Aws General

AWS General Reference
Reference guide
Version 1.0
AWS General Reference Reference guide
AWS General Reference: Reference guide

Copyright © 2022 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
Table of Contents
AWS General Reference ...................................................................................................................... 1
AWS security credentials ..................................................................................................................... 2
AWS users ................................................................................................................................. 2
Tasks that require root user credentials ................................................................................. 3
AWS credentials ......................................................................................................................... 3
Accessing your AWS account ................................................................................................ 4
Access keys ........................................................................................................................ 6
AWS account identifiers .............................................................................................................. 8
Finding your AWS account ID .............................................................................................. 8
Best practices for managing AWS access keys ................................................................................ 9
Don't create access keys for the root user ............................................................................. 9
Use temporary security credentials (IAM roles) ..................................................................... 10
Manage IAM user access keys properly ................................................................................ 10
Access the mobile app using AWS access keys ...................................................................... 11
Learn more ...................................................................................................................... 12
AWS security audit guidelines .................................................................................................... 12
When you should perform a security audit .......................................................................... 13
Guidelines for auditing ...................................................................................................... 13
Review your AWS account credentials ................................................................................. 13
Review your IAM users ...................................................................................................... 14
Review your IAM groups .................................................................................................... 14
Review your IAM roles ...................................................................................................... 14
Review your IAM providers for SAML and OpenID Connect (OIDC) ........................................... 14
Review Your mobile apps .................................................................................................. 15
Review your Amazon EC2 security configuration ................................................................... 15
Review AWS policies in other services ................................................................................. 15
Monitor activity in your AWS account ................................................................................. 16
Tips for reviewing IAM policies ........................................................................................... 16
Learn more ...................................................................................................................... 17
Service endpoints and quotas ............................................................................................................ 18
Alexa for Business .................................................................................................................... 24
Service endpoints ............................................................................................................. 24
Service quotas ................................................................................................................. 24
Amplify ................................................................................................................................... 25
Amplify endpoints ............................................................................................................ 25
Amplify Studio (backend) endpoints ................................................................................... 26
Amplify Studio (UI Builder) endpoints ................................................................................. 27
Amplify Service quotas ..................................................................................................... 28
Amplify Studio (UI Builder) Service quotas .......................................................................... 29
API Gateway ............................................................................................................................ 29
Service quotas ................................................................................................................. 33
AWS AppConfig ........................................................................................................................ 36
Service quotas ................................................................................................................. 40
App Mesh ................................................................................................................................ 41
Service quotas ................................................................................................................. 46
App Runner ............................................................................................................................. 47
Service quotas ................................................................................................................. 48
Amazon AppFlow ..................................................................................................................... 48
Service quotas ................................................................................................................. 50
Version 1.0
iii
Application Auto Scaling ........................................................................................................... 54

Service quotas ................................................................................................................. 56
Application Discovery Service ..................................................................................................... 58
Service quotas ................................................................................................................. 59
Application Migration Service ..................................................................................................... 60
Service quotas ................................................................................................................. 62
Amazon AppStream 2.0 ............................................................................................................ 62
Service quotas ................................................................................................................. 63
AWS AppSync .......................................................................................................................... 72
Service quotas ................................................................................................................. 75
Athena .................................................................................................................................... 77
Service quotas ................................................................................................................. 79
Audit Manager ......................................................................................................................... 80
Service quotas ................................................................................................................. 81
Amazon A2I ............................................................................................................................. 81
Service quotas ................................................................................................................. 82
Amazon Aurora ........................................................................................................................ 82
Service quotas ................................................................................................................. 86
AWS Auto Scaling .................................................................................................................... 88
Service quotas ................................................................................................................. 90
AWS Backup ............................................................................................................................ 91
Service quotas ................................................................................................................. 93
AWS Batch .............................................................................................................................. 94
Service quotas ................................................................................................................. 96
Billing and Cost Management .................................................................................................... 97
Service quotas ................................................................................................................ 100
Braket ................................................................................................................................... 100
Service endpoints ........................................................................................................... 100
Service quotas ................................................................................................................ 101
AWS BugBust ......................................................................................................................... 110
Service quotas ................................................................................................................ 110
ACM ...................................................................................................................................... 110
Service quotas ................................................................................................................ 112
AWS Private CA ...................................................................................................................... 113
Service quotas ................................................................................................................ 115
AWS Chatbot ......................................................................................................................... 118
Service quotas ................................................................................................................ 120
Amazon Chime ....................................................................................................................... 120
Service quotas ................................................................................................................ 121
Version 1.0
iv
Amazon Chime SDK ................................................................................................................ 121

Service quotas ................................................................................................................ 123
Cloud Control API ................................................................................................................... 126
AWS Cloud9 ........................................................................................................................... 127
Service quotas ................................................................................................................ 129
Cloud Directory ...................................................................................................................... 130
Service quotas ................................................................................................................ 131
CloudFormation ...................................................................................................................... 131
StackSets regional support .............................................................................................. 133
Service quotas ................................................................................................................ 135
CloudFront ............................................................................................................................. 137
Service quotas ................................................................................................................ 137
AWS CloudHSM ...................................................................................................................... 143
Service quotas ................................................................................................................ 146
AWS Cloud Map ..................................................................................................................... 147
Service quotas ................................................................................................................ 149
Amazon CloudSearch .............................................................................................................. 149
Service quotas ................................................................................................................ 150
CloudShell ............................................................................................................................. 151
Service quotas ................................................................................................................ 152
CloudTrail .............................................................................................................................. 153
Service quotas ................................................................................................................ 155
CloudWatch ........................................................................................................................... 156
Service quotas ................................................................................................................ 158
CloudWatch Application Insights .............................................................................................. 163
Service quotas ................................................................................................................ 165
CloudWatch Events ................................................................................................................. 165
Service quotas ................................................................................................................ 167
CloudWatch Logs .................................................................................................................... 170
Service quotas ................................................................................................................ 172
CloudWatch Synthetics ............................................................................................................ 176
Service quotas ................................................................................................................ 178
CodeArtifact .......................................................................................................................... 178
Service quotas ................................................................................................................ 179
CodeBuild .............................................................................................................................. 181
Service quotas ................................................................................................................ 182
CodeCommit .......................................................................................................................... 183
Service quotas ................................................................................................................ 185
Version 1.0
v
CodeDeploy ........................................................................................................................... 186

Service quotas ................................................................................................................ 188
CodeGuru Profiler ................................................................................................................... 191
Service quotas ................................................................................................................ 192
CodeGuru Reviewer ................................................................................................................. 192
Service quotas ................................................................................................................ 193
CodePipeline .......................................................................................................................... 193
Service quotas ................................................................................................................ 194
AWS CodeStar ........................................................................................................................ 197
Service quotas ................................................................................................................ 198
AWS CodeStar Notifications ..................................................................................................... 198
Service quotas ................................................................................................................ 199
Amazon Cognito Identity ......................................................................................................... 199
Service quotas ................................................................................................................ 202
Amazon Cognito Sync ............................................................................................................. 211
Service quotas ................................................................................................................ 212
Amazon Comprehend .............................................................................................................. 212
Service quotas ................................................................................................................ 214
Amazon Comprehend Medical .................................................................................................. 221
Service quotas ................................................................................................................ 222
Compute Optimizer ................................................................................................................ 225
Service quotas ................................................................................................................ 227
AWS Config ........................................................................................................................... 227
Service quotas ................................................................................................................ 229
Amazon Connect .................................................................................................................... 230
Service quotas ................................................................................................................ 234
AWS Data Exchange ................................................................................................................ 247
Service quotas ................................................................................................................ 248
Amazon Data Lifecycle Manager ............................................................................................... 251
Service quotas ................................................................................................................ 253
AWS Data Pipeline .................................................................................................................. 253
Service quotas ................................................................................................................ 254
DataSync ............................................................................................................................... 255
Service quotas ................................................................................................................ 257
AWS DMS .............................................................................................................................. 257
Service quotas ................................................................................................................ 259
AWS DeepLens ....................................................................................................................... 260
Service quotas ................................................................................................................ 261
Version 1.0
vi
AWS DeepRacer ...................................................................................................................... 261

Service quotas ................................................................................................................ 262
Detective ............................................................................................................................... 262
Service quotas ................................................................................................................ 264
DevOps Guru .......................................................................................................................... 264
Service quotas ................................................................................................................ 265
Device Farm ........................................................................................................................... 265
Service quotas ................................................................................................................ 266
AWS Direct Connect ................................................................................................................ 266
Service quotas ................................................................................................................ 268
AWS Directory Service ............................................................................................................. 269
Service quotas ................................................................................................................ 271
Amazon DocumentDB ............................................................................................................. 272
Service quotas ................................................................................................................ 273
DynamoDB ............................................................................................................................. 274
Service quotas ................................................................................................................ 279
Elastic Beanstalk ..................................................................................................................... 282
Service quotas ................................................................................................................ 285
Amazon EBS .......................................................................................................................... 286
Service quotas ................................................................................................................ 290
Recycle Bin ............................................................................................................................ 295
Service quotas ................................................................................................................ 297
Amazon EC2 .......................................................................................................................... 298
Service quotas ................................................................................................................ 300
Amazon EC2 Auto Scaling ....................................................................................................... 310
Service quotas ................................................................................................................ 312
EC2 Image Builder .................................................................................................................. 313
Service quotas ................................................................................................................ 315
EC2 Instance Connect ............................................................................................................. 317
Service quotas ................................................................................................................ 318
Amazon ECR .......................................................................................................................... 318
Service quotas ................................................................................................................ 322
Amazon ECR Public ................................................................................................................. 326
Service quotas ................................................................................................................ 326
Amazon ECS .......................................................................................................................... 328
Service quotas ................................................................................................................ 330
AWS Fargate quotas ........................................................................................................ 332
Amazon EKS .......................................................................................................................... 333
Version 1.0
vii
Service quotas ................................................................................................................ 335

AWS Fargate service quotas ............................................................................................. 336
Amazon EFS ........................................................................................................................... 337
Service quotas ................................................................................................................ 340
Elastic Inference ..................................................................................................................... 342
Service quotas ................................................................................................................ 343
Elastic Load Balancing ............................................................................................................. 343
Service quotas ................................................................................................................ 345
Elastic Transcoder ................................................................................................................... 347
Service quotas ................................................................................................................ 347
Elastic Disaster Recovery ......................................................................................................... 348
Service quotas ................................................................................................................ 350
ElastiCache ............................................................................................................................ 351
Service quotas ................................................................................................................ 353
Amazon MemoryDB for Redis ................................................................................................... 354
Service quotas ................................................................................................................ 355
Amazon EMR ......................................................................................................................... 355
Service quotas ................................................................................................................ 358
EventBridge ........................................................................................................................... 366
Service quotas ................................................................................................................ 368
EventBridge Schemas .............................................................................................................. 368
Service quotas ................................................................................................................ 370
FinSpace ................................................................................................................................ 370
Service quotas ................................................................................................................ 370
AWS FIS ................................................................................................................................ 371
Service quotas ................................................................................................................ 373
Firewall Manager .................................................................................................................... 374
Service quotas ................................................................................................................ 376
Forecast ................................................................................................................................ 378
Service quotas ................................................................................................................ 380
Amazon Fraud Detector ........................................................................................................... 384
Service quotas ................................................................................................................ 384
FreeRTOS ............................................................................................................................... 386
Service quotas ................................................................................................................ 388
Amazon FSx ........................................................................................................................... 388
Service quotas ................................................................................................................ 391
GameLift ............................................................................................................................... 394
Service quotas ................................................................................................................ 395
GameSparks ........................................................................................................................... 397
Version 1.0
viii
Service quotas ................................................................................................................ 397

S3 Glacier .............................................................................................................................. 398
Service quotas ................................................................................................................ 400
Global Accelerator .................................................................................................................. 401
Service quotas ................................................................................................................ 402
AWS Glue .............................................................................................................................. 403
Service quotas ................................................................................................................ 405
Amazon Managed Grafana ....................................................................................................... 407
Service quotas ................................................................................................................ 408
DataBrew ............................................................................................................................... 410
Service quotas ................................................................................................................ 411
AWS Ground Station ............................................................................................................... 412
Service quotas ................................................................................................................ 414
GuardDuty ............................................................................................................................. 414
Service quotas ................................................................................................................ 416
AWS Health ........................................................................................................................... 417
HealthLake ............................................................................................................................ 417
Regions and endpoints for Amazon HealthLake .................................................................. 417
Throttling and quotas for Amazon HealthLake ................................................................... 418
.................................................................................................................................... 418
Amazon Honeycode ................................................................................................................ 419
Service quotas ................................................................................................................ 419
IAM ....................................................................................................................................... 419
Service quotas ................................................................................................................ 421
IAM Access Analyzer ............................................................................................................... 423
Service quotas ................................................................................................................ 425
IAM Roles Anywhere ............................................................................................................... 426
Service quotas ................................................................................................................ 428
Incident Manager .................................................................................................................... 429
Service quotas .............................................................................................................. 431
Amazon Inspector ................................................................................................................... 436
Service quotas ................................................................................................................ 438
Amazon Inspector Classic ........................................................................................................ 438
Service quotas ................................................................................................................ 439
AWS IoT 1-Click ..................................................................................................................... 440
Service quotas ................................................................................................................ 441
AWS IoT Analytics .................................................................................................................. 443
Service quotas ................................................................................................................ 444
AWS IoT Core ......................................................................................................................... 446
Version 1.0
ix
Service quotas ................................................................................................................ 455

AWS IoT Device Defender ........................................................................................................ 502
Service quotas ................................................................................................................ 504
AWS IoT Device Management ................................................................................................... 513
Service quotas ................................................................................................................ 521
AWS IoT Events ...................................................................................................................... 540
Service quotas ................................................................................................................ 543
AWS IoT FleetWise .................................................................................................................. 545
Service quotas ................................................................................................................ 545
AWS IoT Greengrass V1 ........................................................................................................... 546
Service quotas ................................................................................................................ 551
AWS IoT Greengrass V2 ........................................................................................................... 552
Service quotas ................................................................................................................ 557
AWS IoT RoboRunner .............................................................................................................. 558
Service quotas ................................................................................................................ 559
AWS IoT SiteWise ................................................................................................................... 564
Service quotas ................................................................................................................ 565
AWS IoT TwinMaker ................................................................................................................ 571
Service quotas ................................................................................................................ 572
AWS IoT TwinMaker API throttling limits ........................................................................... 573
Amazon IVS ........................................................................................................................... 573
Service quotas ................................................................................................................ 574
Amazon Kendra ...................................................................................................................... 576
Service quotas ................................................................................................................ 577
Amazon Keyspaces .................................................................................................................. 579
Service quotas ................................................................................................................ 581
AWS KMS .............................................................................................................................. 583
Service quotas ................................................................................................................ 586
Kinesis Data Analytics ............................................................................................................. 595
Service quotas ................................................................................................................ 597
Kinesis Data Firehose .............................................................................................................. 598
Service quotas ................................................................................................................ 600
Kinesis Data Streams .............................................................................................................. 602
Service quotas ................................................................................................................ 604
Kinesis Video Streams ............................................................................................................. 604
Service quotas ................................................................................................................ 606
Lake Formation ...................................................................................................................... 616
Service quotas ................................................................................................................ 618
Lambda ................................................................................................................................. 618
Version 1.0
x

Service quotas ................................................................................................................ 621
AWS Launch Wizard ................................................................................................................ 623
Service quotas ................................................................................................................ 625
Amazon Lex ........................................................................................................................... 625
V2 service endpoints ....................................................................................................... 625
V1 service endpoints ....................................................................................................... 627
Service quotas ................................................................................................................ 628
AWS License Manager ............................................................................................................. 630
Service quotas ................................................................................................................ 634
Lightsail ................................................................................................................................ 635
Service quotas ................................................................................................................ 636
Amazon Location Service ......................................................................................................... 639
Service quotas ................................................................................................................ 640
Lookout for Equipment ........................................................................................................... 647
Service quotas ................................................................................................................ 647
Lookout for Metrics ................................................................................................................ 649
Service quotas ................................................................................................................ 650
Lookout for Vision .................................................................................................................. 656
Service quotas ................................................................................................................ 657
Macie .................................................................................................................................... 658
Service quotas ................................................................................................................ 660
AWS Mainframe Modernization ................................................................................................ 664
Service quotas ................................................................................................................ 665
Amazon ML ........................................................................................................................... 665
Service quotas ................................................................................................................ 666
Managed Blockchain ............................................................................................................... 667
Service quotas ................................................................................................................ 668
AWS Managed Services ........................................................................................................... 668
Service quotas ................................................................................................................ 668
AWS Management Console ...................................................................................................... 668
Amazon MWAA ...................................................................................................................... 670
Service quotas ................................................................................................................ 671
AWS Marketplace .................................................................................................................... 672
Mechanical Turk ..................................................................................................................... 674
Service quotas ................................................................................................................ 675
Amazon MSK ......................................................................................................................... 675
Service quotas ................................................................................................................ 677
Amazon MSK Connect ............................................................................................................. 677
Version 1.0
xi
Service quotas ................................................................................................................ 678

MediaConnect ........................................................................................................................ 679
Service quotas ................................................................................................................ 680
MediaConvert ......................................................................................................................... 680
Service quotas ................................................................................................................ 682
MediaLive .............................................................................................................................. 683
Service quotas ................................................................................................................ 684
MediaPackage ........................................................................................................................ 685
Service quotas ................................................................................................................ 688
MediaStore ............................................................................................................................ 690
Service quotas ................................................................................................................ 691
MediaTailor ............................................................................................................................ 693
Service quotas ................................................................................................................ 693
Migration Hub ........................................................................................................................ 695
Service quotas ................................................................................................................ 696
Migration Hub Orchestrator ..................................................................................................... 696
Service quotas ................................................................................................................ 697
AWS Migration Hub Refactor Spaces ......................................................................................... 697
Service quotas ................................................................................................................ 698
Migration Hub Strategy Recommendations ................................................................................ 698
Service quotas ................................................................................................................ 699
Amazon Monitron ................................................................................................................... 699
Service quotas ................................................................................................................ 700
Amazon MQ ........................................................................................................................... 700
Service quotas ................................................................................................................ 702
Neptune ................................................................................................................................ 704
Service quotas ................................................................................................................ 706
Network Firewall .................................................................................................................... 706
Service quotas ................................................................................................................ 708
Network Manager ................................................................................................................... 709
Service quotas ................................................................................................................ 709
Nimble Studio ........................................................................................................................ 710
Service quotas ................................................................................................................ 711
OpenSearch Service ................................................................................................................ 712
Service quotas ................................................................................................................ 714
AWS OpsWorks ...................................................................................................................... 715
Service quotas ................................................................................................................ 717
Organizations ......................................................................................................................... 718
Version 1.0
xii
Service quotas ................................................................................................................ 721

AWS Outposts ........................................................................................................................ 723
Amazon S3 on Outposts .................................................................................................. 724
Service quotas ................................................................................................................ 726
AWS Panorama ...................................................................................................................... 727
Service quotas ................................................................................................................ 727
Amazon Personalize ................................................................................................................ 730
Service quotas ................................................................................................................ 732
Amazon Pinpoint .................................................................................................................... 738
Service quotas ................................................................................................................ 740
Amazon Polly ......................................................................................................................... 750
Service quotas ................................................................................................................ 752
Amazon Managed Service for Prometheus ................................................................................. 754
Service quotas ................................................................................................................ 755
Additional quotas for ingested data .................................................................................. 757
AWS Proton ........................................................................................................................... 757
Service quotas ................................................................................................................ 758
QLDB .................................................................................................................................... 759
Service quotas ................................................................................................................ 760
Amazon QuickSight ................................................................................................................ 761
Service quotas ................................................................................................................ 762
AWS RAM .............................................................................................................................. 764
Service quotas ................................................................................................................ 766
Amazon Redshift .................................................................................................................... 767
Service quotas ................................................................................................................ 772
Amazon Rekognition ............................................................................................................... 773
Service quotas ................................................................................................................ 775
Amazon RDS .......................................................................................................................... 779
Service quotas ................................................................................................................ 783
Resilience Hub ........................................................................................................................ 785
Service quotas ................................................................................................................ 786
Resource Groups and Tagging .................................................................................................. 788
AWS Resource Groups ..................................................................................................... 788
AWS Resource Groups Tagging API ................................................................................... 790
AWS RoboMaker ..................................................................................................................... 792
Service quotas ................................................................................................................ 793
Route 53 ................................................................................................................................ 795
Service quotas ................................................................................................................ 799
Route 53 ARC ........................................................................................................................ 802
Service quotas ................................................................................................................ 803
Version 1.0
xiii
SageMaker ............................................................................................................................. 803

Service quotas ................................................................................................................ 809
Secrets Manager ..................................................................................................................... 823
Service quotas ................................................................................................................ 825
Security Hub .......................................................................................................................... 827
Service quotas ................................................................................................................ 829
AWS STS ............................................................................................................................... 830
AWS SMS .............................................................................................................................. 832
Service quotas ................................................................................................................ 834
Service Quotas ....................................................................................................................... 834
Service quotas ................................................................................................................ 836
AWS Serverless Application Repository ...................................................................................... 838
Service quotas ................................................................................................................ 840
AWS Service Catalog ............................................................................................................... 840
Service quotas ................................................................................................................ 842
Shield Advanced ..................................................................................................................... 844
Service quotas ................................................................................................................ 846
Amazon SES .......................................................................................................................... 847
Service quotas ................................................................................................................ 851
AWS Signer ............................................................................................................................ 851
Service endpoints with Lambda ........................................................................................ 851
Service endpoints with IoT .............................................................................................. 853
Service quotas ................................................................................................................ 854
AWS Sign-In ........................................................................................................................... 856
Service quotas ................................................................................................................ 858
Amazon SNS .......................................................................................................................... 858
Service quotas ................................................................................................................ 861
Amazon SQS .......................................................................................................................... 865
Service quotas ................................................................................................................ 868
Amazon S3 ............................................................................................................................ 870
Service quotas ................................................................................................................ 889
Amazon SWF ......................................................................................................................... 891
Service quotas ................................................................................................................ 893
Amazon SimpleDB .................................................................................................................. 902
Service quotas ................................................................................................................ 903
IAM Identity Center ................................................................................................................ 903
Service quotas ................................................................................................................ 906
Snow Family .......................................................................................................................... 907
Service quotas ................................................................................................................ 909
Version 1.0
xiv
Step Functions ....................................................................................................................... 909

Service quotas ................................................................................................................ 912
Storage Gateway .................................................................................................................... 918
Service quotas ................................................................................................................ 921
Sumerian ............................................................................................................................... 923
Service quotas ................................................................................................................ 924
AWS Support ......................................................................................................................... 925
Service quotas ................................................................................................................ 927
AWS Support App in Slack endpoints ................................................................................ 927
AWS Systems Manager ............................................................................................................ 927
Service quotas ................................................................................................................ 930
Amazon Textract .................................................................................................................... 938
Service Quotas ............................................................................................................... 939
Timestream ............................................................................................................................ 940
Service quotas ................................................................................................................ 941
Amazon Transcribe ................................................................................................................. 943
Service quotas ................................................................................................................ 947
Transfer Family ...................................................................................................................... 953
Service quotas ................................................................................................................ 955
Amazon Translate ................................................................................................................... 956
Service quotas ................................................................................................................ 958
Amazon VPC .......................................................................................................................... 958
Service quotas ................................................................................................................ 960
AWS WAF .............................................................................................................................. 963
Service quotas ................................................................................................................ 965
AWS WAF Classic .................................................................................................................... 968
Service quotas ................................................................................................................ 972
AWS Well-Architected Tool ...................................................................................................... 974
Service quotas ................................................................................................................ 975
Amazon WorkDocs .................................................................................................................. 976
Amazon WorkMail .................................................................................................................. 977
Service quotas ................................................................................................................ 978
WorkSpaces ........................................................................................................................... 978
Service quotas ................................................................................................................ 979
Amazon WorkSpaces Web ........................................................................................................ 981
Service quotas ................................................................................................................ 982
X-Ray .................................................................................................................................... 983
Service quotas ................................................................................................................ 985
Version 1.0
xv
AWS resources ............................................................................................................................... 987

AWS service endpoints ............................................................................................................ 987
Regional endpoints ......................................................................................................... 987
View the service endpoints .............................................................................................. 988
FIPS endpoints ............................................................................................................... 989
Learn more .................................................................................................................... 989
Managing AWS Regions ........................................................................................................... 989
Enabling a Region .......................................................................................................... 990
Disabling a Region .......................................................................................................... 990
Describing your Regions using the AWS CLI ....................................................................... 991
AWS service quotas ................................................................................................................ 991
Tagging AWS resources ........................................................................................................... 992
Best practices ................................................................................................................. 993
Tagging categories .......................................................................................................... 993
Tag naming limits and requirements ................................................................................. 994
Common tagging strategies ............................................................................................. 994
Tagging governance ........................................................................................................ 995
Learn more .................................................................................................................... 996
Amazon Resource Names (ARNs) .............................................................................................. 996
ARN format ................................................................................................................... 996
Paths in ARNs ................................................................................................................ 997
AWS IP address ranges .................................................................................................................... 998
Download .............................................................................................................................. 998
Syntax ................................................................................................................................... 998
Filtering the JSON file ........................................................................................................... 1000
Windows ...................................................................................................................... 1000
Linux ........................................................................................................................... 1001
Implementing egress control .................................................................................................. 1003
Windows PowerShell ..................................................................................................... 1003
jq ................................................................................................................................ 1003
Python ........................................................................................................................ 1004
AWS IP address ranges notifications ........................................................................................ 1004
Release notes ....................................................................................................................... 1006
Learn more .......................................................................................................................... 1006
IPv6 support ................................................................................................................................ 1008
Services that support IPv6 ..................................................................................................... 1008
Additional IPv6 support ......................................................................................................... 1009
Learn more .......................................................................................................................... 1009
AWS APIs ..................................................................................................................................... 1010
API retries ............................................................................................................................ 1010
Signing AWS API requests ...................................................................................................... 1011
When to sign requests ................................................................................................... 1011
Why requests are signed ................................................................................................ 1011
Signing requests ........................................................................................................... 1012
Signature versions ........................................................................................................ 1012
Signature Version 4 signing process ................................................................................ 1012
Signature Version 2 signing process ................................................................................ 1040
AWS SDK support for Amazon S3 client-side encryption ............................................................ 1047
AWS SDK features for Amazon S3 client-side encryption .................................................... 1048
Amazon S3 encryption client cryptographic algorithms ...................................................... 1048
Document conventions .................................................................................................................. 1050
AWS glossary ............................................................................................................................... 1052
Version 1.0
xvi
AWS General Reference

The AWS General Reference provides information that is useful across Amazon Web Services.
Contents
• AWS security credentials (p. 2)

• Service endpoints and quotas (p. 18)
• AWS resources (p. 987)
• AWS IP address ranges (p. 998)
• AWS APIs (p. 1010)
• Document conventions (p. 1050)
• AWS glossary (p. 1052)
Version 1.0
1
AWS users
AWS security credentials

When you interact with AWS, you specify your AWS security credentials to verify who you are and
whether you have permission to access the resources that you are requesting. AWS uses the security
credentials to authenticate and authorize your requests.
For example, if you want to download a protected file from an Amazon Simple Storage Service (Amazon
S3) bucket, your credentials must allow that access. If your credentials don't show you are authorized to
download the file, AWS denies your request. However, your AWS security credentials aren't required for
you to download a file in an Amazon S3 bucket that is publicly shared.
Contents
• AWS account root user credentials and IAM user credentials (p. 2)
• Understanding and getting your AWS credentials (p. 3)
• Your AWS account identifiers (p. 8)
• Best practices for managing AWS access keys (p. 9)
• AWS security audit guidelines (p. 12)
AWS account root user credentials and IAM user

credentials
There are two different types of users in AWS. You are either the account owner (root user), or you are an
AWS Identity and Access Management (IAM) user. When you create the AWS account, it also creates the
root user. The root user or an IAM administrator for the account can create IAM users. All AWS users have
security credentials.
Root user credentials
The credentials of the account owner allow full access to all resources in the account. You can't use IAM
policies to deny the root user access to resources explicitly. You can only use an AWS Organizations
service control policy (SCP) to limit the permissions of the root user. Because of this, we recommend
that you create an IAM user with administrator permissions for everyday AWS tasks, and lock away the
credentials for the root user.
There are specific tasks that are restricted to the AWS account root user. For example, only the root
user can close your account. If you must perform a task that requires the root user, sign in to the AWS
Management Console with the email address and password of the root user. For more information, see
Tasks that require root user credentials (p. 3).
IAM credentials
With IAM, you can securely control access to AWS services and resources for users in your AWS account.
For example, if you require administrator-level permissions, you can create an IAM user, grant that user
full access, and then use those credentials to interact with AWS. If you must modify or revoke your
permissions, you can delete or modify the policies that are associated with that IAM user.
If you have multiple users who require access to your AWS account, you can create unique credentials
for each user and define who has access to which resources. You don't need to share credentials. For
Version 1.0
2
Tasks that require root user credentials
example, you can create IAM users with read-only access to resources in your AWS account and distribute
those credentials to users.
Tasks that require root user credentials

We recommend that you use an IAM user with appropriate permissions to perform tasks and access AWS
resources. However, you can perform the tasks listed below only when you sign in as the root user of an
account.
Tasks
• Change your account settings. This includes the account name, email address, root user password,
and root user access keys. Other account settings, such as contact information, payment currency
preference, and Regions, do not require root user credentials.
• Restore IAM user permissions. If the only IAM user with administrator permissions accidentally revokes
their own permissions, you can sign in as the root user to edit policies and restore those permissions.
• Activate IAM access to the Billing and Cost Management console.
• View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and
download VAT invoices from AWS Europe, but not AWS Inc or Amazon Internet Services Pvt. Ltd
(AISPL).
• Close your AWS account.
• Register as a seller in the Reserved Instance Marketplace.
• Configure MFA delete for your S3 bucket.
• Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID.
• Sign up for GovCloud.
Troubleshooting
If you can't complete any of these tasks with your root user credentials, your account might be a member
of an organization in AWS Organizations. If your organizational administrator used a service control
policy (SCP) to limit the permissions of your account, your root user permissions might be affected. For
more information, see Service control policies in the AWS Organizations User Guide.
Understanding and getting your AWS credentials

AWS requires different types of security credentials, depending on how you access AWS. For example,
you need a user name and password to sign in to the AWS Management Console, and you need access
keys to make programmatic calls to AWS. You also need access keys to use the AWS Command Line
Interface or AWS Tools for PowerShell.
Considerations
• Be sure to save the following in a secure location: the email address associated with your AWS account,
the AWS account ID, the root user password, and your account access keys. If you forget or lose your
root user password, you must have access to the email address associated with your account in order to
reset it. If you lose your access keys, you must sign into your account to create new ones.
•
We strongly recommend that you do not use the root user for your everyday tasks. Safeguard your
root user credentials and use them to perform the tasks that only the root user can perform. For
the complete list of tasks that require you to sign in as the root user, see Tasks that require root user
credentials.
• Security credentials are account-specific. If you have access to multiple AWS accounts, you have
separate credentials for each account.
Version 1.0
3
Accessing your AWS account
• Never share your AWS account root user password or access keys with anyone.
Credentials
• Accessing your AWS account (p. 4)
• Access keys (p. 6)

The way you access your AWS account depends on what type of AWS user you are. There are a few
different types of AWS users. You can be an account root user, an AWS Identity and Access Management
(IAM) user, an AWS IAM Identity Center (successor to AWS Single Sign-On) user, or a federated identity.
You can access AWS using the following methods:
• AWS Management Console sign-in page

• AWS access portal sign-in page
• Federated identity
• Programmatic methods like API, AWS Command Line Interface, and SDK (Software Development Kit)
AWS Management Console

Root and IAM users sign in through the AWS Management Console. The AWS Management Console
provides a web-based user interface that you can use to create and manage your AWS resources.
For example, you can start and stop Amazon Elastic Compute Cloud (EC2) instances, create Amazon
DynamoDB tables, and create Amazon Simple Storage Service (S3) buckets.
• Root users sign in with:

• Email address
• Password
• IAM users sign in with:
• Account ID or alias
• User name or email address
• Password
• Your account owner or IAM administrator should provide your account ID or alias and user name
to you. They create the account and set your user name. Your user name might be your email
address.
For step-by-step directions on how to sign in to the AWS Management Console, see Signing in to the
AWS Management Console in the AWS Sign-In User Guide.
For more information about signing in with multi-factor authentication (MFA) devices, see Using MFA
devices with your IAM sign-in page.
Important
When you create an AWS account, you begin with one sign-in identity that has complete access
to all AWS services and resources in the account. This identity is called the AWS account root
user and is accessed by signing in with the email address and password that you used to create
the account. We strongly recommend that you do not use the root user for your everyday tasks.
Safeguard your root user credentials and use them to perform the tasks that only the root user
can perform. For the complete list of tasks that require you to sign in as the root user, see Tasks
that require root user credentials in the AWS General Reference.
Version 1.0
4
AWS access portal

IAM Identity Center users sign in through the AWS access portal rather than the AWS Management
Console. After you sign in through the AWS access portal, you can access your AWS account and
applications. You can access cloud applications such as Office 365, Concur, and Salesforce through the
AWS access portal. Your administrator or help desk employee should have provided you a specific sign-in
URL like the following examples:
https://d-xxxxxxxxxx.awsapps.com/start
or
https://your_subdomain.awsapps.com/start
Alternatively, if you created an IAM Identity Center user for your AWS account, you would have received
an email invitation with the specific sign-in URL.
IAM Identity Center users sign in with:
• Corporate user name

• Corporate password
• If prompted for a verification code, check your email and then copy and paste the code into the sign-
in page.
• Verification codes are typically sent through email, but the delivery method can vary. Your
administrator establishes the security settings that requires users to provide a verification code.
Check with your administrator for details.
For step-by-step directions on how to sign in to the AWS access portal, see Signing in to the AWS access
portal in the AWS Sign-In User Guide.
For more information about IAM Identity Center, see What is IAM Identity Center? in the AWS IAM
Identity Center (successor to AWS Single Sign-On) User Guide.
Federated identity
Federated identities are users that can access secure AWS account resources with external identities.
External identities can come from a corporate identity store (such as LDAP or Windows Active Directory)
or from a third party (such as Login in with Amazon, Facebook, or Google). Federated identities do not
sign in with the AWS Management Console or AWS access portal. The type of external identity in use
determines how federated identities sign in.
For more information about federated identities, see About web identity federation in the IAM User
Guide.
Administrators must create a custom URL that includes https://signin.aws.amazon.com/

federation. For more information, see Enabling custom identity broker access to the AWS
Management Console.
Note
Your administrator creates federated identities. Contact your administrator for more details on
how to sign in as a federated identity.
AWS Command Line Interface

AWS users can also sign in with the AWS Command Line Interface (AWS CLI). For more information about
the AWS CLI, see What is the AWS Command Line Interface.
Version 1.0
5
Access keys
Multi-factor authentication (MFA)

Multi-factor authentication (MFA) provides an extra level of security for users who can access your AWS
account. For additional security, we recommend that you require MFA on the AWS account root user
credentials and all IAM users. For more information, see Using Multi-Factor Authentication (MFA) in AWS
in the IAM User Guide.
When you activate MFA and you sign in to your AWS account, you are prompted for your user name and
password, plus a response generated by an MFA device, such as a code, a touch or tap, or a biometric
scan. When you add MFA, your AWS account settings and resources are more secure.
By default, MFA isn't activated. You can activate and manage MFA devices for the AWS account root user
by going to the Security credentials page or the IAM dashboard in the AWS Management Console. For
more information about activating MFA for IAM users, see Enabling MFA Devices in the IAM User Guide.
Access keys
When you use AWS programmatically, you provide your AWS access keys so that AWS can verify your
identity in programmatic calls. Access keys can be either temporary (short-term) credentials or long-term
credentials, such as for an IAM user or the AWS account root user. In many cases, there are alternatives to
long-term access keys (p. 6) to consider.
About access keys

When you create a long-term access key, you create the access key ID (for example,
AKIAIOSFODNN7EXAMPLE) and secret access key (for example, wJalrXUtnFEMI/K7MDENG/
bPxRfiCYEXAMPLEKEY) as a set. The secret access key is available for download only when you create it.
If you don't download your secret access key or if you lose it, you must create a new one.
In many scenarios, you don't need long-term access keys that never expire (as you have with an IAM
user). Instead, you can create IAM roles and generate temporary security credentials. Temporary security
credentials include an access key ID and a secret access key, but they also include a security token that
indicates when the credentials expire. After they expire, they're no longer valid. For more information,
see Temporary access keys (p. 7).
Access key IDs beginning with AKIA are long-term access keys for an IAM user or an AWS account root
user. Access key IDs beginning with ASIA are temporary credentials access keys that you create using
AWS STS operations.
Considerations and alternatives for long-term access keys

For many common use cases, there are alternatives to long-term access keys. To improve your account
security, consider the following.
• Don't embed long-term access keys and secret access keys in your application code or in a code
repository – Instead, use AWS Secrets Manager, or other secrets management solution, so you don't
have to hardcode keys in plaintext. The application or client can then retrieve secrets when needed. For
more information, see What is AWS Secrets Manager? in the AWS Secrets Manager User Guide.
• Use IAM roles to generate temporary security credentials whenever possible – Always use
mechanisms to issue temporary security credentials when possible, rather than long-term access
keys. Temporary security credentials are more secure because they are not stored with the user but
are generated dynamically and provided to the user when requested. Temporary security credentials
have a limited lifetime so you don't have to manage or rotate them. Mechanisms include IAM roles or
the authentication of an IAM Identity Center user. For more information, see Use temporary security
credentials (IAM roles) (p. 10) and Temporary access keys (p. 7).
Version 1.0
6
Access keys
• Use alternatives to long-term access keys for the AWS Command Line Interface (AWS CLI) or the
aws-shell – Alternatives include the following.
• AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from
the AWS Management Console. You can run AWS CLI commands against AWS services through
your preferred shell (Bash, Powershell, or Z shell). When you do this, you don't need to download
or install command line tools. For more information, see What is AWS CloudShell? in the AWS
CloudShell User Guide.
• AWS CLI Version 2 integration with AWS IAM Identity Center (successor to AWS Single Sign-On)
(IAM Identity Center). You can authenticate users and provide short-term credentials to run AWS
CLI commands. To learn more, see Integrating AWS CLI with IAM Identity Center in the AWS IAM
Identity Center (successor to AWS Single Sign-On) User Guide and Configuring the AWS CLI to use IAM
Identity Center in the AWS Command Line Interface User Guide.
• Don't create long-term access keys for human users who need access to applications or AWS
services – IAM Identity Center can generate temporary access credentials for your external IdP users
to access AWS services. This eliminates the need to create and manage long-term credentials in IAM.
In IAM Identity Center, create an IAM Identity Center permission set that grants the external IdP
users access. Then assign a group from IAM Identity Center to the permission set in the selected AWS
accounts. For more information, see What is AWS IAM Identity Center (successor to AWS Single Sign-
On), Connect to your external identity provider, and Permission sets in the AWS IAM Identity Center
(successor to AWS Single Sign-On) User Guide.
• Don't store long-term access keys within an AWS compute service – Instead, assign an IAM role to
compute resources. This automatically supplies temporary credentials to grant access. For example,
when you create an instance profile that is attached to an Amazon EC2 instance, you can assign an
AWS role to the instance and make it available to all of its applications. An instance profile contains
the role and enables programs that are running on the Amazon EC2 instance to get temporary
credentials. To learn more, see Using an IAM role to grant permissions to applications running on
Amazon EC2 instances.
For additional security best practices related to access keys, see Best practices for managing AWS access
keys (p. 9).
Temporary access keys

You can create and use temporary access keys, known as temporary security credentials, for
programmatic access requests. We recommend that you use temporary access keys over long term access
keys, as mentioned in the previous section. For more information, see Using temporary credentials with
AWS resources in the IAM User Guide.
You can use temporary access keys in less secure environments, or distribute them, to grant users
temporary access to resources in your AWS account.
For example, you can grant entities from other AWS accounts access to resources in your AWS account
(cross-account access). You can also grant users who don't have AWS security credentials access to
resources in your AWS account (federation). For more information, see aws sts assume-role.
Long-term access keys

You can assign up to two long-term access keys per user. It is useful to have two access keys when you
want to rotate them. When you disable an access key, you can't use it, but it counts toward your limit
of two access keys. After you delete an access key, it's gone forever and can't be restored, but it can be
replaced with a new access key.
Important
Unless there is no other option, we strongly recommend that you don't create long-term access
keys for your root user. If a malicious user gains access to your root user access keys, they can
completely take over your account.
Version 1.0
7
AWS account identifiers
You provide your AWS access keys to make programmatic calls to AWS or to use the AWS Command Line
Interface or AWS Tools for PowerShell.
For more information about creating access keys for the root user, see AWS account root user in the IAM
User Guide.
For more information about creating access keys for IAM users, see Managing access keys for IAM users in
the IAM User Guide.
Your AWS account identifiers

AWS assigns the following unique identifiers to each AWS account:
AWS account ID
A 12-digit number, such as 123456789012, that uniquely identifies an AWS account. Many AWS
resources include the account ID in their Amazon Resource Names (ARNs). The account ID portion
distinguishes resources in one account from the resources in another account. If you are an IAM user,
you can sign in to the AWS Management Console with either the account ID or account alias.
Canonical user ID
An alpha-numeric identifier, such as

79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be, that is an
obfuscated form of the AWS account ID. You can use this ID to identify an AWS account when
granting cross-account access to buckets and objects using Amazon S3. You can retrieve the
canonical user ID for your AWS account as either the root user or an IAM user.
For more information, see Finding the canonical user ID for your AWS account in the Amazon S3 User
Guide.
You must be authenticated with AWS to view these identifiers.

Warning
Do not provide your AWS credentials (p. 3) to a third party who needs your AWS account
identifiers to share AWS resources with you. If you do this, they have the same access to the AWS
account that you have.
Finding your AWS account ID

You can find the AWS account ID in the AWS Management Console. The location of the account ID in the
console depends on whether you are logged in as the root user or as an IAM user. The account ID is the
same whether you are logged in as the root user or as an IAM user.
Prerequisite
You must be signed in to the AWS Management Console. For more information, see Signing in to the
AWS Management Console in the IAM User Guide.
To find your AWS account ID when signed in as the root user
1. In the navigation bar on the upper right, choose your account name or number, and then choose
Security credentials.
2. Expand the Account identifiers section. The account number appears next to the label AWS account
ID.
Version 1.0
8
Best practices for managing AWS access keys
To find your AWS account ID when signed in as an IAM user
1. In the navigation bar on the upper right, choose your user name and then choose Security
credentials.
Tip
If you do not see the Security credentials page, you might be signed in as a federated user,
not an IAM user.
2. At the top of the page, under Account details, the account number appears next to the label AWS
account ID.
To find your AWS account ID using the AWS CLI
Use the get-caller-identity command as follows:
aws sts get-caller-identity --query Account --output text
Best practices for managing AWS access keys

When you use AWS programmatically, you provide your AWS access keys so that AWS can verify your
identity in programmatic calls. Each of your access keys consist of an access key ID (for example,
AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/
bPxRfiCYEXAMPLEKEY).
Anyone who has your access keys has the same level of access to your AWS resources that you do. For
this reason, AWS protects your access keys according to our shared-responsibility model. You should also
protect your access keys.
The steps that follow can help you protect your access keys. For background information, see AWS
security credentials (p. 2).
Note
Your organization might have different security requirements and policies than those described
in this topic. The suggestions here provide general guidelines.
Don't create access keys for the root user

When you make requests with the AWS Command Line Tools, AWS SDKs, or direct API calls, you sign
the requests with your access keys. Anyone who has the access keys for your AWS account root user has
unrestricted access to all the resources in your account. This includes access to billing information. You
can't restrict the permissions for your AWS account root user.
One of the best ways to protect your account is not to create access keys for your AWS account root
user.
If you already have access keys for your account, we recommend the following:
1. Find places in your applications (if any) where you currently use access keys.
2. Replace the root user access keys with IAM user access keys.
3. Deactivate and delete the root user access keys.
For more information about how to substitute one access key for another, see How to Rotate Access Keys
for IAM Users on the AWS Security Blog.
Version 1.0
9
Use temporary security credentials (IAM roles)
By default, AWS doesn't generate access keys for new accounts.
For information about how to create an IAM user with administrative permissions, see Creating Your First
IAM Admin User and Group in the IAM User Guide.
Use temporary security credentials (IAM roles)

In many scenarios, you don't need long-term access keys that never expire (as you have with an IAM
user). Instead, you can create IAM roles and generate temporary security credentials. Temporary security
credentials consist of an access key ID and a secret access key, but they also include a security token that
indicates when the credentials expire.
Long-term access keys, such as those associated with IAM users and AWS account root users, remain
valid until you manually revoke them. However, temporary security credentials that you obtain through
IAM roles and other features of the AWS Security Token Service are valid for only a short time. You
can configure them to last for anywhere from a few minutes to several hours. Use temporary security
credentials to help reduce your risk in case credentials are exposed.
Use an IAM role and temporary security credentials in the following situations:
• You have an application or AWS CLI scripts that runs on an Amazon EC2 instance. Don't use
access keys directly in your application. Don't pass access keys to the application, embed them in
the application, or let the application read access keys from any source. Instead, define an IAM role
that has appropriate permissions for your application and launch the Amazon Elastic Compute Cloud
(Amazon EC2) instance with roles for EC2. This practice associates an IAM role with the Amazon EC2
instance. When you do this, the application can also get temporary security credentials that it can in
turn use to make programmatic calls to AWS. The AWS SDKs and the AWS Command Line Interface
(AWS CLI) can get temporary credentials from the role automatically.
• You need to grant cross-account access. Use an IAM role to establish trust between accounts,
and then grant users in one account limited permissions to access the trusted account. For more
information, see Tutorial: Delegate access across AWS accounts using IAM roles in the IAM User Guide.
• You have a mobile app. Don't embed access keys with the app, even in encrypted storage. Instead, use
Amazon Cognito to manage user identities in your app. This service lets you authenticate users using
Login with Amazon, Facebook, Google, or any identity provider (IdP) compatible with OpenID Connect
(OIDC). You can then use the Amazon Cognito credentials provider to manage credentials that your
app uses to make requests to AWS. For more information, see Using the Amazon Cognito Credentials
Provider on the AWS Mobile Blog.
• You want to federate into AWS and your organization supports SAML 2.0. If you work for an
organization that has an identity provider that supports SAML 2.0, configure the provider to use SAML.
You can use SAML to exchange authentication information with AWS and get back a set of temporary
security credentials. For more information, see About SAML 2.0-based Federation in the IAM User
Guide.
• You want to federate into AWS and your organization has an on-premises identity store. If users
can authenticate inside your organization, you can write an application that can issue them temporary
security credentials for access to AWS resources. For more information, see Enabling custom identity
broker access to the AWS Management Console in the IAM User Guide.
Manage IAM user access keys properly

If you must create access keys for programmatic access to AWS, create them for IAM users, and grant the
users only the permissions that they require. For more information, see Managing access keys for IAM
users in the IAM User Guide.
Note
If you use an Amazon EC2 instance with an application that requires programmatic access to
AWS resources, use IAM roles for EC2.
Version 1.0
10
Access the mobile app using AWS access keys
When you use access keys, observe these precautions:
• Don't embed access keys directly into code. When you use AWS SDKs and the AWS Command Line
Tools, you can insert access keys in known locations so that you don't have to keep them in code.
Put access keys in one of the following locations:

• The AWS credentials file. The AWS SDKs and AWS CLI automatically use the credentials that you
store in the AWS credentials file.
For information about using the AWS credentials file, see the documentation for your SDK. Examples
include Set AWS Credentials and Region in the AWS SDK for Java Developer Guide and Configuration
and credential files in the AWS Command Line Interface User Guide.
To store credentials for the AWS SDK for .NET and the AWS Tools for Windows PowerShell, we
recommend that you use the SDK Store. For more information, see Using the SDK Store in the AWS
SDK for .NET Developer Guide.
• Environment variables. On a multitenant system, choose user environment variables, not system
environment variables.
For more information about using environment variables to store credentials, see Environment
Variables in the AWS Command Line Interface User Guide.
• Use different access keys for different applications. When you vary access keys across applications,
you can isolate the permissions and revoke the access keys for individual applications if they are
exposed. When you use separate access keys for different applications it generates distinct entries
in AWS CloudTrail log files. This configuration helps you to determine which application performed
specific actions.
• Rotate access keys periodically. Regularly rotating long-term credentials helps you familiarize
yourself with the process. This is useful in case you are ever in a situation where you must rotate
credentials, such as when an employee leaves your company. For details, see Rotating access keys (AWS
CLI, Tools for Windows PowerShell, and AWS API) in the IAM User Guide and How to Rotate Access Keys
for IAM Users on the AWS Security Blog.
• Remove unused access keys. If a user leaves your organization, remove the corresponding IAM user
so that the user can no longer access your resources. To find out when an access key was last used, use
the GetAccessKeyLastUsed API (AWS CLI command: aws iam get-access-key-last-used).
• Configure multi-factor authentication (MFA). To improve account security, require MFA on the
AWS account root user credentials and all IAM users. For more information, see Using Multi-Factor
Authentication (MFA) in AWS in the IAM User Guide.
Access the mobile app using AWS access keys

You can access a limited set of AWS services and features using the AWS mobile app. The mobile app
helps you support incident response while on the go. For more information and to download the app,
see AWS Console Mobile Application.
You can sign in to the mobile app using your console password or your access keys. As a best practice,
don't use root user access keys. Instead, we strongly recommend that you use a password or biometric
lock on your mobile device, and also create an IAM user to manage AWS resources. If you lose your
mobile device, you can remove the IAM user's access. For more information about generating access keys
for an IAM user, see Managing access keys for IAM users in the IAM User Guide.
To sign in using access keys (mobile app)
1. Open the app on your mobile device.

2. If this is the first time that you're adding an identity to the device, choose Add an identity and then
choose Access keys.
Version 1.0
11
Learn more
If you have already signed in using another identity, choose the menu icon and choose Switch
identity. Then choose Sign in as a different identity and then Access keys.
3. On the Access keys page, enter your information:
• Access key ID – Enter your access key ID.

• Secret access key – Enter your secret access key.
• Identity name – Enter the name of the identity that will appear in the mobile app. This does not
need to match your IAM user name.
• Identity PIN – Create a personal identification number (PIN) that you will use for future sign-ins.
Note
If you enable biometrics for the AWS mobile app, you will be prompted to use your
fingerprint or facial recognition for verification instead of the PIN. If the biometrics fail,
you might be prompted for the PIN instead.
4. Choose Verify and add keys.
You can now access a select set of your resources using the mobile app.
Learn more
For more information about best practices for AWS account security, see the following resources:
• IAM Best Practices contains suggestions that help you secure your AWS resources with the AWS
Identity and Access Management (IAM) service.
• The following topics provide guidance when you set up the AWS SDKs and the AWS CLI to use access
keys:
• Set AWS credentials and Region in the AWS SDK for Java Developer Guide
• Using the SDK Store in the AWS SDK for .NET Developer Guide
• Providing Credentials to the SDK in the AWS SDK for PHP Developer Guide
• Configuration in the Boto 3 (AWS SDK for Python) documentation
• Using AWS Credentials in the AWS Tools for Windows PowerShell User Guide
• Configuration and credential files in the AWS Command Line Interface User Guide
• The following resources discuss how programs that you write with the SDK for Java 2.x or AWS SDK
for .NET can automatically get temporary security credentials when they run on an Amazon EC2
instance:
• Granting access using an IAM role in the AWS SDK for .NET Developer Guide
• Configuring IAM roles for Amazon EC2in the AWS SDK for Java Developer Guide
AWS security audit guidelines

You should periodically audit your security configuration to make sure it meets your current business
needs. An audit gives you an opportunity to remove unneeded IAM users, roles, groups, and policies, and
to make sure that your users and software have only the permissions that are required.
Following are guidelines for systematically reviewing and monitoring your AWS resources for security
best practices.
Contents
• When you should perform a security audit (p. 13)
Version 1.0
12
When you should perform a security audit
• Guidelines for auditing (p. 13)

• Review your AWS account credentials (p. 13)
• Review your IAM users (p. 14)
• Review your IAM groups (p. 14)
• Review your IAM roles (p. 14)
• Review your IAM providers for SAML and OpenID Connect (OIDC) (p. 14)
• Review Your mobile apps (p. 15)
• Review your Amazon EC2 security configuration (p. 15)
• Review AWS policies in other services (p. 15)
• Monitor activity in your AWS account (p. 16)
• Tips for reviewing IAM policies (p. 16)
• Learn more (p. 17)
When you should perform a security audit

You should audit your security configuration in the following situations:
• On a periodic basis. You should perform the steps described in this document at regular intervals as a
best practice for security.
• If there are changes in your organization, such as people leaving.
• If you have stopped using one or more individual AWS services. This is important for removing
permissions that users in your account no longer need.
• If you've added or removed software in your accounts, such as applications on Amazon EC2 instances,
AWS OpsWorks stacks, AWS CloudFormation templates, etc.
• If you ever suspect that an unauthorized person might have accessed your account.
Guidelines for auditing

As you review your account's security configuration, follow these guidelines:
• Be thorough. Look at all aspects of your security configuration, including those you might not use
regularly.
• Don't assume. If you are unfamiliar with some aspect of your security configuration (for example, the
reasoning behind a particular policy or the existence of a role), investigate the business need until you
are satisfied.
• Keep things simple. To make auditing (and management) easier, use IAM groups, consistent naming
schemes, and straightforward policies.
Review your AWS account credentials

Take these steps when you audit your AWS account credentials:
1. If you're not using the root access keys for your account, you can remove them. We strongly
recommend that you do not use root access keys for everyday work with AWS, and that instead you
create IAM users.
2. If you do need to keep the access keys for your account, rotate them regularly.
Version 1.0
13
Review your IAM users
Review your IAM users

Take these steps when you audit your existing IAM users:
1. List your users and then delete users that are inactive.
2. Remove users from groups that they don't need to be a part of.
3. Review the policies attached to the groups the user is in. See Tips for reviewing IAM policies (p. 16).
4. Delete security credentials that the user doesn't need or that might have been exposed. For example,
an IAM user that is used for an application does not need a password (which is necessary only to sign
in to AWS websites). Similarly, if a user does not use access keys, there's no reason for the user to have
one. For more information, see Managing Passwords for IAM Users and Managing Access Keys for IAM
Users in the IAM User Guide.
You can generate and download a credential report that lists all IAM users in your account and the
status of their various credentials, including passwords, access keys, and MFA devices. For passwords
and access keys, the credential report shows how recently the password or access key has been
used. Credentials that have not been used recently might be good candidates for removal. For more
information, see Getting Credential Reports for your AWS Account in the IAM User Guide.
5. Rotate (change) user security credentials periodically, or immediately if you ever share them with an
unauthorized person. For more information, see Managing Passwords for IAM Users and Managing
Access Keys for IAM Users in the IAM User Guide.
Review your IAM groups

Take these steps when you audit your IAM groups:
1. List your groups and then delete groups that are unused.
2. Review users in each group and remove users that don't belong.
3. Review the policies attached to the group. See Tips for reviewing IAM policies (p. 16).
Review your IAM roles

Take these steps when you audit your IAM roles:
1. List your roles and then delete roles that are unused.
2. Review the role's trust policy. Make sure that you know who the principal is and that you understand
why that account or user needs to be able to assume the role.
3. Review the access policy for the role to be sure that it grants suitable permissions to whoever assumes
the role—see Tips for reviewing IAM policies (p. 16).
Review your IAM providers for SAML and OpenID

Connect (OIDC)
If you have created an IAM entity for establishing trust with a SAML or OIDC identity provider, take these
steps:
1. Delete unused providers.

2. Download and review the AWS metadata documents for each SAML provider and make sure the
documents reflect your current business needs. Alternatively, get the latest metadata documents from
the SAML IdPs that you want to establish trust with and update the provider in IAM.
Version 1.0
14
Review Your mobile apps
Review Your mobile apps

If you have created a mobile app that makes requests to AWS, take these steps:
1. Make sure that the mobile app does not contain embedded access keys, even if they are in encrypted
storage.
2. Get temporary credentials for the app by using APIs that are designed for that purpose. We
recommend that you use Amazon Cognito to manage user identity in your app. This service lets you
authenticate users using Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC)–
compatible identity provider. You can then use the Amazon Cognito credentials provider to manage
credentials that your app uses to make requests to AWS.
If your mobile app doesn't support authentication using Login with Amazon, Facebook, Google, or any
other OIDC-compatible identity provider, you can create a proxy server that can dispense temporary
credentials to your app.
Review your Amazon EC2 security configuration

Take the following steps for each AWS Region:
1. Delete Amazon EC2 key pairs that are unused or that might be known to people outside your
organization.
2. Review your Amazon EC2 security groups:
• Remove security groups that no longer meet your needs.
• Remove rules from security groups that no longer meet your needs. Make sure you know why the
ports, protocols, and IP address ranges they permit have been allowed.
3. Terminate instances that aren't serving a business need or that might have been started by someone
outside your organization for unapproved purposes. Remember that if an instance is started with a
role, applications that run on that instance can access AWS resources using the permissions that are
granted by that role.
4. Cancel Spot Instance requests that aren't serving a business need or that might have been made by
someone outside your organization.
5. Review your Auto Scaling groups and configurations. Shut down any that no longer meet your needs
or that might have been configured by someone outside your organization.
Review AWS policies in other services

Review the permissions for services that use resource-based policies or that support other security
mechanisms. In each case, make sure that only users and roles with a current business need have access
to the service's resources, and that the permissions granted on the resources are the fewest necessary to
meet your business needs.
• Review your Amazon S3 bucket policies and ACLs.

• Review your Amazon SQS queue policies.
• Review your Amazon SNS topic policies.
• Review your AWS OpsWorks permissions.
• Review your AWS KMS key policies.
Version 1.0
15
Monitor activity in your AWS account
Monitor activity in your AWS account

Follow these guidelines for monitoring AWS activity:
• Turn on AWS CloudTrail in each account and use it in each supported Region.
• Periodically examine CloudTrail log files. (CloudTrail has a number of partners who provide tools for
reading and analyzing log files.)
• Enable Amazon S3 bucket logging to monitor requests made to each bucket.
• If you believe there has been unauthorized use of your account, pay particular attention to temporary
credentials that have been issued. If temporary credentials have been issued that you don't recognize,
disable their permissions.
• Enable billing alerts in each account and set a cost threshold that lets you know if your charges exceed
your normal usage.
Tips for reviewing IAM policies

Policies are powerful and subtle, so it's important to study and understand the permissions that are
granted by each policy. Use the following guidelines when reviewing policies:
• As a best practice, attach policies to groups instead of to individual users. If an individual user has a
policy, make sure you understand why that user needs the policy.
• Make sure that IAM users, groups, and roles have only the permissions that they need.
• Use the IAM Policy Simulator to test policies that are attached to users or groups.
• Remember that a user's permissions are the result of all applicable policies—user policies, group
policies, and resource-based policies (on Amazon S3 buckets, Amazon SQS queues, Amazon SNS
topics, and AWS KMS keys). It's important to examine all the policies that apply to a user and to
understand the complete set of permissions granted to an individual user.
• Be aware that allowing a user to create an IAM user, group, role, or policy and attach a policy to the
principal entity is effectively granting that user all permissions to all resources in your account. That is,
users who are allowed to create policies and attach them to a user, group, or role can grant themselves
any permissions. In general, do not grant IAM permissions to users or roles whom you do not trust
with full access to the resources in your account. The following list contains IAM permissions that you
should review closely:
• iam:PutGroupPolicy
• iam:PutRolePolicy
• iam:PutUserPolicy
• iam:CreatePolicy
• iam:CreatePolicyVersion
• iam:AttachGroupPolicy
• iam:AttachRolePolicy
• iam:AttachUserPolicy
• Make sure policies don't grant permissions for services that you don't use. For example, if you use
AWS managed policies, make sure the AWS managed policies that are in use in your account are for
services that you actually use. To find out which AWS managed policies are in use in your account, use
the IAM GetAccountAuthorizationDetails API (AWS CLI command: aws iam get-account-
authorization-details).
• If the policy grants a user permission to launch an Amazon EC2 instance, it might also allow the
iam:PassRole action, but if so it should explicitly list the roles that the user is allowed to pass to the
Amazon EC2 instance.
Version 1.0
16
Learn more
• Closely examine any values for the Action or Resource element that include *. It's a best practice
to grant Allow access to only the individual actions and resources that users need. However, the
following are reasons that it might be suitable to use * in a policy:
• The policy is designed to grant administrative-level privileges.
• The wildcard character is used for a set of similar actions (for example, Describe*) as a
convenience, and you are comfortable with the complete list of actions that are referenced in this
way.
• The wildcard character is used to indicate a class of resources or a resource path (e.g.,
arn:aws:iam::account-id:users/division_abc/*), and you are comfortable granting access
to all of the resources in that class or path.
• A service action does not support resource-level permissions, and the only choice for a resource is *.
• Examine policy names to make sure they reflect the policy's function. For example, although a
policy might have a name that includes "read only," the policy might actually grant write or change
permissions.
Learn more
For information about managing IAM resources, see the following:
• IAM Users and Groups in the IAM User Guide.

