (p. 572).
• Finally, you use the date, Region, and service name components of the credential scope to derive
your signing key in Task 3: Calculate the signature for AWS Signature Version 4 (p. 574).

Version 1.0
561
AWS General Reference Reference guide
Signature Version 4 signing process

Elements of an AWS Signature Version 4 request


Each HTTP/HTTPS request that uses version 4 signing must contain these elements.

• Endpoint Specification
• Action
• Required and Optional Parameters
• Date
• Authentication Parameters

Endpoint specification
This is specified as the Host header in HTTP/1.1 requests. This header specifies the DNS name of the
computer to which you send the request, like dynamodb.us-east-1.amazonaws.com.

You must include the Host header with HTTP/1.1 requests. For HTTP/2 requests, you can use the
:authority header or the Host header. Use only the :authority header for compliance with the
HTTP/2 specification. Not all services support HTTP/2 requests, so check the service documentation for
details.

The endpoint usually contains the service name and Region, both of which you must use as part of the
Credential authentication parameter. For example, the Amazon DynamoDB endpoint for the eu-
west-1 Region is dynamodb.eu-west-1.amazonaws.com. If you don't specify a Region, a web service
uses the default Region, us-east-1. If you use a service like IAM that uses a globally unique endpoint,
use the default Region (us-east-1), as part of the Credential authentication parameter (described
later in this topic).

For a complete list of endpoints supported by AWS, see Regions and Endpoints.

Action
This element specifies the action that you want a web service to perform, such as the DynamoDB
CreateTable action or the Amazon EC2 DescribeInstances action. The specified action determines
the parameters used in the request. For query APIs, the action is an API name. For non-query APIs (such
as RESTful APIs), see the service documentation for the appropriate actions.

Required and optional parameters


This element specifies the parameters to the request action. Each action in a web service has a set of
required and optional parameters that define an API call. The API version is usually a required parameter.
See the service documentation for the details of required and optional parameters.

Date
This is the date and time at which you make the request. Including the date in the request helps prevent
third parties from intercepting your request and resubmitting it later. The date is specified using the
ISO8601 Basic format via the x-amz-date header in the YYYYMMDD'T'HHMMSS'Z' format.

Authentication parameters
Each request that you send must include the following set of parameters that AWS uses to ensure the
validity and authenticity of the request.

• Algorithm. The hash algorithm that you're using as part of the signing process. For example, if you use
SHA-256 to create hashes, use the value AWS4-HMAC-SHA256.

Version 1.0
562
AWS General Reference Reference guide
Signature Version 4 signing process

• Credential scope. A string separated by slashes ("/") that is formed by concatenating your access key
ID and your credential scope components. Credential scope includes the date in YYYYMMDD format,
the AWS Region, the service name, and a special termination string (aws4_request). For example, the
following string represents the Credential parameter for an IAM request in the us-east-1 Region.

AKIAIOSFODNN7EXAMPLE/20111015/us-east-1/iam/aws4_request
Important
You must use lowercase characters for the Region, service name, and special termination
string.
• SignedHeaders A list delimited by semicolons (";") of HTTP/HTTPS headers to include in the signature.
• Signature A hexadecimal-encoded string that represents the output of the signature operation
described in Task 3: Calculate the signature for AWS Signature Version 4 (p. 574). You must calculate
the signature using the algorithm that you specified in the Algorithm parameter.

To view sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 582).

Signing AWS requests with Signature Version 4


This section explains how to create a signature and add it to an HTTP request to AWS.

Summary of signing steps


To create a signed request, complete the following:

• Task 1: Create a canonical request for Signature Version 4 (p. 566)

Arrange the contents of your request (host, action, headers, etc.) into a standard (canonical) format.
The canonical request is one of the inputs used to create a string to sign.
• Task 2: Create a string to sign for Signature Version 4 (p. 572)

Create a string to sign with the canonical request and extra information such as the algorithm, request
date, credential scope, and the digest (hash) of the canonical request.
• Task 3: Calculate the signature for AWS Signature Version 4 (p. 574)

Derive a signing key by performing a succession of keyed hash operations (HMAC operations) on the
request date, Region, and service, with your AWS secret access key as the key for the initial hashing
operation. After you derive the signing key, you then calculate the signature by performing a keyed
hash operation on the string to sign. Use the derived signing key as the hash key for this operation.
• Task 4: Add the signature to the HTTP request (p. 576)

After you calculate the signature, add it to an HTTP header or to the query string of the request.

Important
The AWS SDKs handle the signature calculation process for you, so you do not have to manually
complete the signing process. For more information, see Tools for Amazon Web Services.

Version 1.0
563
AWS General Reference Reference guide
Signature Version 4 signing process

Additional resources

The following resources illustrate aspects of the signing process:

• Examples of how to derive a signing key for Signature Version 4 (p. 579). This page shows how to
derive a signing key using Java, C#, Python, Ruby, and JavaScript.
• Examples of the complete Signature Version 4 signing process (Python) (p. 582). This set of programs
in Python provide complete examples of the signing process. The examples show signing with a POST
request, with a GET request that has signing information in a request header, and with a GET request
that has signing information in the query string.

What signing looks like in a request


The following example shows what an HTTPS request might look like as it is sent from your client to
AWS, without any signing information.

GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1


Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: iam.amazonaws.com
X-Amz-Date: 20150830T123600Z

After you complete the signing tasks, you add the authentication information to the request. You can
add the authentication information in two ways:

Authorization header

You can add the authentication information to the request with an Authorization header. Although
the HTTP header is named Authorization, the signing information is actually used for authentication
to establish who the request came from.

The Authorization header includes the following information:

• Algorithm you used for signing (AWS4-HMAC-SHA256)


• Credential scope (with your access key ID)
• List of signed headers
• Calculated signature. The signature is based on your request information, and you use your AWS secret
access key to produce the signature. The signature confirms your identity to AWS.

The following example shows what the preceding request might look like after you've created the
signing information and added it to the request in the Authorization header.

Note that in the actual request, the Authorization header would appear as a continuous line of text.
The version below has been formatted for readability.

GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1


Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
content-type: application/x-www-form-urlencoded; charset=utf-8
host: iam.amazonaws.com
x-amz-date: 20150830T123600Z

Query string

Version 1.0
564
AWS General Reference Reference guide
Signature Version 4 signing process

As an alternative to adding authentication information with an HTTP request header, you can include it
in the query string. The query string contains everything that is part of the request, including the name
and parameters for the action, the date, and the authentication information.

The following example shows how you might construct a GET request with the action and authentication
information in the query string.

(In the actual request, the query string would appear as a continuous line of text. The version below has
been formatted with line breaks for readability.)

GET https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60
&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02 HTTP/1.1
content-type: application/x-www-form-urlencoded; charset=utf-8
host: iam.amazonaws.com

GET and POST requests in the Query API


The query API that many AWS services support lets you make requests using either HTTP GET or POST.
(In the query API, you can use GET even if you're making requests that change state; that is, the query
API is not inherently RESTful.) Because GET requests pass parameters on the query string, they are
limited to the maximum length of a URL. If a request includes a large payload (for example, you might
upload a large IAM policy or send many parameters in JSON format for a DynamoDB request), you
generally use a POST request.

The signing process is the same for both types of requests.

Version 1.0
565
AWS General Reference Reference guide
Signature Version 4 signing process

Task 1: Create a canonical request for Signature Version 4


To begin the signing process, create a string that includes information from your request in a
standardized (canonical) format. This ensures that when AWS receives the request, it can calculate the
same signature that you calculated.

Follow the steps here to create a canonical version of the request. Otherwise, your version and the
version calculated by AWS won't match, and the request will be denied.

The following example shows the pseudocode to create a canonical request.

Example Canonical request pseudocode

CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))

In this pseudocode, Hash represents a function that produces a message digest, typically SHA-256. (Later
in the process, you specify which hashing algorithm you're using.) HexEncode represents a function
that returns the base-16 encoding of the digest in lowercase characters. For example, HexEncode("m")
returns the value 6d rather than 6D. Each input byte must be represented as exactly two hexadecimal
characters.

Signature Version 4 does not require that you use a particular character encoding to encode the
canonical request. However, some AWS services might require a specific encoding. For more information,
consult the documentation for that service.

The following examples show how to construct the canonical form of a request to IAM. The original
request might look like this as it is sent from the client to AWS, except that this example does not include
the signing information yet.

Example Request

GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1


Host: iam.amazonaws.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20150830T123600Z

The preceding example request is a GET request (method) that makes a ListUsers API (action) call to
AWS Identity and Access Management (host). This action takes the Version parameter.

To create a canonical request, concatenate the following components from each step into a
single string:

1. Start with the HTTP request method (GET, PUT, POST, etc.), followed by a newline character.

Example Request method

GET

2. Add the canonical URI parameter, followed by a newline character. The canonical URI is the URI-
encoded version of the absolute path component of the URI, which is everything in the URI from the
HTTP host to the question mark character ("?") that begins the query string parameters (if any).

Version 1.0
566
AWS General Reference Reference guide
Signature Version 4 signing process

Normalize URI paths according to RFC 3986. Remove redundant and relative path components. Each
path segment must be URI-encoded twice (except for Amazon S3 which only gets URI-encoded
once).

Example Canonical URI with encoding

/documents%2520and%2520settings/

Note
In exception to this, you do not normalize URI paths for requests to Amazon S3.
For example, if you have a bucket with an object named my-object//example//
photo.user, use that path. Normalizing the path to my-object/example/photo.user
will cause the request to fail. For more information, see Task 1: Create a Canonical Request
in the Amazon Simple Storage Service API Reference.

If the absolute path is empty, use a forward slash (/). In the example IAM request, nothing follows
the host in the URI, so the absolute path is empty.

Example Canonical URI

3. Add the canonical query string, followed by a newline character. If the request does not include a
query string, use an empty string (essentially, a blank line). The example request has the following
query string.

Example Canonical query string

Action=ListUsers&Version=2010-05-08

To construct the canonical query string, complete the following steps:

a. Sort the parameter names by character code point in ascending order. Parameters with
duplicate names should be sorted by value. For example, a parameter name that begins with
the uppercase letter F precedes a parameter name that begins with a lowercase letter b.
b. URI-encode each parameter name and value according to the following rules:

• Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9,
hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
• Percent-encode all other characters with %XY, where X and Y are hexadecimal characters (0-9
and uppercase A-F). For example, the space character must be encoded as %20 (not using '+',
as some encoding schemes do) and extended UTF-8 characters must be in the form %XY%ZA
%BC.
• Double-encode any equals ( = ) characters in parameter values.
c. Build the canonical query string by starting with the first parameter name in the sorted list.
d. For each parameter, append the URI-encoded parameter name, followed by the equals
sign character (=), followed by the URI-encoded parameter value. Use an empty string for
parameters that have no value.
e. Append the ampersand character (&) after each parameter value, except for the last value in the
list.

One option for the query API is to put all request parameters in the query string. For example, you
can do this for Amazon S3 to create aVersion
presigned
1.0 URL. In that case, the canonical query string must
567
AWS General Reference Reference guide
Signature Version 4 signing process

include not only parameters for the request, but also the parameters used as part of the signing
process—the hashing algorithm, credential scope, date, and signed headers parameters.

The following example shows a query string that includes authentication information. The example
is formatted with line breaks for readability, but the canonical query string must be one continuous
line of text in your code.

Example Authentication parameters in a query string

Action=ListUsers&
Version=2010-05-08&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request&
X-Amz-Date=20150830T123600Z&
X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date

For more information about authentication parameters, see Task 2: Create a string to sign for
Signature Version 4 (p. 572).
Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you add signing information to the query string you must add an additional query
parameter for the security token. The parameter name is X-Amz-Security-Token, and
the parameter's value is the URI-encoded session token (the string you received from AWS
STS when you obtained temporary security credentials).
For some services, you must include the X-Amz-Security-Token query parameter in the
canonical (signed) query string. For other services, you add the X-Amz-Security-Token
parameter at the end, after you calculate the signature. For details, see the API reference
documentation for that service.
4. Add the canonical headers, followed by a newline character. The canonical headers consist of a list of
all the HTTP headers that you are including with the signed request.

For HTTP/1.1 requests, you must include the host header at a minimum. Standard headers like
content-type are optional. For HTTP/2 requests, you must include the :authority header
instead of the host header. Different services might require other headers.

Example Canonical headers

content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:iam.amazonaws.com\n
x-amz-date:20150830T123600Z\n

To create the canonical headers list, convert all header names to lowercase and remove leading
spaces and trailing spaces. Convert sequential spaces in the header value to a single space.

The following pseudocode describes how to construct the canonical list of headers:

CanonicalHeaders =
CanonicalHeadersEntry0 + CanonicalHeadersEntry1 + ... + CanonicalHeadersEntryN
CanonicalHeadersEntry =
Lowercase(HeaderName) + ':' + Trimall(HeaderValue) + '\n'

Lowercase represents a function that converts all characters to lowercase. The Trimall function
removes excess white space before and after values, and converts sequential spaces to a single
space.

Version 1.0
568
AWS General Reference Reference guide
Signature Version 4 signing process

Build the canonical headers list by sorting the (lowercase) headers by character code and then
iterating through the header names. Construct each header according to the following rules:

• Append the lowercase header name followed by a colon.


• Append a comma-separated list of values for that header. Do not sort the values in headers that
have multiple values.
• Append a new line ('\n').

The following examples compare a more complex set of headers with their canonical form:

Example Original headers

Host:iam.amazonaws.com\n
Content-Type:application/x-www-form-urlencoded; charset=utf-8\n
My-header1:    a   b   c \n
X-Amz-Date:20150830T123600Z\n
My-Header2:    "a   b   c" \n

Example Canonical form

content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:iam.amazonaws.com\n
my-header1:a b c\n
my-header2:"a b c"\n
x-amz-date:20150830T123600Z\n

Note
Each header is followed by a newline character, meaning the complete list ends with a
newline character.

In the canonical form, the following changes were made:

• The header names were converted to lowercase characters.


• The headers were sorted by character code.
• Leading and trailing spaces were removed from the my-header1 and my-header2 values.
• Sequential spaces in a b c were converted to a single space for the my-header1 and my-
header2 values.

Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you include signing information in the Authorization header you must add an
additional HTTP header for the security token. The header name is X-Amz-Security-
Token, and the header's value is the session token (the string you received from AWS STS
when you obtained temporary security credentials).
5. Add the signed headers, followed by a newline character. This value is the list of headers that you
included in the canonical headers. By adding this list of headers, you tell AWS which headers in the
request are part of the signing process and which ones AWS can ignore (for example, any additional
headers added by a proxy) for purposes of validating the request.

For HTTP/1.1 requests, the host header must be included as a signed header. For HTTP/2
requests that include the :authority header instead of the host header, you must include the

Version 1.0
569
AWS General Reference Reference guide
Signature Version 4 signing process

:authority header as a signed header. If you include a date or x-amz-date header, you must also
include that header in the list of signed headers.

To create the signed headers list, convert all header names to lowercase, sort them by character
code, and use a semicolon to separate the header names. The following pseudocode describes how
to construct a list of signed headers. Lowercase represents a function that converts all characters
to lowercase.

SignedHeaders =
Lowercase(HeaderName0) + ';' + Lowercase(HeaderName1) + ";" + ... +
Lowercase(HeaderNameN)

Build the signed headers list by iterating through the collection of header names, sorted by
lowercase character code. For each header name except the last, append a semicolon (';') to the
header name to separate it from the following header name.

Example Signed headers

content-type;host;x-amz-date\n

6. Use a hash (digest) function like SHA256 to create a hashed value from the payload in the body of
the HTTP or HTTPS request. Signature Version 4 does not require that you use a particular character
encoding to encode text in the payload. However, some AWS services might require a specific
encoding. For more information, consult the documentation for that service.

Example Structure of payload

HashedPayload = Lowercase(HexEncode(Hash(requestPayload)))

When you create the string to sign, you specify the signing algorithm that you used to hash the
payload. For example, if you used SHA256, you will specify AWS4-HMAC-SHA256 as the signing
algorithm. The hashed payload must be represented as a lowercase hexadecimal string.

If the payload is empty, use an empty string as the input to the hash function. In the IAM example,
the payload is empty.

Example Hashed payload (empty string)

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

7. To construct the finished canonical request, combine all the components from each step as a single
string. As noted, each component ends with a newline character. If you follow the canonical request
pseudocode explained earlier, the resulting canonical request is shown in the following example.

Example Canonical request

GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Version 1.0
570
AWS General Reference Reference guide
Signature Version 4 signing process

8. Create a digest (hash) of the canonical request with the same algorithm that you used to hash the
payload.
Note
Signature Version 4 does not require that you use a particular character encoding to encode
the canonical request before calculating the digest. However, some AWS services might
require a specific encoding. For more information, consult the documentation for that
service.

The hashed canonical request must be represented as a string of lowercase hexadecimal characters.
The following example shows the result of using SHA-256 to hash the example canonical request.

Example Hashed canonical request

f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

You include the hashed canonical request as part of the string to sign in Task 2: Create a string to
sign for Signature Version 4 (p. 572).

Version 1.0
571
AWS General Reference Reference guide
Signature Version 4 signing process

Task 2: Create a string to sign for Signature Version 4


The string to sign includes meta information about your request and about the canonical request that
you created in Task 1: Create a canonical request for Signature Version 4 (p. 566). You will use the string
to sign and a derived signing key that you create later as inputs to calculate the request signature in Task
3: Calculate the signature for AWS Signature Version 4 (p. 574).

To create the string to sign, concatenate the algorithm, date and time, credential scope, and digest of the
canonical request, as shown in the following pseudocode:

Structure of string to sign

StringToSign =
Algorithm + \n +
RequestDateTime + \n +
CredentialScope + \n +
HashedCanonicalRequest

The following example shows how to construct the string to sign with the same request from Task 1:
Create A Canonical Request (p. 566).

Example HTTPS request

GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1


Host: iam.amazonaws.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20150830T123600Z

To create the string to sign

1. Start with the algorithm designation, followed by a newline character. This value is the hashing
algorithm that you use to calculate the digests in the canonical request. For SHA256, AWS4-HMAC-
SHA256 is the algorithm.

AWS4-HMAC-SHA256\n

2. Append the request date value, followed by a newline character. The date is specified with ISO8601
basic format in the x-amz-date header in the format YYYYMMDD'T'HHMMSS'Z'. This value must
match the value you used in any previous steps.

20150830T123600Z\n

3. Append the credential scope value, followed by a newline character. This value is a string that
includes the date, the Region you are targeting, the service you are requesting, and a termination
string ("aws4_request") in lowercase characters. The Region and service name strings must be
UTF-8 encoded.

20150830/us-east-1/iam/aws4_request\n

• The date must be in the YYYYMMDD format. Note that the date does not include a time value.
• Verify that the Region you specify is the Region that you are sending the request to. See AWS
service endpoints (p. 536).
4. Append the hash of the canonical request that you created in Task 1: Create a canonical request for
Signature Version 4 (p. 566). This value is not followed by a newline character. The hashed canonical
request must be lowercase base-16 encoded, as defined by Section 8 of RFC 4648.

Version 1.0
572
AWS General Reference Reference guide
Signature Version 4 signing process

f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

The following string to sign is a request to IAM on August 30, 2015.

Example string to sign

AWS4-HMAC-SHA256
20150830T123600Z
20150830/us-east-1/iam/aws4_request
f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

Version 1.0
573
AWS General Reference Reference guide
Signature Version 4 signing process

Task 3: Calculate the signature for AWS Signature Version 4


Before you calculate a signature, you derive a signing key from your AWS secret access key. Because the
derived signing key is specific to the date, service, and Region, it offers a greater degree of protection.
You don't just use your secret access key to sign the request. You then use the signing key and the string
to sign that you created in Task 2: Create a string to sign for Signature Version 4 (p. 572) as the inputs to
a keyed hash function. The hex-encoded result from the keyed hash function is the signature.

Signature Version 4 does not require that you use a particular character encoding to encode the string to
sign. However, some AWS services might require a specific encoding. For more information, consult the
documentation for that service.

To calculate a signature

1. Derive your signing key. To do this, use your secret access key to create a series of hash-based
message authentication codes (HMACs). This is shown in the following pseudocode, where
HMAC(key, data) represents an HMAC-SHA256 function that returns output in binary format. The
result of each hash function becomes input for the next one.

Pseudocode for deriving a signing key

kSecret = your secret access key


kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")

Note that the date used in the hashing process is in the format YYYYMMDD (for example, 20150830),
and does not include the time.

Make sure you specify the HMAC parameters in the correct order for the programming language you
are using. This example shows the key as the first parameter and the data (message) as the second
parameter, but the function that you use might specify the key and data in a different order.

Use the digest (binary format) for the key derivation. Most languages have functions to compute
either a binary format hash, commonly called a digest, or a hex-encoded hash, called a hexdigest.
The key derivation requires that you use a binary-formatted digest.

The following example show the inputs to derive a signing key and the resulting output, where
kSecret = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY.

The example uses the same parameters from the request in Task 1 and Task 2 (a request to IAM in
the us-east-1 Region on August 30, 2015).

Example inputs

HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20150830"),"us-east-1"),"iam"),"aws4_request")

The following example shows the derived signing key that results from this sequence of HMAC hash
operations. This shows the hexadecimal representation of each byte in the binary signing key.

Example signing key

c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9

For more information about how to derive a signing key in different programming languages, see
Examples of how to derive a signing key for Signature
Version 1.0 Version 4 (p. 579).
574
AWS General Reference Reference guide
Signature Version 4 signing process

2. Calculate the signature. To do this, use the signing key that you derived and the string to sign as
inputs to the keyed hash function. After you calculate the signature, convert the binary value to a
hexadecimal representation.

The following pseudocode shows how to calculate the signature.

signature = HexEncode(HMAC(derived signing key, string to sign))

Note
Make sure you specify the HMAC parameters in the correct order for the programming
language you are using. This example shows the key as the first parameter and the data
(message) as the second parameter, but the function that you use might specify the key and
data in a different order.

The following example shows the resulting signature if you use the same signing key and the string
to sign from Task 2:

Example signature

5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7

Version 1.0
575
AWS General Reference Reference guide
Signature Version 4 signing process

Task 4: Add the signature to the HTTP request


After you calculate the signature, add it to the request. You can add the signature to a request in one of
two ways:

• An HTTP header named Authorization


• The query string

You cannot pass signing information in both the Authorization header and the query string.
Note
You can use temporary security credentials provided by the AWS Security Token Service (AWS
STS) to sign a request. The process is the same as using long-term credentials, but requires
an additional HTTP header or query string parameter for the security token. The name of
the header or query string parameter is X-Amz-Security-Token, and the value is the
session token (the string you received from AWS STS when you obtained temporary security
credentials).
When you add the X-Amz-Security-Token parameter to the query string, some services
require that you include this parameter in the canonical (signed) request. For other services,
you add this parameter at the end, after you calculate the signature. For details, see the API
reference documentation for that service.

Adding signing information to the authorization header


You can include signing information by adding it to an HTTP header named Authorization. The
contents of the header are created after you calculate the signature as described in the preceding steps,
so the Authorization header is not included in the list of signed headers. Although the header is
named Authorization, the signing information is actually used for authentication.

The following pseudocode shows the construction of the Authorization header.

Authorization: algorithm Credential=access key ID/credential scope,


SignedHeaders=SignedHeaders, Signature=signature

The following example shows a finished Authorization header.

Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.

Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7

Note the following:

• There is no comma between the algorithm and Credential. However, the SignedHeaders and
Signature are separated from the preceding values with a comma.
• The Credential value starts with the access key ID, which is followed by a forward slash (/), which
is followed by the credential scope that you calculated in Task 2: Create a string to sign for Signature
Version 4 (p. 572). The secret access key is used to derive the signing key for the signature, but is not
included in the signing information sent in the request.

Adding signing information to the Query string


You can make requests and pass all request values in the query string, including signing information. This
is sometimes referred to as a presigned URL, because it produces a single URL with everything required

Version 1.0
576
AWS General Reference Reference guide
Signature Version 4 signing process

in order to make a successful call to AWS. It's commonly used in Amazon S3. For more information, see
Authenticating Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple
Storage Service API Reference.
Important
If you make a request in which all parameters are included in the query string, the resulting URL
represents an AWS action that is already authenticated. Therefore, treat the resulting URL with
as much caution as you would treat your actual credentials. We recommend you specify a short
expiration time for the request with the X-Amz-Expires parameter.

When you use this approach, all the query string values (except the signature) are included in the
canonical query string that is part of the canonical query that you construct in the first part of the
signing process (p. 566).

The following pseudocode shows the construction of a query string that contains all request parameters.

querystring = Action=action
querystring += &X-Amz-Algorithm=algorithm
querystring += &X-Amz-Credential= urlencode(access_key_ID + '/' + credential_scope)
querystring += &X-Amz-Date=date
querystring += &X-Amz-Expires=timeout interval
querystring += &X-Amz-SignedHeaders=signed_headers

After the signature is calculated (which uses the other query string values as part of the calculation), you
add the signature to the query string as the X-Amz-Signature parameter:

querystring += &X-Amz-Signature=signature

The following example shows what a request might look like when all the request parameters and the
signing information are included in query string parameters.

Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.

https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60
&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02

Note the following:

• For the signature calculation, query string parameters must be sorted in code point order from low to
high, and their values must be URI-encoded. See the step about creating a canonical query string in
Task 1: Create a canonical request for Signature Version 4 (p. 566).
• Set the timeout interval (X-Amz-Expires) to the minimal viable time for the operation you're
requesting.

Version 1.0
577
AWS General Reference Reference guide
Signature Version 4 signing process

Handling dates in Signature Version 4


The date that you use as part of your credential scope must match the date of your request. You can
include the date as part of your request in several ways. You can use a date header, an x-amz-date
header or include x-amz-date as a query parameter. For example requests, see Examples of the
complete Signature Version 4 signing process (Python) (p. 582).

The time stamp must be in UTC and in the following ISO 8601 format: YYYYMMDD'T'HHMMSS'Z'. For
example, 20150830T123600Z is a valid time stamp. Do not include milliseconds in the time stamp.

AWS first checks the x-amz-date header or parameter for a time stamp. If AWS can't find a value for x-
amz-date, it looks for the date header. AWS then checks the credential scope for an eight-digit string
representing the year (YYYY), month (MM), and day (DD) of the request. For example, if the x-amz-date
header value is 20111015T080000Z and the date component of the credential scope is 20111015, AWS
allows the authentication process to proceed.

If the dates don't match, AWS rejects the request, even if the time stamp is only seconds away from the
date in the credential scope. For example, AWS will reject a request that has an x-amz-date header
value of 20151014T235959Z and a credential scope that has the date 20151015.

Version 1.0
578
AWS General Reference Reference guide
Signature Version 4 signing process

Examples of how to derive a signing key for Signature Version 4


This page shows examples in several programming languages for how to derive a signing key for
Signature Version 4. The examples on this page show only how to derive a signing key, which is just
one part of signing AWS requests. For examples that show the complete process, see Examples of the
complete Signature Version 4 signing process (Python) (p. 582).
Important
If you are using one of the AWS SDKs (including the SDK for Java, .NET, Python, Ruby, or
JavaScript), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.

Examples
• Deriving a signing key using Java (p. 579)
• Deriving a signing key using .NET (C#) (p. 579)
• Deriving a signing key using Python (p. 580)
• Deriving a signing key using Ruby (p. 580)
• Deriving a signing key using JavaScript (Node.js) (p. 580)
• Deriving a signing key using other languages (p. 580)
• Common coding errors (p. 581)

Deriving a signing key using Java

static byte[] HmacSHA256(String data, byte[] key) throws Exception {


String algorithm="HmacSHA256";
Mac mac = Mac.getInstance(algorithm);
mac.init(new SecretKeySpec(key, algorithm));
return mac.doFinal(data.getBytes("UTF-8"));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String


serviceName) throws Exception {
byte[] kSecret = ("AWS4" + key).getBytes("UTF-8");
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}

Deriving a signing key using .NET (C#)

static byte[] HmacSHA256(String data, byte[] key)


{
String algorithm = "HmacSHA256";
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(algorithm);
kha.Key = key;

return kha.ComputeHash(Encoding.UTF8.GetBytes(data));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String


serviceName)
{
byte[] kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte[] kDate = HmacSHA256(dateStamp, kSecret);

Version 1.0
579
AWS General Reference Reference guide
Signature Version 4 signing process

byte[] kRegion = HmacSHA256(regionName, kDate);


byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);

return kSigning;
}

Deriving a signing key using Python

def sign(key, msg):


return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):


kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, "aws4_request")
return kSigning

Deriving a signing key using Ruby

def getSignatureKey key, dateStamp, regionName, serviceName


kDate = OpenSSL::HMAC.digest('sha256', "AWS4" + key, dateStamp)
kRegion = OpenSSL::HMAC.digest('sha256', kDate, regionName)
kService = OpenSSL::HMAC.digest('sha256', kRegion, serviceName)
kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")

kSigning
end

Deriving a signing key using JavaScript (Node.js)


The following example uses the crypto-js library. For more information, see https://www.npmjs.com/
package/crypto-js and https://code.google.com/archive/p/crypto-js/.

var crypto = require("crypto-js");

function getSignatureKey(key, dateStamp, regionName, serviceName) {


var kDate = crypto.HmacSHA256(dateStamp, "AWS4" + key);
var kRegion = crypto.HmacSHA256(regionName, kDate);
var kService = crypto.HmacSHA256(serviceName, kRegion);
var kSigning = crypto.HmacSHA256("aws4_request", kService);
return kSigning;
}

Deriving a signing key using other languages


If you need to implement this logic in a different programming language, we recommend testing the
intermediary steps of the key derivation algorithm against the values in this section. The following
example in Ruby prints the results using the hexEncode function after each step in the algorithm.

def hexEncode bindata


result=""
data=bindata.unpack("C*")
data.each {|b| result+= "%02x" % b}
result
end

Given the following test input:

Version 1.0
580
AWS General Reference Reference guide
Signature Version 4 signing process

key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'

Your program should generate the following values for the values in getSignatureKey. Note that
these are hex-encoded representations of the binary data; the key itself and the intermediate values
should be in binary format.

kSecret =
'41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'

Common coding errors


To simplify your task, avoid the following common coding errors.
Tip
Examine the HTTP request that you're sending to AWS with a tool that shows you what your raw
HTTP requests look like. This can help you spot issues that aren't evident from your code.

• Don't include an extra newline character, or forget one where it's required.
• Don't format the date incorrectly in the credential scope, such as using a time stamp instead of
YYYYMMDD format.
• Make sure the headers in the canonical headers and the signed headers are the same.
• Don't inadvertently swap the key and the data (message) when calculating intermediary keys. The
result of the previous step's computation is the key, not the data. Check the documentation for your
cryptographic primitives carefully to ensure that you place the parameters in the proper order.
• Don't forget to add the string "AWS4" in front of the key for the first step. If you implement the key
derivation using a for loop or iterator, don't forget to special-case the first iteration so that it includes
the "AWS4" string.

For more information about possible errors, see Troubleshooting AWS Signature Version 4
errors (p. 590).

Version 1.0
581
AWS General Reference Reference guide
Signature Version 4 signing process

Examples of the complete Signature Version 4 signing process


(Python)
This section shows example programs written in Python that illustrate how to work with Signature
Version 4 in AWS. We deliberately wrote these example programs to be simple (to use few Python-
specific features) to make it easier to understand the overall process of signing AWS requests.
Note
If you are using one of the AWS SDKs (including the SDK for C++, SDK for Go, SDK for Java,
AWS SDK for JavaScript, AWS SDK for .NET, SDK for PHP, SDK for Python (Boto3), or SDK for
Ruby), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.

In order to work with these example programs, you need the following:

• Python 2.x installed on your computer, which you can get from the Python site. These programs were
tested using Python 2.7 and 3.6.
• The Python requests library, which is used in the example script to make web requests. A convenient
way to install Python packages is to use pip, which gets packages from the Python package index site.
You can then install requests by running pip install requests at the command line.
• An access key (access key ID and secret access key) in environment variables named
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Alternatively, you can keep these values in a
credentials file and read them from that file. As a best practice, we recommend that you do not embed
credentials in code. For more information, see Best Practices for Managing AWS Access Keys in the
Amazon Web Services General Reference.

The following examples use UTF-8 to encode the canonical request and string to sign, but Signature
Version 4 does not require that you use a particular character encoding. However, some AWS services
might require a specific encoding. For more information, consult the documentation for that service.

Examples
• Using GET with an authorization header (Python) (p. 582)
• Using POST (Python) (p. 585)
• Using GET with authentication information in the Query string (Python) (p. 587)

Using GET with an authorization header (Python)


The following example shows how to make a request using the Amazon EC2 query API without SDK for
Python (Boto3). The request makes a GET request and passes authentication information to AWS using
the Authorization header.

# Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.


#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# http://aws.amazon.com/apache2.0/
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
#
# ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference
# Signing AWS API Requests top available at
# https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

Version 1.0
582
AWS General Reference Reference guide
Signature Version 4 signing process

# AWS Version 4 signing example

# EC2 API (DescribeRegions)

# See: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
# This version makes a GET request and passes the signature
# in the Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests

# ************* REQUEST VALUES *************


method = 'GET'
service = 'ec2'
host = 'ec2.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://ec2.amazonaws.com'
request_parameters = 'Action=DescribeRegions&Version=2013-10-15'

# Key derivation functions. See:


# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-
examples-python
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):


kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = os.environ.get('AWS_ACCESS_KEY_ID')
secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
sys.exit()

# Create a date for headers and the credential string


t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************


# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

# Step 1 is to define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

# Step 3: Create the canonical query string. In this example (a GET request),
# request parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
# For this example, the query string is pre-formatted in the request_parameters variable.
canonical_querystring = request_parameters

# Step 4: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note that there is a trailing \n.
canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'

Version 1.0
583
AWS General Reference Reference guide
Signature Version 4 signing process

# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers lists those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
signed_headers = 'host;x-amz-date'

# Step 6: Create payload hash (hash of the request body content). For GET
# requests, the payload is an empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

# Step 7: Combine elements to create canonical request


canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************


# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************


# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, datestamp, region, service)

# Sign the string_to_sign using the signing_key


signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************


# The signing information can be either in a query string value or in
# a header named Authorization. This code shows how to use a header.
# Create authorization header and add to request headers
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature

# The request can include any headers, but MUST include "host", "x-amz-date",
# and (for this scenario) "Authorization". "host" and "x-amz-date" must
# be included in the canonical_headers and signed_headers, as noted
# earlier. Order here is not significant.
# Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'x-amz-date':amzdate, 'Authorization':authorization_header}

# ************* SEND THE REQUEST *************


request_url = endpoint + '?' + canonical_querystring

print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = requests.get(request_url, headers=headers)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print(r.text)

Version 1.0
584
AWS General Reference Reference guide
Signature Version 4 signing process

Using POST (Python)


The following example shows how to make a request using the Amazon DynamoDB query API without
SDK for Python (Boto3). The request makes a POST request and passes values to AWS in the body of the
request. Authentication information is passed using the Authorization request header.

# Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.


#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# http://aws.amazon.com/apache2.0/
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.

# AWS Version 4 signing example

# DynamoDB API (CreateTable)

# See: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
# This version makes a POST request and passes request parameters
# in the body (payload) of the request. Auth information is passed in
# an Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests

# ************* REQUEST VALUES *************


method = 'POST'
service = 'dynamodb'
host = 'dynamodb.us-west-2.amazonaws.com'
region = 'us-west-2'
endpoint = 'https://dynamodb.us-west-2.amazonaws.com/'
# POST requests use a content type header. For DynamoDB,
# the content is JSON.
content_type = 'application/x-amz-json-1.0'
# DynamoDB requires an x-amz-target header that has this format:
# DynamoDB_<API version>.<operationName>
amz_target = 'DynamoDB_20120810.CreateTable'

# Request parameters for CreateTable--passed in a JSON block.


request_parameters = '{'
request_parameters += '"KeySchema": [{"KeyType": "HASH","AttributeName": "Id"}],'
request_parameters += '"TableName": "TestTable","AttributeDefinitions": [{"AttributeName":
"Id","AttributeType": "S"}],'
request_parameters += '"ProvisionedThroughput": {"WriteCapacityUnits":
5,"ReadCapacityUnits": 5}'
request_parameters += '}'

# Key derivation functions. See:


# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-
examples-python
def sign(key, msg):
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, date_stamp, regionName, serviceName):


kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning

Version 1.0
585
AWS General Reference Reference guide
Signature Version 4 signing process

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = os.environ.get('AWS_ACCESS_KEY_ID')
secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
sys.exit()

# Create a date for headers and the credential string


t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************


# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

# Step 1 is to define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

## Step 3: Create the canonical query string. In this example, request


# parameters are passed in the body of the request and the query string
# is blank.
canonical_querystring = ''

# Step 4: Create the canonical headers. Header names must be trimmed


# and lowercase, and sorted in code point order from low to high.
# Note that there is a trailing \n.
canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-
date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers include those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
# For DynamoDB, content-type and x-amz-target are also required.
signed_headers = 'content-type;host;x-amz-date;x-amz-target'

# Step 6: Create payload hash. In this example, the payload (body of


# the request) contains the request parameters.
payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()

# Step 7: Combine elements to create canonical request


canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************


# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************


# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, date_stamp, region, service)

# Sign the string_to_sign using the signing_key


signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()

Version 1.0
586
AWS General Reference Reference guide
Signature Version 4 signing process

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************


# Put the signature information in a header named Authorization.
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature

# For DynamoDB, the request can include any headers, but MUST include "host", "x-amz-date",
# "x-amz-target", "content-type", and "Authorization". Except for the authorization
# header, the headers must be included in the canonical_headers and signed_headers values,
as
# noted earlier. Order here is not significant.
# # Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'Content-Type':content_type,
'X-Amz-Date':amz_date,
'X-Amz-Target':amz_target,
'Authorization':authorization_header}

# ************* SEND THE REQUEST *************


print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + endpoint)

r = requests.post(endpoint, data=request_parameters, headers=headers)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print(r.text)

Using GET with authentication information in the Query string (Python)


The following example shows how to make a request using the IAM query API without SDK for Python
(Boto3). The request makes a GET request and passes parameters and signing information using the
query string.

# Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.


#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# http://aws.amazon.com/apache2.0/
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
#
# ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference
# Signing AWS API Requests top available at
# https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html
#

# AWS Version 4 signing example

# IAM API (CreateUser)

# See: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
# This version makes a GET request and passes request parameters
# and authorization information in the query string
import sys, os, base64, datetime, hashlib, hmac, urllib

Version 1.0
587
AWS General Reference Reference guide
Signature Version 4 signing process

import requests # pip install requests

# ************* REQUEST VALUES *************


method = 'GET'
service = 'iam'
host = 'iam.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://iam.amazonaws.com'

# Key derivation functions. See:


# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-
examples-python
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):


kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = os.environ.get('AWS_ACCESS_KEY_ID')
secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
sys.exit()

# Create a date for headers and the credential string


t = datetime.datetime.utcnow()
amz_date = t.strftime('%Y%m%dT%H%M%SZ') # Format date as YYYYMMDD'T'HHMMSS'Z'
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************


# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html

# Because almost all information is being passed in the query string,


# the order of these steps is slightly different than examples that
# use an authorization header.

# Step 1: Define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

# Step 3: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note trailing \n in canonical_headers.
# signed_headers is the list of headers that are being included
# as part of the signing process. For requests that use query strings,
# only "host" is included in the signed headers.
canonical_headers = 'host:' + host + '\n'
signed_headers = 'host'

# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'

# Step 4: Create the canonical query string. In this example, request


# parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.

Version 1.0
588
AWS General Reference Reference guide
Signature Version 4 signing process

# use urllib.parse.quote_plus() if using Python 3


canonical_querystring = 'Action=CreateUser&UserName=NewUser&Version=2010-05-08'
canonical_querystring += '&X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring += '&X-Amz-Credential=' + urllib.quote_plus(access_key + '/' +
credential_scope)
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-Expires=30'
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers

# Step 5: Create payload hash. For GET requests, the payload is an


# empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

# Step 6: Combine elements to create canonical request


canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************


string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************


# Create the signing key
signing_key = getSignatureKey(secret_key, datestamp, region, service)

# Sign the string_to_sign using the signing_key


signature = hmac.new(signing_key, (string_to_sign).encode("utf-8"),
hashlib.sha256).hexdigest()

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************


# The auth information can be either in a query string
# value or in a header named Authorization. This code shows how to put
# everything into a query string.
canonical_querystring += '&X-Amz-Signature=' + signature

# ************* SEND THE REQUEST *************


# The 'host' header is added automatically by the Python 'request' lib. But it
# must exist as a header in the request.
request_url = endpoint + "?" + canonical_querystring

print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = requests.get(request_url)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print(r.text)

Version 1.0
589
AWS General Reference Reference guide
Signature Version 4 signing process

Troubleshooting AWS Signature Version 4 errors


When you develop code that implements Signature Version 4, you might receive errors from AWS
products that you test against. The errors typically come from an error in the canonicalization of the
request, the incorrect derivation or use of the signing key, or a validation failure of signature-specific
parameters sent along with the request.

Errors
• Troubleshooting canonicalization errors (p. 590)
• Troubleshooting credential scope errors (p. 591)
• Troubleshooting key signing errors (p. 592)

Troubleshooting canonicalization errors


Consider the following request:

https://iam.amazonaws.com/?MaxItems=100
&Action=ListGroupsForUser
&UserName=Test
&Version=2010-05-08
&X-Amz-Date=20120223T063000Z
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20120223/us-east-1/iam/aws4_request
&X-Amz-SignedHeaders=host
&X-Amz-Signature=<calculated value>

If you incorrectly calculate the canonical request or the string to sign, the signature verification step
performed by the service fails. The following example is a typical error response, which includes the
canonical string and the string to sign as computed by the service. You can troubleshoot your calculation
error by comparing the returned strings with the canonical string and your calculated string to sign.

<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service documentation for
details.

The canonical string for this request should have been 'GET /
Action=ListGroupsForUser&MaxItems=100&UserName=Test&Version=2010-05-08&X-Amz-
Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential
=AKIAIOSFODNN7EXAMPLE%2F20120223%2Fus-east-1%2Fiam%2Faws4_request&X-Amz-
Date=20120223T063000Z&X-Amz-SignedHeaders=host
host:iam.amazonaws.com

host
<hashed-value>'

The String-to-Sign should have been


'AWS4-HMAC-SHA256
20120223T063000Z
20120223/us-east-1/iam/aws4_request
<hashed-value>'
</Message>
</Error>
<RequestId>4ced6e96-5de8-11e1-aa78-a56908bdf8eb</RequestId>
</ErrorResponse>

Version 1.0
590
AWS General Reference Reference guide
Signature Version 4 signing process

Troubleshooting credential scope errors


AWS products validate credentials for proper scope; the credential parameter must specify the correct
service, Region, and date. For example, the following credential references the Amazon RDS service:

Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-east-1/rds/aws4_request

If you use the same credentials to submit a request to IAM, you'll receive the following error response:

<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to correct service: 'iam'. </Message>
</Error>
<RequestId>aa0da9de-5f2b-11e1-a2c0-c1dc98b6c575</RequestId>

The credential must also specify the correct Region. For example, the following credential for an IAM
request incorrectly specifies the US West (N. California) Region.

Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-west-1/iam/aws4_request

If you use the credential to submit a request to IAM, which accepts only the us-east-1 Region
specification, you'll receive the following response:

comma-separated<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid Region, not 'us-west-1'. </Message>
</Error>
<RequestId>8e229682-5f27-11e1-88f2-4b1b00f424ae</RequestId>
</ErrorResponse>

You'll receive the same type of invalid Region response from AWS products that are available in multiple
Regions if you submit requests to a Region that differs from the Region specified in your credential
scope.

The credential must also specify the correct Region for the service and action in your request.

The date that you use as part of the credential must match the date value in the x-amz-date header.
For example, the following x-amz-date header value does not match the date value used in the
Credential parameter that follows it.

x-amz-date:"20120224T213559Z"
Credential=AKIAIOSFODNN7EXAMPLE/20120225/us-east-1/iam/aws4_request

If you use this pairing of x-amz-date header and credential, you'll receive the following error response:

<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Date in Credential scope does not match YYYYMMDD from ISO-8601 version of date
from HTTP: '20120225' != '20120224', from '20120 224T213559Z'.</Message>
</Error>
<RequestId>9d6ddd2b-5f2f-11e1-b901-a702cd369eb8</RequestId>

Version 1.0
591
AWS General Reference Reference guide
Signature Version 4 signing process

</ErrorResponse>

An expired signature can also generate an error response. For example, the following error response was
generated due to an expired signature.

<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Signature expired: 20120306T074514Z is now earlier than 20120306T074556Z
(20120306T080056Z - 15 min.)</Message>
</Error>
<RequestId>fcc88440-5dec-11e1-b901-a702cd369eb8</RequestId>
</ErrorResponse>

Troubleshooting key signing errors


Errors that are caused by an incorrect derivation of the signing key or improper use of cryptography are
more difficult to troubleshoot. The error response will tell you that the signature does not match. If you
verified that the canonical string and the string to sign are correct, the cause of the signature mismatch
is most likely one of the two following issues:

• The secret access key does not match the access key ID that you specified in the Credential
parameter.
• There is a problem with your key derivation code.

To check whether the secret key matches the access key ID, you can use your secret key and access key ID
with a known working implementation. One way is to use one of the AWS SDKs to write a program that
makes a simple request to AWS using the access key ID and secret access key that you want to use.

To check whether your key derivation code is correct, you can compare it to our example derivation code.
For more information, see Examples of how to derive a signing key for Signature Version 4 (p. 579).

Service-specific reference for Signature Version 4


To learn more about making and signing HTTP requests in the context of specific AWS services, see the
documentation for the following services:

• Amazon API Gateway


• Amazon CloudSearch
• Amazon CloudWatch
• AWS Data Pipeline
• Amazon Elastic Compute Cloud (Amazon EC2)
• Amazon Elastic Transcoder
• Amazon S3 Glacier
• Amazon Mobile Analytics
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Email Service (Amazon SES)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Simple Storage Service (Amazon S3)
• Amazon Simple Workflow Service (Amazon SWF)
• AWS WAF

Version 1.0
592
AWS General Reference Reference guide
Signature Version 2 signing process

Signature Version 2 signing process


You can use Signature Version 2 to sign API requests. However, we recommend that you sign your
request with Signature Version 4. For more information, see Signature Version 4 signing process (p. 560).

Supported Regions and services


You can use Signature Version 2 to sign API requests for some AWS services in some AWS Regions.
Otherwise, you must use Signature Version 4 to sign API requests.

Regions that support Signature Version 2

• US East (N. Virginia) Region


• US West (N. California) Region
• US West (Oregon) Region
• Europe (Ireland) Region
• Asia Pacific (Tokyo) Region
• Asia Pacific (Singapore) Region
• Asia Pacific (Sydney) Region
• South America (São Paulo) Region

Services that support Signature Version 2

• Amazon EC2 Auto Scaling


• AWS CloudFormation
• Amazon CloudWatch
• AWS Elastic Beanstalk
• Amazon Elastic Compute Cloud (Amazon EC2)
• Elastic Load Balancing
• Amazon EMR
• Amazon ElastiCache
• AWS Identity and Access Management (IAM)
• AWS Import/Export
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon SimpleDB

Services deprecating Signature Version 2

• Amazon Simple Storage Service (Amazon S3) - Amazon S3 Update - SigV2 Deprecation
• Amazon Simple Email Service (Amazon SES)

Components of a query request for Signature Version 2


AWS requires that each HTTP or HTTPS Query request formatted for Signature Version 2 contains the
following:

Version 1.0
593
AWS General Reference Reference guide
Signature Version 2 signing process

Endpoint

Also known as the host part of an HTTP request. This is the DNS name of the computer where you
send the Query request. This is different for each AWS Region. For the list of endpoints for each
service, see AWS service endpoints (p. 536).
Action

The action you want a web service to perform. This value determines the parameters used in the
request.
AWSAccessKeyId

A value distributed by AWS when you sign up for an AWS account.


SignatureMethod

The hash-based protocol used to calculate the signature. This can be either HMAC-SHA1 or HMAC-
SHA256 for Signature Version 2.
SignatureVersion

The version of the AWS signature protocol.


Timestamp

The time at which you make the request. Include this in the Query request to help prevent third
parties from intercepting your request.
Required and optional parameters

Each action has a set of required and optional parameters that define the API call.
Signature

The calculated value that ensures the signature is valid and has not been tampered.

The following is an example Amazon EMR Query request formatted as an HTTPS GET request.

• The endpoint, elasticmapreduce.amazonaws.com, is the default endpoint and maps to the Region
us-east-1.
• The action is DescribeJobFlows, which requests information about one or more job flows.

Note
In the actual Query request, there are no spaces or newline characters. The request is a
continuous line of text. The version below is formatted for human readability.

https://elasticmapreduce.amazonaws.com?
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&Action=DescribeJobFlows
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2011-10-03T15%3A19%3A30
&Version=2009-03-31
&Signature=calculated value

How to generate a signature for a Query request


Web service requests are sent across the Internet and are vulnerable to tampering. To check that the
request has not been altered, AWS calculates the signature to determine if any of the parameters or
parameter values were changed en route. AWS requires a signature as part of every request.

Version 1.0
594
AWS General Reference Reference guide
Signature Version 2 signing process

Be sure to URI encode the request. For example, blank spaces in your request should be encoded as
%20. Although an unencoded space is normally allowed by the HTTP protocol specification, unencoded
characters create an invalid signature in your Query request. Do not encode spaces as a plus sign (+) as
this will cause errors.

The following topics describe the steps needed to calculate a signature using AWS Signature Version 2.

Task 1: Format the Query request


Before you can sign the Query request, format the request in a standardized (canonical) format. This is
needed because the different ways to format a Query request will result in different HMAC signatures.
Format the request in a canonical format before signing. This ensures your application and AWS will
calculate the same signature for a request.

To create the string to sign, you concatenate the Query request components. The following example
generates the string to sign for the following call to the Amazon EMR API.

https://elasticmapreduce.amazonaws.com?
Action=DescribeJobFlows
&Version=2009-03-31
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2011-10-03T15:19:30

Note
In the preceding request, the last four parameters (AWSAccessKeyID through Timestamp) are
called authentication parameters. They're required in every Signature Version 2 request. AWS
uses them to identify who is sending the request and whether to grant the requested access.

To create the string to sign

1. Start with the request method (either GET or POST), followed by a newline character. For human
readability, the newline character is represented as \n.

GET\n

2. Add the HTTP host header (endpoint) in lowercase, followed by a newline character. The port
information is omitted if it is the standard port for the protocol (port 80 for HTTP and port 443 for
HTTPS), but included if it is a nonstandard port.

elasticmapreduce.amazonaws.com\n

3. Add the URL-encoded version of each path segment of the URI, which is everything between the
HTTP host header to the question mark character (?) that begins the query string parameters,
followed by a newline character. Don't encode the forward slash (/) that delimits each path
segment.

In this example, if the absolute path is empty, use a forward slash (/).