• Permissions and Policies in the IAM User Guide.
• IAM Roles (Delegation and Federation) in the IAM User Guide.
• IAM Policy Simulator in the Using IAM Policy Simulator guide.
For more information about Amazon EC2 security, see the following:
• Network and Security in the Amazon EC2 User Guide for Linux Instances.
• Demystifying EC2 Resource-Level Permissions on the AWS Security Blog.
For more information about monitoring an AWS account, see the re:Invent 2013 video presentation
Intrusion Detection in the Cloud.
Version 1.0
17
Service endpoints and quotas

The following pages describe the service endpoints and service quotas for AWS services. To connect
programmatically to an AWS service, you use an endpoint. For more information, see AWS service
endpoints (p. 987). Service quotas, also referred to as limits, are the maximum number of service
resources or operations for your AWS account. For more information, see AWS service quotas (p. 991).
Click one of the following links to go to the page for that service. To view the service quotas for all AWS
services in the documentation without switching pages, view the information in the Service endpoints
and quotas page in the PDF instead.
Services
• Alexa for Business endpoints and quotas (p. 24)
• AWS Amplify endpoints and quotas (p. 25)
• Amazon API Gateway endpoints and quotas (p. 29)
• AWS AppConfig endpoints and quotas (p. 36)
• AWS App Mesh endpoints and quotas (p. 41)
• AWS App Runner endpoints and quotas (p. 47)
• Amazon AppFlow endpoints and quotas (p. 48)
• Application Auto Scaling endpoints and quotas (p. 54)
• AWS Application Discovery Service endpoints and quotas (p. 58)
• AWS Application Migration Service endpoints and quotas (p. 60)
• Amazon AppStream 2.0 endpoints and quotas (p. 62)
• AWS AppSync endpoints and quotas (p. 72)
• Amazon Athena endpoints and quotas (p. 77)
• AWS Audit Manager endpoints and quotas (p. 80)
• Amazon Augmented AI endpoints and quotas (p. 81)
• Amazon Aurora endpoints and quotas (p. 82)
• AWS Auto Scaling endpoints and quotas (p. 88)
• AWS Backup endpoints and quotas (p. 91)
• AWS Batch endpoints and quotas (p. 94)
• AWS Billing and Cost Management endpoints and quotas (p. 97)
• Amazon Braket endpoints and quotas (p. 100)
• AWS BugBust endpoints and quotas (p. 110)
• AWS Certificate Manager endpoints and quotas (p. 110)
• AWS Private Certificate Authority endpoints and quotas (p. 113)
• AWS Chatbot endpoints and quotas (p. 118)
• Amazon Chime endpoints and quotas (p. 120)
• Amazon Chime SDK endpoints and quotas (p. 121)
• Cloud Control API endpoints and quotas (p. 126)
Version 1.0
18
• AWS Cloud9 endpoints and quotas (p. 127)

• Amazon Cloud Directory endpoints and quotas (p. 130)
• AWS CloudFormation endpoints and quotas (p. 131)
• Amazon CloudFront endpoints and quotas (p. 137)
• AWS CloudHSM endpoints and quotas (p. 143)
• AWS Cloud Map endpoints and quotas (p. 147)
• Amazon CloudSearch endpoints and quotas (p. 149)
• AWS CloudShell endpoints and quotas (p. 151)
• AWS CloudTrail endpoints and quotas (p. 153)
• Amazon CloudWatch endpoints and quotas (p. 156)
• Amazon CloudWatch Application Insights endpoints and quotas (p. 163)
• Amazon CloudWatch Events endpoints and quotas (p. 165)
• Amazon CloudWatch Logs endpoints and quotas (p. 170)
• Amazon CloudWatch Synthetics endpoints and quotas (p. 176)
• AWS CodeArtifact endpoints and quotas (p. 178)
• AWS CodeBuild endpoints and quotas (p. 181)
• AWS CodeCommit endpoints and quotas (p. 183)
• AWS CodeDeploy endpoints and quotas (p. 186)
• Amazon CodeGuru Profiler endpoints and quotas (p. 191)
• Amazon CodeGuru Reviewer endpoints and quotas (p. 192)
• AWS CodePipeline endpoints and quotas (p. 193)
• AWS CodeStar endpoints and quotas (p. 197)
• AWS CodeStar Notifications endpoints and quotas (p. 198)
• Amazon Cognito Identity endpoints and quotas (p. 199)
• Amazon Cognito Sync endpoints and quotas (p. 211)
• Amazon Comprehend endpoints and quotas (p. 212)
• Amazon Comprehend Medical endpoints and quotas (p. 221)
• AWS Compute Optimizer endpoints and quotas (p. 225)
• AWS Config endpoints and quotas (p. 227)
• Amazon Connect endpoints and quotas (p. 230)
• AWS Data Exchange endpoints and quotas (p. 247)
• Amazon Data Lifecycle Manager endpoints and quotas (p. 251)
• AWS Data Pipeline endpoints and quotas (p. 253)
• AWS DataSync endpoints and quotas (p. 255)
• AWS Database Migration Service endpoints and quotas (p. 257)
• AWS DeepLens endpoints and quotas (p. 260)
• AWS DeepRacer endpoints and quotas (p. 261)
• Amazon Detective endpoints and quotas (p. 262)
• Amazon DevOps Guru endpoints and quotas (p. 264)
• AWS Device Farm endpoints and quotas (p. 265)
• AWS Direct Connect endpoints and quotas (p. 266)
Version 1.0
19
• AWS Directory Service endpoints and quotas (p. 269)

• Amazon DocumentDB endpoints and quotas (p. 272)
• Amazon DynamoDB endpoints and quotas (p. 274)
• AWS Elastic Beanstalk endpoints and quotas (p. 282)
• Amazon Elastic Block Store endpoints and quotas (p. 286)
• Recycle Bin endpoints and quotas (p. 295)
• Amazon EC2 endpoints and quotas (p. 298)
• Amazon EC2 Auto Scaling endpoints and quotas (p. 310)
• EC2 Image Builder endpoints and quotas (p. 313)
• Amazon EC2 Instance Connect endpoints and quotas (p. 317)
• Amazon ECR endpoints and quotas (p. 318)
• Amazon ECR Public endpoints and quotas (p. 326)
• Amazon ECS endpoints and quotas (p. 328)
• Amazon Elastic Kubernetes Service endpoints and quotas (p. 333)
• Amazon Elastic File System endpoints and quotas (p. 337)
• Amazon Elastic Inference endpoints and quotas (p. 342)
• Elastic Load Balancing endpoints and quotas (p. 343)
• Amazon Elastic Transcoder endpoints and quotas (p. 347)
• AWS Elastic Disaster Recovery endpoints and quotas (p. 348)
• Amazon ElastiCache endpoints and quotas (p. 351)
• Amazon MemoryDB for Redis endpoints and quotas (p. 354)
• Amazon EMR endpoints and quotas (p. 355)
• Amazon EventBridge endpoints and quotas (p. 366)
• Amazon EventBridge Schemas endpoints and quotas (p. 368)
• Amazon FinSpace quotas (p. 370)
• AWS Fault Injection Simulator endpoints and quotas (p. 371)
• AWS Firewall Manager endpoints and quotas (p. 374)
• Amazon Forecast endpoints and quotas (p. 378)
• Amazon Fraud Detector endpoints and quotas (p. 384)
• FreeRTOS endpoints and quotas (p. 386)
• Amazon FSx endpoints and quotas (p. 388)
• Amazon GameLift endpoints and quotas (p. 394)
• Amazon GameSparks endpoints and quotas (p. 397)
• Amazon S3 Glacier endpoints and quotas (p. 398)
• AWS Global Accelerator endpoints and quotas (p. 401)
• AWS Glue endpoints and quotas (p. 403)
• Amazon Managed Grafana endpoints and quotas (p. 407)
• AWS Glue DataBrew endpoints and quotas (p. 410)
• AWS Ground Station endpoints and quotas (p. 412)
• Amazon GuardDuty endpoints and quotas (p. 414)
• AWS Health endpoints and quotas (p. 417)
Version 1.0
20
• Amazon HealthLake endpoints and quotas (p. 417)

• Amazon Honeycode endpoints and quotas (p. 419)
• AWS Identity and Access Management endpoints and quotas (p. 419)
• IAM Access Analyzer endpoints and quotas (p. 423)
• AWS Identity and Access Management Roles Anywhere endpoints and quotas (p. 426)
• AWS Systems Manager Incident Manager endpoints and quotas (p. 429)
• Amazon Inspector endpoints and quotas (p. 436)
• Amazon Inspector Classic endpoints and quotas (p. 438)
• AWS IoT 1-Click endpoints and quotas (p. 440)
• AWS IoT Analytics endpoints and quotas (p. 443)
• AWS IoT Core endpoints and quotas (p. 446)
• AWS IoT Device Defender endpoints and quotas (p. 502)
• AWS IoT Device Management endpoints and quotas (p. 513)
• AWS IoT Events endpoints and quotas (p. 540)
• AWS IoT FleetWise endpoints and quotas (p. 545)
• AWS IoT Greengrass V1 endpoints and quotas (p. 546)
• AWS IoT Greengrass V2 endpoints and quotas (p. 552)
• AWS IoT RoboRunner endpoints and quotas (p. 558)
• AWS IoT SiteWise endpoints and quotas (p. 564)
• AWS IoT TwinMaker endpoints and quotas (p. 571)
• Amazon Interactive Video Service endpoints and quotas (p. 573)
• Amazon Kendra endpoints and quotas (p. 576)
• Amazon Keyspaces (for Apache Cassandra) endpoints and quotas (p. 579)
• AWS Key Management Service endpoints and quotas (p. 583)
• Amazon Kinesis Data Analytics endpoints and quotas (p. 595)
• Amazon Kinesis Data Firehose endpoints and quotas (p. 598)
• Amazon Kinesis Data Streams endpoints and quotas (p. 602)
• Amazon Kinesis Video Streams endpoints and quotas (p. 604)
• AWS Lake Formation endpoints and quotas (p. 616)
• AWS Lambda endpoints and quotas (p. 618)
• AWS Launch Wizard endpoints and quotas (p. 623)
• Amazon Lex endpoints and quotas (p. 625)
• AWS License Manager endpoints and quotas (p. 630)
• Amazon Lightsail endpoints and quotas (p. 635)
• Amazon Location Service endpoints and quotas (p. 639)
• Amazon Lookout for Equipment endpoints and quotas (p. 647)
• Amazon Lookout for Metrics endpoints and quotas (p. 649)
• Amazon Lookout for Vision endpoints and quotas (p. 656)
• Amazon Macie endpoints and quotas (p. 658)
• AWS Mainframe Modernization endpoints and quotas (p. 664)
• Amazon Machine Learning endpoints and quotas (p. 665)
Version 1.0
21
• Amazon Managed Blockchain endpoints and quotas (p. 667)

• AWS Managed Services endpoints and quotas (p. 668)
• AWS Management Console service endpoints (p. 668)
• Amazon Managed Workflows for Apache Airflow endpoints and quotas (p. 670)
• AWS Marketplace endpoints and quotas (p. 672)
• Amazon Mechanical Turk endpoints and quotas (p. 674)
• Amazon Managed Streaming for Apache Kafka endpoints and quotas (p. 675)
• Amazon MSK Connect endpoints and quotas (p. 677)
• AWS Elemental MediaConnect endpoints and quotas (p. 679)
• AWS Elemental MediaConvert endpoints and quotas (p. 680)
• AWS Elemental MediaLive endpoints and quotas (p. 683)
• AWS Elemental MediaPackage endpoints and quotas (p. 685)
• AWS Elemental MediaStore endpoints and quotas (p. 690)
• AWS Elemental MediaTailor endpoints and quotas (p. 693)
• AWS Migration Hub endpoints and quotas (p. 695)
• Migration Hub Orchestrator endpoints and quotas (p. 696)
• AWS Migration Hub Refactor Spaces endpoints and quotas (p. 697)
• Migration Hub Strategy Recommendations endpoints and quotas (p. 698)
• Amazon Monitron endpoints and quotas (p. 699)
• Amazon MQ endpoints and quotas (p. 700)
• Amazon Neptune endpoints and quotas (p. 704)
• AWS Network Firewall endpoints and quotas (p. 706)
• AWS Network Manager endpoints and quotas (p. 709)
• Amazon Nimble Studio endpoints and quotas (p. 710)
• Amazon OpenSearch Service endpoints and quotas (p. 712)
• AWS OpsWorks endpoints and quotas (p. 715)
• AWS Organizations endpoints and quotas (p. 718)
• AWS Outposts endpoints and quotas (p. 723)
• AWS Panorama endpoints and quotas (p. 727)
• Amazon Personalize endpoints and quotas (p. 730)
• Amazon Pinpoint endpoints and quotas (p. 738)
• Amazon Polly endpoints and quotas (p. 750)
• Amazon Managed Service for Prometheus endpoints and quotas (p. 754)
• AWS Proton endpoints and quotas (p. 757)
• Amazon QLDB endpoints and quotas (p. 759)
• Amazon QuickSight endpoints and quotas (p. 761)
• AWS Resource Access Manager endpoints and quotas (p. 764)
• Amazon Redshift endpoints and quotas (p. 767)
• Amazon Rekognition endpoints and quotas (p. 773)
• Amazon Relational Database Service endpoints and quotas (p. 779)
• AWS Resilience Hub endpoints and quotas (p. 785)
Version 1.0
22
• AWS Resource Groups and Tagging endpoints and quotas (p. 788)
• AWS RoboMaker endpoints and quotas (p. 792)
• Amazon Route 53 endpoints and quotas (p. 795)
• Amazon Route 53 Application Recovery Controller endpoints and quotas (p. 802)
• Amazon SageMaker endpoints and quotas (p. 803)
• AWS Secrets Manager endpoints and quotas (p. 823)
• AWS Security Hub endpoints and quotas (p. 827)
• AWS Security Token Service endpoints and quotas (p. 830)
• AWS Server Migration Service endpoints and quotas (p. 832)
• Service Quotas endpoints and quotas (p. 834)
• AWS Serverless Application Repository endpoints and quotas (p. 838)
• AWS Service Catalog endpoints and quotas (p. 840)
• AWS Shield Advanced endpoints and quotas (p. 844)
• Amazon Simple Email Service endpoints and quotas (p. 847)
• AWS Signer endpoints and quotas (p. 851)
• AWS Sign-In endpoints and quotas (p. 856)
• Amazon Simple Notification Service endpoints and quotas (p. 858)
• Amazon Simple Queue Service endpoints and quotas (p. 865)
• Amazon Simple Storage Service endpoints and quotas (p. 870)
• Amazon Simple Workflow Service endpoints and quotas (p. 891)
• Amazon SimpleDB endpoints and quotas (p. 902)
• AWS IAM Identity Center (successor to AWS Single Sign-On) endpoints and quotas (p. 903)
• AWS Snow Family endpoints and quotas (p. 907)
• AWS Step Functions endpoints and quotas (p. 909)
• AWS Storage Gateway endpoints and quotas (p. 918)
• Amazon Sumerian endpoints and quotas (p. 923)
• AWS Support endpoints and quotas (p. 925)
• AWS Systems Manager endpoints and quotas (p. 927)
• Amazon Textract endpoints and quotas (p. 938)
• Amazon Timestream endpoints and quotas (p. 940)
• Amazon Transcribe endpoints and quotas (p. 943)
• AWS Transfer Family endpoints and quotas (p. 953)
• Amazon Translate endpoints and quotas (p. 956)
• Amazon Virtual Private Cloud endpoints and quotas (p. 958)
• AWS WAF endpoints and quotas (p. 963)
• AWS WAF Classic endpoints and quotas (p. 968)
• AWS Well-Architected Tool endpoints and quotas (p. 974)
• Amazon WorkDocs endpoints and quotas (p. 976)
• Amazon WorkMail endpoints and quotas (p. 977)
• WorkSpaces endpoints and quotas (p. 978)
• Amazon WorkSpaces Web endpoints and quotas (p. 981)
• AWS X-Ray endpoints and quotas (p. 983)
Version 1.0
23
Alexa for Business
Alexa for Business endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 987).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 991).
Service endpoints
Region Region Endpoint Protocol
Name
US East (N. us-east-1 a4b.us-east-1.amazonaws.com HTTPS

Virginia)
Service quotas
Name Default Adjustable
Description
Address books Each supported Yes The maximum number of

Region: 25 address books.
Contacts per account Each supported Yes The maximum number of

Region: 10,000 contacts per account.
Contacts per address book Each supported Yes The maximum number of
Region: 100 contacts per address book.
Number of conference appliances Each supported Yes The maximum number of

Region: 10,000 conference appliances.
Number of devices Each supported Yes The maximum number of

Region: 100,000 devices.
Number of devices per room Each supported Yes The maximum number of
Region: 10 devices per room.
Number of gateways Each supported Yes The maximum number of

Region: 100 gateways.
Number of profiles Each supported Yes The maximum number of

Region: 100 profiles.
Number of rooms Each supported Yes The maximum number of

Region: 10,000 rooms.
Number of skill groups Each supported Yes The maximum number of

Region: 1,000 skill groups.
Number of skills Each supported Yes The maximum number of

Region: 100 skills.
Number of skills per skill group Each supported Yes The maximum number of
Region: 25 skills per skill group.
Version 1.0
24
Amplify

Description
Number of users Each supported Yes The maximum number of

Region: 10,000 users.
AWS Amplify endpoints and quotas

Amplify endpoints
Name
US East us-east-2 amplify.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 amplify.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 amplify.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 amplify.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 amplify.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- amplify.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- amplify.ap-northeast-2.amazonaws.com HTTPS

Pacific northeast-2
(Seoul)
Asia ap- amplify.ap-southeast-1.amazonaws.com HTTPS

Pacific southeast-1
(Singapore)
Asia ap- amplify.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- amplify.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Version 1.0
25
Amplify Studio (backend) endpoints

Name
Canada ca- amplify.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- amplify.eu-central-1.amazonaws.com HTTPS

(Frankfurt) central-1
Europe eu-west-1 amplify.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- amplify.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 amplify.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- amplify.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 amplify.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Amplify Studio (backend) endpoints

Name
US East us-east-2 amplifybackend.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 amplifybackend.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 amplifybackend.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 amplifybackend.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- amplifybackend.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
26
Amplify Studio (UI Builder) endpoints

Name
Asia ap- amplifybackend.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- amplifybackend.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- amplifybackend.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- amplifybackend.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- amplifybackend.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- amplifybackend.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 amplifybackend.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 amplifybackend.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- amplifybackend.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 amplifybackend.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Amplify Studio (UI Builder) endpoints
Region Name Region Endpoint Protocol
Europe (Stockholm) eu-north-1 amplifyuibuilder.eu- HTTPS

north-1.amazonaws.com
Middle East (Bahrain) me-south-1 amplifyuibuilder.me- HTTPS

south-1.amazonaws.com
Version 1.0
27
Amplify Service quotas
Asia Pacific (Mumbai) ap-south-1 amplifyuibuilder.ap- HTTPS

Europe (Paris) eu-west-3 amplifyuibuilder.eu- HTTPS

west-3.amazonaws.com
US East (Ohio) us-east-2 amplifyuibuilder.us- HTTPS

east-2.amazonaws.com
Europe (Ireland) eu-west-1 amplifyuibuilder.eu- HTTPS

Europe (Frankfurt) eu-central-1 amplifyuibuilder.eu- HTTPS

central-1.amazonaws.com
South America (Sao sa-east-1 amplifyuibuilder.sa- HTTPS

Paulo) east-1.amazonaws.com
US East (N. Virginia) us-east-1 amplifyuibuilder.us- HTTPS

Asia Pacific (Seoul) ap-northeast-2 amplifyuibuilder.ap- HTTPS

northeast-2.amazonaws.com
Amplify Service quotas

Description
Apps Each supported Yes The maximum number of

Region: 25 apps that you can create
in AWS Amplify Console in
this account in the current
Region.
Branches per app Each supported Yes The maximum number of

Region: 50 branches per app that you
can create in this account in
the current Region.
Build artifact size Each supported No The maximum size (in GB)
Region: 5 Gigabytes of an app build artifact. A
build artifact is deployed by
AWS Amplify Console after
a build.
Cache artifact size Each supported No The maximum size (in GB)
Region: 5 Gigabytes of a cache artifact.
Concurrent jobs Each supported Yes The maximum number of

Region: 5 concurrent jobs that you
the current Region.
Domains per app Each supported Yes The maximum number of

Region: 5 domains per app that you
Version 1.0
28
Amplify Studio (UI Builder) Service quotas

Description
the current Region.
Environment cache artifact size Each supported No The maximum size (in GB)
Region: 5 Gigabytes of the environment cache
artifact.
Manual deploy ZIP file size Each supported No The maximum size (in GB)
Region: 5 Gigabytes of a manual deploy ZIP file.
Maximum app creations per hour Each supported No The maximum number of
Region: 25 apps that you can create in
AWS Amplify Console per
hour in this account in the
current Region.
Subdomains per domain Each supported Yes The maximum number of

Region: 50 subdomains per domain
that you can create in this
account in the current
Region.
Webhooks per app Each supported Yes The maximum number of

Region: 50 webhooks per app that you
the current Region.
Amplify Studio (UI Builder) Service quotas
Components per app All supported Regions: No

1000
Component size All supported Regions: No

350 Kilobytes
Themes per app All supported Regions: No

1000
Theme size All supported Regions: No

350 Kilobytes
Amazon API Gateway endpoints and quotas

Version 1.0
29
Service endpoints
Service endpoints
Amazon API Gateway includes the API Gateway Control Plane (for creating and managing APIs) and the
API Gateway Data Plane (for calling deployed APIs).
The Route 53 Hosted Zone ID column shows the Route 53 Hosted Zone IDs for API Gateway Regional
endpoints. Route 53 Hosted Zone IDs are for use with the execute-api (API Gateway component
service for API execution) domain. For edge-optimized endpoints, the Route 53 Hosted Zone ID is
Z2FDTNDATAQYW2 for all Regions.
Amazon API Gateway control plane

Name
US East us-east-2 apigateway.us-east-2.amazonaws.com HTTPS

(Ohio)
apigateway-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 apigateway.us-east-1.amazonaws.com HTTPS

Virginia)
apigateway-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 apigateway.us-west-1.amazonaws.com HTTPS

West (N.
California) apigateway-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 apigateway.us-west-2.amazonaws.com HTTPS

(Oregon)
apigateway-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 apigateway.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 apigateway.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- apigateway.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- apigateway.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- apigateway.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
30
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- apigateway.ca-central-1.amazonaws.com HTTPS

(Central) central-1
apigateway-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- apigateway.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 apigateway.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- apigateway.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 apigateway.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- apigateway.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- apigateway.me-central-1.amazonaws.com HTTPS

East (UAE) central-1
South sa-east-1 apigateway.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- apigateway.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) apigateway-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- apigateway.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) apigateway-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
31
Service endpoints
Amazon API Gateway data plane
Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID
US East us-east-2 execute-api.us-east-2.amazonaws.com HTTPS ZOJJZC49E0EPZ

(Ohio)
US us-east-1 execute-api.us-east-1.amazonaws.com HTTPS Z1UJRXOUMOOFQ8

East (N.
Virginia)
US us- execute-api.us-west-1.amazonaws.com HTTPS Z2MUQ32089INYE

West (N. west-1
California)
US West us- execute-api.us-west-2.amazonaws.com HTTPS Z2OJLYMUO9EFXC

(Oregon) west-2
Africa af- execute-api.af-south-1.amazonaws.com HTTPS Z2DHW2332DAMTN

(Cape south-1
Town)
Asia ap-east-1 execute-api.ap-east-1.amazonaws.com HTTPS Z3FD1VL90ND7K5

Pacific
(Hong
Kong)
Asia ap- execute-api.ap-south-1.amazonaws.com HTTPS Z3VO1THU9YC4UR

Pacific south-1
(Mumbai)
Asia ap- execute-api.ap-northeast-2.amazonaws.com HTTPS Z20JF4UZKIW1U8

(Seoul)
Asia ap- execute-api.ap-southeast-1.amazonaws.com HTTPS ZL327KTPIQFUL

(Singapore)
Asia ap- execute-api.ap-southeast-2.amazonaws.com HTTPS Z2RPCDW04V8134

(Sydney)
Asia ap- execute-api.ap-northeast-1.amazonaws.com HTTPS Z1YSHQZHG15GKL

(Tokyo)
Canada ca- execute-api.ca-central-1.amazonaws.com HTTPS Z19DQILCV0OWEC

(Central) central-1
Europe eu- execute-api.eu-central-1.amazonaws.com HTTPS Z1U9ULNL0V5AJ3

Europe eu- execute-api.eu-west-1.amazonaws.com HTTPS ZLY8HYME6SFDD

(Ireland) west-1
Version 1.0
32
Service quotas

Name Hosted
Zone ID
Europe eu- execute-api.eu-west-2.amazonaws.com HTTPS ZJ5UAJN8Y3Z2Q

(London) west-2
Europe eu- execute-api.eu-south-1.amazonaws.com HTTPS Z3BT4WSQ9TDYZV

(Milan) south-1
Europe eu- execute-api.eu-west-3.amazonaws.com HTTPS Z3KY65QIEKYHQQ

(Paris) west-3
Europe eu- execute-api.eu-north-1.amazonaws.com HTTPS Z3UWIKFBOOGXPP

(Stockholm)north-1
Middle me- execute-api.me-south-1.amazonaws.com HTTPS Z20ZBPC0SS8806

East south-1
(Bahrain)
Middle me- execute-api.me-central-1.amazonaws.com HTTPS

East central-1
(UAE)
South sa-east-1 execute-api.sa-east-1.amazonaws.com HTTPS ZCMLWB8V5SYIT

America
(São
Paulo)
AWS us-gov- execute-api.us-gov-east-1.amazonaws.com HTTPS Z3SE9ATJYCRCZJ

GovCloud east-1
(US-East)
AWS us-gov- execute-api.us-gov-west-1.amazonaws.com HTTPS Z1K6XKP9SAGWDV

GovCloud west-1
(US-
West)
Service quotas

Description
API Payload Size Each supported No Maximum payload size for

Region: 10 non WebSocket API.
Megabytes
API Stage throttles in a usage plan Each supported No The maximum number of
Region: 100 API-stage throttle settings
you can create in a usage
plan in this account in the
current region
API keys Each supported No The maximum number

Region: 10,000 of API keys that you can
create in this account in the
current region
Version 1.0
33
Service quotas

Description
AWS Lambda authorizer result size Each supported No The maximum size of AWS
Region: 8 Kilobytes Lambda authorizer result.
Client certificates Each supported Yes The maximum number of

Region: 60 certificates that you can
associate with this account
in the current region
Connection duration for WebSocket API Each supported No Maximum duration for
Region: 7,200 WebSocket API connection.
Seconds
Custom Domain Names Each supported Yes The maximum number of

Region: 120 Custom domain names
region
Edge API URL Length Each supported No Length, in characters,

Region: 8,192 of the URL for an edge-
optimized API.
Edge-optimized APIs Each supported No The maximum number

Region: 120 of edge-optimized APIs
region
Maximum API caching TTL Each supported No The maximum API caching
Region: 3,600 TTL you can have in this
Seconds account in the current
region.
Maximum Cached Response Size Each supported No Maximum size of cached

Region: 1,048,576 response in bytes
Bytes
Maximum Combined Header Size Each supported No Maximum combined size of

Region: 10,240 all header values
Bytes
Maximum Iterations In Mapping Template Each supported No Maximum number of

Region: 1,000 iterations in a #foreach ...
#end loop in mapping
templates
Maximum integration timeout in Each supported No The maximum integration

milliseconds Region: 29,000 timeout in milliseconds you
Milliseconds can have in this account in
the current region.
Maximum resource policy size in bytes Each supported Yes The maximum resource
Region: 8,192 policy size in bytes you can
have in this account in the
current region.
Version 1.0
34
Service quotas

Description
Method ARN Length Each supported No ARN length of a method

Region: 1,600 Bytes with authorization
Private APIs Each supported No The maximum number of

Region: 600 private APIs that you can
current region
Regional API URL Length Each supported No Length, in characters, of

Region: 10,240 the URL for a regional API
Regional APIs Each supported No The maximum number of

Region: 600 regional APIs that you can
current region
Resources/Routes per REST/WebSocket Each supported Yes The maximum number of

API Region: 300 resources/routes that you
can include in a REST or
WebSocket API
Routes per HTTP API Each supported Yes The maximum number of
Region: 300 routes that you can include
in an HTTP API
Stage Variable Key Length Each supported No Length, in characters, of

Region: 64 the key in a stage variable
Stage Variable Value Length Each supported No Length, in characters, of

Region: 512 the value in a stage variable
Stage variables per stage Each supported No Stage variables per stage
Region: 100
Stages per API Each supported Yes The maximum number of

Region: 10 stages that you can create
for an API
Subnets per VPC link(V2) Each supported Yes The maximum number of
Region: 10 subnets per V2 VPC link in
Region
Tags Per Stage Each supported No Maximum tags per stage.

Region: 50
Throttle burst rate af-south-1: 1,250 No The maximum number of

additional requests per
eu-south-1: 1,250 second (RPS) that you can
send in one burst in this
Each of the other account in the current
supported Regions: region
5,000
Version 1.0
35
AWS AppConfig

Description
Throttle rate af-south-1: 2,500 Yes The maximum number of

requests per second that
eu-south-1: 2,500 your APIs can receive in
Each of the other region
supported Regions:
10,000
Usage plans Each supported Yes The maximum number of

Region: 300 usage plans that you can
current region
Usage plans per API key Each supported Yes The maximum number of
Region: 10 usage plans that you can
associate with an API key
VPC links Each supported Yes The maximum number

Region: 20 of VPC links that you can
current region
VPC links(V2) Each supported Yes The maximum number of

Region: 10 V2 VPC links that you can
current Region
WebSocket Idle Connection Timeout Each supported No WebSocket API idle

Region: 600 connection timeout.
Seconds
WebSocket frame size Each supported No Maximum WebSocket

Region: 32 Kilobytes frame size.
WebSocket message payload size Each supported No Maximum WebSocket

Region: 128 message payload size.
Kilobytes
WebSocket new connections burst rate Each supported No New connections in burst
Region: 500 capacity per account (across
all WebSocket APIs) per
region
WebSocket new connections rate Each supported Yes New connections per
Region: 500 second per account (across
all WebSocket APIs) per
region
For more information, see Quotas in Amazon API Gateway in the API Gateway Developer Guide.
AWS AppConfig endpoints and quotas

Version 1.0
36
Service endpoints
AWS AppConfig is a capability of AWS Systems Manager. To view endpoints and quotas of other Systems
Manager capabilities, see AWS Systems Manager endpoints and quotas (p. 927).
Service endpoints
The following sections describe the service endpoints for AWS AppConfig. AWS AppConfig uses control
plane APIs for setting up and configuring AWS AppConfig applications, environments, configuration
profiles, and deployment strategies. AWS AppConfig uses the AWS AppConfig Data service to call data
plane APIs for retrieving stored configurations.
Topics
• Control plane endpoints (p. 37)
• Data plane endpoints (p. 39)
Control plane endpoints

The following table contains AWS Region-specific endpoints that AWS AppConfig supports for control
plane operations. Control plane operations are used for creating, updating, and managing configuration
data. For more information, see AWS AppConfig operations in the AWS AppConfig API Reference.

Name
US East us-east-2 appconfig.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 appconfig.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 appconfig.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 appconfig.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 appconfig.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 appconfig.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- appconfig.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- appconfig.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
37
Service endpoints

Name
Asia ap- appconfig.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- appconfig.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appconfig.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 appconfig.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- appconfig.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 appconfig.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- appconfig.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- appconfig.me-central-1.amazonaws.com HTTPS

South sa-east-1 appconfig.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- appconfig.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) appconfig.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
38
Service endpoints

Name
AWS us-gov- appconfig.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) appconfig.us-gov-west-1.amazonaws.com HTTPS
Data plane endpoints

The following table contains AWS Region-specific endpoints that AWS AppConfig Data supports for data
plane operations. Data plane operations are used for retrieving configuration data. For more information,
see AWS AppConfig Data operations in the AWS AppConfig API Reference.

Name
US East us-east-2 appconfigdata.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 appconfigdata.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 appconfigdata.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 appconfigdata.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 appconfigdata.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 appconfigdata.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- appconfigdata.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- appconfigdata.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- appconfigdata.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- appconfigdata.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Version 1.0
39
Service quotas

Name

(Tokyo)
Canada ca- appconfigdata.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appconfigdata.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 appconfigdata.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- appconfigdata.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 appconfigdata.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- appconfigdata.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 appconfigdata.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- appconfigdata.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- appconfigdata.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas

Description
Configuration size limit in AWS AppConfig Each supported Yes AWS AppConfig hosted
hosted configuration store Region: 1,024 configuations have a
Kilobytes limit for each version of
configuration data. Hosted
configurations do not have
additional costs to use in
AWS AppConfig.
Version 1.0
40
App Mesh

Description
Deployment size limit Each supported Yes AWS AppConfig limits

Region: 1,024 configuration data stored in
Kilobytes Amazon S3 to 1 MB. Please
see S3s pricing information
to understand costs of
storage in S3.
Maximum number of applications Each supported Yes An application in AWS

Region: 100 AppConfig is a logical unit
of code (a namespace)
that provides capabilities
for your customers. An
application can be a
microservice that runs on
EC2 instances, a mobile
application installed by
your users, a serverless
application using Amazon
API Gateway and AWS
Lambda, or any system you
run on behalf of others.
Maximum number of configuration Each supported Yes Configuration profiles

profiles per application Region: 100 contain metadata about
a particular set of
configuration data used by
your application.
Maximum number of deployment Each supported Yes A deployment strategy

strategies Region: 20 defines how configuration
deploys, or rolls out, across
the collection of instances
within a specific application
environment.
Maximum number of environments per Each supported Yes An environment

application Region: 20 corresponds to a grouping
of instances associated
with an application.
Examples of environments
include stages such as beta
and prod, or application
subcomponents such as
web, mobile, and service.
AWS App Mesh endpoints and quotas

Version 1.0
41
Service endpoints
Service endpoints

Name
US East us-east-2 appmesh.us-east-2.amazonaws.com HTTPS

(Ohio)
appmesh-envoy-management-fips.us- HTTPS
HTTPS
appmesh.us-east-2.api.aws
HTTPS
appmesh-envoy-management-fips.us-
east-2.api.aws HTTPS
appmesh-envoy-management.us- HTTPS
HTTPS
appmesh-envoy-management.us-east-2.api.aws
HTTPS
appmesh-fips.us-east-2.api.aws
appmesh-fips.us-east-2.amazonaws.com
US East (N. us-east-1 appmesh.us-east-1.amazonaws.com HTTPS

Virginia)
appmesh-envoy-management.us-east-1.api.aws HTTPS
appmesh-fips.us-east-1.amazonaws.com HTTPS
east-1.api.aws
HTTPS
appmesh-envoy-management.us-
east-1.amazonaws.com HTTPS
appmesh.us-east-1.api.aws HTTPS
appmesh-fips.us-east-1.api.aws HTTPS
US us-west-1 appmesh.us-west-1.amazonaws.com HTTPS

West (N.
California) appmesh-envoy-management.us- HTTPS
HTTPS
appmesh.us-west-1.api.aws
HTTPS
appmesh-fips.us-west-1.api.aws
HTTPS
appmesh-fips.us-west-1.amazonaws.com
HTTPS
appmesh-envoy-management.us-west-1.api.aws
HTTPS
west-1.amazonaws.com HTTPS
Version 1.0
42
Service endpoints

Name
west-1.api.aws
US West us-west-2 appmesh.us-west-2.amazonaws.com HTTPS

(Oregon)
appmesh-envoy-management.us- HTTPS
HTTPS
west-2.amazonaws.com HTTPS
appmesh-fips.us-west-2.amazonaws.com HTTPS
appmesh.us-west-2.api.aws HTTPS
appmesh-fips.us-west-2.api.aws HTTPS
west-2.api.aws
appmesh-envoy-management.us-west-2.api.aws
Africa af-south-1 appmesh.af-south-1.amazonaws.com HTTPS

(Cape
Town) appmesh-envoy-management.af- HTTPS
HTTPS
appmesh.af-south-1.api.aws
HTTPS
appmesh-envoy-management.af-south-1.api.aws
Asia ap-east-1 appmesh.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong appmesh.ap-east-1.api.aws HTTPS
Kong)
appmesh-envoy-management.ap-east-1.api.aws HTTPS
appmesh-envoy-management.ap- HTTPS
Asia ap- appmesh.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) appmesh-envoy-management.ap- HTTPS
southeast-3.amazonaws.com
HTTPS
appmesh.ap-southeast-3.api.aws
HTTPS
appmesh-envoy-management.ap-
southeast-3.api.aws
Asia ap- appmesh.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) appmesh.ap-south-1.api.aws HTTPS
appmesh-envoy-management.ap- HTTPS
HTTPS
appmesh-envoy-management.ap-south-1.api.aws
Version 1.0
43
Service endpoints

Name
Asia ap- appmesh.ap-northeast-3.amazonaws.com HTTPS

(Osaka) appmesh-envoy-management.ap- HTTPS
HTTPS
northeast-3.api.aws HTTPS
appmesh.ap-northeast-3.api.aws

(Seoul) appmesh-envoy-management.ap- HTTPS
northeast-2.api.aws
HTTPS
northeast-2.amazonaws.com HTTPS

(Singapore) appmesh-envoy-management.ap- HTTPS
southeast-1.api.aws
HTTPS
HTTPS

(Sydney) appmesh-envoy-management.ap- HTTPS
southeast-2.api.aws
HTTPS
southeast-2.amazonaws.com HTTPS

(Tokyo) appmesh-envoy-management.ap- HTTPS
northeast-1.api.aws
HTTPS
northeast-1.amazonaws.com HTTPS
Version 1.0
44
Service endpoints

Name
Canada ca- appmesh.ca-central-1.amazonaws.com HTTPS

(Central) central-1
appmesh-envoy-management-fips.ca- HTTPS
central-1.api.aws
HTTPS
appmesh.ca-central-1.api.aws
HTTPS
appmesh-envoy-management.ca-
central-1.api.aws HTTPS
appmesh-fips.ca-central-1.amazonaws.com HTTPS
appmesh-envoy-management.ca- HTTPS
HTTPS
appmesh-fips.ca-central-1.api.aws
appmesh-envoy-management-fips.ca-
Europe eu- appmesh.eu-central-1.amazonaws.com HTTPS

appmesh.eu-central-1.api.aws HTTPS
appmesh-envoy-management.eu- HTTPS
HTTPS
appmesh-envoy-management.eu-
central-1.api.aws
Europe eu-west-1 appmesh.eu-west-1.amazonaws.com HTTPS

(Ireland)
appmesh-envoy-management.eu-west-1.api.aws HTTPS
HTTPS
appmesh.eu-west-1.api.aws

(London)
appmesh.eu-west-2.api.aws HTTPS
HTTPS
appmesh-envoy-management.eu-west-2.api.aws
Europe eu- appmesh.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
appmesh-envoy-management.eu-south-1.api.aws HTTPS
HTTPS
appmesh.eu-south-1.api.aws
Version 1.0
45
Service quotas

Name

(Paris)
HTTPS
appmesh-envoy-management.eu-west-3.api.aws
HTTPS
appmesh.eu-west-3.api.aws
Europe eu-north-1 appmesh.eu-north-1.amazonaws.com HTTPS

(Stockholm)
appmesh.eu-north-1.api.aws HTTPS
appmesh-envoy-management.eu-north-1.api.aws HTTPS
Middle me- appmesh.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) appmesh-envoy-management.me-south-1.api.aws HTTPS
appmesh-envoy-management.me- HTTPS
HTTPS
appmesh.me-south-1.api.aws
South sa-east-1 appmesh.sa-east-1.amazonaws.com HTTPS

America
(São appmesh.sa-east-1.api.aws HTTPS
Paulo)
appmesh-envoy-management.sa-east-1.api.aws HTTPS
appmesh-envoy-management.sa- HTTPS
Service quotas

Description
Backends per virtual node Each supported No Number of backends per

Region: 50 virtual node
Connected Envoy processes per virtual Each supported Yes Number of concurrently
gateway Region: 50 connected Envoy processes
per virtual gateway
Connected Envoy processes per virtual Each supported Yes Number of concurrently
node Region: 50 connected Envoy processes
per virtual node
Gateway routes per virtual gateway Each supported Yes Number of gateway routes
Region: 10 per virtual gateway
Version 1.0
46
App Runner

Description
Meshes per account Each supported Yes Number of meshes per

Region: 15 account
Routes per virtual router Each supported Yes Number of routes per
Region: 50 virtual router
Virtual gateways per mesh Each supported Yes Number of virtual gateways
Region: 3 per mesh
Virtual nodes per mesh Each supported Yes Number of virtual nodes
Region: 200 per mesh
Virtual routers per mesh Each supported Yes Number of virtual routers
Virtual services per mesh Each supported Yes Number of virtual services
Weighted targets per route Each supported No Number of weighted

Region: 10 targets per route
AWS App Runner endpoints and quotas

Service endpoints

Name Hosted
Zone ID
US East us-east-2 apprunner.us-east-2.amazonaws.com HTTPS Z0224347AD7KVHMLOX31

(Ohio)
apprunner-fips.us-east-2.amazonaws.com HTTPS
US us-east-1 apprunner.us-east-1.amazonaws.com HTTPS Z01915732ZBZKC8D32TPT

East (N.
Virginia) apprunner-fips.us-east-1.amazonaws.com HTTPS
US West us- apprunner.us-west-2.amazonaws.com HTTPS Z02243383FTQ64HJ5772Q

(Oregon) west-2
apprunner-fips.us-west-2.amazonaws.com HTTPS
Asia ap- apprunner.ap-northeast-1.amazonaws.com HTTPS Z08491812XW6IPYLR6CCA

(Tokyo)
Europe eu- apprunner.eu-west-1.amazonaws.com HTTPS Z087551914Z2PCAU0QHMW

(Ireland) west-1
Version 1.0
47
Service quotas
Service quotas
Description
Auto scaling configurations Each supported Yes The maximum number of

Region: 10 auto scaling configurations
Region. You can use
a single auto scaling
configuration in multiple
services.
Connections Each supported Yes The maximum number of

Region: 10 connections that you can
create in this account in
the current Region. You can
use a single connection in
multiple services.
Observability configurations Each supported Yes The maximum number of

Region: 10 observability configurations
Region. You can use
a single observability
configuration in multiple
services.
Services Each supported Yes The maximum number

Region: 30 of services that you can
current Region.
VPC connectors Each supported Yes The maximum number of

Region: 10 VPC connectors that you
the current Region. You can
use a single VPC connector
in multiple services.
Amazon AppFlow endpoints and quotas

You can't use IP allow listing in your Amazon S3 bucket policy to deny access to any other IP addresses
besides Amazon AppFlow IP addresses. This is because Amazon AppFlow uses a VPC endpoint when
placing data in your Amazon S3 buckets.
For more information about the IP addresses used by Amazon AppFlow, see AWS IP address ranges in the
Amazon Web Services General Reference.
Version 1.0
48
Service endpoints
Service endpoints

Name
US East us-east-2 appflow.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 appflow.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 appflow.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 appflow.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 appflow.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- appflow.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- appflow.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- appflow.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- appflow.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- appflow.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- appflow.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appflow.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 appflow.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
South sa-east-1 appflow.sa-east-1.amazonaws.com HTTPS

America
Version 1.0
49
Service quotas

Name
(São
Paulo)
Service quotas

Description
Amazon AppFlow flow run size Each supported No The maximum size (in
Region: 100 GB) of data that Amazon
Gigabytes AppFlow can process per
flow run in this account in
the current Region.
Amazon EventBridge event size Each supported No The maximum size (in KB)
Region: 256 of events that Amazon
Kilobytes EventBridge can process
per flow run in this account
in the current Region. If
your event exceeds this
size, Amazon AppFlow
publishes a summary
event with a pointer to the
Amazon S3 bucket where
you can get the full event.
Amplitude flow run size Each supported No The maximum size (in
Region: 25 MB) of data that can
Megabytes be processed per flow
run when when using
Amplitude as a source, in
Region.
Concurrent flow runs Each supported Yes The maximum number of

Region: 1,000 concurrent flow runs that
you can perform at any
time, in this account in the
current Region.
Connector profiles Each supported Yes The maximum number

Region: 100 of connector profiles in
Region.
Google Analytics dimensions Each supported No The maximum number

Region: 9 of Google Analytics
dimensions that can be
processed per flow run in
Region.
Google Analytics metrics Each supported No The maximum number of

Region: 10 Google Analytics metrics
Version 1.0
50
Service quotas

Description
that can be processed per
the current Region.
Marketo flow run size Each supported No The maximum size (in
Region: 20 MB) of data that can be
Megabytes processed per flow run
when using Marketo as a
source, in this account in
the current Region.
Monthly flow runs Each supported Yes The maximum number of

Region: 10,000,000 flow runs you can perform
per month in this account
in the current Region.
Rate of Amazon AppFlow flow runs Each supported No The maximum number of
Region: 1 schedule-triggered flows
that Amazon AppFlow
can run per minute in this
Region.
Rate of Amazon S3 flow runs Each supported No The maximum number of

that you can run per minute
when using Amazon S3 as
a source, in this account in
the current Region.
Rate of Amplitude flow runs Each supported No The maximum number of

that you can run per day
when using Amplitude as
the current Region.
Rate of Datadog flow runs Each supported No The maximum number of

when using Datadog as a
the current Region.
Rate of Dynatrace flow runs Each supported No The maximum number of

when using Dynatrace as
the current Region.
Version 1.0
51
Service quotas

Description
Rate of Google Analytics flow runs Each supported No The maximum number
Region: 1 of schedule-triggered
flows that you can run per
day when using Google
Analytics as a source, in
Region.
Rate of Infor Nexus flow runs Each supported No The maximum number of
when using Infor Nexus as
the current Region.
Rate of Marketo flow runs Each supported No The maximum number of

that you can run per hour
when using Marketo as a
the current Region.
Rate of Salesforce Pardot flow runs Each supported No The maximum number of
when using Salesforce
Pardot as a source, in this
Region.
Rate of Salesforce flow runs Each supported No The maximum number of

when using Salesforce as
the current Region.
Rate of ServiceNow flow runs Each supported No The maximum number of

when using ServiceNow as
the current Region.
Rate of Singular flow runs Each supported No The maximum number of

when using Singular as a
the current Region.
Version 1.0
52
Service quotas

Description
Rate of Slack flow runs Each supported No The maximum number of

when using Slack as a
the current Region.
Rate of TrendMicro flow runs Each supported No The maximum number of

when using TrendMicro as
the current Region.
Rate of Veeva flow runs Each supported No The maximum number of

when using Veeva as a
the current Region.
Rate of Zendesk flow runs Each supported No The maximum number of

when using Zendesk as a
the current Region.
Salesforce event size Each supported No The maximum size (in MB)
Region: 1 of events from Salesforce
Megabytes that can be processed per
the current Region.
Salesforce flow run data export size Each supported No The maximum size (in
Region: 500 MB) of records that you
Megabytes can insert, update, or
upsert into Salesforce per
flow run. If your source is
Amazon S3, each CSV file
cannot exceed 25 MB in
size. However, you can drop
multiple CSV files into the
source bucket or folder,
and Amazon AppFlow will
transfer all the data to
Salesforce in a single flow
run.
Salesforce flow run data import size Each supported No The maximum size (in GB)
Region: 15 of data that Salesforce
Gigabytes can import per flow run in
Region.
Version 1.0
53
Application Auto Scaling

Description
ServiceNow records Each supported No The maximum number of

Region: 100,000 ServiceNow records that
can be processed per flow
run in this account in the
current Region.
Total flows Each supported Yes The maximum number of

Region: 1,000 flows that you can have in
Region.
For more information, see Quotas for Amazon AppFlow in the Amazon AppFlow User Guide.
Application Auto Scaling endpoints and quotas

Service endpoints

Name
US East us-east-2 application-autoscaling.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 application-autoscaling.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 application-autoscaling.us- HTTP and

West (N. west-1.amazonaws.com HTTPS
California)
US West us-west-2 application-autoscaling.us- HTTP and

(Oregon) west-2.amazonaws.com HTTPS
Africa af-south-1 application-autoscaling.af- HTTP and

(Cape south-1.amazonaws.com HTTPS
Town)
Asia ap-east-1 application-autoscaling.ap- HTTP and

Pacific east-1.amazonaws.com HTTPS
(Hong
Kong)
Asia ap- application-autoscaling.ap- HTTP and

Pacific southeast-3 southeast-3.amazonaws.com HTTPS
(Jakarta)
Version 1.0
54
Service endpoints

Name

Pacific south-1 south-1.amazonaws.com HTTPS
(Mumbai)

Pacific northeast-3 northeast-3.amazonaws.com HTTPS
(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- application-autoscaling.ca- HTTP and

(Central) central-1 central-1.amazonaws.com HTTPS
Europe eu- application-autoscaling.eu- HTTP and

(Frankfurt) central-1 central-1.amazonaws.com HTTPS
Europe eu-west-1 application-autoscaling.eu- HTTP and

(Ireland) west-1.amazonaws.com HTTPS

(London) west-2.amazonaws.com HTTPS
Europe eu- application-autoscaling.eu- HTTP and

(Milan) south-1 south-1.amazonaws.com HTTPS

(Paris) west-3.amazonaws.com HTTPS
Europe eu-north-1 application-autoscaling.eu- HTTP and

(Stockholm) north-1.amazonaws.com HTTPS
Middle me- application-autoscaling.me- HTTP and

East south-1 south-1.amazonaws.com HTTPS
(Bahrain)
Middle me- application-autoscaling.me- HTTP and

East (UAE) central-1 central-1.amazonaws.com HTTPS
South sa-east-1 application-autoscaling.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
Version 1.0
55
Service quotas

Name
AWS us-gov- application-autoscaling.us-gov- HTTP and

GovCloud east-1 east-1.amazonaws.com HTTPS
(US-East)
AWS us-gov- application-autoscaling.us-gov- HTTP and

GovCloud west-1 west-1.amazonaws.com HTTPS
(US-West)
Service quotas

Description
Scalable targets for Amazon Keyspaces Each supported Yes The maximum number
Region: 500 of scalable targets that
you can register for the
Cassandra namespace in
Region. A scalable target
identifies the resource that
can scale.
Scalable targets for Amazon MSK Each supported Yes The maximum number
Kafka namespace in this
can scale.
Scalable targets for AppStream Each supported Yes The maximum number
AppStream namespace in
can scale.
Scalable targets for Comprehend Each supported Yes The maximum number
Comprehend namespace in
can scale.
Version 1.0
56
Service quotas

Description
Scalable targets for DynamoDB Each supported Yes The maximum number
Region: 5,000 of scalable targets that
DynamoDB namespace in
can scale.
Scalable targets for EC2 Each supported Yes The maximum number
EC2 namespace in this
can scale.
Scalable targets for ECS Each supported Yes The maximum number
Region: 3,000 of scalable targets that
ECS namespace in this
can scale.
Scalable targets for EMR Each supported Yes The maximum number
you can register for
the Elastic MapReduce
(EMR) namespace in this
can scale.
Scalable targets for Lambda Each supported Yes The maximum number
Lambda namespace in
can scale.
Version 1.0
57
Application Discovery Service

Description
Scalable targets for RDS Each supported Yes The maximum number
RDS namespace in this
can scale.
Scalable targets for SageMaker Each supported Yes The maximum number
SageMaker namespace in
can scale.
Scalable targets for custom resources Each supported Yes The maximum number of
Region: 500 scalable targets that you
can register for the custom
resource namespace in
can scale.
Scaling policies per scalable target Each supported No The maximum number of
Region: 50 scaling policies per scalable
target.
Scheduled actions per scalable target Each supported No The maximum number
Region: 200 of scheduled actions per
scalable target.
Step adjustments per step scaling policy Each supported No The maximum number of
Region: 20 step adjustments per step
scaling policy.
For more information, see Quotas for Application Auto Scaling in the Application Auto Scaling User Guide.
AWS Application Discovery Service endpoints and

quotas
Version 1.0
58
Service endpoints
Service endpoints
Name
US East (N. us-east-1 discovery.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 discovery.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- discovery.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- discovery.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- discovery.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 discovery.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 discovery.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
Description
Active agents sending data to the service Each supported No The maximum number of
Region: 1,000 active agents sending data
to the service.
Applications per account Each supported No The maximum number of

Region: 1,000 applications per account.
If you reach this quota,
and want to import new
applications, you can
delete existing applications
in the Migration Hub
console or by using the
DeleteApplications API
action.
Deletions of import records per day Each supported No The maximum number of
Region: 25,000 deletions of import records
per day. Each day starts at
00:00 UTC.
Imported server records per account Each supported No The maximum number of
Region: 25,000 imported server records per
account.
Version 1.0
59
Application Migration Service

Description
Imported servers per account Each supported Yes The maximum number
Region: 10,000 of imported servers per
account.
Inactive agents heartbeating but not Each supported No The maximum number
collecting data Region: 10,000 of inactive agents
heartbeating but not
collecting data.
Servers per application Each supported No The maximum number

Region: 400 of servers that can be
associated with a single
application.
Tags per server Each supported No The maximum number of

Region: 30 tags for a single server.
AWS Application Migration Service endpoints and

quotas
Service endpoints
Name
US East us-east-2 mgn.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 mgn.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 mgn.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 mgn.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 mgn.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 mgn.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
60
Service endpoints

Name
Asia ap- mgn.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- mgn.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mgn.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- mgn.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- mgn.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mgn.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- mgn.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 mgn.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- mgn.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 mgn.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
61
Service quotas
Service quotas
Description
Concurrent jobs in progress Each supported No Concurrent jobs in progress

Region: 20
Max Active Source Servers Each supported Yes Max Active Source Servers
Region: 20
Max Non-Archived Source Servers Each supported No Max Non-Archived Source

Region: 4,000 Servers
Max Source Servers in a single Job Each supported No Max Source Servers in a
Region: 200 single Job
Max Source Servers in all Jobs Each supported No Max Source Servers in all
Region: 200 Jobs
Max Total Source Servers Per AWS Account Each supported No Max Total Source Servers
Region: 50,000 Per AWS Account
Max concurrent Jobs per Source Server Each supported No Max concurrent Jobs per
Region: 1 Source Server
The following table lists additional information.
Resource Retention
Launch history Saved for 10 years
Individual Job log Saved for 185 days
Amazon AppStream 2.0 endpoints and quotas

Service endpoints
Name
US East us-east-2 appstream2.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 appstream2.us-east-1.amazonaws.com HTTPS

Virginia)
appstream2-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
62
Service quotas

Name
appstream2-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 appstream2.us-west-2.amazonaws.com HTTPS

(Oregon)
appstream2-fips.us-west-2.amazonaws.com HTTPS
appstream2-fips.us-west-2.amazonaws.com HTTPS
Asia ap- appstream2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- appstream2.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- appstream2.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- appstream2.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- appstream2.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- appstream2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appstream2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 appstream2.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 appstream2.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- appstream2.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) appstream2-fips.us-gov-west-1.amazonaws.com HTTPS
appstream2-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Active fleets Each supported Yes The maximum number of

Region: 10 active fleets that you can
current Region.
Version 1.0
63
Service quotas

Description
Compute-optimized 2xlarge streaming Each supported Yes The maximum number

instances for fleets Region: 0 of compute-optimized
2xlarge streaming instances
(stream.compute.2xlarge)
that you can use for fleets
in this account in the
current Region.

instances for image builders Region: 0 of compute-optimized
that you can use for image
builders in this account in
the current Region.

instances for fleets Region: 0 of compute 4xlarge
streaming instances
current Region.

the current Region.

current Region.

the current Region.
Compute-optimized large streaming Each supported Yes The maximum number

large streaming instances
(stream.compute.large) that
you can use for fleets in
Region.
Version 1.0
64
Service quotas

Description
Compute-optimized large streaming Each supported Yes The maximum number

(stream.compute.large)
the current Region.
Compute-optimized xlarge streaming Each supported Yes The maximum number

xlarge streaming instances
(stream.compute.xlarge)
current Region.
Compute-optimized xlarge streaming Each supported Yes The maximum number

(stream.compute.xlarge)
the current Region.
Concurrent image copies per destination Each supported Yes The maximum number of
Region Region: 2 concurrent image copies
that you can have in this
Region.
Concurrent image updates Each supported Yes The maximum number of

Region: 5 concurrent image updates
Region.
Fleets Each supported Yes The maximum number of

Region: 10 fleets that you can create in
Region.
Graphics G4DN 12xlarge streaming Each supported Yes No Description Available

instances for fleets Region: 0

instances for image builders Region: 0


Version 1.0
65
Service quotas

Description
Graphics G4DN 2xlarge streaming Each supported Yes The maximum number
instances for fleets Region: 0 of graphics G4DN
2xlarge instances
(stream.graphics.g4dn.2xlarge)
current Region.
instances for image builders Region: 0 of graphics G4DN
2xlarge instances
the current Region.
4xlarge instances
current Region.
4xlarge instances
the current Region.
8xlarge instances
current Region.
8xlarge instances
the current Region.
Graphics G4DN xlarge streaming instances Each supported Yes The maximum number
for fleets Region: 0 of graphics G4DN
xlarge instances
(stream.graphics.g4dn.xlarge)
current Region.
Version 1.0
66
Service quotas

Description
Graphics G4DN xlarge streaming instances Each supported Yes The maximum number
for image builders Region: 0 of graphics G4DN
xlarge instances
(stream.graphics.g4dn.xlarge)
the current Region.
Graphics design 2xlarge streaming Each supported Yes No Description Available




Graphics design large streaming instances Each supported Yes No Description Available
for fleets Region: 10
Graphics design large streaming instances Each supported Yes No Description Available
for image builders Region: 3
Graphics design xlarge streaming instances Each supported Yes No Description Available
Graphics design xlarge streaming instances Each supported Yes No Description Available
Graphics desktop 2xlarge streaming Each supported Yes No Description Available

Graphics desktop 2xlarge streaming Each supported Yes No Description Available

Graphics pro 16xlarge streaming instances Each supported Yes No Description Available
Version 1.0
67
Service quotas

Description
Image builders Each supported Yes The maximum number of

Region: 10 image builders that you can
current Region.
Image sharing limit Each supported Yes The maximum number of

Region: 100 AWS accounts one image
can be shared with in this
Region.
Max concurrent sessions for Elastic fleets Each supported Yes No Description Available
with Amazon Linux 2 platform and Region: 2
stream.standard.2xlarge instance type
stream.standard.large instance type
stream.standard.medium instance type
stream.standard.small instance type
stream.standard.xlarge instance type
with Windows Server 2019 platform and Region: 2
stream.standard.2xlarge instance type
stream.standard.large instance type
stream.standard.medium instance type
stream.standard.small instance type
stream.standard.xlarge instance type
Version 1.0
68
Service quotas

Description
Memory-optimized 2xlarge streaming Each supported Yes The maximum number

instances for fleets Region: 0 of memory-optimized
(stream.memory.2xlarge)
current Region.

instances for image builders Region: 0 of memory-optimized
the current Region.

current Region.

the current Region.
Memory-optimized 8xlarge streaming Each supported Yes No Description Available

Memory-optimized 8xlarge streaming Each supported Yes No Description Available

Memory-optimized large streaming Each supported Yes The maximum number

(stream.memory.large) that
Region.
Memory-optimized large streaming Each supported Yes The maximum number

(stream.memory.large)
the current Region.
Version 1.0
69
Service quotas

Description
Memory-optimized xlarge streaming Each supported Yes The maximum number

(stream.memory.xlarge)
current Region.
Memory-optimized xlarge streaming Each supported Yes The maximum number

(stream.memory.xlarge)
the current Region
Memory-optimized z1d 12xlarge Each supported Yes No Description Available

streaming instances for fleets Region: 0
Memory-optimized z1d 12xlarge Each supported Yes No Description Available

streaming instances for image builders Region: 0
Memory-optimized z1d 2xlarge streaming Each supported Yes No Description Available






Memory-optimized z1d large streaming Each supported Yes No Description Available

Memory-optimized z1d large streaming Each supported Yes No Description Available

Memory-optimized z1d xlarge streaming Each supported Yes No Description Available

Memory-optimized z1d xlarge streaming Each supported Yes No Description Available

Private images Each supported Yes The maximum number of

Region: 10 private images that you can
current Region.
Version 1.0
70
Service quotas

Description
Stacks Each supported Yes The maximum number

Region: 10 of stacks that you can
current Region.
Standard 2xlarge streaming instances for Each supported Yes No Description Available
fleets Region: 10
Standard large streaming instances for Each supported Yes The maximum number
fleets Region: 50 of standard large
streaming instances
(stream.standard.large) that
Region.
Standard large streaming instances for Each supported Yes The maximum number
image builders Region: 5 of standard large
streaming instances
(stream.standard.large)
the current Region.
Standard medium streaming instances for Each supported Yes The maximum number
fleets Region: 50 of standard medium
streaming instances
(stream.standard.medium)
current Region.
Standard medium streaming instances for Each supported Yes The maximum number
image builders Region: 5 of standard medium
streaming instances
(stream.standard.medium)
the current Region.
Standard small streaming instances for Each supported Yes The maximum number
fleets Region: 50 of standard small
streaming instances
(stream.standard.small)
current Region.
Standard small streaming instances for Each supported Yes The maximum number
image builders Region: 5 of standard small
streaming instances
(stream.standard.small)
the current Region.
Version 1.0
71
AWS AppSync

Description
Standard xlarge streaming instances for Each supported Yes No Description Available
fleets Region: 10
Users in the user pool Each supported Yes The maximum number of
Region: 50 users that you can create
in the user pool in this
Region.
*For fleets that have Default Internet Access enabled, the quota is 100 fleet instances. If your
deployment must support more than 100 concurrent users, use a NAT gateway configuration instead.
AWS AppSync endpoints and quotas

Service endpoints
AWS AppSync control plane

Name
US East us-east-2 appsync.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 appsync.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 appsync.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 appsync.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 appsync.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- appsync.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- appsync.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
72
Service endpoints

Name

(Seoul)
Asia ap- appsync.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)

(Tokyo)
Canada ca- appsync.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appsync.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 appsync.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- appsync.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 appsync.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- appsync.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 appsync.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS AppSync data plane

Name
US East us-east-2 appsync.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
73
Service endpoints

Name
US East (N. us-east-1 appsync.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 appsync.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 appsync.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 appsync.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- appsync.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- appsync.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- appsync.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)
Europe eu- appsync.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Version 1.0
74
Service quotas

Name
Europe eu-north-1 appsync.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- appsync.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 appsync.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
API keys per API Each supported No Maximum number of API

Region: 50 keys per GraphQL API
APIs per region Each supported Yes Maximum number of APIs

Region: 25 per region
Authentication providers per API Each supported No The maximum number of

Region: 50 authentication providers
per API
Evaluated resolver template size Each supported No Maximum size of the

Region: 5 evaluated resolver
Megabytes template
Functions per pipeline resolver Each supported No Maximum number of

Region: 10 functions per pipeline
resolver
Iterations in a foreach loop in mapping Each supported No Maximum number

templates Region: 1,000 of iterations in
#foreach...#end loop in
mapping templates
Max Batch Size Each supported No The maximum length of

Region: 2,000 the resolver request list
that will be sent to a single
Lambda function for a
BatchInvoke operation.
Number of caching keys Each supported No The maximum number of

Region: 25 caching keys
Number of custom domain names Each supported Yes The maximum number of
Region: 25 custom domain names per
region
Version 1.0
75
Service quotas

Description
Rate of request tokens Each supported Yes The maximum number

Region: 2,000 per of request tokens per
second second in this account
AWS AppSync allocates
tokens to mutation
and query requests
based on the amount
of resources (processing
time and memory) that
they consume. For more
details on tokens, see
the Monitoring section
in the AWS AppSync
documentation.
Rate of subscription invalidation requests Each supported No The maximum number of

Region: 100 per invalidation requests per
second second per account per
region
Request execution time for mutations, Each supported No Maximum GraphQL request
queries, and subscriptions Region: 30 Seconds (queries, mutations,
subscriptions) execution
time
Request mapping template size Each supported No Maximum size of the

Region: 64 Kilobytes request mapping template
Resolvers executed in a single request Each supported No The maximum number

Region: 10,000 of resolvers that can be
executed in a single request
Response mapping template size Each supported No Maximum size of the

Region: 64 Kilobytes response mapping
template
Schema document size Each supported No Maximum size of the

Region: 1 schema document
Megabytes
Subscription payload size Each supported No Maximum size of the

Region: 240 message received via
Kilobytes subscriptions
Subscriptions per connection Each supported Yes Subscriptions code

Region: 100 statements per client
in a single WebSocket
connection. Each statement
allows the client to receive
multiple messages related
to the specific subscription.
Rate of request tokens is the maximum number of request tokens per second in this account in the
current Region. AWS AppSync allocates tokens to mutation and query requests based on the amount of
Version 1.0
76
Athena
resources (processing time and memory) that they consume. For more details on tokens, see Using token
counts to optimize your requests in the AWS AppSync developer guide.
Amazon Athena endpoints and quotas

Service endpoints
Name
US East us-east-2 athena.us-east-2.amazonaws.com HTTPS

(Ohio)
athena-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 athena.us-east-1.amazonaws.com HTTPS

Virginia)
athena-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 athena.us-west-1.amazonaws.com HTTPS

West (N.
California) athena-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 athena.us-west-2.amazonaws.com HTTPS

(Oregon)
athena-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 athena.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 athena.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- athena.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- athena.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- athena.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
77
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- athena.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- athena.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 athena.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- athena.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 athena.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- athena.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 athena.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- athena.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) athena-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- athena.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) athena-fips.us-gov-west-1.amazonaws.com HTTPS
To download the latest version of the JDBC driver and its documentation, see Using Athena with the
JDBC Driver.
For more information about the previous versions of the JDBC driver and their documentation, see Using
the Previous Version of the JDBC Driver.
Version 1.0
78
Service quotas
To download the latest and previous versions of the ODBC driver and their documentation, see
Connecting to Athena with ODBC.
Service quotas

Description
Active DDL queries Each supported Yes The number of active

Region: 20 DDL queries. DDL queries
include CREATE TABLE
and ALTER TABLE ADD
PARTITION queries.
Active DML queries us-east-1: 200 Yes The number of active

DML queries. DML queries
us-east-2: 150 include SELECT, CREATE
TABLE AS (CTAS), and
us-west-2: 150 INSERT INTO queries. The
specific quotas vary by AWS
ap-northeast-1: 150
Region.
ap-northeast-2: 100
ap-south-1: 100
ap-southeast-1: 100
ap-southeast-2: 100
eu-central-1: 150
eu-west-1: 150
eu-west-2: 100
Each of the other

supported Regions:
20
DDL query timeout Each supported No The maximum amount

Region: 600 of time in minutes a DDL
query can run before it
gets cancelled. DDL queries
include CREATE TABLE
and CREATE TABLE ADD
PARTITION queries.
DML query timeout Each supported Yes The maximum amount

Region: 30 of time in minutes a DML
query can run before it
gets cancelled. DML queries
include SELECT, CTAS and
INSERT queries.
For more information, see Service quotas in the Amazon Athena User Guide.
Version 1.0
79
Audit Manager
AWS Audit Manager endpoints and quotas

Service endpoints

Name
US East us-east-2 auditmanager.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 auditmanager.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 auditmanager.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 auditmanager.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- auditmanager.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- auditmanager.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- auditmanager.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- auditmanager.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- auditmanager.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- auditmanager.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 auditmanager.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 auditmanager.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
80
Service quotas
Service quotas
Description
Custom controls Each supported Yes The maximum number

Region: 500 of custom controls per
account per region
Custom frameworks Each supported Yes The maximum number of

Region: 100 custom frameworks per
account per region
Running assessments Each supported Yes The maximum number of

Region: 100 running assessments per
account per region
Amazon Augmented AI endpoints and quotas

Service endpoints
Name
US East us-east-2 a2i.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 a2i.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US West us-west-2 a2i.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Asia ap- a2i.ap-south-1.amazonaws.com HTTP and

Pacific south-1 HTTPS
(Mumbai)
Asia ap- a2i.ap-northeast-2.amazonaws.com HTTP and

Pacific northeast-2 HTTPS
(Seoul)
Asia ap- a2i.ap-southeast-1.amazonaws.com HTTP and

Pacific southeast-1 HTTPS
(Singapore)
Asia ap- a2i.ap-southeast-2.amazonaws.com HTTP and

(Sydney)
Version 1.0
81
Service quotas

Name
Asia ap- a2i.ap-northeast-1.amazonaws.com HTTP and

(Tokyo)
Canada ca- a2i.ca-central-1.amazonaws.com HTTP and

(Central) central-1 HTTPS
Europe eu- a2i.eu-central-1.amazonaws.com HTTP and

(Frankfurt) central-1 HTTPS
Europe eu-west-1 a2i.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS
Europe eu-west-2 a2i.eu-west-2.amazonaws.com HTTP and

(London) HTTPS
Service quotas
Flow definitions 100 Yes
Worker task templates (human task UIs) 100 Yes
In-flight human loops per flow definition (private or 5,000 No

vendor work team) †
In-flight human loops per flow definition (Amazon 1,000 No

Mechanical Turk work team) †
† Human loops are considered in-flight when their status is InProgress or Stopping.
Amazon Aurora endpoints and quotas

Service endpoints
Amazon Aurora MySQL-Compatible Edition

Name
US East us-east-2 rds.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
82
Service endpoints

Name
US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 rds.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 rds.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 rds.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- rds.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- rds.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- rds.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- rds.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- rds.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
83
Service endpoints

Name

(London)
Europe eu- rds.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- rds.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- rds.me-central-1.amazonaws.com HTTPS

South sa-east-1 rds.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Amazon Aurora PostgreSQL-Compatible Edition

Name

(Ohio)

Virginia)

West (N.
California)

(Oregon)

(Cape
Town)
Version 1.0
84
Service endpoints

Name

Pacific
(Hong
Kong)

(Jakarta)

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)

(Central) central-1


(Ireland)

(London)

(Milan) south-1

(Paris)

(Stockholm)

East south-1
(Bahrain)
Version 1.0
85
Service quotas

Name


America
(São
Paulo)

GovCloud east-1
(US-East)

GovCloud west-1
(US-West)
Service quotas
Description
Authorizations per DB security group Each supported No Number of security group

Region: 20 authorizations per DB
security group
Custom engine versions Each supported Yes The maximum number of

Region: 40 custom engine versions
allowed in this account in
the current Region
DB cluster parameter groups Each supported No The maximum number

Region: 50 of DB cluster parameter
groups
DB clusters Each supported Yes The maximum number of

Region: 40 Aurora clusters allowed in
Region
DB instances Each supported Yes The maximum number of

Region: 40 DB instances allowed in
Region
DB subnet groups Each supported Yes The maximum number of

Region: 50 DB subnet groups
Data API HTTP request body size Each supported No The maximum size allowed
Region: 4 for the HTTP request body.
Megabytes
Data API maximum concurrent cluster- Each supported No The maximum number
secret pairs Region: 30 of unique pairs of Aurora
Serverless DB clusters and
secrets in concurrent Data
Version 1.0
86
Service quotas