/\n

4. a. Add the query string components, as UTF-8 characters which are URL encoded (hexadecimal
characters must be uppercase). You do not encode the initial question mark character (?) in the
request. For more information, see RFC 3986.
b. Sort the query string components by byte order. Byte ordering is case sensitive. AWS sorts these
components based on the raw bytes.

Version 1.0
595
AWS General Reference Reference guide
Signature Version 2 signing process

For example, this is the original order for the query string components.

Action=DescribeJobFlows
Version=2009-03-31
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
SignatureVersion=2
SignatureMethod=HmacSHA256
Timestamp=2011-10-03T15%3A19%3A30

The query string components would be reorganized as the following:

AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
Action=DescribeJobFlows
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2011-10-03T15%3A19%3A30
Version=2009-03-31

c. Separate parameter names from their values with the equal sign character (=), even if the value
is empty. Separate parameter and value pairs with the ampersand character (&). Concatenate
the parameters and their values to make one long string with no spaces. Spaces within a
parameter value are allowed, but must be URL encoded as %20. In the concatenated string,
period characters (.) are not escaped. RFC 3986 considers the period character an unreserved
character, so it is not URL encoded.
Note
RFC 3986 does not specify what happens with ASCII control characters, extended
UTF-8 characters, and other characters reserved by RFC 1738. Since any values may be
passed into a string value, these other characters should be percent encoded as %XY
where X and Y are uppercase hex characters. Extended UTF-8 characters take the form
%XY%ZA... (this handles multibytes).

The following example shows the query string components, with the parameters concatenated with
the ampersand character (&), and sorted by byte order.

AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer

5. To construct the finished canonical request, combine all the components from each step. As shown,
each component ends with a newline character.

GET\n
elasticmapreduce.amazonaws.com\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer

Task 2: Calculate the signature


After you've created the canonical string as described in Task 1: Format the Query request (p. 595),
calculate the signature by creating a hash-based message authentication code (HMAC) that uses either
the HMAC-SHA1 or HMAC-SHA256 protocols. The HMAC-SHA256 is preferred.

In this example, the signature is calculated with the following canonical string and secret key as inputs to
a keyed hash function:

• Canonical query string:

Version 1.0
596
AWS General Reference Reference guide
Signature Version 2 signing process

GET\n
elasticmapreduce.amazonaws.com\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersi

• Sample secret key:

wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

The resulting signature must be base-64 encoded.

i91nKc4PWAt0JJIdXwz9HxZCJDdiy6cf%2FMj6vPxyYIs%3D

Add the resulting value to the query request as a Signature parameter. When you add this parameter
to the request, you must URI encode it just like any other parameter. You can use the signed request in
an HTTP or HTTPS call.

https://elasticmapreduce.amazonaws.com?
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersion
%2FMj6vPxyYIs%3D

Note
You can use temporary security credentials provided by AWS Security Token Service (AWS STS)
to sign a request. The process is the same as using long-term credentials, but requests require
an additional parameter for the security token.

The following request uses a temporary access key ID and the SecurityToken parameter.

Example Example request with temporary security credentials

https://sdb.amazonaws.com/
?Action=GetAttributes
&AWSAccessKeyId=access-key-from-AWS Security Token Service
&DomainName=MyDomain
&ItemName=MyItem
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2010-01-25T15%3A03%3A07-07%3A00
&Version=2009-04-15
&Signature=signature-calculated-using-the-temporary-access-key
&SecurityToken=session-token

For more information, see the following resources:

• The Amazon EMR Developer Guide has information about Amazon EMR API calls.
• The API documentation for each service has information about requirements and specific parameters
for an action.
• The AWS SDKs offer functions to generate Query request signatures. To see an example using the AWS
SDK for Java, see Using the Java SDK to sign a Query request (p. 598).

Version 1.0
597
AWS General Reference Reference guide
Signature Version 2 signing process

Troubleshooting request signatures


This section describes some error codes you might see when you are initially developing code to generate
the signature to sign Query requests.

SignatureDoesNotMatch signing error in a web service

The following error response is returned when a web service attempts to validate the request signature
by recalculating the signature value and generates a value that does not match the signature you
appended to the request. This can occur because the request was altered between the time you sent it
and the time it reached a web service endpoint (which is what the signature is designed to detect) or
because the signature was calculated improperly. A common cause of the following error message is not
properly creating the string to sign, such as forgetting to URL-encode characters such as the colon (:) and
the forward slash (/) in Amazon S3 bucket names.

<ErrorResponse xmlns="http://elasticmapreduce.amazonaws.com/doc/2009-03-31">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you
provided.
Check your AWS Secret Access Key and signing method.
Consult the service documentation for details.</Message>
</Error>
<RequestId>7589637b-e4b0-11e0-95d9-639f87241c66</RequestId>
</ErrorResponse>

IncompleteSignature signing error in a web service

The following error indicates that signature is missing information or has been improperly formed.

<ErrorResponse xmlns="http://elasticmapreduce.amazonaws.com/doc/2009-03-31">
<Error>
<Type>Sender</Type>
<Code>IncompleteSignature</Code>
<Message>Request must contain a signature that conforms to AWS standards</Message>
</Error>
<RequestId>7146d0dd-e48e-11e0-a276-bd10ea0cbb74</RequestId>
</ErrorResponse>

Using the Java SDK to sign a Query request


The following example uses the amazon.webservices.common package of the AWS SDK for Java to
generate an AWS Signature Version 2 Query request signature. To do so, it creates an RFC 2104-
compliant HMAC signature. For more information about HMAC, see HMAC: Keyed-Hashing for Message
Authentication.
Note
Java is used as an example implementation. You can use the programming language of your
choice to implement the HMAC algorithm to sign Query requests.

import java.security.SignatureException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.amazonaws.util.*;

Version 1.0
598
AWS General Reference Reference guide
AWS SDK support for Amazon S3 client-side encryption

/**
* This class defines common routines for generating
* authentication signatures for AWS Platform requests.
*/
public class Signature {
private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The signed data.
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws
* java.security.SignatureException when signature generation fails
*/
public static String calculateRFC2104HMAC(String data, String key)
throws java.security.SignatureException
{
String result;
try {

// Get an hmac_sha256 key from the raw key bytes.


SecretKeySpec signingKey = new SecretKeySpec(key.getBytes("UTF-8"),
HMAC_SHA256_ALGORITHM);

// Get an hmac_sha256 Mac instance and initialize with the signing key.
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);

// Compute the hmac on input data bytes.


byte[] rawHmac = mac.doFinal(data.getBytes("UTF-8"));

// Base64-encode the hmac by using the utility in the SDK


result = BinaryUtils.toBase64(rawHmac);

} catch (Exception e) {
throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
}
return result;
}
}

AWS SDK support for Amazon S3 client-side


encryption
The following tables list the cryptographic algorithms and features that are supported by the language–
specific AWS SDKs. For information about how to use the features for a particular SDK, see the developer
guide for that SDK.

If you are new to cryptography, see Cryptography Basics in the AWS Key Management Service Developer
Guide to get familiar with terms and concepts.
Note
The AWS Encryption SDK is an encryption library that is separate from the language–specific
SDKs. You can use this encryption library to more easily implement encryption best practices in
Amazon S3. Unlike the Amazon S3 encryption clients in the language–specific AWS SDKs, the

Version 1.0
599
AWS General Reference Reference guide
AWS SDK features for Amazon S3 client-side encryption

AWS Encryption SDK is not tied to Amazon S3 and can be used to encrypt or decrypt data to be
stored anywhere.
The AWS Encryption SDK and the Amazon S3 encryption clients are not compatible because
they produce ciphertexts with different data formats. For more information about the AWS
Encryption SDK, see the AWS Encryption SDK Developer Guide.

AWS SDK features for Amazon S3 client-side


encryption
To use the Amazon S3 client-side encryption feature to encrypt data before uploading to Amazon S3,
you must provide a master key to the Amazon S3 encryption client. You can provide a client-side master
key or use the AWS Key Management Service (AWS KMS)–managed master keys feature. The AWS KMS–
managed master keys feature provides an easy way to create and manage keys that are used to encrypt
data. For more information about these features, choose the links provided in the Feature column.

For details about how to use the features for a particular SDK, see the SDK's developer guide.

In the following table, each column indicates whether the AWS Command Line Interface or SDK for a
specific language supports the features used in client-side encryption.

Feature Java .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++


CLI

Amazon Yes Yes Yes No No Yes No Yes Yes


S3
client-
side
encryption

AWS Yes Yes Yes No No Yes No Yes Yes


KMS–
managed
master
keys

For information about the v2 Amazon S3 encryption clients that support client-side encryption, see our
blog post about Updates to the Amazon S3 Encryption Client.

For more details about the legacy v1 Amazon S3 encryption client, see the following blog posts.

• Client-Side Data Encryption for Amazon S3 Using the AWS SDK for Java
• Client Side Data Encryption with AWS SDK for .NET and Amazon S3
• Using Client-Side Encryption for Amazon S3 in the AWS SDK for Ruby
• Using the AWS SDK for Go Encryption Client
• Amazon S3 Encryption Client Now Available for C++ Developers

Amazon S3 encryption client cryptographic


algorithms
The following table lists the algorithms that each language–specific AWS SDK supports for encrypting
keys and data when using the Amazon S3 encryption client.

Version 1.0
600
AWS General Reference Reference guide
Amazon S3 encryption client cryptographic algorithms

AlgorithmJava .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++


CLI

Key Yes Yes Yes No No No No No No


Wrap:
RSA-
OAEP-
SHA1

Key Yes Yes Yes No No No No No Yes


Wrap:
AES/
GCM

Key Yes Yes Yes No No Yes No Yes Yes


Wrap:
KMS
+context

Key DeprecatedDeprecatedDeprecatedNo No No No No No
Wrap:
AES/
ECB

Key DeprecatedDeprecatedDeprecatedNo No No No No Deprecated


Wrap:
AESWrap

Key DeprecatedNo DeprecatedNo No No No No No


Wrap:
RSA

Key DeprecatedDeprecatedDeprecatedNo No DeprecatedNo DeprecatedDeprecated


Wrap:
KMS

Content Yes Yes Yes No No Yes No Yes Yes


Encryption:
AES/
GCM

Content DeprecatedNo DeprecatedNo No No No DeprecatedDeprecated


Encryption:
AES/
CBC

For more information about authenticated and encryption-only modes, see the Amazon S3 Client-Side
Authenticated Encryption blog post.

Version 1.0
601
AWS General Reference Reference guide

Document conventions
The following are the common typographical conventions for AWS technical publications.

Inline code (for example, commands, operations, parameters, constants, XML elements, and regular
expressions)

Formatting: Text in a monospace font

Example: java -version


Example blocks (for example, sample code and scripts)

Formatting: Text in a monospace font inside a shaded block

Example:

# ls -l /var/www/html/index.html
-rw-rw-r-- 1 root root 1872 Jun 21 09:33 /var/www/html/index.html
# date
Wed Jun 21 09:33:42 EDT 2006

Mutually exclusive options

Formatting: Text separated by vertical bars

Example: (start | stride | edge)


Optional parameters

Formatting: Text enclosed in square brackets

Example: [-n, -quiet]


Definitions

Formatting: Text in italics

Example: Amazon Machine Image (AMI)


Technical publications

Formatting: Text in italics

Example: Amazon Simple Storage Service Developer Guide


Elements in the user interface

Formatting: Text in bold

Example: Choose File, Properties.


User input (text that a user types)

Formatting: Text in a monospace font

Example: For the name, type my-new-resource.


Placeholder text for a required value

Formatting: Text in italics

Version 1.0
602
AWS General Reference Reference guide

Example:

aws ec2 register-image --image-location my-s3-bucket/image.manifest.xml

Version 1.0
603
AWS General Reference Reference guide

AWS glossary

Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

Numbers and symbols


100-continue A method that enables a client to see if a server can accept a request before
actually sending it. For large PUT requests, this method can save both time and
bandwidth charges.

A
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

AAD See additional authenticated data.

Access Analyzer A feature of AWS Identity and Access Management (IAM) (p. 616) that helps
you identify the resources in your organization and accounts, such as Amazon S3
buckets or IAM roles, that are shared with an external entity.
See Also https://aws.amazon.com/about-aws/whats-new/2019/12/introducing-
aws-identity-and-access-management-access-analyzer/.

access control list (ACL) A document that defines who can access a particular bucket (p. 621) or
object. Each bucket (p. 621) and object in Amazon S3 (p. 611) has an ACL.
The document defines what each type of user can do, such as write and read
permissions.

access identifiers See credentials.

access key The combination of an access key ID (p. 604) (like AKIAIOSFODNN7EXAMPLE)
and a secret access key (p. 652) (like wJalrXUtnFEMI/K7MDENG/
bPxRfiCYEXAMPLEKEY). You use access keys to sign API requests that you make
to AWS.

access key ID A unique identifier that's associated with a secret access key (p. 652); the
access key ID and secret access key are used together to sign programmatic AWS
requests cryptographically.

Version 1.0
604
AWS General Reference Reference guide

access key rotation A method to increase security by changing the AWS access key ID. This method
enables you to retire an old key at your discretion.

access policy language A language for writing documents (that is, policies (p. 645)) that specify who can
access a particular AWS resource (p. 650) and under what conditions.

account A formal relationship with AWS that is associated with all of the following:

• The owner email address and password


• The control of resource (p. 650)s created under its umbrella
• Payment for the AWS activity related to those resources

The AWS account has permission to do anything and everything with all the
AWS account resources. This is in contrast to a user (p. 659), which is an entity
contained within the account.

account activity A webpage showing your month-to-date AWS usage and costs. The account
activity page is located at https://aws.amazon.com/account-activity/.

ACL See access control list (ACL).

ACM See the section called “AWS Certificate Manager”.

ACM PCA See the section called “AWS Certificate Manager Private Certificate Authority”.

ACM Private CA See the section called “AWS Certificate Manager Private Certificate Authority”.

action An API function. Also called operation or call. The activity the principal (p. 646)
has permission to perform. The action is B in the statement "A has permission
to do B to C where D applies." For example, Jane sends a request to Amazon
SQS (p. 611) with Action=ReceiveMessage.

Amazon CloudWatch (p. 606): The response initiated by the change in an alarm's
state: for example, from OK to ALARM. The state change may be triggered by a
metric reaching the alarm threshold, or by a SetAlarmState request. Each alarm
can have one or more actions assigned to each state. Actions are performed
once each time the alarm changes to a state that has an action assigned, such as
an Amazon Simple Notification Service (p. 611) notification, an Amazon EC2
Auto Scaling (p. 607) policy (p. 645) execution or an Amazon EC2 (p. 607)
instance (p. 636) stop/terminate action.

active trusted key groups A list showing each of the trusted key groups (p. 659), and the IDs of the public
keys in each key group, that are active for a distribution in Amazon CloudFront.
CloudFront can use the public keys in these key groups to verify the signatures of
CloudFront signed URLs and signed cookies.

active trusted signers See active trusted key groups (p. 605).

additional authenticated data Information that is checked for integrity but not encrypted, such as headers or
other contextual metadata.

administrative suspension Amazon EC2 Auto Scaling (p. 607) might suspend processes for Auto Scaling
group (p. 613) that repeatedly fail to launch instances. Auto Scaling groups
that most commonly experience administrative suspension have zero running
instances, have been trying to launch instances for more than 24 hours, and have
not succeeded in that time.

alarm An item that watches a single metric over a specified time period and triggers an
Amazon SNS (p. 611) topic (p. 658) or an Amazon EC2 Auto Scaling (p. 607)

Version 1.0
605
AWS General Reference Reference guide

policy (p. 645) if the value of the metric crosses a threshold value over a
predetermined number of time periods.

allow One of two possible outcomes (the other is deny (p. 628)) when an
IAM (p. 616) access policy (p. 645) is evaluated. When a user makes a request
to AWS, AWS evaluates the request based on all permissions that apply to the
user and then returns either allow or deny.

Amazon API Gateway A fully managed service that makes it easy for developers to create, publish,
maintain, monitor, and secure APIs at any scale.
See Also https://aws.amazon.com/api-gateway.

Amazon AppStream 2.0 A fully managed, secure service for streaming desktop applications to users
without rewriting those applications.
See Also https://aws.amazon.com/appstream/.

Amazon Athena An interactive query service that makes it easy to analyze data in Amazon S3
using ANSI SQL. Athena is serverless, so there is no infrastructure to manage.
Athena scales automatically and is simple to use, so you can start analyzing your
datasets within seconds.
See Also https://aws.amazon.com/athena/.

Amazon Aurora A fully managed MySQL-compatible relational database engine that combines
the speed and availability of commercial databases with the simplicity and cost-
effectiveness of open-source databases.
See Also https://aws.amazon.com/rds/aurora/.

Amazon Chime A secure, real-time, unified communications service that transforms meetings by
making them more efficient and easier to conduct.
See Also https://aws.amazon.com/chime/.

Amazon Cloud Directory A service that provides a highly scalable directory store for your application’s
(Cloud Directory) multihierarchical data.
See Also https://aws.amazon.com/cloud-directory/.

Amazon CloudFront An AWS content delivery service that helps you improve the performance,
reliability, and availability of your websites and applications.
See Also https://aws.amazon.com/cloudfront.

Amazon CloudSearch A fully managed service in the AWS Cloud that makes it easy to set up, manage,
and scale a search solution for your website or application.

Amazon CloudWatch A web service that enables you to monitor and manage various metrics, and
configure alarm actions based on data from those metrics.
See Also https://aws.amazon.com/cloudwatch.

Amazon CloudWatch Events A web service that enables you to deliver a timely stream of system events that
describe changes in AWS resource (p. 650)s to AWS Lambda (p. 617) functions,
streams in Amazon Kinesis Data Streams (p. 609), Amazon Simple Notification
Service (p. 611) topics, or built-in targets.
See Also https://aws.amazon.com/cloudwatch.

Amazon CloudWatch Logs A web service for monitoring and troubleshooting your systems and applications
from your existing system, application, and custom log files. You can send your
existing log files to CloudWatch Logs and monitor these logs in near-real time.
See Also https://aws.amazon.com/cloudwatch.

Amazon Cognito A web service that makes it easy to save mobile user data, such as app
preferences or game state, in the AWS Cloud without writing any backend

Version 1.0
606
AWS General Reference Reference guide

code or managing any infrastructure. Amazon Cognito offers mobile identity


management and data synchronization across devices.
See Also https://aws.amazon.com/cognito/.

Amazon Connect A service solution that offers easy, self-service configuration and enables
dynamic, personal, and natural customer engagement at any scale.
See Also https://aws.amazon.com/connect/.

Amazon Corretto A no-cost, multiplatform, production-ready distribution of the Open Java


Development Kit (OpenJDK).
See Also https://aws.amazon.com/corretto/.

Amazon Detective A service that collects log data from your AWS resources to analyze and identify
the root cause of security findings or suspicious activities. The Detective behavior
graph provides visualizations to help you to determine the nature and extent of
possible security issues and conduct an efficient investigation.
See Also https://aws.amazon.com/detective/.

Amazon DocumentDB (with A managed database service that you can use to set up, operate, and scale
MongoDB compatibility) MongoDB-compatible databases in the cloud.
See Also https://aws.amazon.com/documentdb/.

Amazon DynamoDB A fully managed NoSQL database service that provides fast and predictable
performance with seamless scalability.
See Also https://aws.amazon.com/dynamodb/.

Amazon DynamoDB A software library that helps you protect your table data before you send it to
Encryption Client Amazon DynamoDB (p. 607).

Amazon DynamoDB Storage A storage backend for the Titan graph database implemented on top of Amazon
Backend for Titan DynamoDB. Titan is a scalable graph database optimized for storing and querying
graphs.
See Also https://aws.amazon.com/dynamodb/.

Amazon DynamoDB Streams An AWS service that captures a time-ordered sequence of item-level
modifications in any Amazon DynamoDB table, and stores this information in a
log for up to 24 hours. Applications can access this log and view the data items as
they appeared before and after they were modified, in near real time.
See Also https://aws.amazon.com/dynamodb/.

Amazon EBS-backed AMI A type of Amazon Machine Image (AMI) (p. 609) whose instance (p. 636)s use
an Amazon EBS (p. 607) volume (p. 661) as their root device. Compare this
with instances launched from instance store-backed AMI (p. 636)s, which use the
instance store (p. 636) as the root device.

Amazon EC2 A web service for launching and managing Linux/UNIX and Windows Server
instance (p. 636)s in Amazon's data centers.
See Also Amazon Elastic Compute Cloud (Amazon EC2), https://aws.amazon.com/
ec2.

Amazon EC2 Auto Scaling A web service designed to launch or terminate instance (p. 636)s automatically
based on user-defined policies (p. 645), schedules, and health check (p. 634)s.
See Also https://aws.amazon.com/ec2/autoscaling.

Amazon Elastic Block Store A service that provides block level storage volume (p. 661)s for use with EC2
(Amazon EBS) instance (p. 629)s.
See Also https://aws.amazon.com/ebs.

Amazon Elastic Compute A web service for launching and managing Linux/UNIX and Windows Server
Cloud (Amazon EC2) instance (p. 636)s in Amazon's data centers.

Version 1.0
607
AWS General Reference Reference guide

See Also https://aws.amazon.com/ec2.

Amazon Elastic Container A fully managed Docker container registry that makes it easy for developers to
Registry (Amazon ECR) store, manage, and deploy Docker container images. Amazon ECR is integrated
with Amazon Elastic Container Service (Amazon ECS) (p. 608) and AWS Identity
and Access Management (IAM) (p. 616).
See Also https://aws.amazon.com/ecr.

Amazon Elastic Container A highly scalable, fast, container (p. 624) management service that makes it
Service (Amazon ECS) easy to run, stop, and manage Docker containers on a cluster (p. 623) of EC2
instance (p. 629)s.
See Also https://aws.amazon.com/ecs.

Amazon Elastic File System A file storage service for EC2 (p. 607) instance (p. 636)s. Amazon EFS is easy
(Amazon EFS) to use and provides a simple interface with which you can create and configure
file systems. Amazon EFS storage capacity grows and shrinks automatically as you
add and remove files.
See Also https://aws.amazon.com/efs/.

Amazon Elastic Kubernetes A managed service that simplifies running Kubernetes on AWS without your
Service (Amazon EKS) needing to stand up or maintain your own Kubernetes control plane.
See Also https://aws.amazon.com/eks/.

Amazon Elastic Transcoder A cloud-based media transcoding service. Elastic Transcoder is a highly scalable
tool for converting (or transcoding) media files from their source format into
versions that play on devices like smartphones, tablets, and PCs.
See Also https://aws.amazon.com/elastictranscoder/.

Amazon ElastiCache A web service that simplifies deploying, operating, and scaling an in-memory
cache in the cloud. The service improves the performance of web applications by
providing information retrieval from fast, managed, in-memory caches, instead of
relying entirely on slower disk-based databases.
See Also https://aws.amazon.com/elasticache/.

Amazon Elasticsearch Service An AWS managed service for deploying, operating, and scaling Elasticsearch, an
(Amazon ES) open-source search and analytics engine, in the AWS Cloud. Amazon Elasticsearch
Service (Amazon ES) also offers security options, high availability, data durability,
and direct access to the Elasticsearch API.
See Also https://aws.amazon.com/elasticsearch-service.

Amazon EMR A web service that makes it easy to process large amounts of data efficiently.
Amazon EMR uses Hadoop (p. 634) processing combined with several AWS
products to do such tasks as web indexing, data mining, log file analysis, machine
learning, scientific simulation, and data warehousing.
See Also https://aws.amazon.com/elasticmapreduce.

Amazon EventBridge A serverless event bus service that enables you to connect your applications
with data from a variety of sources and routes that data to targets such as AWS
Lambda. You can set up routing rules to determine where to send your data to
build application architectures that react in real time to all of your data sources.
See Also https://aws.amazon.com/eventbridge/.

Amazon GameLift A managed service for deploying, operating, and scaling session-based
multiplayer games.
See Also https://aws.amazon.com/gamelift/.

Amazon GuardDuty A continuous security monitoring service. Amazon GuardDuty can help to identify
unexpected and potentially unauthorized or malicious activity in your AWS
environment.
See Also https://aws.amazon.com/guardduty/.

Version 1.0
608
AWS General Reference Reference guide

Amazon Inspector An automated security assessment service that helps improve the security and
compliance of applications deployed on AWS. Amazon Inspector automatically
assesses applications for vulnerabilities or deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed report with
prioritized steps for remediation.
See Also https://aws.amazon.com/inspector.

Amazon Kinesis A platform for streaming data on AWS. Kinesis offers services that simplify the
loading and analysis of streaming data.
See Also https://aws.amazon.com/kinesis/.

Amazon Kinesis Data Firehose A fully managed service for loading streaming data into AWS. Kinesis Data
Firehose can capture and automatically load streaming data into Amazon
S3 (p. 611) and Amazon Redshift (p. 610), enabling near real-time analytics
with existing business intelligence tools and dashboards. Kinesis Data Firehose
automatically scales to match the throughput of your data and requires no
ongoing administration. It can also batch, compress, and encrypt the data before
loading it.
See Also https://aws.amazon.com/kinesis/firehose/.

Amazon Kinesis Data Streams A web service for building custom applications that process or analyze streaming
data for specialized needs. Amazon Kinesis Data Streams can continuously
capture and store terabytes of data per hour from hundreds of thousands of
sources.
See Also https://aws.amazon.com/kinesis/streams/.

Amazon Lightsail Lightsail is designed to be the easiest way to launch and manage a virtual private
server with AWS. Lightsail offers bundled plans that include everything you need
to deploy a virtual private server, for a low monthly rate.
See Also https://aws.amazon.com/lightsail/.

Amazon Lumberyard A cross-platform, 3D game engine for creating high-quality games. You can
connect games to the compute and storage of the AWS Cloud and engage fans on
Twitch.
See Also https://aws.amazon.com/lumberyard/.