Description
API requests for the current
account and AWS Region.
Data API maximum concurrent requests Each supported No The maximum number
Region: 500 of Data API requests to
an Aurora Serverless
DB cluster that use the
same secret and can be
processed at the same
time. Additional requests
are queued and processed
as in-process requests
complete.
Data API maximum result set size Each supported No The maximum size of the
Region: 1 database result set that can
Megabytes be returned by the Data
API.
Data API maximum size of JSON response Each supported No The maximum size of the
string Region: 10 simplified JSON response
Megabytes string returned by the RDS
Data API.
Data API requests per second Each supported No The maximum number of
Region: 1,000 per requests to the Data API
second per second allowed in this
account in the current AWS
Region.
Event subscriptions Each supported Yes The maximum number of

Region: 20 event subscriptions
IAM roles per DB cluster Each supported Yes The maximum number of
Region: 5 IAM roles associated with a
DB cluster
IAM roles per DB instance Each supported Yes The maximum number of
DB instance
Manual DB cluster snapshots Each supported Yes The maximum number

Region: 100 of manual DB cluster
snapshots
Manual DB instance snapshots Each supported Yes The maximum number

Region: 100 of manual DB instance
snapshots
Option groups Each supported Yes The maximum number of

Region: 20 option groups
Parameter groups Each supported Yes The maximum number of

Region: 50 parameter groups
Version 1.0
87
AWS Auto Scaling

Description
Proxies Each supported Yes The maximum number

Region: 20 of proxies allowed in this
Region
Read replicas per master Each supported Yes The maximum number of
Region: 5 read replicas per master
Reserved DB instances Each supported Yes The maximum number

Region: 40 of reserved DB instances
the current AWS Region
Rules per security group Each supported No The maximum number of

Region: 20 rules per DB security group
Security groups Each supported Yes The maximum number of

Region: 25 DB security groups
Security groups (VPC) Each supported No The maximum number

Region: 5 of DB security groups per
Amazon VPC
Subnets per DB subnet group Each supported No The maximum number

Region: 20 of subnets per DB subnet
group
Tags per resource Each supported No The maximum number

Region: 50 of tags per Amazon RDS
resource
Total storage for all DB instances Each supported Yes The maximum total storage
Region: 100,000 (in GB) for all DB instances
Gigabytes added together
AWS Auto Scaling endpoints and quotas

Note
This page provides service endpoints and service quotas related to scaling plans, an AWS Auto
Scaling resource. If you are trying to find endpoints and quotas for Amazon EC2 Auto Scaling or
Application Auto Scaling, see the following:
• Amazon EC2 Auto Scaling (p. 310)

• Application Auto Scaling (p. 54)
Version 1.0
88
Service endpoints
Service endpoints

Name
US East us-east-2 autoscaling-plans.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 autoscaling-plans.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 autoscaling-plans.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 autoscaling-plans.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 autoscaling-plans.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 autoscaling-plans.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- autoscaling-plans.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- autoscaling-plans.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- autoscaling-plans.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- autoscaling-plans.ca-central-1.amazonaws.com HTTP and

Version 1.0
89
Service quotas

Name
Europe eu- autoscaling-plans.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 autoscaling-plans.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- autoscaling-plans.eu-south-1.amazonaws.com HTTP and

(Milan) south-1 HTTPS

(Paris) HTTPS
Europe eu-north-1 autoscaling-plans.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- autoscaling-plans.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
South sa-east-1 autoscaling-plans.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- autoscaling-plans.us-gov-east-1.amazonaws.com HTTP and

GovCloud east-1 HTTPS
(US-East)
AWS us-gov- autoscaling-plans.us-gov-west-1.amazonaws.com HTTP and

GovCloud west-1 HTTPS
(US-West)
Service quotas

Description
Scaling instructions per scaling plan Each supported No The maximum number of
Region: 500 scaling instructions per
scaling plan.
Scaling plans Each supported Yes The maximum number of

Region: 100 scaling plans that you can
current Region. A scaling
plan tells AWS Auto Scaling
how to scale a collection of
resources.
Target tracking configurations per scaling Each supported No The maximum number
instruction Region: 10 of target tracking
Version 1.0
90
AWS Backup

Description
configurations per scaling
instruction.
For more information, see Quotas for your scaling plans in the AWS Auto Scaling User Guide.
AWS Backup endpoints and quotas

Service endpoints
Name
US East us-east-2 backup.us-east-2.amazonaws.com HTTPS

(Ohio)
backup-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 backup.us-east-1.amazonaws.com HTTPS

Virginia)
backup-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 backup.us-west-1.amazonaws.com HTTPS

West (N.
California) backup-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 backup.us-west-2.amazonaws.com HTTPS

(Oregon)
backup-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 backup.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 backup.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- backup.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- backup.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- backup.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
91
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- backup.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- backup.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 backup.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- backup.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 backup.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- backup.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 backup.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- backup.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) backup-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- backup.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) backup-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
92
Service quotas
Service quotas
Description
Backup plans per Region per account Each supported Yes Number of backup plans in
Region: 100 this account in the current
Region
Backup vaults per Region per account Each supported Yes Number of backup vaults in
Region
Concurrent backup copies per supported Each supported No Number of concurrent

service per account Region: 5 backup copies per
supported service per
account
Concurrent backup jobs per resource Each supported No Number of concurrent

Region: 1 backup jobs per resource
Framework controls per Region per Each supported Yes Number of framework
account Region: 50 controls in this account in
the current Region
Frameworks per Region per account Each supported Yes Number of frameworks in
Region
Frameworks per report plan Each supported No Number of frameworks per

Region: 1,000 report plan
Metadata tags per backup Each supported No Number of metadata tags

Region: 50 per backup
Recovery points per backup vault Each supported Yes Number of recovery points
Region: 1,000,000 per backup vault
Report plans per Region per account Each supported Yes Number of report plans in
Region
Versions per backup plan Each supported Yes Number of versions per
Region: 2,000 backup plan
If you regularly receive throttling exceptions, consider using a rate limiter.
API name Default calls/sec
CreateBackupPlan | CreateBackupSelection | DeleteBackupPlan 5

| DeleteBackupSelection | DeleteBackupVault |
DeleteBackupVaultAccessPolicy | DeleteBackupVaultNotifications
| DescribeBackupVault | ExportBackupPlanTemplate |
GetBackupPlanFromJSON | GetBackupPlanFromTemplate |
PutBackupVaultNotifications | StartBackupJob | StartRestoreJob |
StopBackupJob | TagResource | UntagResource | UpdateBackupPlan |
UpdateRecoveryPointLifecycle
Version 1.0
93
AWS Batch
API name Default calls/sec
DeleteRecoveryPoint | DescribeProtectedResource 10
DescribeBackupJob | DescribeRecoveryPoint | DescribeRestoreJob | 15

GetBackupPlan | GetBackupSelection | GetBackupVaultAccessPolicy
| GetBackupVaultNotifications | GetRecoveryPointRestoreMetadata |
GetSupportedResourceTypes
ListBackupJobs | ListBackupPlans | ListBackupPlanTemplates | 20

ListBackupPlanVersions | ListBackupSelections | ListBackupVaults
| ListProtectedResources | ListRecoveryPointByResource |
ListRecoveryPointsByBackupVault | ListRecoveryPointsByResource |
ListRestoreJobs | ListTags
Sum of All API Calls 50
For additional information, see Quotas in the AWS Backup Developer Guide.
AWS Batch endpoints and quotas

Service endpoints

Name
US East us-east-2 batch.us-east-2.amazonaws.com HTTPS

(Ohio)
fips.batch.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 batch.us-east-1.amazonaws.com HTTPS

Virginia)
fips.batch.us-east-1.amazonaws.com HTTPS
US us-west-1 batch.us-west-1.amazonaws.com HTTPS

West (N.
California) fips.batch.us-west-1.amazonaws.com HTTPS
US West us-west-2 batch.us-west-2.amazonaws.com HTTPS

(Oregon)
fips.batch.us-west-2.amazonaws.com HTTPS
Africa af-south-1 batch.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 batch.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
94
Service endpoints

Name
(Hong
Kong)
Asia ap- batch.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- batch.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- batch.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- batch.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- batch.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 batch.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- batch.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 batch.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- batch.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
95
Service quotas

Name
South sa-east-1 batch.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- batch.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) batch.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- batch.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) batch.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Compute environment limit Each supported No Maximum number of

Region: 50 compute environments per
account, per region.
Compute environments per job queue Each supported No Maximum number of

limit. Region: 3 compute environments per
job queue.
Job dependencies limit Each supported No Maximum number of job

Region: 20 dependencies per job.
Job payload size limit Each supported No Maximum job payload

Region: 30 size (for SubmitJob API
operations), measured in
KiB.
Job queue limit Each supported No Maximum number of job

Region: 50 queues per account, per
region.
Maximum array size limit Each supported No Maximum array size for
Region: 10,000 array jobs.
Share identifiers per job queue limit. Each supported No Maximum number of share
Region: 500 identifiers per job queue.
Submitted state jobs limit Each supported No Maximum number of jobs

Region: 1,000,000 in SUBMITTED state.
For more information, see Service Quotas in the AWS Batch User Guide.
Version 1.0
96
Billing and Cost Management
AWS Billing and Cost Management endpoints and

quotas
AWS Billing and Cost Management includes the AWS Cost Explorer API, the AWS Cost and Usage Reports
API, the AWS Budgets API, and the AWS Price List API.
Service endpoints
AWS Cost Explorer
Name
US East (N. us-east-1 ce.us-east-1.amazonaws.com HTTPS

Virginia)
AWS Cost and Usage Reports

Name
US East (N. us-east-1 cur.us-east-1.amazonaws.com HTTPS

Virginia)
AWS Budgets
Name
US East us-east-2 budgets.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 budgets.amazonaws.com HTTPS

Virginia)
US us-west-1 budgets.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 budgets.amazonaws.com HTTPS

(Oregon)
Asia ap- budgets.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
97
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- budgets.amazonaws.com HTTPS

(Central) central-1
Europe eu- budgets.amazonaws.com HTTPS

Europe eu-west-1 budgets.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
South sa-east-1 budgets.amazonaws.com HTTPS

America
(São
Paulo)
AWS Price List Service

Name
US East (N. us-east-1 api.pricing.us-east-1.amazonaws.com HTTPS

Virginia)
Asia ap- api.pricing.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
98
Service endpoints
Savings Plans

Name
US East us-east-2 savingsplans.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 savingsplans.amazonaws.com HTTPS

Virginia)
US us-west-1 savingsplans.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 savingsplans.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 savingsplans.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 savingsplans.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- savingsplans.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- savingsplans.amazonaws.com HTTPS

(Central) central-1
Europe eu- savingsplans.amazonaws.com HTTPS

Europe eu-west-1 savingsplans.amazonaws.com HTTPS

(Ireland)
Version 1.0
99
Service quotas

Name

(London)

(Paris)
Europe eu-north-1 savingsplans.amazonaws.com HTTPS

(Stockholm)
Middle me- savingsplans.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 savingsplans.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
For more information about AWS Billing service quotas and restrictions, see Quotas and restrictions in
the AWS Billing User Guide.
For more information about AWS Cost Management service quotas and restrictions, see Quotas and
restrictions in the AWS Cost Management User Guide.
Amazon Braket endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 braket.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 braket.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 braket.us-west-2.amazonaws.com HTTPS

(Oregon)
Europe eu-west-2 braket.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
100
Service quotas
Service quotas

Description
Burst rate of API requests Each supported No The maximum number of

Region: 600 additional requests per
second (RPS) that you can
send in one burst in this
Region.
Burst rate of CancelJob requests Each supported No The maximum number

Region: 5 of additional CancelJob
requests per second (RPS)
that you can send in one
burst in this account in the
current Region.
Burst rate of CancelQuantumTask requests Each supported No The maximum

Region: 20 number of additional
CancelQuantumTask
current Region.
Burst rate of CreateJob requests Each supported No The maximum number

Region: 5 of additional CreateJob
current Region.
Burst rate of CreateQuantumTask requests Each supported No The maximum

CreateQuantumTask
current Region.
Burst rate of GetDevice requests Each supported No The maximum number

Region: 50 of additional GetDevice
current Region.
Burst rate of GetJob requests Each supported No The maximum number of

Region: 25 additional GetJob requests
per second (RPS) that you
can send in one burst in
Region.
Burst rate of GetQuantumTask requests Each supported No The maximum

Version 1.0
101
Service quotas

Description
GetQuantumTask requests
per second (RPS) that you
Region.
Burst rate of SearchDevices requests Each supported No The maximum number of

Region: 50 additional SearchDevices
current Region.
Burst rate of SearchJobs requests Each supported No The maximum number

Region: 50 of additional SearchJobs
current Region.
Burst rate of SearchQuantumTasks Each supported No The maximum

requests Region: 50 number of additional
SearchQuantumTasks
current Region.
Maximum allowed compute instances for a Each supported Yes The maximum allowed
job Region: 5 number of compute
instances for a job.
Maximum number of instances of Each supported Yes The maximum number

ml.c4.2xlarge for jobs Region: 5 of instances of type
ml.c4.2xlarge allowed for
all Amazon Braket Hybrid
Jobs in this account and
region.

region.

region.
Version 1.0
102
Service quotas

Description

ml.c4.xlarge for jobs Region: 5 of instances of type
ml.c4.xlarge allowed for all
Amazon Braket Hybrid Jobs
in this account and region.

region.

region.

region.

region.

ml.c5.xlarge for jobs Region: 5 of instances of type
ml.c5.xlarge allowed for all

ml.c5n.18xlarge for jobs Region: 0 of instances of type
ml.c5n.18xlarge allowed for
region.

region.
Version 1.0
103
Service quotas

Description

region.

region.

ml.c5n.xlarge for jobs Region: 0 of instances of type
ml.c5n.xlarge allowed for
region.

ml.g4dn.12xlarge for jobs Region: 0 of instances of type
ml.g4dn.12xlarge allowed
for all Amazon Braket
Hybrid Jobs in this account
and region.

and region.

and region.

and region.

and region.
Version 1.0
104
Service quotas

Description

ml.g4dn.xlarge for jobs Region: 0 of instances of type
ml.g4dn.xlarge allowed for
region.
Maximum number of instances of Each supported No The maximum number

ml.g5.12xlarge for jobs Region: 0 of instances of type
ml.g5.12xlarge allowed for
region.

region.

region.

region.

region.

region.

region.
Version 1.0
105
Service quotas

Description

ml.g5.xlarge for jobs Region: 0 of instances of type
ml.g5.xlarge allowed for all

ml.m4.10xlarge for jobs Region: 0 of instances of type
ml.m4.10xlarge allowed for
region.

region.

region.

region.

ml.m4.xlarge for jobs Region: 5 of instances of type
ml.m4.xlarge allowed for all

region.

region.
Version 1.0
106
Service quotas

Description

region.

region.

ml.m5.large for jobs Region: 5 of instances of type
ml.m5.large allowed for all

ml.m5.xlarge for jobs Region: 5 of instances of type
ml.m5.xlarge allowed for all

ml.p2.16xlarge for jobs Region: 0 of instances of type
ml.p2.16xlarge allowed for
region.

region.

ml.p2.xlarge for jobs Region: 0 of instances of type
ml.p2.xlarge allowed for all

region.
Version 1.0
107
Service quotas

Description

region.

region.

ml.p3dn.24xlarge for jobs Region: 0 of instances of type
ml.p3dn.24xlarge allowed
and region.

ml.p4d.24xlarge for jobs Region: 0 of instances of type
ml.p4d.24xlarge allowed
and region.
Number of concurrent DM1 tasks us-east-1: 100 No The maximum number of

concurrent tasks running
us-west-2: 100 on the Density Matrix
Simulator (DM1) in the
Each of the other current Region.
supported Regions:
50
Number of concurrent SV1 tasks us-east-1: 100 No The maximum number of

us-west-2: 100 on the State Vector
Simulator (SV1) in the
Each of the other current Region.
supported Regions:
50
Number of concurrent TN1 tasks eu-west-2: 5 Yes The maximum number of

Each of the other on the Tensor Network
supported Regions: Simulator (TN1) in the
10 current Region.
Number of concurrent jobs Each supported Yes The maximum number of

Region: 5 concurrent jobs running in
the current Region.
Version 1.0
108
Service quotas

Description
Rate of API requests Each supported Yes The maximum number

Region: 140 of requests per second
that you can send in this
Region.
Rate of CancelJob requests Each supported Yes The maximum number of

Region: 2 per CancelJob requests you
second can send per second in this
account per Region.
Rate of CancelQuantumTask requests Each supported Yes The maximum number

Region: 2 per of CancelQuantumTask
second requests you can send per
second in this account per
Region.
Rate of CreateJob requests Each supported Yes The maximum number of

Region: 1 per CreateJob requests you
account per Region.
Rate of CreateQuantumTask requests Each supported Yes The maximum number

Region: 20 per of CreateQuantumTask
Region.
Rate of GetDevice requests Each supported Yes The maximum number of

Region: 5 per GetDevice requests you
account per Region.
Rate of GetJob requests Each supported Yes The maximum number of

Region: 5 per GetJob requests you can
second send per second in this
account per Region.
Rate of GetQuantumTask requests Each supported Yes The maximum number of

Region: 100 per GetQuantumTask requests
second you can send per second in
this account per Region.
Rate of SearchDevices requests Each supported Yes The maximum number of

Region: 5 per SearchDevices requests you
account per Region.
Rate of SearchJobs requests Each supported Yes The maximum number of

Region: 5 per SearchJobs requests you
account per Region.
Version 1.0
109
AWS BugBust

Description
Rate of SearchQuantumTasks requests Each supported Yes The maximum number

Region: 5 per of SearchQuantumTasks
Region.
AWS BugBust endpoints and quotas

Service endpoints
Region name Region Endpoint Protocol
US East (N. Virginia) us-east-1 bugbust.us- HTTPS

Service quotas
Resource Default
Associated repositories 5 per BugBust event
Profiling groups 25 per BugBust event
Participants 50 per BugBust event
Regions 50 BugBust events per Region
AWS Certificate Manager endpoints and quotas

Service endpoints
Name
US East us-east-2 acm.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
110
Service endpoints

Name
acm-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 acm.us-east-1.amazonaws.com HTTPS

Virginia)
acm-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 acm.us-west-1.amazonaws.com HTTPS

West (N.
California) acm-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 acm.us-west-2.amazonaws.com HTTPS

(Oregon)
acm-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 acm.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 acm.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- acm.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- acm.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- acm.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- acm.ca-central-1.amazonaws.com HTTPS

(Central) central-1
acm-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- acm.eu-central-1.amazonaws.com HTTPS

Version 1.0
111
Service quotas

Name
Europe eu-west-1 acm.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- acm.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 acm.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- acm.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- acm.me-central-1.amazonaws.com HTTPS

South sa-east-1 acm.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- acm.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) acm.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- acm.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) acm.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
ACM certificates Each supported Yes The maximum number

Region: 2,500 of ACM Certificates you
can have in this account in
the current Region. Only
certificates in the PENDING
or ISSUED state count
towards this limit.
ACM certificates created in last 365 days Each supported Yes The maximum number of
Region: 5,000 ACM Certificates you can
request per year.
Domain names per ACM certificate Each supported Yes The maximum number
Region: 10 of domain names per
ACM Certificate. The first
Version 1.0
112
AWS Private CA

Description
domain name that you
submit is included as the
subject common name
(CN) of the certificate. All
names are included in the
Subject Alternative Name
extension.
Imported certificates Each supported Yes The maximum number of

Region: 2,500 imported certificates you
can have in this account in
the current Region.
Imported certificates in last 365 days Each supported Yes The maximum number of
Region: 5,000 certificates you can import
per year in this account in
the current Region.
For more information, see Quotas in the AWS Certificate Manager User Guide.
AWS Private Certificate Authority endpoints and

quotas
Service endpoints

Name
US East us-east-2 acm-pca.us-east-2.amazonaws.com HTTPS

(Ohio)
acm-pca-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 acm-pca.us-east-1.amazonaws.com HTTPS

Virginia)
acm-pca-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 acm-pca.us-west-1.amazonaws.com HTTPS

West (N.
California) acm-pca-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 acm-pca.us-west-2.amazonaws.com HTTPS

(Oregon)
acm-pca-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
113
Service endpoints

Name
Africa af-south-1 acm-pca.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 acm-pca.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- acm-pca.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- acm-pca.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- acm-pca.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- acm-pca.ca-central-1.amazonaws.com HTTPS

(Central) central-1
acm-pca-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- acm-pca.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 acm-pca.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- acm-pca.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Version 1.0
114
Service quotas

Name
Europe eu-north-1 acm-pca.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- acm-pca.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 acm-pca.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- acm-pca.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) acm-pca.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- acm-pca.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) acm-pca.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Number of private certificate authorities Each supported Yes The maximum number
(CAs) Region: 200 of private certificate
authorities (CAs) that you
the current Region.
Number of private certificates per CA Each supported Yes The maximum number
Region: 1,000,000 of private certificates per
certificate authority (CA)
Region.
Number of revoked private certificates per Each supported No The maximum number
CA Region: 1,000,000 of private certificates per
certificate authority (CA)
that you can revoke in
Region.
Rate of CreateCertificateAuthority Each supported No The maximum number of

requests Region: 1 CreateCertificateAuthority
requests that you can
perform in this account
in the current region per
second.
Version 1.0
115
Service quotas

Description
Rate of Each supported No The maximum number of

CreateCertificateAuthorityAuditReport Region: 1 CreateCertificateAuthorityAuditReport
requests requests that you can
second.
Rate of CreatePermission requests Each supported No The maximum number of

Region: 1 CreatePermission requests
that you can perform in
region per second.
Rate of DeleteCertificateAuthority Each supported No The maximum number of

requests Region: 10 DeleteCertificateAuthority
second.
Rate of DeletePermission requests Each supported No The maximum number of

Region: 1 DeletePermission requests
region per second.
Rate of DeletePolicy requests Each supported No The maximum number

Region: 5 of DeletePolicy requests
region per second.
Rate of DescribeCertificateAuthority Each supported No The maximum number of

requests Region: 20 DescribeCertificateAuthority
second.

DescribeCertificateAuthorityAuditReport Region: 20 DescribeCertificateAuthorityAuditReport
second.
Rate of GetCertificate requests Each supported Yes The maximum number of

Region: 75 GetCertificate requests
region per second.
Version 1.0
116
Service quotas

Description
Rate of GetCertificateAuthorityCertificate Each supported No The maximum number of

requests Region: 20 GetCertificateAuthorityCertificate
second.
Rate of GetCertificateAuthorityCsr Each supported No The maximum number of

requests Region: 10 GetCertificateAuthorityCsr
second.
Rate of GetPolicy requests Each supported No The maximum number of

Region: 5 GetPolicy requests that you
can perform in this account
second.

ImportCertificateAuthorityCertificate Region: 10 ImportCertificateAuthorityCertificate
second.
Rate of IssueCertificate requests Each supported Yes The maximum number of

Region: 25 IssueCertificate requests
region per second.
Rate of ListCertificateAuthorities requests Each supported No The maximum number of

Region: 20 ListCertificateAuthorities
second.
Rate of ListPermissions requests Each supported No The maximum number of

Region: 5 ListPermissions requests
region per second.
Rate of ListTags requests Each supported No The maximum number of

Region: 20 ListTags requests that you
second.
Version 1.0
117
AWS Chatbot

Description
Rate of PutPolicy requests Each supported No The maximum number of

Region: 5 PutPolicy requests that you
second.
Rate of RestoreCertificateAuthority Each supported No The maximum number of

requests Region: 20 RestoreCertificateAuthority
second.
Rate of RevokeCertificate requests Each supported No The maximum number of

Region: 20 RevokeCertificate requests
region per second.
Rate of TagCertificateAuthority requests Each supported No The maximum number of

Region: 10 TagCertificateAuthority
second.
Rate of UntagCertificateAuthority requests Each supported No The maximum number of

Region: 10 UntagCertificateAuthority
second.
Rate of UpdateCertificateAuthority Each supported No The maximum number of

requests Region: 10 UpdateCertificateAuthority
second.
AWS Chatbot endpoints and quotas

Version 1.0
118
Service endpoints
Service endpoints

Name
US East us-east-2 HTTPS

(Ohio)
US East (N. us-east-1 HTTPS

Virginia)
US us-west-1 HTTPS
West (N.
California)
US West us-west-2 HTTPS

(Oregon)
Africa af-south-1 HTTPS

(Cape
Town)
Asia ap-east-1 HTTPS

Pacific
(Hong
Kong)
Asia ap- HTTPS

(Jakarta)
Asia ap- HTTPS

Pacific south-1
(Mumbai)
Asia ap- HTTPS

(Osaka)
Asia ap- HTTPS

(Seoul)
Asia ap- HTTPS

(Singapore)
Asia ap- HTTPS

(Sydney)
Asia ap- HTTPS

(Tokyo)
Canada ca- HTTPS

(Central) central-1
Version 1.0
119
Service quotas

Name
Europe eu- HTTPS

Europe eu-west-1 HTTPS

(Ireland)

(London)
Europe eu- HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 HTTPS

(Stockholm)
Middle me- HTTPS

East south-1
(Bahrain)
Middle me- HTTPS

South sa-east-1 HTTPS

America
(São
Paulo)
Service quotas
Description
Maximum number of Chime webhook Each supported No The maximum number

configurations per AWS account Region: 500 of Chime webhook
configurations that can be
created per AWS account.
Maximum number of Slack channel Each supported No The maximum number

configurations per AWS account Region: 500 of Slack channel
configurations that can be
Amazon Chime endpoints and quotas

Version 1.0
120
Service endpoints
Service endpoints
Amazon Chime has a single endpoint that supports HTTPS: service.chime.aws.amazon.com
Service quotas
The following table lists additional quotas for Amazon Chime rooms and memberships.
Resource Default
Rooms per account 1,500
Rooms per profile 1,500
Memberships per room 1,000
Memberships per profile 1,000
Amazon Chime SDK endpoints and quotas

Service endpoints
WebRTC media sessions
US East (N. Virginia) us-east-1 meetings-chime.us- HTTPS

meetings-chime-fips.us-
US West (Oregon) us-west-2 meetings-chime.us- HTTPS

meetings-chime-fips.us-
Asia Pacific (Singapore) ap- meetings-chime.ap- HTTPS

southeast-1 southeast-1.amazonaws.com
Europe (Frankfurt) eu-central-1 meetings-chime.eu- HTTPS

AWS GovCloud (US-East) us-gov- meetings-chime.us-gov- HTTPS

east-1 east-1.amazonaws.com
Version 1.0
121
Service endpoints
AWS GovCloud (US-West) us-gov- meetings-chime.us-gov- HTTPS

west-1 west-1.amazonaws.com
Media pipeline regional endpoints
US East (N. Virginia) us-east-1 media-pipelines-chime.us- HTTPS

media-pipelines-chime-fips.us-
US West (Oregon) us-west-2 media-pipelines-chime.us- HTTPS

media-pipelines-chime-fips.us-
Asia Pacific (Singapore) ap- media-pipelines-chime.ap- HTTPS

southeast-1 southeast-1.amazonaws.com
Europe (Frankfurt) eu-central-1 media-pipelines-chime.eu- HTTPS

PSTN audio
US East (N. Virginia) us-east-1 service.chime.aws.amazon.com HTTPS
service-fips.chime.aws.amazon.com
Messaging
US East (N. Virginia) us-east-1 messaging-chime.us- HTTPS

messaging-chime-fips.us-
Identity
US East (N. Virginia) us-east-1 identity-chime.us-east-1.amazonaws.com HTTPS
Version 1.0
122
Service quotas

identity-chime-fips.us-
Legacy
US East (N. Virginia) us-east-1 service.chime.aws.amazon.com HTTPS
service-fips.chime.aws.amazon.com
Service quotas
Note
Service quotas are per AWS Region. If adjustable, they are changed for the requested Region
only.
Amazon Chime SDK Meetings WebRTC media sessions have the following quotas.
Concurrent meeting limit 250 Yes
Chime SDK Meetings - attendees per meeting 250 No
Chime SDK Meetings - replica meetings per primary meeting 4 Yes
Chime SDK Meetings - maximum concurrent video streams 25 Yes

published per meeting
Chime SDK Meetings - maximum concurrent video streams 25 No

subscribed per attendee
Chime SDK Meetings - concurrent meeting limit 250 Yes
Chime SDK Meetings - all meeting management API requests 20 Yes*

burst limit
Chime SDK Meetings - all meeting management API requests 10 Yes*

rate limit in transactions per second
Chime SDK Meetings - BatchCreateAttendees burst limit 20 Yes*
Chime SDK Meetings - BatchCreateAttendees rate limit in 10 Yes*

transactions per second
Chime SDK Meetings - CreateAttendee burst limit 20 Yes*
Chime SDK Meetings - CreateAttendee rate limit in 10 Yes*

Chime SDK Meetings - CreateMeeting burst limit 20 Yes*
Chime SDK Meetings - CreateMeeting rate limit in 10 Yes*

Version 1.0
123
Service quotas
Chime SDK Meetings - CreateMeetingWithAttendees burst 20 Yes*

limit
Chime SDK Meetings - CreateMeetingWithAttendees rate 10 Yes*

limit in transactions per second
Chime SDK Meetings - DeleteAttendee burst limit 20 Yes*
Chime SDK Meetings - DeleteAttendee rate limit in 10 Yes*

Chime SDK Meetings - DeleteMeeting burst limit 20 Yes*
Chime SDK Meetings - DeleteMeeting rate limit in 10 Yes*

Chime SDK Meetings - GetMeeting burst limit 20 Yes*
Chime SDK Meetings - GetMeeting rate limit in transactions 10 Yes*

per second
Chime SDK Meetings - ListAttendees burst limit 20 Yes*
Chime SDK Meetings - ListAttendees rate limit in 10 Yes*

Chime SDK Meetings - ListMeetings burst limit 20 Yes*
Chime SDK Meetings - ListMeetings rate limit in transactions 10 Yes*

per second
* Adjustable by the service team based on concurrent meeting limits.
Amazon Chime SDK Messaging has the following quotas.
App Instances per AWS Account 100 Yes
Users per App Instance 100,000 Yes
Admins per App Instance 100 Yes
Channels per App Instance 10,000,000 Yes
Memberships per Channel 10,000 Yes
Moderators per Channel 1,000 Yes
Max concurrent connections 10 Yes

per user (Amazon Chime SDK
messaging only, does not apply
to meetings)
ChannelFlows per App Instance 100 Yes
Channel processors in a channel 1 Yes

flow
Version 1.0
124
Service quotas
Endpoints per App Instance User 10 Yes
Number of CHANNEL_DETAILS 50 Yes

events
Number of ChannelMessages in 20 Yes

CHANNEL_DETAILS
Number of ChannelMemberships 30 Yes

in CHANNEL_DETAILS
Elastic channels per AWS 1 Yes

account*
SubChannels per channel* 100 Yes
Memberships per SubChannel* 1000 Yes

Note
The product of
SubChannels
per channel and
Memberships per
SubChannel cannot
exceed 1-million after a
limit increase.
* Only available in the IAD Region.

Note
Customers with large chat channels often qualify for volume discounts on pricing. Contact your
account manager for more details.
Amazon Chime SDK SIP trunking and PSTN audio have the following quotas.
Amazon Chime Voice Connector provisioned phone numbers 25 Yes

per account
Amazon Chime Voice Connectors per account 3 Yes
Amazon Chime Voice Connector groups per account 3 Yes
Amazon Chime Voice Connectors per Amazon Chime Voice 3 Yes

Connector group
Calls per second for each Amazon Chime Voice Connector 1 Yes
Amazon Chime CreateSipMediaApplicationCall transactions 1 Yes

per second
Amazon Chime SIP media applications per account 30 Yes
Amazon Chime SIP rules per Amazon Chime SIP media 25 Yes
application
Amazon Chime UpdateSipMediaApplicationCall 1 Yes
Version 1.0
125
Cloud Control API
Cloud Control API endpoints and quotas

Service endpoints

Name
US East us-east-2 cloudcontrolapi.us-east-2.amazonaws.com HTTPS

(Ohio)
cloudcontrolapi-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cloudcontrolapi.us-east-1.amazonaws.com HTTPS

Virginia)
cloudcontrolapi-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 cloudcontrolapi.us-west-1.amazonaws.com HTTPS

West (N.
California) cloudcontrolapi-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 cloudcontrolapi.us-west-2.amazonaws.com HTTPS

(Oregon)
cloudcontrolapi-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 cloudcontrolapi.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 cloudcontrolapi.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- cloudcontrolapi.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- cloudcontrolapi.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloudcontrolapi.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)
Version 1.0
126
AWS Cloud9

Name

(Sydney)

(Tokyo)
Canada ca- cloudcontrolapi.ca-central-1.amazonaws.com HTTPS

(Central) central-1
cloudcontrolapi-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- cloudcontrolapi.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudcontrolapi.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- cloudcontrolapi.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 cloudcontrolapi.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cloudcontrolapi.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 cloudcontrolapi.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cloudcontrolapi.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) cloudcontrolapi-fips.us-gov- HTTPS
AWS us-gov- cloudcontrolapi.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cloudcontrolapi-fips.us-gov- HTTPS
AWS Cloud9 endpoints and quotas

Version 1.0
127
Service endpoints
Service endpoints
Name
US East us-east-2 cloud9.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 cloud9.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 cloud9.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 cloud9.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 cloud9.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 cloud9.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- cloud9.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloud9.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- cloud9.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- cloud9.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- cloud9.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cloud9.eu-central-1.amazonaws.com HTTPS

Version 1.0
128
Service quotas

Name
Europe eu-west-1 cloud9.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- cloud9.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 cloud9.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cloud9.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 cloud9.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
EC2 development environments Each supported Yes The maximum number

Region: 200 of AWS Cloud9 EC2
development environments
Region.
EC2 development environments Each supported Yes The maximum number

Region: 100 of AWS Cloud9 EC2
that you can create for this
user in the current Region.
Members per development environment Each supported No The maximum number of

Region: 8 users that can participate
in a single AWS Cloud9
development environment
current Region.
SSH development environments Each supported Yes The maximum number

Region: 200 of AWS Cloud9 SSH
Version 1.0
129
Cloud Directory

Description
Region.
SSH development environments Each supported Yes The maximum number

Region: 100 of AWS Cloud9 SSH
that you can create for this
user in the current Region.
For more information, see Quotas in the AWS Cloud9 User Guide.
Amazon Cloud Directory endpoints and quotas

Service endpoints

Name
US East us-east-2 clouddirectory.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 clouddirectory.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 clouddirectory.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- clouddirectory.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- clouddirectory.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Canada ca- clouddirectory.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- clouddirectory.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 clouddirectory.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 clouddirectory.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
130
Service quotas

Name
AWS us-gov- clouddirectory.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
For more information, see Amazon Cloud Directory quotas.
AWS CloudFormation endpoints and quotas

Service endpoints

Name
US East us-east-2 cloudformation.us-east-2.amazonaws.com HTTPS

(Ohio)
cloudformation-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cloudformation.us-east-1.amazonaws.com HTTPS

Virginia)
cloudformation-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 cloudformation.us-west-1.amazonaws.com HTTPS

West (N.
California) cloudformation-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 cloudformation.us-west-2.amazonaws.com HTTPS

(Oregon)
cloudformation-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 cloudformation.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 cloudformation.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- cloudformation.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Version 1.0
131
Service endpoints

Name
Asia ap- cloudformation.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloudformation.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- cloudformation.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cloudformation.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudformation.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- cloudformation.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 cloudformation.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cloudformation.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- cloudformation.me-central-1.amazonaws.com HTTPS

South sa-east-1 cloudformation.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
132
StackSets regional support

Name
AWS us-gov- cloudformation.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) cloudformation.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- cloudformation.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cloudformation.us-gov-west-1.amazonaws.com HTTPS

StackSets is supported in the following Regions:

Name
US East us-east-2 stacksets.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 stacksets.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 stacksets.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 stacksets.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 stacksets.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 stacksets.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- stacksets.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- stacksets.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- stacksets.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
133

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- stacksets.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- stacksets.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 stacksets.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- stacksets.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 stacksets.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- stacksets.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 stacksets.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- stacksets.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- stacksets.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
For more information, see AWS CloudFormation StackSets in the AWS CloudFormation User Guide.
Version 1.0
134
Service quotas
Service quotas

Description
Attributes per mapping in CloudFormation Each supported No Maximum number of

template Region: 200 mapping attributes for
each mapping that you
can declare in your AWS
CloudFormation template.
Data in custom resource provider Each supported No Maximum amount of data

Region: 4,096 Bytes that a custom resource
provider can pass.
Declared mappings in CloudFormation Each supported No Maximum number of

template. Region: 200 mappings that you can
declare in your AWS
Maximum size of a template description in Each supported No Maximum size of a

a cloud formation template Region: 1,024 Bytes template description
Module limit per account Each supported Yes Maximum number of

Region: 100 module types you are
allowed to register.
Nested modules Each supported No Number of levels of nesting

Region: 3 per module.
Output count in CloudFormation template Each supported No Maximum number of

Region: 200 outputs that you can
declare in your AWS
Parameters declared in CloudFormation Each supported No Maximum number of

template. Region: 200 parameters that you
can declare in your AWS
Resource limit per account Each supported Yes Maximum number of

Region: 50 resource types you are
allowed to register.
Resources declared in a CloudFormation Each supported No Maximum number of

template Region: 500 resources that you can
declare in your AWS
Size of Mapping attribute name Each supported No Maximum size of each

Region: 255 mapping name.
Size of a parameter value in cloud Each supported No Maximum size of a

formation template Region: 4,096 parameter value
Size of a resource name in cloud formation Each supported No Maximum size of a resource
template Region: 255 name
Version 1.0
135
Service quotas

Description
Size of a template body in S3 object for a Each supported No Maximum size of a

ValidateStack request Region: 1 template body that
Megabytes you can pass in an
Amazon S3 object for a
CreateStack, UpdateStack,
ValidateTemplate request
with an Amazon S3
template URL.
Size of output name in CloudFormation Each supported No Maximum size of an output

template Region: 255 name.
Size of parameter name in Each supported No Maximum size of a

CloudFormation template Region: 255 parameter name
Size of template body in CreateStack Each supported No Maximum size of a

request Region: 51,200 template body that
Bytes you can pass in a
CreateStack, UpdateStack,
or ValidateTemplate
request.
Stack count Each supported Yes Maximum number of AWS

Region: 2,000 CloudFormation stacks that
you can create.
Stack instance operations per eu-central-1: 3,500 Yes Maximum number of

administrator account stack instances, across all
Each of the other stack sets, that you can
supported Regions: run operations on in each
10,000 Region at the same time,
per administrator account.
Stack instances per stack set eu-central-1: 2,000 Yes Maximum number of stack
instances you can create
Each of the other per stack set.
supported Regions:
100,000
Stack sets per administrator account eu-central-1: 100 Yes Maximum number of AWS
CloudFormation stack sets
Each of the other you can create in your
supported Regions: administrator account.
1,000
Version limit per module Each supported Yes Maximum number of

Region: 100 versions per module type
you are allowed to register.
Version limit per resource Each supported Yes Maximum number of

Region: 50 versions per resource type
you are allowed to register.
cfn-signal wait condition data Each supported No Maximum amount of data

Region: 4,096 Bytes that cfn-signal can pass.
Version 1.0
136
CloudFront
For more information, see AWS CloudFormation Quotas in the AWS CloudFormation User Guide.
Amazon CloudFront endpoints and quotas

Service endpoints
Region Region Endpoint Protocol Amazon
Name Route 53
Hosted
Zone ID*
US East (N. us-east-1 cloudfront.amazonaws.com HTTPS Z2FDTNDATAQYW2

Virginia)
Region cloudfront-fips.amazonaws.com HTTPS
Service quotas
Description
Alternate domain names (CNAMEs) per Each supported Yes The maximum number of
distribution Region: 100 alternate domain names
(CNAMEs) per distribution.
Cache behaviors per distribution Each supported Yes The maximum number
Region: 25 of cache behaviors per
distribution.
Cache policies per AWS account Each supported No The maximum number of
Region: 20 cache policies per AWS
account.
CloudFront Functions: Maximum number Each supported Yes The maximum number of
of distributions associated with a single Region: 100 CloudFront distributions
function associated with a single
CloudFront function.
Concurrent executions Each supported Yes The maximum number of

Region: 1,000 concurrent executions in
each region.
Connection attempts per origin Each supported No The number of connection

Region: 3 attempts per origin (1-3).
Connection timeout per origin Each supported No The connection timeout per
Region: 10 Seconds origin (1-10 seconds).
Cookies per cache policy Each supported Yes The maximum number of
Region: 10 cookies per cache policy.
Version 1.0
137
Service quotas

Description
Cookies per origin request policy Each supported Yes The maximum number of
Region: 10 cookies per origin request
policy.
Custom headers: maximum length of a Each supported No The maximum length of a

header name Region: 256 header name in characters.
Custom headers: maximum length of a Each supported No The maximum length of a

header value Region: 1,783 header value in characters.
Custom headers: maximum length of all Each supported No The maximum length of all
header values and names combined Region: 10,240 header values and names
combined.
Custom headers: maximum number of Each supported Yes The maximum number of
custom headers that you can configure Region: 10 custom headers that you
CloudFront to add to origin requests can configure CloudFront to
add to origin requests.
Data transfer rate per distribution Each supported Yes The maximum data
Region: 150 transfer rate (in Gbps) per
distribution.
Distributions associated with a single key Each supported Yes The maximum number of
group Region: 100 distributions associated
with a single key group.
Distributions associated with the same Each supported No The maximum number of
cache policy Region: 100 distributions associated
with the same cache policy.
Distributions associated with the same Each supported No The maximum number of
origin request policy Region: 100 distributions associated
with the same origin
request policy.
Distributions per AWS account that you Each supported Yes The maximum number
can create triggers for Region: 25 of distributions per AWS
account that you can create
triggers for.
File invalidation: maximum number of Each supported No The maximum number

active wildcard invalidations allowed Region: 15 of active wildcard
invalidations allowed.
File invalidation: maximum number of files Each supported No The maximum number
allowed in active invalidation requests, Region: 3,000 of files allowed in active
excluding wildcard invalidations invalidation requests,
excluding wildcard
invalidations.
Function memory size (Viewer request and Each supported No The maximum function
response event) Region: 128 memory size (in MB).
Megabytes (Viewer request and
response event)
Version 1.0
138
Service quotas

Description
Function timeout (Origin request and Each supported No The maximum function
response event) Region: 30 Seconds timeout (in seconds).
(Origin request and
response event)
Function timeout for a viewer request and Each supported No The maximum function
response event Region: 5 Seconds timeout (in seconds).
(Viewer request and
response event)
Headers per cache policy Each supported Yes The maximum number of
Region: 10 headers per cache policy.
Headers per origin request policy Each supported Yes The maximum number of
Region: 10 headers per origin request
policy.
Key groups associated with a single Each supported Yes The maximum number of
distribution Region: 4 key groups associated with
a single distribution.
Key groups per AWS account Each supported Yes The maximum number
Region: 10 of key groups per AWS
account.
Maximum compressed size of a Lambda Each supported No The maximum compressed

function and any included libraries. (Origin Region: 50 size (in MB) of a Lambda
request and response event) Megabytes function and any included
libraries. (Origin request
and response event)
Maximum compressed size of a Lambda Each supported No The maximum compressed

function and any included libraries. Region: 1 size (in MB) of a Lambda
(Viewer request and response event) Megabytes function and any included
libraries. (Viewer request
and response event)
Maximum file size for HTTP GET, POST, Each supported No The maximum file size (in
and PUT requests Region: 20 GB) for HTTP GET, POST,
Gigabytes and PUT requests.
Maximum length of a URL Each supported No The maximum length of a

Region: 8,192 Bytes URL (in bytes).
Maximum length of a field to encrypt Each supported No The maximum length (in
Region: 16 Kilobytes KB) of a field to encrypt.
Maximum length of a request body when Each supported No The maximum length (in
field-level encryption is configured Region: 1 MB) of a request body
Megabytes when field-level encryption
is configured.
Maximum length of a request, including Each supported No The maximum length of a

headers and query strings, but not Region: 20,480 request (in bytes), including
including the body content Bytes headers and query strings,
but not including the body
content.
Version 1.0
139
Service quotas

Description
Maximum number of CloudFront Each supported No The maximum number of

distributions that can be associated with a Region: 20 CloudFront distributions
field-level encryption configuration that can be associated with
a field-level encryption
configuration.
Maximum number of characters in a Each supported No The maximum number of

whitelisted query string Region: 128 characters in a whitelisted
query string.
Maximum number of characters total for Each supported No The maximum number
all whitelisted query strings in the same Region: 512 of characters total for all
parameter whitelisted query strings in
the same parameter.
Maximum number of field-level encryption Each supported No The maximum number

configurations that can be associated with Region: 10 of field-level encryption
one AWS account configurations that can be
associated with one AWS
account.
Maximum number of field-level encryption Each supported No The maximum number

profiles that can be associated with one Region: 10 of field-level encryption
AWS account profiles that can be
associated with one AWS
account.
Maximum number of fields in a request Each supported No The maximum number of

body when field-level encryption is Region: 10 fields in a request body
configured when field-level encryption
is configured.
Maximum number of fields to encrypt that Each supported No The maximum number of
can be specified in one profile Region: 10 fields to encrypt that can
be specified in one profile.
Maximum number of public keys that can Each supported No The maximum number of
be added to one AWS account Region: 10 public keys that can be
added to one AWS account.
Maximum number of query argument Each supported No The maximum number of

profile mappings that can be included in a Region: 5 query argument profile
field-level encryption configuration mappings that can be
included in a field-level
encryption configuration.
Origin access identities per account Each supported Yes The maximum number of
Region: 100 origin access identities per
account.
Origin groups per distribution Each supported Yes The maximum number
Region: 10 of origin groups per
distribution.
Origin request policies per AWS account Each supported No The maximum number of
Region: 20 origin request policies per
AWS account.
Version 1.0
140
Service quotas

Description
Origin response timeout (idle timeout) Each supported No The maximum origin
Region: 10 response timeout (idle
timeout) in minutes. If
CloudFront hasn’t detected
any bytes sent from the
origin to the client within
the past 10 minutes, the
connection is assumed to
be idle and is closed.
Origins per distribution Each supported Yes The maximum number of

Region: 25 origins per distribution.
Public keys in a single key group Each supported Yes The maximum number of
Region: 5 public keys in a single key
group.
Query strings per cache policy Each supported Yes The maximum number of
Region: 10 query strings per cache
policy.
Query strings per origin request policy Each supported Yes The maximum number of
Region: 10 query strings per origin
request policy.
RTMP distributions per AWS account Each supported Yes The maximum number of
Region: 100 RTMP distributions per
AWS account.
Range of file sizes that CloudFront Each supported No The range of file sizes (in
compresses Region: 10,000,000 bytes) that CloudFront
Bytes compresses (1,000 to
10,000,000).
Request body size for origin requests Each supported No The maximum request
exposed to a Lambda@Edge function. Region: 1 body size (in MB) for origin
Megabytes requests exposed to a
Lambda@Edge function.
Request body size for origin requests when Each supported No The maximum request
returning from a Lambda function (base64 Region: 1.33 body size (in KB) for origin
encoding) Megabytes requests when returning
from a Lambda function.
(base64 encoding)
Request body size for origin requests when Each supported No The maximum request
returning from a Lambda function (text Region: 1 body size (in KB) for origin
encoding) Megabytes requests when returning
(text encoding)
Request body size for viewer requests Each supported No The maximum request
exposed to a Lambda@Edge function. Region: 40 Kilobytes body size (in KB) for viewer
requests exposed to a
Lambda@Edge function.
Version 1.0
141
Service quotas

Description
when returning from a Lambda function Region: 53.2 body size (in KB) for viewer
(base64 encoding) Kilobytes requests when returning
(base64 encoding)
when returning from a Lambda function Region: 40 Kilobytes body size (in KB) for viewer
(text encoding) requests when returning
(text encoding)
Request timeout Each supported Yes The maximum request

Region: 30 Seconds timeout in seconds.
Requests per second Each supported Yes The maximum number of

Region: 10,000 requests per second in each
region.
Requests per second per distribution Each supported Yes The maximum number of
Region: 250,000 requests per second per
distribution.
Response timeout per origin Each supported Yes The response timeout per
Region: 60 Seconds origin (1-60 seconds).
SSL certificates per AWS account when Each supported Yes The maximum number of
serving HTTPS requests using dedicated IP Region: 2 SSL certificates per AWS
addresses account when serving
HTTPS requests using
dedicated IP addresses (no
quota when serving HTTPS
requests using SNI).
SSL certificates that can be associated Each supported No The maximum number
with a CloudFront web distribution Region: 1 of SSL certificates
that can be associated
with a CloudFront web
distribution.
Size of a response that is generated by a Each supported No The maximum size (in
Lambda function, including headers and Region: 1 MB) of a response that is
body (Origin request and response event) Megabytes generated by a Lambda
function, including headers
and body. (Origin request
and response event)
Size of a response that is generated by a Each supported No The maximum size (in
Lambda function, including headers and Region: 40 Kilobytes KB) of a response that is
body (Viewer request and response event) generated by a Lambda
function, including headers
and body. (Viewer request
and response event)
Tags that can be added to a distribution Each supported No The maximum number of
Region: 50 tags that can be added to a
distribution.
Version 1.0
142
AWS CloudHSM

Description
Total length of the URI including query Each supported No The maximum total
string in a Lambda@Edge function Region: 8,192 length in characters of the
URI including the query
string in a Lambda@Edge
function.
Total number of bytes in whitelisted Each supported No The total number of bytes
cookie names (doesn’t apply if you Region: 512 Bytes in whitelisted cookie
configure CloudFront to forward all names (doesn’t apply if
cookies to the origin) you configure CloudFront
to forward all cookies to
the origin). 512 minus the
number of whitelisted
cookies.
Triggers per distribution Each supported Yes The maximum number of

Region: 100 triggers per distribution.
Web distributions per AWS account Each supported Yes The maximum number of
Region: 200 web distributions per AWS
account.
Whitelisted cookies per cache behavior Each supported Yes The maximum number of
Region: 10 whitelisted cookies per
cache behavior.
Whitelisted headers per cache behavior Each supported Yes The maximum number of
Region: 10 whitelisted headers per
cache behavior.
Whitelisted query strings per cache Each supported Yes The maximum number of
behavior Region: 10 whitelisted query strings
per cache behavior.
For more information, see Quotas in the Amazon CloudFront Developer Guide.
AWS CloudHSM endpoints and quotas

Version 1.0
143
Service endpoints
Service endpoints
AWS CloudHSM

Name
US East us-east-2 cloudhsmv2.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 cloudhsmv2.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 cloudhsmv2.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 cloudhsmv2.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 cloudhsmv2.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 cloudhsmv2.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- cloudhsmv2.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- cloudhsmv2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloudhsmv2.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
144
Service endpoints

Name
Canada ca- cloudhsmv2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cloudhsmv2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudhsmv2.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- cloudhsmv2.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 cloudhsmv2.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cloudhsmv2.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- cloudhsmv2.me-central-1.amazonaws.com HTTPS

South sa-east-1 cloudhsmv2.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cloudhsmv2.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- cloudhsmv2.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
AWS CloudHSM Classic

Name
US East (N. us-east-1 cloudhsm.us-east-1.amazonaws.com HTTPS

Virginia)
AWS us-gov- cloudhsm.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Version 1.0
145
Service quotas
Service quotas
AWS CloudHSM

Description
Clusters per AWS Region and AWS account Each supported Yes The maximum number
Region: 4 of clusters that you can
current Region.
HSMs per AWS Region and AWS account Each supported Yes The maximum number of
Region: 6 HSMs that you can create in
Region.
HSMs per CloudHSM cluster Each supported No The maximum number of

Region: 28 HSMs that you can create in
a CloudHSM cluster.
Keys per CloudHSM cluster Each supported No The maximum number of

Region: 3,300 keys that you can create in
a CloudHSM cluster.
Length of a Username Each supported No The maximum number of

Region: 31 characters for a username.
Length of a password Each supported No The maximum number of

Region: 32 characters for a password.
Minimum length of a password Each supported No The minimum number of

Region: 7 characters for a password.
Number of concurrent clients Each supported No The maximum number of

Region: 900 concurrent clients that can
exist in a Region.
Users per CloudHSM cluster Each supported No The maximum number of

Region: 1,024 users who can be created
on a cluster in an account.
For more information, see Quotas in the AWS CloudHSM User Guide.
AWS CloudHSM Classic
Resource Default
HSM appliances 3
High-availability partition groups 20
For more information, see Quotas in the AWS CloudHSM Classic User Guide.
Version 1.0
146
AWS Cloud Map
AWS Cloud Map endpoints and quotas

Service endpoints

Name
US East us-east-2 servicediscovery.us-east-2.amazonaws.com HTTPS

(Ohio)
servicediscovery-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 servicediscovery.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 servicediscovery.us-west-1.amazonaws.com HTTPS

West (N.
California) servicediscovery-fips.us-west-1.amazonaws.com HTTPS
servicediscovery-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 servicediscovery.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 servicediscovery.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 servicediscovery.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- servicediscovery.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- servicediscovery.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- servicediscovery.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
147
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- servicediscovery.ca-central-1.amazonaws.com HTTPS

(Central) central-1
servicediscovery-fips.ca-central-1.amazonaws.com HTTPS
servicediscovery-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- servicediscovery.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 servicediscovery.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- servicediscovery.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 servicediscovery.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- servicediscovery.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 servicediscovery.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- servicediscovery.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) servicediscovery-fips.us-gov- HTTPS
HTTPS
servicediscovery-fips.us-gov-
Version 1.0
148
Service quotas

Name
AWS us-gov- servicediscovery.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) servicediscovery-fips.us-gov- HTTPS
HTTPS
servicediscovery-fips.us-gov-
Service quotas
Description
Custom attributes per instance Each supported No The maximum number

Region: 30 of custom attributes that
you can specify when you
register an instance.
DiscoverInstances operation per account Each supported Yes The maximum burst rate
burst rate Region: 2,000 to call DiscoverInstances
operation from a single
account.
DiscoverInstances operation per account Each supported Yes The maximum steady rate
steady rate Region: 1,000 to call DiscoverInstances
operation from a single
account.
Instances per namespace Each supported Yes The maximum number of

Region: 2,000 service instances that you
can register using the same
namespace.
Instances per service Each supported No The maximum number

Region: 1,000 of instances that you can
register in a Region using
the same service.
Namespaces per Region Each supported Yes The maximum number of

Region: 50 namespaces that you can
create per Region.
For more information, see AWS Cloud Map Quotas in the AWS Cloud Map Developer Guide.
Amazon CloudSearch endpoints and quotas

Version 1.0
149
Service endpoints
Service endpoints

Name
US East (N. us-east-1 cloudsearch.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 cloudsearch.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 cloudsearch.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- cloudsearch.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- cloudsearch.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- cloudsearch.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- cloudsearch.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- cloudsearch.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudsearch.eu-west-1.amazonaws.com HTTPS

(Ireland)
South sa-east-1 cloudsearch.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Document batch size Each supported No The size of document batch

Region: 5 uploads.
Megabytes
Document size Each supported No The size of individual

Region: 1 documents.
Megabytes
Version 1.0
150
CloudShell

Description
Domains per account Each supported No Number of search domains

Region: 100 you can create per AWS
account.
Index fields Each supported Yes The number of index fields

Region: 200 per domain. A dynamic
field counts as one index
field, but typically matches
multiple document fields.
Dynamic fields can cause
the total number of fields
in your index to exceed this
limit. If you use dynamic
fields, keep the number of
index fields below 1,000 to
avoid performance issues.
Partition count Each supported Yes The minimum number

Region: 10 of partitions your search
index is distributed across
per Amazon CloudSearch
domain.
Replication count Each supported Yes The minimum number of

Region: 5 replicas each partition of
your Amazon CloudSearch
domain would contain.
Search document fields Each supported No Number of fields per

Region: 200 document.
For more information, see Understanding Amazon CloudSearch Quotas in the Amazon CloudSearch
Developer Guide.
AWS CloudShell endpoints and quotas

Service endpoints
Name
US East us-east-2 cloudshell.us-east-2.amazonaws.com HTTPS

(Ohio)
cloudshell.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cloudshell.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
151
Service quotas

Name
cloudshell.us-east-1.amazonaws.com HTTPS
US West us-west-2 cloudshell.us-west-2.amazonaws.com HTTPS

(Oregon)
cloudshell.us-west-2.amazonaws.com HTTPS
Asia ap- cloudshell.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloudshell.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- cloudshell.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- cloudshell.ca-central-1.amazonaws.com HTTPS

(Central) central-1
cloudshell.ca-central-1.amazonaws.com HTTPS
Europe eu- cloudshell.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudshell.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 cloudshell.eu-west-2.amazonaws.com HTTPS

(London)
South sa-east-1 cloudshell.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cloudshell.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) cloudshell.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- cloudshell.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cloudshell.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Data retention Each supported No The number of days that

Region: 120 the data in the home
directory will be retained
after a shell was last
accessed.
Version 1.0
152
CloudTrail

Description
Home directory size Each supported No The maximum size of your

Region: 1 Gigabytes shells home directory.
AWS CloudTrail endpoints and quotas

Service endpoints

Name
US East us-east-2 cloudtrail.us-east-2.amazonaws.com HTTPS

(Ohio)
cloudtrail-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cloudtrail.us-east-1.amazonaws.com HTTPS

Virginia)
cloudtrail-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 cloudtrail.us-west-1.amazonaws.com HTTPS

West (N.
California) cloudtrail-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 cloudtrail.us-west-2.amazonaws.com HTTPS

(Oregon)
cloudtrail-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 cloudtrail.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 cloudtrail.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- cloudtrail.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- cloudtrail.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cloudtrail.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
153
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- cloudtrail.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cloudtrail.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cloudtrail.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- cloudtrail.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 cloudtrail.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cloudtrail.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- cloudtrail.me-central-1.amazonaws.com HTTPS

South sa-east-1 cloudtrail.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cloudtrail.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) cloudtrail.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- cloudtrail.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cloudtrail.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
154
Service quotas
Service quotas
Description
Conditions across all advanced event Each supported No If a trail uses advanced
selectors Region: 500 event selectors, a maximum
of 500 total values for all
conditions in all advanced
event selectors is allowed.
Unless a trail logs data
events on all resources,
such as all S3 buckets, a
trail is limited to 250 data
resources. Data resources
can be distributed across
event selectors, but the
total cannot exceed 250.
Data resources across all event selectors in Each supported No If you choose to limit data
a trail Region: 250 events by using event
selectors or advanced event
selectors, the total number
of data resources cannot
exceed 250 across all event
selectors in a trail.
Event data stores per region Each supported No The maximum number
Region: 5 of event data stores per
region.
Event selectors Each supported No The maximum number of

Region: 5 event selectors per trail.
Event size Each supported No The maximum event size

Region: 256 (in KB). All event versions:
Kilobytes events over 256 KB cannot
be sent to CloudWatch
Logs. Event version 1.05
and newer: maximum event
size of 256 KB.
Trails per region Each supported No The maximum number of

Region: 5 trails per region.
Transactions per second (TPS) for all other Each supported No The maximum number of
APIs Region: 1 operation requests you can
make per second without
being throttled.
Transactions per second (TPS) for the Each supported No The maximum number of
LookupEvents API Region: 2 operation requests you can
being throttled.
Transactions per second (TPS) for the get, Each supported No The maximum number
describe, and list APIs Region: 10 of operation requests
you can make per second
without being throttled.
Version 1.0
155
CloudWatch

Description
The LookupEvents API
is not included in this
category.
For more information, see Quotas in AWS CloudTrail.
Amazon CloudWatch endpoints and quotas

Service endpoints

Name
US East us-east-2 monitoring.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
monitoring-fips.us-east-2.amazonaws.com
HTTPS
US East (N. us-east-1 monitoring.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
monitoring-fips.us-east-1.amazonaws.com
HTTPS
US us-west-1 monitoring.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) monitoring-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 monitoring.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
monitoring-fips.us-west-2.amazonaws.com
HTTPS
Africa af-south-1 monitoring.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 monitoring.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- monitoring.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Version 1.0
156
Service endpoints

Name
Asia ap- monitoring.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- monitoring.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- monitoring.ca-central-1.amazonaws.com HTTP and

Europe eu- monitoring.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 monitoring.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- monitoring.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 monitoring.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- monitoring.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- monitoring.me-central-1.amazonaws.com HTTP and

East (UAE) central-1 HTTPS
South sa-east-1 monitoring.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
Version 1.0
157
Service quotas

Name
AWS us-gov- monitoring.us-gov-east-1.amazonaws.com HTTP and

(US-East) monitoring.us-gov-east-1.amazonaws.com
HTTPS
AWS us-gov- monitoring.us-gov-west-1.amazonaws.com HTTP and

(US-West) monitoring.us-gov-west-1.amazonaws.com
HTTPS
Service quotas

Description
Actions per CloudWatch alarm, per state Each supported No The maximum number
Region: 5 of actions that you
can associate with a
CloudWatch alarm, per
state, in this account in
the current region. Given
that, an alarm can have
up to 15 actions (5 on
ALARM, 5 on OK and 5 on
INSUFFICIENT_DATA)
Canary limit us-east-1: 300 Yes The maximum number of

canaries per account per
us-east-2: 300 region.
us-west-2: 300
ap-northeast-1: 300
eu-west-1: 300
Each of the other

supported Regions:
200
Data retention Each supported No The amount of time, in

Region: 15 months, that metric data is
retained by CloudWatch.
Dimensions per metric Each supported No The maximum number of

Region: 30 dimensions per metric in
region.
Groups limit Each supported Yes The maximum number of

Region: 20 groups per account across
all regions.
Metric data queries per GetMetricData Each supported No The maximum number of
request Region: 500 MetricDataQuery structures
Version 1.0
158
Service quotas

Description
per GetMetricData request
current region.
MetricDatum items per PutMetricData Each supported No The maximum number of

request Region: 1,000 MetricDatum items per
PutMetricData request in
region.
Metrics per dashboard Each supported No The maximum number of

Region: 2,500 metrics per dashboard in
region.
Metrics per dashboard widget Each supported No The maximum number

Region: 500 of metrics per dashboard
widget in this account in
the current region.
Minimum frequency Each supported No The minimum time, in

Region: 60,000 milliseconds, between runs
Milliseconds of the same canary.
Number of Contributor Insights rules Each supported Yes The maximum number
Region: 100 per 5 of Contributor Insights
minutes rules you can have in this
account.
Payload size for PutMetricData requests Each supported No The maximum size of the
Region: 1,024 payload for PutMetricData
requests, in Kilobytes, in
region.
Rate of DeleteAlarms requests Each supported No The maximum number

Region: 3 per of DeleteAlarms requests
second that you can make, per
second, in this account in
the current region.
Rate of DeleteDashboards requests Each supported Yes The maximum number of

Region: 10 per DeleteDashboards requests
the current region.
Rate of DeleteInsightRules requests Each supported No The maximum number of

Region: 5 per DeleteInsightRules requests
second you can make per second in
this account.
Version 1.0
159
Service quotas

Description
Rate of DeleteMetricStream requests Each supported Yes The maximum number

Region: 10 per of DeleteMetricStream
second requests that you can
make, per second, in this
region.
Rate of DescribeAlarmHistory requests Each supported No The maximum number

Region: 3 per of DescribeAlarmHistory
region.
Rate of DescribeAlarms requests Each supported Yes The maximum number of

Region: 9 per DescribeAlarms requests
the current region.
Rate of DescribeAlarmsForMetric requests Each supported No The maximum number of

Region: 3 per DescribeAlarmsForMetric
region.
Rate of DescribeInsightRules requests Each supported No The maximum number

Region: 20 per of DescribeInsightRules
second requests you can make per
second in this account.
Rate of DisableAlarmActions requests Each supported No The maximum number

Region: 3 per of DisableAlarmActions
region.
Rate of DisableInsightRules requests Each supported No The maximum number

Region: 1 per of DisableInsightRules
Rate of EnableAlarmActions requests Each supported No The maximum number

Region: 3 per of EnableAlarmActions
region.
Rate of EnableInsightRules requests Each supported No The maximum number

Region: 1 per of EnableInsightRules
Version 1.0
160
Service quotas

Description
Rate of GetDashboard requests Each supported Yes The maximum number of

Region: 10 per GetDashboard requests
the current region.
Rate of GetInsightRuleReport requests Each supported Yes The maximum number

Region: 20 per of GetInsightRuleReport
second requests you can make, per
Rate of GetMetricData datapoints for Each supported No The maximum number of

metrics older than three hours Region: 396,000 GetMetricData datapoints
that you can fetch, per
second, for a request with
a StartTime of more than
three hours in this account
in the current region.
Rate of GetMetricData datapoints for the Each supported No The maximum number of
last three hours of metrics Region: 180,000 GetMetricData datapoints
that you can fetch, per
second, for a request with
a StartTime of less than
or equal to three hours in
region.
Rate of GetMetricData requests Each supported Yes The maximum number of

Region: 50 per GetMetricData requests
the current region.
Rate of GetMetricStatistics requests Each supported Yes The maximum number of

Region: 400 per GetMetricStatistics requests
the current region.
Rate of GetMetricStream requests Each supported Yes The maximum number of

Region: 10 per GetMetricStream requests
the current region.
Rate of GetMetricWidgetImage requests Each supported Yes The maximum number of

Region: 20 per GetMetricWidgetImage
region.
Version 1.0
161
Service quotas

Description
Rate of ListDashboards requests Each supported Yes The maximum number of

Region: 10 per ListDashboards requests
the current region.
Rate of ListMetricStreams requests Each supported Yes The maximum number of

Region: 10 per ListMetricStreams requests
the current region.
Rate of ListMetrics requests Each supported Yes The maximum number

Region: 50 per of ListMetrics requests
the current region.
Rate of ListTagsForResource requests Each supported No The maximum number

Region: 10 per of ListTagsForResource
region.
Rate of PutDashboard requests Each supported Yes The maximum number of

Region: 10 per PutDashboard requests
the current region.
Rate of PutInsightRule requests Each supported No The maximum number of

Region: 5 per PutInsightRule requests you
second can make, per second in
this account.
Rate of PutMetricAlarm requests Each supported Yes The maximum number of

Region: 3 per PutMetricAlarm requests
the current region.
Rate of PutMetricData requests Each supported Yes The maximum number of

Region: 500 per PutMetricData requests
the current region.
Rate of PutMetricStream requests Each supported Yes The maximum number of

Region: 10 per PutMetricStream requests
the current region.
Version 1.0
162
CloudWatch Application Insights

Description
Rate of SetAlarmState requests Each supported No The maximum number of

Region: 3 per SetAlarmState requests
the current region.
Rate of StartMetricStreams requests Each supported Yes The maximum number

Region: 10 per of StartMetricStreams
region.
Rate of StopMetricStreams requests Each supported Yes The maximum number

Region: 10 per of StopMetricStreams
region.
Rate of TagResource requests Each supported No The maximum number

Region: 1 per of TagResource requests
the current region.
Rate of UntagResource requests Each supported No The maximum number of

Region: 1 per UntagResource requests
the current region.
For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.
Amazon CloudWatch Application Insights

endpoints and quotas
Service endpoints
Name
US East us-east-2 applicationinsights.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
163
Service endpoints

Name
US East (N. us-east-1 applicationinsights.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 applicationinsights.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 applicationinsights.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 applicationinsights.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 applicationinsights.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- applicationinsights.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- applicationinsights.ap- HTTPS

Pacific northeast-3 northeast-3.amazonaws.com
(Osaka)

(Seoul)

Pacific southeast-1 southeast-1.amazonaws.com
(Singapore)

(Sydney)

(Tokyo)
Canada ca- applicationinsights.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- applicationinsights.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 applicationinsights.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- applicationinsights.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
Version 1.0
164
Service quotas

Name

(Paris)
Europe eu-north-1 applicationinsights.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- applicationinsights.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 applicationinsights.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- applicationinsights.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) applicationinsights.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- applicationinsights.us-gov- HTTPS

GovCloud west-1 west-1.amazonaws.com
(US-West) HTTPS
applicationinsights.us-gov-
Service quotas
Resource Default quota
API requests All API actions are throttled to 5 TPS
Applications 100 per account
Log Streams 5 per resource
Observations per problem 20 per dashboard
40 per DescribeProblemObservations action
Metrics 60 per resource
Resources 30 per application
Amazon CloudWatch Events endpoints and quotas

Version 1.0
165
Service endpoints
Service endpoints

Name
US East us-east-2 events.us-east-2.amazonaws.com HTTPS

(Ohio)
events-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 events.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 events.us-west-1.amazonaws.com HTTPS

West (N.
California) events-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 events.us-west-2.amazonaws.com HTTPS

(Oregon)
events-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 events.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 events.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- events.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- events.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- events.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
166
Service quotas

Name
Canada ca- events.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- events.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 events.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- events.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 events.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- events.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- events.me-central-1.amazonaws.com HTTPS

South sa-east-1 events.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- events.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) events.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- events.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) events.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Api destinations Each supported Yes The maximum number

Region: 3,000 of API destinations per
account per Region.
Connections Each supported Yes The maximum number of

Region: 3,000 connections per account
per Region.
Version 1.0
167
Service quotas

Description
CreateEndpoint throttle limit in Each supported No The maximum number

transactions per second Region: 5 per of requests per second
second for CreateEndpoint API.
Additional requests are
throttled.
DeleteEndpoint throttle limit in Each supported No The maximum number

second for DeleteEndpoint API.
throttled.
Endpoints Each supported Yes The maximum number of

Region: 100 endpoints per account per
Region.
Invocations throttle limit in transactions us-east-1: 18,750 Yes An invocation is an event

per second matching a rule and
us-east-2: 4,500 being sent on to the rules
targets. After the limit is
us-west-1: 2,250 reached, the invocations
are throttled; that is, they
us-west-2: 18,750
still happen but they are
af-south-1: 750 delayed.
ap-northeast-1:
2,250
ap-northeast-3: 750
ap-southeast-1:
2,250
ap-southeast-2:
2,250
eu-central-1: 4,500
eu-south-1: 750
eu-west-1: 18,750
eu-west-2: 2,250
Each of the other

supported Regions:
1,100
Number of rules af-south-1: 100 Yes Maximum number of rules

an account can have per
eu-south-1: 100 event bus
Each of the other
supported Regions:
300
Version 1.0
168
Service quotas

Description
PutEvents throttle limit in transactions per us-east-1: 10,000 Yes Maximum number of
second requests per second for
us-east-2: 2,400 PutEvents API. Additional
requests are throttled.
us-west-1: 1,200
us-west-2: 10,000
af-south-1: 400
ap-northeast-1:
1,200
ap-northeast-3: 400
ap-southeast-1:
1,200
ap-southeast-2:
1,200
eu-central-1: 2,400
eu-south-1: 400
eu-west-1: 10,000
eu-west-2: 1,200
Each of the other

supported Regions:
600
Rate of invocations per API destination Each supported Yes The maximum number of
Region: 300 invocations per second
to send to each API
destination endpoint per
account per Region. Once
the quota is met, future
invocations to that API
endpoint are throttled. The
invocations will still occur,
but are delayed.
Targets per rule Each supported No Maximum number of

Region: 5 targets that can be
associated with a rule
Throttle limit in transactions per second Each supported Yes Maximum number of
Region: 50 requests per second
for all EventBridge
API operations except
PutEvents. Additional
requests are throttled
Version 1.0
169
CloudWatch Logs

Description
UpdateEndpoint throttle limit in Each supported No The maximum number

second for UpdateEndpoint API.
throttled.
For more information, see CloudWatch Events quotas in the Amazon CloudWatch Events User Guide.
Amazon CloudWatch Logs endpoints and quotas

Service endpoints
Name
US East us-east-2 logs.us-east-2.amazonaws.com HTTPS

(Ohio)
logs-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 logs.us-east-1.amazonaws.com HTTPS

Virginia)
logs-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 logs.us-west-1.amazonaws.com HTTPS

West (N.
California) logs-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 logs.us-west-2.amazonaws.com HTTPS

(Oregon)
logs-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 logs.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 logs.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- logs.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- logs.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
170
Service endpoints

Name
Asia ap- logs.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- logs.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- logs.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 logs.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- logs.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 logs.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- logs.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- logs.me-central-1.amazonaws.com HTTPS

South sa-east-1 logs.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- logs.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) logs.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
171
Service quotas

Name
AWS us-gov- logs.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) logs.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Active export task Each supported No The number of active

Region: 1 (running or pending) export
tasks per account
AssociateKmsKey throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per associate-kms-key calls per
second second per account/per
region
Batch size Each supported No The maximum batch size

Region: 1 in MB of a put-log-events
Megabytes request
CancelExportTask throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per cancel-export-task calls per
region
CreateExportTask throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per create-export-task calls per
region
CreateLogGroup throttle limit in Each supported Yes The maximum number of

transactions per second Region: 5 per create-log-group calls per
region
CreateLogStream throttle limit in Each supported Yes The maximum number of

transactions per second Region: 50 per create-log-stream calls per
region
Data archiving Each supported No The maximum size in GB of

Region: 5 Gigabytes free data archiving
DeleteDestination throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per delete-destination calls per
region
DeleteLogGroup throttle limit in Each supported Yes The maximum number of

transactions per second Region: 5 per delete-log-group calls per
region
Version 1.0
172
Service quotas

Description
DeleteLogStream throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per delete-log-stream calls per
region
DeleteMetricFilter throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per delete-metric-filter calls
second per second per account/per
region
DeleteRetentionPolicy throttle limit in Each supported No The maximum number

transactions per second Region: 5 per of delete-retention-
second policy calls per second per
account/per region
DeleteSubscriptionFilter throttle limit in Each supported No The maximum number

transactions per second Region: 5 per of delete-subscription-
second filter calls per second per
account/per region
DescribeDestinations throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per describe-destinations calls
region
DescribeExportTasks throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per describe-export-tasks calls
region
DescribeLogGroups throttle limit in Each supported Yes The maximum number of

transactions per second Region: 5 per describe-log-groups calls
region
DescribeLogStreams throttle limit in Each supported Yes The maximum number of

transactions per second Region: 5 per describe-log-streams calls
region
DescribeMetricFilters throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per describe-metric-filters calls
region
DescribeSubscriptionFilters throttle limit Each supported No The maximum number

in transactions per second Region: 5 per of describe-subscription-
second filters calls per second per
account/per region
Event size Each supported No The maximum log event

Region: 256 size in KB
Kilobytes
Version 1.0
173
Service quotas

Description
FilterLogEvents throttle limit in us-east-1: 25 per No The maximum number of

transactions per second second filter-log-events calls per
second per account/per
ap-northeast-3: 5 region
per second
eu-central-1: 5 per
second
Each of the other

supported Regions:
10 per second
GetLogEvents throttle limit in transactions us-west-2: 10 per No The maximum number of

per second second get-log-events calls per
ap-northeast-3: 10 region
per second
eu-central-1: 10 per
second
eu-west-1: 10 per
second
eu-west-3: 30 per
second
Each of the other

supported Regions:
25 per second
GetQueryResults throttle limit in Each supported No The maximum number of

transactions per second Region: 5 get-query-results calls per
region
ListTagsLogGroup throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per list-tags-log-group calls
region
Log groups Each supported Yes The maximum number of

Region: 1,000,000 log groups an account can
have
Metrics filters per log group Each supported No The number of metric
Region: 100 filters per log group
PutDestination throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per put-destination calls per
region
Version 1.0
174
Service quotas

Description
PutDestinationPolicy throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per put-destination-policy calls
region
PutLogEvents throttle limit in transactions us-east-1: 1,500 per Yes The maximum number of
per second second put-log-events calls per
us-west-2: 1,500 region
per second
eu-north-1: 1,500
per second
eu-south-1: 1,500
per second
eu-west-1: 1,500
per second
eu-west-3: 1,500
per second
Each of the other

supported Regions:
800 per second
PutMetricFilter throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per put-metric-filter calls per
region
PutRetentionPolicy throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per put-retention-policy calls
region
PutSubscriptionFilter throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per put-subscription-filter calls
region
StartQuery throttle limit in transactions Each supported No The maximum number of

per second Region: 5 start-query calls per second
per account/per region
Subscription filters per log group Each supported No The number of subscription
Region: 2 filters per log group
TagLogGroup throttle limit in transactions Each supported No The maximum number of

per second Region: 5 per tag-log-group calls per
region
Version 1.0
175
CloudWatch Synthetics

Description
TestMetricFilter throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per test-metric-filter calls per
region
UntagLogGroup throttle limit in Each supported No The maximum number of

transactions per second Region: 5 per untag-log-group calls per
region
For more information, see CloudWatch Logs quotas in the Amazon CloudWatch Logs User Guide.
Amazon CloudWatch Synthetics endpoints and

quotas
Service endpoints

Name
US East us-east-2 synthetics.us-east-2.amazonaws.com HTTPS

(Ohio)
synthetics-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 synthetics.us-east-1.amazonaws.com HTTPS

Virginia)
synthetics-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 synthetics.us-west-1.amazonaws.com HTTPS

West (N.
California) synthetics-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 synthetics.us-west-2.amazonaws.com HTTPS

(Oregon)
synthetics-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 synthetics.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 synthetics.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
176
Service endpoints

Name
Asia ap- synthetics.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- synthetics.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- synthetics.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- synthetics.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- synthetics.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 synthetics.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- synthetics.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 synthetics.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- synthetics.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- synthetics.me-central-1.amazonaws.com HTTPS

Version 1.0
177
Service quotas

Name
South sa-east-1 synthetics.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- synthetics.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) synthetics-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- synthetics.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) synthetics-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Number of canaries 100 per Region Yes

per account in the
following Regions:
US East (N. Virginia),
US East (Ohio), US
West (Oregon),
Europe (Ireland), and
Asia Pacific (Tokyo)
20 per Region per

account in all other
Regions
For more information, see CloudWatch service quotas in the Amazon CloudWatch User Guide.
AWS CodeArtifact endpoints and quotas

Service endpoints
Name
US East us-east-2 codeartifact.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
178
Service quotas

Name
US East (N. us-east-1 codeartifact.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 codeartifact.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- codeartifact.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- codeartifact.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- codeartifact.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- codeartifact.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- codeartifact.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codeartifact.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- codeartifact.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 codeartifact.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Service quotas

Description
Asset file size maximum Each supported Yes The maximum file size per
Region: 5 Gigabytes asset.
Assets per package version maximum Each supported No The maximum number of
Region: 100 assets per package version.
CopyPackageVersions maximum requests Each supported Yes The maximum number of

per second Region: 5 calls that can be made to
CopyPackageVersions per
second.
Version 1.0
179
Service quotas

Description
Direct upstream repository maximum Each supported No The maximum number

Region: 10 of direct upstream
repositories per repository.
Domains per AWS account maximum Each supported Yes The maximum number
Region: 10 of domains that can be
GetAuthorizationToken maximum requests Each supported Yes The maximum number

per second Region: 40 of authorization tokens
retrieved per second.
GetPackageVersionAsset maximum Each supported Yes The maximum number of

requests per second Region: 50 calls that can be made to
GetPackageVersionAsset
per second.
ListPackageVersionAssets maximum Each supported Yes The maximum number of

requests per second Region: 20 calls that can be made to
ListPackageVersionAssets
per second.
ListPackageVersions maximum requests Each supported Yes The maximum number of

per second Region: 200 calls that can be made to
ListPackageVersions per
second.
ListPackages maximum requests per Each supported Yes The maximum number of
second Region: 200 calls that can be made to
ListPackages per second.
Maximum read requests per second from a Each supported Yes The maximum number of
single AWS account Region: 800 read requests from one
AWS account per second.
Maximum requests per second using a Each supported No The maximum number of
single authentication token. Region: 800 requests per second using a
single authentication token.
Maximum write requests per second from Each supported Yes The maximum number of
a single AWS account Region: 100 write requests from one
AWS account per second.
Repositories per domain maximum Each supported Yes The maximum number of
Region: 1,000 repositories that can be
created per domain.
Requests without authentication token per Each supported No The maximum number
IP address maximum Region: 600 of requests per second
without an authentication
token from a single IP
address.
Upstream repository search maximum Each supported No The maximum number

Region: 25 of upstream repositories
searched when resolving a
package.
Version 1.0
180
CodeBuild
AWS CodeBuild endpoints and quotas

Service endpoints

Name
US East us-east-2 codebuild.us-east-2.amazonaws.com HTTPS

(Ohio)
codebuild-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 codebuild.us-east-1.amazonaws.com HTTPS

Virginia)
codebuild-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 codebuild.us-west-1.amazonaws.com HTTPS

West (N.
California) codebuild-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 codebuild.us-west-2.amazonaws.com HTTPS

(Oregon)
codebuild-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 codebuild.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 codebuild.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- codebuild.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- codebuild.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- codebuild.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)
Version 1.0
181
Service quotas

Name

(Sydney)

(Tokyo)
Canada ca- codebuild.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- codebuild.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codebuild.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- codebuild.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 codebuild.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- codebuild.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 codebuild.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- codebuild.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) codebuild-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- codebuild.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) codebuild-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Associated tags per project Each supported No Maximum number of tags

Region: 50 you can associate with a
build project
Version 1.0
182
CodeCommit

Description
Build projects Each supported Yes Maximum number of build

Region: 5,000 projects
Build timeout in minutes Each supported No Maximum build timeout in

Region: 480 minutes
Concurrent request for information about Each supported No Maximum number of

builds Region: 100 builds you can request
information about at any
one time using the AWS CLI
or an AWS SDK.
Concurrent requests for information on Each supported No Maximum number of build

build projects Region: 100 projects you can request
information about at any
one time using the AWS CLI
or an AWS SDK.
Concurrently running builds Each supported Yes Maximum number of

Region: 60 concurrently running builds
Minimum period for build timeout in Each supported No Minimum build timeout in
minutes Region: 5 minutes
Security groups under VPC configuration Each supported No Security groups available
Region: 5 for VPC configuration
Subnets under VPC configuration Each supported No Subnets available for VPC
Region: 16 configuration
For more information, see Quotas for CodeBuild in the AWS CodeBuild User Guide.
AWS CodeCommit endpoints and quotas

Service endpoints
Name
US East us-east-2 codecommit.us-east-2.amazonaws.com HTTPS

(Ohio)
codecommit-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 codecommit.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
183
Service endpoints

Name
US us-west-1 codecommit.us-west-1.amazonaws.com HTTPS

West (N.
California) codecommit-fips.us-west-1.amazonaws.com HTTPS
codecommit-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 codecommit.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 codecommit.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 codecommit.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- codecommit.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- codecommit.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- codecommit.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- codecommit.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- codecommit.ca-central-1.amazonaws.com HTTPS

(Central) central-1
codecommit-fips.ca-central-1.amazonaws.com HTTPS
codecommit-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- codecommit.eu-central-1.amazonaws.com HTTPS

Version 1.0
184
Service quotas

Name
Europe eu-west-1 codecommit.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- codecommit.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 codecommit.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- codecommit.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 codecommit.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- codecommit.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) codecommit-fips.us-gov-east-1.amazonaws.com HTTPS
codecommit-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- codecommit.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) codecommit-fips.us-gov-west-1.amazonaws.com HTTPS
codecommit-fips.us-gov-west-1.amazonaws.com HTTPS
For information about Git connection endpoints, including SSH and HTTPS information, see Regions and
Git Connection Endpoints for CodeCommit.
Service quotas

Description
Allowed repositories Each supported Yes The maximum number of

Region: 1,000 repositories that you can
create in this account.
For more information, see Quotas in CodeCommit in the AWS CodeCommit User Guide.
Version 1.0
185
CodeDeploy
AWS CodeDeploy endpoints and quotas

Service endpoints

Name
US East us-east-2 codedeploy.us-east-2.amazonaws.com HTTPS

(Ohio)
codedeploy-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 codedeploy.us-east-1.amazonaws.com HTTPS

Virginia)
codedeploy-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 codedeploy.us-west-1.amazonaws.com HTTPS

West (N.
California) codedeploy-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 codedeploy.us-west-2.amazonaws.com HTTPS

(Oregon)
codedeploy-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 codedeploy.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 codedeploy.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- codedeploy.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- codedeploy.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- codedeploy.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)
Version 1.0
186
Service endpoints

Name

(Sydney)

(Tokyo)
Canada ca- codedeploy.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- codedeploy.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codedeploy.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- codedeploy.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 codedeploy.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- codedeploy.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- codedeploy.me-central-1.amazonaws.com HTTPS

South sa-east-1 codedeploy.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- codedeploy.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) codedeploy-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- codedeploy.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) codedeploy-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
187
Service quotas
Service quotas

Description
AWS Lambda deployment run in hours Each supported No Maximum number of

Region: 50 hours an AWS Lambda
deployment can run (48
hours for the maximum
time between the first
and last traffic shift plus
one hour for each of two
possible lifecycle hooks)
Applications associated per account per Each supported Yes The maximum number of
region Region: 1,000 applications associated
with an AWS account in a
single region
Auto Scaling groups in a deployment Each supported No Maximum number of

group Region: 10 Amazon EC2 Auto Scaling
groups in a deployment
group
Concurrent deployments per account Each supported Yes Maximum number of

Region: 1,000 concurrent deployments
associated with an AWS
account. Each deployment
to a scaled-up Amazon EC2
instance in an Amazon EC2
Auto Scaling group counts
as a single concurrent
deployment for each
application that the EC2
instance is associated with.
Concurrent deployments per deployment Each supported No Maximum number of

group Region: 1 concurrent deployments to
a deployment group. This
limit prevents concurrent
deployments of the same
application to the same
deployment group.
Custom deployment configurations per Each supported No Maximum number of

account Region: 50 custom deployment
configurations associated
with an AWS account
Deployment groups associated with a Each supported Yes Maximum number of

single application Region: 1,000 deployment groups
application
EC2/On-Premises blue/green deployment Each supported No Maximum number of hours

run in hours Region: 109 an EC2/On-Premises blue/
green deployment can run
(48 hours for each of the
Version 1.0
188
Service quotas

Description
above two limits plus one
hour for each of 13 possible
lifecycle events)
EC2/On-Premises in-place deployment run Each supported No Maximum number of hours

in hours Region: 8 an EC2/On-Premises in-
place deployment can run
Event notification triggers in a deployment Each supported Yes Maximum number of event
group Region: 10 notification triggers in a
deployment group
GitHub connection tokens per account Each supported No Maximum number of

Region: 25 GitHub connection tokens
for a single AWS account
Hours between the completion of a Each supported No Maximum number of hours

deployment and the termination of the Region: 48 between the completion
original instances during an EC2/On- of a deployment and the
Premises blue/green deployment termination of the original
instances during an EC2/
On-Premises blue/green
deployment
Hours between the deployment of a Each supported No Maximum number of hours

revision and when traffic shifts to the Region: 48 between the deployment of
replacement instances during an EC2/On- a revision and when traffic
Premises blue/green deployment shifts to the replacement
instances during an EC2/
On-Premises blue/green
deployment
Instances count per deployment us-east-1: 2,000 Yes Maximum number of

instances in a single
Each of the other deployment
supported Regions:
1,000
Minutes a blue/green deployment can Each supported No Maximum number of

wait after a successful deployment before Region: 2,800 minutes a blue/green
terminating instances from the original deployment can wait after
deployment a successful deployment
before terminating
instances from the original
deployment
Minutes between the first and last traffic Each supported No Maximum number of
shift during an AWS Lambda canary or Region: 2,880 minutes between the first
linear deployment and last traffic shift during
an AWS Lambda canary or
linear deployment
Version 1.0
189
Service quotas

Description
Minutes until a deployment fails if a Each supported No Maximum number of

lifecycle event doesnt start Region: 5 minutes until a deployment
fails if a lifecycle event
doesnt start after (1) a
deployment is triggered by
using the console or the
AWS CLI create-deployment
command, or (2) the
previous lifecycle event is
completed.
Number of deployment groups that can be Each supported No Maximum number of

associated with an Amazon ECS service Region: 1 deployment groups that
can be associated with an
Amazon ECS service
Number of instances that can be passed Each supported No Maximum number

to the BatchGetOnPremisesInstances API Region: 100 of instances that
action can be passed to the
BatchGetOnPremisesInstances
API action
Number of instances used by concurrent us-east-1: 3,000 Yes Maximum number of

deployments that are in progress per instances that can be used
account Each of the other by concurrent deployments
supported Regions: that are in progress and
1,000 associated with one
account
Number of listeners for a traffic route Each supported No Maximum number of

during an Amazon ECS deployment Region: 1 listeners for a traffic route
during an Amazon ECS
deployment
Seconds until a deployment lifecycle event Each supported No Maximum number of

fails if not completed Region: 3,600 seconds until a deployment
Seconds lifecycle event fails if not
completed
Size of deployment group name Each supported No Maximum number of

Region: 100 characters in a deployment
group name
Size of tag key Each supported No Maximum number of

Region: 128 characters in a tag key
Size of tag value Each supported No Maximum number of

Region: 256 characters in a tag value
Tags in a deployment group Each supported No Maximum number of tags

Region: 10 in a deployment group
Traffic that can be shifted in one Each supported No Maximum percentage of

increment during an AWS Lambda Region: 99 traffic that can be shifted
deployment in one increment during an
AWS Lambda deployment
Version 1.0
190
CodeGuru Profiler
For more information, see Quotas in CodeDeploy in the AWS CodeDeploy User Guide.
Amazon CodeGuru Profiler endpoints and quotas

Service endpoints

Name
US East us-east-2 codeguru-profiler.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 codeguru-profiler.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 codeguru-profiler.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- codeguru-profiler.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- codeguru-profiler.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- codeguru-profiler.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- codeguru-profiler.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codeguru-profiler.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 codeguru-profiler.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 codeguru-profiler.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
191
Service quotas
Service quotas

Description
Number of profiling groups per account Each supported Yes The maximum number
and region. Region: 50 of profiling groups per
account, per region.
Amazon CodeGuru Reviewer endpoints and quotas

Service endpoints

Name
US East us-east-2 codeguru-reviewer.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 codeguru-reviewer.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 codeguru-reviewer.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- codeguru-reviewer.ap- HTTPS

(Singapore)

(Sydney)

(Tokyo)
Europe eu- codeguru-reviewer.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codeguru-reviewer.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 codeguru-reviewer.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 codeguru-reviewer.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
192
Service quotas
Service quotas
Description
Allowed Code Reviews Each supported Yes The maximum number of

Region: 5,000 code reviews per account
per month in the current
region.
AWS CodePipeline endpoints and quotas

Service endpoints
Name
US East us-east-2 codepipeline.us-east-2.amazonaws.com HTTPS

(Ohio)
codepipeline-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 codepipeline.us-east-1.amazonaws.com HTTPS

Virginia)
codepipeline-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 codepipeline.us-west-1.amazonaws.com HTTPS

West (N.
California) codepipeline-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 codepipeline.us-west-2.amazonaws.com HTTPS

(Oregon)
codepipeline-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 codepipeline.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- codepipeline.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- codepipeline.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- codepipeline.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Version 1.0
193
Service quotas

Name
Asia ap- codepipeline.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- codepipeline.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- codepipeline.ca-central-1.amazonaws.com HTTPS

(Central) central-1
codepipeline-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- codepipeline.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codepipeline.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- codepipeline.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 codepipeline.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 codepipeline.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- codepipeline.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) codepipeline-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
AWS CloudFormation action timeout Each supported Yes The length of time,
Region: 3 in days, before an
AWS CloudFormation
deployment action times
out
AWS CodeBuild action timeout Each supported No The length of time, in

Region: 8 hours, before an AWS
CodeBuild build action or
test action times out
Version 1.0
194
Service quotas

Description
AWS CodeDeploy ECS (Blue/Green) action Each supported Yes The length of time, in days,
timeout Region: 5 before an AWS CodeDeploy
ECS (Blue/Green) action
times out
AWS CodeDeploy action timeout Each supported Yes The length of time, in days,
Region: 5 before an AWS CodeDeploy
deployment action times
out
AWS Lambda action timeout Each supported Yes The length of time in hours
Region: 1 before an AWS Lambda
invoke action times out
Action configuration key length Each supported No The maximum number of

Region: 50 characters allowed in an
action configuration key
Action configuration value length Each supported No The maximum number of

Region: 1,000 characters allowed in an
action configuration value
Action timeout Each supported Yes The length of time in hours

Region: 1 before any other action
times out
Amazon S3 deployment action timeout Each supported Yes The length of time, in
Region: 20 minutes, before an Amazon
S3 deployment action
times out
Approval action timeout Each supported No The length of time, in days,

Region: 7 before an approval action
times out
Minimum actions Each supported No The minimum number of

Region: 1 actions allowed in a stage
Minimum stages per pipeline Each supported No The minimum number

Region: 2 of stages allowed in a
pipeline.
Total AWS CodeCommit or GitHub source Each supported No The maximum size (in GB)
artifact size Region: 1 Gigabytes of artifacts in a source
stage that uses AWS
CodeCommit or GitHub
repositories
Total Amazon S3 source artifact size Each supported No The maximum size (in GB)
Region: 3 Gigabytes of artifacts in a source
stage that uses Amazon S3
artifact buckets
Version 1.0
195
Service quotas

Description
Total JSON object size for Parameter Each supported No The maximum size (in
Overrides Region: 1 Kilobytes KB) of the JSON object
that can be stored in
the ParameterOverrides
property
Total actions per pipeline Each supported No The maximum number

Region: 500 of actions allowed in a
pipeline
Total actions per stage Each supported No The maximum number of

Region: 50 actions allowed in a stage
Total custom actions Each supported Yes The maximum number of

Region: 50 custom actions per region
in an AWS account
Total image definitions JSON file size Each supported No The maximum size (in KB)
Region: 100 of the image definitions file
Kilobytes JSON file used in pipelines
that deploy Amazon ECS
containers and images
Total input artifact size for AWS Each supported No The maximum size (in MB)
CloudFormation deployments Region: 256 of input artifacts for AWS
Megabytes CloudFormation actions
when deploying Lambda
functions
Total parallel actions per stage Each supported No The maximum number of
Region: 50 parallel actions in a stage
Total period for execution history Each supported No The maximum number of
Region: 12 previous months for which
pipeline execution history
information can be viewed
Total pipelines Each supported Yes The maximum number of

Region: 1,000 pipelines per AWS Region in
an AWS account.
Total pipelines with change detection set Each supported No The maximum number of
to periodically checking for source changes Region: 300 pipelines per region with
change detection set to
periodically checking for
source changes
Total sequential actions per stage Each supported No The maximum number
Region: 50 of sequential actions in a
stage
Total source artifact size for Amazon EBS Each supported No The maximum size (in MB)
deployments Region: 512 of artifacts in a source
Megabytes stage for a pipeline that
uses Amazon EBS to deploy
applications
Version 1.0
196
AWS CodeStar

Description
Total stages per pipeline Each supported No The maximum number of

Region: 50 stages allowed in a pipeline
Total webhooks Each supported Yes The maximum number of

Region: 300 webhooks per region in an
AWS account
For more information, see Quotas in CodePipeline in the AWS CodePipeline User Guide.
AWS CodeStar endpoints and quotas

Service endpoints
Name
US East us-east-2 codestar.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 codestar.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 codestar.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 codestar.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- codestar.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- codestar.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- codestar.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- codestar.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- codestar.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Version 1.0
197
Service quotas

Name
Europe eu- codestar.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 codestar.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 codestar.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 codestar.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Service quotas
For a list of quotas, see Limits in AWS CodeStar in the AWS CodeStar User Guide.
AWS CodeStar Notifications endpoints and quotas

Service endpoints
Name
US East us-east-2 codestar-notifications.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 codestar-notifications.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 codestar-notifications.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 codestar-notifications.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 codestar-notifications.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- codestar-notifications.ap- HTTPS

Pacific south-1 south-1.amazonaws.com
(Mumbai)
Version 1.0
198
Service quotas

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- codestar-notifications.ca- HTTPS

(Central) central-1 central-1.amazonaws.com
Europe eu- codestar-notifications.eu- HTTPS

(Frankfurt) central-1 central-1.amazonaws.com
Europe eu-west-1 codestar-notifications.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 codestar-notifications.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- codestar-notifications.me- HTTPS

East south-1 south-1.amazonaws.com
(Bahrain)
South sa-east-1 codestar-notifications.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
For a list of quotas, see Quotas for notifications in the Developer Tools console User Guide.
Amazon Cognito Identity endpoints and quotas

Amazon Cognito Identity includes Amazon Cognito user pools and Amazon Cognito identity pools
(federated identities).
Version 1.0
199
Service endpoints
Service endpoints
Amazon Cognito User Pools

Name
US East us-east-2 cognito-idp.us-east-2.amazonaws.com HTTPS

(Ohio)
cognito-idp-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cognito-idp.us-east-1.amazonaws.com HTTPS

Virginia)
cognito-idp-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 cognito-idp.us-west-1.amazonaws.com HTTPS

West (N.
California) cognito-idp-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 cognito-idp.us-west-2.amazonaws.com HTTPS

(Oregon)
cognito-idp-fips.us-west-2.amazonaws.com HTTPS
Asia ap- cognito-idp.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cognito-idp.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- cognito-idp.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- cognito-idp.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- cognito-idp.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- cognito-idp.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cognito-idp.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cognito-idp.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
200
Service endpoints

Name

(London)

(Paris)
Europe eu-north-1 cognito-idp.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cognito-idp.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 cognito-idp.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cognito-idp.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cognito-idp-fips.us-gov-west-1.amazonaws.com HTTPS
Amazon Cognito Identity Pools

Name
US East us-east-2 cognito-identity.us-east-2.amazonaws.com HTTPS

(Ohio)
cognito-identity-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 cognito-identity.us-east-1.amazonaws.com HTTPS

Virginia)
cognito-identity-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 cognito-identity.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 cognito-identity.us-west-2.amazonaws.com HTTPS

(Oregon)
cognito-identity-fips.us-west-2.amazonaws.com HTTPS
Asia ap- cognito-identity.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cognito-identity.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- cognito-identity.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Version 1.0
201
Service quotas

Name
Asia ap- cognito-identity.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- cognito-identity.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- cognito-identity.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- cognito-identity.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cognito-identity.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 cognito-identity.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- cognito-identity.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 cognito-identity.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- cognito-identity.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) cognito-identity-fips.us-gov- HTTPS
Service quotas
Amazon Cognito User Pools

Description
Apps per user pool Each supported Yes The maximum number of
Region: 1,000 app clients per user pool.
Custom domains per account Each supported No The maximum number of

Region: 4 custom domains that you
can create in this account.
Version 1.0
202
Service quotas

Description
Groups per user Each supported No The maximum number

Region: 100 of groups per user that
any individual user can be
added to.
Groups per user pool Each supported No The maximum number

Region: 10,000 of groups per user pool.
A group is a collection of
users in a user pool.
Identity providers per user pool Each supported Yes The maximum number of
Region: 300 identity providers per user
pool.
Rate of ClientAuthentication requests per Each supported No The maximum total

account Region: 150 per combined call rate
second (requests per second)
for all API operations in
the ClientAuthentication
category. All operations
within a category share
the quota. You can
find the list of included
operations at https://
docs.aws.amazon.com/
cognito/latest/
developerguide/
limits.html#category_operations.
Rate of UserAccountRecovery requests Each supported No The maximum total

Region: 30 per combined call rate
second (requests per second) for
all API operations in the
UserAccountRecovery
the quota. You can
cognito/latest/
developerguide/
Version 1.0
203
Service quotas

Description
Rate of UserAuthentication requests Each supported Yes The maximum total

the UserAuthentication
the quota. You can
cognito/latest/
developerguide/
Rate of UserCreation requests Each supported Yes The maximum total

for all API operations
in the UserCreation
the quota. You can
cognito/latest/
developerguide/
Rate of UserFederation requests Each supported Yes The maximum total

in the UserFederation
the quota. You can
cognito/latest/
developerguide/
Version 1.0
204
Service quotas

Description
Rate of UserList requests Each supported No The maximum total

the UserList category.
All operations within
a category share the
quota. You can find
the list of included
cognito/latest/
developerguide/
Rate of UserPoolClientRead requests per Each supported No The maximum total

the UserPoolClientRead
the quota. You can
cognito/latest/
developerguide/
Rate of UserPoolClientRead requests per Each supported No The maximum call rate
user pool Region: 5 per (requests per second)
second for an operation in the
UserPoolClientRead
category per user pool.
Any operation within this
category could be called at
this rate per user pool. You
can find the list of included
cognito/latest/
developerguide/
Version 1.0
205
Service quotas

Description
Rate of UserPoolClientUpdate requests per Each supported No The maximum total

UserPoolClientUpdate
the quota. You can
cognito/latest/
developerguide/
Rate of UserPoolClientUpdate requests per Each supported No The maximum call rate
user pool Region: 5 per (requests per second)
UserPoolClientUpdate
cognito/latest/
developerguide/
Rate of UserPoolRead requests Each supported No The maximum total

in the UserPoolRead
the quota. You can
cognito/latest/
developerguide/
Version 1.0
206
Service quotas

Description
Rate of UserPoolResourceRead requests Each supported No The maximum total

per account Region: 20 per combined call rate
UserPoolResourceRead
the quota. You can
cognito/latest/
developerguide/
Rate of UserPoolResourceRead requests Each supported No The maximum call rate

per user pool Region: 5 per (requests per second)
UserPoolResourceRead
cognito/latest/
developerguide/
Rate of UserPoolResourceUpdate requests Each supported No The maximum total

per account Region: 15 per combined call rate
UserPoolResourceUpdate
the quota. You can
cognito/latest/
developerguide/
Version 1.0
207
Service quotas

Description
Rate of UserPoolResourceUpdate requests Each supported No The maximum call rate

per user pool Region: 5 per (requests per second)
UserPoolResourceUpdate
cognito/latest/
developerguide/
Rate of UserPoolUpdate requests Each supported No The maximum total

in the UserPoolUpdate
the quota. You can
cognito/latest/
developerguide/
Rate of UserRead requests Each supported Yes The maximum total

the UserRead category.
cognito/latest/
developerguide/
Version 1.0
208
Service quotas

Description
Rate of UserResourceRead requests Each supported Yes The maximum total

the UserResourceRead
the quota. You can
cognito/latest/
developerguide/
Rate of UserResourceUpdate requests Each supported No The maximum total

the UserResourceUpdate
the quota. You can
cognito/latest/
developerguide/
Rate of UserToken requests Each supported Yes The maximum total

the UserToken category.
cognito/latest/
developerguide/
Version 1.0
209
Service quotas

Description
Rate of UserUpdate requests Each supported No The maximum total

UserUpdate category.
cognito/latest/
developerguide/
Resource servers per user pool Each supported Yes The maximum number of
Region: 25 resource servers per user
pool. A resource server is a
server for access-protected
resources.
Scopes per resource server Each supported No The maximum number

Region: 100 of scopes per resource
server. A scope is a level
of access (such as read or
write access) that an app
can request to a resource.
User import jobs per user pool Each supported Yes The maximum number of
Region: 1,000 user import jobs per user
pool.
User pools per account Each supported Yes The maximum number of
Region: 1,000 user pools that you can
create in this account per
region.
For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.
Amazon Cognito Federated Identities

Description
Identity pool name size Each supported No The maximum size of an

Region: 128 Bytes identity pool name in
bytes.
Identity pools per account Each supported Yes The maximum number of
Region: 1,000 identity pools per account.
List API call results Each supported No The maximum number of

Region: 60 results from a list or lookup
API call.
Version 1.0
210
Amazon Cognito Sync

Description
Login provider name size Each supported No The maximum size of a

Region: 2,048 Bytes login provider name in
bytes.
Role-based access control rules Each supported No The maximum number of

Region: 25 rules for role-based access
control (RBAC)
User pool providers per identity pool Each supported Yes The maximum number of
Region: 50 Amazon Cognito user pool
providers per identity pool.
Amazon Cognito Sync endpoints and quotas

Service endpoints

Name
US East us-east-2 cognito-sync.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 cognito-sync.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 cognito-sync.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- cognito-sync.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- cognito-sync.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- cognito-sync.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- cognito-sync.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Version 1.0
211
Service quotas

Name
Asia ap- cognito-sync.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- cognito-sync.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 cognito-sync.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 cognito-sync.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas

Description
Bulk publish wait time Each supported No The maximum wait time
Region: 24 for a bulk publish after a
successful request in hours.
Dataset name size Each supported No The maximum size of a

Region: 128 Bytes dataset name in bytes.
Dataset size Each supported Yes The maximum size of a

Region: 1 dataset in megabytes.
Megabytes
Datasets per identity Each supported Yes The maximum number of

Region: 20 datasets per identity.
Records per dataset Each supported Yes The maximum number of

Region: 1,024 records per dataset.
Amazon Comprehend endpoints and quotas

Version 1.0
212
Service endpoints
Service endpoints

Name
US East us-east-2 comprehend.us-east-2.amazonaws.com HTTPS

(Ohio)
comprehend-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 comprehend.us-east-1.amazonaws.com HTTPS

Virginia)
comprehend-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 comprehend.us-west-2.amazonaws.com HTTPS

(Oregon)
comprehend-fips.us-west-2.amazonaws.com HTTPS
Asia ap- comprehend.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- comprehend.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- comprehend.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- comprehend.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- comprehend.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- comprehend.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- comprehend.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 comprehend.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 comprehend.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- comprehend.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) comprehend-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
213
Service quotas
Service quotas

Description
BatchDetectDominantLanguage throttle Each supported Yes The maximum number of

limit in transactions per second Region: 10 BatchDetectDominantLanguage
requests allowed per
account per second, in the
current Region
BatchDetectEntities throttle limit in Each supported Yes The maximum number

transactions per second Region: 10 of BatchDetectEntities
current Region
BatchDetectKeyPhrases throttle limit in Each supported Yes The maximum number of

transactions per second Region: 10 BatchDetectKeyPhrases
current Region
BatchDetectSentiment throttle limit in Each supported Yes The maximum number

transactions per second Region: 10 of BatchDetectSentiment
current Region
BatchDetectSyntax throttle limit in Each supported Yes The maximum number

transactions per second Region: 10 of BatchDetectSyntax
current Region
CreateDocumentClassifier throttle limit in Each supported No The maximum number of

transactions per second Region: 1 CreateDocumentClassifier
current Region
CreateEntityRecognizer throttle limit in Each supported No The maximum number of

transactions per second Region: 1 CreateEntityRecognizer
current Region
DeleteDocumentClassifier throttle limit in Each supported No The maximum number of

transactions per second Region: 1 DeleteDocumentClassifier
current Region
DeleteEntityRecognizer throttle limit in Each supported No The maximum number of

transactions per second Region: 1 DeleteEntityRecognizer
current Region
Version 1.0
214
Service quotas

Description
DescribeDocumentClassificationJob Each supported No The maximum number of

throttle limit in transactions per second Region: 10 DescribeDocumentClassificationJob
current Region
DescribeDocumentClassifier throttle limit Each supported No The maximum number of

in transactions per second Region: 10 DescribeDocumentClassifier
current Region
DescribeDominantLanguageDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 10 DescribeDominantLanguageDetectionJob
current Region
DescribeEntitiesDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 10 DescribeEntitiesDetectionJob
current Region
DescribeEntityRecognizer throttle limit in Each supported No The maximum number of

transactions per second Region: 10 DescribeEntityRecognizer
current Region
DescribeEventsDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 10 DescribeEventsDetectionJob
current Region
DescribeKeyPhrasesDetectionJob throttle Each supported No The maximum number of

limit in transactions per second Region: 10 DescribeKeyPhrasesDetectionJob
current Region
DescribePiiEntitiesDetectionJob throttle Each supported No The maximum number of

limit in transactions per second Region: 10 DescribePiiEntitiesDetectionJob
current Region
DescribeSentimentDetectionJob throttle Each supported No The maximum number of

limit in transactions per second Region: 10 DescribeSentimentDetectionJob
current Region
Version 1.0
215
Service quotas

Description
DescribeTargetedSentimentDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 10 DescribeTargetedSentimentDetectionJob
current Region
DescribeTopicsDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 10 DescribeTopicsDetectionJob
current Region
DetectDominantLanguage max active jobs Each supported No The maximum

Region: 10 number of active
DetectDominantLanguage
jobs allowed per account, in
the current Region
DetectDominantLanguage throttle limit in Each supported Yes The maximum number of

transactions per second Region: 40 DetectDominantLanguage
current Region
DetectEntities max active jobs Each supported No The maximum number of

Region: 10 active DetectEntities jobs
allowed per account, in the
current Region
DetectEntities throttle limit in transactions Each supported Yes The maximum number of
per second Region: 20 DetectEntities requests
allowed per account per
second, in the current
Region
DetectEvents max active jobs Each supported No The maximum number of

Region: 10 active DetectEvents jobs
current Region
DetectKeyPhrases max active jobs Each supported No The maximum number of

Region: 10 active DetectKeyPhrases
the current Region
DetectKeyPhrases throttle limit in Each supported Yes The maximum number of

transactions per second Region: 20 DetectKeyPhrases requests
Region
DetectPiiEntities max active jobs Each supported No The maximum number of

Region: 10 active DetectPiiEntities jobs
current Region
Version 1.0
216
Service quotas

Description
DetectPiiEntities throttle limit in Each supported Yes The maximum number of

transactions per second Region: 20 DetectPiiEntities requests
Region
DetectSentiment max active jobs Each supported No The maximum number of

Region: 10 active DetectSentiment
the current Region
DetectSentiment throttle limit in Each supported Yes The maximum number of

transactions per second Region: 20 DetectSentiment requests
Region
DetectSyntax throttle limit in transactions Each supported Yes The maximum number
per second Region: 20 of DetectSyntax requests
Region
DetectTargetedSentiment max active jobs Each supported No The maximum

DetectTargetedSentiment
the current Region
DocumentClassification max active jobs Each supported No The maximum

DocumentClassification
the current Region
DocumentClassifier max active jobs Each supported No The maximum number of

Region: 10 active DocumentClassifier
the current Region
Endpoints max active endpoints Each supported Yes The maximum number of
Region: 10 active endpoints allowed
per account in the current
Region
Endpoints max inference units per account Each supported Yes The maximum number of
Region: 100 inference units allowed
Region
Endpoints max inference units per Each supported Yes The maximum number of
endpoint Region: 10 inference units allowed per
endpoint in the current
Region
Version 1.0
217
Service quotas

Description
EntityRecognizer max active jobs Each supported No The maximum number of

Region: 10 active EntityRecognizer
the current Region
ListDocumentClassificationJobs throttle Each supported No The maximum number of

limit in transactions per second Region: 10 ListDocumentClassificationJobs
current Region
ListDocumentClassifiers throttle limit in Each supported No The maximum number of

transactions per second Region: 10 ListDocumentClassifiers
current Region
ListDominantLanguageDetectionJobs Each supported No The maximum number of

throttle limit in transactions per second Region: 10 ListDominantLanguageDetectionJobs
current Region
ListEntitiesDetectionJobs throttle limit in Each supported No The maximum number of

transactions per second Region: 10 ListEntitiesDetectionJobs
current Region
ListEntityRecognizers throttle limit in Each supported No The maximum number

transactions per second Region: 10 of ListEntityRecognizers
current Region
ListEventsDetectionJobs throttle limit in Each supported No The maximum number of

transactions per second Region: 10 ListEventsDetectionJobs
current Region
ListKeyPhrasesDetectionJobs throttle limit Each supported No The maximum number of

in transactions per second Region: 10 ListKeyPhrasesDetectionJobs
current Region
ListPiiEntitiesDetectionJobs throttle limit Each supported No The maximum number of

in transactions per second Region: 10 ListPiiEntitiesDetectionJobs
current Region
Version 1.0
218
Service quotas

Description
ListSentimentDetectionJobs throttle limit Each supported No The maximum number of

in transactions per second Region: 10 ListSentimentDetectionJobs
current Region
ListTagsForResource throttle limit in Each supported No The maximum number

transactions per second Region: 10 of ListTagsForResource
current Region
ListTargetedSentimentDetectionJobs Each supported No The maximum number of

throttle limit in transactions per second Region: 10 ListTargetedSentimentDetectionJobs
current Region
ListTopicsDetectionJobs throttle limit in Each supported No The maximum number of

transactions per second Region: 10 ListTopicsDetectionJobs
current Region
StartDocumentClassificationJob throttle Each supported No The maximum number of

limit in transactions per second Region: 1 StartDocumentClassificationJob
current Region
StartDominantLanguageDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 1 StartDominantLanguageDetectionJob
current Region
StartEntitiesDetectionJob throttle limit in Each supported No The maximum number of

transactions per second Region: 1 StartEntitiesDetectionJob
current Region
StartEventsDetectionJob throttle limit in Each supported No The maximum number of

transactions per second Region: 1 StartEventsDetectionJob
current Region
StartKeyPhrasesDetectionJob throttle Each supported No The maximum number of

limit in transactions per second Region: 1 StartKeyPhrasesDetectionJob
current Region
Version 1.0
219
Service quotas

Description
StartPiiEntitiesDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 1 StartPiiEntitiesDetectionJob
current Region
StartSentimentDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 1 StartSentimentDetectionJob
current Region
StartTargetedSentimentDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 1 StartTargetedSentimentDetectionJob
current Region
StartTopicsDetectionJob throttle limit in Each supported No The maximum number of

transactions per second Region: 1 StartTopicsDetectionJob
current Region
StopDominantLanguageDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 1 StopDominantLanguageDetectionJob
current Region
StopEntitiesDetectionJob throttle limit in Each supported No The maximum number of

transactions per second Region: 1 StopEntitiesDetectionJob
current Region
StopEventsDetectionJob throttle limit in Each supported No The maximum number of

transactions per second Region: 1 StopEventsDetectionJob
current Region
StopKeyPhrasesDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 1 StopKeyPhrasesDetectionJob
current Region
StopPiiEntitiesDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 1 StopPiiEntitiesDetectionJob
current Region
Version 1.0
220
Amazon Comprehend Medical

Description
StopSentimentDetectionJob throttle limit Each supported No The maximum number of

in transactions per second Region: 1 StopSentimentDetectionJob
current Region
StopTargetedSentimentDetectionJob Each supported No The maximum number of

throttle limit in transactions per second Region: 1 StopTargetedSentimentDetectionJob
current Region
StopTrainingDocumentClassifier throttle Each supported No The maximum number of

limit in transactions per second Region: 1 StopTrainingDocumentClassifier
current Region
StopTrainingEntityRecognizer throttle Each supported No The maximum number of

limit in transactions per second Region: 1 StopTrainingEntityRecognizer
current Region
TagResource throttle limit in transactions Each supported No The maximum number

per second Region: 1 of TagResource requests
Region
TopicsDetection max active jobs Each supported No The maximum number of

Region: 10 active TopicsDetection jobs
current Region
UntagResource throttle limit in Each supported No The maximum number of

transactions per second Region: 1 UntagResource requests
Region
For more information, see Guidelines and Quotas in the Amazon Comprehend Developer Guide.
Amazon Comprehend Medical endpoints and

quotas
Version 1.0
221
Service endpoints
Service endpoints

Name
US East us-east-2 comprehendmedical.us-east-2.amazonaws.com HTTPS

(Ohio)
comprehendmedical-fips.us- HTTPS
US East (N. us-east-1 comprehendmedical.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 comprehendmedical.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- comprehendmedical.ap- HTTPS

(Sydney)
Canada ca- comprehendmedical.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu-west-1 comprehendmedical.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 comprehendmedical.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- comprehendmedical.us-gov- HTTPS

(US-West) HTTPS
comprehendmedical-fips.us-gov-
Service quotas

Description
Characters per second (CPS) for the Each supported Yes The maximum characters
DetectEntities operation Region: 40,000 per second (CPS) for the
DetectEntities operation.
DetectEntities-v2 operation Region: 40,000 per second (CPS) for
the DetectEntities-v2
operation.
DetectPHI operation Region: 40,000 per second (CPS) for the
DetectPHI operation.
Version 1.0
222
Service quotas

Description
InferICD10CM operation Region: 40,000 per second (CPS) for the
InferICD10CM operation.
InferRxNorm operation Region: 40,000 per second (CPS) for the
InferRxNorm operation.
Maximum document size (UTF-8 Each supported No The maximum document

characters) for the DetectEntities Region: 20,000 size (UTF-8 characters)
operation Bytes for the DetectEntities
operation.

characters) for the DetectEntities-v2 Region: 20,000 size (UTF-8 characters)
operation Bytes for the DetectEntities-v2
operation.

characters) for the DetectPHI operation Region: 20,000 size (UTF-8 characters) for
Bytes the DetectPHI operation.

characters) for the InferICD10CM Region: 10,000 size (UTF-8 characters)
operation Bytes for the InferICD10CM
operation.

characters) for the InferRxNorm operation Region: 10,000 size (UTF-8 characters) for
Bytes the InferRxNorm operation.
Maximum individual file size for batch jobs Each supported No The maximum individual
Region: 40 Kilobytes file size for batch jobs.
Maximum number of files for batch jobs Each supported No The maximum number of
Region: 5,000,000 files for batch jobs.
Maximum size (in GB) of text analysis Each supported No The maximum size (in GB)
batch jobs (all files) Region: 10 of text analysis batch jobs
Gigabytes (all files).
Maximum size of ontology linking batch Each supported No The maximum size of
analysis jobs (all files) Region: 5 Gigabytes ontology linking batch
analysis jobs (all files).
Minimum size of batch jobs (all files) Each supported No The minimum size of batch
Region: 1 Bytes jobs (all files).
Transactions per second (TPS) for the Each supported Yes The maximum transactions
DescribeEntitiesDetectionV2Job operation Region: 10 per second (TPS) for the
DescribeEntitiesDetectionV2Job
operation.
DescribeICD10CMInferenceJob operation Region: 10 per second (TPS) for the
DescribeICD10CMInferenceJob
operation.
Version 1.0
223
Service quotas

Description
DescribePHIDetectionJob operation Region: 10 per second (TPS) for the
DescribePHIDetectionJob
operation.
DescribeRxNormInferenceJob operation Region: 10 per second (TPS) for the
DescribeRxNormInferenceJob
operation.
Transactions per second (TPS) for the Each supported No The maximum transactions
DetectEntities operation Region: 100 per second (TPS) for the
DetectEntities operation.
DetectEntities-v2 operation Region: 100 per second (TPS) for
the DetectEntities-v2
operation.
DetectPHI operation Region: 100 per second (TPS) for the
DetectPHI operation.
InferICD10CM operation Region: 100 per second (TPS) for the
InferICD10CM operation.
InferRxNorm operation Region: 100 per second (TPS) for the
InferRxNorm operation.
ListEntitiesDetectionV2Jobs operation Region: 10 per second (TPS) for the
ListEntitiesDetectionV2Jobs
operation.
ListICD10CMInferenceJobs operation Region: 10 per second (TPS) for the
ListICD10CMInferenceJobs
operation.
ListPHIDetectionJobs operation Region: 10 per second (TPS) for the
ListPHIDetectionJobs
operation.
ListRxNormInferenceJobs operation Region: 10 per second (TPS) for the
ListRxNormInferenceJobs
operation.
StartEntitiesDetectionV2Job operation Region: 5 per second (TPS) for the
StartEntitiesDetectionV2Job
operation.
Version 1.0
224
Compute Optimizer

Description
StartICD10CMInferenceJob operation Region: 5 per second (TPS) for the
StartICD10CMInferenceJob
operation.
StartPHIDetectionJob operation Region: 5 per second (TPS) for the
StartPHIDetectionJob
operation.
StartRxNormInferenceJob operation Region: 5 per second (TPS) for the
StartRxNormInferenceJob
operation.
StopEntitiesDetectionV2Job operation Region: 5 per second (TPS) for the
StopEntitiesDetectionV2Job
operation.
StopICD10CMInferenceJob operation Region: 5 per second (TPS) for the
StopICD10CMInferenceJob
operation.
StopPHIDetectionJob operation Region: 5 per second (TPS) for the
StopPHIDetectionJob
operation.
StopRxNormInferenceJob operation Region: 5 per second (TPS) for the
StopRxNormInferenceJob
operation.
AWS Compute Optimizer endpoints and quotas

Service endpoints
Name
US East us-east-2 compute-optimizer.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 compute-optimizer.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
225
Service endpoints

Name
US us-west-1 compute-optimizer.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 compute-optimizer.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 compute-optimizer.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 compute-optimizer.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- compute-optimizer.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- compute-optimizer.ap- HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- compute-optimizer.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- compute-optimizer.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 compute-optimizer.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- compute-optimizer.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Version 1.0
226
Service quotas

Name
Europe eu-north-1 compute-optimizer.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- compute-optimizer.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 compute-optimizer.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
The number of API calls per second per Each supported No The number of API calls per
account Region: 5 second per account.
AWS Config endpoints and quotas

Service endpoints

Name
US East us-east-2 config.us-east-2.amazonaws.com HTTPS

(Ohio)
config-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 config.us-east-1.amazonaws.com HTTPS

Virginia)
config-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 config.us-west-1.amazonaws.com HTTPS

West (N.
California) config-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 config.us-west-2.amazonaws.com HTTPS

(Oregon)
config-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
227
Service endpoints

Name
Africa af-south-1 config.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 config.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- config.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- config.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- config.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- config.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- config.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 config.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- config.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 config.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
228
Service quotas

Name
Middle me- config.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- config.me-central-1.amazonaws.com HTTPS

South sa-east-1 config.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- config.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) config.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- config.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) config.us-gov-west-1.amazonaws.com HTTPS
Service quotas
AWS Config Service quotas
Maximum number of AWS Config Rules 400 Yes

per Region per account
Maximum number of configuration 50 Yes

aggregators
Maximum number of accounts in an 10000 No

aggregator
Maximum number of accounts added or 1000 Yes

deleted per week for all aggregators
Maximum number of Tags 50 No
Maximum number of saved queries in a 300 Yes

single account and a Region
Single Account Conformance Packs
Maximum number of conformance 50 No

packs per account
Maximum number of AWS Config Rules 130 No

per conformance pack
Version 1.0
229
Amazon Connect

per account across all conformance
packs
Note
AWS Config rules in conformance packs count in the quota for the Maximum number of AWS
Config Rules per Region per account.
Organization Conformance Packs
Maximum number of conformance 50 No

packs per organization

per organization conformance pack

per account across all organization
conformance packs
Note
Deploying at the organization level counts in quota for child accounts. AWS Config rules in
conformance packs count in the quota for the Maximum number of AWS Config Rules per
Region per account.
Organization Config Rules
Maximum number of organization AWS 150 No

Config rules per organization
Note
Deploying at the organization level counts in the quota for child accounts.
Amazon Connect endpoints and quotas

Version 1.0
230
Service endpoints
Service endpoints

Name
US East (N. us-east-1 connect.us-east-1.amazonaws.com HTTPS

Virginia)
connect-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 connect.us-west-2.amazonaws.com HTTPS

(Oregon)
connect-fips.us-west-2.amazonaws.com HTTPS
Asia ap- connect.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- connect.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- connect.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- connect.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- connect.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- connect.eu-central-1.amazonaws.com HTTPS

Europe eu-west-2 connect.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- connect.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) connect.us-gov-west-1.amazonaws.com HTTPS
Amazon Connect Contact Lens endpoints

The Amazon Connect Contact Lens Service has the following endpoints.

Name
US East (N. us-east-1 contact-lens.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 contact-lens.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
231
Service endpoints

Name
Asia ap- contact-lens.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- contact-lens.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- contact-lens.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- contact-lens.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- contact-lens.eu-central-1.amazonaws.com HTTPS

Europe eu-west-2 contact-lens.eu-west-2.amazonaws.com HTTPS

(London)
Amazon Connect Participant Service endpoints

The Amazon Connect Participant Service has the following endpoints.

Name
US East (N. us-east-1 participant.connect.us-east-1.amazonaws.com HTTPS

Virginia)
participant.connect-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 participant.connect.us-west-2.amazonaws.com HTTPS

(Oregon)
participant.connect-fips.us-west-2.amazonaws.com HTTPS
Africa (Cape af-south-1 participant.connect.af-south-1.amazonaws.com HTTPS

Town)
Asia Pacific ap- participant.connect.ap-northeast-2.amazonaws.com HTTPS

(Seoul) northeast-2
Asia Pacific ap- participant.connect.ap-southeast-1.amazonaws.com HTTPS

(Singapore) southeast-1
Asia Pacific ap- participant.connect.ap-southeast-2.amazonaws.com HTTPS

(Sydney) southeast-2
Asia Pacific ap- participant.connect.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) northeast-1
Canada ca-central-1 participant.connect.ca-central-1.amazonaws.com HTTPS

(Central)
Version 1.0
232
Service endpoints

Name
Europe eu-central-1 participant.connect.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Europe eu-west-2 participant.connect.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- participant.connect.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) participant.connect.us-gov-west-1.amazonaws.com HTTPS
Amazon Connect Customer Profiles endpoints

The Amazon Connect Customer Profiles Service has the following endpoints.

Name
US East (N. us-east-1 profile.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 profile.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 profile.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- profile.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- profile.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- profile.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- profile.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- profile.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- profile.eu-central-1.amazonaws.com HTTPS

Europe eu-west-2 profile.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
233
Service quotas
AppIntegrations Service endpoints

The AppIntegrations Service has the following endpoints.

Name
US East (N. us-east-1 app-integrations.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 app-integrations.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 app-integrations.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- app-integrations.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- app-integrations.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- app-integrations.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- app-integrations.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- app-integrations.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- app-integrations.eu-central-1.amazonaws.com HTTPS

Europe eu-west-2 app-integrations.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
Description
AWS Lambda functions per instance Each supported Yes The maximum number of
Region: 50 AWS Lambda functions you
can create in this instance
Agent status per instance Each supported No The maximum number of

Region: 50 agent statuses you can
create in this instance in
the current Region. This
limit cannot be increased.
Version 1.0
234
Service quotas

Description
Amazon Connect instance count Each supported Yes The maximum number of
Region: 2 Amazon Connect instances
you can create in this
Region.
Amazon Lex V2 bot aliases per instance Each supported Yes The maximum number of
Region: 100 Amazon Lex V2 bot aliases
you can use in this instance
Amazon Lex bots per instance Each supported Yes The maximum number of
Region: 70 Amazon Lex bots you can
use in this instance in the
current Region.
Concurrent active calls per instance Each supported Yes The maximum number of
Region: 10 concurrent active calls you
can have in this instance in
the current Region. If this
is exceeded, contacts will
get a fast busy tone, which
indicates the transmission
path to the called number
is not available.
Concurrent active chats per instance Each supported Yes The maximum number of
Region: 100 concurrent active chats you
can have in this instance
in the current Region. If
this is exceeded, additional
chat sessions cannot be
initiated.
Concurrent active tasks per instance Each supported Yes The maximum number of
Region: 2,500 concurrent active tasks you
can have in this instance in
the current Region. If this is
exceeded, additional tasks
cannot be created.
Contact flows per instance Each supported Yes The maximum number
Region: 100 of contact flows you can
the current Region.
Hours of operation per instance Each supported Yes The maximum number of
Region: 100 hours of operation you can
the current Region.
Phone numbers per instance Each supported Yes The maximum number of
Region: 5 phone numbers you can
claim for this instance in
the current Region.
Version 1.0
235
Service quotas

Description
Prompts per instance Each supported Yes The maximum number of

Region: 500 prompts you can create in
this instance in the current
Region.
Queues per instance Each supported Yes The maximum number of

Region: 50 queues you can create in
Region.
Queues per routing profile per instance Each supported Yes The maximum number
Region: 50 of queues you can create
per routing profile in this
instance in the current
Region.
Quick connects per instance Each supported Yes The maximum number of
Region: 100 quick connects/transfer
destinations you can create
in this instance in the
current Region.
Rate of AssociateQueueQuickConnects API Each supported Yes The maximum number of

requests Region: 2 per AssociateQueueQuickConnects
second API requests allowed
per second. When you
reach this quota, Amazon
Connect rejects requests
for this operation for the
remainder of the interval.
Rate of AssociateRoutingProfileQueues Each supported Yes The maximum number of

API requests Region: 2 per AssociateRoutingProfileQueues
Rate of CreateQueue API requests Each supported Yes The maximum number of
Region: 2 per CreateQueue API requests
second allowed per second. When
you reach this quota,
Amazon Connect rejects
requests for this operation
for the remainder of the
interval.
Version 1.0
236
Service quotas

Description
Rate of CreateQuickConnect API requests Each supported Yes The maximum number
Region: 2 per of CreateQuickConnect
Rate of CreateRoutingProfile API requests Each supported Yes The maximum number
Region: 2 per of CreateRoutingProfile
Rate of CreateUser API requests Each supported Yes The maximum number of
Region: 2 per CreateUser API requests
interval.
Rate of CreateUserHierarchyGroup API Each supported Yes The maximum number of

requests Region: 2 per CreateUserHierarchyGroup
Rate of DeleteQuickConnect API requests Each supported Yes The maximum number
Region: 2 per of DeleteQuickConnect
Rate of DeleteUser API requests Each supported Yes The maximum number of
Region: 2 per DeleteUser API requests
interval.
Version 1.0
237
Service quotas

Description
Rate of DeleteUserHierarchyGroup API Each supported Yes The maximum number of

requests Region: 2 per DeleteUserHierarchyGroup
Rate of DescribeHoursOfOperation API Each supported Yes The maximum number of

requests Region: 2 per DescribeHoursOfOperation
Rate of DescribeQueue API requests Each supported Yes The maximum number
Region: 2 per of DescribeQueue API
second requests allowed per
second. When you reach
this quota, Amazon
Rate of DescribeQuickConnect API Each supported Yes The maximum number

requests Region: 2 per of DescribeQuickConnect
Rate of DescribeRoutingProfile API Each supported Yes The maximum number of

requests Region: 2 per DescribeRoutingProfile
Rate of DescribeUser API requests Each supported Yes The maximum number of
Region: 2 per DescribeUser API requests
interval.
Version 1.0
238
Service quotas

Description
Rate of DescribeUserHierarchyGroup API Each supported Yes The maximum number of

requests Region: 2 per DescribeUserHierarchyGroup
Rate of DescribeUserHierarchyStructure Each supported Yes The maximum number of

API requests Region: 2 per DescribeUserHierarchyStructure
Rate of DisassociateQueueQuickConnects Each supported Yes The maximum number of

API requests Region: 2 per DisassociateQueueQuickConnects
Rate of DisassociateRoutingProfileQueues Each supported Yes The maximum number of

API requests Region: 2 per DisassociateRoutingProfileQueues
Rate of GetContactAttributes API requests Each supported Yes The maximum number
Region: 2 per of GetContactAttributes
Rate of GetCurrentMetricData API requests Each supported Yes The maximum number
Region: 5 per of GetCurrentMetricData
Version 1.0
239
Service quotas

Description
Rate of GetFederationToken API requests Each supported Yes The maximum number
Region: 2 per of GetFederationToken
Rate of GetMetricData API requests Each supported Yes The maximum number of
Region: 5 per GetMetricData API requests
interval.
Rate of ListContactFlows API requests Each supported Yes The maximum number
Region: 2 per of ListContactFlows
Rate of ListHoursOfOperations API Each supported Yes The maximum number of

requests Region: 2 per ListHoursOfOperations
Rate of ListPhoneNumbers API requests Each supported Yes The maximum number
Region: 2 per of ListPhoneNumbers
Rate of ListQueueQuickConnects API Each supported Yes The maximum number of

requests Region: 2 per ListQueueQuickConnects
Version 1.0
240
Service quotas

Description
Rate of ListQueues API requests Each supported Yes The maximum number of
Region: 2 per ListQueues API requests
interval.
Rate of ListQuickConnects API requests Each supported Yes The maximum number
Region: 2 per of ListQuickConnects
Rate of ListRoutingProfileQueues API Each supported Yes The maximum number of

requests Region: 2 per ListRoutingProfileQueues
Rate of ListRoutingProfiles API requests Each supported Yes The maximum number
Region: 2 per of ListRoutingProfiles
Rate of ListSecurityProfiles API requests Each supported Yes The maximum number
Region: 2 per of ListSecurityProfiles
Rate of ListTagsForResource API requests Each supported Yes The maximum number
Version 1.0
241
Service quotas

Description
Rate of ListUserHierarchyGroups API Each supported Yes The maximum number of

requests Region: 2 per ListUserHierarchyGroups
Rate of ListUsers API requests Each supported Yes The maximum number
Region: 2 per of ListUsers API requests
interval.
Rate of StartOutboundVoiceContact API Each supported Yes The maximum number of

requests Region: 2 per StartOutboundVoiceContact
Rate of StopContact API requests Each supported Yes The maximum number of
Region: 2 per StopContact API requests
interval.
Rate of TagResource API requests Each supported Yes The maximum number of
Region: 2 per TagResource API requests
interval.
Rate of UntagResource API requests Each supported Yes The maximum number
Region: 2 per of UntagResource API
second. When you reach
this quota, Amazon
Version 1.0
242
Service quotas

Description
Rate of UpdateContactAttributes API Each supported Yes The maximum number of

requests Region: 2 per UpdateContactAttributes
Rate of UpdateQueueHoursOfOperation Each supported Yes The maximum number of

API requests Region: 2 per UpdateQueueHoursOfOperation
Rate of UpdateQueueMaxContacts API Each supported Yes The maximum number of

requests Region: 2 per UpdateQueueMaxContacts
Rate of UpdateQueueName API requests Each supported Yes The maximum number
Region: 2 per of UpdateQueueName
Rate of Each supported Yes The maximum number of

UpdateQueueOutboundCallerConfig API Region: 2 per UpdateQueueOutboundCallerConfig
requests second API requests allowed
Rate of UpdateQueueStatus API requests Each supported Yes The maximum number
Region: 2 per of UpdateQueueStatus
Version 1.0
243
Service quotas

Description
Rate of UpdateQuickConnectConfig API Each supported Yes The maximum number of

requests Region: 2 per UpdateQuickConnectConfig
Rate of UpdateQuickConnectName API Each supported Yes The maximum number of

requests Region: 2 per UpdateQuickConnectName
Rate of UpdateRoutingProfileConcurrency Each supported Yes The maximum number of

API requests Region: 2 per UpdateRoutingProfileConcurrency

UpdateRoutingProfileDefaultOutboundQueueRegion: 2 per UpdateRoutingProfileDefaultOutboundQu
API requests second API requests allowed
Rate of UpdateRoutingProfileName API Each supported Yes The maximum number of

requests Region: 2 per UpdateRoutingProfileName
Rate of UpdateRoutingProfileQueues API Each supported Yes The maximum number of

requests Region: 2 per UpdateRoutingProfileQueues
Version 1.0
244
Service quotas

Description
Rate of UpdateUserHierarchy API requests Each supported Yes The maximum number
Region: 2 per of UpdateUserHierarchy
Rate of UpdateUserHierarchyGroupName Each supported Yes The maximum number of

API requests Region: 2 per UpdateUserHierarchyGroupName
Rate of UpdateUserIdentityInfo API Each supported Yes The maximum number of

requests Region: 2 per UpdateUserIdentityInfo
Rate of UpdateUserPhoneConfig API Each supported Yes The maximum number of

requests Region: 2 per UpdateUserPhoneConfig
Rate of UpdateUserRoutingProfile API Each supported Yes The maximum number of

requests Region: 2 per UpdateUserRoutingProfile
Rate of UpdateUserSecurityProfiles API Each supported Yes The maximum number of

requests Region: 2 per UpdateUserSecurityProfiles
Version 1.0
245
Service quotas

Description
Reports per instance Each supported Yes The maximum number

Region: 500 of reports that you can
create in this instance
Personal saved reports
count towards the limit.
As a best practice, we
recommend you implement
appropriate retention
policies so reports dont pile
up.
Routing profiles per instance Each supported Yes The maximum number of
Region: 100 routing profiles you can
the current Region.
Scheduled reports per instance Each supported Yes The maximum number of
Region: 50 scheduled reports you can
the current Region.
Security profiles per instance Each supported Yes The maximum number of
Region: 100 security profiles you can
the current Region.
User hierarchy groups per instance Each supported Yes The maximum number of
Region: 500 user hierarchy groups you
can create in this instance
Users per instance Each supported Yes The maximum number

Region: 500 of users you can create in
Region.
Amazon Connect Customer Profiles service quotas

The Amazon Connect Customer Profiles Service has the following quotas.