Amazon Machine Image (AMI) An encrypted machine image stored in Amazon Elastic Block Store (Amazon
EBS) (p. 607) or Amazon Simple Storage Service (p. 611). AMIs are like a
template of a computer's root drive. They contain the operating system and can
also include software and layers of your application, such as database servers,
middleware, web servers, and so on.

Amazon Machine Learning A cloud-based service that creates machine learning (ML) models by finding
patterns in your data, and uses these models to process new data and generate
predictions.
See Also http://aws.amazon.com/machine-learning/.

Amazon Macie A security service that uses machine learning to automatically discover, classify,
and protect sensitive data in AWS.
See Also http://aws.amazon.com/macie/.

Amazon Managed Blockchain A fully managed service for creating and managing scalable blockchain networks
using popular open source frameworks.
See Also http://aws.amazon.com/managed-blockchain/.

Amazon ML See Amazon Machine Learning.

Amazon Mobile Analytics A service for collecting, visualizing, understanding, and extracting mobile app
(Mobile Analytics) usage data at scale.
See Also https://aws.amazon.com/mobileanalytics.

Version 1.0
609
AWS General Reference Reference guide

Amazon Monitron An end-to-end system that uses machine learning (ML) to detect abnormal
behavior in industrial machinery. Use Amazon Monitron to implement predictive
maintenance and reduce unplanned downtime.
See Also https://aws.amazon.com/monitron/.

Amazon MQ A managed message broker service for Apache ActiveMQ that makes it easy to set
up and operate message brokers in the cloud.
See Also https://aws.amazon.com/amazon-mq/.

Amazon Neptune A managed graph database service that you can use to build and run applications
that work with highly connected datasets. Neptune supports the popular graph
query languages Apache TinkerPop Gremlin and W3C’s SPARQL, enabling you to
build queries that efficiently navigate highly connected datasets.
See Also https://aws.amazon.com/neptune/.

Amazon Personalize An artificial intelligence service for creating individualized product and content
recommendations.
See Also https://aws.amazon.com/personalize/.

Amazon QuickSight A fast, cloud-powered business analytics service that makes it easy to build
visualizations, perform analysis, and quickly get business insights from your data.
See Also https://aws.amazon.com/quicksight/.

Amazon Redshift A fully managed, petabyte-scale data warehouse service in the cloud. With
Amazon Redshift, you can analyze your data using your existing business
intelligence tools.
See Also https://aws.amazon.com/redshift/.

Amazon Relational Database A web service that makes it easier to set up, operate, and scale a relational
Service (Amazon RDS) database in the cloud. It provides cost-efficient, resizable capacity for an industry-
standard relational database and manages common database administration
tasks.
See Also https://aws.amazon.com/rds.

Amazon Resource Name A standardized way to refer to an AWS resource (p. 650). For example:
(ARN) arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob.

Amazon Route 53 A web service you can use to create a new DNS service or to migrate your existing
DNS service to the cloud.
See Also https://aws.amazon.com/route53.

Amazon S3 Storage for the internet. You can use it to store and retrieve any amount of data
at any time, from anywhere on the web.
See Also Amazon Simple Storage Service (Amazon S3), https://aws.amazon.com/
s3.

Amazon S3-Backed AMI See instance store-backed AMI.

Amazon S3 Glacier A secure, durable, and low-cost storage service for data archiving and long-term
backup. You can reliably store large or small amounts of data for significantly
less than on-premises solutions. S3 Glacier is optimized for infrequently accessed
data, where a retrieval time of several hours is suitable.
See Also https://aws.amazon.com/glacier/.

AWS Security Hub A service that provides a comprehensive view of the security state of your AWS
resources. Security Hub collects security data from AWS accounts and services and
helps you analyze your security trends to identify and prioritize the security issues
across your AWS environment.
See Also https://aws.amazon.com/security-hub/.

Version 1.0
610
AWS General Reference Reference guide

Amazon Silk A next-generation web browser available only on Fire OS tablets and phones.
Built on a split architecture that divides processing between the client and the
AWS Cloud, Amazon Silk is designed to create a faster, more responsive mobile
browsing experience.

Amazon Simple Email Service An easy-to-use, cost-effective email solution for applications.
(Amazon SES) See Also https://aws.amazon.com/ses.

Amazon Simple Notification A web service that enables applications, users, and devices to instantly send and
Service (Amazon SNS) receive notifications from the cloud.
See Also https://aws.amazon.com/sns.

Amazon Simple Queue Reliable and scalable hosted queues for storing messages as they travel between
Service (Amazon SQS) computers.
See Also https://aws.amazon.com/sqs.

Amazon Simple Storage Storage for the internet. You can use it to store and retrieve any amount of data
Service (Amazon S3) at any time, from anywhere on the web.
See Also https://aws.amazon.com/s3.

Amazon Simple Workflow A fully managed service that helps developers build, run, and scale background
Service (Amazon SWF) jobs that have parallel or sequential steps. Amazon SWF is like a state tracker and
task coordinator in the cloud.
See Also https://aws.amazon.com/swf/.

Amazon Sumerian A set of tools for creating and running high-quality 3D, augmented reality (AR),
and virtual reality (VR) applications on the web.
See Also https://aws.amazon.com/sumerian/.

Amazon Textract A service that automatically extracts text and data from scanned documents.
Amazon Textract goes beyond simple optical character recognition (OCR) to also
identify the contents of fields in forms and information stored in tables.
See Also https://aws.amazon.com/textract/.

Amazon Virtual Private Cloud A web service for provisioning a logically isolated section of the AWS Cloud
(Amazon VPC) virtual network that you define. You control your virtual networking environment,
including selection of your own IP address range, creation of subnet (p. 656)s,
and configuration of route table (p. 651)s and network gateways.
See Also https://aws.amazon.com/vpc.

Amazon VPC See Amazon Virtual Private Cloud (Amazon VPC).

Amazon Web Services (AWS) An infrastructure web services platform in the cloud for companies of all sizes.
See Also https://aws.amazon.com/what-is-cloud-computing/.

Amazon WorkDocs A managed, secure enterprise document storage and sharing service with
administrative controls and feedback capabilities.
See Also https://aws.amazon.com/workdocs/.

Amazon WorkLink A cloud-based service that provides secure access to internal websites and web
apps from mobile devices.
See Also https://aws.amazon.com/worklink/.

Amazon WorkMail A managed, secure business email and calendar service with support for existing
desktop and mobile email clients.
See Also https://aws.amazon.com/workmail/.

Amazon WorkSpaces A managed, secure desktop computing service for provisioning cloud-
based desktops and providing users access to documents, applications, and
resource (p. 650)s from supported devices.

Version 1.0
611
AWS General Reference Reference guide

See Also https://aws.amazon.com/workspaces/.

Amazon WorkSpaces A web service for deploying and managing applications for Amazon WorkSpaces.
Application Manager (Amazon Amazon WAM accelerates software deployment, upgrades, patching, and
WAM) retirement by packaging Windows desktop applications into virtualized
application containers.
See Also https://aws.amazon.com/workspaces/applicationmanager.

AMI See Amazon Machine Image (AMI).

analysis scheme Amazon CloudSearch (p. 606): Language-specific text analysis options that
are applied to a text field to control stemming and configure stopwords and
synonyms.

application AWS Elastic Beanstalk (p. 615): A logical collection of components, including
environments, versions, and environment configurations. An application is
conceptually similar to a folder.

AWS CodeDeploy (p. 614): A name that uniquely identifies the application to be
deployed. AWS CodeDeploy uses this name to ensure the correct combination of
revision, deployment configuration, and deployment group are referenced during
a deployment.

Application Auto Scaling A web service that enables you to configure automatic scaling for AWS resources
beyond Amazon EC2, such as Amazon ECS services, Amazon EMR clusters, and
DynamoDB tables.
See Also https://aws.amazon.com/autoscaling/.

Application Billing The location where your customers manage the Amazon DevPay products they've
purchased. The web address is http://www.amazon.com/dp-applications.

application revision AWS CodeDeploy (p. 614): An archive file containing source content—such
as source code, webpages, executable files, and deployment scripts—along
with an application specification file (p. 612). Revisions are stored in Amazon
S3 (p. 611) bucket (p. 621)s or GitHub (p. 633) repositories. For Amazon S3, a
revision is uniquely identified by its Amazon S3 object key and its ETag, version, or
both. For GitHub, a revision is uniquely identified by its commit ID.

application specification file AWS CodeDeploy (p. 614): A YAML-formatted file used to map the source files
in an application revision to destinations on the instance. The file is also used to
specify custom permissions for deployed files and specify scripts to be run on
each instance at various stages of the deployment process.

application version AWS Elastic Beanstalk (p. 615): A specific, labeled iteration of an application
that represents a functionally consistent set of deployable application code. A
version points to an Amazon S3 (p. 611) object (a JAVA WAR file) that contains
the application code.

AppSpec file See application specification file.

ARN See Amazon Resource Name (ARN).

artifact AWS CodePipeline (p. 614): A copy of the files or changes that will be worked
upon by the pipeline.

asymmetric encryption Encryption (p. 630) that uses both a public key and a private key.

asynchronous bounce A type of bounce (p. 621) that occurs when a receiver (p. 648) initially accepts
an email message for delivery and then subsequently fails to deliver it.

Version 1.0
612
AWS General Reference Reference guide

atomic counter DynamoDB: A method of incrementing or decrementing the value of an existing


attribute without interfering with other write requests.

attribute A fundamental data element, something that does not need to be broken
down any further. In DynamoDB, attributes are similar in many ways to fields or
columns in other database systems.

Amazon Machine Learning: A unique, named property within an observation in a


dataset. In tabular data, such as spreadsheets or comma-separated values (.csv)
files, the column headings represent the attributes, and the rows contain values
for each attribute.

AUC Area Under a Curve. An industry-standard metric to evaluate the quality of a


binary classification machine learning model. AUC measures the ability of the
model to predict a higher score for positive examples, those that are “correct,”
than for negative examples, those that are “incorrect.” The AUC metric returns a
decimal value from 0 to 1. AUC values near 1 indicate an ML model that is highly
accurate.

Aurora See the section called “Amazon Aurora”.

authenticated encryption Encryption (p. 630) that provides confidentiality, data integrity, and authenticity
assurances of the encrypted data.

authentication The process of proving your identity to a system.

Auto Scaling group A representation of multiple EC2 instance (p. 629)s that share similar
characteristics, and that are treated as a logical grouping for the purposes of
instance scaling and management.

Availability Zone A distinct location within a Region (p. 649) that is insulated from failures
in other Availability Zones, and provides inexpensive, low-latency network
connectivity to other Availability Zones in the same Region.

AWS See Amazon Web Services (AWS).

AWS Application Discovery A web service that helps you plan to migrate to AWS by identifying IT assets
Service in a data center—including servers, virtual machines, applications, application
dependencies, and network infrastructure.
See Also https://aws.amazon.com/about-aws/whats-new/2016/04/aws-
application-discovery-service/.

AWS AppSync An enterprise level, fully managed GraphQL service with real-time data
synchronization and offline programming features.
See Also https://aws.amazon.com/appsync/.

AWS Auto Scaling A fully managed service that enables you to quickly discover the scalable AWS
resources that are part of your application and configure dynamic scaling.
See Also https://aws.amazon.com/autoscaling/.

AWS Backup A managed backup service that you can use to centralize and automate the
backup of data across AWS services in the cloud and on premises.
See Also https://aws.amazon.com/backup/.

AWS Billing and Cost The AWS Cloud computing model in which you pay for services on demand and
Management use as much or as little as you need. While resource (p. 650)s are active under
your account, you pay for the cost of allocating those resources. You also pay for
any incidental usage associated with those resources, such as data transfer or
allocated storage.

Version 1.0
613
AWS General Reference Reference guide

See Also https://aws.amazon.com/billing/new-user-faqs/.

AWS Blockchain Templates A service for creating and deploying open-source blockchain frameworks on AWS,
such as Ethereum and Hyperledger Fabric.
See Also https://aws.amazon.com/blockchain/templates/.

AWS Certificate Manager A web service for provisioning, managing, and deploying Secure Sockets
(ACM) Layer/Transport Layer Security (p. 659) (SSL/TLS) certificates for use with AWS
services.
See Also https://aws.amazon.com/certificate-manager/.

AWS Certificate Manager A hosted private certificate authority service for issuing and revoking private
Private Certificate Authority digital certificate (p. 622)s.
(ACM PCA) See Also https://aws.amazon.com/certificate-manager/private-certificate-
authority/.

AWS Cloud Development Kit An open-source software development framework for defining your cloud
(AWS CDK) infrastructure in code and provisioning it through AWS CloudFormation.
See Also https://aws.amazon.com/cdk/.

AWS Cloud Map A service that you use to create and maintain a map of the backend services and
resources that your applications depend on. AWS Cloud Map lets you name and
discover your cloud resources.
See Also https://aws.amazon.com/cloud-map.

AWS Cloud9 A cloud-based integrated development environment (IDE) that you use to write,
run, and debug code.
See Also https://aws.amazon.com/cloud9/.

AWS CloudFormation A service for writing or changing templates that create and delete related AWS
resource (p. 650)s together as a unit.
See Also https://aws.amazon.com/cloudformation.

AWS CloudHSM A web service that helps you meet corporate, contractual, and regulatory
compliance requirements for data security by using dedicated hardware security
module (HSM) appliances within the AWS Cloud.
See Also https://aws.amazon.com/cloudhsm/.

AWS CloudTrail A web service that records AWS API calls for your account and delivers log files to
you. The recorded information includes the identity of the API caller, the time of
the API call, the source IP address of the API caller, the request parameters, and
the response elements returned by the AWS service.
See Also https://aws.amazon.com/cloudtrail/.

AWS CodeBuild A fully managed continuous integration service that compiles source code, runs
tests, and produces software packages that are ready to deploy.
See Also https://aws.amazon.com/codebuild.

AWS CodeCommit A fully managed source control service that makes it easy for companies to host
secure and highly scalable private Git repositories.
See Also https://aws.amazon.com/codecommit.

AWS CodeDeploy A service that automates code deployments to any instance, including EC2
instance (p. 629)s and instance (p. 636)s running on-premises.
See Also https://aws.amazon.com/codedeploy.

AWS CodeDeploy agent A software package that, when installed and configured on an instance, enables
that instance to be used in CodeDeploy deployments.

AWS CodePipeline A continuous delivery service for fast and reliable application updates.

Version 1.0
614
AWS General Reference Reference guide

See Also https://aws.amazon.com/codepipeline.

AWS Command Line Interface A unified downloadable and configurable tool for managing AWS services.
(AWS CLI) Control multiple AWS services from the command line and automate them
through scripts.
See Also https://aws.amazon.com/cli/.

AWS Config A fully managed service that provides an AWS resource (p. 650) inventory,
configuration history, and configuration change notifications for better security
and governance. You can create rules that automatically check the configuration
of AWS resources that AWS Config records.
See Also https://aws.amazon.com/config/.

AWS Database Migration A web service that can help you migrate data to and from many widely used
Service commercial and open-source databases.
See Also https://aws.amazon.com/dms.

AWS Data Pipeline A web service for processing and moving data between different AWS compute
and storage services, as well as on-premises data sources, at specified intervals.
See Also https://aws.amazon.com/datapipeline.

AWS Device Farm (Device An app testing service that allows developers to test Android, iOS, and Fire OS
Farm) devices on real, physical phones and tablets that are hosted by AWS.
See Also https://aws.amazon.com/device-farm.

AWS Direct Connect A web service that simplifies establishing a dedicated network connection
from your premises to AWS. Using AWS Direct Connect, you can establish
private connectivity between AWS and your data center, office, or colocation
environment.
See Also https://aws.amazon.com/directconnect.

AWS Directory Service A managed service for connecting your AWS resource (p. 650)s to an existing
on-premises Microsoft Active Directory or to set up and operate a new,
standalone directory in the AWS Cloud.
See Also https://aws.amazon.com/directoryservice.

AWS Elastic Beanstalk A web service for deploying and managing applications in the AWS Cloud without
worrying about the infrastructure that runs those applications.
See Also https://aws.amazon.com/elasticbeanstalk.

AWS Elemental MediaConnect A service that lets broadcasters and other premium video providers reliably ingest
live video into the AWS Cloud and distribute it to multiple destinations inside or
outside the AWS Cloud.
See Also https://aws.amazon.com/mediaconnect.

AWS Elemental MediaConvert A file-based video conversion service that transforms media into formats required
for traditional broadcast and for internet streaming to multi-screen devices.
See Also https://aws.amazon.com/mediaconvert.

AWS Elemental MediaLive A video service that lets you create live outputs for broadcast and streaming
delivery.
See Also https://aws.amazon.com/medialive.

AWS Elemental MediaPackage A just-in-time packaging and origination service that lets you format highly
secure and reliable live outputs for a variety of devices.
See Also https://aws.amazon.com/mediapackage.

AWS Elemental MediaStore A storage service optimized for media that provides the performance, consistency,
and low latency required to deliver live and on-demand video content at scale.
See Also https://aws.amazon.com/mediastore.

Version 1.0
615
AWS General Reference Reference guide

AWS Elemental MediaTailor A video service that lets you serve targeted ads to viewers while maintaining
broadcast quality in over-the-top (OTT) video applications.
See Also https://aws.amazon.com/mediatailor.

AWS Encryption SDK A client-side encryption library designed to make it easy for everyone to encrypt
and decrypt data using industry standards and best practices.
See Also https://aws.amazon.com/blogs/security/tag/aws-encryption-sdk/.

AWS Firewall Manager A service that you use with AWS WAF to simplify your AWS WAF administration
and maintenance tasks across multiple accounts and resources. With AWS Firewall
Manager, you set up your firewall rules just once. The service automatically
applies your rules across your accounts and resources, even as you add new
resources.
See Also https://aws.amazon.com/firewall-manager.

AWS Global Accelerator A network layer service that you use to create accelerators that direct traffic to
optimal endpoints over the AWS global network. This improves the availability
and performance of your internet applications that are used by a global audience.
See Also https://aws.amazon.com/global-accelerator.

AWS Glue A fully managed extract, transform, and load (ETL) (p. 632) service that you can
use to catalog data and load it for analytics. With AWS Glue, you can discover
your data, develop scripts to transform sources into targets, and schedule and run
ETL jobs in a serverless environment.
See Also https://aws.amazon.com/glue.

AWS GovCloud (US) An isolated AWS Region designed to host sensitive workloads in the cloud,
ensuring that this work meets the US government's regulatory and compliance
requirements. The AWS GovCloud (US) Region adheres to United States
International Traffic in Arms Regulations (ITAR), Federal Risk and Authorization
Management Program (FedRAMP) requirements, Department of Defense (DOD)
Cloud Security Requirements Guide (SRG) Levels 2 and 4, and Criminal Justice
Information Services (CJIS) Security Policy requirements.
See Also https://aws.amazon.com/govcloud-us/.

AWS Identity and Access A web service that enables Amazon Web Services (AWS) (p. 611) customers to
Management (IAM) manage users and user permissions within AWS.
See Also https://aws.amazon.com/iam.

AWS Import/Export A service for transferring large amounts of data between AWS and portable
storage devices.
See Also https://aws.amazon.com/importexport.

AWS IoT Core A managed cloud platform that lets connected devices easily and securely
interact with cloud applications and other devices.
See Also https://aws.amazon.com/iot.

AWS IoT 1-Click A service that enables simple devices to trigger AWS Lambda functions that can
execute an action.
See Also https://aws.amazon.com/iot-1-click.

AWS IoT Analytics A fully managed service used to run sophisticated analytics on massive volumes
of IoT data.
See Also https://aws.amazon.com/iot-analytics.

AWS IoT Device Defender An AWS IoT security service that allows you to audit the configuration of your
devices, monitor your connected devices to detect abnormal behavior, and to
mitigate security risks.
See Also https://aws.amazon.com/iot-device-defender.

Version 1.0
616
AWS General Reference Reference guide

AWS IoT Device Management A service used to securely onboard, organize, monitor, and remotely manage IoT
devices at scale.
See Also https://aws.amazon.com/iot-device-management.

AWS IoT Events A fully managed AWS IoT service that makes it easy to detect and respond to
events from IoT sensors and applications.
See Also https://aws.amazon.com/iot-events.

AWS IoT Greengrass Software that lets you run local compute, messaging, data caching, sync, and ML
inference capabilities for connected devices in a secure way.
See Also https://aws.amazon.com/greengrass.

AWS IoT SiteWise A managed service that lets you collect, organize, and analyze data from
industrial equipment at scale.
See Also https://aws.amazon.com/iot-sitewise.

AWS IoT Things Graph A service that makes it easy to visually connect different devices and web services
to build IoT applications.
See Also https://aws.amazon.com/iot-things-graph.

AWS Key Management A managed service that simplifies the creation and control of
Service (AWS KMS) encryption (p. 630) keys that are used to encrypt data.
See Also https://aws.amazon.com/kms.

AWS Lambda A web service that lets you run code without provisioning or managing servers.
You can run code for virtually any type of application or backend service with zero
administration. You can set up your code to automatically trigger from other AWS
services or call it directly from any web or mobile app.
See Also https://aws.amazon.com/lambda/.

AWS managed key One type of customer master key (CMK) (p. 626) in AWS Key Management
Service (AWS KMS) (p. 617).

AWS managed policy An IAM (p. 616) managed policy (p. 640) that is created and managed by AWS.

AWS Management Console A graphical interface to manage compute, storage, and other cloud
resource (p. 650)s.
See Also https://aws.amazon.com/console.

AWS Management Portal for A web service for managing your AWS resource (p. 650)s using VMware
vCenter vCenter. You install the portal as a vCenter plugin within your existing vCenter
environment. Once installed, you can migrate VMware VMs to Amazon
EC2 (p. 607) and manage AWS resources from within vCenter.
See Also https://aws.amazon.com/ec2/vcenter-portal/.

AWS Marketplace A web portal where qualified partners market and sell their software to AWS
customers. AWS Marketplace is an online software store that helps customers
find, buy, and immediately start using the software and services that run on AWS.
See Also https://aws.amazon.com/partners/aws-marketplace/.

AWS Mobile Hub (Mobile Hub) An integrated console for building, testing, and monitoring mobile apps.
See Also https://aws.amazon.com/mobile.

AWS Mobile SDK A software development kit whose libraries, code examples, and documentation
help you build high quality mobile apps for the iOS, Android, Fire OS, Unity, and
Xamarin platforms.
See Also https://aws.amazon.com/mobile/sdk.

AWS OpsWorks A configuration management service that helps you use Chef to configure and
operate groups of instances and applications. You can define the application’s

Version 1.0
617
AWS General Reference Reference guide

architecture and the specification of each component including package


installation, software configuration, and resource (p. 650)s such as storage. You
can automate tasks based on time, load, lifecycle events, and more.
See Also https://aws.amazon.com/opsworks/.

AWS Organizations An account management service that enables you to consolidate multiple AWS
accounts into an organization that you create and centrally manage.
See Also https://aws.amazon.com/organizations/.

AWS Resource Access A service that lets you share your resources with any AWS account or organization
Manager in AWS Organizations.
See Also https://aws.amazon.com/ram/.

AWS ParallelCluster An AWS supported open source cluster management tool that helps you to
deploy and manage high performance computing (HPC) clusters in the AWS
Cloud.

AWS SDK for C++ A software development kit for that provides C++ APIs for many AWS
services including Amazon S3 (p. 611), Amazon EC2 (p. 607), Amazon
DynamoDB (p. 607), and more. The single, downloadable package includes the
AWS C++ library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-cpp/.

AWS SDK for Go A software development kit for integrating your Go application with the full suite
of AWS services.
See Also https://aws.amazon.com/sdk-for-go/.

AWS SDK for Java A software development kit that provides Java APIs for many AWS
services including Amazon S3 (p. 611), Amazon EC2 (p. 607), Amazon
DynamoDB (p. 607), and more. The single, downloadable package includes the
AWS Java library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-java/.

AWS SDK for JavaScript in the A software development kit for accessing AWS services from JavaScript code
Browser running in the browser. Authenticate users through Facebook, Google, or Login
with Amazon using web identity federation. Store application data in Amazon
DynamoDB (p. 607), and save user files to Amazon S3 (p. 611).
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.

AWS SDK for JavaScript in A software development kit for accessing AWS services from JavaScript in
Node.js Node.js. The SDK provides JavaScript objects for AWS services, including Amazon
S3 (p. 611), Amazon EC2 (p. 607), Amazon DynamoDB (p. 607), and Amazon
Simple Workflow Service (Amazon SWF) (p. 611) . The single, downloadable
package includes the AWS JavaScript library and documentation.
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.

AWS SDK for .NET A software development kit that provides .NET API actions for AWS services
including Amazon S3 (p. 611), Amazon EC2 (p. 607), IAM (p. 616), and more.
You can download the SDK as multiple service-specific packages on NuGet.
See Also https://aws.amazon.com/sdk-for-net/.

AWS SDK for PHP A software development kit and open-source PHP library for integrating your
PHP application with AWS services like Amazon S3 (p. 611), Amazon S3
Glacier (p. 610), and Amazon DynamoDB (p. 607).
See Also https://aws.amazon.com/sdk-for-php/.

AWS SDK for Python (Boto) A software development kit for using Python to access AWS services like Amazon
EC2 (p. 607), Amazon EMR (p. 608), Amazon EC2 Auto Scaling (p. 607),
Amazon Kinesis (p. 609), AWS Lambda (p. 617), and more.
See Also http://boto.readthedocs.org/en/latest/.