Description
Amazon Connect Customer Profiles Each supported Yes The maximum number of
domain count Region: 100 Amazon Connect Customer
Profiles domains you can
current AWS Region.
Keys per object type Each supported Yes The maximum number of
Region: 10 keys that can be defined
per object type in the
current AWS Region.
Version 1.0
246
AWS Data Exchange

Description
Maximum expiration in days Each supported Yes The maximum expiration,

Region: 1,098 in days, that can be defined
for an object or profile in
the current AWS Region.
Maximum number of integrations Each supported Yes The maximum number of

Region: 50 integrations per domain in
Maximum size of all objects for a profile Each supported Yes The total size of a profile,
Region: 51,200 including all of its related
Kilobytes objects, in the current AWS
Region.
Object and profile maximum size Each supported No The maximum size of a
Region: 250 single profile or profile
Kilobytes object in the current AWS
Region.
Object types per domain Each supported Yes The maximum number of
Region: 100 object types you can define
per domain in the current
AWS Region.
Objects per profile Each supported Yes The maximum number

Region: 1,000 of objects that can be
attached to a single profile
in the current AWS Region.
For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.
AWS Data Exchange endpoints and quotas

Service endpoints
Name
US East us-east-2 dataexchange.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 dataexchange.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 dataexchange.us-west-1.amazonaws.com HTTPS

West (N.
California)
Version 1.0
247
Service quotas

Name
US West us-west-2 dataexchange.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- dataexchange.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- dataexchange.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- dataexchange.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- dataexchange.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- dataexchange.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 dataexchange.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 dataexchange.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
Description
Amazon API Gateway API assets per Each supported Yes The maximum number of
revision Region: 20 Amazon API Gateway API
assets that a single revision
can contain.
Amazon Redshift datashare assets per Each supported No The maximum number of
import job from Redshift Region: 10 Amazon Redshift datashare
assets you can import from
Redshift in a single job.
Amazon Redshift datashare assets per Each supported Yes The maximum number of
revision Region: 20 Amazon Redshift datashare
assets that a single revision
can contain.
Asset per export job from Amazon S3 Each supported No The maximum number of
Region: 100 assets you can export to
Amazon S3 in a single job.
Asset size in GB Each supported No The maximum size in GB of

Region: 100 a single asset.
Gigabytes
Version 1.0
248
Service quotas

Description
Assets per import job from Amazon S3 Each supported No The maximum number of
Region: 100 assets you can import from
Amazon S3 in a single job.
Assets per revision Each supported Yes The maximum number of

Region: 10,000 assets that a single revision
can contain.
Auto export event actions per data set Each supported Yes The maximum number of
Region: 5 auto export event actions
per data set.
Bring-Your-Own-Subscription offers per Each supported Yes The maximum number of

account Region: 10 BYOS (Bring-Your-Own-
Subscription) offers that a
single account can create.
Concurrent in progress jobs to export Each supported No The maximum number

assets to Amazon S3 Region: 10 of concurrently running
jobs (i.e. jobs with
IN_PROGRESS state) to
export assets to Amazon
S3.

assets to a signed URL Region: 10 of concurrently running
export assets to a signed
URL.

revisions to Amazon S3 Region: 5 of concurrently running
export revisions to Amazon
S3.
Concurrent in progress jobs to import Each supported No The maximum number

assets from Amazon API Gateway Region: 10 of concurrently running
import assets from Amazon
API Gateway.

assets from Amazon Redshift datashares Region: 10 of concurrently running
import Amazon Redshift
datashares.
Version 1.0
249
Service quotas

Description

assets from Amazon S3 Region: 10 of concurrently running
import assets from Amazon
S3.

assets from a signed URL Region: 10 of concurrently running
import assets from a signed
URL.
Data dictionaries per product Each supported Yes The maximum number
Region: 50 of data dictionaries per
product.
Data dictionary file size in MB Each supported Yes The maximum size (in MB)
Region: 1 of a data dictionary.
Megabytes
Data sets per account Each supported Yes The maximum number of
Region: 3,000 data sets per account.
Data sets per product Each supported Yes The maximum number
Region: 25 of data sets that a single
product can contain.
Event actions per account Each supported Yes The maximum number of
Region: 50 event actions per account.
Private offers per account Each supported Yes The maximum number of
Region: 25 custom offers that a single
account can create.
Products per account Each supported Yes The maximum number of

Region: 50 published products per
account.
Products per data set Each supported Yes The maximum number of
Region: 100 products that can contain a
given data set.
Revisions per Amazon API Gateway API Each supported Yes The maximum number
data set Region: 20 of revisions that a single
Amazon API Gateway API
data set can contain.
Revisions per Amazon Redshift datashare Each supported Yes The maximum number
data set Region: 20 of revisions that a single
Amazon Redshift datashare
data set can contain.
Version 1.0
250
Amazon Data Lifecycle Manager

Description
Revisions per addRevisions change set Each supported No The maximum number
Region: 5 of revisions that can be
published to a product in
a single AWS Marketplace
Catalog API ChangeSet of
type addRevisions.
Revisions per data set Each supported Yes The maximum number of
Region: 10,000 revisions that a single data
set can contain.
Sample file size in MB Each supported Yes The maximum size (in MB)
Region: 50 of a sample.
Megabytes
Samples per product Each supported Yes The maximum number of

Region: 50 samples per product.
For more information, see AWS Data Exchange quotas in the AWS Data Exchange User Guide.
Amazon Data Lifecycle Manager endpoints and

quotas
Service endpoints

Name
US East us-east-2 dlm.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 dlm.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 dlm.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 dlm.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 dlm.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Version 1.0
251
Service endpoints

Name
Asia ap-east-1 dlm.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- dlm.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- dlm.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- dlm.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- dlm.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- dlm.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 dlm.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- dlm.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 dlm.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- dlm.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
252
Service quotas

Name
South sa-east-1 dlm.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- dlm.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- dlm.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Policies per Region Each supported Yes The maximum number of

Region: 100 policies per Region.
Target accounts per sharing rule Each supported Yes The maximum number of
Region: 50 target accounts per sharing
rule.
AWS Data Pipeline endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 datapipeline.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 datapipeline.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- datapipeline.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- datapipeline.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Version 1.0
253
Service quotas

Name
Europe eu-west-1 datapipeline.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Minimum delay between retry attempts in Each supported No The minimum delay
minutes Region: 2 between retry attempts in
minutes.
Minimum scheduling interval in minutes Each supported No The minimum scheduling

Region: 15 interval in minutes.
Number of EC2 instances per Ec2Resource Each supported No The maximum number
object Region: 1 of EC2 instances per
Ec2Resource object.
Number of UTF8 bytes per field Each supported No The maximum number of
Region: 10,240 UTF8 bytes per field.
Number of UTF8 bytes per field name or Each supported No The maximum number of
identifier Region: 256 UTF8 bytes per field name
or identifier.
Number of UTF8 bytes per object Each supported No The maximum number
Region: 15,360 of UTF8 bytes per object
(including field names).
Number of active instances per object Each supported Yes The maximum number of
Region: 5 active instances per object.
Number of fields per object Each supported No The maximum number of

Region: 50 fields per object.
Number of objects per pipeline Each supported Yes The maximum number of
Region: 100 objects that you can define
per pipeline.
Number of pipelines you can create Each supported Yes The maximum number
Region: 100 of pipelines that you can
create.
Number of roll-ups into a single object Each supported No The maximum number of
Region: 32 roll-ups into a single object.
Rate of creation of an instance from an Each supported No The rate of creation of an

object Region: 1 per 5 instance from an object per
minutes 5 minutes.
Retries of a pipeline activity per task Each supported No The maximum number of
Region: 5 retries of a pipeline activity
per task.
Version 1.0
254
DataSync
For more information, see AWS Data Pipeline Quotas in the AWS Data Pipeline Developer Guide.
AWS DataSync endpoints and quotas

Service endpoints

Name
US East us-east-2 datasync.us-east-2.amazonaws.com HTTPS

(Ohio)
datasync-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 datasync.us-east-1.amazonaws.com HTTPS

Virginia)
datasync-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 datasync.us-west-1.amazonaws.com HTTPS

West (N.
California) datasync-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 datasync.us-west-2.amazonaws.com HTTPS

(Oregon)
datasync-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 datasync.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 datasync.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- datasync.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- datasync.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- datasync.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
255
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- datasync.ca-central-1.amazonaws.com HTTPS

(Central) central-1
datasync-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- datasync.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 datasync.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- datasync.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 datasync.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- datasync.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 datasync.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- datasync.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) datasync-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- datasync.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) datasync-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
256
Service quotas
Service quotas
Description
Files per task Each supported Yes The maximum number of

Region: 25,000,000 files per task.
Tasks Each supported Yes The maximum number of

Region: 100 tasks that you can create in
Region.
Throughput per task Each supported Yes The maximum throughput

Region: 10 Gigabits per task.
per second
AWS Database Migration Service endpoints and

quotas
Service endpoints
Name
US East us-east-2 dms.us-east-2.amazonaws.com HTTPS

(Ohio)
dms-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 dms.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 dms.us-west-1.amazonaws.com HTTPS

West (N.
California) dms-fips.us-west-1.amazonaws.com HTTPS
dms-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 dms.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
257
Service endpoints

Name
Africa af-south-1 dms.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 dms.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- dms.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- dms.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- dms.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- dms.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- dms.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 dms.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- dms.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 dms.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
258
Service quotas

Name
Middle me- dms.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- dms.me-central-1.amazonaws.com HTTPS

South sa-east-1 dms.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- dms.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) dms.us-gov-east-1.amazonaws.com HTTPS
dms.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- dms.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) dms.us-gov-west-1.amazonaws.com HTTPS
dms.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Certificate count Each supported Yes The maximum number

Region: 100 of certificates allowed in
Region.
Endpoint count Each supported Yes The maximum number

Region: 1,000 of endpoints allowed in
Region.
Endpoints per instance Each supported Yes The maximum number

Region: 100 of endpoints allowed per
replication instance.

Region: 60 AWS DMS events that you
can subscribe to.
Number of DMS Fleet Advisor collector Each supported No Maximum number of

instances Region: 10 created instances of DMS
Fleet Advisor collector
Number of data files DMS Fleet Advisor Each supported No Maximum number of files
can send per hour Region: 500 per that DMS Fleet Advisor
hour collector can send per hour
Version 1.0
259
AWS DeepLens

Description
Number of database objects DMS Fleet Each supported No The total number of
Advisor can process Region: 50,000,000 database objects that
AWS DMS Fleet Advisor
can process. A database
object is any data structure
used to store or reference
data, including tables,
views, stored procedures,
functions, and triggers
Number of monitored objects in DMS Fleet Each supported No Maximum number of

Advisor collector Region: 2,000 monitored objects that
a customer can add in a
single DMS Fleet Advisor
collector
Replication instances Each supported Yes The maximum number

Region: 60 of replication instances
the current Region.
Subnet groups Each supported Yes The maximum number of

Region: 60 subnet groups allowed in
Region.
Subnets per subnet group Each supported Yes The maximum number of
Region: 60 subnets allowed per subnet
group.
Task count Each supported Yes The maximum number

Region: 600 of tasks allowed in this
Region.
The amount of collected data in DMS Fleet Each supported No The amount of data that
Advisor Region: 10 can be collected by all DMS
Gigabytes Fleet Advisor collectors
Total storage Each supported Yes The maximum total storage

Region: 30,000 (in GB) for all replication
Gigabytes instances added together.
AWS DeepLens endpoints and quotas

Version 1.0
260
Service endpoints
Service endpoints
Name
US East (N. us-east-1 deeplens.us-east-1.amazonaws.com HTTPS

Virginia)
Asia ap- deeplens.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- deeplens.eu-central-1.amazonaws.com HTTPS

Service quotas
Description
Devices per account Each supported Yes The maximum number

Region: 200 of devices in the same
account.
Models per account Each supported Yes The maximum number

Region: 200 of models in the same
account.
Projects per account Each supported Yes The maximum number

Region: 200 of projects in the same
account.
Versions per project Each supported No The maximum number of

Region: 100 versions any project can
have at the same time.
AWS DeepRacer endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 deepracer.us-east-1.amazonaws.com

Virginia)
Version 1.0
261
Service quotas
Service quotas
Description
Cars Each supported Yes The maximum number of

Region: 20 cars any account can have
at same time.
Evaluation jobs Each supported Yes The maximum number

Region: 3 of concurrent evaluation
jobs in same account in the
same region.
Training jobs Each supported Yes The maximum number of

Region: 4 concurrent training jobs in
same account in the same
region.
Amazon Detective endpoints and quotas

Service endpoints
Name
US East us-east-2 api.detective.us-east-2.amazonaws.com HTTPS

(Ohio)
api.detective-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 api.detective.us-east-1.amazonaws.com HTTPS

Virginia)
api.detective-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 api.detective.us-west-1.amazonaws.com HTTPS

West (N.
California) api.detective-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 api.detective.us-west-2.amazonaws.com HTTPS

(Oregon)
api.detective-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 api.detective.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 api.detective.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
262
Service endpoints

Name
Asia ap- api.detective.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- api.detective.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- api.detective.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- api.detective.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- api.detective.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- api.detective.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- api.detective.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 api.detective.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- api.detective.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 api.detective.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- api.detective.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 api.detective.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- api.detective.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) api.detective-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- api.detective.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) api.detective-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
263
Service quotas
Service quotas
For more information, see Amazon Detective quotas.
Amazon DevOps Guru endpoints and quotas

Service endpoints
Name
US East us-east-2 devops-guru.us-east-2.amazonaws.com HTTPS

(Ohio)
devops-guru-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 devops-guru.us-east-1.amazonaws.com HTTPS

Virginia)
devops-guru-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 devops-guru.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 devops-guru.us-west-2.amazonaws.com HTTPS

(Oregon)
devops-guru-fips.us-west-2.amazonaws.com HTTPS
Asia ap- devops-guru.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- devops-guru.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- devops-guru.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- devops-guru.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- devops-guru.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- devops-guru.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Version 1.0
264
Service quotas

Name
Europe eu- devops-guru.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 devops-guru.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 devops-guru.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 devops-guru.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Resource Quota
Maximum number of Amazon Simple Notification 2

Service topics you can specify at once
Maximum number of AWS CloudFormation stacks 1000

you can specify
For more information, see Quotas in the Amazon DevOps Guru User Guide.
AWS Device Farm endpoints and quotas

Service endpoints

Name
US West us-west-2 devicefarm.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
265
Service quotas
Service quotas

Description
Concurrency for automation tests on Each supported Yes The maximum number of
metered devices Region: 5 concurrent metered devices
running automation tests.
Concurrency for remote access on metered Each supported Yes The maximum number of
devices Region: 2 concurrent metered devices
running remote access
sessions.
Remote access session length in minutes Each supported No The maximum length of a
Region: 150 remote access session per
device in minutes.
Test run timeout per device in minutes Each supported No The maximum length of
Region: 150 an automation test run per
device in minutes.
Uploaded file size Each supported No The maximum size of a file

Region: 4 Gigabytes to be uploaded.
AWS Direct Connect endpoints and quotas

Service endpoints

Name
US East us-east-2 directconnect.us-east-2.amazonaws.com HTTPS

(Ohio)
directconnect-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 directconnect.us-east-1.amazonaws.com HTTPS

Virginia)
directconnect-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 directconnect.us-west-1.amazonaws.com HTTPS

West (N.
California) directconnect-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 directconnect.us-west-2.amazonaws.com HTTPS

(Oregon)
directconnect-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
266
Service endpoints

Name
Africa af-south-1 directconnect.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 directconnect.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- directconnect.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- directconnect.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- directconnect.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- directconnect.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- directconnect.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 directconnect.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- directconnect.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 directconnect.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
267
Service quotas

Name
Middle me- directconnect.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- directconnect.me-central-1.amazonaws.com HTTPS

South sa-east-1 directconnect.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- directconnect.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) directconnect.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- directconnect.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) directconnect.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Active AWS Direct Connect dedicated Each supported No The maximum number of
connections per location Region: 10 active AWS Direct Connect
dedicated connections per
location.
Dedicated connections, or interconnects Each supported No The maximum number of

per link aggregation group (LAG) Region: 4 dedicated connections,
or interconnects per link
aggregation group (LAG).
Global maximum number of AWS Direct Each supported Yes The maximum number
Connect gateways Region: 200 of AWS Direct Connect
gateways per account.
Link aggregation groups (LAGs) per AWS Each supported No The maximum number of
Region Region: 10 link aggregation groups
(LAGs) per AWS Region.
Number of prefixes per AWS transit Each supported No The maximum number of
Gateway from AWS to on-premises on a Region: 20 prefixes per AWS transit
transit virtual interface Gateway from AWS to on-
premises on a transit virtual
interface.
Private or public virtual interfaces per AWS Each supported No The maximum number of
Direct Connect dedicated connection Region: 50 private, or public interfaces
per AWS Direct Connect
dedicated connection.
Version 1.0
268
AWS Directory Service

Description
Transit gateways per AWS Direct Connect Each supported No The maximum number of
gateway Region: 3 transit gateways per AWS
Direct Connect gateway.
Virtual interfaces per AWS Direct Connect Each supported Yes The maximum number of
gateway Region: 30 virtual interfaces per AWS
Direct Connect gateway.
Virtual private gateways per AWS Direct Each supported No The maximum number of
Connect gateway Region: 10 virtual private gateways
per AWS Direct Connect
gateway.
For more information, see AWS Direct Connect Quotas in the AWS Direct Connect User Guide.
AWS Directory Service endpoints and quotas

Service endpoints

Name
US East us-east-2 ds.us-east-2.amazonaws.com HTTPS

(Ohio)
ds-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ds.us-east-1.amazonaws.com HTTPS

Virginia)
ds-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 ds.us-west-1.amazonaws.com HTTPS

West (N.
California) ds-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ds.us-west-2.amazonaws.com HTTPS

(Oregon)
ds-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ds.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ds.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
269
Service endpoints

Name
Asia ap- ds.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ds.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ds.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ds.ca-central-1.amazonaws.com HTTPS

(Central) central-1
ds-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- ds.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ds.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- ds.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ds.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- ds.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
270
Service quotas

Name
South sa-east-1 ds.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ds.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ds-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- ds.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) ds-fips.us-gov-west-1.amazonaws.com HTTPS
For a list of supported endpoints by directory type, see Region availability for AWS Directory Service.
Service quotas

Description
AD Connector directories Each supported Yes The maximum number of

Region: 10 AD Connector directories
that you can create in the
current Region.
AWS Managed Microsoft AD directories Each supported Yes The maximum number of
Region: 20 AWS Managed Microsoft
AD directories that you can
create in the current region.
AWS Managed Microsoft AD domain Each supported Yes The maximum number of
controllers Region: 20 domain controllers that
you can add to your AWS
Managed Microsoft AD
directory.
AWS Managed Microsoft AD manual Each supported No The maximum number of

snapshots Region: 5 manual snapshots that
you can take for your AWS
Managed Microsoft AD
directory.
Simple AD directories Each supported Yes The maximum number

Region: 10 of Simple AD directories
current Region.
Simple AD manual snapshots Each supported No The maximum number of

Region: 5 manual snapshots that you
can take for your Simple AD
directory.
For more information, see the following:
Version 1.0
271
Amazon DocumentDB
• AD Connector quotas
• AWS Managed Microsoft AD quotas
• Simple AD quotas
Amazon DocumentDB endpoints and quotas

Service endpoints

Name
US East us-east-2 rds.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US West us-west-2 rds.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Asia ap- rds.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- rds.ap-northeast-2.amazonaws.com HTTP and

(Seoul)
Asia ap- rds.ap-southeast-1.amazonaws.com HTTP and

(Singapore)

(Sydney)

(Tokyo)
Canada ca- rds.ca-central-1.amazonaws.com HTTP and

Europe eu- rds.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 rds.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS
Version 1.0
272
Service quotas

Name

(London) HTTPS
Europe eu- rds.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
South sa-east-1 rds.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTP and

(US-West)
For information on finding and connecting to your cluster or instance endpoints, see Working with
Amazon DocumentDB Endpoints in the Amazon DocumentDB Developer Guide.
Service quotas
Description
Cluster parameter groups Each supported No The maximum number

groups
Clusters Each supported Yes The maximum number of

Region: 40 clusters allowed in this
Region

Instances Each supported Yes The maximum number of

Region
Manual cluster snapshots Each supported Yes The maximum number of

Region: 100 manual snapshots
Read replicas per cluster Each supported Yes The maximum number of
Region: 15 read replicas per cluster
Subnet groups Each supported Yes The maximum number of

Subnets per subnet group Each supported No The maximum number

group
Version 1.0
273
DynamoDB

Description

resource
VPC security groups per instance Each supported No The maximum number
Amazon VPC
For more information, see Amazon DocumentDB Service Quotas in the Amazon DocumentDB Developer
Guide.
Amazon DynamoDB endpoints and quotas

For more information about this topic specific to DynamoDB, see Quotas in Amazon DynamoDB.
Service endpoints
DynamoDB

Name
US East us-east-2 dynamodb.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
dynamodb-fips.us-east-2.amazonaws.com
HTTPS
US East (N. us-east-1 dynamodb.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
dynamodb-fips.us-east-1.amazonaws.com
HTTPS
US us-west-1 dynamodb.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) dynamodb-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 dynamodb.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
dynamodb-fips.us-west-2.amazonaws.com
HTTPS
Africa af-south-1 dynamodb.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Version 1.0
274
Service endpoints

Name
Asia ap-east-1 dynamodb.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- dynamodb.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- dynamodb.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- dynamodb.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- dynamodb.ca-central-1.amazonaws.com HTTP and

dynamodb-fips.ca-central-1.amazonaws.com
HTTPS
Europe eu- dynamodb.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 dynamodb.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- dynamodb.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 dynamodb.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Version 1.0
275
Service endpoints

Name
Middle me- dynamodb.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- dynamodb.me-central-1.amazonaws.com HTTP and

South sa-east-1 dynamodb.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- dynamodb.us-gov-east-1.amazonaws.com HTTP and

(US-East) dynamodb.us-gov-east-1.amazonaws.com
HTTPS
AWS us-gov- dynamodb.us-gov-west-1.amazonaws.com HTTP and

(US-West) dynamodb.us-gov-west-1.amazonaws.com
HTTPS
DynamoDB Accelerator (DAX)

Name
US East us-east-2 dax.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 dax.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 dax.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 dax.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Asia ap- dax.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- dax.ap-southeast-1.amazonaws.com HTTP and

(Singapore)
Asia ap- dax.ap-southeast-2.amazonaws.com HTTP and

(Sydney)
Version 1.0
276
Service endpoints

Name
Asia ap- dax.ap-northeast-1.amazonaws.com HTTP and

(Tokyo)
Europe eu- dax.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 dax.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS

(Paris) HTTPS
South sa-east-1 dax.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
Amazon DynamoDB Streams

Name
US East us-east-2 streams.dynamodb.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 streams.dynamodb.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 streams.dynamodb.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 streams.dynamodb.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 streams.dynamodb.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 streams.dynamodb.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- streams.dynamodb.ap- HTTP and

(Jakarta)
Version 1.0
277
Service endpoints

Name
Asia ap- streams.dynamodb.ap-south-1.amazonaws.com HTTP and

(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- streams.dynamodb.ca-central-1.amazonaws.com HTTP and

Europe eu- streams.dynamodb.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 streams.dynamodb.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- streams.dynamodb.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 streams.dynamodb.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- streams.dynamodb.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- streams.dynamodb.me-central-1.amazonaws.com HTTP and

South sa-east-1 streams.dynamodb.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
Version 1.0
278
Service quotas

Name
AWS us-gov- streams.dynamodb.us-gov- HTTP and

GovCloud east-1 east-1.amazonaws.com HTTPS
(US-East)
streams.dynamodb.us-gov- HTTPS
AWS us-gov- streams.dynamodb.us-gov- HTTP and

GovCloud west-1 west-1.amazonaws.com HTTPS
(US-West)
streams.dynamodb.us-gov- HTTPS
Service quotas
Description
Account-level read throughput limit Each supported Yes The maximum number
(Provisioned mode) Region: 80,000 of read capacity units
allocated for the account;
applicable only for tables
(including all associated
global secondary indexes)
in provisioned read/write
capacity mode. For more
information, see https://
amazondynamodb/
latest/developerguide/
Limits.html#default-limits-
throughput-capacity-
modes
Account-level write throughput limit Each supported Yes The maximum number
(Provisioned mode) Region: 80,000 of write capacity units
allocated for the account;
(including all associated
global secondary indexes)
amazondynamodb/
modes
Concurrent control plane operations Each supported Yes The maximum number of
Region: 500 allowed concurrent control
plane operations. For more
Version 1.0
279
Service quotas

Description
amazondynamodb/
Limits.html#limits-api
Global Secondary Indexes per table Each supported Yes The maximum number
Region: 20 of global secondary
indexes that can be created
for a table. For more
information, see, https://
amazondynamodb/
ServiceQuotas.html#limits-
secondary-indexes
Maximum number of tables Each supported Yes The maximum number of

Region: 2,500 tables that can be created
per region. For more
amazondynamodb/
ServiceQuotas.html#limits-
tables
Provisioned capacity decreases per day Each supported Yes A decrease is allowed up
Region: 27 to four times any time
per day (GMT time zone).
Also, if there was no
decrease in the past hour,
an additional decrease
is allowed, effectively
bringing the maximum
number of decreases in a
day to 27 times. For more
amazondynamodb/
ServiceQuotas.html
Table-level read throughput limit Each supported Yes The maximum number of
Region: 40,000 read throughput allocated
for a table or global
secondary index. For more
amazondynamodb/
modes
Version 1.0
280
Service quotas

Description
Table-level write throughput limit Each supported Yes The maximum number of
Region: 40,000 write throughput allocated
for a table or global
secondary index. For more
amazondynamodb/
modes
Write throughput limit for DynamoDB af-south-1: 10,000 Yes The maximum number of
Streams (Provisioned mode) write capacity units allowed
ap-east-1: 10,000 for a table with streams
enabled; applicable only
ap-northeast-3: for tables in provisioned
10,000 read/write capacity mode.
Other quotas might
ap-south-1: 10,000
also apply. For more
ca-central-1: 10,000 information, see https://
eu-north-1: 10,000 amazondynamodb/
eu-south-1: 10,000 ServiceQuotas.html#limits-
dynamodb-streams
eu-west-2: 10,000
eu-west-3: 10,000
me-south-1: 10,000
Each of the other

supported Regions:
40,000
DAX has the following quotas.

Description
Nodes per cluster Each supported No The maximum number of

Region: 11 nodes per cluster, including
the primary node as well as
any read replica nodes.
Parameter groups Each supported No The maximum number

Region: 20 of parameter groups in a
single AWS region.
Subnet groups Each supported No The maximum number of

Region: 50 subnet groups in a single
AWS region.
Version 1.0
281
Elastic Beanstalk

Description
Subnets per subnet group Each supported No The maximum number of

Region: 20 subnets per subnet group
in a single AWS region.
Total number of nodes Each supported Yes The maximum total

Region: 50 number of nodes per AWS
account in a single AWS
region.
AWS Elastic Beanstalk endpoints and quotas

Service endpoints
Elastic Beanstalk

Name Hosted
Zone ID
US East us-east-2 elasticbeanstalk.us-east-2.amazonaws.com HTTPS Z14LCN19Q5QHIC

(Ohio)
elasticbeanstalk-fips.us- HTTPS
US us-east-1 elasticbeanstalk.us-east-1.amazonaws.com HTTPS Z117KPS5GTRQ2G

East (N.
Virginia) elasticbeanstalk-fips.us- HTTPS
US us- elasticbeanstalk.us-west-1.amazonaws.com HTTPS Z1LQECGX5PH1X

West (N. west-1
California) elasticbeanstalk-fips.us- HTTPS
US West us- elasticbeanstalk.us-west-2.amazonaws.com HTTPS Z38NKT9BP95V3O

(Oregon) west-2
elasticbeanstalk-fips.us- HTTPS
Africa af- elasticbeanstalk.af-south-1.amazonaws.com HTTPS Z1EI3BVKMKK4AM

(Cape south-1
Town)
Asia ap-east-1 elasticbeanstalk.ap-east-1.amazonaws.com HTTPS ZPWYUBWRU171A

Pacific
(Hong
Kong)
Version 1.0
282
Service endpoints

Name Hosted
Zone ID
Asia ap- elasticbeanstalk.ap- HTTPS

Pacific southeast-3southeast-3.amazonaws.com
(Jakarta)
Asia ap- elasticbeanstalk.ap- HTTPS Z18NTBI3Y7N9TZ

(Mumbai)
Asia ap- elasticbeanstalk.ap- HTTPS ZNE5GEY1TIAGY

Pacific northeast-3northeast-3.amazonaws.com
(Osaka)
Asia ap- elasticbeanstalk.ap- HTTPS Z3JE5OI70TWKCP

(Seoul)
Asia ap- elasticbeanstalk.ap- HTTPS Z16FZ9L249IFLT

(Singapore)
Asia ap- elasticbeanstalk.ap- HTTPS Z2PCDNR3VC2G1N

(Sydney)
Asia ap- elasticbeanstalk.ap- HTTPS Z1R25G3KIG2GBW

(Tokyo)
Canada ca- elasticbeanstalk.ca- HTTPS ZJFCZL7SSZB5I

Europe eu- elasticbeanstalk.eu- HTTPS Z1FRNW7UH4DEZJ

Europe eu- elasticbeanstalk.eu-west-1.amazonaws.com HTTPS Z2NYPWQ7DFZAZH

(Ireland) west-1
Europe eu- elasticbeanstalk.eu-west-2.amazonaws.com HTTPS Z1GKAAAUGATPF1

(London) west-2
Europe eu- elasticbeanstalk.eu- HTTPS Z10VDYYOA2JFKM

(Milan) south-1 south-1.amazonaws.com
Europe eu- elasticbeanstalk.eu-west-3.amazonaws.com HTTPS Z5WN6GAYWG5OB

(Paris) west-3
Europe eu- elasticbeanstalk.eu-north-1.amazonaws.com HTTPS Z23GO28BZ5AETM

(Stockholm)north-1
Middle me- elasticbeanstalk.me- HTTPS Z2BBTEKR2I36N2

(Bahrain)
Version 1.0
283
Service endpoints

Name Hosted
Zone ID
South sa-east-1 elasticbeanstalk.sa-east-1.amazonaws.com HTTPS Z10X7K2B4QSOFV

America
(São
Paulo)
AWS us-gov- elasticbeanstalk.us-gov- HTTPS Z35TSARG0EJ4VU

GovCloud east-1 east-1.amazonaws.com
(US-East) HTTPS
elasticbeanstalk.us-gov-
AWS us-gov- elasticbeanstalk.us-gov- HTTPS Z4KAURWC4UUUG

(US- HTTPS
West) elasticbeanstalk.us-gov-
Elastic Beanstalk Health Service

Name
US East us-east-2 elasticbeanstalk-health.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 elasticbeanstalk-health.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 elasticbeanstalk-health.us- HTTPS

West (N. west-1.amazonaws.com
California)
US West us-west-2 elasticbeanstalk-health.us- HTTPS

(Oregon) west-2.amazonaws.com
Asia ap-east-1 elasticbeanstalk-health.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- elasticbeanstalk-health.ap- HTTPS

(Mumbai)

(Osaka)

(Seoul)
Version 1.0
284
Service quotas

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- elasticbeanstalk-health.ca- HTTPS

Europe eu- elasticbeanstalk-health.eu- HTTPS

Europe eu-west-1 elasticbeanstalk-health.eu- HTTPS

(Ireland) west-1.amazonaws.com

(London) west-2.amazonaws.com

(Paris) west-3.amazonaws.com
Europe eu-north-1 elasticbeanstalk-health.eu- HTTPS

(Stockholm) north-1.amazonaws.com
Middle me- elasticbeanstalk-health.me- HTTPS

(Bahrain)
South sa-east-1 elasticbeanstalk-health.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- elasticbeanstalk-health.us-gov- HTTPS

(US-East)
AWS us-gov- elasticbeanstalk-health.us-gov- HTTPS

(US-West)
Service quotas

Description
Application versions Each supported Yes The maximum number

Region: 1,000 of application versions
Version 1.0
285
Amazon EBS

Description
Region. The limit applies
across applications, not per
application.
Applications Each supported Yes The maximum number of

Region: 75 applications that you can
current Region.
Configuration templates Each supported Yes The maximum number of

Region: 2,000 configuration templates
Region.
Custom platform versions Each supported Yes The maximum number of

Region: 50 custom platform versions
Region. The limit applies
across custom platforms,
not per custom platform.
Environments Each supported Yes The maximum number of

Region: 200 environments that you can
current Region. The limit
applies across applications,
not per application.
Amazon Elastic Block Store endpoints and quotas

Service endpoints
Topics
• Endpoints for Amazon EBS in Amazon EC2 (p. 286)
• Endpoints for the EBS direct APIs (p. 289)
Endpoints for Amazon EBS in Amazon EC2

Use the Amazon EBS endpoints in Amazon Elastic Compute Cloud (Amazon EC2) to manage EBS
volumes, snapshots, and encryption. For more information, see Amazon EBS actions in the Amazon EC2
API Reference.
Version 1.0
286
Service endpoints

Name
US East us-east-2 ec2.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
ec2-fips.us-east-2.amazonaws.com
HTTPS
ec2.us-east-2.api.aws
HTTPS
US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
HTTPS
HTTPS
US us-west-1 ec2.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) ec2-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 ec2.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
ec2-fips.us-west-2.amazonaws.com
HTTPS
ec2.us-west-2.api.aws
HTTPS
Africa af-south-1 ec2.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- ec2.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- ec2.ap-south-1.amazonaws.com HTTP and

(Mumbai) ec2.ap-south-1.api.aws
HTTPS
Asia ap- ec2.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)
Version 1.0
287
Service endpoints

Name

(Sydney)

(Tokyo)
Canada ca- ec2.ca-central-1.amazonaws.com HTTP and

ec2-fips.ca-central-1.amazonaws.com
HTTPS
Europe eu- ec2.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 ec2.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS
ec2.eu-west-1.api.aws
HTTPS

(London) HTTPS
Europe eu- ec2.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- ec2.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- ec2.me-central-1.amazonaws.com HTTP and

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São ec2.sa-east-1.api.aws
Paulo) HTTPS
AWS us-gov- ec2.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ec2.us-gov-east-1.api.aws HTTPS
AWS us-gov- ec2.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) ec2.us-gov-west-1.api.aws HTTPS
Version 1.0
288
Service endpoints
Endpoints for the EBS direct APIs

Use the EBS direct APIs endpoints to directly read the data on your Amazon EBS snapshots, and identify
the difference between two snapshots. For more information, see Use EBS direct APIs to access the
contents of an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

Name
US East us-east-2 ebs.us-east-2.amazonaws.com HTTPS

(Ohio)
ebs-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ebs.us-east-1.amazonaws.com HTTPS

Virginia)
ebs-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 ebs.us-west-1.amazonaws.com HTTPS

West (N.
California) ebs-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ebs.us-west-2.amazonaws.com HTTPS

(Oregon)
ebs-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ebs.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ebs.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ebs.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ebs.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ebs.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
289
Service quotas

Name

(Tokyo)
Canada ca- ebs.ca-central-1.amazonaws.com HTTPS

(Central) central-1
ebs-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- ebs.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ebs.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- ebs.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ebs.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- ebs.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 ebs.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ebs.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- ebs.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas

Description
Archived snapshots per volume Each supported Yes The maximum number of
Region: 25 archived snapshots per
volume.
CompleteSnapshot requests per account Each supported No The maximum number

Region: 10 per of CompleteSnapshot
second
Version 1.0
290
Service quotas

Description
account.
Concurrent snapshot copies per Each supported No The maximum number of

destination Region Region: 20 concurrent snapshot copies
to a single destination
Region.
Concurrent snapshots per Cold HDD (sc1) Each supported No The maximum number of
volume Region: 1 concurrent snapshots per
Cold HDD (sc1) volume in
this Region.
Concurrent snapshots per General Purpose Each supported No The maximum number of
SSD (gp2) volume Region: 5 concurrent snapshots per
General Purpose SSD (gp2)
volume in this Region.
Concurrent snapshots per General Purpose Each supported No The maximum number of
SSD (gp3) volume Region: 5 concurrent snapshots per
General Purpose SSD (gp3)
Concurrent snapshots per Magnetic Each supported No The maximum number of

(standard) volume Region: 5 concurrent snapshots per
Magnetic (standard) volume
in this Region.
Concurrent snapshots per Provisioned Each supported No The maximum number of

IOPS SSD (io1) volume Region: 5 concurrent snapshots per
Provisioned IOPS SSD (io1)
Concurrent snapshots per Provisioned Each supported No The maximum number of

IOPS SSD (io2) volume Region: 5 concurrent snapshots per
Concurrent snapshots per Throughput Each supported No The maximum number of

Optimized HDD (st1) volume Region: 1 concurrent snapshots per
Throughput Optimized
HDD (st1) volume in this
Region.
Fast snapshot restore Each supported Yes The maximum number

Region: 5 of snapshots that can be
enabled for fast snapshot
restore in this Region.
GetSnapshotBlock requests per account Each supported Yes The maximum number of
Region: 1,000 per GetSnapshotBlock requests
second allowed per account.
GetSnapshotBlock requests per snapshot Each supported No The maximum number of

Region: 1,000 per GetSnapshotBlock requests
second allowed per snapshot.
Version 1.0
291
Service quotas

Description
IOPS for Provisioned IOPS SSD (io1) Each supported Yes The maximum aggregated
volumes Region: 300,000 number of IOPS that can
be provisioned across
Provisioned IOPS SDD (io1)
volumes in this Region.
IOPS for Provisioned IOPS SSD (io2) Each supported Yes The maximum aggregated
volumes Region: 100,000 number of IOPS that can
be provisioned across
Provisioned IOPS SDD (io2)
IOPS modifications for Provisioned IOPS Each supported Yes The maximum aggregated
SSD (io1) volumes Region: 500,000 number of IOPS that can
be requested in volume
modifications across
IOPS modifications for Provisioned IOPS Each supported Yes The maximum aggregated
SSD (io2) volumes Region: 100,000 number of IOPS that can
be requested in volume
modifications across
In-progress snapshot archives per account Each supported Yes The maximum number
Region: 25 of in-progress snapshot
archives per account.
In-progress snapshot restores from archive Each supported Yes The maximum number
per account Region: 5 of in-progress snapshot
restores from archive per
account.
ListChangedBlocks requests per account Each supported No The maximum number of

Region: 50 per ListChangedBlocks requests
ListSnapshotBlocks requests per account Each supported No The maximum number

Region: 50 per of ListSnapshotBlocks
account.
Pending snapshots per account Each supported No The maximum number of

Region: 100 snapshots in a pending
state per account.
PutSnapshotBlock requests per account Each supported Yes The maximum number of
Region: 1,000 per PutSnapshotBlock requests
PutSnapshotBlock requests per snapshot Each supported No The maximum number of

Region: 1,000 per PutSnapshotBlock requests
second allowed per snapshot.
Version 1.0
292
Service quotas

Description
Snapshots per Region Each supported Yes The maximum number of

Region: 100,000 snapshots per Region
StartSnapshot requests per account Each supported No The maximum number of

Region: 10 per StartSnapshot requests
Storage for Cold HDD (sc1) volumes, in TiB af-south-1: 300 Yes The maximum aggregated
amount of storage, in TiB,
ap-east-1: 300 that can be provisioned
across Cold HDD (sc1)
eu-south-1: 300 volumes in this Region.
me-south-1: 300
Each of the other

supported Regions:
50
Storage for General Purpose SSD (gp2) af-south-1: 300 Yes The maximum aggregated
volumes, in TiB amount of storage, in TiB,
across General Purpose
eu-south-1: 300 SSD (gp2) volumes in this
Region.
me-south-1: 300
Each of the other

supported Regions:
50
Storage for General Purpose SSD (gp3) af-south-1: 300 Yes The maximum aggregated
eu-south-1: 300 SSD (gp3) volumes in this
Region.
me-south-1: 300
Each of the other

supported Regions:
50
Storage for Magnetic (standard) volumes, af-south-1: 300 Yes The maximum aggregated
in TiB amount of storage, in TiB,
across Magnetic (standard)
eu-south-1: 300 volumes in this Region.
me-south-1: 300
Each of the other

supported Regions:
50
Version 1.0
293
Service quotas

Description
Storage for Provisioned IOPS SSD (io1) af-south-1: 300 Yes The maximum aggregated
across Provisioned IOPS
eu-south-1: 300 SSD (io1) volumes in this
Region.
me-south-1: 300
Each of the other

supported Regions:
50
Storage for Provisioned IOPS SSD (io2) Each supported Yes The maximum aggregated
volumes, in TiB Region: 20 amount of storage, in TiB,
that can be provisioned
SSD (io2) volumes in this
Region.
Storage for Throughput Optimized HDD af-south-1: 300 Yes The maximum aggregated
(st1) volumes, in TiB amount of storage, in TiB,
across Throughput
eu-south-1: 300 Optimized HDD (st1)
me-south-1: 300
Each of the other

supported Regions:
50
Storage modifications for Cold HDD (sc1) Each supported Yes The maximum aggregated
volumes, in TiB Region: 500 amount of storage, in TiB,
that can be requested
in volume modifications
across Cold HDD (sc1)
Storage modifications for General Purpose Each supported Yes The maximum aggregated
SSD (gp2) volumes, in TiB Region: 500 amount of storage, in TiB,
SSD (gp2) volumes in this
Region.
Storage modifications for General Purpose Each supported Yes The maximum aggregated
SSD (gp3) volumes, in TiB Region: 500 amount of storage, in TiB,
SSD (gp3) volumes in this
Region.
Version 1.0
294
Recycle Bin

Description
Storage modifications for Magnetic Each supported Yes The maximum aggregated
(standard) volumes, in TiB Region: 500 amount of storage, in TiB,
across Magnetic (standard)
Storage modifications for Provisioned Each supported Yes The maximum aggregated
IOPS SSD (io1) volumes, in TiB Region: 500 amount of storage, in TiB,
Region.
Storage modifications for Provisioned Each supported Yes The maximum aggregated
IOPS SSD (io2) volumes, in TiB Region: 20 amount of storage, in TiB,
Region.
Storage modifications for Throughput Each supported Yes The maximum aggregated
Optimized HDD (st1) volumes, in TiB Region: 500 amount of storage, in TiB,
across Throughput
Optimized HDD (st1)
The quota for Concurrent snapshot copies per destination Region is not adjustable using Service
Quotas. However, you can request an increase for this quota by contacting AWS Support.
The following considerations apply to both IOPS modifications for Provisioned IOPS SSD volumes
quotas:
• The quotas apply to both the current (from) IOPS value and the requested (to) IOPS value in the
request. This means that you can modify volume IOPS either up to, or from this quota. For example, if
your quota is 200,000 IOPS, you can request IOPS increases up to 200,000 IOPS. Or you can request
IOPS decreases from 200,000 IOPS.
• The quotas should not be greater than the respective maximum quotas. For example, the IOPS
modifications for Provisioned IOPS SSD (io1) volumes quota should not be greater than the IOPS for
Provisioned IOPS SSD (io1) volumes quota.
Recycle Bin endpoints and quotas

Version 1.0
295
Service endpoints
Topics
• Service endpoints (p. 296)
• Service quotas (p. 297)
Service endpoints

Name
US East us-east-2 rbin.us-east-2.amazonaws.com HTTPS

(Ohio)
rbin-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 rbin.us-east-1.amazonaws.com HTTPS

Virginia)
rbin-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 rbin.us-west-1.amazonaws.com HTTPS

West (N.
California) rbin-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 rbin.us-west-2.amazonaws.com HTTPS

(Oregon)
rbin-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 rbin.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 rbin.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- rbin.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- rbin.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- rbin.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
296
Service quotas

Name

(Tokyo)
Canada ca- rbin.ca-central-1.amazonaws.com HTTPS

(Central) central-1
rbin-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- rbin.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 rbin.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- rbin.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 rbin.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- rbin.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- rbin.me-central-1.amazonaws.com HTTPS

South sa-east-1 rbin.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- rbin.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) rbin-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- rbin.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) rbin-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Quota Default quota Adjustable
Retention rules per 250 No

Region
Version 1.0
297
Amazon EC2
Quota Default quota Adjustable
Tag key and value pairs 50 No

per retention rule
Amazon EC2 endpoints and quotas

Important
AWS Regions launched after October 30, 2021 will no longer support Amazon EC2 API requests
over connections that are established using TLSv1, TLSv1.1, or unencrypted HTTP.
Service endpoints
Name
US East us-east-2 ec2.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
HTTPS
HTTPS
US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
HTTPS
HTTPS
US us-west-1 ec2.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) ec2-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 ec2.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
ec2-fips.us-west-2.amazonaws.com
HTTPS
ec2.us-west-2.api.aws
HTTPS
Africa af-south-1 ec2.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Version 1.0
298
Service endpoints

Name

(Jakarta)
Asia ap- ec2.ap-south-1.amazonaws.com HTTP and

(Mumbai) ec2.ap-south-1.api.aws
HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ec2.ca-central-1.amazonaws.com HTTP and

ec2-fips.ca-central-1.amazonaws.com
HTTPS
Europe eu- ec2.eu-central-1.amazonaws.com HTTP and


(Ireland) HTTPS
ec2.eu-west-1.api.aws
HTTPS

(London) HTTPS
Europe eu- ec2.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- ec2.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Version 1.0
299
Service quotas

Name
Middle me- ec2.me-central-1.amazonaws.com HTTP and

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São ec2.sa-east-1.api.aws
Paulo) HTTPS

GovCloud east-1
(US-East) ec2.us-gov-east-1.api.aws HTTPS

GovCloud west-1
(US-West) ec2.us-gov-west-1.api.aws HTTPS
Service quotas
Description
AMI sharing Each supported Yes The maximum number of

Region: 1,000 entities (organizations,
organizational units, and
accounts) that an AMI
can be shared with in
this Region. Note that if
you share an AMI with
an organization, the
number of accounts in
the organization does not
count towards the quota.
AMIs Each supported Yes The maximum number of

Region: 50,000 public and private AMIs
allowed in this Region.
These include available and
pending AMIs, and AMIs in
the Recycle Bin.
All DL Spot Instance Requests Each supported Yes The maximum number
Region: 0 of vCPUs for all running
or requested DL Spot
Instances per Region
All F Spot Instance Requests Each supported Yes The maximum number of
Region: 0 vCPUs for all running or
requested F Spot Instances
per Region
All G and VT Spot Instance Requests Each supported Yes The maximum number of
requested G and VT Spot
Version 1.0
300
Service quotas

Description
All Inf Spot Instance Requests Each supported Yes The maximum number
or requested Inf Spot
All P Spot Instance Requests Each supported Yes The maximum number of
requested P Spot Instances
per Region
All Standard (A, C, D, H, I, M, R, T, Z) Spot Each supported Yes The maximum number of
Instance Requests Region: 5 vCPUs for all running or
requested Standard (A,
C, D, H, I, M, R, T, Z) Spot
All Trn Spot Instance Requests Each supported Yes The maximum number
or requested Trn Spot
All X Spot Instance Requests Each supported Yes The maximum number of
requested X Spot Instances
per Region
Amazon FPGA images (AFIs) Each supported Yes The maximum number of
Region: 100 available Amazon FPGA
images (AFIs) that you can
own in this Region.
Attachments per VPC Each supported No Number of transit gateway

Region: 5 attachments per VPC.
Attachments per transit gateway Each supported Yes Total number of transit
Region: 5,000 gateway attachments per
transit gateway.
Authorization rules per Client VPN Each supported Yes The maximum number of
endpoint Region: 50 authorization rules per
Client VPN endpoint.
Client VPN endpoints per Region Each supported Yes The maximum number of
Region: 5 Client VPN endpoints per
Region.
Concurrent client connections per Client Each supported Yes The maximum number
VPN endpoint Region: 20,000 of concurrent client
connections per Client VPN
endpoint.
Concurrent operations per Client VPN Each supported No The maximum number of
endpoint Region: 10 concurrent operations per
Client VPN endpoint.
Version 1.0
301
Service quotas

Description
Customer gateways per region Each supported Yes The maximum number of
Region: 50 customer gateways that
you can create per region.
Direct Connect gateways per transit Each supported No Number of AWS Direct
gateway Region: 20 Connect gateways per
transit gateway.
Dynamic routes advertised from CGW to Each supported No The maximum number of
VPN connection Region: 100 dynamic routes advertised
from a customer gateway
device to a Site-to-Site VPN
connection.
EC2-Classic Elastic IPs Each supported Yes The maximum number of

Region: 5 Elastic IP addresses that
you can allocate for EC2-
Classic in this Region.
EC2-VPC Elastic IPs Each supported Yes The maximum number of

Region: 5 Elastic IP addresses that
you can allocate for EC2-
VPC in this Region.
Entries in a client certificate revocation list Each supported No The maximum number of
for Client VPN endpoints Region: 20,000 entries in a client certificate
revocation list for Client
VPN endpoints.
Members per transit gateway multicast Each supported Yes Number of members per
group Region: 100 transit gateway multicast
group.
Multicast Network Interfaces per transit Each supported Yes Number of multicast group
gateway Region: 1,000 members and sources per
transit gateway.
Multicast domain associations per VPC Each supported Yes Number of multicast
Region: 20 domain associations per
VPC.
Multicast domains per transit gateway Each supported Yes Number of multicast
Region: 20 domains per transit
gateway.
Version 1.0
302
Service quotas

Description
New Reserved Instances per month Each supported Yes The maximum number of
Region: 20 Reserved Instances (RIs)
that you can purchase
per month in the current
account. For regional
RIs, this is the maximum
number of RIs that you can
purchase for the current
Region. For zonal RIs, this
is the maximum number of
RIs that you can purchase
for each Availability Zone in
the current Region.
Number of Elastic Graphics accelerators Each supported Yes The maximum number
Region: 20 of Elastic Graphics
accelerators that you can
request in this Region.
Peering attachments per transit gateway Each supported Yes Number of transit gateway
Region: 50 peering attachments per
transit gateway.
Pending peering attachments per transit Each supported Yes Number of pending
gateway Region: 10 transit gateway peering
attachments per transit
gateway.
Public AMIs Each supported Yes The maximum number

Region: 5 of public AMIs, including
public AMIs in the Recycle
Bin, allowed in this Region.
Route Tables per transit gateway Each supported Yes Number of transit gateway
Region: 20 route tables per transit
gateway.
Routes advertised from VPN connection to Each supported No The maximum number
CGW Region: 1,000 of routes advertised
from a Site-to-Site VPN
connection to a customer
gateway device.
Routes per Client VPN endpoint Each supported Yes The maximum number
Region: 10 of routes per Client VPN
endpoint.
Routes per transit gateway Each supported Yes Number of static routes per
Region: 10,000 transit gateway.
Running Dedicated a1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated a1 hosts.
Running Dedicated c3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c3 hosts.
Version 1.0
303
Service quotas

Description


Running Dedicated c5a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c5a
hosts.
Running Dedicated c5d Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c5d
hosts.
Running Dedicated c5n Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c5n
hosts.
Running Dedicated c6a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6a
hosts.
Running Dedicated c6g Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6g
hosts.
Running Dedicated c6gd Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6gd
hosts.
Running Dedicated c6gn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6gn
hosts.
Running Dedicated c6i Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6i
hosts.
Running Dedicated c6id Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c6id
hosts.
Running Dedicated c7g Hosts Each supported Yes Maximum number of

Region: 0 running dedicated c7g
hosts.
Running Dedicated d2 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated d2 hosts.
Running Dedicated dl1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated dl1
hosts.
Running Dedicated f1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated f1 hosts.
Running Dedicated g2 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated g2 hosts.
Version 1.0
304
Service quotas

Description

Running Dedicated g3s Hosts Each supported Yes Maximum number of

Region: 0 running dedicated g3s
hosts.
Running Dedicated g4ad Hosts Each supported Yes Maximum number of

Region: 0 running dedicated g4ad
hosts.
Running Dedicated g4dn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated g4dn
hosts.

Running Dedicated g5g Hosts Each supported Yes Maximum number of

Region: 0 running dedicated g5g
hosts.
Running Dedicated h1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated h1 hosts.
Running Dedicated i2 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated i2 hosts.
Running Dedicated i3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated i3 hosts.
Running Dedicated i3en Hosts Each supported Yes Maximum number of

Region: 0 running dedicated i3en
hosts.
Running Dedicated i4i Hosts Each supported Yes Maximum number of

Region: 0 running dedicated i4i hosts.
Running Dedicated im4gn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated im4gn
hosts.
Running Dedicated inf Hosts Each supported Yes Maximum number of

Region: 0 running dedicated inf hosts.
Running Dedicated is4gen Hosts Each supported Yes Maximum number of

Region: 0 running dedicated is4gen
hosts.
Running Dedicated m3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m3
hosts.

hosts.
Version 1.0
305
Service quotas

Description

hosts.
Running Dedicated m5a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5a
hosts.
Running Dedicated m5ad Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5ad
hosts.
Running Dedicated m5d Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5d
hosts.
Running Dedicated m5dn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5dn
hosts.
Running Dedicated m5n Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5n
hosts.
Running Dedicated m5zn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m5zn
hosts.
Running Dedicated m6a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m6a
hosts.
Running Dedicated m6g Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m6g
hosts.
Running Dedicated m6gd Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m6gd
hosts.
Running Dedicated m6i Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m6i
hosts.
Running Dedicated m6id Hosts Each supported Yes Maximum number of

Region: 0 running dedicated m6id
hosts.
Running Dedicated mac1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated mac1
hosts.
Running Dedicated mac2 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated mac2
hosts.
Running Dedicated p2 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated p2 hosts.
Version 1.0
306
Service quotas

Description
Running Dedicated p3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated p3 hosts.
Running Dedicated p3dn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated p3dn
hosts.
Running Dedicated p4d Hosts Each supported Yes Maximum number of

Region: 0 running dedicated p4d
hosts.
Running Dedicated r3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r3 hosts.


Running Dedicated r5a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5a
hosts.
Running Dedicated r5ad Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5ad
hosts.
Running Dedicated r5b Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5b
hosts.
Running Dedicated r5d Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5d
hosts.
Running Dedicated r5dn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5dn
hosts.
Running Dedicated r5n Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r5n
hosts.
Running Dedicated r6a Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r6a
hosts.
Running Dedicated r6g Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r6g
hosts.
Running Dedicated r6gd Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r6gd
hosts.
Running Dedicated r6i Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r6i hosts.
Version 1.0
307
Service quotas

Description
Running Dedicated r6id Hosts Each supported Yes Maximum number of

Region: 0 running dedicated r6id
hosts.
Running Dedicated t3 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated t3 hosts.
Running Dedicated u-12tb1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated u-12tb1
hosts.

hosts.

hosts.

hosts.
Running Dedicated vt1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated vt1
hosts.
Running Dedicated x1 Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x1 hosts.
Running Dedicated x1e Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x1e
hosts.
Running Dedicated x2gd Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x2gd
hosts.
Running Dedicated x2idn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x2idn
hosts.
Running Dedicated x2iedn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x2iedn
hosts.
Running Dedicated x2iezn Hosts Each supported Yes Maximum number of

Region: 0 running dedicated x2iezn
hosts.
Running Dedicated z1d Hosts Each supported Yes Maximum number of

Region: 0 running dedicated z1d
hosts.
Running On-Demand DL instances Each supported Yes Maximum number of vCPUs

Region: 0 assigned to the Running
On-Demand DL instances.
Version 1.0
308
Service quotas

Description
Running On-Demand F instances Each supported Yes Maximum number of vCPUs

On-Demand F instances.
Running On-Demand G and VT instances Each supported Yes Maximum number of vCPUs
On-Demand G and VT
instances.
Running On-Demand HPC instances Each supported Yes Maximum number of vCPUs
On-Demand HPC instances.
Running On-Demand High Memory Each supported Yes Maximum number of vCPUs
instances Region: 0 assigned to the Running
On-Demand High Memory
instances.
Running On-Demand Inf instances Each supported Yes Maximum number of vCPUs
On-Demand Inf instances.
Running On-Demand P instances Each supported Yes Maximum number of vCPUs

On-Demand P instances.
Running On-Demand Standard (A, C, D, H, Each supported Yes Maximum number of vCPUs
I, M, R, T, Z) instances Region: 5 assigned to the Running
On-Demand Standard (A, C,
D, H, I, M, R, T, Z) instances.
Running On-Demand Trn instances Each supported Yes Maximum number of vCPUs
On-Demand Trn instances.
Running On-Demand X instances Each supported Yes Maximum number of vCPUs

On-Demand X instances.
Sources per transit gateway multicast Each supported Yes Number of sources per
group Region: 1 transit gateway multicast
group.
Transit gateways per Direct Connect Each supported No Transit gateways per AWS
Gateway Region: 3 Direct Connect gateway.
Transit gateways per account Each supported Yes Number of transit gateways
Region: 5 per Region per account.
VPC Attachment Bandwidth Each supported No Maximum bandwidth

Region: 50 Gigabits (burst) per VPC connection.
per second
VPN connections per VGW Each supported Yes The maximum number
Region: 10 of Site-to-Site VPN
connections you can create
per virtual private gateway.
Version 1.0
309
Amazon EC2 Auto Scaling

Description
VPN connections per region Each supported Yes The maximum number
Region: 50 of Site-to-Site VPN
connections that you can
create per region.
Virtual private gateways per region Each supported Yes The maximum number of
Region: 5 virtual private gateways
that you can create per
region.
The following quotas are for VM Import/Export.

Description
Concurrent task limit for ImportImage, Each supported Yes The maximum number
ImportSnapshot, and ExportImage Region: 20 of concurrent tasks for a
given account initiated by
the following VM Import/
Export APIs: ImportImage,
ImportSnapshot, and
ExportImage.
Concurrent task limit for Each supported Yes The maximum number
ImportInstance, ImportVolume, and Region: 5 of concurrent tasks
CreateInstanceExportTask for a given account
initiated by the following
VM Import/Export
APIs: ImportInstance,
ImportVolume, and
CreateInstanceExportTask.
• On-Demand Instance quotas

• Spot Instance quotas
• Reserved Instance quotas
• Launch template quotas
Amazon EC2 Auto Scaling endpoints and quotas

Version 1.0
310
Service endpoints
Service endpoints

Name
US East us-east-2 autoscaling.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 autoscaling.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 autoscaling.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 autoscaling.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 autoscaling.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 autoscaling.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- autoscaling.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- autoscaling.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- autoscaling.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- autoscaling.ca-central-1.amazonaws.com HTTP and

Version 1.0
311
Service quotas

Name
Europe eu- autoscaling.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 autoscaling.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- autoscaling.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 autoscaling.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- autoscaling.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- autoscaling.me-central-1.amazonaws.com HTTP and

South sa-east-1 autoscaling.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- autoscaling.us-gov-east-1.amazonaws.com HTTP and

(US-East)
AWS us-gov- autoscaling.us-gov-west-1.amazonaws.com HTTP and

(US-West)
If you specify the general endpoint (autoscaling.amazonaws.com), Amazon EC2 Auto Scaling directs your
request to the endpoint for us-east-1.
Service quotas

Description
Auto Scaling groups per region Each supported Yes The maximum number
Region: 500 of Auto Scaling groups
allowed for your AWS
account
Classic Load Balancers per Auto Scaling Each supported No The maximum number of
group Region: 50 Classic Load Balancers per
Auto Scaling group
Version 1.0
312
EC2 Image Builder

Description
Launch configurations per region Each supported Yes The maximum number
Region: 200 of launch configurations
allowed for your AWS
account
Lifecycle hooks per Auto Scaling group Each supported No The maximum number of
Region: 50 lifecycle hooks per Auto
Scaling group
SNS topics per Auto Scaling group Each supported No The maximum number of
Region: 10 SNS topics per Auto Scaling
group
Scaling policies per Auto Scaling group Each supported No The maximum number of
Region: 50 scaling policies per Auto
Scaling group
Scheduled actions per Auto Scaling group Each supported No The maximum number of
Region: 125 scheduled actions per Auto
Scaling group
Step adjustments per step scaling policy Each supported No The maximum number of
Region: 20 step adjustments per step
scaling policy
Target groups per Auto Scaling group Each supported No The maximum number of
Region: 50 target groups per Auto
Scaling group
For more information, see Quotas for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User
Guide.
EC2 Image Builder endpoints and quotas

Service endpoints

Name
US East us-east-2 imagebuilder.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 imagebuilder.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
313
Service endpoints

Name
US us-west-1 imagebuilder.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 imagebuilder.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 imagebuilder.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 imagebuilder.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- imagebuilder.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- imagebuilder.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- imagebuilder.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- imagebuilder.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- imagebuilder.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 imagebuilder.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
314
Service quotas

Name
Europe eu- imagebuilder.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 imagebuilder.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- imagebuilder.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 imagebuilder.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- imagebuilder.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- imagebuilder.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Component parameter length Each supported Yes The maximum number

Region: 1,024 of characters that a
Component Parameter
value can contain.
Component size Each supported Yes The maximum size of the

Region: 64 Kilobytes data field of an EC2 Image
Builder component.
Components Each supported Yes The maximum number

Region: 1,000 of EC2 Image Builder
components that you can
create in an account in the
current Region.
Components per image recipe Each supported No The maximum number

Region: 20 of EC2 Image Builder
components that can be
EC2 Image Builder image
recipe.
Concurrent AMI copies per distribution Each supported Yes The maximum number of
configuration Region: 50 target accounts that can
Version 1.0
315
Service quotas

Description
be defined for a single EC2
Image Builder distribution
configuration.
Concurrent builds Each supported Yes The maximum number

Region: 100 of concurrent builds that
can be in progress in this
Region.
Container recipes Each supported Yes The maximum number

container recipes that you
can create in an account in
the current Region.
Distribution configurations Each supported Yes The maximum number

distribution configurations
that you can create in an
Region.
Docker template size Each supported Yes The maximum size of an

Region: 64 Kilobytes EC2 Image Builder Docker
template data field.
Image pipelines Each supported Yes The maximum number of

Region: 75 EC2 Image Builder image
pipelines that you can
current Region.
Image recipes Each supported Yes The maximum number of

Region: 1,000 EC2 Image Builder image
recipes that you can create
in an account in the current
Region.
Infrastructure configurations Each supported Yes The maximum

Region: 1,000 number of EC2 Image
Builder infrastructure
configurations that you can
current Region.
Launch templates modified per Each supported Yes The maximum number of
distribution configuration Region: 5 launch templates that a
single EC2 Image Builder
distribution configuration
can modify.
Parameters per component Each supported Yes The maximum number of

Region: 25 parameters that a single
Component can contain.
Version 1.0
316
EC2 Instance Connect
Amazon EC2 Instance Connect endpoints and

quotas
Service endpoints

Name
US East us-east-2 ec2-instance-connect.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 ec2-instance-connect.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 ec2-instance-connect.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 ec2-instance-connect.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- ec2-instance-connect.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ec2-instance-connect.ap- HTTPS

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ec2-instance-connect.ca- HTTPS

Europe eu- ec2-instance-connect.eu- HTTPS

Europe eu-west-1 ec2-instance-connect.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
317
Service quotas

Name

(London)

(Paris)
Europe eu-north-1 ec2-instance-connect.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 ec2-instance-connect.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ec2-instance-connect.us-gov- HTTPS

(US-East)
AWS us-gov- ec2-instance-connect.us-gov- HTTPS

(US-West)
Service quotas
This service has no quotas.
Amazon ECR endpoints and quotas

Service endpoints
The ecr and api.ecr endpoints are used for calls to the Amazon ECR API. API actions such as
DescribeImages and CreateRepository go to this endpoint. While the two endpoints function
the same, the api.ecr endpoint is recommended and the default when using the AWS CLI or AWS
SDKs. When connecting to Amazon ECR through an AWS PrivateLink VPC endpoint, you must use the
api.ecr endpoint to make API calls. For more information, see Amazon ECR Interface VPC Endpoints
(AWS PrivateLink) in the Amazon Elastic Container Registry User Guide.
For more information about FIPS endpoints, see FIPS endpoints (p. 989).