Version 1.0
618
AWS General Reference Reference guide

AWS SDK for Ruby A software development kit for accessing AWS services from Ruby. The SDK
provides Ruby classes for many AWS services including Amazon S3 (p. 611),
Amazon EC2 (p. 607), Amazon DynamoDB (p. 607). and more. The single,
downloadable package includes the AWS Ruby Library and documentation.
See Also https://aws.amazon.com/sdk-for-ruby/.

AWS Secrets Manager A service for securely encrypting, storing, and rotating credentials for databases
and other services.
See Also https://aws.amazon.com/secrets-manager/.

AWS Security Token Service A web service for requesting temporary, limited-privilege credentials for AWS
(AWS STS) Identity and Access Management (IAM) (p. 616) users or for users that you
authenticate (federated users (p. 632)).
See Also https://aws.amazon.com/iam/.

AWS Service Catalog A web service that helps organizations create and manage catalogs of IT services
that are approved for use on AWS. These IT services can include everything from
virtual machine images, servers, software, and databases to complete multitier
application architectures.
See Also https://aws.amazon.com/servicecatalog/.

AWS Shield A service that helps to protect your resources—such as Amazon EC2 instances,
Elastic Load Balancing load balancers, Amazon CloudFront distributions, and
Route 53 hosted zones—against DDoS attacks. AWS Shield is automatically
included at no extra cost beyond what you already pay for AWS WAF and your
other AWS services. For added protection against DDoS attacks, AWS offers AWS
Shield Advanced.
See Also https://aws.amazon.com/shield.

AWS Single Sign-On A cloud-based service that simplifies managing SSO access to AWS accounts and
business applications. You can control SSO access and user permissions across all
your AWS accounts in AWS Organizations.
See Also https://aws.amazon.com/single-sign-on/.

AWS Step Functions A web service that coordinates the components of distributed applications as a
series of steps in a visual workflow.
See Also https://aws.amazon.com/step-functions/.

AWS Snowball A petabyte-scale data transport solution that uses devices designed to be secure
to transfer large amounts of data into and out of the AWS Cloud.
See Also https://aws.amazon.com/snowball.

AWS Storage Gateway A web service that connects an on-premises software appliance with cloud-based
storage. AWS Storage Gateway provides seamless and secure integration between
an organization’s on-premises IT environment and AWS storage infrastructure.
See Also https://aws.amazon.com/storagegateway/.

AWS Toolkit for Eclipse An open-source plugin for the Eclipse Java integrated development environment
(IDE) that makes it easier to develop, debug, and deploy Java applications using
Amazon Web Services.
See Also https://aws.amazon.com/eclipse/.

AWS Toolkit for JetBrains An open-source plugin for the integrated development environments (IDEs)
from JetBrains that makes it easier to develop, debug, and deploy serverless
applications using Amazon Web Services.
See Also https://aws.amazon.com/intellij/, https://aws.amazon.com/pycharm/.

AWS Toolkit for Visual Studio An extension for Visual Studio that helps in developing, debugging, and
deploying .NET applications using Amazon Web Services.
See Also https://aws.amazon.com/visualstudio/.

Version 1.0
619
AWS General Reference Reference guide

AWS Toolkit for Visual Studio An open-source plugin for the Visual Studio Code (VS Code) editor that makes it
Code easier to develop, debug, and deploy applications using Amazon Web Services.
See Also https://aws.amazon.com/visualstudiocode/.

AWS Tools for Windows A set of PowerShell cmdlets to help developers and administrators manage their
PowerShell AWS services from the Windows PowerShell scripting environment.
See Also https://aws.amazon.com/powershell/.

AWS Toolkit for Microsoft Provides tasks you can use in build and release definitions in VSTS to interact with
Azure DevOps AWS services.
See Also https://aws.amazon.com/vsts/.

AWS Trusted Advisor A web service that inspects your AWS environment and makes recommendations
for saving money, improving system availability and performance, and helping to
close security gaps.
See Also https://aws.amazon.com/premiumsupport/trustedadvisor/.

AWS VPN CloudHub Enables secure communication between branch offices using a simple hub-and-
spoke model, with or without a VPC (p. 661).

AWS WAF A web application firewall service that controls access to content by allowing or
blocking web requests based on criteria that you specify. For example, you can
filter access based on the header values or the IP addresses that the requests
originate from. AWS WAF helps protect web applications from common web
exploits that could affect application availability, compromise security, or
consume excessive resources.
See Also https://aws.amazon.com/waf/.

AWS X-Ray A web service that collects data about requests that your application serves. X-
Ray provides tools that you can use to view, filter, and gain insights into that data
to identify issues and opportunities for optimization.
See Also https://aws.amazon.com/xray/.

B
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

basic monitoring Monitoring of AWS provided metrics derived at a 5-minute frequency.

batch See document batch.

BGP ASN Border Gateway Protocol Autonomous System Number. A unique identifier for a
network, for use in BGP routing. Amazon EC2 (p. 607) supports all 2-byte ASN
numbers in the range of 1 – 65335, with the exception of 7224, which is reserved.

batch prediction Amazon Machine Learning: An operation that processes multiple input data
observations at one time (asynchronously). Unlike real-time predictions, batch
predictions are not available until all predictions have been processed.
See Also real-time predictions.

billing See the section called “Billing and Cost Management”.

binary attribute Amazon Machine Learning: An attribute for which one of two possible values is
possible. Valid positive values are 1, y, yes, t, and true answers. Valid negative
values are 0, n, no, f, and false. Amazon Machine Learning outputs 1 for positive
values and 0 for negative values.

Version 1.0
620
AWS General Reference Reference guide

See Also attribute.

binary classification model Amazon Machine Learning: A machine learning model that predicts the answer to
questions where the answer can be expressed as a binary variable. For example,
questions with answers of “1” or “0”, “yes” or “no”, “will click” or “will not click”
are questions that have binary answers. The result for a binary classification
model is always either a “1” (for a “true” or affirmative answers) or a “0” (for a
“false” or negative answers).

block A dataset. Amazon EMR (p. 608) breaks large amounts of data into subsets. Each
subset is called a data block. Amazon EMR assigns an ID to each block and uses a
hash table to keep track of block processing.

block device A storage device that supports reading and (optionally) writing data in fixed-size
blocks, sectors, or clusters.

block device mapping A mapping structure for every AMI (p. 609) and instance (p. 636) that specifies
the block devices attached to the instance.

blue/green deployment CodeDeploy: A deployment method in which the instances in a deployment


group (the original environment) are replaced by a different set of instances (the
replacement environment).

bootstrap action A user-specified default or custom action that runs a script or an application on
all nodes of a job flow before Hadoop (p. 634) starts.

Border Gateway Protocol See BGP ASN.


Autonomous System Number

bounce A failed email delivery attempt.

breach Amazon EC2 Auto Scaling (p. 607): The condition in which a user-set
threshold (upper or lower boundary) is passed. If the duration of the breach is
significant, as set by a breach duration parameter, it can possibly start a scaling
activity (p. 651).

bucket Amazon Simple Storage Service (Amazon S3) (p. 611): A container for stored
objects. Every object is contained in a bucket. For example, if the object named
photos/puppy.jpg is stored in the DOC-EXAMPLE-BUCKET bucket, then
authorized users can access the object with the URL https://s3-bucket-
endpoint/DOC-EXAMPLE-BUCKET/photos/puppy.jpg.

bucket owner The person or organization that owns a bucket (p. 621) in Amazon S3 (p. 611).
Just as Amazon is the only owner of the domain name Amazon.com, only one
person or organization can own a bucket.

bundling A commonly used term for creating an Amazon Machine Image (AMI) (p. 609). It
specifically refers to creating instance store-backed AMI (p. 636)s.

C
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

cache cluster A logical cache distributed over multiple cache node (p. 622)s. A cache cluster
can be set up with a specific number of cache nodes.

Version 1.0
621
AWS General Reference Reference guide

cache cluster identifier Customer-supplied identifier for the cache cluster that must be unique for that
customer in an AWS Region (p. 649).

cache engine version The version of the Memcached service that is running on the cache node.

cache node A fixed-size chunk of secure, network-attached RAM. Each cache node runs an
instance of the Memcached service, and has its own DNS name and port. Multiple
types of cache nodes are supported, each with varying amounts of associated
memory.

cache node type An EC2 instance (p. 629) type used to run the cache node.

cache parameter group A container for cache engine parameter values that can be applied to one or more
cache clusters.

cache security group A group maintained by ElastiCache that combines inbound authorizations
to cache nodes for hosts belonging to Amazon EC2 (p. 607) security
group (p. 652)s specified through the console or the API or command line tools.

campaign Amazon Personalize (p. 610): A deployed solution version (trained model)
with provisioned dedicated transaction capacity for creating real-time
recommendations for your application users. After you create a campaign, you
use the getRecommendations or getPersonalizedRanking personalization
operations to get recommendations.
See Also recommendations, solution version.

canned access policy A standard access control policy that you can apply to a bucket (p. 621)
or object. Options include: private, public-read, public-read-write, and
authenticated-read.

canonicalization The process of converting data into a standard format that a service such as
Amazon S3 (p. 611) can recognize.

capacity The amount of available compute size at a given time. Each Auto Scaling
group (p. 613) is defined with a minimum and maximum compute size. A scaling
activity (p. 651) increases or decreases the capacity within the defined minimum
and maximum values.

Cartesian product processor A processor that calculates a Cartesian product. Also known as a Cartesian data
processor.

Cartesian product A mathematical operation that returns a product from multiple sets.

CDN See content delivery network (CDN).

certificate A credential that some AWS products use to authenticate AWS account (p. 605)s
and users. Also known as an X.509 certificate (p. 661) . The certificate is paired
with a private key.

chargeable resources Features or services whose use incurs fees. Although some AWS products are
free, others include charges. For example, in an AWS CloudFormation (p. 614)
stack (p. 655), AWS resource (p. 650)s that have been created incur charges.
The amount charged depends on the usage load. Use the Amazon Web Services
Simple Monthly Calculator to estimate your cost prior to creating instances,
stacks, or other resources.

CIDR block Classless Inter-Domain Routing. An internet protocol address allocation and route
aggregation methodology.
See Also Classless Inter-Domain Routing in Wikipedia.

Version 1.0
622
AWS General Reference Reference guide

ciphertext Information that has been encrypted (p. 630), as opposed to plaintext (p. 645),
which is information that has not.

ClassicLink A feature for linking an EC2-Classic instance (p. 636) to a VPC (p. 661),
allowing your EC2-Classic instance to communicate with VPC instances using
private IP addresses.
See Also link to VPC, unlink from VPC.

classification In machine learning, a type of problem that seeks to place (classify) a data sample
into a single category or “class.” Often, classification problems are modeled to
choose one category (class) out of two. These are binary classification problems.
Problems with more than two available categories (classes) are called "multiclass
classification" problems.
See Also binary classification model, multiclass classification model.

CLI See AWS Command Line Interface (AWS CLI).

Cloud Directory See the section called “Amazon Cloud Directory”.

cloud service provider (CSP) A company that provides subscribers with access to internet-hosted computing,
storage, and software services.

CloudHub See AWS VPN CloudHub.

cluster A logical grouping of container instance (p. 624)s that you can place
task (p. 657)s on.

Amazon Elasticsearch Service (Amazon ES) (p. 608): A logical grouping of one or
more data nodes, optional dedicated master nodes, and storage required to run
Amazon Elasticsearch Service (Amazon ES) and operate your Amazon ES domain.
See Also data node, dedicated master node, node.

cluster compute instance A type of instance (p. 636) that provides a great amount of CPU power
coupled with increased networking performance, making it well suited for High
Performance Compute (HPC) applications and other demanding network-bound
applications.

cluster placement group A logical cluster compute instance (p. 623) grouping to provide lower latency
and high-bandwidth connectivity between the instance (p. 636)s.

cluster status Amazon Elasticsearch Service (Amazon ES) (p. 608): An indicator of the health
of a cluster. A status can be green, yellow, or red. At the shard level, green means
that all shards are allocated to nodes in a cluster, yellow means that the primary
shard is allocated but the replica shards are not, and red means that the primary
and replica shards of at least one index are not allocated. The shard status
determines the index status, and the index status determines the cluster status.

CMK See customer master key (CMK).

CNAME Canonical Name Record. A type of resource record (p. 650) in the Domain
Name System (DNS) that specifies that the domain name is an alias of another,
canonical domain name. More simply, it is an entry in a DNS table that lets you
alias one fully qualified domain name to another.

Code Signing for AWS IoT A service for signing code that you create for any IoT device that is supported by
Amazon Web Services (AWS).

complaint The event in which a recipient (p. 648) who does not want to receive an email
message clicks "Mark as Spam" within the email client, and the internet service
provider (ISP) (p. 636) sends a notification to Amazon SES (p. 611).

Version 1.0
623
AWS General Reference Reference guide

compound query Amazon CloudSearch (p. 606): A search request that specifies multiple search
criteria using the Amazon CloudSearch structured search syntax.

condition IAM (p. 616): Any restriction or detail about a permission. The condition is D in
the statement "A has permission to do B to C where D applies."

AWS WAF (p. 620): A set of attributes that AWS WAF searches for in web
requests to AWS resource (p. 650)s such as Amazon CloudFront (p. 606)
distributions. Conditions can include values such as the IP addresses that web
requests originate from or values in request headers. Based on the specified
conditions, you can configure AWS WAF to allow or block web requests to AWS
resources.

conditional parameter See mapping.

configuration API Amazon CloudSearch (p. 606): The API call that you use to create, configure, and
manage search domains.

configuration template A series of key–value pairs that define parameters for various AWS products so
that AWS Elastic Beanstalk (p. 615) can provision them for an environment.

consistency model The method a service uses to achieve high availability. For example, it could
involve replicating data across multiple servers in a data center.
See Also eventual consistency.

console See AWS Management Console.

consolidated billing A feature of the AWS Organizations service for consolidating payment for
multiple AWS accounts. You create an organization that contains your AWS
accounts, and you use the management account of your organization to pay for
all member accounts. You can see a combined view of AWS costs that are incurred
by all accounts in your organization, and you can get detailed cost reports for
individual accounts.

container A Linux container that was created from a Docker image as part of a
task (p. 657).

container definition Specifies which Docker image (p. 628) to use for a container (p. 624), how
much CPU and memory the container is allocated, and more options. The
container definition is included as part of a task definition (p. 657).

container instance An EC2 instance (p. 629) that is running the Amazon Elastic Container Service
(Amazon ECS) (p. 608) agent and has been registered into a cluster (p. 623).
Amazon ECS task (p. 657)s are placed on active container instances.

container registry Stores, manages, and deploys Docker image (p. 628)s.

content delivery network A web service that speeds up distribution of your static and dynamic web content
(CDN) —such as .html, .css, .js, media files, and image files—to your users by using
a worldwide network of data centers. When a user requests your content, the
request is routed to the data center that provides the lowest latency (time delay).
If the content is already in the location with the lowest latency, the CDN delivers
it immediately. If not, the CDN retrieves it from an origin that you specify (for
example, a web server or an Amazon S3 bucket). With some CDNs, you can help
secure your content by configuring an HTTPS connection between users and data
centers, and between data centers and your origin. Amazon CloudFront is an
example of a CDN.

contextual metatdata Amazon Personalize (p. 610): Interactions data that you collect about a user's
browsing context (such as device used or location) when an event (such as a click)

Version 1.0
624
AWS General Reference Reference guide

occurs. Contextual metadata can improve recommendation relevance for new and
existing users.
See Also Interactions dataset, event.

continuous delivery A software development practice in which code changes are automatically built,
tested, and prepared for a release to production.
See Also https://aws.amazon.com/devops/continuous-delivery/.

continuous integration A software development practice in which developers regularly merge code
changes into a central repository, after which automated builds and tests are run.
See Also https://aws.amazon.com/devops/continuous-integration/.

cooldown period Amount of time during which Amazon EC2 Auto Scaling (p. 607) does not allow
the desired size of the Auto Scaling group (p. 613) to be changed by any other
notification from an Amazon CloudWatch (p. 606) alarm (p. 605).

core node An EC2 instance (p. 629) that runs Hadoop (p. 634) map and reduce tasks and
stores data using the Hadoop Distributed File System (HDFS). Core nodes are
managed by the master node (p. 640), which assigns Hadoop tasks to nodes and
monitors their status. The EC2 instances you assign as core nodes are capacity
that must be allotted for the entire job flow run. Because core nodes store data,
you can't remove them from a job flow. However, you can add more core nodes to
a running job flow.

Core nodes run both the DataNodes and TaskTracker Hadoop daemons.

corpus Amazon CloudSearch (p. 606): A collection of data that you want to search.

coverage Amazon Personalize (p. 610): An evaluation metric that tells you the proportion
of unique items that Amazon Personalize might recommend using your model
out of the total number of unique items in Interactions and Items datasets. To
make sure Amazon Personalize recommends more of your items, use a model
with a higher coverage score. Recipes that feature item exploration, such as user-
personalization, have higher coverage than those that don’t, such as popularity-
count.
See Also metrics, Items dataset, Interactions dataset, item exploration, user-
personalization recipe, popularity-count recipe.

credential helper AWS CodeCommit (p. 614): A program that stores credentials for repositories
and supplies them to Git when making connections to those repositories. The
AWS CLI (p. 615) includes a credential helper that you can use with Git when
connecting to CodeCommit repositories.

credentials Also called access credentials or security credentials. In authentication and


authorization, a system uses credentials to identify who is making a call and
whether to allow the requested access. In AWS, these credentials are typically the
access key ID (p. 604) and the secret access key (p. 652).

cross-account access The process of permitting limited, controlled use of resource (p. 650)s in one
AWS account (p. 605) by a user in another AWS account. For example, in AWS
CodeCommit (p. 614) and AWS CodeDeploy (p. 614) you can configure cross-
account access so that a user in AWS account A can access an CodeCommit
repository created by account B. Or a pipeline in AWS CodePipeline (p. 614)
created by account A can use CodeDeploy resources created by account B. In
IAM (p. 616) you use a role (p. 650) to delegate (p. 627) temporary access to
a user (p. 659) in one account to resources in another.

cross-Region replication A solution for replicating data across different AWS Region (p. 649)s, in near-
real time.

Version 1.0
625
AWS General Reference Reference guide

customer gateway A router or software application on your side of a VPN tunnel that is managed
by Amazon VPC (p. 611). The internal interfaces of the customer gateway are
attached to one or more devices in your home network. The external interface is
attached to the virtual private gateway (VGW) (p. 660) across the VPN tunnel.

customer managed policy An IAM (p. 616) managed policy (p. 640) that you create and manage in your
AWS account (p. 605).

customer master key (CMK) The fundamental resource (p. 650) that AWS Key Management Service (AWS
KMS) (p. 617) manages. CMKs can be either customer managed keys or AWS
managed keys. Use CMKs inside AWS KMS to encrypt (p. 630) or decrypt up to 4
kilobytes of data directly or to encrypt generated data keys, which are then used
to encrypt or decrypt larger amounts of data outside of the service.

D
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

dashboard See service health dashboard.

data consistency A concept that describes when data is written or updated successfully and
all copies of the data are updated in all AWS Region (p. 649)s. However, it
takes time for the data to propagate to all storage locations. To support varied
application requirements, Amazon DynamoDB (p. 607) supports both eventually
consistent and strongly consistent reads.
See Also eventual consistency, eventually consistent read, strongly consistent
read.

data node Amazon Elasticsearch Service (Amazon ES) (p. 608): An Elasticsearch instance
that holds data and responds to data upload requests.
See Also dedicated master node, node.

data schema See schema.

data source The database, file, or repository that provides information required by an
application or database. For example, in AWS OpsWorks (p. 617), valid data
sources include an instance (p. 636) for a stack’s MySQL layer or a stack’s
Amazon RDS (p. 610) service layer. In Amazon Redshift (p. 610), valid data
sources include text files in an Amazon S3 (p. 611) bucket (p. 621), in an
Amazon EMR (p. 608) cluster, or on a remote host that a cluster can access
through an SSH connection.
See Also datasource.

database engine The database software and version running on the DB instance (p. 627).

database name The name of a database hosted in a DB instance (p. 627). A DB instance can host
multiple databases, but databases hosted by the same DB instance must each
have a unique name within that instance.

dataset Amazon Personalize (p. 610): A container for the data used by Amazon
Personalize. There are three types of Amazon Personalize datasets: Users, Items,
and Interactions.
See Also Interactions dataset, Users dataset, Items dataset.

dataset group Amazon Personalize (p. 610): A container for Amazon Personalize components,
including datasets, event trackers, solutions, filters, campaigns, and batch

Version 1.0
626
AWS General Reference Reference guide

inference jobs. A dataset group organizes your resources into independent


collections, so resources from one dataset group can’t influence resources in any
other dataset group.
See Also dataset, event tracker, solution, campaign.

datasource Amazon Machine Learning (p. 609): An object that contains metadata about the
input data. Amazon ML reads the input data, computes descriptive statistics on its
attributes, and stores the statistics—along with a schema and other information
—as part of the datasource object. Amazon ML uses datasources to train and
evaluate a machine learning model and generate batch predictions.
See Also data source.

DB compute class The size of the database compute platform used to run the instance.

DB instance An isolated database environment running in the cloud. A DB instance can contain
multiple user-created databases.

DB instance identifier User-supplied identifier for the DB instance. The identifier must be unique for
that user in an AWS Region (p. 649).

DB parameter group A container for database engine parameter values that apply to one or more DB
instance (p. 627)s.

DB security group A method that controls access to the DB instance (p. 627). By default, network
access is turned off to DB instances. After inbound traffic is configured for a
security group (p. 652), the same rules apply to all DB instances associated with
that group.

DB snapshot A user-initiated point backup of a DB instance (p. 627).

Dedicated Host A physical server with EC2 instance (p. 629) capacity fully dedicated to a user.

Dedicated Instance An instance (p. 636) that is physically isolated at the host hardware level and
launched within a VPC (p. 661).

dedicated master node Amazon Elasticsearch Service (Amazon ES) (p. 608): An Elasticsearch instance
that performs cluster management tasks, but does not hold data or respond to
data upload requests. Amazon Elasticsearch Service (Amazon ES) uses dedicated
master nodes to increase cluster stability.
See Also data node, node.

Dedicated Reserved Instance An option that you purchase to guarantee that sufficient capacity will be available
to launch Dedicated Instance (p. 627)s into a VPC (p. 661).

delegation Within a single AWS account (p. 605): Giving AWS user (p. 659)s access to
resource (p. 650)s in your AWS account.

Between two AWS accounts: Setting up a trust between the account that owns
the resource (the trusting account), and the account that contains the users that
need to access the resource (the trusted account).
See Also trust policy.

delete marker An object with a key and version ID, but without content. Amazon S3 (p. 611)
inserts delete markers automatically into versioned bucket (p. 621)s when an
object is deleted.

deliverability The likelihood that an email message will arrive at its intended destination.

deliveries The number of email messages, sent through Amazon SES (p. 611), that
were accepted by an internet service provider (ISP) (p. 636) for delivery to
recipient (p. 648)s over a period of time.

Version 1.0
627
AWS General Reference Reference guide

deny The result of a policy (p. 645) statement that includes deny as the effect, so
that a specific action or actions are expressly forbidden for a user, group, or role.
Explicit deny take precedence over explicit allow (p. 606).

deployment configuration AWS CodeDeploy (p. 614): A set of deployment rules and success and failure
conditions used by the service during a deployment.

deployment group AWS CodeDeploy (p. 614): A set of individually tagged instance (p. 636)s, EC2
instance (p. 629)s in Auto Scaling group (p. 613)s, or both.

detailed monitoring Monitoring of AWS provided metrics derived at a 1-minute frequency.

Description property A property added to parameters, resource (p. 650)s, resource properties,
mappings, and outputs to help you to document AWS CloudFormation (p. 614)
template elements.

dimension A name–value pair (for example, InstanceType=m1.small, or EngineName=mysql),


that contains additional information to identify a metric.

discussion forums A place where AWS users can post technical questions and feedback to help
accelerate their development efforts and to engage with the AWS community.
The discussion forums are located at https://forums.aws.amazon.com/.

distribution A link between an origin server (such as an Amazon S3 (p. 611)


bucket (p. 621)) and a domain name, which CloudFront (p. 606) automatically
assigns. Through this link, CloudFront identifies the object you have stored in your
origin server (p. 644).

DKIM DomainKeys Identified Mail. A standard that email senders use to sign their
messages. ISPs use those signatures to verify that messages are legitimate. For
more information, see https://tools.ietf.org/html/rfc6376.

DNS See Domain Name System.

Docker image A layered file system template that is the basis of a Docker container (p. 624).
Docker images can comprise specific operating systems or applications.

document Amazon CloudSearch (p. 606): An item that can be returned as a search result.
Each document has a collection of fields that contain the data that can be
searched or returned. The value of a field can be either a string or a number. Each
document must have a unique ID and at least one field.

document batch Amazon CloudSearch (p. 606): A collection of add and delete document
operations. You use the document service API to submit batches to update the
data in your search domain.

document service API Amazon CloudSearch (p. 606): The API call that you use to submit document
batches to update the data in a search domain.

document service endpoint Amazon CloudSearch (p. 606): The URL that you connect to when sending
document updates to an Amazon CloudSearch domain. Each search domain has
a unique document service endpoint that remains the same for the life of the
domain.

domain Amazon Elasticsearch Service (Amazon ES) (p. 608): The hardware, software,
and data exposed by Amazon Elasticsearch Service (Amazon ES) endpoints.
An Amazon ES domain is a service wrapper around an Elasticsearch cluster. An
Amazon ES domain encapsulates the engine instances that process Amazon ES
requests, the indexed data that you want to search, snapshots of the domain,
access policies, and metadata.

Version 1.0
628
AWS General Reference Reference guide

See Also cluster, Elasticsearch.

Domain Name System A service that routes internet traffic to websites by translating friendly domain
names like www.example.com into the numeric IP addresses like 192.0.2.1 that
computers use to connect to each other.