Name
US East us-east-2 ecr.us-east-2.amazonaws.com HTTPS

(Ohio)
ecr-fips.us-east-2.amazonaws.com HTTPS
Version 1.0
318
Service endpoints

Name
api.ecr.us-east-2.amazonaws.com HTTPS
dkr.ecr-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ecr.us-east-1.amazonaws.com HTTPS

Virginia)
dkr.ecr-fips.us-east-1.amazonaws.com HTTPS
api.ecr.us-east-1.amazonaws.com HTTPS
ecr-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 ecr.us-west-1.amazonaws.com HTTPS

West (N.
California) dkr.ecr-fips.us-west-1.amazonaws.com HTTPS
api.ecr.us-west-1.amazonaws.com HTTPS
ecr-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ecr.us-west-2.amazonaws.com HTTPS

(Oregon)
ecr-fips.us-west-2.amazonaws.com HTTPS
api.ecr.us-west-2.amazonaws.com HTTPS
dkr.ecr-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ecr.af-south-1.amazonaws.com HTTPS

(Cape
Town) api.ecr.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 ecr.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong api.ecr.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- ecr.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) api.ecr.ap-southeast-3.amazonaws.com HTTPS
Asia ap- ecr.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) api.ecr.ap-south-1.amazonaws.com HTTPS
Asia ap- ecr.ap-northeast-3.amazonaws.com HTTPS

(Osaka) api.ecr.ap-northeast-3.amazonaws.com HTTPS

(Seoul) api.ecr.ap-northeast-2.amazonaws.com HTTPS

(Singapore) api.ecr.ap-southeast-1.amazonaws.com HTTPS
Version 1.0
319
Service endpoints

Name

(Sydney) api.ecr.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) api.ecr.ap-northeast-1.amazonaws.com HTTPS
Canada ca- ecr.ca-central-1.amazonaws.com HTTPS

(Central) central-1
api.ecr.ca-central-1.amazonaws.com HTTPS
Europe eu- ecr.eu-central-1.amazonaws.com HTTPS

api.ecr.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 ecr.eu-west-1.amazonaws.com HTTPS

(Ireland)
api.ecr.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- ecr.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
api.ecr.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 ecr.eu-north-1.amazonaws.com HTTPS

(Stockholm)
api.ecr.eu-north-1.amazonaws.com HTTPS
Middle me- ecr.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) api.ecr.me-south-1.amazonaws.com HTTPS
Middle me- ecr.me-central-1.amazonaws.com HTTPS

api.ecr.me-central-1.amazonaws.com HTTPS
South sa-east-1 ecr.sa-east-1.amazonaws.com HTTPS

America
(São api.ecr.sa-east-1.amazonaws.com HTTPS
Paulo)
AWS us-gov- ecr.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ecr-fips.us-gov-east-1.amazonaws.com HTTPS
api.ecr.us-gov-east-1.amazonaws.com HTTPS
dkr.ecr-fips.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
320
Service endpoints

Name
AWS us-gov- ecr.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) dkr.ecr-fips.us-gov-west-1.amazonaws.com HTTPS
ecr-fips.us-gov-west-1.amazonaws.com HTTPS
api.ecr.us-gov-west-1.amazonaws.com HTTPS
Docker and OCI client endpoints

The Docker and OCI client endpoints are used for the Docker Registry APIs. Docker client commands such
as push and pull use this endpoint.
For more information about FIPS endpoints, see FIPS endpoints (p. 989).

Name
US East us-east-2 <registry-id>.dkr.ecr.us-east-2.amazonaws.com HTTPS

(Ohio)
<registry-id>.dkr.ecr-fips.us-east-2.amazonaws.com
US East (N. us-east-1 <registry-id>.dkr.ecr.us-east-1.amazonaws.com HTTPS

Virginia)
<registry-id>.dkr.ecr-fips.us-east-1.amazonaws.com
US West (N. us-west-1 <registry-id>.dkr.ecr.us-west-1.amazonaws.com HTTPS

California)
<registry-id>.dkr.ecr-fips.us-west-1.amazonaws.com
US West us-west-2 <registry-id>.dkr.ecr.us-west-2.amazonaws.com HTTPS

(Oregon)
<registry-id>.dkr.ecr-fips.us-west-2.amazonaws.com
Asia Pacific ap-east-1 <registry-id>.dkr.ecr.ap-east-1.amazonaws.com HTTPS

(Hong Kong)
Asia Pacific ap-south-1 <registry-id>.dkr.ecr.ap-south-1.amazonaws.com HTTPS

(Mumbai)
Asia Pacific ap- <registry-id>.dkr.ecr.ap-northeast-2.amazonaws.com HTTPS

(Seoul) northeast-2
Asia Pacific ap- <registry-id>.dkr.ecr.ap-southeast-1.amazonaws.com HTTPS

Asia Pacific ap- <registry-id>.dkr.ecr.ap-southeast-2.amazonaws.com HTTPS

Asia Pacific ap- <registry-id>.dkr.ecr.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) northeast-1
Canada ca-central-1 <registry-id>.dkr.ecr.ca-central-1.amazonaws.com HTTPS

(Central)
Version 1.0
321
Service quotas

Name
China cn-north-1 <registry-id>.dkr.ecr.cn-north-1.amazonaws.com.cn HTTPS

(Beijing)
China cn- <registry-id>.dkr.ecr.cn- HTTPS

(Ningxia) northwest-1 northwest-1.amazonaws.com.cn
Europe eu-central-1 <registry-id>.dkr.ecr.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Europe eu-west-1 <registry-id>.dkr.ecr.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 <registry-id>.dkr.ecr.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle East me-south-1 <registry-id>.dkr.ecr.me-south-1.amazonaws.com HTTPS

(Bahrain)
South sa-east-1 <registry-id>.dkr.ecr.sa-east-1.amazonaws.com HTTPS

America
(São Paulo)
AWS us-gov- <registry-id>.dkr.ecr.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) <registry-id>.dkr.ecr-fips.us-gov-
AWS us-gov- <registry-id>.dkr.ecr.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) <registry-id>.dkr.ecr-fips.us-gov-
Service quotas
The following table provides the default limits for Amazon Elastic Container Registry (Amazon ECR).

Description
Filters per rule in a replication Each supported No The maximum number

configuration Region: 100 of filters per rule in a
replication configuration.
Images per repository Each supported Yes The maximum number of

Region: 10,000 images per repository.
Layer parts Each supported No The maximum number of

Region: 4,200 layer parts. This is only
applicable if you are using
Amazon ECR API actions
Version 1.0
322
Service quotas

Description
directly to initiate multipart
uploads for image push
operations.
Lifecycle policy length Each supported No The maximum number of

Region: 30,720 characters in a lifecycle
policy.
Maximum layer part size Each supported No The maximum size (MiB)
Region: 10 of a layer part. This is only
operations.
Maximum layer size Each supported No The maximum size (MiB) of

Region: 42,000 a layer.
Minimum layer part size Each supported No The minimum size (MiB)
operations.
Rate of BatchCheckLayerAvailability Each supported Yes The maximum number of

requests Region: 1,000 per BatchCheckLayerAvailability
second requests that you can make
per second in the current
Region. When an image
is pushed to a repository,
each image layer is checked
to verify if it has been
uploaded before. If it has
been uploaded, then the
image layer is skipped.
Rate of BatchGetImage requests Each supported Yes The maximum number

Region: 2,000 per of BatchGetImage
make per second in the
current Region. When
an image is pulled, the
BatchGetImage API is
called once to retrieve the
image manifest. If you
request a quota increase
for this API, review your
GetDownloadUrlForLayer
usage as well.
Version 1.0
323
Service quotas

Description
Rate of CompleteLayerUpload requests Each supported Yes The maximum number

Region: 100 per of CompleteLayerUpload
an image is pushed, the
CompleteLayerUpload API
is called once per each new
image layer to verify that
the upload has completed.
Rate of GetAuthorizationToken requests Each supported Yes The maximum number of

Region: 500 per GetAuthorizationToken
Region.
Rate of GetDownloadUrlForLayer requests Each supported Yes The maximum number of

Region: 3,000 per GetDownloadUrlForLayer
an image is pulled, the
GetDownloadUrlForLayer
API is called once per image
layer that is not already
cached. If you request a
quota increase for this API,
review your BatchGetImage
usage as well.
Rate of InitiateLayerUpload requests Each supported Yes The maximum number

Region: 100 per of InitiateLayerUpload
an image is pushed,
the InitiateLayerUpload
API is called once per
image layer that has not
already been uploaded.
Whether or not an image
layer has been uploaded
is determined by the
BatchCheckLayerAvailability
API action.
Version 1.0
324
Service quotas

Description
Rate of PutImage requests Each supported Yes The maximum number of

Region: 10 per PutImage requests that
second you can make per second
When an image is pushed
and all new image layers
have been uploaded, the
PutImage API is called once
to create or update the
image manifest and the
tags associated with the
image.
Rate of UploadLayerPart requests Each supported Yes The maximum number of

Region: 500 per UploadLayerPart requests
second that you can make per
second in the current
Region. When an image is
pushed, each new image
layer is uploaded in parts
and the UploadLayerPart
API is called once per each
new image layer part.
Rate of image scans Each supported No The maximum number of

Region: 1 image scans per image, per
24 hours.
Registered repositories Each supported Yes The maximum number of

current Region.
Rules per lifecycle policy Each supported No The maximum number of

Region: 50 rules in a lifecycle policy
Rules per replication configuration Each supported No The maximum number

Region: 10 of rules in a replication
configuration.
Tags per image Each supported No The maximum number of

Region: 1,000 tags per image.
Unique destinations across all rules in a Each supported No The maximum number of
replication configuration Region: 25 unique destinations across
all rules in a replication
configuration.
For more information, see Amazon ECR Service Quotas in the Amazon Elastic Container Registry User
Guide.
Version 1.0
325
Amazon ECR Public
Amazon ECR Public endpoints and quotas

Service endpoints
The ecr-public and api.ecr-public endpoints are used for calls to the Amazon ECR Public API.
API actions such as DescribeImages and CreateRepository go to this endpoint. While the two
endpoints function the same, the api.ecr-public endpoint is recommended and the default when
using the AWS CLI or AWS SDKs.

Name
US East (N. us-east-1 ecr-public.us-east-1.amazonaws.com HTTPS

Virginia)
api.ecr-public.us-east-1.amazonaws.com HTTPS
US West us-west-2 ecr-public.us-west-2.amazonaws.com HTTPS

(Oregon)
api.ecr-public.us-west-2.amazonaws.com HTTPS
Service quotas
The following are the service quotas for Amazon ECR Public.

Description
Images per repository Each supported Yes The maximum number of

Region: 10,000 images per repository.
Layer parts Each supported No The maximum number of

Region: 1,000 layer parts. This is only
operations.
Maximum layer part size Each supported No The maximum size (MiB)
operations.
Maximum layer size Each supported No The maximum size per

Region: 10,000 layer.
Version 1.0
326
Service quotas

Description
Minimum layer part size Each supported No The minimum size (MiB)
operations.
Rate of BatchCheckLayerAvailability Each supported Yes The maximum number of

requests Region: 200 per BatchCheckLayerAvailability
Region. When an image
is pushed to a repository,
each image layer is checked
to verify if it has been
uploaded before. If it has
been uploaded, then the
image layer is skipped.
Rate of CompleteLayerUpload requests Each supported Yes The maximum number

Region: 10 per of CompleteLayerUpload
an image is pushed, the
CompleteLayerUpload API
is called once per each new
image layer to verify that
the upload has completed.
Rate of GetAuthorizationToken requests Each supported Yes The maximum number of

Region: 200 per GetAuthorizationToken
Region.
Rate of InitiateLayerUpload requests Each supported Yes The maximum number

Region: 200 per of InitiateLayerUpload
an image is pushed,
the InitiateLayerUpload
API is called once per
image layer that has not
already been uploaded.
Whether or not an image
layer has been uploaded
is determined by the
BatchCheckLayerAvailability
API action.
Version 1.0
327
Amazon ECS

Description
Rate of PutImage requests Each supported Yes The maximum number of

Region: 10 per PutImage requests that
When an image is pushed
and all new image layers
have been uploaded, the
PutImage API is called once
to create or update the
image manifest and the
tags associated with the
image.
Rate of UploadLayerPart requests Each supported Yes The maximum number of

Region: 260 per UploadLayerPart requests
second in the current
Region. When an image is
pushed, each new image
layer is uploaded in parts
and the UploadLayerPart
API is called once per each
new image layer part.
Rate of authenticated image pulls Each supported Yes The maximum number of
Region: 10 per authenticated image pulls
second per second.
Rate of image pulls to AWS resources Each supported No The maximum number of
Region: 10 per image pulls per second
second to resources running on
Amazon ECS, Fargate, or
Amazon EC2.
Rate of unauthenticated image pulls Each supported No The maximum number of

Region: 1 per unauthenticated image
second pulls per second.
Registered repositories Each supported Yes The maximum number of

current Region.
Tags per image Each supported No The maximum number of

Region: 1,000 tags per image.
For more information, see Amazon ECR Public service quotas in the Amazon ECR Public user guide.
Amazon ECS endpoints and quotas

Version 1.0
328
Service endpoints
Service endpoints

Name
US East us-east-2 ecs.us-east-2.amazonaws.com HTTPS

(Ohio)
ecs-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ecs.us-east-1.amazonaws.com HTTPS

Virginia)
ecs-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 ecs.us-west-1.amazonaws.com HTTPS

West (N.
California) ecs-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ecs.us-west-2.amazonaws.com HTTPS

(Oregon)
ecs-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ecs.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ecs.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ecs.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ecs.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ecs.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
329
Service quotas

Name

(Tokyo)
Canada ca- ecs.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- ecs.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ecs.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- ecs.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ecs.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- ecs.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- ecs.me-central-1.amazonaws.com HTTPS

South sa-east-1 ecs.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ecs.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ecs-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- ecs.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) ecs-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
The following are Amazon ECS service quotas.
Most of these service quotas, but not all, are listed under the Amazon Elastic Container Service (Amazon
ECS) namespace in the Service Quotas console. To request a quota increase, see Requesting a quota
increase in the Service Quotas User Guide.
Version 1.0
330
Service quotas

Description
Capacity providers per cluster Each supported No The maximum number of

Region: 10 capacity providers that can
be associated with a cluster.
Classic Load Balancers per service Each supported No The maximum number of
Region: 1 Classic Load Balancers per
service.
Clusters per account Each supported Yes Number of clusters per

Region: 10,000 account
Container instances per cluster Each supported No Number of container

Region: 5,000 instances per cluster
Container instances per start-task Each supported No The maximum number

Region: 10 of container instances
specified in a StartTask API
action.
Containers per task definition Each supported No The maximum number

Region: 10 of containers definitions
within a task definition.
ECS Exec sessions Each supported Yes The maximum number

Region: 20 of ECS Exec sessions per
container.
Rate of tasks launched by a service on Each supported Yes The maximum number
AWS Fargate Region: 500 of tasks that can be
provisioned per service
per minute on Fargate by
the Amazon ECS service
scheduler.
Rate of tasks launched by a service on an Each supported Yes The maximum number
Amazon EC2 or External instance Region: 500 of tasks that can be
provisioned per service
per minute on an Amazon
EC2 or External instance
by the Amazon ECS service
scheduler.
Revisions per task definition family Each supported No The maximum number of
Region: 1,000,000 revisions per task definition
family. Deregistering a task
definition revision does
not exclude it from being
included in this limit.
Security groups per awsvpcConfiguration Each supported No The maximum number

Region: 5 of security groups
specified within an
awsvpcConfiguration.
Services per cluster Each supported Yes The maximum number of

Region: 5,000 services per cluster
Version 1.0
331
AWS Fargate quotas

Description
Subnets per awsvpcConfiguration Each supported No The maximum number of

Region: 16 subnets specified within an
awsvpcConfiguration.

Region: 50 of tags per resource. This
applies to task definitions,
clusters, tasks, and services.
Target groups per service Each supported No The maximum number of

Region: 5 target groups per service, if
using an Application Load
Balancer or a Network Load
Balancer.
Task definition size Each supported No The maximum size, in KiB,

Region: 64 Kilobytes of a task definition.
Tasks in PROVISIONING state per cluster Each supported No The maximum number
Region: 300 of tasks waiting in the
PROVISIONING state per
cluster. This quota only
applies to tasks launched
using an EC2 Auto Scaling
group capacity provider.
Tasks launched per run-task Each supported No The maximum number of

Region: 10 tasks that can be launched
per RunTask API action.
Tasks per service Each supported Yes The maximum number

Region: 5,000 of tasks per service (the
desired count).
Note
Services configured to use Amazon ECS service discovery have a limit of 1,000 tasks per service.
This is due to the AWS Cloud Map service quota for the number of instances per service. For
more information, see AWS Cloud Map service quotas in the Amazon Web Services General
Reference.
Note
In practice, task launch rates are also dependent on other considerations such as container
images to be downloaded and unpacked, health checks and other integrations enabled, such as
registering tasks with a load balancer. You will see variations in task launch rates compared with
the quotas represented above based on the features that you have enabled for your Amazon
ECS services. For more information, see speeding up Amazon ECS deployments in the Amazon
ECS Best Practices Guide.
AWS Fargate quotas

The following are Amazon ECS on AWS Fargate service quotas and are listed under the AWS Fargate
service in the Service Quotas console.
New AWS accounts might have initial lower quotas that can increase over time. Fargate constantly
monitors the account usage within each Region, and then automatically increases the quotas based
Version 1.0
332
Amazon EKS
on your usage. You can also request a quota increase for values that are shown as adjustable, see
Requesting a quota increase in the Service Quotas User Guide.
AWS Fargate is transitioning from task-based quotas to vCPU-based quotas. The following table lists the
new vCPU-based quotas followed by the existing task-based quotas.
Currently, you must opt in to use the vCPU-based quotas. For more information, see AWS Fargate vCPU-
based quotas in the Amazon ECS Developer Guide.
Service quota Description Default quota value Adjustable
Fargate On-Demand The number of Fargate 6 Yes

vCPU resource count vCPUs that run
concurrently as Fargate
On-Demand in this
Region.
Fargate Spot vCPU The number of 6 Yes

resource count Fargate vCPUs running
Spot in this account in
the current Region.
Fargate On-Demand The number of Amazon 2 Yes

resource count ECS tasks and Amazon
EKS pods that run
concurrently on Fargate
current Region.
Fargate Spot resource The number of Amazon 2 Yes

count ECS tasks that run
Spot in this account in
the current Region.
Note
The default values are the initial quotas set by AWS, which are separate from the actual applied
quota value and maximum possible service quota. For more information, see Terminology in
Service Quotas in the Service Quotas User Guide.
Note
Fargate additionally enforces Amazon ECS tasks and Amazon EKS pods launch rate limits. For
more information, see AWS Fargate throttling linits in the Amazon ECS Developer Guide.
Amazon Elastic Kubernetes Service endpoints and

quotas
Version 1.0
333
Service endpoints
Service endpoints

Name
US East us-east-2 eks.us-east-2.amazonaws.com HTTPS

(Ohio)
fips.eks.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 eks.us-east-1.amazonaws.com HTTPS

Virginia)
fips.eks.us-east-1.amazonaws.com HTTPS
US us-west-1 eks.us-west-1.amazonaws.com HTTPS

West (N.
California) fips.eks.us-west-1.amazonaws.com HTTPS
US West us-west-2 eks.us-west-2.amazonaws.com HTTPS

(Oregon)
fips.eks.us-west-2.amazonaws.com HTTPS
Africa af-south-1 eks.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 eks.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- eks.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- eks.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- eks.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
334
Service quotas

Name
Canada ca- eks.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- eks.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 eks.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- eks.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 eks.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- eks.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 eks.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- eks.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) eks.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- eks.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) eks.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Clusters Each supported Yes The maximum number of

Region: 100 EKS clusters in this account
Control plane security groups per cluster Each supported No The maximum number
Region: 4 of control plane security
groups per cluster (these
are specified when you
create the cluster).
Fargate profiles per cluster Each supported Yes The maximum number of
Region: 10 Fargate profiles per cluster.
Version 1.0
335
AWS Fargate service quotas

Description
Label pairs per Fargate profile selector Each supported Yes The maximum number
Region: 5 of label pairs per Fargate
profile selector.
Managed node groups per cluster Each supported Yes The maximum number of
Region: 30 managed node groups per
cluster.
Nodes per managed node group Each supported Yes The maximum number of
Region: 450 nodes per managed node
group.
Public endpoint access CIDR ranges per Each supported No The maximum number
cluster Region: 40 of public endpoint access
CIDR ranges per cluster
(these are specified when
you create or update the
cluster).
Registered clusters Each supported Yes The maximum number

Region: 10 of registered clusters in
Region.
Selectors per Fargate profile Each supported Yes The maximum number
Region: 5 of selectors per Fargate
profile.
Note
The default values are the initial quotas set by AWS. These default values are separate from the
actual applied quota values and maximum possible service quotas. For more information, see
Terminology in Service Quotas in the Service Quotas User Guide.
These service quotas are listed under Amazon Elastic Kubernetes Service (Amazon EKS) in the Service
Quotas console. To request a quota increase for values that are shown as adjustable, see Requesting a
quota increase in the Service Quotas User Guide.
AWS Fargate service quotas

This section describes AWS Fargate service quotas for Amazon EKS. AWS Fargate is transitioning from
pod based quotas to vCPU based quotas. The following are the important dates related to the new vCPU
based quotas.
• September 8, 2022 – You can now opt in to using the new vCPU based quotas ahead of automatic
migration. By opting in, your account is controlled by vCPU based quotas rather than the previous pod
based quotas. Pod based quotas remain the default for accounts that don't opt in.
Note
To use the vCPU based quotas with Amazon EKS before October 3, 2022, you must opt in.
To opt in, use the AWS Support Center Console to create a Service limit increase case.
Choose Fargate for Limit type and Fargate account vCPU limit opt-in for Limit. For more
information, see Creating a support case in the AWS Support User Guide.
• October 3, 2022 through October 21, 2022 – All new and existing accounts are switched to the vCPU
based quotas in a phased manner.
Version 1.0
336
Amazon EFS
Note
To continue using the pod based quotas, you must opt out.
To opt out, use the AWS Support Center Console to create a Service limit increase case.
Choose Fargate for Limit type and Fargate account opt-out of vCPU limit for Limit. For
more information, see Creating a support case in the AWS Support User Guide.
• October 31, 2022 – The last day that you can remain opted out of the vCPU based quotas.
• November 1, 2022 through November 15, 2022 – The opt-out option ends and all accounts are
migrated to the vCPU based quotas. The pod based quotas are no longer available.
The following table lists the new vCPU based quota followed by the existing pod based quota. These
service quotas are among those listed under the AWS Fargate service in the Service Quotas console. The
following table only describes the quotas that also applicable to Amazon EKS.
You can confirm which quota type is active by looking at the Service Quotas console. If the vCPU quota
is in effect, the Fargate On-Demand Pod count based quotas show 0 for the Applied quota value. Any
other value indicates that the pod count quota is in effect.
New AWS accounts might have lower initial quotas that can increase over time. Fargate constantly
monitors the account usage within each AWS Region, and then automatically increases the quotas based
on the usage. You can also request a quota increase for values that are shown as adjustable. For more
information, see Requesting a quota increase in the Service Quotas User Guide.
Name Default Adjustable Description
Fargate On-Demand 6 Yes The number of Fargate

vCPU resource count vCPUs that can run
On-Demand in this
Region.
Fargate On-Demand 2 Yes The number of Amazon

resource count ECS tasks and Amazon
EKS pods that can run
current Region.
Note
The default values are the initial quotas set by AWS. These default values are separate from the
actual applied quota values and maximum possible service quotas. For more information, see
Terminology in Service Quotas in the Service Quotas User Guide.
Note
Fargate additionally enforces Amazon ECS tasks and Amazon EKS pods launch rate quotas. For
more information, see Fargate throttling limits in the Amazon Elastic Container Service User
Guide for AWS Fargate.
Amazon Elastic File System endpoints and quotas

Version 1.0
337
Service endpoints
Service endpoints
Name
US East us-east-2 elasticfilesystem.us-east-2.amazonaws.com HTTPS

(Ohio)
elasticfilesystem-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 elasticfilesystem.us-east-1.amazonaws.com HTTPS

Virginia)
elasticfilesystem-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 elasticfilesystem.us-west-1.amazonaws.com HTTPS

West (N.
California) elasticfilesystem-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 elasticfilesystem.us-west-2.amazonaws.com HTTPS

(Oregon)
elasticfilesystem-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 elasticfilesystem.af-south-1.amazonaws.com HTTPS

(Cape
Town) elasticfilesystem-fips.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 elasticfilesystem.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong elasticfilesystem-fips.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- elasticfilesystem.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) elasticfilesystem-fips.ap- HTTPS
Asia ap- elasticfilesystem.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) elasticfilesystem-fips.ap-south-1.amazonaws.com HTTPS
Asia ap- elasticfilesystem.ap-northeast-3.amazonaws.com HTTPS

(Osaka) elasticfilesystem-fips.ap- HTTPS

(Seoul) elasticfilesystem-fips.ap- HTTPS

(Singapore) elasticfilesystem-fips.ap- HTTPS

(Sydney) HTTPS
Version 1.0
338
Service endpoints

Name
elasticfilesystem-fips.ap-

(Tokyo) elasticfilesystem-fips.ap- HTTPS
Canada ca- elasticfilesystem.ca-central-1.amazonaws.com HTTPS

(Central) central-1
elasticfilesystem-fips.ca- HTTPS
Europe eu- elasticfilesystem.eu-central-1.amazonaws.com HTTPS

elasticfilesystem-fips.eu- HTTPS
Europe eu-west-1 elasticfilesystem.eu-west-1.amazonaws.com HTTPS

(Ireland)
elasticfilesystem-fips.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- elasticfilesystem.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
elasticfilesystem-fips.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 elasticfilesystem.eu-north-1.amazonaws.com HTTPS

(Stockholm)
elasticfilesystem-fips.eu-north-1.amazonaws.com HTTPS
Middle me- elasticfilesystem.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) elasticfilesystem-fips.me-south-1.amazonaws.com HTTPS
South sa-east-1 elasticfilesystem.sa-east-1.amazonaws.com HTTPS

America
(São elasticfilesystem-fips.sa-east-1.amazonaws.com HTTPS
Paulo)
AWS us-gov- elasticfilesystem.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) elasticfilesystem-fips.us-gov- HTTPS
AWS us-gov- elasticfilesystem.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) elasticfilesystem-fips.us-gov- HTTPS
Version 1.0
339
Service quotas
Service quotas

Description
Active users per NFS client Each supported No The maximum number of
Region: 128 active user accounts that
can have files open at the
same time for each NFS
client
Bursting throughput us-east-1: 3,072 No The maximum total

Megabytes per bursting throughput for all
second connected clients on an EFS
file system
us-east-2: 3,072
Megabytes per
second
us-west-2: 3,072
Megabytes per
second
ap-southeast-2:
3,072 Megabytes
per second
eu-west-1: 3,072
Megabytes per
second
Each of the other

supported Regions:
1,024 Megabytes
per second
Directory depth Each supported No The maximum number of

Region: 1,000 levels, or depth, that you
can have within a single
directory
EFS file locks Each supported No The maximum number

Region: 512 of locks per file across all
instances connected and
users accessing the file
File hard links Each supported No The maximum number of

Region: 177 hard links that you can
have for each file
File size Each supported No The maximum size of a

Region: single file on an EFS file
52,673,613,135,872 system
Bytes
File system name length Each supported No The maximum length of a

Region: 255 Bytes file system name
Version 1.0
340
Service quotas

Description
File system symbolic link (symlink) length Each supported No The maximum length that a
Region: 4,080 Bytes file system symbolic link, or
symlink, can be
File systems per account Each supported Yes The maximum number
Region: 1,000 of file systems that a
customer account can have
in an AWS Region
Locks across unique file/process pairs Each supported No The maximum number
Region: 65,536 of locks that can occur at
the same time for each
unique mount on an NFS
client, across all unique
file/process pairs
Minimum wait time between Provisioned Each supported No The minimum amount
Throughput decreases Region: 86,400 of time that you have to
Seconds wait after decreasing the
amount of Provisioned
Throughput before you can
decrease it again
Minimum wait time between Throughput Each supported No The minimum amount
mode changes Region: 86,400 of time that you have to
Seconds wait after changing the
Throughput mode before
you can change it again
Mount targets per Availability Zone Each supported No The maximum number of
Region: 1 EFS mount targets that you
can have in an Availability
Zone
Mount targets per VPC Each supported No The maximum number of

Region: 400 EFS mount targets allowed
for each VPC
Open files per NFS client Each supported No The maximum number of
Region: 32,768 files that can be open at
the same time for each NFS
client
Provisioned throughput Each supported No The maximum total

Region: 1,024 provisioned throughput for
Megabytes per all connected clients on an
second EFS file system
Version 1.0
341
Elastic Inference

Description
Rate of file system operations Each supported No The maximum number of

Region: 35,000 file system operations per
second, for all connected
clients, on an EFS file
system that is configured
in General Purpose mode.
Data or metadata read
operations consume
one file operation, and
data or metadata write
operations consume five
file operations.
Security groups per mount target Each supported No The maximum number of
Region: 5 security groups that you
can apply to a single EFS
mount target
Tags Each supported No The maximum number of

Region: 50 tags that you can apply to
an EFS file system
Throughput per NFS client Each supported No The maximum throughput

Region: 524.288 that you can drive for each
Megabytes per NFS client connected to an
second EFS file system
VPCs per file system Each supported No The maximum number of

Region: 1 VPCs that you can apply to
an EFS file system
For more information, see Amazon EFS quotas in the Amazon Elastic File System User Guide.
Amazon Elastic Inference endpoints and quotas

Service endpoints

Name
US East us-east-2 api.elastic-inference.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 api.elastic-inference.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
342
Service quotas

Name
US West us-west-2 api.elastic-inference.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- api.elastic-inference.ap- HTTPS

(Seoul)
Asia ap- api.elastic-inference.ap- HTTPS

(Tokyo)
Europe eu-west-1 api.elastic-inference.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Number of Elastic Inference accelerators Each supported Yes The maximum number
Region: 5 of Elastic Inference
accelerators that you can
request in this Region.
Elastic Load Balancing endpoints and quotas

Service endpoints
Region Region Endpoint Route 53 Route 53 Hosted

Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)
US East us-east-2 elasticloadbalancing.us- Z3AADJGX6KTTL2 ZLMOA37VPKANP

(Ohio) east-2.amazonaws.com
elasticloadbalancing-
fips.us-
US East (N. us-east-1 elasticloadbalancing.us- Z35SXDOTRQ7X7K Z26RNL4JYFTOTI

Virginia) east-1.amazonaws.com
Version 1.0
343
Service endpoints

Balancers, Classic
Load Balancers)
fips.us-
US West (N. us-west-1 elasticloadbalancing.us- Z368ELLRRE2KJ0 Z24FKFUX50B4VW

California) west-1.amazonaws.com
fips.us-
US West us-west-2 elasticloadbalancing.us- Z1H1FL5HABSF5 Z18D5FSROUN65G

fips.us-
Africa (Cape af-south-1 elasticloadbalancing.af- Z268VQBMOI5EKX Z203XCE67M25HM

Town) south-1.amazonaws.com
Asia Pacific ap-east-1 elasticloadbalancing.ap- Z3DQVH9N71FHZ0 Z12Y7K3UBGUAD1

(Hong Kong) east-1.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- Z08888821HLRG5A9ZRTER

Z01971771FYVNCOVWJU1G
(Jakarta) southeast-3 southeast-3.amazonaws.com
Asia Pacific ap-south-1 elasticloadbalancing.ap- ZP97RAFLXTNZK ZVDDRBQ08TROA

(Mumbai) south-1.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- Z5LXEXXYW11ES Z1GWIQ4HH19I5X

(Osaka) northeast-3 northeast-3.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- ZWKZPGTI48KDX ZIBE1TIR4HY56

(Seoul) northeast-2 northeast-2.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- Z1LMS91P8CMLE5 ZKVM4W9LS7TM

(Singapore) southeast-1 southeast-1.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- Z1GM3OXH4ZPM65 ZCT6FZBF4DROD

(Sydney) southeast-2 southeast-2.amazonaws.com
Asia Pacific ap- elasticloadbalancing.ap- Z14GRHDCWA56QT Z31USIVHYNEOWT

(Tokyo) northeast-1 northeast-1.amazonaws.com
Canada ca-central-1 elasticloadbalancing.ca- ZQSVJUPU6J1EY Z2EPGBW3API2WT

(Central) central-1.amazonaws.com
China cn-north-1 elasticloadbalancing.cn- Z1GDH35T77C1KE Z3QFB96KMJ7ED6

(Beijing) north-1.amazonaws.com.cn
China cn- elasticloadbalancing.cn- ZM7IZAIOVVDZF ZQEIKTCZ8352D

Version 1.0
344
Service quotas

Balancers, Classic
Load Balancers)
Europe eu-central-1 elasticloadbalancing.eu- Z215JYRZR1TBD5 Z3F0SRJ5LGBH90

(Frankfurt) central-1.amazonaws.com
Europe eu-west-1 elasticloadbalancing.eu- Z32O12XQLNTSW2 Z2IFOLAFXWLO4F

Europe eu-west-2 elasticloadbalancing.eu- ZHURV8PSTC4K8 ZD4D7Y8KGAS4G

Europe eu-south-1 elasticloadbalancing.eu- Z3ULH7SSC9OV64 Z23146JA1KNAFP

(Milan) south-1.amazonaws.com
Europe eu-west-3 elasticloadbalancing.eu- Z3Q77PNBQS71R4 Z1CMS0P5QUZ6D5

Europe eu-north-1 elasticloadbalancing.eu- Z23TAZ6LKFMNIO Z1UDT6IFJ4EJM

Middle East me-south-1 elasticloadbalancing.me- ZS929ML54UICD Z3QSRYVP46NYYV

(Bahrain) south-1.amazonaws.com
Middle East me- elasticloadbalancing.me- Z08230872XQRWHG2XF6I

Z00282643NTTLPANJJG2P
(UAE) central-1 central-1.amazonaws.com
South sa-east-1 elasticloadbalancing.sa- Z2P70J7HTTTPLU ZTK26PT1VY4CU

America east-1.amazonaws.com
(São Paulo)
AWS us-gov- elasticloadbalancing.us- Z166TLBEWOO7G0 Z1ZSMQQ6Q24QQ8

GovCloud east-1 gov-east-1.amazonaws.com
(US-East)
AWS us-gov- elasticloadbalancing.us- Z33AYJ8TM3BH4J ZMG1MZ2THAWF1

GovCloud west-1 gov-
(US-West) west-1.amazonaws.com
Service quotas
The following quotas are for Application Load Balancers.
Application Load Balancers per Region 50 Yes
Certificates per Application Load Balancer 25 Yes
Condition Values per Rule 5 No
Condition Wildcards per Rule 5 No
Listeners per Application Load Balancer 50 Yes
Version 1.0
345
Service quotas
Number of times a target can be registered per 1,000 Yes

Application Load Balancer
Rules per Application Load Balancer 100 Yes
Target Groups per Action per Application Load Balancer 5 No
Target Groups per Application Load Balancer 100 No
Targets per Application Load Balancer 1,000 Yes
The following quotas are for Network Load Balancers.
Certificates per Network Load Balancer 25 Yes
Listeners per Network Load Balancer 50 No
Network Load Balancer ENIs per VPC 1,200 Yes
Network Load Balancers per Region 50 Yes
Target Groups per Action per Network Load Balancer 1 No
Targets per Availability Zone per Network Load Balancer 500 Yes
Targets per Network Load Balancer 3,000 Yes
The following quotas are for target groups.
Target Groups per Region 3,000 Yes
Targets per Target Group per Region 1,000 Yes
The following quotas are for Classic Load Balancers.
Classic Load Balancers per Region 20 Yes
Listeners per Classic Load Balancer 100 Yes
Registered Instances per Classic Load Balancer 1,000 Yes
• Quotas for your Application Load Balancers

• Quotas for your Network Load Balancers
• Quotas for your Classic Load Balancers
Version 1.0
346
Elastic Transcoder
• Quotas for your Gateway Load Balancers
Amazon Elastic Transcoder endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 elastictranscoder.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 elastictranscoder.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 elastictranscoder.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- elastictranscoder.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- elastictranscoder.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- elastictranscoder.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- elastictranscoder.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu-west-1 elastictranscoder.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas
Description
Burst size of Create Job requests Each supported Yes The maximum number of
Region: 100 Create Job requests that
you can send in one burst in
region.
Version 1.0
347
Elastic Disaster Recovery

Description
Burst size of Read Job requests Each supported Yes The maximum number of
Region: 50 Read Job requests that you
region.
Concurrent jobs per pipeline us-east-1: 20 Yes The maximum number

of jobs processed
us-west-2: 20 simultaneously by each
pipeline in the current
eu-west-1: 20 region.
Each of the other
supported Regions:
12
Pipelines Each supported Yes The maximum number

Region: 4 of pipelines that you can
current region.
Queued jobs per pipeline Each supported No The maximum number of

Region: 1,000,000 queued jobs per pipeline in
the current region.
Rate of Create Job requests Each supported Yes The maximum number of
Region: 2 Create Job requests per
second that you can send in
region
Rate of Read Job requests Each supported Yes The maximum number
Region: 4 of Read Job requests per
region.
User-defined presets Each supported Yes The maximum number

Region: 50 of custom output presets
region.
For more information, see Amazon Elastic Transcoder quotas in the Amazon Elastic Transcoder Developer
Guide.
AWS Elastic Disaster Recovery endpoints and

quotas
Version 1.0
348
Service endpoints
Service endpoints

Name
US East us-east-2 drs.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 drs.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 drs.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 drs.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 drs.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 drs.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- drs.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- drs.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- drs.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
349
Service quotas

Name
Canada ca- drs.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- drs.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 drs.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- drs.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 drs.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- drs.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 drs.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Concurrent jobs in progress Each supported No Concurrent jobs in progress

Region: 20
Max Total replicating source servers Per Each supported Yes Max Total replicating source
AWS Account Region: 300 servers Per AWS Account
Max Total source servers Per AWS Account Each supported Yes Max Total source servers
Region: 3,000 Per AWS Account
Max concurrent Jobs per source server Each supported No Max concurrent Jobs per
Region: 1 source server
Max source servers in a single Job Each supported No Max source servers in a
Region: 200 single Job
Max source servers in all Jobs Each supported No Max source servers in all
Region: 200 Jobs
Version 1.0
350
ElastiCache
Amazon ElastiCache endpoints and quotas

Service endpoints

Name
US East us-east-2 elasticache.us-east-2.amazonaws.com HTTPS

(Ohio)
elasticache-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 elasticache.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 elasticache.us-west-1.amazonaws.com HTTPS

West (N.
California) elasticache-fips.us-west-1.amazonaws.com HTTPS
elasticache-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 elasticache.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 elasticache.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 elasticache.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- elasticache.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- elasticache.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- elasticache.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
351
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- elasticache.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- elasticache.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 elasticache.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- elasticache.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 elasticache.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- elasticache.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- elasticache.me-central-1.amazonaws.com HTTPS

South sa-east-1 elasticache.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- elasticache.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
Version 1.0
352
Service quotas

Name
AWS us-gov- elasticache.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) elasticache.us-gov-west-1.amazonaws.com HTTPS
elasticache.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Nodes per Region Each supported Yes The maximum number of

Region: 300 nodes across all clusters in
a Region. This quota applies
to both your reserved
and non-reserved nodes
within the given Region.
You can have up to 300
reserved nodes and 300
non-reserved nodes in the
same Region.
Nodes per cluster (Memcached) Each supported Yes The maximum number
Region: 40 of nodes in an individual
Memcached cluster.
Nodes per cluster per instance type (Redis Each supported Yes The maximum number
cluster mode enabled) Region: 90 of nodes in an individual
Redis cluster. You must also
specify the instance type
with your request.
Nodes per shard (Redis) Each supported No The maximum number

Region: 6 of nodes in an individual
Redis shard (node group).
One node is the read/write
Primary. All other nodes are
read-only Replicas.
Parameter groups per Region Each supported Yes The maximum number of
Region: 150 parameters groups you can
create in a Region.
Security groups per Region Each supported Yes The maximum number of
Region: 50 security groups you can
create in a Region.
Shards per cluster (Redis cluster mode Each supported No The maximum number
disabled) Region: 1 of shards (node groups)
in a Redis (cluster mode
disabled) cluster.
Version 1.0
353
Amazon MemoryDB for Redis

Description
Subnet groups per Region Each supported Yes The maximum number
Region: 150 of subnet groups you can
create in a Region.
Subnets per subnet group Each supported Yes The maximum number of
Region: 20 subnets you can define for
a subnet group.
Amazon MemoryDB for Redis endpoints and

quotas
Service endpoints

Name
US East us-east-2 memory-db.us-east-2.amazonaws.com HTTPS

(Ohio)
memory-db-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 memory-db.us-east-1.amazonaws.com HTTPS

Virginia)
memory-db-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 memory-db.us-west-1.amazonaws.com HTTPS

West (N.
California) memory-db-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 memory-db.us-west-2.amazonaws.com HTTPS

(Oregon)
memory-db-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 memory-db.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- memory-db.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- memory-db.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Version 1.0
354
Service quotas

Name
Asia ap- memory-db.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- memory-db.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- memory-db.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- memory-db.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- memory-db.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 memory-db.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 memory-db.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 memory-db.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 memory-db.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Resource Default
Nodes per Region 300
Nodes per cluster per instance type 90
Nodes per shard 6
Parameter groups per Region 150
Subnet groups per Region 150
Subnets per subnet group 20
Amazon EMR endpoints and quotas

Version 1.0
355
Service endpoints
Service endpoints

Name
US East us-east-2 elasticmapreduce.us-east-2.amazonaws.com HTTPS

(Ohio)
elasticmapreduce-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 elasticmapreduce.us-east-1.amazonaws.com HTTPS

Virginia)
elasticmapreduce-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 elasticmapreduce.us-west-1.amazonaws.com HTTPS

West (N.
California) elasticmapreduce-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 elasticmapreduce.us-west-2.amazonaws.com HTTPS

(Oregon)
elasticmapreduce-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 elasticmapreduce.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 elasticmapreduce.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- elasticmapreduce.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- elasticmapreduce.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- elasticmapreduce.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
356
Service endpoints

Name

(Tokyo)
Canada ca- elasticmapreduce.ca-central-1.amazonaws.com HTTPS

(Central) central-1
elasticmapreduce-fips.ca- HTTPS
Europe eu- elasticmapreduce.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 elasticmapreduce.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- elasticmapreduce.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 elasticmapreduce.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- elasticmapreduce.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- elasticmapreduce.me-central-1.amazonaws.com HTTPS

South sa-east-1 elasticmapreduce.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- elasticmapreduce.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) elasticmapreduce.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- elasticmapreduce.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) elasticmapreduce.us-gov-west-1.amazonaws.com HTTPS
If you specify the general endpoint (elasticmapreduce.amazonaws.com), Amazon EMR directs your
request to an endpoint in the default Region. For accounts created on or after March 8, 2013, the default
Region is us-west-2; for older accounts, the default Region is us-east-1.
Version 1.0
357
Service quotas
Service quotas

Description
Replenishment rate of AddInstanceFleet Each supported Yes The Rate at which

calls Region: 0.5 tokens are added to the
AddInstanceFleet bucket
Replenishment rate of AddInstanceGroups Each supported Yes The Rate at which

AddInstanceGroups bucket
Replenishment rate of AddJobFlowSteps Each supported Yes The Rate at which

AddJobFlowSteps bucket
Replenishment rate of AddTags calls Each supported Yes The Rate at which tokens
Region: 0.5 are added to the AddTags
bucket
Replenishment rate of CancelSteps calls Each supported Yes The Rate at which
Region: 0.5 tokens are added to the
CancelSteps bucket
Replenishment rate of Each supported Yes The Rate at which

CreateSecurityConfiguration calls Region: 0.5 tokens are added to the
CreateSecurityConfiguration
bucket

DeleteSecurityConfiguration calls Region: 0.5 tokens are added to the
DeleteSecurityConfiguration
bucket
Replenishment rate of DescribeCluster Each supported Yes The Rate at which

calls Region: 1 tokens are added to the
DescribeCluster bucket
Replenishment rate of DescribeJobFlows Each supported Yes The Rate at which

DescribeJobFlows bucket

DescribeSecurityConfiguration calls Region: 0.5 tokens are added to the
DescribeSecurityConfiguration
bucket
Replenishment rate of DescribeStep calls Each supported Yes The Rate at which
DescribeStep bucket

ListBootstrapActions calls Region: 1 tokens are added to the
ListBootstrapActions
bucket
Version 1.0
358
Service quotas

Description
Replenishment rate of ListClusters calls Each supported Yes The Rate at which
ListClusters bucket
Replenishment rate of ListInstanceFleets Each supported Yes The Rate at which

ListInstanceFleets bucket
Replenishment rate of ListInstanceGroups Each supported Yes The Rate at which

calls Region: 1 tokens are added to the
ListInstanceGroups bucket
Replenishment rate of ListInstances calls Each supported Yes The Rate at which
ListInstances bucket

ListSecurityConfigurations calls Region: 0.5 tokens are added to the
ListSecurityConfigurations
bucket
Replenishment rate of ListSteps calls Each supported Yes The Rate at which tokens
Region: 0.5 are added to the ListSteps
bucket
Replenishment rate of ModifyCluster calls Each supported Yes The Rate at which
ModifyCluster bucket

ModifyInstanceFleet calls Region: 0.5 tokens are added to the
ModifyInstanceFleet bucket

ModifyInstanceGroups calls Region: 0.5 tokens are added to the
ModifyInstanceGroups
bucket

PutAutoScalingPolicy calls Region: 0.5 tokens are added to the
PutAutoScalingPolicy
bucket

RemoveAutoScalingPolicy calls Region: 0.5 tokens are added to the
RemoveAutoScalingPolicy
bucket
Replenishment rate of RemoveTags calls Each supported Yes The Rate at which
RemoveTags bucket
Replenishment rate of RunJobFlow calls Each supported Yes The Rate at which
RunJobFlow bucket
Version 1.0
359
Service quotas

Description

SetTerminationProtection calls Region: 0.2 tokens are added to the
SetTerminationProtection
bucket

SetVisibleToAllUsers calls Region: 0.2 tokens are added to the
SetVisibleToAllUsers bucket
Replenishment rate of TerminateJobFlows Each supported Yes The Rate at which

TerminateJobFlows bucket
The maximum number of API requests Each supported Yes The maximum number
that you can make per second. Region: 25 per of requests per second
second that you can perform
current Region for all EMR
operations.
The maximum number of AWS SSO Each supported No The maximum number of
Groups assigned to each Amazon EMR Region: 5 AWS SSO Groups assigned
Studio to each Amazon EMR
Studio
The maximum number of AWS SSO Users Each supported No The maximum number of
assigned to each Amazon EMR Studio Region: 100 AWS SSO Users assigned to
each Amazon EMR Studio
The maximum number of Each supported Yes The maximum number of

AddInstanceFleet API requests that you Region: 5 per AddInstanceFleet requests
can make per second. second per second that you can
AddInstanceFleet adds an
instance fleet to a running
cluster.
The maximum number of Each supported Yes The maximum number

AddInstanceGroups API requests that you Region: 5 per of AddInstanceGroups
can make per second. second requests per second that
you can perform in this
Region. Adds one or more
instance groups to a
running cluster.

AddJobFlowSteps API requests that you Region: 10 per AddJobFlowSteps requests
AddJobFlowSteps adds new
steps to a running cluster.
Version 1.0
360
Service quotas

Description
The maximum number of AddTags API Each supported Yes The maximum number
requests that you can make per second. Region: 5 per of AddTags requests
second per second that you can
perform in this account in
the current Region. Adds
tags to an Amazon EMR
resource.
The maximum number of Amazon EMR Each supported No The maximum number of
Studios per account Region: 10 Amazon EMR Studios per
account
The maximum number of CancelSteps API Each supported Yes The maximum number
requests that you can make per second. Region: 10 per of CancelSteps requests
the current Region.

CreateSecurityConfiguration API requests Region: 5 per CreateSecurityConfiguration
that you can make per second. second requests per second
that you can perform
in this account in
the current Region.
CreateSecurityConfiguration
creates a security
configuration, which is
stored in the service and
can be specified when a
cluster is created.

DeleteSecurityConfiguration API requests Region: 5 per DeleteSecurityConfiguration
in this account in
the current Region.
DeleteSecurityConfiguration
deletes a security
configuration.
The maximum number of DescribeCluster Each supported Yes The maximum number of
API requests that you can make per Region: 10 per DescribeCluster requests
second. second per second that you can
DescribeCluster provides
cluster-level details
including status, hardware
and software configuration,
VPC settings, and so on.
Version 1.0
361
Service quotas

Description

DescribeJobFlows API requests that you Region: 20 per DescribeJobFlows requests
This API is deprecated
and will eventually be
removed. We recommend
you use ListClusters,
DescribeCluster, ListSteps,
ListInstanceGroups and
instead.

DescribeSecurityConfiguration API Region: 5 per DescribeSecurityConfiguration
requests that you can make per second. second requests per second
in this account in
the current Region.
DescribeSecurityConfiguration
provides the details of a
security configuration by
returning the configuration
JSON.
The maximum number of DescribeStep API Each supported Yes The maximum number
requests that you can make per second. Region: 10 per of DescribeStep requests
DescribeStep provides more
detail about the cluster
step.

ListBootstrapActions API requests that you Region: 10 per of ListBootstrapActions
can make per second. second requests per second
in this account in
the current Region.
provides information about
the bootstrap actions
associated with a cluster.
The maximum number of ListClusters API Each supported Yes The maximum number
requests that you can make per second. Region: 20 per of ListClusters requests
ListClusters provides the
status of all clusters visible
to this AWS account.
Version 1.0
362
Service quotas

Description

ListInstanceFleets API requests that you Region: 5 per ListInstanceFleets requests
ListInstanceFleets lists all
available details about the
instance fleets in a cluster.

ListInstanceGroups API requests that you Region: 10 per of ListInstanceGroups
Region. ListInstanceGroups
provides all available
details about the instance
groups in a cluster.
The maximum number of ListInstances API Each supported Yes The maximum number
requests that you can make per second. Region: 10 per of ListInstances requests
ListInstances provides
information for all active
EC2 instances and EC2
instances terminated in
the last 30 days, up to a
maximum of 2,000.

ListSecurityConfigurations API requests Region: 5 per ListSecurityConfigurations
in this account in
the current Region.
ListSecurityConfigurations
lists all the security
configurations visible to
this account, providing their
creation dates and times,
and their names.
The maximum number of ListSteps API Each supported Yes The maximum number
requests that you can make per second. Region: 10 per of ListSteps requests
ListSteps provides a list
of steps for the cluster in
reverse order.
Version 1.0
363
Service quotas

Description
The maximum number of ModifyCluster Each supported Yes The maximum number of
API requests that you can make per Region: 10 per ModifyCluster requests
second. second per second that you can
ModifyCluster modifies the
number of steps that can
be executed concurrently
for the cluster specified
using ClusterID.

ModifyInstanceFleet API requests that you Region: 5 per of ModifyInstanceFleet
in this account in
the current Region.
ModifyInstanceFleet
modifies the target On-
Demand and target Spot
capacities for the instance
fleet.

ModifyInstanceGroups API requests that Region: 5 per of ModifyInstanceGroups
you can make per second. second requests per second
in this account in
the current Region.
ModifyInstanceGroups
modifies the number of
nodes and configuration
settings of an instance
group.

PutAutoScalingPolicy API requests that Region: 5 per of PutAutoScalingPolicy
you can make per second. second requests per second
in this account in
the current Region.
PutAutoScalingPolicy
creates or updates an
automatic scaling policy
for a core instance group or
task instance group in an
Amazon EMR cluster.
Version 1.0
364
Service quotas

Description

RemoveAutoScalingPolicy API requests Region: 5 per RemoveAutoScalingPolicy
in this account in
the current Region.
RemoveAutoScalingPolicy
removes an automatic
scaling policy from a
specified instance group
within an EMR cluster.
The maximum number of RemoveTags API Each supported Yes The maximum number
requests that you can make per second. Region: 5 per of RemoveTags requests
Removes tags from an
Amazon EMR resource.
The maximum number of RunJobFlow API Each supported Yes The maximum number
requests that you can make per second. Region: 10 per of RunJobFlow requests
RunJobFlow creates and
starts running a new cluster
(job flow).

SetTerminationProtection API requests Region: 5 per SetTerminationProtection
in this account in
the current Region.
SetTerminationProtection
locks a cluster (job flow)
so the EC2 instances in
the cluster cannot be
terminated.

SetVisibileToAllUsers API requests that you Region: 5 per of SetVisibleToAllUsers
current Region. Sets the
VisibleToAllUsers value,
which determines whether
the cluster is visible to
all IAM users of the AWS
account associated with the
cluster.
Version 1.0
365
EventBridge

Description

TerminateJobFlows API requests that you Region: 10 per of TerminateJobFlows
Region. TerminateJobFlows
shuts a list of clusters (job
flows) down.
The maximum number of active clusters Each supported Yes The maximum number of
can be run at the same time Region: 500 active clusters can be run at
the same time.
The maximum number of active instances Each supported Yes The maximum number
per instance group Region: 2,000 of active instances per
instance group.
The maximum number of subnets Each supported No The maximum number of

associated with each Amazon EMR Studio Region: 5 subnets associated with
each Amazon EMR Studio
The maximum rate at which your bucket Each supported Yes The maximum rate at which
replenishes for all EMR operations. Region: 5 your bucket replenishes for
all EMR operations.
Amazon EMR throttles the following API requests for each AWS account on a per-Region basis. For more
information about how throttling is applied, see API Request Throttling in the Amazon EC2 API Reference.
Amazon EventBridge endpoints and quotas

Service endpoints
Name
US East us-east-2 events.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 events.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 events.us-west-1.amazonaws.com HTTPS

West (N.
California) events-fips.us-west-1.amazonaws.com HTTPS
Version 1.0
366
Service endpoints

Name
US West us-west-2 events.us-west-2.amazonaws.com HTTPS

(Oregon)
events-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 events.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 events.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)

(Jakarta)
Asia ap- events.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- events.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- events.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)
Europe eu- events.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
Version 1.0
367
Service quotas

Name

(Paris)
Europe eu-north-1 events.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- events.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- events.me-central-1.amazonaws.com HTTPS

South sa-east-1 events.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- events.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) events.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- events.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) events.us-gov-west-1.amazonaws.com HTTPS
Service quotas
For more information, see EventBridge Quotas in the Amazon EventBridge User Guide.
Amazon EventBridge Schemas endpoints and

quotas
Service endpoints
Name
US East us-east-2 schemas.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 schemas.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
368
Service endpoints

Name
US us-west-1 schemas.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 schemas.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 schemas.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- schemas.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- schemas.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- schemas.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- schemas.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- schemas.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- schemas.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- schemas.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 schemas.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 schemas.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 schemas.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
369
Service quotas
Service quotas
Description
DiscoveredSchemas Each supported Yes The maximum number of

Region: 200 schemas for a discovered
schema registry that you
can create in the current
region
Discoverers Each supported Yes The maximum number of

Region: 10 discoverers that you can
Registries Each supported Yes The maximum number

Region: 10 of registries that you can
SchemaVersions Each supported Yes The maximum number

Region: 100 of versions per schema
current region.
Schemas Each supported Yes The maximum number

Region: 100 of schemas per registry
current region. (Except
Discovered Schema
Registry)
Amazon FinSpace quotas

The following are the service quotas for this service. Service quotas, also referred to as limits, are the
maximum number of service resources or operations for your AWS account. For more information, see
AWS service quotas (p. 991).
Service quotas
Description
Attribute Sets Each supported Yes The maximum number of

Region: 100 attribute sets that can exist
in a FinSpace environment.
Clusters per user Each supported No The maximum number of

Region: 1 FinSpace Spark clusters
that can be active for each
user.
Concurrent Changesets processing Each supported Yes The maximum number

Region: 10 of concurrent changesets
that can be processing per
FinSpace environment
Version 1.0
370
AWS FIS

Description
Concurrent data views processing Each supported Yes The maximum number
Region: 10 of concurrently running
data views processing per
FinSpace environment.
Controlled Vocabularies and Categories Each supported Yes The maximum combined
Region: 100 number of Controlled
Vocabularies and
Categories per FinSpace
environment.
Data views per dataset Each supported Yes The maximum number
Region: 3 of data views that can be
created per dataset.
Datasets Each supported Yes The maximum number of

Region: 1,500 datasets that can exist in a
Datasets per User Group Each supported Yes The maximum number of
Region: 1,500 Datasets assigned per User
Group.
Environments Each supported Yes The maximum number of

Region: 2 FinSpace environments
you can create per AWS
account.
Files per Changeset Each supported No The maximum number of

Region: 100,000 files in a single changeset.
Maximum file size per Changeset Each supported No The maximum file size
Region: 50 of any single file in a
Gigabytes changeset.
Notebook storage Each supported No The maximum amount

Region: 10 of EFS storage per user
Gigabytes notebook environment.
User Groups Each supported Yes The maximum number of

Region: 20 User Groups per FinSpace
environment.
Users Each supported Yes The maximum number of

Region: 5 users that can exist in a
AWS Fault Injection Simulator endpoints and

quotas
Version 1.0
371
Service endpoints
Service endpoints

Name
US East us-east-2 fis.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 fis.us-east-1.amazonaws.com HTTPS

Virginia)
US West (N. us-west-1 fis.us-west-1.amazonaws.com HTTPS

California)
US West us-west-2 fis.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa (Cape af-south-1 fis.af-south-1.amazonaws.com HTTPS

Town)
Asia Pacific ap-east-1 fis.ap-east-1.amazonaws.com HTTPS

(Hong Kong)
Asia Pacific ap-south-1 fis.ap-south-1.amazonaws.com HTTPS

(Mumbai)
Asia Pacific ap- fis.ap-northeast-2.amazonaws.com HTTPS

(Seoul) northeast-2
Asia Pacific ap- fis.ap-southeast-1.amazonaws.com HTTPS

Asia Pacific ap- fis.ap-southeast-2.amazonaws.com HTTPS

Asia Pacific ap- fis.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) northeast-1
Canada ca-central-1 fis.ca-central-1.amazonaws.com HTTPS

(Central)
Europe eu-central-1 fis.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Europe eu-west-1 fis.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu-south-1 fis.eu-south-1.amazonaws.com HTTPS

(Milan)

(Paris)
Version 1.0
372
Service quotas

Name
Europe eu-north-1 fis.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle East me-south-1 fis.me-south-1.amazonaws.com HTTPS

(Bahrain)
South sa-east-1 fis.sa-east-1.amazonaws.com HTTPS

America
(São Paulo)
AWS us-gov- fis.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- fis.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Action duration in hours Each supported No The maximum number of

Region: 12 hours allowed to run one
action in this account in the
current Region.
Actions per experiment template Each supported No The maximum number

Region: 20 of actions that you can
create in an experiment
template in this account in
the current Region.
Active experiments Each supported No The maximum number of

Region: 5 active experiments that you
can run simultaneously in
Region.
Completed experiment data retention in Each supported No The maximum number

days Region: 120 of days allowed for AWS
FIS to retain data about
completed experiments in
Region.
Experiment duration in hours Each supported No The maximum number of

Region: 12 hours allowed to run one
experiment in this account
Experiment templates Each supported No The maximum number

Region: 500 of experiment templates
Version 1.0
373
Firewall Manager

Description
Region.
Parallel actions per experiment Each supported No The maximum number of

Region: 10 actions that you can run in
parallel in an experiment in
Region.
Resources per experiment target Each supported No The maximum number of

Region: 5 resources per experiment
target in this account in the
current Region, calculated
after target resolution.
Stop conditions per experiment template Each supported No The maximum number of
Region: 5 stop conditions that you
can add to an experiment
template in this account in
the current Region.
AWS Firewall Manager endpoints and quotas

Service endpoints

Name
US East us-east-2 fms.us-east-2.amazonaws.com HTTPS

(Ohio)
fms-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 fms.us-east-1.amazonaws.com HTTPS

Virginia)
fms-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 fms.us-west-1.amazonaws.com HTTPS

West (N.
California) fms-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 fms.us-west-2.amazonaws.com HTTPS

(Oregon)
fms-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 fms.af-south-1.amazonaws.com HTTPS

(Cape
Town) fms-fips.af-south-1.amazonaws.com HTTPS
Version 1.0
374
Service endpoints

Name
Asia ap-east-1 fms.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong fms-fips.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- fms.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) fms-fips.ap-south-1.amazonaws.com HTTPS
Asia ap- fms.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul) fms-fips.ap-northeast-2.amazonaws.com HTTPS
Asia ap- fms.ap-southeast-1.amazonaws.com HTTPS

(Singapore) fms-fips.ap-southeast-1.amazonaws.com HTTPS
Asia ap- fms.ap-southeast-2.amazonaws.com HTTPS

(Sydney) fms-fips.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) fms-fips.ap-northeast-1.amazonaws.com HTTPS
Canada ca- fms.ca-central-1.amazonaws.com HTTPS

(Central) central-1
fms-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- fms.eu-central-1.amazonaws.com HTTPS

fms-fips.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 fms.eu-west-1.amazonaws.com HTTPS

(Ireland)
fms-fips.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- fms.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
fms-fips.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 fms.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
375
Service quotas

Name
Middle me- fms.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) fms-fips.me-south-1.amazonaws.com HTTPS
South sa-east-1 fms.sa-east-1.amazonaws.com HTTPS

America
(São fms-fips.sa-east-1.amazonaws.com HTTPS
Paulo)
AWS us-gov- fms.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) fms-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- fms.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) fms-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
AWS WAF Classic rule groups per AWS Each supported No The maximum number
WAF Classic policy Region: 2 of AWS WAF Classic rule
groups that you can use in
a Firewall Manager AWS
WAF Classic policy.
Amazon VPC instances in scope of a Each supported Yes The maximum number of
common security group policy Region: 100 Amazon VPC instances that
you can have in scope per
Firewall Manager common
security group policy per
account. This number
represents the combined
count of VPCs that you own
and VPCs that are shared
with you.
Applications per application list Each supported Yes The maximum number of
Region: 50 applications that you can
define in an application list.
Audit security groups per security group Each supported Yes The maximum number of
content audit policy Region: 1 audit security groups that
you can use in a Firewall
Manager content audit
security group policy.
Custom managed application lists in any Each supported Yes The maximum number
content audit security group policy setting Region: 1 of custom managed
application lists that you
can use in any setting in a
Version 1.0
376
Service quotas

Description
Firewall Manager content
audit security group policy.
Custom managed application lists per Each supported Yes The maximum number
account Region: 10 of custom managed
application lists that you
can define for an account.
Custom managed protocol lists in any Each supported Yes The maximum number of
content audit security group policy setting Region: 1 custom managed protocol
lists that you can use in
any setting in a Firewall
Manager content audit
Custom managed protocol lists per Each supported Yes The maximum number of
account Region: 10 custom managed protocol
lists that you can define for
an account.
Explicitly included or excluded accounts Each supported Yes The maximum number of
per policy per Region Region: 200 accounts per Region that
you can explicitly include in
scope or explicitly exclude
from scope for a Firewall
Manager policy.
Firewall Manager policies per organization Each supported Yes The maximum number of
per Region Region: 20 Firewall Manager policies
for any pair of Region
and organization in AWS
Organizations.
IPV4 CIDRs for a Network Firewall policy Each supported No The maximum number
Region: 50 of IPV4 CIDR ranges
that you can provide in a
single Firewall Manager
Network Firewall policy,
for use in firewall endpoint
management.
Organizational units in scope per policy Each supported Yes The maximum number
per Region Region: 20 of organizational units
that can be in scope of a
Firewall Manager policy for
any Region.
Primary security groups per common Each supported Yes The maximum number of
security group policy Region: 1 primary security groups
that you can use in a
Firewall Manager common
Protocols per protocol list Each supported Yes The maximum number
Region: 5 of protocols that you can
define in a protocol list.
Version 1.0
377
Forecast

Description
Route 53 Resolver DNS Firewall rule Each supported Yes The maximum number of
groups per DNS Firewall policy Region: 2 Route 53 Resolver DNS
Firewall rule groups that
you can use in a Firewall
Manager DNS Firewall
policy.
Rule groups per AWS WAF policy Each supported Yes The maximum number of
Region: 50 rule groups that you can
use in a Firewall Manager
AWS WAF policy.
Tags to include or exclude resources per Each supported Yes The maximum number
policy Region: 8 of tags that you can use
to include or exclude
resources for a Firewall
Manager policy.
VPCs that a single Network Firewall policy Each supported No The maximum number of
can automatically remediate Region: 1,000 VPCs that a single Firewall
Manager Network Firewall
policy can automatically
remediate.
Web ACL capacity units (WCU) used in an Each supported Yes The maximum combined
AWS WAF policy Region: 1,500 number of web ACL
capacity units (WCU) for
all of the rule groups used
in a Firewall Manager AWS
WAF policy. The WCU usage
for a rule group is fixed by
the rule group owner at
creation time.
For more information, see AWS Firewall Manager quotas in the AWS Firewall Manager Developer Guide.
Amazon Forecast endpoints and quotas