Donation button An HTML-coded button to provide an easy and secure way for US-based, IRS-
certified 501(c)3 nonprofit organizations to solicit donations.

DynamoDB stream An ordered flow of information about changes to items in anAmazon


DynamoDB (p. 607) table. When you enable a stream on a table, DynamoDB
captures information about every modification to data items in the table.
See Also Amazon DynamoDB Streams.

E
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

EBS See Amazon Elastic Block Store (Amazon EBS).

EC2 See Amazon EC2.

EC2 compute unit (ECU) An AWS standard for compute CPU and memory. You can use this measure to
evaluate the CPU capacity of different EC2 instance (p. 629) types.

EC2 instance A compute instance (p. 636) in the Amazon EC2 (p. 607) service. Other AWS
services use the term EC2 instance to distinguish these instances from other types
of instances they support.

ECR See the section called “Amazon ECR”.

ECS See Amazon Elastic Container Service (Amazon ECS).

edge location A data center that an AWS service uses to perform service-specific operations.
For example, CloudFront (p. 606) uses edge locations to cache copies of
your content, so the content is closer to your users and can be delivered faster
regardless of their location. Route 53 (p. 610) uses edge locations to speed up
the response to public DNS queries.

EFS See Amazon Elastic File System (Amazon EFS).

Elastic A company that provides open-source solutions—including Elasticsearch,


Logstash, Kibana, and Beats—that are designed to take data from any source and
search, analyze, and visualize it in real time.

Amazon Elasticsearch Service (Amazon ES) is an AWS managed service for


deploying, operating, and scaling Elasticsearch in the AWS Cloud.
See Also Amazon Elasticsearch Service (Amazon ES), Elasticsearch.

Elastic Block Store See Amazon Elastic Block Store (Amazon EBS).

Elastic IP address A fixed (static) IP address that you have allocated in Amazon EC2 (p. 607) or
Amazon VPC (p. 611) and then attached to an instance (p. 636). Elastic IP
addresses are associated with your account, not a specific instance. They are
elastic because you can easily allocate, attach, detach, and free them as your

Version 1.0
629
AWS General Reference Reference guide

needs change. Unlike traditional static IP addresses, Elastic IP addresses allow you
to mask instance or Availability Zone (p. 613) failures by rapidly remapping your
public IP addresses to another instance.

Elastic Load Balancing A web service that improves an application's availability by distributing incoming
traffic between two or more EC2 instance (p. 629)s.
See Also https://aws.amazon.com/elasticloadbalancing.

elastic network interface An additional network interface that can be attached to an instance (p. 636).
Elastic network interfaces include a primary private IP address, one or more
secondary private IP addresses, an Elastic IP Address (optional), a MAC address,
membership in specified security group (p. 652)s, a description, and a source/
destination check flag. You can create an elastic network interface, attach it to an
instance, detach it from an instance, and attach it to another instance.

Elasticsearch An open-source, real-time distributed search and analytics engine used for full-
text search, structured search, and analytics. Elasticsearch was developed by the
Elastic company.

Amazon Elasticsearch Service (Amazon ES) is an AWS managed service for


deploying, operating, and scaling Elasticsearch in the AWS Cloud.
See Also Amazon Elasticsearch Service (Amazon ES), Elastic.

EMR See Amazon EMR.

encrypt To use a mathematical algorithm to make data unintelligible to unauthorized


user (p. 659)s while allowing authorized users a method (such as a key or
password) to convert the altered data back to its original state.

encryption context A set of key–value pairs that contains additional information associated with AWS
Key Management Service (AWS KMS) (p. 617)–encrypted information.

endpoint A URL that identifies a host and port as the entry point for a web service. Every
web service request contains an endpoint. Most AWS products provide endpoints
for a Region to enable faster connectivity.

Amazon ElastiCache (p. 608): The DNS name of a cache node (p. 622).

Amazon RDS (p. 610): The DNS name of a DB instance (p. 627).

AWS CloudFormation (p. 614): The DNS name or IP address of the server that
receives an HTTP request.

endpoint port Amazon ElastiCache (p. 608): The port number used by a cache node (p. 622).

Amazon RDS (p. 610): The port number used by a DB instance (p. 627).

envelope encryption The use of a master key and a data key to algorithmically protect data. The
master key is used to encrypt and decrypt the data key and the data key is used to
encrypt and decrypt the data itself.

environment AWS Elastic Beanstalk (p. 615): A specific running instance of an


application (p. 612). The application has a CNAME and includes an application
version and a customizable configuration (which is inherited from the default
container type).

AWS CodeDeploy (p. 614): Instances in a deployment group in a blue/green


deployment. At the start of a blue/green deployment, the deployment group is
made up of instances in the original environment. At the end of the deployment,
the deployment group is made up of instances in the replacement environment.

Version 1.0
630
AWS General Reference Reference guide

environment configuration A collection of parameters and settings that define how an environment and its
associated resources behave.

ephemeral store See instance store.

epoch The date from which time is measured. For most Unix environments, the epoch is
January 1, 1970.

ETL See extract, transform, and load (ETL).

evaluation Amazon Machine Learning: The process of measuring the predictive performance
of a machine learning (ML) model.

Also a machine learning object that stores the details and result of an ML model
evaluation.

evaluation datasource The data that Amazon Machine Learning uses to evaluate the predictive accuracy
of a machine learning model.

event Amazon Personalize (p. 610): A user activity—such as a click, a purchase, or a


video viewing—that you record and upload to an Amazon Personalize Interactions
dataset. You record events individually in real time or record and upload events in
bulk.
See Also dataset, Interactions dataset.

event tracker Amazon Personalize (p. 610): Specifies a destination dataset group for event
data that you record in real time. When you record events in real time, you
provide the ID of the event tracker so that Amazon Personalize knows where to
add the data.
See Also dataset group, event.

eventual consistency The method through which AWS products achieve high availability, which involves
replicating data across multiple servers in Amazon's data centers. When data is
written or updated and Success is returned, all copies of the data are updated.
However, it takes time for the data to propagate to all storage locations. The data
will eventually be consistent, but an immediate read might not show the change.
Consistency is usually reached within seconds.
See Also data consistency, eventually consistent read, strongly consistent read.

eventually consistent read A read process that returns data from only one Region and might not show the
most recent write information. However, if you repeat your read request after a
short time, the response should eventually return the latest data.
See Also data consistency, eventual consistency, strongly consistent read.

eviction The deletion by CloudFront (p. 606) of an object from an edge


location (p. 629) before its expiration time. If an object in an edge location
isn't frequently requested, CloudFront might evict the object (remove the object
before its expiration date) to make room for objects that are more popular.

exbibyte (EiB) A contraction of exa binary byte, an exbibyte is 2^60 or


1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or
1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte (ZiB) (p. 661).

expiration For CloudFront (p. 606) caching, the time when CloudFront stops responding
to user requests with an object. If you don't use headers or CloudFront
distribution (p. 628) settings to specify how long you want objects to stay in
an edge location (p. 629), the objects expire after 24 hours. The next time a
user requests an object that has expired, CloudFront forwards the request to the
origin (p. 644).

Version 1.0
631
AWS General Reference Reference guide

explicit impressions Amazon Personalize (p. 610): A list of items that you manually add to an
Amazon Personalize Interactions dataset to influence future recommendations.
Unlike implicit impressions, where Amazon Personalize automatically derives the
impressions data, you choose what to include in explicit impressions.
See Also recommendations, Interactions dataset, impressions data, implicit
impressions.

explicit launch permission An Amazon Machine Image (AMI) (p. 609) launch permission granted to a
specific AWS account (p. 605).

exponential backoff A strategy that incrementally increases the wait between retry attempts in order
to reduce the load on the system and increase the likelihood that repeated
requests will succeed. For example, client applications might wait up to 400
milliseconds before attempting the first retry, up to 1600 milliseconds before the
second, up to 6400 milliseconds (6.4 seconds) before the third, and so on.

expression Amazon CloudSearch (p. 606): A numeric expression that you can use to control
how search hits are sorted. You can construct Amazon CloudSearch expressions
using numeric fields, other rank expressions, a document's default relevance
score, and standard numeric operators and functions. When you use the sort
option to specify an expression in a search request, the expression is evaluated for
each search hit and the hits are listed according to their expression values.

extract, transform, and load A process that is used to integrate data from multiple sources. Data is collected
(ETL) from sources (extract), converted to an appropriate format (transform), and
written to a target data store (load) for purposes of analysis and querying.

ETL tools combine these three functions to consolidate and move data from one
environment to another. AWS Glue (p. 616) is a fully managed ETL service for
discovering and organizing data, transforming it, and making it available for
search and analytics.

F
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

facet Amazon CloudSearch (p. 606): An index field that represents a category that you
want to use to refine and filter search results.

facet enabled Amazon CloudSearch (p. 606): An index field option that enables facet
information to be calculated for the field.

FBL See feedback loop (FBL).

feature transformation Amazon Machine Learning: The machine learning process of constructing more
predictive input representations or “features” from the raw input variables to
optimize a machine learning model’s ability to learn and generalize. Also known
as data transformation or feature engineering.

federated identity Allows individuals to sign in to different networks or services, using the same
management (FIM) group or personal credentials to access data across all networks. With identity
federation in AWS, external identities (federated users) are granted secure access
to resource (p. 650)s in an AWS account (p. 605) without having to create IAM
user (p. 659)s. These external identities can come from a corporate identity
store (such as LDAP or Windows Active Directory) or from a third party (such as

Version 1.0
632
AWS General Reference Reference guide

Login with Amazon, Facebook, or Google). AWS federation also supports SAML
2.0.

federated user See federated identity management (FIM).

federation See federated identity management (FIM).

feedback loop (FBL) The mechanism by which a mailbox provider (for example, an internet service
provider (ISP) (p. 636)) forwards a recipient (p. 648)'s complaint (p. 623) back
to the sender (p. 652).

field weight The relative importance of a text field in a search index. Field weights control how
much matches in particular text fields affect a document's relevance score.

filter A criterion that you specify to limit the results when you list or describe your
Amazon EC2 (p. 607) resource (p. 650)s.

filter query A way to filter search results without affecting how the results are scored and
sorted. Specified with the Amazon CloudSearch (p. 606) fq parameter.

FIM See federated identity management (FIM).

Firehose See Amazon Kinesis Data Firehose.

format version See template format version.

forums See discussion forums.

function See intrinsic function.

fuzzy search A simple search query that uses approximate string matching (fuzzy matching) to
correct for typographical errors and misspellings.

G
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

geospatial search A search query that uses locations specified as a latitude and longitude to
determine matches and sort the results.

gibibyte (GiB) A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes.
A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte
(TiB) (p. 658).

GitHub A web-based repository that uses Git for version control.

global secondary index An index with a partition key and a sort key that can be different from those on
the table. A global secondary index is considered global because queries on the
index can span all of the data in a table, across all partitions.
See Also local secondary index.

grant AWS Key Management Service (AWS KMS) (p. 617): A mechanism for giving
AWS principal (p. 646)s long-term permissions to use customer master key
(CMK) (p. 626)s.

grant token A type of identifier that allows the permissions in a grant (p. 633) to take effect
immediately.

Version 1.0
633
AWS General Reference Reference guide

ground truth The observations used in the machine learning (ML) model training process
that include the correct value for the target attribute. To train an ML model to
predict house sales prices, the input observations would typically include prices
of previous house sales in the area. The sale prices of these houses constitute the
ground truth.

group A collection of IAM (p. 616) user (p. 659)s. You can use IAM groups to simplify
specifying and managing permissions for multiple users.

H
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

Hadoop Software that enables distributed processing for big data by using clusters
and simple programming models. For more information, see http://
hadoop.apache.org.

hard bounce A persistent email delivery failure such as "mailbox does not exist."

hardware VPN A hardware-based IPsec VPN connection over the internet.

health check A system call to check on the health status of each instance in an Amazon EC2
Auto Scaling (p. 607) group.

high-quality email Email that recipients find valuable and want to receive. Value means different
things to different recipients and can come in the form of offers, order
confirmations, receipts, newsletters, etc.

highlights Amazon CloudSearch (p. 606): Excerpts returned with search results that show
where the search terms appear within the text of the matching documents.

highlight enabled Amazon CloudSearch (p. 606): An index field option that enables matches within
the field to be highlighted.

hit A document that matches the criteria specified in a search request. Also referred
to as a search result.

HMAC Hash-based Message Authentication Code. A specific construction for calculating


a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. You can use it to verify both the data integrity and
the authenticity of a message at the same time. AWS calculates the HMAC using a
standard, cryptographic hash algorithm, such as SHA-256.

hosted zone A collection of resource record (p. 650) sets that Amazon Route 53 (p. 610)
hosts. Like a traditional DNS zone file, a hosted zone represents a collection of
records that are managed together under a single domain name.

HRNN Amazon Personalize (p. 610): A hierarchical recurrent neural network machine
learning algorithm that models changes in user behavior and predicts the items
that a user might interact with in personal recommendation applications.

HTTP-Query See Query.

HVM virtualization Hardware Virtual Machine virtualization. Allows the guest VM to run as though it
is on a native hardware platform, except that it still uses paravirtual (PV) network
and storage drivers for improved performance.
See Also PV virtualization.

Version 1.0
634
AWS General Reference Reference guide

I
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

IAM See AWS Identity and Access Management (IAM).

IAM group See group.

IAM policy simulator See policy simulator.

IAM role See role.

IAM user See user.

Identity and Access See AWS Identity and Access Management (IAM).
Management

identity provider (IdP) An IAM (p. 616) entity that holds metadata about external identity providers.

IdP See identity provider (IdP) .

image See Amazon Machine Image (AMI).

import/export station A machine that uploads or downloads your data to or from Amazon S3 (p. 611).

import log A report that contains details about how AWS Import/Export (p. 616) processed
your data.

implicit impressions Amazon Personalize (p. 610): The recommendations that your application shows
a user. Unlike explicit impressions, where you manually record each impression,
Amazon Personalize automatically derives implicit impressions from your
recommendation data.
See Also recommendations, impressions data, explicit impressions.

impressions data Amazon Personalize (p. 610): The list of items that you presented to a user
when they interacted with a particular item by clicking it, watching it, purchasing
it, and so on. Amazon Personalize uses impressions data to calculate the relevance
of new items for a user based on how frequently users have selected or ignored
the same item.
See Also explicit impressions, implicit impressions.

in-place deployment CodeDeploy: A deployment method in which the application on each instance in
the deployment group is stopped, the latest application revision is installed, and
the new version of the application is started and validated. You can choose to use
a load balancer so each instance is deregistered during its deployment and then
restored to service after the deployment is complete.

index See search index.

index field A name–value pair that is included in an Amazon CloudSearch (p. 606) domain's
index. An index field can contain text or numeric data, dates, or a location.

indexing options Configuration settings that define an Amazon CloudSearch (p. 606) domain's
index fields, how document data is mapped to those index fields, and how the
index fields can be used.

inline policy An IAM (p. 616) policy (p. 645) that is embedded in a single IAM
user (p. 659), group (p. 634), or role (p. 650).

Version 1.0
635
AWS General Reference Reference guide

input data Amazon Machine Learning: The observations that you provide to Amazon
Machine Learning to train and evaluate a machine learning model and generate
predictions.

instance A copy of an Amazon Machine Image (AMI) (p. 609) running as a virtual server in
the AWS Cloud.

instance family A general instance type (p. 636) grouping using either storage or CPU capacity.

instance group A Hadoop (p. 634) cluster contains one master instance group that contains
one master node (p. 640), a core instance group containing one or more core
node (p. 625) and an optional task node (p. 657) instance group, which can
contain any number of task nodes.

instance profile A container that passes IAM (p. 616) role (p. 650) information to an EC2
instance (p. 629) at launch.

instance store Disk storage that is physically attached to the host computer for an EC2
instance (p. 629), and therefore has the same lifespan as the instance. When the
instance is terminated, you lose any data in the instance store.

instance store-backed AMI A type of Amazon Machine Image (AMI) (p. 609) whose instance (p. 636)s use
an instance store (p. 636) volume (p. 661) as the root device. Compare this
with instances launched from Amazon EBS (p. 607)-backed AMIs, which use an
Amazon EBS volume as the root device.

instance type A specification that defines the memory, CPU, storage capacity, and usage
cost for an instance (p. 636). Some instance types are designed for standard
applications, whereas others are designed for CPU-intensive, memory-intensive
applications, and so on.

Interactions dataset Amazon Personalize (p. 610): A container for historical and real-time data
collected from interactions between users and items (called events). Interactions
data can include impressions data and contextual metadata.
See Also dataset, event, impressions data, contextual metatdata.

internet gateway Connects a network to the internet. You can route traffic for IP addresses outside
your VPC (p. 661) to the internet gateway.

internet service provider (ISP) A company that provides subscribers with access to the internet. Many ISPs are
also mailbox provider (p. 639)s. Mailbox providers are sometimes referred to as
ISPs, even if they only provide mailbox services.

intrinsic function A special action in a AWS CloudFormation (p. 614) template that assigns values
to properties not available until runtime. These functions follow the format
Fn::Attribute, such as Fn::GetAtt. Arguments for intrinsic functions can be
parameters, pseudo parameters, or the output of other intrinsic functions.

IP address A numerical address (for example, 192.0.2.44) that networked devices use
to communicate with one another using the Internet Protocol (IP). All EC2
instance (p. 629)s are assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 642)):
a private IP address (following RFC 1918) and a public IP address. Instances
launched in a VPC (p. 611) are assigned only a private IP address. Instances
launched in your default VPC are assigned both a private IP address and a public
IP address.

IP match condition AWS WAF (p. 620): An attribute that specifies the IP addresses or IP
address ranges that web requests originate from. Based on the specified IP

Version 1.0
636
AWS General Reference Reference guide

addresses, you can configure AWS WAF to allow or block web requests to AWS
resource (p. 650)s such as Amazon CloudFront (p. 606) distributions.

ISP See internet service provider (ISP).

issuer The person who writes a policy (p. 645) to grant permissions to a
resource (p. 650). The issuer (by definition) is always the resource owner. AWS
does not permit Amazon SQS (p. 611) users to create policies for resources they
don't own. If John is the resource owner, AWS authenticates John's identity when
he submits the policy he's written to grant permissions for that resource.

item A group of attributes that is uniquely identifiable among all of the other items.
Items in Amazon DynamoDB (p. 607) are similar in many ways to rows, records,
or tuples in other database systems.

item exploration Amazon Personalize (p. 610): The process that Amazon Personalize uses to test
different item recommendations, including recommendations of new items with
no or very little interaction data, and learn how users respond. You configure item
exploration at the campaign level for solution versions created with the user-
personalization recipe.
See Also recommendations, campaign, solution version, user-personalization
recipe.

item-to-item similarities Amazon Personalize (p. 610): A RELATED_ITEMS recipe that uses the data from
(SIMS) recipe an Interactions dataset to make recommendations for items that are similar to
a specified item. The SIMS recipe calculates similarity based on the way users
interact with items instead of matching item metadata, such as price or age.
See Also recipe, RELATED_ITEMS recipes, Interactions dataset.

Items dataset Amazon Personalize (p. 610): A container for metadata about items, such as
price, genre, or availability.
See Also dataset.

J
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

job flow Amazon EMR (p. 608): One or more step (p. 655)s that specify all of the
functions to be performed on the data.

job ID A five-character, alphanumeric string that uniquely identifies an AWS Import/


Export (p. 616) storage device in your shipment. AWS issues the job ID in
response to a CREATE JOB email command.

job prefix An optional string that you can add to the beginning of an AWS Import/
Export (p. 616) log file name to prevent collisions with objects of the same
name.
See Also key prefix.

JSON JavaScript Object Notation. A lightweight data interchange format. For


information about JSON, see http://www.json.org/.

junk folder The location where email messages that various filters determine to be of lesser
value are collected so that they do not arrive in the recipient (p. 648)'s inbox but
are still accessible to the recipient. This is also referred to as a spam (p. 654) or
bulk folder.

Version 1.0
637
AWS General Reference Reference guide

K
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

key A credential that identifies an AWS account (p. 605) or user (p. 659) to AWS
(such as the AWS secret access key (p. 652)).

Amazon Simple Storage Service (Amazon S3) (p. 611), Amazon EMR (p. 608):
The unique identifier for an object in a bucket (p. 621). Every object in a bucket
has exactly one key. Because a bucket and key together uniquely identify each
object, you can think of Amazon S3 as a basic data map between the bucket + key,
and the object itself. You can uniquely address every object in Amazon S3 through
the combination of the web service endpoint, bucket name, and key, as in this
example: http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl,
where doc is the name of the bucket, and 2006-03-01/AmazonS3.wsdl is the
key.

AWS Import/Export (p. 616): The name of an object in Amazon S3. It is a


sequence of Unicode characters whose UTF-8 encoding cannot exceed 1024
bytes. If a key, for example, logPrefix + import-log-JOBID, is longer than 1024
bytes, AWS Elastic Beanstalk (p. 615) returns an InvalidManifestField
error.

IAM (p. 616): In a policy (p. 645), a specific characteristic that is the basis for
restricting access (such as the current time, or the IP address of the requester).

Tagging resources: A general tag (p. 657) label that acts like a category for more
specific tag values. For example, you might have EC2 instance (p. 629) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 650)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

key pair A set of security credentials that you use to prove your identity electronically. A
key pair consists of a private key and a public key.

key prefix A logical grouping of the objects in a bucket (p. 621). The prefix value is similar
to a directory name that enables you to store similar data under the same
directory in a bucket.

kibibyte (KiB) A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB)
is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB) (p. 640).

KMS See AWS Key Management Service (AWS KMS).

L
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

labeled data In machine learning, data for which you already know the target or “correct”
answer.

launch configuration A set of descriptive parameters used to create new EC2 instance (p. 629)s in an
Amazon EC2 Auto Scaling (p. 607) activity.

Version 1.0
638
AWS General Reference Reference guide

A template that an Auto Scaling group (p. 613) uses to launch new EC2
instances. The launch configuration contains information such as the Amazon
Machine Image (AMI) (p. 609) ID, the instance type, key pairs, security
group (p. 652)s, and block device mappings, among other configuration
settings.

launch permission An Amazon Machine Image (AMI) (p. 609) attribute that allows users to launch
an AMI.

lifecycle The lifecycle state of the EC2 instance (p. 629) contained in an Auto Scaling
group (p. 613). EC2 instances progress through several states over their lifespan;
these include Pending, InService, Terminating and Terminated.

lifecycle action An action that can be paused by Auto Scaling, such as launching or terminating
an EC2 instance.

lifecycle hook Enables you to pause Auto Scaling after it launches or terminates an EC2 instance
so that you can perform a custom action while the instance is not in service.

link to VPC The process of linking (or attaching) an EC2-Classic instance (p. 636) to a
ClassicLink-enabled VPC (p. 661).
See Also ClassicLink, unlink from VPC.

load balancer A DNS name combined with a set of ports, which together provide a destination
for all requests intended for your application. A load balancer can distribute
traffic to multiple application instances across every Availability Zone (p. 613)
within a Region (p. 649). Load balancers can span multiple Availability Zones
within an AWS Region into which an Amazon EC2 (p. 607) instance was
launched. But load balancers cannot span multiple Regions.

local secondary index An index that has the same partition key as the table, but a different sort key. A
local secondary index is local in the sense that every partition of a local secondary
index is scoped to a table partition that has the same partition key value.
See Also local secondary index.

logical name A case-sensitive unique string within an AWS CloudFormation (p. 614) template
that identifies a resource (p. 650), mapping (p. 640), parameter, or output. In
an AWS CloudFormation template, each parameter, resource (p. 650), property,
mapping, and output must be declared with a unique logical name. You use the
logical name when dereferencing these items using the Ref function.

M
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

Mail Transfer Agent (MTA) Software that transports email messages from one computer to another by using
a client-server architecture.

mailbox provider An organization that provides email mailbox hosting services. Mailbox providers
are sometimes referred to as internet service provider (ISP) (p. 636)s, even if
they only provide mailbox services.

mailbox simulator A set of email addresses that you can use to test an Amazon SES (p. 611)-based
email sending application without sending messages to actual recipients. Each

Version 1.0
639
AWS General Reference Reference guide

email address represents a specific scenario (such as a bounce or complaint) and


generates a typical response that is specific to the scenario.

main route table The default route table (p. 651) that any new VPC (p. 661) subnet (p. 656)
uses for routing. You can associate a subnet with a different route table of your
choice. You can also change which route table is the main route table.

managed policy A standalone IAM (p. 616) policy (p. 645) that you can attach to
multiple user (p. 659)s, group (p. 634)s, and role (p. 650)s in your IAM
account (p. 605). Managed policies can either be AWS managed policies (which
are created and managed by AWS) or customer managed policies (which you
create and manage in your AWS account).

manifest When sending a create job request for an import or export operation, you describe
your job in a text file called a manifest. The manifest file is a YAML-formatted
file that specifies how to transfer data between your storage device and the AWS
Cloud.

manifest file Amazon Machine Learning: The file used for describing batch predictions. The
manifest file relates each input data file with its associated batch prediction
results. It is stored in the Amazon S3 output location.

mapping A way to add conditional parameter values to an AWS CloudFormation (p. 614)
template. You specify mappings in the template's optional Mappings section and
retrieve the desired value using the FN::FindInMap function.

marker See pagination token.

master node A process running on an Amazon Machine Image (AMI) (p. 609) that keeps track
of the work its core and task nodes complete.

maximum price The maximum price you will pay to launch one or more Spot Instance (p. 655)s.
If your maximum price exceeds the current Spot price (p. 655) and your
restrictions are met, Amazon EC2 (p. 607) launches instances on your behalf.

maximum send rate The maximum number of email messages that you can send per second using
Amazon SES (p. 611).

mean reciprocal rank at 25 Amazon Personalize (p. 610): An evaluation metric that assesses the relevance
of a model’s highest ranked recommendation. Amazon Personalize calculates
this metric using the average accuracy of the model when ranking the most
relevant recommendation out of the top 25 recommendations over all requests
for recommendations.
See Also metrics, recommendations.

mebibyte (MiB) A contraction of mega binary byte, a mebibyte is 2^20 or 1,048,576 bytes.
A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte
(GiB) (p. 633).

member resources See resource.

message ID Amazon Simple Email Service (Amazon SES) (p. 611): A unique identifier that is
assigned to every email message that is sent.