Version 1.0
378
Service endpoints
Service endpoints
Amazon Forecast

Name
US East us-east-2 forecast.us-east-2.amazonaws.com HTTPS

(Ohio)
forecast-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 forecast.us-east-1.amazonaws.com HTTPS

Virginia)
forecast-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 forecast.us-west-2.amazonaws.com HTTPS

(Oregon)
forecast-fips.us-west-2.amazonaws.com HTTPS
Asia ap- forecast.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- forecast.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- forecast.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- forecast.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- forecast.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- forecast.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 forecast.eu-west-1.amazonaws.com HTTPS

(Ireland)
Amazon Forecast Query

Name
US East us-east-2 forecastquery.us-east-2.amazonaws.com HTTPS

(Ohio)
forecastquery-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 forecastquery.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
379
Service quotas

Name
forecastquery-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 forecastquery.us-west-2.amazonaws.com HTTPS

(Oregon)
forecastquery-fips.us-west-2.amazonaws.com HTTPS
Asia ap- forecastquery.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- forecastquery.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- forecastquery.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- forecastquery.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- forecastquery.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- forecastquery.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 forecastquery.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Maximum cumulative size of all files in Each supported Yes The maximum cumulative
your Amazon S3 bucket Region: 30 size of all your files in your
Gigabytes Amazon S3 bucket in GB
Maximum forecast horizon Each supported No The maximum prediction

Region: 500 length (lesser of 500 data
points or 1/3 of the target
time series dataset length)
Maximum number of Explainabilities Each supported No Maximum number of

Region: 1,000 Explainabilities that you
can have in your Amazon
Forecast account
Maximum number of Explainability Each supported No Maximum number of

exports Region: 1,000 Explainability exports
that you can have in your
Amazon Forecast account
Version 1.0
380
Service quotas

Description
Maximum number of backtest windows Each supported No The maximum Back-

Region: 5 Test Window Count
(RecipeParameters)
Maximum number of columns in a related Each supported No The maximum number of

time series dataset Region: 25 columns that can be in the
RELATED_TIME_SERIES
dataset
Maximum number of columns in a target Each supported No The maximum number

time series dataset Region: 13 of columns that can be in
the TARGET_TIME_SERIES
dataset
Maximum number of columns in an item Each supported No The maximum number of

metadata dataset Region: 10 columns that can be in the
ITEM_METADATA dataset
Maximum number of dataset groups Each supported Yes The maximum number of
Region: 500 dataset groups that you
Forecast account
Maximum number of dataset import jobs Each supported Yes The maximum number of
Region: 1,000 dataset imports that you
Forecast account
Maximum number of datasets Each supported Yes The maximum number of

Region: 1,500 datasets that you can have
in your Amazon Forecast
account
Maximum number of datasets in a dataset Each supported No The maximum number of

group Region: 3 datasets that can be in a
dataset group
Maximum number of files in your Amazon Each supported No The maximum number of
S3 bucket Region: 10,000 files that you can have in
your Amazon S3 bucket
Maximum number of forecast export jobs Each supported Yes The maximum number of
Region: 1,000 forecast exports that you
Forecast account
Maximum number of forecasts Each supported Yes The maximum number of

Region: 100 forecasts that you can have
in your Amazon Forecast
account
Maximum number of predictor backtest Each supported Yes The maximum number of
export jobs Region: 1,000 predictor backtest exports
Version 1.0
381
Service quotas

Description
Maximum number of predictors Each supported Yes The maximum number

Region: 500 of predictors that you
Forecast account
Maximum number of rows in a dataset ap-south-1: Yes The maximum number

1,000,000,000 of rows that can be in a
dataset
Each of the other
supported Regions:
3,000,000,000
Maximum number of tags you can add to a Each supported No Maximum number of tags
resource Region: 50 you can add to a resource
Maximum number of time series per ap-south-1: Yes The maximum number
predictor 1,000,000 of time series allowed
for training a predictor
Each of the other (number of items * number
supported Regions: of unique values across
5,000,000 forecast dimensions in the
target time series dataset)
Maximum parallel running Each supported No The maximum number

CreateAutoPredictor tasks Region: 3 of parallel running
CreateAutoPredictor tasks
Maximum parallel running Each supported Yes The maximum number

CreateDatasetImportJob tasks Region: 3 of parallel running
CreateDatasetImportJob
tasks
Maximum parallel running Each supported No Maximum number

CreateExplainability tasks Region: 3 of parallel running
CreateExplainability tasks
Maximum parallel running Each supported No Maximum number

CreateExplainabilityExport tasks Region: 3 of parallel running
CreateExplainabilityExport
tasks
Maximum parallel running CreateForecast Each supported Yes The maximum number
tasks Region: 3 of parallel running
CreateForecast tasks

CreateForecastExportJob tasks Region: 3 of parallel running
CreateForecastExportJob
tasks
Maximum parallel running CreatePredictor Each supported Yes The maximum number
tasks Region: 3 of parallel running
CreatePredictor tasks
Version 1.0
382
Service quotas

Description
Maximum parallel running CreatePredictor Each supported Yes The maximum number
tasks using AutoML Region: 3 of parallel running
CreatePredictor tasks using
AutoML

CreatePredictorBacktestExportJob tasks Region: 3 of parallel running
CreatePredictorBacktestExportJob
tasks

CreateWhatIfAnalysis tasks Region: 3 of parallel running
CreateWhatIfAnalysis tasks

CreateWhatIfForecast tasks Region: 3 of parallel running
CreateWhatIfForecast tasks

CreateWhatIfForecastExport tasks Region: 3 of parallel running
CreateWhatIfForecastExport
tasks
Maximum parallel running QueryForecast Each supported No 10 concurrent forecasts,

API tasks Region: 10 including 5 created with
large datasets (anything
over 20GB or 100,000
items).
Maximum parallel running Stop jobs per Each supported No Maximum number of
resource type Region: 3 parallel Stop jobs in
progress
Maximum time for which a forecast can be Each supported No Maximum time (in days)
queried on console or QueryForecast API Region: 30 for which a forecast can
be queried on console or
QueryForecast API
The maximum number of AutoPredictors Each supported No The maximum number of

Region: 500 AutoPredictors that you
Forecast account
The maximum number of What-if Analyses Each supported Yes The maximum number of
Region: 500 What-if Analyses that you
Forecast account
The maximum number of What-if Forecast Each supported Yes The maximum number of
Exports Region: 1,000 What-if Forecast Exports
The maximum number of What-if Each supported Yes The maximum number of
Forecasts Region: 100 What-if Forecasts that you
Forecast account
Version 1.0
383
Amazon Fraud Detector

Description
The maximum number of What-if Each supported No The maximum number

Forecasts in a CreateWhatIfForecastExport Region: 3 of What-if Forecasts in a
task CreateWhatIfForecastExport
task
Amazon Fraud Detector endpoints and quotas

Service endpoints

Name
US East us-east-2 frauddetector.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 frauddetector.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 frauddetector.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- frauddetector.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- frauddetector.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Europe eu-west-1 frauddetector.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Concurrent training jobs per model Each supported No Maximum number of

Region: 1 concurrent training jobs per
model.
Deployed model versions Each supported No Maximum number of

Region: 5 deployed model versions
per account.
Version 1.0
384
Service quotas

Description
Detectors per account Each supported No Maximum number of

Region: 100 detectors per account.
EntityType per account Each supported No Maximum number of

Region: 100 EntityType per account
EventType per account Each supported No Maximum number of

Region: 100 EventType per account
Labels per account Each supported No Maximum number of labels

Region: 100 per account
Models including external models per Each supported No Maximum number of

detector version Region: 10 models including external
models per detector
version.
Models per account Each supported No Maximum number of

Region: 50 models per account.
Outcomes per account Each supported No Maximum number of

Region: 5,000 outcomes per account.
Rate of GetPrediction requests Each supported Yes Maximum number of

Region: 200 GetPrediction API calls that
you can make per second.
Rules per account Each supported No Maximum number of rules

Region: 5,000 per account.
Size of GetPrediction requests Each supported No Maximum size of payload

Region: 256 per GetPrediction API call.
Kilobytes
Total concurrent Event Type statistics Each supported Yes Maximum total number
update operations Region: 1 of concurrent Event Type
statistics update operations
per account.
Total concurrent training jobs Each supported No Maximum total number of

Region: 3 concurrent training jobs per
account.
Training data size Each supported No Maximum size of Fraud

Region: 5 Gigabytes Detector model training
data.
Variables per account Each supported No Maximum number of

Region: 5,000 variables per account.
Versions per detector Each supported No Maximum number of draft

Region: 100 versions per detector.
Versions per model Each supported No Maximum number of

Region: 200 versions per model.
For more information, see Quotas in the Amazon Fraud Detector User Guide.
Version 1.0
385
FreeRTOS
FreeRTOS endpoints and quotas

Service endpoints
The following tables provide a list of Region-specific endpoints that FreeRTOS supports for Over-the-Air
functionality. The FreeRTOS console is also supported in these Regions.
FreeRTOS OTA Control Plane

Name
US East us-east-2 iot.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 iot.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- iot.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- iot.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
386
Service endpoints

Name
Canada ca- iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- iot.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 iot.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
FreeRTOS OTA Data Plane
US East (Ohio) us-east-2 prefix.iot.us-east-2.amazonaws.com MQTT
US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com MQTT

Virginia)
US West (N. us-west-1 prefix.iot.us-west-1.amazonaws.com MQTT

California)
US West us-west-2 prefix.iot.us-west-2.amazonaws.com MQTT

(Oregon)
Asia Pacific ap-east-1 prefix.iot.ap-east-1.amazonaws.com MQTT

(Hong Kong)
Asia Pacific ap-south-1 prefix.iot.ap-south-1.amazonaws.com MQTT

(Mumbai)
Asia Pacific ap-northeast-2 prefix.iot.ap-northeast-2.amazonaws.com MQTT

(Seoul)
Asia Pacific ap-southeast-1 prefix.iot.ap-southeast-1.amazonaws.com MQTT

(Singapore)
Version 1.0
387
Service quotas
Asia Pacific ap-southeast-2 prefix.iot.ap-southeast-2.amazonaws.com MQTT

(Sydney)
Asia Pacific ap-northeast-1 prefix.iot.ap-northeast-1.amazonaws.com MQTT

(Tokyo)
Canada ca-central-1 prefix.iot.ca-central-1.amazonaws.com MQTT

(Central)
Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com MQTT

(Frankfurt)
Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com MQTT

(Ireland)
Europe eu-west-2 prefix.iot.eu-west-2.amazonaws.com MQTT

(London)
Europe (Paris) eu-west-3 prefix.iot.eu-west-3.amazonaws.com MQTT
Europe eu-north-1 prefix.iot.eu-north-1.amazonaws.com MQTT

(Stockholm)
Middle East me-south-1 prefix.iot.me-south-1.amazonaws.com MQTT

(Bahrain)
South America sa-east-1 prefix.iot.sa-east-1.amazonaws.com MQTT

(São Paulo)
Service quotas
FreeRTOS OTA Resource Quotas
Resource Default
File size 16MB
FreeRTOS OTA Throttling
API Transactions Per Second
CreateOTAUpdate 10 TPS
DeleteOTAUpdate 5 TPS
GetOTAUpdate 15 TPS
ListOTAUpdates 15 TPS
Amazon FSx endpoints and quotas

Version 1.0
388
Service endpoints
Service endpoints

Name
US East us-east-2 fsx.us-east-2.amazonaws.com HTTPS

(Ohio)
fsx-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 fsx.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 fsx.us-west-1.amazonaws.com HTTPS

West (N.
California) fsx-fips.us-west-1.amazonaws.com HTTPS
fsx-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 fsx.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 fsx.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 fsx.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- fsx.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- fsx.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- fsx.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
389
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- fsx.ca-central-1.amazonaws.com HTTPS

(Central) central-1
fsx-fips.ca-central-1.amazonaws.com HTTPS
fsx-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- fsx.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 fsx.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- fsx.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 fsx.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- fsx.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 fsx.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- fsx.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) fsx-fips.us-gov-east-1.amazonaws.com HTTPS
fsx-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- fsx.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) fsx-fips.us-gov-west-1.amazonaws.com HTTPS
fsx-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
390
Service quotas
Service quotas
Description
Lustre Persistent HDD storage capacity Each supported Yes The maximum amount of
(per file system) Region: 102,000 HDD storage capacity (in
GiB) that you can configure
for an Amazon FSx for
Lustre persistent file
system.
Lustre Persistent_1 file systems Each supported Yes The maximum number
Region: 100 of Amazon FSx for Lustre
persistent_1 file systems
account
Lustre Persistent_1 storage capacity Each supported Yes The maximum amount of
Region: 100,800 storage capacity (in GiB)
that you can configure for
all Amazon FSx for Lustre
persistent_1 file systems in
this account.
Lustre Persistent_2 file systems Each supported Yes The maximum number
persistent_2 file systems
account
Lustre Persistent_2 storage capacity Each supported Yes The maximum amount of
persistent_2 file systems in
this account.
Lustre Scratch file systems Each supported Yes The maximum number
scratch file systems that
account.
Lustre Scratch storage capacity Each supported Yes The maximum amount of
scratch file systems in this
account.
Lustre backups Each supported Yes The maximum number

Region: 500 of user-initiated backups
that you can have for all
Amazon FSx for Lustre file
systems in this account.
ONTAP SSD IOPS Each supported Yes The total amount of

Region: 1,000,000 SSD IOPS allowed for all
Version 1.0
391
Service quotas

Description
Amazon FSx for NetApp
ONTAP file systems in this
account.
ONTAP SSD storage capacity Each supported Yes The maximum amount of
Region: 524,288 SSD storage capacity (in
GiB) for all Amazon FSx for
NetApp ONTAP file systems
account.
ONTAP backups Each supported Yes The maximum number

Region: 10,000 of user-initiated backups
for all Amazon FSx for
NetApp ONTAP file systems
account.
ONTAP file systems Each supported Yes The maximum number of

Region: 100 Amazon FSx for NetApp
ONTAP file systems that
account.
ONTAP throughput capacity Each supported Yes The total amount of

Region: 10,240 throughput capacity (in
Mbps) allowed for all
Amazon FSx for NetApp
ONTAP file systems in this
account.
OpenZFS SSD storage capacity us-east-1: 262,144 Yes The maximum amount of
SSD storage capacity (in
us-east-2: 262,144 GiB) that you can configure
us-west-2: 262,144 OpenZFS file systems in
this account.
Each of the other
supported Regions:
65,536
OpenZFS SSD storage capacity (per file Each supported Yes The maximum amount of
system) Region: 524,288 SSD storage capacity (in
GiB) that you can configure
for an Amazon FSx for
OpenZFS file system.
OpenZFS backups Each supported Yes The maximum number

Region: 10,000 of user-initiated backups
OpenZFS file systems
account.
Version 1.0
392
Service quotas

Description
OpenZFS disk IOPS Each supported Yes The total amount of

Region: 160,000 disk IOPS allowed for all
Amazon FSx for OpenZFS
file systems in this account.
OpenZFS file systems Each supported Yes The maximum number of

Region: 100 Amazon FSx for OpenZFS
file systems that you can
OpenZFS throughput capacity Each supported Yes The total amount of

Mbps) allowed for all
Amazon FSx for OpenZFS
Windows HDD storage capacity Each supported Yes The maximum amount of
Region: 524,288 HDD storage capacity (in
GiB) allowed for all Amazon
FSx for Windows File Server
Windows SSD storage capacity Each supported Yes The maximum amount of
Region: 524,288 SSD storage capacity (in
GiB) for all Amazon FSx for
Windows File Server file
systems that you can have
in this account.
Windows backups Each supported Yes The maximum number

Region: 500 of user-initiated backups
Windows File Server file
systems that you can have
in this account.
Windows file systems Each supported Yes The maximum number of

Region: 100 Amazon FSx for Windows
Server file systems that you
Windows throughput capacity Each supported Yes The total amount of

MBps) allowed for all
Amazon FSx for Windows
• FSx for Lustre quotas in the Amazon FSx for Lustre User Guide
• FSx for ONTAP quotas in the FSx for ONTAP User Guide
• FSx for OpenZFS quotas in the FSx for OpenZFS User Guide
• FSx for Windows quotas in the Amazon FSx for Windows File Server User Guide
Version 1.0
393
GameLift
Amazon GameLift endpoints and quotas

Note
The following service endpoints table displays AWS Regions available as GameLift fleet home
Regions. For remote location availability, see AWS Global Infrastructure.
Service endpoints
Name
US East us-east-2 gamelift.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 gamelift.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 gamelift.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 gamelift.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- gamelift.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- gamelift.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- gamelift.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- gamelift.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- gamelift.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- gamelift.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- gamelift.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 gamelift.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
394
Service quotas

Name
Europe eu-west-2 gamelift.eu-west-2.amazonaws.com HTTPS

(London)
South sa-east-1 gamelift.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Description
Aliases per region Each supported Yes The maximum number of

Region: 100 aliases allowed per region.
Build capacity Each supported No The maximum capacity

Region: 100 (in gigabytes) available
Gigabytes for uploaded game builds
per region. You can delete
unused builds as needed to
make room for additional
or larger builds.
Builds per region Each supported Yes The maximum number of

Region: 1,000 game server builds allowed
(in any status) per region.
Fleets per region Each supported Yes The maximum number

Region: 10 of fleets allowed (in any
status) per region.
Game server groups per region Each supported Yes The maximum number
Region: 20 of game server groups
allowed per region.
Game servers per game server group Each supported Yes The maximum number of
Region: 1,000 game servers allowed per
game server group.
Game session log file size Each supported No The maximum file size (in
Region: 200 megabytes) allowed for
Megabytes game session logs that
are uploaded to Amazon
GameLift at the conclusion
of a game session.
Game session queues per region Each supported Yes The maximum number
Region: 20 of game session queues
allowed per region.
Instances per region Each supported Yes The maximum number

Region: 15 of instances that can be
used simultaneously per
region. Limit includes on-
Version 1.0
395
Service quotas

Description
demand and spot instances.
Instances are also limited
by instance type; view
these limits and current
allocations in the Amazon
GameLift console.
Key-value pairs per string to double map Each supported No The maximum number
matchmaking player attribute Region: 10 of key-value pairs in a
string to double map
(SDM) matchmaking player
attribute.
Locations in a fleet per region Each supported Yes The maximum number of
Region: 4 locations allowed (in any
status) in a fleet per region.
Matchmaking configurations per region Each supported Yes The maximum number
Region: 100 of matchmaking
configurations allowed per
region.
Matchmaking rule sets per region Each supported Yes The maximum number of
Region: 1,000 matchmaking rule sets
allowed per region.
Maximum NewGameSessionsPerCreator Each supported Yes The maximum new game

per fleet configuration Region: 10 sessions per creator
allowed in a fleets resource
policy configuration.
Maximum PolicyPeriodInMinutes per fleet Each supported Yes The maximum period
configuration Region: 60 (in minutes) allowed in
a fleets resource policy
configuration.
Player attributes per matchmaking player Each supported No The maximum number of
Region: 10 player attributes for each
player in a matchmaking
ticket.
Player sessions per game session Each supported No The maximum number of
Region: 200 player sessions that can join
a game session.
Players per matchmaking ticket Each supported No The maximum number

Region: 10 of players that can be
included in a matchmaking
ticket.
Queue destinations per game session Each supported Yes The maximum number of
queue Region: 10 queue destinations allowed
per game session queue.
Scripts per region Each supported Yes The maximum number of

Region: 1,000 game server scripts allowed
per region.
Version 1.0
396
GameSparks

Description
Server processes per instance (GameLift Each supported No The maximum number of
SDK v2) Region: 1 concurrent server processes
that can run on a single
instance when using the
Amazon GameLift SDK
version 2 or earlier.
Server processes per instance (GameLift Each supported No The maximum number of
SDK v3 and up) Region: 50 concurrent server processes
that can run on a single
instance when using the
Amazon GameLift SDK
version 3 or later.
Strings per string list matchmaking player Each supported No The maximum number
attribute Region: 100 of strings in a string list
(SL) matchmaking player
attribute.
Amazon GameSparks endpoints and quotas

Service endpoints

Name
US East (N. us-east-1 gamesparks.us-east-1.amazonaws.com HTTPS

Virginia)
US East (N. us-east-1 ws.gamesparks.us-east-1.amazonaws.com WSS

Virginia)
Service quotas

Description
Cloud code script size Each supported No The maximum number of

Region: 8,000 characters in a cloud code
script.
Concurrent users Each supported No The maximum number

Region: 10 of concurrent players for
each stage of a game. You
Version 1.0
397
S3 Glacier

Description
cannot adjust this quota
during preview.
Game configuration size Each supported No The maximum size (in MB)
Region: 1 of your game configuration.
Megabytes
Games Each supported No The maximum number

Region: 10 of games that you can
current Region.
Rate of connection management calls Each supported No The maximum number of

Region: 10 per connection management
second service API calls per second
that you can make in this
Region. You cannot adjust
this quota during preview.
Rate of game client messages Each supported No The maximum number

Region: 10 of messages that a game
client connection can send
to GameSparks every 10
seconds. You cannot adjust
Rate of game management calls Each supported No The maximum number

Region: 2 per of game management
second service API calls per second
that you can make in this
Region. You cannot adjust
Snapshots per game Each supported No The maximum number of

Region: 1,000 snapshots that you can
store in a game.
WebSocket message size Each supported No The maximum size (in

Region: 16,384 bytes) of a WebSocket
Bytes message.
Amazon S3 Glacier endpoints and quotas

Version 1.0
398
Service endpoints
Service endpoints

Name
US East us-east-2 glacier.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
glacier-fips.us-east-2.amazonaws.com
HTTPS
US East (N. us-east-1 glacier.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
glacier-fips.us-east-1.amazonaws.com
HTTPS
US us-west-1 glacier.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) glacier-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 glacier.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
glacier-fips.us-west-2.amazonaws.com
HTTPS
Africa af-south-1 glacier.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 glacier.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- glacier.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- glacier.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- glacier.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
399
Service quotas

Name

(Tokyo)
Canada ca- glacier.ca-central-1.amazonaws.com HTTP and

glacier-fips.ca-central-1.amazonaws.com
HTTPS
Europe eu- glacier.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 glacier.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- glacier.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 glacier.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- glacier.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
South sa-east-1 glacier.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- glacier.us-gov-east-1.amazonaws.com HTTP and

(US-East) glacier.us-gov-east-1.amazonaws.com
HTTPS
AWS us-gov- glacier.us-gov-west-1.amazonaws.com HTTP and

(US-West) glacier.us-gov-west-1.amazonaws.com
HTTPS
Service quotas

Description
Archive size in GB. Each supported No The maximum size of an

Region: 40,000 archive.
Gigabytes
Version 1.0
400
Global Accelerator

Description
Archive size. Each supported No The minimum size (in MB)

Region: 4 of an archive (or part).
Megabytes
Multipart parts size. Each supported No The maximum size (in

Region: 4 Gigabytes GB) of parts allowed in a
multipart upload.
Number of multipart parts. Each supported No The maximum number of

Region: 10,000 parts allowed in a multipart
upload.
Number of random restore requests. Each supported No The number of random

Region: 35 restore requests per PiB
stored per day.
Number of vault tags. Each supported No The maximum number of

Region: 50 tags that can be applied to
a vault.
Provisioned capacity units Each supported No The maximum number of

Region: 2 provisioned capacity units
available to purchase per
account.
Vaults per account Each supported No The maximum number of

Region: 1,000 vaults an account can have.
AWS Global Accelerator endpoints and quotas

Service endpoints
Region Region Endpoint Protocol Amazon

Name Route 53
Hosted
Zone ID*
US West us-west-2 globalaccelerator.amazonaws.com HTTPS Z2BJ6XQ5FK7U4H

(Oregon)
Region
Version 1.0
401
Service quotas
Service quotas

Description
Accelerators per AWS account Each supported Yes The maximum number of
Region: 20 accelerators for each AWS
account.
Endpoint groups per accelerator Each supported No The maximum number

Region: 42 of endpoint groups per
accelerator.
Endpoints per endpoint group - Each supported No The maximum number of

Application Load Balancers Region: 10 Application Load Balancers
in an endpoint group
containing only ALB
endpoints.
Endpoints per endpoint group - EC2 Each supported Yes The maximum number
instances Region: 10 of EC2 instances in an
endpoint group containing
only EC2 instance
endpoints.
Endpoints per endpoint group - Elastic IP Each supported Yes The maximum number of
addresses Region: 10 Elastic IP addresses in an
endpoint group containing
only Elastic IP address
endpoints.
Endpoints per endpoint group - Network Each supported No The maximum number of
Load Balancers Region: 10 Network Load Balancers
in an endpoint group
containing only NLB
endpoints.
Endpoints per endpoint group - VPC Each supported Yes The maximum number of
subnets Region: 10 VPC subnets in an endpoint
group containing only
subnet endpoints.
Endpoints per endpoint group - more than Each supported No The maximum number of
one endpoint type Region: 10 endpoints in an endpoint
group containing more
than one endpoint type.
Listeners per accelerator Each supported Yes The maximum number

Region: 10 of listeners for each
accelerator.
Port overrides per endpoint group Each supported Yes The maximum number of
Region: 10 port overrides for each
endpoint group.
Port ranges per listener Each supported No The maximum number

Region: 10 of port ranges for each
listener.
Version 1.0
402
AWS Glue

Description
Tags per accelerator Each supported No The maximum number of

Region: 50 tags for each accelerator.
AWS Glue endpoints and quotas

Service endpoints

Name
US East us-east-2 glue.us-east-2.amazonaws.com HTTPS

(Ohio)
glue-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 glue.us-east-1.amazonaws.com HTTPS

Virginia)
glue-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 glue.us-west-1.amazonaws.com HTTPS

West (N.
California) glue-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 glue.us-west-2.amazonaws.com HTTPS

(Oregon)
glue-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 glue.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 glue.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- glue.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- glue.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- glue.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
403
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- glue.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- glue.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 glue.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- glue.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 glue.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- glue.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 glue.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- glue.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) glue-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- glue.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) glue-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
404
Service quotas
Service quotas

Description
Concurrent machine learning task runs per Each supported Yes The maximum number of
transform Region: 3 concurrent task runs per
machine learning transform
for this account.
Label file size Each supported Yes The maximum file size of
Region: 10 an individual label file that
Megabytes can be imported.
Max concurrent job runs per account Each supported Yes The maximum number of
Region: 200 concurrent job runs in your
account.
Max concurrent job runs per job Each supported Yes The maximum number of
Region: 1,000 concurrent job runs for a
job.
Max connection per account Each supported Yes The maximum number
Region: 1,000 of connections in your
account.
Max databases per account Each supported Yes The maximum number of
Region: 10,000 databases in your account.
Max databases per catalog Each supported Yes The maximum number of
Region: 10,000 databases per catalog.
Max development endpoint per account Each supported Yes The maximum number of
Region: 25 development endpoints in
your account.
Max dpus per dev endpoint Each supported Yes The maximum number of
Region: 50 DPUs in your development
endpoint.
Max functions per account Each supported Yes The maximum number of
Region: 100 functions in your account.
Max functions per database Each supported Yes The maximum number of
Region: 100 functions per database.
Max jobs per account Each supported Yes The maximum number of
Region: 1,000 jobs in your account.
Max jobs per trigger Each supported Yes The maximum number of
Region: 50 jobs that a trigger can start.
Max partitions per account Each supported Yes The maximum number of
Region: 20,000,000 partitions in your account.
Max partitions per table Each supported Yes The maximum number of
Region: 10,000,000 partitions per table.
Version 1.0
405
Service quotas

Description
Max security configurations per account Each supported Yes The maximum number of
Region: 250 security configurations in
your account.
Max spare compute capacity consumed in Each supported Yes The maximum spare
data processing units (DPUs) per account. Region: 50 compute capacity in data
processing units (DPUs)
you can use concurrently in
your account.
Max table versions per account Each supported Yes The maximum number
Region: 1,000,000 of table versions in your
account.
Max table versions per table Each supported Yes The maximum number of
Region: 100,000 table versions per table.
Max tables per account Each supported Yes The maximum number of
Region: 1,000,000 tables in your account.
Max tables per database Each supported Yes The maximum number of
Region: 200,000 tables per database.
Max task dpus per account us-east-1: 1,000 Yes The maximum compute
capacity in data processing
us-east-2: 1,000 units (DPUs) you can
use concurrently in your
us-west-2: 1,000 account.
ap-northeast-1:
1,000
ap-southeast-2:
1,000
eu-west-1: 1,000
Each of the other

supported Regions:
500
Max triggers per account Each supported Yes The maximum number of
Region: 1,000 triggers in your account.
Number of Schema Registries. Each supported Yes The maximum number of

Region: 10 Schema Registries per AWS
Region for this account.
Number of Schema Versions. Each supported Yes The maximum number of

Region: 1,000 Schema Versions per AWS
Region for this account.
Number of crawlers per account Each supported Yes The maximum number of
Region: 1,000 crawlers in your account.
Version 1.0
406
Amazon Managed Grafana

Description
Number of crawlers running concurrently Each supported Yes The maximum number
per account Region: 150 of crawlers running
concurrently in your
account.
Number of machine learning transforms Each supported Yes The maximum number
Region: 100 of machine learning
transforms for this account.
Number of metadata key value pairs per Each supported No The maximum number of
Schema Version. Region: 10 Schema Version metadata
key value pairs per Schema
Version.
Number of workflows Each supported Yes The maximum number of

Region: 250 workflows in your account.
Total concurrent machine learning task Each supported Yes The total number of
runs for transforms per account Region: 30 concurrent machine
learning transform task
runs for machine learning
transforms for this account.
For more information, see AWS Glue in the AWS GovCloud (US) User Guide.
Amazon Managed Grafana endpoints and quotas

Service endpoints

Name
US East us-east-2 grafana.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 grafana.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 grafana.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- grafana.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Version 1.0
407
Service quotas

Name
Asia ap- grafana.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- grafana.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- grafana.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- grafana.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 grafana.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 grafana.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas

Description
Number of workspaces Each supported Yes The maximum number of

Region: 5 workspaces that you can
have in this account in the
current region.
Rate of AssociateLicense requests Each supported No The maximum number of

Region: 1 per AssociateLicense requests
the current region.
Rate of CreateWorkspace requests Each supported No The maximum number of

Region: 1 per CreateWorkspace requests
the current region.
Rate of DeleteWorkspace requests Each supported No The maximum number of

Region: 1 per DeleteWorkspace requests
the current region.
Rate of DescribeWorkspace requests Each supported No The maximum number

Region: 5 per of DescribeWorkspace
Version 1.0
408
Service quotas

Description
region.
Rate of DescribeWorkspaceAuthentication Each supported No The maximum number of

requests Region: 1 per DescribeWorkspaceAuthentication
region.
Rate of DisassociateLicense requests Each supported No The maximum number

Region: 1 per of DisassociateLicense
region.
Rate of ListPermissions requests Each supported No The maximum number of

Region: 10 per ListPermissions requests
the current region.
Rate of ListWorkspaces requests Each supported No The maximum number of

Region: 5 per ListWorkspaces requests
the current region.
Rate of UpdatePermissions requests Each supported No The maximum number

Region: 10 per of UpdatePermissions
region.
Rate of UpdateWorkspace requests Each supported No The maximum number of

Region: 10 per UpdateWorkspace requests
the current region.
Rate of UpdateWorkspaceAuthentication Each supported No The maximum number of

requests Region: 1 per UpdateWorkspaceAuthentication
region.
Your account has the following quotas related to workspaces.
Name Default Adjustable Adjustable

quotas
Alerts 100 per workspace No Not applicable
Version 1.0
409
DataBrew
Name Default Adjustable Adjustable

quotas
Dashboards 100 per workspace No Not applicable
Data sources 100 per workspace No Not applicable
Users 500 per workspace No Not applicable
AWS Glue DataBrew endpoints and quotas

Service endpoints

Name
US East us-east-2 databrew.us-east-2.amazonaws.com HTTPS

(Ohio)
databrew-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 databrew.us-east-1.amazonaws.com HTTPS

Virginia)
databrew-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 databrew.us-west-1.amazonaws.com HTTPS

West (N.
California) databrew-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 databrew.us-west-2.amazonaws.com HTTPS

(Oregon)
databrew-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 databrew.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 databrew.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- databrew.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- databrew.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Version 1.0
410
Service quotas

Name
Asia ap- databrew.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- databrew.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- databrew.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- databrew.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- databrew.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 databrew.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- databrew.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 databrew.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 databrew.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- databrew.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Concurrent jobs per AWS account Each supported Yes The maximum number of
Region: 10 jobs that you can run at
the same time in this AWS
account.
Datasets per AWS account Each supported Yes The maximum number
Region: 100 of datasets that you can
create in this AWS account.
Version 1.0
411
AWS Ground Station

Description
Jobs per AWS account Each supported Yes The maximum number of
Region: 100 jobs that you can create in
this AWS account.
Node capacity per AWS account Each supported Yes The maximum number
Region: 300 of nodes available to
jobs running in this AWS
account.
Open projects per AWS account Each supported Yes The maximum number of
Region: 10 projects that you can open
concurrently in this AWS
account.
Projects per AWS account Each supported Yes The maximum number of
Region: 100 projects that you can create
in this AWS account.
Recipes per AWS account Each supported Yes The maximum number of
Region: 100 recipes that you can create
Rules per ruleset Each supported Yes The maximum number of

Region: 100 rules that you can have in a
ruleset.
Rulesets per AWS account Each supported Yes The maximum number of
Region: 100 rulesets that you can create
Rulesets per dataset Each supported Yes The maximum number of

Region: 10 rulesets that you can create
for a dataset.
Schedules per AWS account Each supported Yes The maximum number of
Region: 10 schedules that you can
create in this AWS account.
Versions per recipe Each supported Yes The maximum number of

Region: 100 versions that you can create
for a recipe.
AWS Ground Station endpoints and quotas

Version 1.0
412
Service endpoints
Service endpoints

Name
US East us-east-2 groundstation.us-east-2.amazonaws.com HTTPS

(Ohio)
groundstation-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 groundstation.us-east-1.amazonaws.com HTTPS

Virginia)
groundstation-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 groundstation.us-west-2.amazonaws.com HTTPS

(Oregon)
groundstation-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 groundstation.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- groundstation.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- groundstation.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- groundstation.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Europe eu- groundstation.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 groundstation.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-north-1 groundstation.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- groundstation.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 groundstation.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
413
Service quotas
Service quotas

Description
Config limit Each supported Yes The maximum number of

Region: 100 configs allowed.
Contact Lead Time Maximum Each supported Yes Maximum lead time
Region: 7 allowed for scheduling a
contact in days
Dataflow endpoint group limit Each supported Yes The maximum number of
Region: 100 dataflow endpoint groups
allowed.
Dataflow endpoints per group limit Each supported Yes The maximum number of
Region: 20 dataflow endpoints per
group allowed.
Maximum Contact Duration Each supported Yes The maximum contact

Region: 20 duration permitted in
minutes
Mission profile limit Each supported Yes The maximum number of

Region: 100 mission profiles allowed.
Scheduled Contacts Limit Each supported Yes Maximum number of

Region: 100 scheduled contacts allowed
Scheduled Minutes Limit Each supported Yes The maximum number of

Region: 1,000 scheduled minutes allowed
Amazon GuardDuty endpoints and quotas

Service endpoints

Name
US East us-east-2 guardduty.us-east-2.amazonaws.com HTTPS

(Ohio)
guardduty-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 guardduty.us-east-1.amazonaws.com HTTPS

Virginia)
guardduty-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
414
Service endpoints

Name
US us-west-1 guardduty.us-west-1.amazonaws.com HTTPS

West (N.
California) guardduty-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 guardduty.us-west-2.amazonaws.com HTTPS

(Oregon)
guardduty-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 guardduty.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 guardduty.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- guardduty.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- guardduty.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- guardduty.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- guardduty.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- guardduty.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 guardduty.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
415
Service quotas

Name
Europe eu- guardduty.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 guardduty.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- guardduty.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- guardduty.me-central-1.amazonaws.com HTTPS

South sa-east-1 guardduty.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- guardduty.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) guardduty.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- guardduty.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) guardduty.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Detectors Each supported No The maximum number of

Region: 1 detector resources that you
can create per AWS account
per region.
Filters Each supported No The maximum number

Region: 100 of saved filters per AWS
account per region.
Finding retention period Each supported No The maximum number of

Region: 90 days a finding is retained.
After 90 days findings are
deleted.
Member accounts Each supported No The maximum number

Region: 5,000 of member accounts
associated with a master
account. You can have
one master account per
detector.
Version 1.0
416
AWS Health

Description
Threat intel sets Each supported No The maximum number of

Region: 6 Threat intel sets that you
can add per AWS account
per region.
Trusted IP sets Each supported No The maximum number of

Region: 1 Trusted IP sets that you can
add per AWS account per
region.
AWS Health endpoints and quotas

Service endpoints
Name
US East us-east-2 health.us-east-2.amazonaws.com HTTPS

(Ohio)
global.health.amazonaws.com HTTPS
health-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 health.us-east-1.amazonaws.com HTTPS

Virginia)
global.health.amazonaws.com HTTPS
AWS us-gov- health.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) health-fips.us-gov-west-1.amazonaws.com HTTPS
For more information, see Accessing the AWS Health API in the AWS Health User Guide.
Amazon HealthLake endpoints and quotas

Regions and endpoints for Amazon HealthLake
Name
US East us-east-2 healthlake.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
417
Throttling and quotas for Amazon HealthLake

Name
US East (N. us-east-1 healthlake.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 healthlake.us-west-2.amazonaws.com HTTPS

(Oregon)
Throttling and quotas for Amazon HealthLake

The following table describes throttling limits for resource management within Amazon HealthLake for
each customer account. For information about limits that can be changed, see AWS Service Limits. For all
operations, users will receive a ThrottlingException error message if throttling limits are exceeded.
A maxmimum quota of ten Data Stores are allowed per an account. For information about requesting a
quota increase, see the console support center to create a case.
Description Limit in Transactions per second(TPS) or

requests per minute
CreateFHIRDatastore and DeleteFHIRDatastore 1 request per minute
DescribeFHIRDatastore 10 TPS
ListFHIRDatastores 10 TPS
CreateResource, ReadResource, DeleteResource 20 TPS
UpdateResource 100 TPS
GetCapabilities 10 TPS
SearchWithGet and SearchWithPost 100 TPS
StartFHIRImportJob and StartFHIRExportJob 1 request per minute, only 1 job permitted at a

time
DescribeFHIRImportJob, DescribeFHIRExportJob, 10 TPS

ListFHIRImportJob, ListFHIRExportJob
ListFHIRImportJobs, ListFHIRExportJobs 10 TPS
TagResource, UntagResource, ListTagsforResource 10 TPS
Maximum characters for a medical note 40,000 characters

within the DocumentReference ResourceType
(CreateResource/UpdateResource)
The following table lists the quotas for Import jobs.
Description Limit
Maximum import job size 50 GB
Maximum import file size 50 MB
Version 1.0
418
Amazon Honeycode
Description Limit
Maximum number of files 10,000
Supported file extension '.ndjson'
Amazon Honeycode endpoints and quotas

Service endpoints
Amazon Honeycode has a single endpoint: honeycode.us-west-2.amazonaws.com (HTTPS).
Service quotas
For more information, see System Limits.
AWS Identity and Access Management endpoints

and quotas
Service endpoints
Name
US East us-east-2 iam.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 iam.amazonaws.com HTTPS

Virginia)
iam-fips.amazonaws.com HTTPS
iam-fips.amazonaws.com HTTPS
US us-west-1 iam.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 iam.amazonaws.com HTTPS

(Oregon)
Version 1.0
419
Service endpoints

Name
Africa af-south-1 iam.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 iam.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- iam.amazonaws.com HTTPS

(Jakarta)

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- iam.amazonaws.com HTTPS

(Central) central-1
Europe eu- iam.amazonaws.com HTTPS

Europe eu-west-1 iam.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- iam.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 iam.amazonaws.com HTTPS

(Stockholm)
Version 1.0
420
Service quotas

Name
Middle me- iam.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- iam.amazonaws.com HTTPS

South sa-east-1 iam.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- iam.us-gov.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- iam.us-gov.amazonaws.com HTTPS

GovCloud west-1
(US-West) iam.us-gov.amazonaws.com HTTPS
iam.us-gov.amazonaws.com HTTPS
Service quotas

Description
Access keys per user Each supported No The maximum number of

Region: 2 access keys that you can
create for an IAM user.
Customer managed policies per account Each supported Yes The maximum number of
Region: 1,500 customer managed policies
account.
Groups per account Each supported Yes The maximum number of

Region: 300 IAM groups that you can
IAM groups per user Each supported No The maximum number of

Region: 10 IAM groups to which you
can add an IAM user.
Identity providers per IAM SAML provider Each supported No The maximum number of
object Region: 10 identity providers (IdPs)
that you can add to an IAM
SAML provider object.
Instance profiles per account Each supported Yes The maximum number of
Region: 1,000 instance profiles that you
Version 1.0
421
Service quotas

Description
Keys per SAML provider Each supported No The maximum number of

Region: 10 keys that you can assign to
a SAML provider.
MFA devices per user Each supported No The maximum number of

Region: 1 MFA devices that you can
configure for an IAM user.
Managed policies per group Each supported No The maximum number of

Region: 10 IAM managed policies that
you can attach to an IAM
group.
Managed policies per role Each supported Yes The maximum number of
role.
Managed policies per user Each supported Yes The maximum number of
user.
Managed policy length Each supported No The maximum number

Region: 6,144 of characters in an IAM
managed policy.
OpenId connect providers per account Each supported No Maximum number of

Region: 100 OpenID connectors allowed
for an AWS account.
Role trust policy length Each supported Yes The maximum number of
Region: 2,048 characters in an IAM role
trust policy.
Roles per account Each supported Yes The maximum number

Region: 1,000 of IAM roles that you can
SAML providers per account Each supported No The maximum number of

Region: 100 SAML providers that you
SSH Public keys per user Each supported No The maximum number of
Region: 5 SSH public keys that you
can assign to an IAM user.
Server certificates per account Each supported Yes The maximum number of
Region: 20 server certificates that you
can store in this account.
Signing certificates per user Each supported No The maximum number of

Region: 2 signing certificates that you
can upload for an IAM user.
Version 1.0
422
IAM Access Analyzer

Description
Tags per role Each supported No The maximum number of

Region: 50 tags that you can assign to
an IAM role.
Tags per user Each supported No The maximum number of

Region: 50 tags that you can assign to
an IAM user.
Users per account Each supported No The maximum number of

Region: 5,000 IAM users you can create
for your AWS account.
Versions per managed policy Each supported No The maximum number of

Region: 5 versions that you can save
to an IAM managed policy
in this account before you
must overwrite an existing
version.
For more information about IAM quotas, see IAM and AWS STS quotas in the IAM User Guide.
IAM Access Analyzer endpoints and quotas

Service endpoints
Name
US East us-east-2 access-analyzer.us-east-2.amazonaws.com HTTPS

(Ohio)
access-analyzer-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 access-analyzer.us-east-1.amazonaws.com HTTPS

Virginia)
access-analyzer-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 access-analyzer.us-west-1.amazonaws.com HTTPS

West (N.
California) access-analyzer-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 access-analyzer.us-west-2.amazonaws.com HTTPS

(Oregon)
access-analyzer-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 access-analyzer.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Version 1.0
423
Service endpoints

Name
Asia ap-east-1 access-analyzer.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- access-analyzer.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- access-analyzer.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- access-analyzer.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- access-analyzer.ca-central-1.amazonaws.com HTTPS

(Central) central-1
access-analyzer-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- access-analyzer.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 access-analyzer.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- access-analyzer.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 access-analyzer.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
424
Service quotas

Name
Middle me- access-analyzer.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- access-analyzer.me-central-1.amazonaws.com HTTPS

South sa-east-1 access-analyzer.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- access-analyzer.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) access-analyzer.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- access-analyzer.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) access-analyzer.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Access previews per analyzer per hour Each supported Yes The maximum number
Region: 1,000 of access previews per
analyzer per hour.
Analyzers with an account zone of trust Each supported No The maximum number of
Region: 1 analyzers with an account
zone of trust per AWS
account per Region.
Analyzers with an organization zone of Each supported Yes The maximum number of
trust Region: 5 analyzers per Region in
an AWS account with an
organization zone of trust.
Archive rules per analyzer Each supported Yes The maximum number of
Region: 100 archive rules per analyzer.
CloudTrail log files processed per policy Each supported No The maximum number of
generation Region: 100,000 CloudTrail log files that can
be processed per policy
generation.
Concurrent policy generations Each supported No The maximum number

Region: 1 of concurrent policy
generations.
Policy generation CloudTrail data size Each supported No The maximum size of
Region: 25 CloudTrail data per policy
Gigabytes generation.
Version 1.0
425
IAM Roles Anywhere

Description
Policy generation CloudTrail time range Each supported No The maximum CloudTrail
Region: 90 time range that you can
select in days when you
generate a policy.
Policy generations per day af-south-1: 5 No The maximum number of

policy generations per day.
ap-east-1: 5
eu-south-1: 5
me-south-1: 5
Each of the other

supported Regions:
50
AWS Identity and Access Management Roles

Anywhere endpoints and quotas
Service endpoints
Name
US East us-east-2 rolesanywhere.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 rolesanywhere.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 rolesanywhere.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 rolesanywhere.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 rolesanywhere.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 rolesanywhere.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
426
Service endpoints

Name
Asia ap- rolesanywhere.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- rolesanywhere.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- rolesanywhere.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- rolesanywhere.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- rolesanywhere.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 rolesanywhere.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- rolesanywhere.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 rolesanywhere.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- rolesanywhere.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 rolesanywhere.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
427
Service quotas
Service quotas
Resource Description Default value Adjustable
Combined rate of trust The maximum 1 per second Yes

anchor requests transactions per second
for ListTrustAnchors,
CreateTrustAnchor,
GetTrustAnchor,
UpdateTrustAnchor,
DeleteTrustAnchor,
EnableTrustAnchor, and
DisableTrustAnchor
requests combined.
Combined rate of The maximum 1 per second Yes

profile requests transactions per
second for ListProfiles,
CreateProfile,
GetProfile,
UpdateProfile,
DeleteProfile,
EnableProfile, and
DisableProfile requests
combined.

subject requests transactions per second
for ListSubjects and
GetSubject requests
combined.

tagging requests transactions per second
for TagResource,
UntagResource, and
ListTagsForResource
requests combined.
Combined rate of CRL The maximum 1 per second Yes

requests transactions per second
for ListCrls, GetCrl,
ImportCrl, UpdateCrl,
DeleteCrl, EnableCrl,
and DisableCrl requests
combined.
Rate of CreateSession The maximum 10 per second Yes

requests transactions per second
for CreateSession
requests.
Trust anchors The maximum number 50 Yes

of trust anchors that
you can create within
an account.
Version 1.0
428
Incident Manager
Resource Description Default value Adjustable
Profiles The maximum number 250 Yes

of profiles that you
can create within an
account.
CRLs per trust anchor The maximum 2 No

number of Certificate
Revocation Lists (CRLs)
trust anchor within an
account.
Certificates per trust The maximum number 2 No

anchor of certificates that
you can create per
trust anchor within an
account.
For more information, see IAM Roles Anywhere quotas in the IAM Roles Anywhere User Guide.
AWS Systems Manager Incident Manager

Service endpoints
Incident Manager incidents

Name
US East us-east-2 ssm-incidents.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 ssm-incidents.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 ssm-incidents.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 ssm-incidents.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
429
Service endpoints

Name
Asia ap- ssm-incidents.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ssm-incidents.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- ssm-incidents.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- ssm-incidents.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- ssm-incidents.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- ssm-incidents.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- ssm-incidents.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ssm-incidents.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 ssm-incidents.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 ssm-incidents.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Incident Manager contacts
US East (Ohio) us-east-2 ssm-contacts.us- HTTPS

US East (N. Virginia) us-east-1 ssm-contacts.us- HTTPS

Version 1.0
430
Service quotas
US West (N. California) us-west-1 ssm-contacts.us- HTTPS

US West (Oregon) us-west-2 ssm-contacts.us- HTTPS

Asia Pacific (Mumbai) ap-south-1 ssm-contacts.ap- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 ssm-contacts.ap- HTTPS

Asia Pacific (Seoul) ap-northeast-2 ssm-contacts.ap- HTTPS

Asia Pacific (Singapore) ap-southeast-1 ssm-contacts.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 ssm-contacts.ap- HTTPS

Canada (Central) ca-central-1 ssm-contacts.ca- HTTPS

Europe (Frankfurt) eu-central-1 ssm-contacts.eu- HTTPS

Europe (Ireland) eu-west-1 ssm-contacts.eu- HTTPS

Europe (London) eu-west-2 ssm-contacts.eu- HTTPS

Europe (Paris) eu-west-3 ssm-contacts.eu- HTTPS

Europe (Stockholm) eu-north-1 ssm-contacts.eu- HTTPS

South America (São sa-east-1 ssm-contacts.sa- HTTPS

Service quotas
Incident Manager incidents

Description
All other operations requests per second Each supported Yes The maximum number of
Region: 10 all other operation requests
per second that you can
send in this account in the
current region.
Version 1.0
431
Service quotas

Description
CreateReplicationSet requests per second Each supported Yes The maximum number
Region: 1 of CreateReplicationSet
requests per second
region.
CreateResponsePlan requests per second Each supported Yes The maximum number
Region: 5 of CreateResponsePlan
requests per second
region.
CreateTimelineEvent requests per second Each supported Yes The maximum number
Region: 5 of CreateTimelineEvent
requests per second
region.
DeleteIncidentRecord requests per second Each supported Yes The maximum number
Region: 5 of DeleteIncidentRecord
requests per second
region.
DeleteReplicationSet requests per second Each supported Yes The maximum number
Region: 1 of DeleteReplicationSet
requests per second
region.
DeleteResourcePolicy requests per second Each supported Yes The maximum number
Region: 5 of DeleteResourcePolicy
requests per second
region.
DeleteResponsePlan requests per second Each supported Yes The maximum number
Region: 5 of DeleteResponsePlan
requests per second
region.
DeleteTimelineEvent requests per second Each supported Yes The maximum number
Region: 5 of DeleteTimelineEvent
requests per second
region.
Version 1.0
432
Service quotas

Description
Incidents per response plan per month Each supported Yes The maximum number of
Region: 200 incidents per response plan
per month.
PutResourcePolicy requests per second Each supported Yes The maximum number of
Region: 5 PutResourcePolicy requests
current region.
Regions per replication set Each supported No The maximum number of

Region: 3 regions per replication set
in this account.
Related items per incident Each supported Yes The maximum number of
Region: 50 related items per incident.
Replication sets per account Each supported No The maximum number

Region: 1 of replication sets in this
account.
StartIncident requests per second Each supported Yes The maximum number of
Region: 5 StartIncident requests per
region.
TagResource requests per second Each supported Yes The maximum number of
Region: 5 TagResource requests per
region.
Timeline events per incident Each supported Yes The maximum number
Region: 1,000 of timeline events per
incident.
UntagResource requests per second Each supported Yes The maximum number of
Region: 5 UntagResource requests
current region.
UpdateDeleteProtection requests per Each supported Yes The maximum number of

second Region: 1 UpdateDeleteProtection
requests per second
region.
UpdateIncidentRecord requests per second Each supported Yes The maximum number
Region: 5 of UpdateIncidentRecord
requests per second
region.
Version 1.0
433
Service quotas

Description
UpdateRelatedItems requests per second Each supported Yes The maximum number
Region: 5 of UpdateRelatedItems
requests per second
region.
UpdateReplicationSet requests per second Each supported Yes The maximum number
Region: 1 of UpdateReplicationSet
requests per second
region.
UpdateResponsePlan requests per second Each supported Yes The maximum number
Region: 5 of UpdateResponsePlan
requests per second
region.
UpdateTimelineEvent requests per second Each supported Yes The maximum number
Region: 5 of UpdateTimelineEvent
requests per second
region.
Incident Manager contacts

Description
AcceptPage API throttle quota Each supported Yes The maximum number of
Region: 20 AcceptPage requests per
region.
All other operations API throttle quota Each supported Yes The maximum number of
current region.
Contact channels per stage Each supported Yes The maximum number of
Region: 10 contact channels per plan
stage in this account in the
current region.
Contacts per account Each supported Yes The maximum number of

Region: 1,000 contacts in this account in
the current region.
Version 1.0
434
Service quotas

Description
DescribeEngagement API throttle quota Each supported Yes The maximum number
Region: 5 of DescribeEngagement
requests per second
region.
DescribePage API throttle quota Each supported Yes The maximum number of
Region: 5 DescribePage requests per
region.
Email engagement throttle quota Each supported No The maximum number of

Region: 0.05 email engagements per
contact per second that
the service can send in
region
ListEngagements API throttle quota Each supported Yes The maximum number of
Region: 2 ListEngagements requests
current region.
ListPageReceipts API throttle quota Each supported Yes The maximum number of
Region: 1 ListPageReceipts requests
current region.
ListPagesByContact API throttle quota Each supported Yes The maximum number
Region: 1 of ListPagesByContact
requests per second
region.
ListPagesByEngagement API throttle Each supported Yes The maximum number of

quota Region: 2 ListPagesByEngagement
requests per second
region.
SMS engagement throttle quota Each supported No The maximum number

Region: 0.05 of SMS engagements per
region
Version 1.0
435
Amazon Inspector

Description
Stages per plan Each supported No The maximum number

Region: 5 of stages per plan in this
region.
StartEngagement API throttle quota Each supported Yes The maximum number of
Region: 20 StartEngagement requests
current region.
StopEngagement API throttle quota Each supported Yes The maximum number of
Region: 10 StopEngagement requests
current region.
Voice engagement throttle quota Each supported No The maximum number of

Region: 0.01 voice engagements per
region
The unit for the API throttle quotas is requests per second.
Amazon Inspector endpoints and quotas

Service endpoints

Name
US East us-east-2 inspector2.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 inspector2.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 inspector2.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 inspector2.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
436
Service endpoints

Name
Asia ap-east-1 inspector2.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- inspector2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- inspector2.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- inspector2.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- inspector2.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- inspector2.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- inspector2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- inspector2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 inspector2.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- inspector2.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 inspector2.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- inspector2.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 inspector2.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
437
Service quotas
Service quotas
Description
Number of Suppression Rules Each supported No The maximum number of

Region: 500 Suppression Rules allowed
per account.
For more information, see the Amazon Inspector quotas in the Amazon Inspector User Guide.
Amazon Inspector Classic endpoints and quotas

Service endpoints
Name
US East us-east-2 inspector.us-east-2.amazonaws.com HTTPS

(Ohio)
inspector-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 inspector.us-east-1.amazonaws.com HTTPS

Virginia)
inspector-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 inspector.us-west-1.amazonaws.com HTTPS

West (N.
California) inspector-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 inspector.us-west-2.amazonaws.com HTTPS

(Oregon)
inspector-fips.us-west-2.amazonaws.com HTTPS
Asia ap- inspector.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- inspector.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- inspector.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- inspector.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Version 1.0
438
Service quotas

Name
Europe eu- inspector.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 inspector.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 inspector.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 inspector.eu-north-1.amazonaws.com HTTPS

(Stockholm)
AWS us-gov- inspector.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) inspector-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- inspector.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) inspector-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Assessment Targets Each supported Yes The maximum number

Region: 50 of assessment targets
that you can have at any
given time per account per
region.
Assessment Templates Each supported Yes The maximum number

Region: 500 of assessment templates
that you can have at any
given time per account per
region.
Assessment runs Each supported Yes The maximum number

Region: 50,000 of assessment runs that
you can create per account
per region. You can have
multiple assessment
runs happening at the
same time as long as the
assessment targets used for
these runs do not contain
overlapping EC2 instances.
Instances in running assessments Each supported Yes The maximum number of

Region: 500 EC2 instances that can be
included across all running
assessments per account
per region.
Version 1.0
439
AWS IoT 1-Click
For more information, see the Amazon Inspector Classic quotas in the Amazon Inspector User Guide.
AWS IoT 1-Click endpoints and quotas

Service endpoints
AWS IoT 1-Click Projects API

Name
US East us-east-2 projects.iot1click.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 projects.iot1click.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 projects.iot1click.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- projects.iot1click.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- projects.iot1click.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 projects.iot1click.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 projects.iot1click.eu-west-2.amazonaws.com HTTPS

(London)
For more information, see the AWS IoT 1-Click Projects API Reference.
AWS IoT 1-Click Devices API

Name
US West us-west-2 devices.iot1click.us-west-2.amazonaws.com HTTPS

(Oregon)
For more information, see the AWS IoT 1-Click Devices API Reference.
Version 1.0
440
Service quotas
Service quotas

Description
AssociateDeviceWithPlacement API TPS Each supported No The maximum number

Region: 10 of transactions per
second (TPS) that
can be made for the
AssociateDeviceWithPlacement
API.
ClaimDevicesByClaimCode API TPS Each supported No The maximum number

second (TPS) that
can be made for the
ClaimDevicesByClaimCode
API.
CreatePlacement API TPS Each supported No The maximum number of

Region: 10 transactions per second
(TPS) that can be made for
the CreatePlacement API.
CreateProject API TPS Each supported No The maximum number of

the CreateProject API.
DeletePlacement API TPS Each supported No The maximum number of

the DeletePlacement API.
DeleteProject API TPS Each supported No The maximum number of

the DeleteProject API.
DescribeDevice API TPS Each supported No The maximum number of

the DescribeDevice API.
DescribePlacement API TPS Each supported No The maximum number of

the DescribePlacement API.
DescribeProject API TPS Each supported No The maximum number of

the DescribeProject API.
DisassociateDeviceFromPlacement API TPS Each supported No The maximum number

second (TPS) that
can be made for the
Version 1.0
441
Service quotas

Description
DisassociateDeviceFromPlacement
API.
FinalizeDeviceClaim API TPS Each supported No The maximum number of

the FinalizeDeviceClaim
API.
GetDeviceMethods API TPS Each supported No The maximum number of

the GetDeviceMethods API.
GetDevicesInPlacement API TPS Each supported No The maximum number of

the GetDevicesInPlacement
API.
InitiateDeviceClaim API TPS Each supported No The maximum number of

the InitiateDeviceClaim API.
InvokeDeviceMethod API TPS Each supported No The maximum number of

the InvokeDeviceMethod
API.
ListDeviceEvents API TPS Each supported No The maximum number of

the ListDeviceEvents API.
ListDevices API TPS Each supported No The maximum number of

the ListDevices API.
ListPlacements API TPS Each supported No The maximum number of

the ListPlacements API.
ListProjects API TPS Each supported No The maximum number of

the ListProjects API.
ListTagsForResource API TPS Each supported No The maximum number of

the ListTagsForResource
API.
Version 1.0
442
AWS IoT Analytics

Description
TagResource API TPS Each supported No The maximum number of

the TagResource API.
UnclaimDevice API TPS Each supported No The maximum number of

the UnclaimDevice API.
UntagResource API TPS Each supported No The maximum number of

the UntagResource API.
UpdateDeviceState API TPS Each supported No The maximum number of

the UpdateDeviceState API.
UpdatePlacement API TPS Each supported No The maximum number of

the UpdatePlacement API.
UpdateProject API TPS Each supported No The maximum number of

the UpdateProject API.
AWS IoT Analytics endpoints and quotas

Service endpoints

Name
US East us-east-2 iotanalytics.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 iotanalytics.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 iotanalytics.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
443
Service quotas

Name
Asia ap- iotanalytics.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- iotanalytics.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- iotanalytics.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- iotanalytics.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 iotanalytics.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Activities per pipeline Each supported No The maximum number of

Region: 25 activities you can have in a
pipeline.
Batch size of BatchPutMessage messages Each supported No The maximum number

Region: 100 of messages you can
send per batch using the
BatchPutMessage API.
Channels per account Each supported Yes The maximum number of

Region: 50 channels you can create in
this account.
Concurrent container dataset runs Each supported No The maximum number of

Region: 20 container data set runs that
can happen simultaneously.
Concurrent data set content generation Each supported No The maximum number
Region: 2 of data set contents
that you can generate
simultaneously.
Container datasets triggered per SQL data Each supported No The maximum number of
set Region: 10 container data sets that can
be triggered from a single
SQL data set.
Data sets per account Each supported Yes The maximum number of
Region: 100 data sets you can create in
this account.
Version 1.0
444
Service quotas

Description
Data stores per account Each supported Yes The maximum number of
Region: 25 data stores you can create
in this account.
Depth of Parquet SchemaDefinition Each supported Yes The maximum depth

column Region: 100 you can define for each
column in a data store
using Parquet format.
Minimum data set refresh interval Each supported Yes The minimum time
Region: 15 between data set refreshes
(in minutes).
Number of Parquet SchemaDefinition Each supported Yes The maximum number of

columns Region: 100 columns you can define for
a data store using Parquet
format.
Number of StartPipelineReprocessing Each supported Yes The maximum number of

requests Region: 1,000 StartPipelineReprocessing
API requests you can
make for every 24 hours
to reprocess the same
channel messages through
a pipeline.
Number of partitions in a data store Each supported Yes The maximum number of
Region: 100,000 partitions in a data store.
Pipelines per account Each supported Yes The maximum number of

Region: 100 pipelines you can create in
this account.
Rate of BatchPutMessage messages Each supported Yes The maximum number of

Region: 100,000 messages you can send per
second per channel using
the BatchPutMessage API.
Rate of CreateDatasetContent requests Each supported Yes The maximum number of

Region: 1 CreateDatasetContent API
requests you can make per
second per data set.
Rate of RunPipelineActivity requests Each supported Yes The maximum number of

Region: 1 RunPipelineActivity API
second.
Rate of SampleChannelData requests Each supported Yes The maximum number of

Region: 1 SampleChannelData API
requests that you can make
per second per channel.
Size of BatchPutMessage messages Each supported No The maximum size of a

Region: 128 message you can send
Kilobytes using the BatchPutMessage
API.
Version 1.0
445
AWS IoT Core
For more information, see AWS IoT Analytics quotas in the AWS IoT Analytics User Guide.
AWS IoT Core endpoints and quotas

Service endpoints
The following sections describe the service endpoints for AWS IoT Core.
Note
You can use these endpoints to perform the operations in the AWS IoT API Reference. The
endpoints in the following sections are different from the device endpoints, which provide
devices an MQTT publish/subscribe interface and a subset of the API operations. For more
information about the data, credential access, and job management endpoints used by devices,
see AWS IoT device endpoints.
For information about connecting to and using the AWS IoT endpoints, see Connecting devices
to AWS IoT in the AWS IoT Developer Guide.
Topics
• AWS IoT Core - control plane endpoints (p. 446)
• AWS IoT Core - data plane endpoints (p. 448)
• AWS IoT Device Management - jobs data endpoints (p. 450)
• AWS IoT Device Management - secure tunneling endpoints (p. 451)
• AWS IoT Core for LoRaWAN API endpoints (p. 453)
• AWS IoT FIPS endpoints (p. 455)
AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations.
For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS
IoT operations in the AWS IoT API Reference.

Name

(Ohio)
iot-fips.us-east-2.amazonaws.com HTTPS

Virginia)

West (N.
California) iot-fips.us-west-1.amazonaws.com HTTPS

(Oregon)
Version 1.0
446
Service endpoints

Name
iot-fips.us-west-2.amazonaws.com HTTPS

Pacific
(Hong
Kong)

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)

(Central) central-1
iot-fips.ca-central-1.amazonaws.com HTTPS


(Ireland)

(London)

(Paris)

(Stockholm)

East south-1
(Bahrain)

America
(São
Paulo)
Version 1.0
447
Service endpoints

Name
AWS us-gov- iot.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) iot-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) iot-fips.us-gov-west-1.amazonaws.com HTTPS
AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the
AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint
CLI command shown here, or the DescribeEndpoint REST API.
aws iot describe-endpoint --endpoint-type iot:Data-ATS
This command returns your data plane API endpoint in the following format:
account-specific-prefix.iot.aws-region.amazonaws.com
For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT
data plane operations in the AWS IoT API Reference.
The following table contains generic representations of the AWS account-specific endpoints for each
AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces data shown in the generic endpoint representation.

Name
US East us-east-2 data-ats.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
data.iot-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 data-ats.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 data-ats.iot.us-west-1.amazonaws.com HTTPS

West (N.
California) data.iot-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 data-ats.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
data.iot-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 data-ats.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
448
Service endpoints

Name
Asia ap- data-ats.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- data-ats.iot.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- data-ats.iot.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)

(Tokyo)
Canada ca- data-ats.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
data.iot-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- data-ats.iot.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 data-ats.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 data-ats.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- data-ats.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 data-ats.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- data-ats.iot.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) data.iot-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- data-ats.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) data.iot-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
449
Service endpoints
AWS IoT Device Management - jobs data endpoints

The AWS IoT Device Management - jobs data endpoints are specific to each AWS account and AWS
Region. To find the AWS IoT Device Management - jobs data endpoint for your AWS account and AWS
Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.
aws iot describe-endpoint --endpoint-type iot:Jobs
This command returns your Jobs data plane API endpoint in the following format:
account-specific-prefix.jobs.iot.aws-region.amazonaws.com.
For information about the actions supported by the AWS IoT Device Management - jobs data endpoints,
see AWS IoT jobs data plane operations in the AWS IoT API Reference.
The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data
operations. In the Endpoint column, the account-specific-prefix from your account-specific
endpoint replaces the prefix shown in the generic endpoint representation.

Name
US East us-east-2 prefix.jobs.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 prefix.jobs.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 prefix.jobs.iot.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 prefix.jobs.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 prefix.jobs.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- prefix.jobs.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- prefix.jobs.iot.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- prefix.jobs.iot.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)
Version 1.0
450
Service endpoints

Name

(Tokyo)
Canada ca- prefix.jobs.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
China cn-north-1 prefix.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS

(Beijing)
China cn- prefix.jobs.iot.cn- HTTPS

Europe eu- prefix.jobs.iot.eu-central-1.amazonaws.com HTTPS

(Frankfurt)) central-1
Europe eu-west-1 prefix.jobs.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 prefix.jobs.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- prefix.jobs.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 prefix.jobs.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- prefix.jobs.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
AWS IoT Device Management - secure tunneling endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for secure
tunneling operations. For more information, see AWS IoT secure tunneling operations in the AWS IoT API
Reference.