Amazon Simple Queue Service (Amazon SQS) (p. 611): The identifier returned
when you send a message to a queue.

metadata Information about other data or objects. In Amazon Simple Storage Service
(Amazon S3) (p. 611) and Amazon EMR (p. 608) metadata takes the form

Version 1.0
640
AWS General Reference Reference guide

of name–value pairs that describe the object. These include default metadata
such as the date last modified and standard HTTP metadata such as Content-
Type. Users can also specify custom metadata at the time they store an object. In
Amazon EC2 (p. 607) metadata includes data about an EC2 instance (p. 629)
that the instance can retrieve to determine things about itself, such as the
instance type, the IP address, and so on.

metric An element of time-series data defined by a unique combination of exactly


one namespace (p. 642), exactly one metric name, and between zero and ten
dimensions. Metrics and the statistics derived from them are the basis of Amazon
CloudWatch (p. 606).

metrics Amazon Personalize (p. 610): Evaluation data that Amazon Personalize
generates when you train a model. You use metrics to evaluate the performance
of the model, view the effects of modifying a solution’s configuration, and
compare results between solutions that use the same training data but were
created with different recipes.
See Also solution, recipe.

metric name The primary identifier of a metric, used in combination with a


namespace (p. 642) and optional dimensions.

MFA See multi-factor authentication (MFA).

micro instance A type of EC2 instance (p. 629) that is more economical to use if you have
occasional bursts of high CPU activity.

MIME See Multipurpose Internet Mail Extensions (MIME).

ML model In machine learning (ML), a mathematical model that generates predictions by


finding patterns in data. Amazon Machine Learning supports three types of ML
models: binary classification, multiclass classification, and regression. Also known
as a predictive model.
See Also binary classification model, multiclass classification model, regression
model.

MTA See Mail Transfer Agent (MTA).

Multi-AZ deployment A primary DB instance (p. 627) that has a synchronous standby replica in a
different Availability Zone (p. 613). The primary DB instance is synchronously
replicated across Availability Zones to the standby replica.

multiclass classification A machine learning model that predicts values that belong to a limited, pre-
model defined set of permissible values. For example, "Is this product a book, movie, or
clothing?"

multi-factor authentication An optional AWS account (p. 605) security feature. Once you enable AWS
(MFA) MFA, you must provide a six-digit, single-use code in addition to your sign-in
credentials whenever you access secure AWS webpages or the AWS Management
Console (p. 617). You get this single-use code from an authentication device
that you keep in your physical possession.
See Also https://aws.amazon.com/mfa/.

multi-valued attribute An attribute with more than one value.

multipart upload A feature that allows you to upload a single object as a set of parts.

Multipurpose Internet Mail An internet standard that extends the email protocol to include non-ASCII text
Extensions (MIME) and nontext elements like attachments.

Version 1.0
641
AWS General Reference Reference guide

Multitool A cascading application that provides a simple command-line interface for


managing large datasets.

N
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

namespace An abstract container that provides context for the items (names, or technical
terms, or words) it holds, and allows disambiguation of homonym items residing
in different namespaces.

NAT Network address translation. A strategy of mapping one or more IP addresses


to another while data packets are in transit across a traffic routing device. This
is commonly used to restrict internet communication to private instances while
allowing outgoing traffic.
See Also Network Address Translation and Protocol Translation, NAT gateway,
NAT instance.

NAT gateway A NAT (p. 642) device, managed by AWS, that performs network address
translation in a private subnet (p. 656), to secure inbound internet traffic. A NAT
gateway uses both NAT and port address translation.
See Also NAT instance.

NAT instance A NAT (p. 642) device, configured by a user, that performs network address
translation in a VPC (p. 661) public subnet (p. 656) to secure inbound internet
traffic.
See Also NAT gateway.

network ACL An optional layer of security that acts as a firewall for controlling traffic in and
out of a subnet (p. 656). You can associate multiple subnets with a single
network ACL (p. 604), but a subnet can be associated with only one network ACL
at a time.

Network Address Translation (NAT (p. 642)-PT) An internet protocol standard defined in RFC 2766.
and Protocol Translation See Also NAT instance, NAT gateway.

n-gram processor A processor that performs n-gram transformations.


See Also n-gram transformation.

n-gram transformation Amazon Machine Learning: A transformation that aids in text string analysis.
An n-gram transformation takes a text variable as input and outputs strings by
sliding a window of size n words, where n is specified by the user, over the text,
and outputting every string of words of size n and all smaller sizes. For example,
specifying the n-gram transformation with window size =2 returns all the two-
word combinations and all of the single words.

NICE Desktop Cloud A remote visualization technology for securely connecting users to graphic-
Visualization intensive 3D applications hosted on a remote, high-performance server.

node Amazon Elasticsearch Service (Amazon ES) (p. 608): An Elasticsearch instance. A
node can be either a data instance or a dedicated master instance.
See Also dedicated master node.

NoEcho A property of AWS CloudFormation (p. 614) parameters that prevent the
otherwise default reporting of names and values of a template parameter.

Version 1.0
642
AWS General Reference Reference guide

Declaring the NoEcho property causes the parameter value to be masked with
asterisks in the report by the cfn-describe-stacks command.

normalized discounted Amazon Personalize (p. 610): An evaluation metric that tells you about the
cumulative gain (NCDG) at K relevance of your model’s highly ranked recommendations, where K is a sample
(5/10/25) size of 5, 10, or 25 recommendations. Amazon Personalize calculates this by
assigning weight to recommendations based on their position in a ranked list,
where each recommendation is discounted (given a lower weight) by a factor
dependent on its position. The normalized discounted cumulative gain at K
assumes that recommendations that are lower on a list are less relevant than
recommendations higher on the list.
See Also metrics, recommendations.

NoSQL Nonrelational database systems that are highly available, scalable, and optimized
for high performance. Instead of the relational model, NoSQL databases (like
Amazon DynamoDB (p. 607)) use alternate models for data management, such
as key–value pairs or document storage.

null object A null object is one whose version ID is null. Amazon S3 (p. 611) adds a null
object to a bucket (p. 621) when versioning (p. 660) for that bucket is
suspended. It is possible to have only one null object for each key in a bucket.

number of passes The number of times that you allow Amazon Machine Learning to use the same
data records to train a machine learning model.

O
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

object Amazon Simple Storage Service (Amazon S3) (p. 611): The fundamental entity
type stored in Amazon S3. Objects consist of object data and metadata. The data
portion is opaque to Amazon S3.

Amazon CloudFront (p. 606): Any entity that can be served either over HTTP or
a version of RTMP.

observation Amazon Machine Learning: A single instance of data that Amazon Machine
Learning (Amazon ML) uses to either train a machine learning model how to
predict or to generate a prediction. Each row in an Amazon ML input data file is
an observation.

On-Demand Instance An Amazon EC2 (p. 607) pricing option that charges you for compute capacity
by the hour or second (minimum of 60 seconds) with no long-term commitment.

operation An API function. Also called an action.

optimistic locking A strategy to ensure that an item that you want to update has not been modified
by others before you perform the update. For Amazon DynamoDB (p. 607),
optimistic locking support is provided by the AWS SDKs.

organization AWS Organizations (p. 618): An entity that you create to consolidate and
manage your AWS accounts. An organization has one management account along
with zero or more member accounts.

organizational unit AWS Organizations (p. 618): A container for accounts within a root (p. 650) of
an organization. An organizational unit (OU) can contain other OUs.

Version 1.0
643
AWS General Reference Reference guide

origin access identity Also called OAI. When using Amazon CloudFront (p. 606) to serve content with
an Amazon S3 (p. 611) bucket (p. 621) as the origin, a virtual identity that you
use to require users to access your content through CloudFront URLs instead of
Amazon S3 URLs. Usually used with CloudFront private content (p. 646).

origin server The Amazon S3 (p. 611) bucket (p. 621) or custom origin containing
the definitive original version of the content you deliver through
CloudFront (p. 606).

original environment The instances in a deployment group at the start of an CodeDeploy blue/green
deployment.

OSB transformation Orthogonal sparse bigram transformation. In machine learning, a transformation


that aids in text string analysis and that is an alternative to the n-gram
transformation. OSB transformations are generated by sliding the window of size
n words over the text, and outputting every pair of words that includes the first
word in the window.
See Also n-gram transformation.

OU See organizational unit.

output location Amazon Machine Learning: An Amazon S3 location where the results of a batch
prediction are stored.

P
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

pagination The process of responding to an API request by returning a large list of records in
small separate parts. Pagination can occur in the following situations:

• The client sets the maximum number of returned records to a value below the
total number of records.
• The service has a default maximum number of returned records that is lower
than the total number of records.

When an API response is paginated, the service sends a subset of the large list
of records and a pagination token that indicates that more records are available.
The client includes this pagination token in a subsequent API request, and the
service responds with the next subset of records. This continues until the service
responds with a subset of records and no pagination token, indicating that all
records have been sent.

pagination token A marker that indicates that an API response contains a subset of a larger list of
records. The client can return this marker in a subsequent API request to retrieve
the next subset of records until the service responds with a subset of records and
no pagination token, indicating that all records have been sent.
See Also pagination.

paid AMI An Amazon Machine Image (AMI) (p. 609) that you sell to other Amazon
EC2 (p. 607) users on AWS Marketplace (p. 617).

paravirtual virtualization See PV virtualization.

part A contiguous portion of the object's data in a multipart upload request.

Version 1.0
644
AWS General Reference Reference guide

partition key A simple primary key, composed of one attribute (also known as a hash attribute).
See Also partition key, sort key.

PAT Port address translation.

pebibyte (PiB) A contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624


bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an
exbibyte (EiB) (p. 631).

period See sampling period.

permission A statement within a policy (p. 645) that allows or denies access to a particular
resource (p. 650). You can state any permission like this: "A has permission
to do B to C." For example, Jane (A) has permission to read messages (B) from
John's Amazon SQS (p. 611) queue (C). Whenever Jane sends a request to
Amazon SQS to use John's queue, the service checks to see if she has permission.
It further checks to see if the request satisfies the conditions John set forth in the
permission.

persistent storage A data storage solution where the data remains intact until it is deleted. Options
within AWS (p. 611) include: Amazon S3 (p. 611), Amazon RDS (p. 610),
Amazon DynamoDB (p. 607), and other services.

PERSONALIZED_RANKING Amazon Personalize (p. 610): Recipes that provide item recommendations in
recipes ranked order based on the predicted interest for a user.
See Also recipe, recommendations, personalized-ranking recipe, popularity-count
recipe.

personalized-ranking recipe Amazon Personalize (p. 610): A PERSONALIZED_RANKING recipe that ranks a
collection of items that you provide based on the predicted interest level for a
specific user. Use the personalized-ranking recipe to create curated lists of items
or ordered search results that are personalized for a specific user.
See Also recipe, PERSONALIZED_RANKING recipes.

physical name A unique label that AWS CloudFormation (p. 614) assigns to each
resource (p. 650) when creating a stack (p. 655). Some AWS CloudFormation
commands accept the physical name as a value with the --physical-name
parameter.

pipeline AWS CodePipeline (p. 614): A workflow construct that defines the way software
changes go through a release process.

plaintext Information that has not been encrypted (p. 630), as opposed to
ciphertext (p. 623).

policy IAM (p. 616): A document defining permissions that apply to a user, group,
or role; the permissions in turn determine what users can do in AWS. A
policy typically allow (p. 606)s access to specific actions, and can optionally
grant that the actions are allowed for specific resource (p. 650)s, like EC2
instance (p. 629)s, Amazon S3 (p. 611) bucket (p. 621)s, and so on. Policies
can also explicitly deny (p. 628) access.

Amazon EC2 Auto Scaling (p. 607): An object that stores the information
needed to launch or terminate instances for an Auto Scaling group. Executing
the policy causes instances to be launched or terminated. You can configure an
alarm (p. 605) to invoke an Auto Scaling policy.

policy generator A tool in the IAM (p. 616) AWS Management Console (p. 617) that helps you
build a policy (p. 645) by selecting elements from lists of available options.

Version 1.0
645
AWS General Reference Reference guide

policy simulator A tool in the IAM (p. 616) AWS Management Console (p. 617) that helps you
test and troubleshoot policies (p. 645) so you can see their effects in real-world
scenarios.

policy validator A tool in the IAM (p. 616) AWS Management Console (p. 617) that examines
your existing IAM access control policies (p. 645) to ensure that they comply
with the IAM policy grammar.

popularity-count recipe Amazon Personalize (p. 610): A USER_PERSONALIZATION recipe that


recommends the items that have had the most interactions with unique users.
See Also recipe, USER_PERSONALIZATION recipes.

precision at K (5/10/25) Amazon Personalize (p. 610): An evaluation metric that tells you how relevant
your model’s recommendations are based on a sample size of K (5, 10, or 25)
recommendations. Amazon Personalize calculates this metric based on the
number of relevant recommendations out of the top K recommendations, divided
by K, where K is 5, 10, or 25.
See Also metrics, recommendations.

prefix See job prefix.

Premium Support A one-on-one, fast-response support channel that AWS customers can subscribe
to for support for AWS infrastructure services.
See Also https://aws.amazon.com/premiumsupport/.

presigned URL A web address that uses query string authentication (p. 647).

primary key One or two attributes that uniquely identify each item in a Amazon
DynamoDB (p. 607) table, so that no two items can have the same key.
See Also partition key, sort key.

primary shard See shard.

principal The user (p. 659), service, or account (p. 605) that receives permissions that
are defined in a policy (p. 645). The principal is A in the statement "A has
permission to do B to C."

private content When using Amazon CloudFront (p. 606) to serve content with an Amazon
S3 (p. 611) bucket (p. 621) as the origin, a method of controlling access to
your content by requiring users to use signed URLs. Signed URLs can restrict
user access based on the current date and time and/or the IP addresses that the
requests originate from.

private IP address A private numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). All EC2
instance (p. 629)ss are assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 642)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 611) are assigned only a private IP address.

private subnet A VPC (p. 661) subnet (p. 656) whose instances cannot be reached from the
internet.

product code An identifier provided by AWS when you submit a product to AWS
Marketplace (p. 617).

properties See resource property.

property rule A JSON (p. 637)-compliant markup standard for declaring properties, mappings,
and output values in an AWS CloudFormation (p. 614) template.

Version 1.0
646
AWS General Reference Reference guide

Provisioned IOPS A storage option designed to deliver fast, predictable, and consistent I/O
performance. When you specify an IOPS rate while creating a DB instance,
Amazon RDS (p. 610) provisions that IOPS rate for the lifetime of the DB
instance.

pseudo parameter A predefined setting, such as AWS:StackName that can be used in AWS
CloudFormation (p. 614) templates without having to declare them. You can use
pseudo parameters anywhere you can use a regular parameter.

public AMI An Amazon Machine Image (AMI) (p. 609) that all AWS account (p. 605)s have
permission to launch.

public dataset A large collection of public information that can be seamlessly integrated into
applications that are based in the AWS Cloud. Amazon stores public datasets at
no charge to the community and, like all AWS services, users pay only for the
compute and storage they use for their own applications. These datasets currently
include data from the Human Genome Project, the U.S. Census, Wikipedia, and
other sources.
See Also https://aws.amazon.com/publicdatasets.

public IP address A public numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). EC2
instance (p. 629)s are assigned two IP addresses at launch, which are directly
mapped to each other through Network Address Translation (NAT (p. 642)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 611) are assigned only a private IP address.

public subnet A subnet (p. 656) whose instances can be reached from the internet.

PV virtualization Paravirtual virtualization. Allows guest VMs to run on host systems that do
not have special support extensions for full hardware and CPU virtualization.
Because PV guests run a modified operating system that does not use hardware
emulation, they cannot provide hardware-related features such as enhanced
networking or GPU support.
See Also HVM virtualization.

Q
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

quartile binning Amazon Machine Learning: A process that takes two inputs, a numerical variable
transformation and a parameter called a bin number, and outputs a categorical variable. Quartile
binning transformations discover non-linearity in a variable's distribution by
enabling the machine learning model to learn separate importance values for
parts of the numeric variable’s distribution.

Query A type of web service that generally uses only the GET or POST HTTP method and
a query string with parameters in the URL.
See Also REST.

query string authentication An AWS feature that lets you place the authentication information in the HTTP
request query string instead of in the Authorization header, which enables
URL-based access to objects in a bucket (p. 621).

queue A sequence of messages or jobs that are held in temporary storage awaiting
transmission or processing.

Version 1.0
647
AWS General Reference Reference guide

queue URL A web address that uniquely identifies a queue.

quota The maximum value for your resources, actions, and items in your AWS account

R
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

range GET A request that specifies a byte range of data to get for a download. If an object is
large, you can break up a download into smaller units by sending multiple range
GET requests that each specify a different byte range to GET.

raw email A type of sendmail request with which you can specify the email headers and
MIME types.

RDS See Amazon Relational Database Service (Amazon RDS).

read replica Amazon RDS (p. 610): An active copy of another DB instance. Any updates to
the data on the source DB instance are replicated to the read replica DB instance
using the built-in replication feature of MySQL 5.1.

real-time predictions Amazon Machine Learning: Synchronously generated predictions for individual
data observations.
See Also batch prediction.

recipe Amazon Personalize (p. 610): An Amazon Personalize algorithm that


is preconfigured to predict the items that a user will interact with (for
USER_PERSONALIZATION recipes), or calculate items that are similar to specific
items that a user has shown interest in (for RELATED_ITEMS recipes), or rank a
collection of items that you provide based on the predicted interest for a specific
user (for PERSONALIZED_RANKING recipes).
See Also USER_PERSONALIZATION recipes, RELATED_ITEMS recipes,
PERSONALIZED_RANKING recipes.

recommendations Amazon Personalize (p. 610): A list of items that Amazon Personalize predicts
that a user will interact with. Depending on the Amazon Personalize recipe used,
recommendations can be either a list of items (with USER_PERSONALIZATION
recipes and RELATED_ITEMS recipes), or a ranking of a collection of items you
provided (with PERSONALIZED_RANKING recipes).
See Also recipe, campaign, solution version, USER_PERSONALIZATION recipes,
RELATED_ITEMS recipes, PERSONALIZED_RANKING recipes.

receipt handle Amazon SQS (p. 611): An identifier that you get when you receive a message
from the queue. This identifier is required to delete a message from the queue or
when changing a message's visibility timeout.

receiver The entity that consists of the network systems, software, and policies that
manage email delivery for a recipient (p. 648).

recipient Amazon Simple Email Service (Amazon SES) (p. 611): The person or entity
receiving an email message. For example, a person named in the "To" field of a
message.

Redis A fast, open-source, in-memory key-value data structure store. Redis comes with
a set of versatile in-memory data structures with which you can easily create a
variety of custom applications.

Version 1.0
648
AWS General Reference Reference guide

reference A means of inserting a property from one AWS resource (p. 650) into another.
For example, you could insert an Amazon EC2 (p. 607) security group (p. 652)
property into an Amazon RDS (p. 610) resource.

Region A named set of AWS resource (p. 650)s in the same geographical area. A Region
comprises at least two Availability Zone (p. 613)s.

regression model Amazon Machine Learning: Preformatted instructions for common data
transformations that fine-tune machine learning model performance.

regression model A type of machine learning model that predicts a numeric value, such as the exact
purchase price of a house.

regularization A machine learning (ML) parameter that you can tune to obtain higher-quality
ML models. Regularization helps prevent ML models from memorizing training
data examples instead of learning how to generalize the patterns it sees (called
overfitting). When training data is overfitted, the ML model performs well on the
training data but does not perform well on the evaluation data or on new data.

RELATED_ITEMS recipes Amazon Personalize (p. 610): Recipes, such as the item-to-item similarities
(SIMS) recipe, that recommend items that are similar to a specified item.
See Also recipe, item-to-item similarities (SIMS) recipe.

replacement environment The instances in a deployment group after the CodeDeploy blue/green
deployment.

replica shard See shard.

reply path The email address to which an email reply is sent. This is different from the return
path (p. 650).

representational state See REST.


transfer

reputation 1. An Amazon SES (p. 611) metric, based on factors that might include
bounce (p. 621)s, complaint (p. 623)s, and other metrics, regarding whether or
not a customer is sending high-quality email.

2. A measure of confidence, as judged by an internet service provider


(ISP) (p. 636) or other entity that an IP address that they are receiving email
from is not the source of spam (p. 654).

requester The person (or application) that sends a request to AWS to perform a specific
action. When AWS receives a request, it first evaluates the requester's permissions
to determine whether the requester is allowed to perform the request action (if
applicable, for the requested resource (p. 650)).

Requester Pays An Amazon S3 (p. 611) feature that allows a bucket owner (p. 621) to specify
that anyone who requests access to objects in a particular bucket (p. 621) must
pay the data transfer and request costs.

reservation A collection of EC2 instance (p. 629)s started as part of the same launch
request. Not to be confused with a Reserved Instance (p. 649).

Reserved Instance A pricing option for EC2 instance (p. 629)s that discounts the on-
demand (p. 643) usage charge for instances that meet the specified parameters.
Customers pay for the entire term of the instance, regardless of how they use it.

Reserved Instance An online exchange that matches sellers who have reserved capacity that they
Marketplace no longer need with buyers who are looking to purchase additional capacity.
Reserved Instance (p. 649)s that you purchase from third-party sellers have less

Version 1.0
649
AWS General Reference Reference guide

than a full standard term remaining and can be sold at different upfront prices.
The usage or reoccurring fees remain the same as the fees set when the Reserved
Instances were originally purchased. Full standard terms for Reserved Instances
available from AWS run for one year or three years.

resource An entity that users can work with in AWS, such as an EC2 instance (p. 629), an
Amazon DynamoDB (p. 607) table, an Amazon S3 (p. 611) bucket (p. 621), an
IAM (p. 616) user, an AWS OpsWorks (p. 617) stack (p. 655), and so on.

resource property A value required when including an AWS resource (p. 650) in an AWS
CloudFormation (p. 614) stack (p. 655). Each resource may have one or more
properties associated with it. For example, an AWS::EC2::Instance resource
may have a UserData property. In an AWS CloudFormation template, resources
must declare a properties section, even if the resource has no properties.

resource record Also called resource record set. The fundamental information elements in the
Domain Name System (DNS).
See Also Domain Name System in Wikipedia.

REST Representational state transfer. A simple stateless architecture that generally runs
over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical
identifiers (URIs), are represented by common media types (HTML, XML,
JSON (p. 637), and so on), and that operations on the resources are either
predefined or discoverable within the media type. In practice, this generally
results in a limited number of operations.
See Also Query, WSDL, SOAP.

RESTful web service Also known as RESTful API. A web service that follows REST (p. 650)
architectural constraints. The API operations must use HTTP methods explicitly;
expose hierarchical URIs; and transfer either XML, JSON (p. 637), or both.

return enabled Amazon CloudSearch (p. 606): An index field option that enables the field's
values to be returned in the search results.

return path The email address to which bounced email is returned. The return path is
specified in the header of the original email. This is different from the reply
path (p. 649).

revision AWS CodePipeline (p. 614): A change made to a source that is configured in a
source action, such as a pushed commit to a GitHub (p. 633) repository or an
update to a file in a versioned Amazon S3 (p. 611) bucket (p. 621).

role A tool for giving temporary access to AWS resource (p. 650)s in your AWS
account (p. 605).

rollback A return to a previous state that follows the failure to create an object, such as
AWS CloudFormation (p. 614) stack (p. 655). All resource (p. 650)s associated
with the failure are deleted during the rollback. For AWS CloudFormation, you can
override this behavior using the --disable-rollback option on the command
line.

root AWS Organizations (p. 618): A parent container for the accounts in your
organization. If you apply a service control policy (p. 653) to the root, it applies
to every organizational unit (p. 643) and account in the organization.

root credentials Authentication information associated with the AWS account (p. 605) owner.

root device volume A volume (p. 661) that contains the image used to boot the instance (p. 636)
(also known as a root device). If you launched the instance from an AMI (p. 609)
backed by instance store (p. 636), this is an instance store volume (p. 661)

Version 1.0
650
AWS General Reference Reference guide

created from a template stored in Amazon S3 (p. 611). If you launched the
instance from an AMI backed by Amazon EBS (p. 607), this is an Amazon EBS
volume created from an Amazon EBS snapshot.

route table A set of routing rules that controls the traffic leaving any subnet (p. 656) that is
associated with the route table. You can associate multiple subnets with a single
route table, but a subnet can be associated with only one route table at a time.

row identifier Amazon Machine Learning: An attribute in the input data that you can include
in the evaluation or prediction output to make it easier to associate a prediction
with an observation.

rule AWS WAF (p. 620): A set of conditions that AWS WAF searches for in web
requests to AWS resource (p. 650)s such as Amazon CloudFront (p. 606)
distributions. You add rules to a web ACL (p. 661), and then specify whether you
want to allow or block web requests based on each rule.

S
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

S3 See Amazon Simple Storage Service (Amazon S3).

sampling period A defined duration of time, such as one minute, over which Amazon
CloudWatch (p. 606) computes a statistic (p. 655).

sandbox A testing location where you can test the functionality of your application without
affecting production, incurring charges, or purchasing products.

Amazon SES (p. 611): An environment that is designed for developers to test
and evaluate the service. In the sandbox, you have full access to the Amazon SES
API, but you can only send messages to verified email addresses and the mailbox
simulator. To get out of the sandbox, you need to apply for production access.
Accounts in the sandbox also have lower sending limits (p. 653) than production
accounts.

scale in To remove EC2 instances from an Auto Scaling group (p. 613).

scale out To add EC2 instances to an Auto Scaling group (p. 613).

scaling policy A description of how Auto Scaling should automatically scale an Auto Scaling
group (p. 613) in response to changing demand.
See Also scale in, scale out.

scaling activity A process that changes the size, configuration, or makeup of an Auto Scaling
group (p. 613) by launching or terminating instances.

scheduler The method used for placing task (p. 657)s on container instance (p. 624)s.

schema Amazon Machine Learning: The information needed to interpret the input data
for a machine learning model, including attribute names and their assigned data
types, and the names of special attributes.

score cut-off value Amazon Machine Learning: A binary classification model outputs a score that
ranges from 0 to 1. To decide whether an observation should be classified as 1
or 0, you pick a classification threshold, or cut-off, and Amazon ML compares the

Version 1.0
651
AWS General Reference Reference guide

score against it. Observations with scores higher than the cut-off are predicted as
target equals 1, and scores lower than the cut-off are predicted as target equals 0.

SCP See service control policy.

search API Amazon CloudSearch (p. 606): The API that you use to submit search requests to
a search domain (p. 652).

search domain Amazon CloudSearch (p. 606): Encapsulates your searchable data and the
search instances that handle your search requests. You typically set up a separate
Amazon CloudSearch domain for each different collection of data that you want
to search.

search domain configuration Amazon CloudSearch (p. 606): An domain's indexing options, analysis
scheme (p. 612)s, expression (p. 632)s, suggester (p. 656)s, access policies,
and scaling and availability options.

search enabled Amazon CloudSearch (p. 606): An index field option that enables the field data
to be searched.

search endpoint Amazon CloudSearch (p. 606): The URL that you connect to when sending
search requests to a search domain. Each Amazon CloudSearch domain has a
unique search endpoint that remains the same for the life of the domain.

search index Amazon CloudSearch (p. 606): A representation of your searchable data that
facilitates fast and accurate data retrieval.

search instance Amazon CloudSearch (p. 606): A compute resource (p. 650) that indexes
your data and processes search requests. An Amazon CloudSearch domain
has one or more search instances, each with a finite amount of RAM and CPU
resources. As your data volume grows, more search instances or larger search
instances are deployed to contain your indexed data. When necessary, your index
is automatically partitioned across multiple search instances. As your request
volume or complexity increases, each search partition is automatically replicated
to provide additional processing capacity.

search request Amazon CloudSearch (p. 606): A request that is sent to an Amazon CloudSearch
domain's search endpoint to retrieve documents from the index that match
particular search criteria.

search result Amazon CloudSearch (p. 606): A document that matches a search request. Also
referred to as a search hit.

secret access key A key that is used in conjunction with the access key ID (p. 604) to
cryptographically sign programmatic AWS requests. Signing a request identifies
the sender and prevents the request from being altered. You can generate secret
access keys for your AWS account (p. 605), individual IAM user (p. 659)s, and
temporary sessions.

security group A named set of allowed inbound network connections for an instance. (Security
groups in Amazon VPC (p. 611) also include support for outbound connections.)
Each security group consists of a list of protocols, ports, and IP address ranges. A
security group can apply to multiple instances, and multiple groups can regulate a
single instance.

sender The person or entity sending an email message.

Sender ID A Microsoft-controlled version of SPF (p. 655). An email authentication and


anti-spoofing system. For more information about Sender ID, see Sender ID in
Wikipedia.

Version 1.0
652
AWS General Reference Reference guide

sending limits The sending quota (p. 653) and maximum send rate (p. 640) that are
associated with every Amazon SES (p. 611) account.

sending quota The maximum number of email messages that you can send using Amazon
SES (p. 611) in a 24-hour period.

server-side encryption (SSE) The encrypting (p. 630) of data at the server level. Amazon S3 (p. 611)
supports three modes of server-side encryption: SSE-S3, in which Amazon S3
manages the keys; SSE-C, in which the customer manages the keys; and SSE-KMS,
in which AWS Key Management Service (AWS KMS) (p. 617) manages keys.

service control policy AWS Organizations (p. 618): A policy-based control that specifies the services
and actions that users and roles can use in the accounts that the service control
policy (SCP) affects.

service endpoint See endpoint.

service health dashboard A webpage showing up-to-the-minute information about AWS service availability.
The dashboard is located at http://status.aws.amazon.com/.

Service Quotas A service for viewing and managing your quotas easily and at scale as your AWS
workloads grow. Quotas, also referred to as limits, are the maximum number of
resources that you can create in an AWS account.

service role An IAM (p. 616) role (p. 650) that grants permissions to an AWS service so it
can access AWS resource (p. 650)s. The policies that you attach to the service
role determine which AWS resources the service can access and what it can do
with those resources.

SES See Amazon Simple Email Service (Amazon SES).

session The period during which the temporary security credentials provided by AWS
Security Token Service (AWS STS) (p. 619) allow access to your AWS account.

SHA Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS
has deprecated in favor of SHA256.

shard Amazon Elasticsearch Service (Amazon ES) (p. 608): A partition of data in an
index. You can split an index into multiple shards, which can include primary
shards (original shards) and replica shards (copies of the primary shards). Replica
shards provide failover, which means that a replica shard is promoted to a primary
shard if a cluster node that contains a primary shard fails. Replica shards also can
handle requests.

shared AMI An Amazon Machine Image (AMI) (p. 609) that a developer builds and makes
available for others to use.

shutdown action Amazon EMR (p. 608): A predefined bootstrap action that launches a script that
executes a series of commands in parallel before terminating the job flow.

signature Refers to a digital signature, which is a mathematical way to confirm the


authenticity of a digital message. AWS uses signatures to authenticate the
requests you send to our web services. For more information, to https://
aws.amazon.com/security.

SIGNATURE file AWS Import/Export (p. 616): A file you copy to the root directory of your
storage device. The file contains a job ID, manifest file, and a signature.

Signature Version 4 Protocol for authenticating inbound API requests to AWS services in all AWS
Regions.

Version 1.0
653
AWS General Reference Reference guide

Simple Mail Transfer Protocol See SMTP.

Simple Object Access Protocol See SOAP.

Simple Storage Service See Amazon Simple Storage Service (Amazon S3).

SIMS recipe See item-to-item similarities (SIMS) recipe.

Single Sign-On See AWS Single Sign-On.

Single-AZ DB instance A standard (non-Multi-AZ) DB instance (p. 627) that is deployed in one
Availability Zone (p. 613), without a standby replica in another Availability Zone.
See Also Multi-AZ deployment.

sloppy phrase search A search for a phrase that specifies how close the terms must be to one another
to be considered a match.

SMTP Simple Mail Transfer Protocol. The standard that is used to exchange email
messages between internet hosts for the purpose of routing and delivery.

snapshot Amazon Elastic Block Store (Amazon EBS) (p. 607): A backup of your
volume (p. 661)s that is stored in Amazon S3 (p. 611). You can use these
snapshots as the starting point for new Amazon EBS volumes or to protect your
data for long-term durability.
See Also DB snapshot.

SNS See Amazon Simple Notification Service (Amazon SNS).

SOAP Simple Object Access Protocol. An XML-based protocol that lets you exchange
information over a particular protocol (HTTP or SMTP, for example) between
applications.
See Also REST, WSDL.

soft bounce A temporary email delivery failure such as one resulting from a full mailbox.

software VPN A software appliance-based VPN connection over the internet.

solution Amazon Personalize (p. 610): The recipe, customized parameters, and trained
models (solution versions) that can be used to generate recommendations.
See Also recipe, solution version, recommendations.

solution version Amazon Personalize (p. 610): A trained model that you create as part of a
solution in Amazon Personalize. You deploy a solution version in a campaign to
generate recommendations.
See Also solution, campaign, recommendations.

sort enabled Amazon CloudSearch (p. 606): An index field option that enables a field to be
used to sort the search results.

sort key An attribute used to sort the order of partition keys in a composite primary key
(also known as a range attribute).
See Also partition key, primary key.

source/destination checking A security measure to verify that an EC2 instance (p. 629) is the origin of all
traffic that it sends and the ultimate destination of all traffic that it receives; that
is, that the instance is not relaying traffic. Source/destination checking is enabled
by default. For instances that function as gateways, such as VPC (p. 661)
NAT (p. 642) instances, source/destination checking must be disabled.

spam Unsolicited bulk email.

Version 1.0
654
AWS General Reference Reference guide

spamtrap An email address that is set up by an anti-spam (p. 654) entity, not for
correspondence, but to monitor unsolicited email. This is also called a honeypot.

SPF Sender Policy Framework. A standard for authenticating email.

Spot Instance A type of EC2 instance (p. 629) that you can bid on to take advantage of unused
Amazon EC2 (p. 607) capacity.

Spot price The price for a Spot Instance (p. 655) at any given time. If your maximum price
exceeds the current price and your restrictions are met, Amazon EC2 (p. 607)
launches instances on your behalf.

SQL injection match condition AWS WAF (p. 620): An attribute that specifies the part of web requests, such
as a header or a query string, that AWS WAF inspects for malicious SQL code.
Based on the specified conditions, you can configure AWS WAF to allow or block
web requests to AWS resource (p. 650)s such as Amazon CloudFront (p. 606)
distributions.

SQS See Amazon Simple Queue Service (Amazon SQS).

SSE See server-side encryption (SSE).

SSL Secure Sockets Layer


See Also Transport Layer Security (TLS).

SSO See AWS Single Sign-On.

stack AWS CloudFormation (p. 614): A collection of AWS resource (p. 650)s that you
create and delete as a single unit.

AWS OpsWorks (p. 617): A set of instances that you manage collectively,
typically because they have a common purpose such as serving PHP applications.
A stack serves as a container and handles tasks that apply to the group of
instances as a whole, such as managing applications and cookbooks.

station AWS CodePipeline (p. 614): A portion of a pipeline workflow where one or more
actions are performed.

station A place at an AWS facility where your AWS Import/Export data is transferred on
to, or off of, your storage device.

statistic One of five functions of the values submitted for a given sampling
period (p. 651). These functions are Maximum, Minimum, Sum, Average, and
SampleCount.

stem The common root or substring shared by a set of related words.

stemming The process of mapping related words to a common stem. This enables matching
on variants of a word. For example, a search for "horse" could return matches for
horses, horseback, and horsing, as well as horse. Amazon CloudSearch (p. 606)
supports both dictionary based and algorithmic stemming.

step Amazon EMR (p. 608): A single function applied to the data in a job
flow (p. 637). The sum of all steps comprises a job flow.

step type Amazon EMR (p. 608): The type of work done in a step. There are a limited
number of step types, such as moving data from Amazon S3 (p. 611) to Amazon
EC2 (p. 607) or from Amazon EC2 to Amazon S3.

sticky session A feature of the Elastic Load Balancing (p. 630) load balancer that binds a user's
session to a specific application instance so that all requests coming from the user

Version 1.0
655
AWS General Reference Reference guide

during the session are sent to the same application instance. By contrast, a load
balancer defaults to route each request independently to the application instance
with the smallest load.

stopping The process of filtering stop words from an index or search request.

stopword A word that is not indexed and is automatically filtered out of search requests
because it is either insignificant or so common that including it would result in
too many matches to be useful. Stopwords are language specific.

streaming Amazon EMR (p. 608): A utility that comes with Hadoop (p. 634) that enables
you to develop MapReduce executables in languages other than Java.

Amazon CloudFront (p. 606): The ability to use a media file in real time—as it is
transmitted in a steady stream from a server.

streaming distribution A special kind of distribution (p. 628) that serves streamed media files using a
Real Time Messaging Protocol (RTMP) connection.

Streams See Amazon Kinesis Data Streams.

string-to-sign Before you calculate an HMAC (p. 634) signature, you first assemble the required
components in a canonical order. The preencrypted string is the string-to-sign.

string match condition AWS WAF (p. 620): An attribute that specifies the strings that AWS WAF
searches for in a web request, such as a value in a header or a query string. Based
on the specified strings, you can configure AWS WAF to allow or block web
requests to AWS resource (p. 650)s such as CloudFront (p. 606) distributions.

strongly consistent read A read process that returns a response with the most up-to-date data, reflecting
the updates from all prior write operations that were successful—regardless of
the Region.
See Also data consistency, eventual consistency, eventually consistent read.

structured query Search criteria specified using the Amazon CloudSearch (p. 606) structured
query language. You use the structured query language to construct compound
queries that use advanced search options and combine multiple search criteria
using Boolean operators.

STS See AWS Security Token Service (AWS STS).

subnet A segment of the IP address range of a VPC (p. 661) that EC2
instance (p. 629)s can be attached to. You can create subnets to group instances
according to security and operational needs.

Subscription button An HTML-coded button that enables an easy way to charge customers a recurring
fee.

suggester Amazon CloudSearch (p. 606): Specifies an index field you want to use to get
autocomplete suggestions and options that can enable fuzzy matches and control
how suggestions are sorted.

suggestions Documents that contain a match for the partial search string in the field
designated by the suggester (p. 656). Amazon CloudSearch (p. 606)
suggestions include the document IDs and field values for each matching
document. To be a match, the string must match the contents of the field starting
from the beginning of the field.

supported AMI An Amazon Machine Image (AMI) (p. 609) similar to a paid AMI (p. 644), except
that the owner charges for additional software or a service that customers use
with their own AMIs.

Version 1.0
656
AWS General Reference Reference guide

SWF See Amazon Simple Workflow Service (Amazon SWF).

symmetric encryption Encryption (p. 630) that uses a private key only.
See Also asymmetric encryption.

synchronous bounce A type of bounce (p. 621) that occurs while the email servers of the
sender (p. 652) and receiver (p. 648) are actively communicating.

synonym A word that is the same or nearly the same as an indexed word and that should
produce the same results when specified in a search request. For example, a
search for "Rocky Four" or "Rocky 4" should return the fourth Rocky movie. This
can be done by designating that four and 4 are synonyms for IV. Synonyms are
language specific.

T
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

table A collection of data. Similar to other database systems, DynamoDB stores data in
tables.

tag Metadata that you can define and assign to AWS resource (p. 650)s, such as an
EC2 instance (p. 629). Not all AWS resources can be tagged.

tagging Tagging resources: Applying a tag (p. 657) to an AWS resource (p. 650).

Amazon SES (p. 611): Also called labeling. A way to format return path (p. 650)
email addresses so that you can specify a different return path for each
recipient of a message. Tagging enables you to support VERP (p. 660). For
example, if Andrew manages a mailing list, he can use the return paths andrew
[email protected] and [email protected] so that he can
determine which email bounced.

target attribute Amazon Machine Learning (Amazon ML ): The attribute in the input data that
contains the “correct” answers. Amazon ML uses the target attribute to learn how
to make predictions on new data. For example, if you were building a model for
predicting the sale price of a house, the target attribute would be “target sale
price in USD.”

target revision AWS CodeDeploy (p. 614): The most recent version of the application revision
that has been uploaded to the repository and will be deployed to the instances in
a deployment group. In other words, the application revision currently targeted
for deployment. This is also the revision that will be pulled for automatic
deployments.

task An instantiation of a task definition (p. 657) that is running on a container


instance (p. 624).

task definition The blueprint for your task. Specifies the name of the task (p. 657), revisions,
container definition (p. 624)s, and volume (p. 661) information.

task node An EC2 instance (p. 629) that runs Hadoop (p. 634) map and reduce tasks,
but does not store data. Task nodes are managed by the master node (p. 640),
which assigns Hadoop tasks to nodes and monitors their status. While a job flow
is running you can increase and decrease the number of task nodes. Because they

Version 1.0
657
AWS General Reference Reference guide

don't store data and can be added and removed from a job flow, you can use task
nodes to manage the EC2 instance capacity your job flow uses, increasing capacity
to handle peak loads and decreasing it later.

Task nodes only run a TaskTracker Hadoop daemon.

tebibyte (TiB) A contraction of tera binary byte, a tebibyte is 2^40 or 1,099,511,627,776 bytes.
A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a pebibyte
(PiB) (p. 645).

template format version The version of an AWS CloudFormation (p. 614) template design that
determines the available features. If you omit the AWSTemplateFormatVersion
section from your template, AWS CloudFormation assumes the most recent
format version.

template validation The process of confirming the use of JSON (p. 637) code in an AWS
CloudFormation (p. 614) template. You can validate any AWS CloudFormation
template using the cfn-validate-template command.

temporary security Authentication information that is provided by AWS STS (p. 619) when you
credentials call an STS API action. Includes an access key ID (p. 604), a secret access
key (p. 652), a session (p. 653) token, and an expiration time.

throttling The automatic restricting or slowing down of a process based on one or more
limits. Examples: Amazon Kinesis Data Streams (p. 609) throttles operations if
an application (or group of applications operating on the same stream) attempts
to get data from a shard at a rate faster than the shard limit. Amazon API
Gateway (p. 606) uses throttling to limit the steady-state request rates for a
single account. Amazon SES (p. 611) uses throttling to reject attempts to send
email that exceeds the sending limits (p. 653).

time series data Data provided as part of a metric. The time value is assumed to be when the value
occurred. A metric is the fundamental concept for Amazon CloudWatch (p. 606)
and represents a time-ordered set of data points. You publish metric data points
into CloudWatch and later retrieve statistics about those data points as a time-
series ordered dataset.

timestamp A date/time string in ISO 8601 format.

TLS See Transport Layer Security (TLS).

tokenization The process of splitting a stream of text into separate tokens on detectable
boundaries such as white space and hyphens.

topic A communication channel to send messages and subscribe to notifications. It


provides an access point for publishers and subscribers to communicate with each
other.

Traffic Mirroring An Amazon VPC feature that you can use to copy network traffic from an elastic
network interface of Amazon EC2 instances, and then send it to out-of-band
security and monitoring appliances for content inspection, threat monitoring, and
troubleshooting.
See Also https://aws.amazon.com/vpc/.

training datasource A datasource that contains the data that Amazon Machine Learning uses to train
the machine learning model to make predictions.

transition AWS CodePipeline (p. 614): The act of a revision in a pipeline continuing from
one stage to the next in a workflow.

Version 1.0
658
AWS General Reference Reference guide

Transport Layer Security (TLS) A cryptographic protocol that provides security for communication over the
internet. Its predecessor is Secure Sockets Layer (SSL).

trust policy An IAM (p. 616) policy (p. 645) that is an inherent part of an IAM
role (p. 650). The trust policy specifies which principal (p. 646)s are allowed to
use the role.

trusted key groups Amazon CloudFront key groups whose public keys CloudFront can use to verify
the signatures of CloudFront signed URLs and signed cookies.

trusted signers See trusted key groups (p. 659).

tuning Selecting the number and type of AMIs (p. 609) to run a Hadoop (p. 634) job
flow most efficiently.

tunnel A route for transmission of private network traffic that uses the internet to
connect nodes in the private network. The tunnel uses encryption and secure
protocols such as PPTP to prevent the traffic from being intercepted as it passes
through public routing nodes.

U
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

unbounded The number of potential occurrences is not limited by a set number. This
value is often used when defining a data type that is a list (for example,
maxOccurs="unbounded"), in WSDL (p. 661).

unit Standard measurement for the values submitted to Amazon


CloudWatch (p. 606) as metric data. Units include seconds, percent, bytes, bits,
count, bytes/second, bits/second, count/second, and none.

unlink from VPC The process of unlinking (or detaching) an EC2-Classic instance (p. 636) from a
ClassicLink-enabled VPC (p. 661).
See Also ClassicLink, link to VPC.

usage report An AWS record that details your usage of a particular AWS service. You can
generate and download usage reports from https://aws.amazon.com/usage-
reports/.

user A person or application under an account (p. 605) that needs to make API calls
to AWS products. Each user has a unique name within the AWS account, and a set
of security credentials not shared with other users. These credentials are separate
from the AWS account's security credentials. Each user is associated with one and
only one AWS account.

Users dataset Amazon Personalize (p. 610): A container for metadata about your users, such as
age, gender, or loyalty membership.
See Also dataset.

user-personalization recipe Amazon Personalize (p. 610): An HRNN-based USER_PERSONALIZATION


recipe that predicts the items that a user will interact with. The user-
personalization recipe can use item exploration and impressions data to generate
recommendations for new items.
See Also HRNN, recipe, USER_PERSONALIZATION recipes, item exploration,
impressions data, recommendations.

Version 1.0
659
AWS General Reference Reference guide

USER_PERSONALIZATION Amazon Personalize (p. 610): Recipes used to build a recommendation system
recipes that predicts the items that a user will interact with based on data provided in
Interactions, Items, and Users datasets.
See Also recipe, user-personalization recipe, popularity-count recipe, HRNN.

V
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

validation See template validation.

value Instances of attributes (p. 613) for an item, such as cells in a spreadsheet. An
attribute might have multiple values.

Tagging resources: A specific tag (p. 657) label that acts as a descriptor within a
tag category (key). For example, you might have EC2 instance (p. 629) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 650)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

Variable Envelope Return See VERP.


Path

verification The process of confirming that you own an email address or a domain so that you
can send email from or to it.

VERP Variable Envelope Return Path. A way in which email sending applications can
match bounce (p. 621)d email with the undeliverable address that caused
the bounce by using a different return path (p. 650) for each recipient. VERP
is typically used for mailing lists. With VERP, the recipient's email address is
embedded in the address of the return path, which is where bounced email is
returned. This makes it possible to automate the processing of bounced email
without having to open the bounce messages, which may vary in content.

versioning Every object in Amazon S3 (p. 611) has a key and a version ID. Objects with the
same key, but different version IDs can be stored in the same bucket (p. 621).
Versioning is enabled at the bucket layer using PUT Bucket versioning.

VGW See virtual private gateway (VGW).

virtualization Allows multiple guest virtual machines (VM) to run on a host operating system.
Guest VMs can run on one or more levels above the host hardware, depending on
the type of virtualization.
See Also PV virtualization, HVM virtualization.

virtual private cloud See VPC.

virtual private gateway (VGW) The Amazon side of a VPN connection (p. 661) that maintains connectivity. The
internal interfaces of the virtual private gateway connect to your VPC (p. 661)
through the VPN attachment. The external interfaces connect to the VPN
connection, which leads to the customer gateway (p. 626).

visibility timeout The period of time that a message is invisible to the rest of your application after
an application component gets it from the queue. During the visibility timeout,
the component that received the message usually processes it, and then deletes
it from the queue. This prevents multiple components from processing the same
message.

Version 1.0
660
AWS General Reference Reference guide

VM Import/Export A service for importing virtual machine (VM) images from your existing
virtualization environment to Amazon EC2 and then exporting them back.
See Also https://aws.amazon.com/ec2/vm-import.

volume A fixed amount of storage on an instance (p. 636). You can share volume
data between container (p. 624)s and persist the data on the container
instance (p. 624) when the containers are no longer running.

VPC Virtual private cloud. An elastic network populated by infrastructure, platform,


and application services that share common security and interconnection.

VPC endpoint A feature that enables you to create a private connection between your
VPC (p. 661) and another AWS service without requiring access over the
internet, through a NAT (p. 642) instance, a VPN connection (p. 661), or AWS
Direct Connect (p. 615).

VPG See virtual private gateway (VGW).

VPN CloudHub See AWS VPN CloudHub.

VPN connection Amazon Web Services (AWS) (p. 611): The IPsec connection between a
VPC (p. 661) and some other network, such as a corporate data center, home
network, or colocation facility.

W
Numbers and symbols (p. 604) | A (p. 604) | B (p. 620) | C (p. 621) | D (p. 626) | E (p. 629) | F (p. 632) |
G (p. 633) | H (p. 634) | I (p. 635) | J (p. 637) | K (p. 638) | L (p. 638) | M (p. 639) | N (p. 642) | O (p. 643)
| P (p. 644) | Q (p. 647) | R (p. 648) | S (p. 651) | T (p. 657) | U (p. 659) | V (p. 660) | W (p. 661) | X, Y,
Z (p. 661)

WAM See Amazon WorkSpaces Application Manager (Amazon WAM).

web access control list (web AWS WAF (p. 620): A set of rules that defines the conditions that AWS WAF
ACL) searches for in web requests to AWS resource (p. 650)s such as Amazon
CloudFront (p. 606) distributions. A web access control list (web ACL) specifies
whether to allow, block, or count the requests.

Web Services Description See WSDL.


Language

WSDL Web Services Description Language. A language used to describe the actions
that a web service can perform, along with the syntax of action requests and
responses.
See Also REST, SOAP.

X, Y, Z
X.509 certificate A digital document that uses the X.509 public key infrastructure (PKI) standard to
verify that a public key belongs to the entity described in the certificate (p. 622).

yobibyte (YiB) A contraction of yotta binary byte, a yobibyte is 2^80 or


1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or
1,000,000,000,000,000,000,000,000 bytes.

zebibyte (ZiB) A contraction of zetta binary byte, a zebibyte is 2^70 or


1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or
1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB) (p. 661).

Version 1.0
661
AWS General Reference Reference guide

zone awareness Amazon Elasticsearch Service (Amazon ES) (p. 608): A configuration that
distributes nodes in a cluster across two Availability Zone (p. 613)s in the same
Region. Zone awareness helps to prevent data loss and minimizes downtime in
the event of node and data center failure. If you enable zone awareness, you must
have an even number of data instances in the instance count, and you also must
use the Amazon Elasticsearch Service Configuration API to replicate your data for
your Elasticsearch cluster.

Version 1.0
662

You might also like