Name
US East us-east-2 api.tunneling.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
api.tunneling.iot-fips.us-east-2.amazonaws.com HTTPS
Version 1.0
451
Service endpoints

Name
US East (N. us-east-1 api.tunneling.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 api.tunneling.iot.us-west-1.amazonaws.com HTTPS

West (N.
California) api.tunneling.iot-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 api.tunneling.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
api.tunneling.iot-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- api.tunneling.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- api.tunneling.iot.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- api.tunneling.iot.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)

(Tokyo)
Canada ca- api.tunneling.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
api.tunneling.iot-fips.ca- HTTPS
Europe eu- api.tunneling.iot.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 api.tunneling.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
452
Service endpoints

Name
Middle me- api.tunneling.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- api.tunneling.iot.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) api.tunneling.iot-fips.us-gov- HTTPS
AWS us-gov- api.tunneling.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) api.tunneling.iot-fips.us-gov- HTTPS
AWS IoT Core for LoRaWAN API endpoints

AWS IoT Core for LoRaWAN provides control plane and data plane endpoints for its API.
AWS IoT Core for LoRaWAN control plane API endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core for LoRaWAN supports
for operations to manage LoRaWAN gateways and devices.
US East (N. us-east-1 api.iotwireless.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 api.iotwireless.us-west-2.amazonaws.com HTTPS

(Oregon)
Europe eu-west-1 api.iotwireless.eu-west-1.amazonaws.com HTTPS

(Ireland)
Asia Pacific ap-northeast-1 api.iotwireless.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Asia Pacific ap-southeast-2 api.iotwireless.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
AWS IoT Core for LoRaWAN data plane API endpoints

The data plane API endpoints are specific to each AWS Account and Region. To find the data plane API
endpoint for your AWS Account and Region, use the get-service-endpoint CLI command shown here, or
the GetServiceEndpoint REST API.
aws iotwireless get-service-endpoint
Version 1.0
453
Service endpoints
This command returns information about:
• The service type for which you want to get endpoint information about, which can be CUPS or LNS.
• The CUPS or LNS server trust certificate depending on the endpoint specified.
• Your data plane API endpoint in the following format:
account-specific-prefix.service.lorawan.aws-region.amazonaws.com
where service can be cups or lns.
The following table contains generic representations of the AWS Account-specific LNS endpoints for each
Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from
your Account-specific endpoint replaces prefix shown in the generic endpoint representation.
LNS endpoints
US East (N. us-east-1 prefix.lns.lorawan.us-east-1.amazonaws.com WSS

Virginia)
US West us-west-2 prefix.lns.lorawan.us-west-2.amazonaws.com WSS

(Oregon)
Europe eu-west-1 prefix.lns.lorawan.eu-west-1.amazonaws.com WSS

(Ireland)
Asia Pacific ap-northeast-1 prefix.lns.lorawan.ap- WSS

(Tokyo) northeast-1.amazonaws.com
Asia Pacific ap-southeast-2 prefix.lns.lorawan.ap- WSS

(Sydney) southeast-2.amazonaws.com
The following table contains generic representations of the AWS Account-specific CUPS endpoints for
each Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces prefix shown in the generic endpoint representation.
CUPS endpoints
US East (N. us-east-1 prefix.cups.lorawan.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 prefix.cups.lorawan.us-west-2.amazonaws.com HTTPS

(Oregon)
Europe eu-west-1 prefix.cups.lorawan.eu-west-1.amazonaws.com HTTPS

(Ireland)
Asia Pacific ap-northeast-1 prefix.cups.lorawan.ap- HTTPS

Asia Pacific ap-southeast-2 prefix.cups.lorawan.ap- HTTPS

Version 1.0
454
Service quotas
AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2.
Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from
FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see
Connecting to AWS IoT FIPS endpoints.
Service quotas
Contents
• AWS IoT Core rules engine limits and quotas (p. 455)
• AWS IoT Core API throttling limits (p. 457)
• AWS IoT Core for LoRaWAN limits and quotas (p. 473)
• AWS IoT Core Device Shadow service limits and quotas (p. 484)
• AWS IoT Core Fleet Provisioning limits and quotas (p. 486)
• AWS IoT Core message broker and protocol limits and quotas (p. 488)
• AWS IoT Core protocol-related limits and quotas (p. 495)
• AWS IoT Core credential provider limits and quotas (p. 495)
• AWS IoT Core security and identity limits and quotas (p. 496)
• MQTT-based File Delivery (p. 499)
• AWS IoT Core Device Advisor limits and quotas (p. 500)
Note
The limits and quotas for these AWS IoT Device Management features: AWS IoT registry, AWS
IoT Fleet Indexing, AWS IoT Jobs, AWS IoT Secure Tunneling, and Fleet Hub for AWS IoT Device
Management can be found in AWS IoT Device Management Service quotas (p. 521).
AWS IoT Core rules engine limits and quotas

This section describes the limits and quotas of the AWS IoT Core rules engine.
AWS IoT Core rules engine
Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions
The maximum 10 10 No
number of entries
Maximum number in the rule's
of actions per actions property.
rule
The maximum 1000 1000 Yes

number of rules
Maximum number that can be
of rules per defined in a single
AWS account AWS account.

number of rules
Rule that can be
evaluations evaluated per
Version 1.0
455
Service quotas

name in select AWS
*
Regions
per second per second per AWS
AWS account account. This
quota includes
rule evaluations
that result from
inbound Basic
Ingest messages.
The maximum 256 Kilobytes 256 Kilobytes No

size that a
Rule size rule document
definition can
contain, measured
by number of
UTF-8 encoded
characters,
including white
spaces.
*
Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong
Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central),
China (Ningxia)
AWS IoT Core rules engine HTTP actions limits and quotas
AWS IoT Core HTTP action
Limit display name Description Default value Adjustable
Maximum length of an 2 Kilobytes No

endpoint URL for topic
HTTP Action: rule HTTP Action.
Maximum length of
an endpoint URL
Maximum number 100 No

of headers per HTTP
HTTP Action: action. When specifying
Maximum number of the list of headers to
headers per action include in the HTTP
request, it must contain
a header key and a
header value. To learn
more, see https://
iot/latest/
developerguide/https-
rule-action.html.
Maximum size of a 256 Bytes No

header key for topic
HTTP Action: rule HTTP action.
Maximum size of a The header file for a
header key HTTP request includes
Version 1.0
456
Service quotas

this header key and a
header value.
Maximum number of 1000 No

topic rule destinations
HTTP Action: per AWS account
Maximum topic rule for topic rule HTTPS
destinations per action. You must
AWS account confirm and enable
HTTPS endpoints
before the rules engine
can use them. For
more information,
see https://
iot/latest/
developerguide/rule-
destination.html.
Request timeout for 3000 Milliseconds No

topic rule HTTP action.
HTTP Action: The AWS IoT rules
Request timeout engine retries the
HTTPS action until the
total time to complete
a request exceeds the
timeout quota.
Resource Value Adjustable
TCP ports used for HTTP actions 443, 8443 No
AWS IoT Core rules engine Apache Kafka actions limits and quotas
Resource Limits
Bootstrap server ports 9000-9100
Kerberos key distribution center (KDC) 88
AWS IoT Core rules engine VPC actions limits and quotas
Resource Quota
Maximum number of VPC destinations 5 per account per Region
AWS IoT Core API throttling limits

This table describes the maximum number of transactions per second (TPS) that can be made to each of
these AWS IoT Core API actions.
Version 1.0
457
Service quotas
AWS IoT Core API rate limits

name in select AWS
*
Regions

number of
AcceptCertificateTransfer
transactions per
API TPS second (TPS)
that can be
made for the
AcceptCertificateTransfer
API.

number of
AttachPolicy transactions per
API TPS second (TPS) that
can be made for
the AttachPolicy
API.

number of
AttachPrincipalPolicy
transactions per
that can be
made for the
AttachPrincipalPolicy
API.

number of
CancelCertificateTransfer
transactions per
that can be
made for the
CancelCertificateTransfer
API.

number of
ClearDefaultAuthorizer
transactions per
that can be
made for the
ClearDefaultAuthorizer
API.
number of
CreateAuthorizertransactions per
that can be
made for the
CreateAuthorizer
API.
Version 1.0
458
Service quotas

name in select AWS
*
Regions

number of
CreateCertificateFromCsr
transactions per
that can be
made for the
CreateCertificateFromCsr
API.
The maximum 1 1 No
number of
CreateDomainConfiguration
transactions per
that can be
made for the
CreateDomainConfiguration
API.

number of
CreateKeysAndCertificate
transactions per
that can be
made for the
CreateKeysAndCertificate
API.

number of
CreatePolicy transactions per
can be made for
the CreatePolicy
API.

number of
CreatePolicyVersion
transactions per
that can be
made for the
CreatePolicyVersion
API.

number of
CreateProvisioningClaim
transactions per
that can be
made for the
CreateProvisioningClaim
API.
Version 1.0
459
Service quotas

name in select AWS
*
Regions
number of
CreateProvisioningTemplate
transactions per
that can be
made for the
CreateProvisioningTemplate
API.
number of
CreateProvisioningTemplateVersion
transactions per
that can be
made for the
CreateProvisioningTemplateVersion
API.
number of
CreateRoleAlias transactions per
that can be
made for the
CreateRoleAlias
API.
The maximum 5 5 No
number of
CreateTopicRule transactions per
that can be
made for the
CreateTopicRule
API.
The maximum 5 5 No
number of
CreateTopicRuleDestination
transactions per
that can be
made for the
CreateTopicRuleDestination
API.
number of
DeleteAuthorizertransactions per
that can be
made for the
DeleteAuthorizer
API.
Version 1.0
460
Service quotas

name in select AWS
*
Regions

number of
DeleteCACertificate
transactions per
that can be
made for the
DeleteCACertificate
API.

number of
DeleteCertificate
transactions per
that can be
made for the
DeleteCertificate
API.
number of
DeleteDomainConfiguration
transactions per
that can be
made for the
DeleteDomainConfiguration
API.

number of
DeletePolicy transactions per
can be made for
the DeletePolicy
API.

number of
DeletePolicyVersion
transactions per
that can be
made for the
DeletePolicyVersion
API.

number of
DeleteProvisioningTemplate
transactions per
that can be
made for the
DeleteProvisioningTemplate
API.
Version 1.0
461
Service quotas

name in select AWS
*
Regions
number of
DeleteProvisioningTemplateVersion
transactions per
that can be
made for the
DeleteProvisioningTemplateVersion
API.

number of
DeleteRegistrationCode
transactions per
that can be
made for the
DeleteRegistrationCode
API.
number of
DeleteRoleAlias transactions per
that can be
made for the
DeleteRoleAlias
API.
The maximum 20 5 No
number of
DeleteTopicRule transactions per
that can be
made for the
DeleteTopicRule
API.
The maximum 5 5 No
number of
DeleteTopicRuleDestination
transactions per
that can be
made for the
DeleteTopicRuleDestination
API.
The maximum 2 2 No
number of
DeleteV2LoggingLevel
transactions per
that can be
made for the
DeleteV2LoggingLevel
API.
Version 1.0
462
Service quotas

name in select AWS
*
Regions

number of
DescribeAuthorizer
transactions per
that can be
made for the
DescribeAuthorizer
API.

number of
DescribeCACertificate
transactions per
that can be
made for the
DescribeCACertificate
API.

number of
DescribeCertificate
transactions per
that can be
made for the
DescribeCertificate
API.

number of
DescribeCertificateTag
transactions per
that can be
made for the
DescribeCertificateTag
API.

number of
DescribeDefaultAuthorizer
transactions per
that can be
made for the
DescribeDefaultAuthorizer
API.

number of
DescribeDomainConfiguration
transactions per
that can be
made for the
DescribeDomainConfiguration
API.
Version 1.0
463
Service quotas

name in select AWS
*
Regions
number of
DescribeEndpointtransactions per
that can be
made for the
DescribeEndpoint
API.

number of
DescribeProvisioningTemplate
transactions per
that can be
made for the
DescribeProvisioningTemplate
API.

number of
DescribeProvisioningTemplateVersion
transactions per
that can be
made for the
DescribeProvisioningTemplateVersion
API.

number of
DescribeRoleAlias
transactions per
that can be
made for the
DescribeRoleAlias
API.

number of
DetachPolicy transactions per
can be made for
the DetachPolicy
API.

number of
DetachPrincipalPolicy
transactions per
that can be
made for the
DetachPrincipalPolicy
API.
Version 1.0
464
Service quotas

name in select AWS
*
Regions
The maximum 5 5 No
number of
DisableTopicRuletransactions per
that can be
made for the
DisableTopicRule
API.
The maximum 5 5 No
number of
EnableTopicRule transactions per
that can be
made for the
EnableTopicRule
API.
The maximum 5 5 Yes

number of
GetEffectivePolicies
transactions per
that can be
made for the
GetEffectivePolicies
API.
The maximum 2 2 No
number of
GetLoggingOptions
transactions per
that can be
made for the
GetLoggingOptions
API.

number of
GetPolicy API transactions per
TPS second (TPS) that
can be made for
the GetPolicy API.

number of
GetPolicyVersiontransactions per
that can be
made for the
GetPolicyVersion
API.
Version 1.0
465
Service quotas

name in select AWS
*
Regions

number of
GetRegistrationCode
transactions per
that can be
made for the
GetRegistrationCode
API.

number of
GetRetainedMessage
transactions per
API TPS second that can
be made for the
GetRetainedMessage
API.

number of
GetTopicRule transactions per
can be made for
the GetTopicRule
API.
The maximum 50 5 No
number of
GetTopicRuleDestination
transactions per
that can be
made for the
GetTopicRuleDestination
API.
The maximum 2 2 No
number of
GetV2LoggingOptions
transactions per
that can be
made for the
GetV2LoggingOptions
API.

number of
ListAttachedPolicies
transactions per
that can be
made for the
ListAttachedPolicies
API.
Version 1.0
466
Service quotas

name in select AWS
*
Regions

number of
ListAuthorizers transactions per
can be made for
the ListAuthorizers
API.

number of
ListCACertificates
transactions per
that can be
made for the
ListCACertificates
API.

number of
ListCertificatestransactions per
can be made for
the ListCertificates
API.

number of
ListCertificatesByCA
transactions per
that can be
made for the
ListCertificatesByCA
API.

number of
ListDomainConfigurations
transactions per
that can be
made for the
ListDomainConfigurations
API.

number of
ListOutgoingCertificates
transactions per
that can be
made for the
ListOutgoingCertificates
API.
Version 1.0
467
Service quotas

name in select AWS
*
Regions

number of
ListPolicies transactions per
can be made for
the ListPolicies
API.

number of
ListPolicyPrincipals
transactions per
that can be
made for the
ListPolicyPrincipals
API.

number of
ListPolicyVersions
transactions per
that can be
made for the
ListPolicyVersions
API.

number of
ListPrincipalPolicies
transactions per
that can be
made for the
ListPrincipalPolicies
API.

number of
ListProvisioningTemplateVersions
transactions per
that can be
made for the
ListProvisioningTemplateVersions
API.

number of
ListProvisioningTemplates
transactions per
that can be
made for the
ListProvisioningTemplates
API.
Version 1.0
468
Service quotas

name in select AWS
*
Regions

number of
ListRetainedMessages
transactions per
API TPS second that can
be made for the
ListRetainedMessages
API.

number of
ListRoleAliases transactions per
can be made for
the ListRoleAliases
API.

number of
ListTargetsForPolicy
transactions per
that can be
made for the
ListTargetsForPolicy
API.
The maximum 1 1 No
number of
ListTopicRuleDestinations
transactions per
that can be
made for the
ListTopicRuleDestinations
API.
The maximum 1 1 No
number of
ListTopicRules transactions per
can be made for
the ListTopicRules
API.
The maximum 2 2 No
number of
ListV2LoggingLevels
transactions per
that can be
made for the
ListV2LoggingLevels
API.
Version 1.0
469
Service quotas

name in select AWS
*
Regions

number of
RegisterCACertificate
transactions per
that can be
made for the
RegisterCACertificate
API.

number of
RegisterCertificate
transactions per
that can be
made for the
RegisterCertificate
API.

number of
RegisterCertificateWithoutCA
transactions per
that can be
made for the
RegisterCertificateWithoutCA
API.

number of
RejectCertificateTransfer
transactions per
that can be
made for the
RejectCertificateTransfer
API.
The maximum 5 5 No
number of
ReplaceTopicRuletransactions per
that can be
made for the
ReplaceTopicRule
API.

number of
SetDefaultAuthorizer
transactions per
that can be
made for the
SetDefaultAuthorizer
API.
Version 1.0
470
Service quotas

name in select AWS
*
Regions

number of
SetDefaultPolicyVersion
transactions per
that can be
made for the
SetDefaultPolicyVersion
API.
The maximum 2 2 No
number of
SetLoggingOptions
transactions per
that can be
made for the
SetLoggingOptions
API.
The maximum 2 2 No
number of
SetV2LoggingLevel
transactions per
that can be
made for the
SetV2LoggingLevel
API.
The maximum 2 2 No
number of
SetV2LoggingOptions
transactions per
that can be
made for the
SetV2LoggingOptions
API.
number of
TestAuthorization
transactions per
that can be
made for the
TestAuthorization
API.
number of
TestInvokeAuthorizer
transactions per
that can be
made for the
TestInvokeAuthorizer
API.
Version 1.0
471
Service quotas

name in select AWS
*
Regions

number of
TransferCertificate
transactions per
that can be
made for the
TransferCertificate
API.

number of
UpdateAuthorizertransactions per
that can be
made for the
UpdateAuthorizer
API.

number of
UpdateCACertificate
transactions per
that can be
made for the
UpdateCACertificate
API.

number of
UpdateCertificate
transactions per
that can be
made for the
UpdateCertificate
API.

number of
UpdateCertificateMode
transactions per
that can be
made for the
UpdateCertificateMode
API.

number of
UpdateCertificateTag
transactions per
that can be
made for the
UpdateCertificateTag
API.
Version 1.0
472
Service quotas

name in select AWS
*
Regions

number of
UpdateDomainConfiguration
transactions per
that can be
made for the
UpdateDomainConfiguration
API.

number of
UpdateProvisioningTemplate
transactions per
that can be
made for the
UpdateProvisioningTemplate
API.

number of
UpdateRoleAlias transactions per
that can be
made for the
UpdateRoleAlias
API.
The maximum 5 5 No
number of
UpdateTopicRuleDestination
transactions per
that can be
made for the
UpdateTopicRuleDestination
API.
*
China (Ningxia)
AWS IoT Core for LoRaWAN limits and quotas

Device data quotas
The following service quotas apply to AWS IoT Core for LoRaWAN device data, which are transmitted
between LoRaWAN devices, gateways, and AWS IoT Core for LoRaWAN.
AWS IoT Wireless devices API throttling
TPS limit for 10 Yes

AssociateWirelessDeviceWithThing
Version 1.0
473
Service quotas

TPS limit for

CreateNetworkAnalyzerConfiguration
TPS limit for
CreateNetworkAnalyzerConfiguration

CreateWirelessDevice
TPS limit for

DeleteNetworkAnalyzerConfiguration
TPS limit for
DeleteNetworkAnalyzerConfiguration

DeleteWirelessDevice
TPS limit for

DisassociateWirelessDeviceFromThing
TPS limit for

GetEventConfigurationByResourceTypes
TPS limit for
GetEventConfigurationByResourceTypes

GetWirelessDevice
TPS limit for
GetWirelessDevice
TPS limit for 10 No

GetWirelessDeviceStatistics
TPS limit for

ListEventConfigurations
TPS limit for
ListEventConfigurations

ListNetworkAnalyzerConfigurations
TPS limit for
ListNetworkAnalyzerConfigurations

ListWirelessDevices
TPS limit for
ListWirelessDevices
Version 1.0
474
Service quotas

SendDataToWirelessDevice
TPS limit for

TestWirelessDevice
TPS limit for
TestWirelessDevice

UpdateEventConfigurationByResourceTypes
TPS limit for
UpdateEventConfigurationByResourceTypes

UpdateWirelessDevice
TPS limit for
AWS IoT Core for LoRaWAN API throttling
The following tables describes the maximum number of transactions per second (TPS) that can be made
to each action in the AWS IoT Wireless API, which includes AWS IoT Core for LoRaWAN and Amazon
Sidewalk Integration.
AWS IoT Wireless gateway API throttling
This table describes the maximum TPS for APIs used with LoRaWAN gateways. The gateways route
messages between LoRaWAN devices and AWS IoT Core for LoRaWAN.
AWS IoT Wireless gateway API throttling
TPS limit for 10 No

AssociateWirelessGatewayWithCertificate
TPS limit for
AssociateWirelessGatewayWithCertificate

AssociateWirelessGatewayWithThing
TPS limit for
AssociateWirelessGatewayWithThing

CreateWirelessGateway
TPS limit for
CreateWirelessGateway
TPS limit for 10 No

CreateWirelessGatewayTask
TPS limit for
CreateWirelessGatewayTask
TPS limit for 10 No

CreateWirelessGatewayTaskDefinition
Version 1.0
475
Service quotas

TPS limit for
CreateWirelessGatewayTaskDefinition

DeleteWirelessGateway
TPS limit for
DeleteWirelessGateway
TPS limit for 10 No

DeleteWirelessGatewayTask
TPS limit for
DeleteWirelessGatewayTask
TPS limit for 10 No

DeleteWirelessGatewayTaskDefinition
TPS limit for
DeleteWirelessGatewayTaskDefinition
TPS limit for 10 No

DisassociateWirelessGatewayFromCertificate
TPS limit for
DisassociateWirelessGatewayFromCertificate

DisassociateWirelessGatewayFromThing
TPS limit for
DisassociateWirelessGatewayFromThing

GetWirelessGateway
TPS limit for
GetWirelessGateway
TPS limit for 10 No

GetWirelessGatewayCertificate
TPS limit for
GetWirelessGatewayCertificate
TPS limit for 10 No

GetWirelessGatewayFirmwareInformation
TPS limit for
GetWirelessGatewayFirmwareInformation
TPS limit for 10 No

GetWirelessGatewayStatistics
TPS limit for
GetWirelessGatewayStatistics
TPS limit for 10 No

GetWirelessGatewayTask
TPS limit for
GetWirelessGatewayTask
TPS limit for 10 No

GetWirelessGatewayTaskDefinition
TPS limit for
GetWirelessGatewayTaskDefinition
Version 1.0
476
Service quotas
TPS limit for 10 No

ListWirelessGatewayTaskDefinitions
TPS limit for
ListWirelessGatewayTaskDefinitions

ListWirelessGateways
TPS limit for
ListWirelessGateways

UpdateWirelessGateway
TPS limit for
UpdateWirelessGateway
LoRaWAN devices API throttling
This table describes the maximum TPS for APIs used with LoRaWAN devices.
AWS IoT Wireless devices API throttling

TPS limit for

CreateNetworkAnalyzerConfiguration
TPS limit for
CreateNetworkAnalyzerConfiguration

TPS limit for

DeleteNetworkAnalyzerConfiguration
TPS limit for
DeleteNetworkAnalyzerConfiguration

TPS limit for

TPS limit for

GetEventConfigurationByResourceTypes
TPS limit for
GetEventConfigurationByResourceTypes
Version 1.0
477
Service quotas

GetWirelessDevice
TPS limit for
GetWirelessDevice
TPS limit for 10 No

TPS limit for

ListEventConfigurations
TPS limit for
ListEventConfigurations

ListNetworkAnalyzerConfigurations
TPS limit for
ListNetworkAnalyzerConfigurations

ListWirelessDevices
TPS limit for
ListWirelessDevices

TPS limit for

TestWirelessDevice
TPS limit for
TestWirelessDevice

UpdateEventConfigurationByResourceTypes
TPS limit for
UpdateEventConfigurationByResourceTypes

TPS limit for
Device Profiles and destination API throttling
This table describes device profiles and service profiles and destinations that can route messages to
other AWS services.
AWS IoT Wireless device profiles and destination API throttling

CreateDestination
TPS limit for
CreateDestination
Version 1.0
478
Service quotas

CreateDeviceProfile
TPS limit for
CreateDeviceProfile

CreateServiceProfile
TPS limit for
CreateServiceProfile

DeleteDestination
TPS limit for
DeleteDestination

DeleteDeviceProfile
TPS limit for
DeleteDeviceProfile

DeleteServiceProfile
TPS limit for
DeleteServiceProfile

GetDestination
TPS limit for
GetDestination

GetDeviceProfile
TPS limit for
GetDeviceProfile

GetServiceProfile
TPS limit for
GetServiceProfile

ListDestinations
TPS limit for
ListDestinations

ListDeviceProfiles
TPS limit for
ListDeviceProfiles

ListServiceProfiles
TPS limit for
ListServiceProfiles

UpdateDestination
TPS limit for
UpdateDestination
Version 1.0
479
Service quotas
Sidewalk and logging API throttling
This table describes the maximum TPS for Amazon Sidewalk APIs and APIs that are used for log levels
based on resource types.
AWS IoT Wireless Sidewalk and logging API throttling

AssociateAwsAccountWithPartnerAccount
TPS limit for
AssociateAwsAccountWithPartnerAccount

GetLogLevelsByResourceTypes
TPS limit for
GetLogLevelsByResourceTypes

GetPartnerAccount
TPS limit for
GetPartnerAccount

GetResourceLogLevel
TPS limit for
GetResourceLogLevel

ListPartnerAccounts
TPS limit for
ListPartnerAccounts

PutResourceLogLevel
TPS limit for
PutResourceLogLevel

ResetAllResourceLogLevels
TPS limit for
ResetAllResourceLogLevels

ResetResourceLogLevel
TPS limit for
ResetResourceLogLevel

UpdateLogLevelsByResourceTypes
TPS limit for
UpdateLogLevelsByResourceTypes

UpdatePartnerAccount
TPS limit for
UpdatePartnerAccount
Tagging and GetServiceEndpoint API throttling
Version 1.0
480
Service quotas
This table describes the maximum TPS for the GetServiceEndpoint API and APIs used for tagging
resources.
AWS IoT Wireless tagging and GetServiceEndpoint API throttling
TPS limit for 10 No

GetServiceEndpoint
TPS limit for
GetServiceEndpoint

ListTagsForResource
TPS limit for
ListTagsForResource

TagResource
TPS limit for
TagResource

UntagResource
TPS limit for
UntagResource
Additional AWS IoT Wireless API limits
AWS IoT Wireless limits and quotas

AssociateMulticastGroupWithFuotaTask
TPS limit for
AssociateMulticastGroupWithFuotaTask

AssociateWirelessDeviceWithFuotaTask
TPS limit for
AssociateWirelessDeviceWithFuotaTask

AssociateWirelessDeviceWithMulticastGroup
TPS limit for
AssociateWirelessDeviceWithMulticastGroup

CancelMulticastGroupSession
TPS limit for
CancelMulticastGroupSession

CreateFuotaTask
TPS limit for
CreateFuotaTask

CreateMulticastGroup
Version 1.0
481
Service quotas

TPS limit for
CreateMulticastGroup

DeleteFuotaTask
TPS limit for
DeleteFuotaTask

DeleteMulticastGroup
TPS limit for
DeleteMulticastGroup

DeleteQueuedMessages
TPS limit for
DeleteQueuedMessages

DisassociateAwsAccountFromPartnerAccount
TPS limit for
DisassociateAwsAccountFromPartnerAccount

DisassociateMulticastGroupFromFuotaTask
TPS limit for
DisassociateMulticastGroupFromFuotaTask

DisassociateWirelessDeviceFromFuotaTask
TPS limit for
DisassociateWirelessDeviceFromFuotaTask

DisassociateWirelessDeviceFromMulticastGroup
TPS limit for
DisassociateWirelessDeviceFromMulticastGroup

GetFuotaTask
TPS limit for
GetFuotaTask

GetMulticastGroup
TPS limit for
GetMulticastGroup

GetMulticastGroupSession
TPS limit for
GetMulticastGroupSession

GetNetworkAnalyzerConfiguration
TPS limit for
GetNetworkAnalyzerConfiguration
Version 1.0
482
Service quotas

GetPosition
TPS limit for
GetPosition

GetPositionConfiguration
TPS limit for
GetPositionConfiguration

GetResourceEventConfiguration
TPS limit for
GetResourceEventConfiguration

ListFuotaTasks
TPS limit for
ListFuotaTasks

ListMulticastGroups
TPS limit for
ListMulticastGroups

ListMulticastGroupsByFuotaTask
TPS limit for
ListMulticastGroupsByFuotaTask

ListPositionConfigurations
TPS limit for
ListPositionConfigurations

ListQueuedMessages
TPS limit for
ListQueuedMessages

PutPositionConfiguration
TPS limit for
PutPositionConfiguration

SendDataToMulticastGroup
TPS limit for
SendDataToMulticastGroup

StartBulkAssociateWirelessDeviceWithMulticastGroup
TPS limit for
StartBulkAssociateWirelessDeviceWithMulticastGroup

StartBulkDisassociateWirelessDeviceFromMulticastGroup
TPS limit for
StartBulkDisassociateWirelessDeviceFromMulticastGroup
Version 1.0
483
Service quotas

StartFuotaTask
TPS limit for
StartFuotaTask

StartMulticastGroupSession
TPS limit for
StartMulticastGroupSession

StartNetworkAnalyzerStream
TPS limit for
StartNetworkAnalyzerStream

UpdateFuotaTask
TPS limit for
UpdateFuotaTask

UpdateMulticastGroup
TPS limit for
UpdateMulticastGroup

UpdateNetworkAnalyzerConfiguration
TPS limit for
UpdateNetworkAnalyzerConfiguration

UpdatePosition
TPS limit for
UpdatePosition

UpdateResourceEventConfiguration
TPS limit for
UpdateResourceEventConfiguration
AWS IoT Core Device Shadow service limits and quotas

AWS IoT Core Device Shadow actions

name in select AWS
*
Regions
Number of 4000 400 Yes

device shadow
Device Shadow API requests
API requests/ per second per
second per account. This value
account is adjustable and
subject to per-
account quotas,
Version 1.0
484
Service quotas

name in select AWS
*
Regions
depending on the
region.
The maximum 5 5 No
number of levels
Maximum depth in the desired or
of JSON reported section
device state of the JSON device
documents state document is
5.
The Device 10 10 No
Shadow service
Maximum number supports up
of in-flight, to 10 in-flight
unacknowledged unacknowledged
messages per messages per
thing thing on a single
connection. When
this quota is
reached, all new
shadow requests
are rejected
with a 429 error
code until the
number of in-
flight requests
drop below the
limit.
Maximum size of 64 Bytes 64 Bytes No

a thing shadow
Maximum shadow name, which
name size is 64 bytes of
UTF-8 encoded
characters.
Each individual 8 Kilobytes 8 Kilobytes Yes

shadow document
Maximum size must be 8KB
of a JSON or less in size.
state document Metadata doesn't
contribute to the
document size for
service quotas or
pricing.
Maximum size of a 128 Bytes 128 Bytes No

thing name, which
Maximum thing is 128 bytes of
name size UTF-8 encoded
characters.
Version 1.0
485
Service quotas

name in select AWS
*
Regions
The Device 20 20 Yes

Shadow service
Requests per supports up to
second per 20 requests per
thing second per thing.
This quota is per
thing, not per API.
*
Select AWS Regions: Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), South America (São
Paulo), Canada (Central), Middle East (Bahrain), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud
(US-West)
The levels in the desired and reported sections of the Device Shadow's JSON state document are
counted as shown here for the desired object.
"desired": {
"one": {
"two": {
"three": {
"four": {
"five":{
}
}
}
}
}
}
Note
AWS IoT Core deletes a Device Shadow document after the creating account is deleted or upon
customer request. For operational purposes, AWS IoT service backups are retained for 6 months.
AWS IoT Core Fleet Provisioning limits and quotas

Following are throttling limits for some fleet provisioning APIs per AWS account.
AWS IoT Core fleet provisioning limits and quotas
The maximum number 100 Yes

of transactions per
Fleet Provisioning second (TPS) that
CreateCertificateFromCsr
can be made for the
MQTT API TPS Fleet Provisioning
CreateCertificateFromCsr
MQTT API.

of transactions per
CreateKeysAndCertificate
can be made for the
MQTT API TPS Fleet Provisioning
Version 1.0
486
Service quotas

CreateKeysAndCertificate
MQTT API.

of transactions per
RegisterThing MQTT can be made for the
API TPS Fleet Provisioning
RegisterThing MQTT
API.
Fleet provisioning also has these limits, which can't be changed.
Resource Description Limit
Versions per fleet The maximum number 5

provisioning template of versions that a
fleet provisioning
template can have.
Each template version
has a version ID and
a creation date for
devices that connect
to AWS IoT using fleet
previsioning.
Fleet provisioning The maximum number 256

templates per customer of fleet provisioning
templates per
customer. Use fleet
provisioning templates
to generate certificates
and private keys for
your devices to securely
connect to AWS IoT.
Fleet provisioning The maximum size of 10 Kilobytes

template size a fleet provisioning
template in Kilobytes.
Fleet provisioning
templates allow you to
generate certificates
connect to AWS IoT.
Version 1.0
487
Service quotas
AWS IoT Core message broker and protocol limits and quotas
AWS IoT Core message broker limits and quotas

name in select AWS
*
Regions
Size of the client 128 Bytes 128 Bytes No

ID, which is
Client ID size 128 bytes of
UTF-8 encoded
characters.

number of
Connect MQTT CONNECT
requests per requests per
second per second per
account account.
AWS IoT Core 1 1 No

restricts MQTT
Connect CONNECT
requests per requests from the
second per same accountId
client ID and clientId to 1
MQTT CONNECT
operation per
second.
The default keep- 1200 Seconds 1200 Seconds No

alive interval is
Connection 1200 seconds. It
inactivity is used when a
(keep-alive client requests
interval) a keep-alive
interval of zero. If
a client requests
an interval >
1200 seconds, the
default interval
is used. If a client
requests a keep-
alive interval
< 30 seconds
but > zero, the
server treats the
client as though it
requested a keep-
alive interval of 30
seconds.
Inbound publish 20000 2000 Yes

requests counts
Inbound all messages that
publish IoT Core processes
requests per before routing
Version 1.0
488
Service quotas

name in select AWS
*
Regions
second per them to the clients
account or rules engine. Ex:
A single message
published on
reserved topic
can result in
publishing
3 additional
messages for
shadow update,
documents and
delta, hence
counted as 4
requests; whereas
on an unreserved
topic like a/b
is counted as 1
request.

number of
Maximum concurrent
concurrent connections
client allowed per
connections account.
per account
AWS IoT Core 100 100 No

restricts the
Maximum number of
inbound unacknowledged
unacknowledged inbound publish
QoS 1 publish requests per
requests client. When this
quota is reached,
no new publish
requests are
accepted from
this client until a
PUBACK message
is returned by the
server.
Version 1.0
489
Service quotas

name in select AWS
*
Regions
The number of 5000 500 Yes

stored retained
Maximum number messages per
of retained account.When this
messages per limit is reached,
account no new retained
messages are
stored for this
account and
all retained
publishes with
payloads greater
than 0 bytes are
throttled.
A topic in a 7 7 No
publish or
Maximum number subscribe request
of slashes can have no more
in topic and than 7 forward
topic filter slashes (/). This
excludes the
first 3 slashes in
the mandatory
segments for
Basic Ingest topics
($AWS/rules/rule-
name/).

restricts the
Maximum number of
outbound unacknowledged
unacknowledged outbound publish
QoS 1 publish requests per
requests client. When this
quota is reached,
no new publish
requests are
sent to the client
until the client
acknowledges the
publish requests.
Version 1.0
490
Service quotas

name in select AWS
*
Regions
AWS IoT Core 3600 Seconds 3600 Seconds No

retries delivery of
Maximum retry unacknowledged
interval for quality of service
delivering QoS 1 (QoS 1) publish
1 messages requests to a
client for up to
one hour. If AWS
IoT Core does not
receive a PUBACK
message from the
client after one
hour, it drops the
publish requests.
A single 8 8 No
SUBSCRIBE
Maximum request has
subscriptions a quota of 8
per subscribe subscriptions.
request
The payload for 128 Kilobytes 128 Kilobytes No

every publish
Message size request can be no
larger than 128
KB. AWS IoT Core
rejects publish and
connect requests
larger than this
size.
Outbound publish 20000 2000 Yes

requests count
Outbound for every message
publish that resulted in
requests per matching a client's
second per subscription. For
account example, 2 clients
are subscribed
to topic filter a/
b. An inbound
publish request on
topic a/b results
in a total of 2
outbound publish
requests.
Version 1.0
491
Service quotas

name in select AWS
*
Regions
The duration 3600 Seconds 3600 Seconds Yes

for which the
Persistent message broker
session expiry stores an MQTT
period persistent session.
The expiry period
begins when the
message broker
detects the session
has become
disconnected.
After the expiry
period has
elapsed, the
message broker
terminates the
session and
discards any
associated queued
messages. You can
adjust this to a
value from 1 hour
to 7 days.

restricts each
Publish client connection
requests per to a maximum
second per number of
connection inbound and
outbound publish
requests per
second. This
limit includes
messages sent to
offline persistent
session. Publish
requests that
exceed that quota
are discarded.
Version 1.0
492
Service quotas

name in select AWS
*
Regions
AWS IoT Core 500 500 Yes

restricts an
Queued account to
messages per a maximum
second per number of queued
account messages per
second per
account. This limit
applies when AWS
IoT Core stores the
messages send to
offline persistent
sessions.

rate that AWS
Retained IoT Core can
message accept inbound
inbound publish requests
publish of MQTT messages
requests per with the RETAIN
second per flag set.This
account rate includes all
inbound publish
requests whether
invoked by the
HTTP or MQTT
protocol.
MQTT/HTTP 1 1 No
publish requests
Retained with RETAIN flag
message set made to the
inbound same topic per
publish second.
requests per
second per
topic

restricts an
Subscriptions account to a
per account maximum number
of subscriptions
across all active
connections.
Version 1.0
493
Service quotas

name in select AWS
*
Regions

supports 50
Subscriptions subscriptions per
per connection connection. AWS
IoT Core might
reject subscription
requests on the
same connection
in excess of this
amount and the
connection is
closed. Clients
should validate
the SUBACK
message to
ensure that their
subscription
requests have
been successfully
processed.

restricts an
Subscriptions account to a
per second per maximum number
account of subscriptions
per second.
For example,
if there are 2
MQTT SUBSCRIBE
requests sent
within a second,
each with 3
subscriptions
(topic filters),
AWS IoT Core
counts those as 6
subscriptions.
Data received 512 Kilobytes 512 Kilobytes No

or sent over a
Throughput client connection
per second per is processed
connection at a maximum
throughput rate.
Data that exceeds
the maximum
throughput
is delayed in
processing.
Version 1.0
494
Service quotas

name in select AWS
*
Regions
The topic passed 256 Bytes 256 Bytes No

to AWS IoT Core
Topic size when sending a
publish request
can be no larger
than 256 bytes of
UTF-8 encoded
characters. This
excludes the first
3 mandatory
segments for
Basic Ingest topics
($AWS/rules/rule-
name/).
The WebSocket 86400 Seconds 86400 Seconds No

connection
WebSocket lifetime is 24
connection hours. If the
duration lifetime is
exceeded, The
WebSocket
connection will be
closed.
*
China (Ningxia)
AWS IoT Core protocol-related limits and quotas

These limits are now found in the section called “AWS IoT Core message broker and protocol limits and
quotas” (p. 488).
AWS IoT Core credential provider limits and quotas

AWS IoT Core credential limits and quotas
name in select AWS
*
Regions

number of
AssumeRoleWithCertificate
transactions per
that can be
made for the
AssumeRoleWithCertificate
API.
Maximum number 100 100 No

of AWS IoT Core
Version 1.0
495
Service quotas

name in select AWS
*
Regions
Maximum number role aliases
of AWS IoT registered in your
Core role AWS account.
aliases AWS IoT role
alias allows
connected devices
to authenticate
to AWS IoT using
X.509 certificates
and obtain
short-lived AWS
credentials from
an IAM role that
is associated with
the role alias.
*
Select AWS Regions: US East (N. Virginia), US West (Oregon), Europe (Ireland)
Note
Large Region limits apply to AWS Regions: US East (N. Virginia), US West (Oregon), and Europe
(Ireland)
AWS IoT Core security and identity limits and quotas

AWS IoT Core security and identity limits and quotas
Configurable endpoints: 10 Yes

maximum number of
Configurable domain configurations
endpoints: maximum per account
number of domain
configurations per
account
Custom authentication: 10 No
maximum number
Custom of authorizers that
authentication: can be registered to
maximum number of your AWS account.
authorizers per Authorizers have a
account lambda function that
implements custom
authentication and
authorization.
The maximum number 10 No

of CA certificates
Maximum number of with the same subject
CA certificates field allowed per AWS
with the same account per region. If
subject field you have more than
one CA certificate with
Version 1.0
496
Service quotas

allowed per AWS the same subject field,
account per Region you must specify the
CA certificate that
was used to sign the
device certificate being
registered.

of device certificates
Maximum number that can be registered
of device per second. You can
certificates that select up to 15 files to
can be registered register.
per second
Maximum number of 10 Yes

domain configurations
Maximum number per AWS account per
of domain AWS Region.
configurations per
account per region
Maximum number 5 No
of fleet provisioning
Maximum number of template versions
fleet provisioning per template. Each
template versions template version
per template has a version ID and
a creation date for
devices connecting to
AWS IoT using fleet
previsioning.
Maximum number 256 No

of fleet provisioning
Maximum number of templates per
fleet provisioning customer. Use fleet
templates per provisioning templates
customer to generate certificates
connect to AWS IoT.

of named policy
Maximum number versions. A managed
of named policy AWS IoT policy can
versions have up to five versions.
To update a policy,
create a new policy
version. If the policy
has five versions, you
must delete an existing
version before creating
a new one.
Version 1.0
497
Service quotas

of policies that can
Maximum number be attached to a
of policies that client certificate or
can be attached an Amazon Cognito
to a certificate identity, which is
or Amazon Cognito 10. Amazon Cognito
identity identity enables you
to create temporary,
limited-privilege AWS
credentials for use
in mobile and web
applications.

of provisioning claims
Maximum number that can be generated
of provisioning per second by a trusted
claims that can user. A trusted user
be generated per can be an end user or
second by trusted installation technician
user who uses a mobile app
or web application to
configure the device in
its deployed location.
The maximum 2048 No

size of the policy
Maximum policy document, which
document size is 2048 characters
excluding white spaces.
Maximum size of fleet 10 Kilobytes No

provisioning templates
Maximum size of in Kilobytes. Fleet
fleet provisioning provisioning templates
template allow you to generate
certificates and private
keys for your devices
to securely connect to
AWS IoT.
Additional AWS IoT Core security limits
Resource Description Default Adjustable
Maximum number of When you're providing the server 4 No

domain names per certificates for AWS IoT custom domain
server certificate configuration, certificates can have a
maximum of four domain names.
Custom authentication: The Lambda function of a custom 300 No

minimum connection authorizer uses a DisconnectAfterInSeconds
duration (value of parameter to indicate the maximum
DisconnectAfterInSecs) duration (in seconds) of the connection to
Version 1.0
498
Service quotas

the AWS IoT Core gateway. The connection
is terminated if it exceeds this value.
Custom authentication: The maximum duration (in seconds) 86,400 No

maximum connection of the connection to the AWS IoT
duration (value of Core gateway, defined by the value of
DisconnectAfterInSecs) DisconnectAfterInSecs.
Custom authentication: The Lambda function of a 300 No

minimum policy custom authorizer uses a
refresh rate (value of RefreshAfterInSeconds parameter to
RefreshAfterInSecs) indicate the interval (in seconds) between
policy refreshes when connected to the
AWS IoT Core gateway. When this interval
passes, AWS IoT Core invokes the Lambda
function to allow for policy refreshes.
Custom authentication: The maximum time interval between policy 86,400 No

maximum policy refreshes when connected to the AWS
refresh rate (value of IoT Core gateway, defined by the value of
RefreshAfterInSecs) RefreshAfterInSeconds.
MQTT-based File Delivery

MQTT-based File Delivery Resource Quotas
Streams per account The maximum number of streams per 10,000* No

account.
Files per stream The maximum number of files per stream. 10 No
File size The maximum file size (in MB). 24 MB No
Maximum data block The maximum data block size. 128 KB No

size
Minimum data block size The minimum data block size. 256 bytes No
Maximum block offset The maximum block offset specified in a 98,304 No

specified in a stream file stream file request.
request
Maximum blocks that The maximum number of blocks that can be 98,304 No
can be requested per requested per stream file request.
stream file request
Maximum block bitmap The maximum block bitmap size. 12,288 No

size bytes
* For additional information, see Using AWS IoT MQTT-based file delivery in devices in the AWS IoT
Developer Guide.
Version 1.0
499
Service quotas
MQTT-based File Delivery Throttling
API Transactions Per Second
CreateStream 15 TPS
DeleteStream 15 TPS
DescribeStream 15 TPS
ListStreams 15 TPS
UpdateStream 15 TPS
AWS IoT Core Device Advisor limits and quotas

AWS IoT Core Device Advisor limits and quotas

of test devices that
Concurrently can be concurrently
connected devices connected per test suite
run.

of suites an AWS
Concurrently account can run
running test concurrently.
suites

of connections to an
Connections per account-specific test
test endpoint endpoint.

of MQTT Connect
MQTT CONNECT requests sent from a
requests per test device per second
account per account.

of MQTT Connect
MQTT CONNECT requests sent from a
requests per test device per second
client ID per client ID.

of CreateSuiteDefinition
Rate of API requests you can
CreateSuiteDefinition
make per second.
API requests

of DeleteSuiteDefinition
make per second.
Version 1.0
500
Service quotas

Rate of
DeleteSuiteDefinition
API requests

of GetSuiteDefinition
GetSuiteDefinition make per second.
API requests

of GetSuiteRun API
Rate of requests you can make
GetSuiteRun API per second.
requests

of GetSuiteRunReport
GetSuiteRunReport make per second.
API requests

of ListSuiteDefinitions
ListSuiteDefinitionsmake per second.
API requests

of ListSuiteRuns API
ListSuiteRuns API per second.
requests

of ListTagsForResource
ListTagsForResource make per second.
API requests

of ListTestCases API
ListTestCases API per second.
requests

of StartSuiteRun API
StartSuiteRun API per second.
requests

of TagResource API
TagResource API per second.
requests
Version 1.0
501
AWS IoT Device Defender

of UntagResource API
UntagResource API per second.
requests
The maximum 10 No
number of
Rate of UpdateSuiteDefinition
UpdateSuiteDefinition
API requests make per second.
The maximum time 10800 Seconds No

until a test case fails if
Test case not completed.
execution time

of test cases in one test
Test cases per suite.
test suite
AWS IoT Device Defender endpoints and quotas

Service endpoints

Name

(Ohio)

Virginia)

West (N.
California)

(Oregon)

Pacific
(Hong
Kong)
Version 1.0
502
Service endpoints

Name

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)

(Central) central-1


(Ireland)

(London)

(Paris)

(Stockholm)

East south-1
(Bahrain)

GovCloud east-1
(US-East)

GovCloud west-1
(US-West)
Version 1.0
503
Service quotas
Service quotas
AWS IoT Device Defender audits limits and quotas

of scheduled audits.
Scheduled audits

of simultaneous in
Simultaneous in progress on-demand
progress on-demand audits.
audits
The maximum time, in 90 No

days, that audit findings
Storage duration are stored after being
for audit findings reported.
The following service quotas apply to mitigation actions and audit mitigation action tasks:
AWS IoT Device Defender mitigation limits and quotas

of mitigation actions.
Mitigation actions
Audit mitigation action limits
Resource Limit
Number of audit mitigation action tasks running 10 tasks

at the same time
Retention period for audit mitigation action tasks 90 days
AWS IoT Device Defender detect limits and quotas

of behavior metric
Behavior metric value elements (counts,
value elements IP addresses, ports) for
for each security each security profile.
profile

of behaviors for each
Behaviors for each security profile
security profile
Version 1.0
504
Service quotas

of detect custom
Custom metrics metrics.
The minimum time, in 300 Seconds Yes

seconds, that a device
Device metric must wait between
minimum delay sending metric reports.

of device-side metric
Device metric peak reports that can be
reporting rate for sent, per second,
an account from all devices in an
account.

of detect metric
Metric dimensions dimensions.

of security profiles
Security profiles for each target (thing
for each target group or user account).
The maximum time, 14 No

in days, that detect
Storage duration metrics are stored after
for detect metrics being ingested.
The maximum time, 30 No

in days, that detect
Storage duration violations are stored
for detect after being generated.
violations
ML Detect limits
Resource Quota Adjustable
Number of Detect mitigation 5 maximum Yes

action tasks that can be running
at the same time
Retention period for Detect 90 days maximum Yes

mitigation action tasks
Retention period for models 30 days maximum No

(time after which models are
expired)
AWS IoT Device Defender API throttling limits
This table describes the maximum number of transactions per second (TPS) that can be made to each of
these AWS IoT Device Defender API actions.
Version 1.0
505
Service quotas
AWS IoT Device Defender API throttling limits

of transactions per
AttachSecurityProfile
second (TPS) that
API TPS can be made for the
AttachSecurityProfile
API.

of transactions per
CancelAuditMitigationActionsTask
second (TPS) that
CancelAuditMitigationActionsTask
API.

of transactions per
CancelAuditTask second (TPS) that
CancelAuditTask API.

of transactions per
CancelDetectMitigationActionsTask
second (TPS) that
CancelDetectMitigationActionsTask
API.

of transactions per
CreateAuditSuppression
second (TPS) that
CreateAuditSuppression
API.

of transactions per
CreateCustomMetric second (TPS) that
CreateCustomMetric
API.

of transactions per
CreateMitigationAction
second (TPS) that
CreateMitigationAction
API.

of transactions per
CreateScheduledAuditsecond (TPS) that
CreateScheduledAudit
API.
Version 1.0
506
Service quotas

of transactions per
CreateSecurityProfile
second (TPS) that
CreateSecurityProfile
API.

of transactions per
DeleteAccountAuditConfiguration
second (TPS) that
DeleteAccountAuditConfiguration
API.

of transactions per
DeleteAuditSuppression
second (TPS) that
DeleteAuditSuppression
API.

of transactions per
DeleteCustomMetric second (TPS) that
DeleteCustomMetric
API.

of transactions per
DeleteDimension second (TPS) that
DeleteDimension API.

of transactions per
DeleteMitigationAction
second (TPS) that
DeleteMitigationAction
API.

of transactions per
DeleteScheduledAuditsecond (TPS) that
DeleteScheduledAudit
API.

of transactions per
DeleteSecurityProfile
second (TPS) that
DeleteSecurityProfile
API.
Version 1.0
507
Service quotas

of transactions per
DescribeAccountAuditConfiguration
second (TPS) that
DescribeAccountAuditConfiguration
API.

of transactions per
DescribeAuditFindingsecond (TPS) that
DescribeAuditFinding
API.

of transactions per
DescribeAuditMitigationActionsTask
second (TPS) that
DescribeAuditMitigationActionsTask
API.

of transactions per
DescribeAuditSuppression
second (TPS) that
DescribeAuditSuppression
API.

of transactions per
DescribeAuditTask second (TPS) that
DescribeAuditTask API.

of transactions per
DescribeCustomMetricsecond (TPS) that
DescribeCustomMetric
API.

of transactions per
DescribeDetectMitigationActionsTask
second (TPS) that
DescribeDetectMitigationActionsTask
API.

of transactions per
DescribeDimension second (TPS) that
DescribeDimension API.
Version 1.0
508
Service quotas

of transactions per
DescribeMitigationAction
second (TPS) that
DescribeMitigationAction
API.

of transactions per
DescribeScheduledAudit
second (TPS) that
DescribeScheduledAudit
API.

of transactions per
DescribeSecurityProfile
second (TPS) that
DescribeSecurityProfile
API.

of transactions per
DetachSecurityProfile
second (TPS) that
DetachSecurityProfile
API.

of transactions per
ListActiveViolationssecond (TPS) that
ListActiveViolations API.

of transactions per
ListAuditFindings second (TPS) that
ListAuditFindings API.

of transactions per
ListAuditMitigationActionsExecutions
second (TPS) that
ListAuditMitigationActionsExecutions
API.

of transactions per
ListAuditMitigationActionsTasks
second (TPS) that
ListAuditMitigationActionsTasks
API.
Version 1.0
509
Service quotas

of transactions per
ListAuditSuppressions
second (TPS) that
ListAuditSuppressions
API.

of transactions per
ListAuditTasks API second (TPS) that
TPS can be made for the
ListAuditTasks API.

of transactions per
ListCustomMetrics second (TPS) that
ListCustomMetrics API.

of transactions per
ListDetectMitigationActionsExecutions
second (TPS) that
ListDetectMitigationActionsExecutions
API.

of transactions per
ListDetectMitigationActionsTasks
second (TPS) that
ListDetectMitigationActionsTasks
API.

of transactions per
ListDimensions API second (TPS) that
TPS can be made for the
ListDimensions API.

of transactions per
ListMetricValues second (TPS) that
ListMetricValues API.

of transactions per
ListMitigationActions
second (TPS) that
ListMitigationActions
API.
Version 1.0
510
Service quotas

of transactions per
ListScheduledAudits second (TPS) that
ListScheduledAudits
API.

of transactions per
ListSecurityProfilessecond (TPS) that
ListSecurityProfiles API.

of transactions per
ListSecurityProfilesForTarget
second (TPS) that
ListSecurityProfilesForTarget
API.

of transactions per
ListTargetsForSecurityProfile
second (TPS) that
ListTargetsForSecurityProfile
API.

of transactions per
ListViolationEvents second (TPS) that
ListViolationEvents API.

of transactions per
PutVerificationStateOnViolation
second (TPS) that
PutVerificationStateOnViolation
API.

of transactions per
StartAuditMitigationActionsTask
second (TPS) that
StartAuditMitigationActionsTask
API.

of transactions per
StartDetectMitigationActionsTask
second (TPS) that
StartDetectMitigationActionsTask
API.
Version 1.0
511
Service quotas

of transactions per
StartOnDemandAuditTask
second (TPS) that
StartOnDemandAuditTask
API.

of transactions per
UpdateAccountAuditConfiguration
second (TPS) that
UpdateAccountAuditConfiguration
API.

of transactions per
UpdateAuditSuppression
second (TPS) that
UpdateAuditSuppression
API.

of transactions per
UpdateCustomMetric second (TPS) that
UpdateCustomMetric
API.

of transactions per
UpdateDimension second (TPS) that
UpdateDimension API.

of transactions per
UpdateMitigationAction
second (TPS) that
UpdateMitigationAction
API.

of transactions per
UpdateScheduledAuditsecond (TPS) that
UpdateScheduledAudit
API.

of transactions per
UpdateSecurityProfile
second (TPS) that
UpdateSecurityProfile
API.
Version 1.0
512
AWS IoT Device Management

of transactions per
ValidateSecurityProfileBehaviors
second (TPS) that
ValidateSecurityProfileBehaviors
API.
AWS IoT Device Management endpoints and

quotas
Service endpoints
Topics
• AWS IoT Core - control plane endpoints (p. 513)
• AWS IoT Core - data plane endpoints (p. 515)
• AWS IoT Device Management - jobs data endpoints (p. 517)
• AWS IoT Device Management - secure tunneling endpoints (p. 518)
• AWS IoT FIPS endpoints (p. 521)
AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations.
For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS
IoT operations in the AWS IoT API Reference.

Name

(Ohio)

Virginia)

West (N.
California) iot-fips.us-west-1.amazonaws.com HTTPS

(Oregon)
iot-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
513
Service endpoints

Name

Pacific
(Hong
Kong)

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)

(Central) central-1
iot-fips.ca-central-1.amazonaws.com HTTPS


(Ireland)

(London)

(Paris)

(Stockholm)

East south-1
(Bahrain)

America
(São
Paulo)

GovCloud east-1
(US-East) iot-fips.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
514
Service endpoints

Name

GovCloud west-1
(US-West) iot-fips.us-gov-west-1.amazonaws.com HTTPS
AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the
AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint
CLI command shown here, or the DescribeEndpoint REST API.
aws iot describe-endpoint --endpoint-type iot:Data-ATS
This command returns your Data Plane API endpoint in the following format:
account-specific-prefix.iot.aws-region.amazonaws.com
For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT
data plane operations in the AWS IoT API Reference.
The following table contains generic representations of the AWS account-specific endpoints for each
AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces data shown in the generic endpoint representation.

Name
US East us-east-2 data-ats.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 data-ats.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 data-ats.iot.us-west-1.amazonaws.com HTTPS

West (N.
California) data.iot-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 data-ats.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
data.iot-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 data-ats.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- data-ats.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
515
Service endpoints

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- data-ats.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
data.iot-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- data-ats.iot.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)

(Paris)
Europe eu-north-1 data-ats.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- data-ats.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 data-ats.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- data-ats.iot.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) data.iot-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- data-ats.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) data.iot-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
516
Service endpoints
AWS IoT Device Management - jobs data endpoints

The AWS IoT Device Management - jobs data endpoints are specific to each AWS account and AWS
Region. To find the AWS IoT Device Management - jobs data endpoint for your AWS account and AWS
Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.
aws iot describe-endpoint --endpoint-type iot:Jobs
This command returns your Jobs data plane API endpoint in the following format:
account-specific-prefix.jobs.iot.aws-region.amazonaws.com.
For information about the actions supported by the AWS IoT Device Management - jobs data endpoints,
see AWS IoT jobs data plane operations in the AWS IoT API Reference.
The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data
operations. In the Endpoint column, the account-specific-prefix from your account-specific
endpoint replaces the prefix shown in the generic endpoint representation.

Name
US East us-east-2 prefix.jobs.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 prefix.jobs.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 prefix.jobs.iot.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 prefix.jobs.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 prefix.jobs.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- prefix.jobs.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)
Version 1.0
517
Service endpoints

Name

(Tokyo)
Canada ca- prefix.jobs.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
China cn-north-1 prefix.jobs.iot.cn-north-1.amazonaws.com.cn HTTPS

(Beijing)
China cn- prefix.jobs.iot.cn- HTTPS

Europe eu- prefix.jobs.iot.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)

(Paris)
Europe eu-north-1 prefix.jobs.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- prefix.jobs.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 prefix.jobs.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- prefix.jobs.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
AWS IoT Device Management - secure tunneling endpoints

AWS IoT supports additional endpoints for secure tunneling.
Secure Tunneling Management APIs Endpoints

Name
US East us-east-2 api.tunneling.iot.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
518
Service endpoints

Name
US East (N. us-east-1 api.tunneling.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 api.tunneling.iot.us-west-1.amazonaws.com HTTPS

West (N.
California) api.tunneling.iot-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 api.tunneling.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
api.tunneling.iot-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 api.tunneling.iot.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- api.tunneling.iot.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- api.tunneling.iot.ca-central-1.amazonaws.com HTTPS

(Central) central-1
api.tunneling.iot-fips.ca- HTTPS
Europe eu- api.tunneling.iot.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)

(Paris)
Europe eu-north-1 api.tunneling.iot.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
519
Service endpoints

Name
Middle me- api.tunneling.iot.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 api.tunneling.iot.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- api.tunneling.iot.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) api.tunneling.iot-fips.us-gov- HTTPS
AWS us-gov- api.tunneling.iot.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) api.tunneling.iot-fips.us-gov- HTTPS
Secure Tunneling Device Connection Endpoints
US East (Ohio) us-east-2 wss://data.tunneling.iot.us- HTTPS

US East (N. us-east-1 wss://data.tunneling.iot.us- HTTPS

US West (N. us-west-1 wss://data.tunneling.iot.us- HTTPS

US West us-west-2 wss://data.tunneling.iot.us- HTTPS

Asia Pacific ap-south-1 wss://data.tunneling.iot.ap- HTTPS

Asia Pacific ap-northeast-2 wss://data.tunneling.iot.ap- HTTPS

(Seoul) northeast-2.amazonaws.com
Asia Pacific ap-southeast-1 wss://data.tunneling.iot.ap- HTTPS

(Singapore) southeast-1.amazonaws.com
Asia Pacific ap-southeast-2 wss://data.tunneling.iot.ap- HTTPS

Asia Pacific ap-northeast-1 wss://data.tunneling.iot.ap- HTTPS

Asia Pacific ap-east-1 wss://data.tunneling.iot.ap- HTTPS

(Hong Kong) east-1.amazonaws.com
Canada ca-central-1 wss://data.tunneling.iot.ca- HTTPS

(Central) central-1.amazonaws.com
Version 1.0
520
Service quotas
China (Beijing) cn-north-1 wss://data.tunneling.iot.cn- HTTPS

north-1.amazonaws.com.cn
China (Ningxia) cn- wss://data.tunneling.iot.cn- HTTPS

northwest-1 northwest-1.amazonaws.com.cn
Europe eu-central-1 wss://data.tunneling.iot.eu- HTTPS

(Frankfurt) central-1.amazonaws.com
Europe eu-west-1 wss://data.tunneling.iot.eu- HTTPS

Europe eu-west-2 wss://data.tunneling.iot.eu- HTTPS

Europe (Paris) eu-west-3 wss://data.tunneling.iot.eu- HTTPS

Europe eu-north-1 wss://data.tunneling.iot.eu- HTTPS

South America sa-east-1 wss://data.tunneling.iot.sa- HTTPS

(São Paulo) east-1.amazonaws.com
Middle East me-south-1 wss://data.tunneling.iot.me- HTTPS

(Bahrain) south-1.amazonaws.com
AWS GovCloud us-gov-east-1 wss://data.tunneling.iot.us-gov- HTTPS

(US-East) east-1.amazonaws.com
AWS GovCloud us-gov-west-1 wss://data.tunneling.iot.us-gov- HTTPS

(US-West) west-1.amazonaws.com
AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2.
Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from
FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see
Connecting to AWS IoT FIPS endpoints.
Service quotas
Contents
• AWS IoT Core thing resource limits and quotas (p. 522)
• AWS IoT Core thing group resource limits and quotas (p. 523)
• AWS IoT Core bulk thing registration limits and quotas (p. 524)
• AWS IoT Core billing group restrictions (p. 525)
• AWS IoT Device Management API action limits (p. 525)
• AWS IoT Fleet Indexing (p. 532)
• AWS IoT Jobs (p. 534)
• AWS IoT Secure Tunneling (p. 538)
• Fleet Hub for AWS IoT Device Management (p. 540)
Version 1.0
521
Service quotas
AWS IoT Core thing resource limits and quotas

AWS IoT Core thing limits and quotas
Maximum number of 50 Yes

thing attributes for
Maximum number of a thing with a thing
thing attributes type. Thing types are
for a thing with a optional and make
thing type it easier to discover
things. Things with a
thing type can have up
to 50 attributes.
thing attributes for a
Maximum number of thing without a thing
thing attributes type. Things without a
for a thing thing type can have up
without a thing to three attributes.
type
Maximum size of a 128 Bytes No

thing name, which is
Maximum thing name 128 bytes of UTF-8
size encoded characters.
Number of thing types 1 No

that can be associated
Number of thing with a thing, which can
types that can be be zero or one. Thing
associated with a types are optional and
thing their use makes it easier
to discover things.
The size of thing 47 Kilobytes Yes

attributes per thing,
Size of thing which is 47 kilobytes.
attributes per Thing attributes
thing are optional name-
value pairs that store
information about the
thing, which makes
their use easier to
discover things.
Note
Thing types
The number of thing types that can be defined in an AWS account is not limited.Thing types
allow you to store description and configuration information that is common to all things
associated with the same thing type.
Version 1.0
522
Service quotas
AWS IoT Core thing group resource limits and quotas

AWS IoT Core thing group limits and quotas
The maximum depth 7 No

of a hierarchy of thing
Maximum depth groups. When you build
of a thing group a hierarchy of groups,
hierarchy the policy attached
to the parent group is
inherited by its child
group, and by all the
things in the group
and its child groups.
This makes it easier to
manage permissions for
large number of things.
attributes associated
Maximum number with a thing group.
of attributes Attributes are name-
associated with a value pairs you can use
thing group to store information
about a group. You can
add, delete, or update
the attributes of a
group.

of direct child groups
Maximum number that a thing group can
of direct child have in a thing group
groups hierarchy.

dynamic groups.
Maximum number of
dynamic groups
A thing can be added 10 No

to a maximum of 10
Maximum number of thing groups. But you
thing groups a cannot add a thing to
thing can belong more than one group
to in the same hierarchy.
This means that a thing
cannot be added to
two groups that share a
common parent.
Maximum size of a 128 No

thing group attribute
Maximum size of name, in chars.
a thing group
Version 1.0
523
Service quotas

attribute name, in
chars
Maximum size of a 800 No

thing group attribute
Maximum size of value, in chars.
a thing group
attribute value,
in chars
Maximum thing group 128 Bytes No

name size.
Maximum thing
group name size
Note
Thing group assignment
The maximum number of things that can be assigned to a thing group is not limited.
AWS IoT Core bulk thing registration limits and quotas

AWS IoT Core bulk thing registration
For any given AWS 1 No

account, only one bulk
Allowed registration task can
registration tasks run at a time.
After the bulk 2592000 Seconds No

registration task
Data retention (which can be long
policy lived) is complete,
data related to bulk
thing registration is
permanently deleted
after 30 days.
Each line in an Amazon 256000 No

S3 input JSON file can't
Maximum line exceed 256K in length.
length
Any pending or 2592000 Seconds No

incomplete bulk
Registration task registration tasks are
termination terminated after 30
days.
For more information about the JSON file used for bulk registration, see Amazon S3 input JSON file.
Version 1.0
524
Service quotas
AWS IoT Core billing group restrictions

• A thing can belong to exactly one billing group.
• Unlike thing groups, billing groups cannot be organized into hierarchies.
• For its usage to be registered for tagging or billing purposes, a device must:
• Be registered as a thing in AWS IoT Core.
• Communicate with AWS IoT Core using MQTT only.
• Authenticate with AWS IoT Core using only its thing name as the client ID.
• Use an X.509 certificate or Amazon Cognito Identity to authenticate.
For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning.
You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a
thing.
• The maximum number of billing groups per AWS account is 20,000.
AWS IoT Device Management API action limits

AWS IoT Device Management API action limits

name in select AWS
*
Regions

number of
AddThingToBillingGroup
transactions per
that can be
made for the
AddThingToBillingGroup
API.

number of
AddThingToThingGroup
transactions per
that can be
made for the
AddThingToThingGroup
API.

number of
AttachThingPrincipal
transactions per
that can be
made for the
AttachThingPrincipal
API.

number of
CreateBillingGroup
transactions per
that can be
Version 1.0
525
Service quotas

name in select AWS
*
Regions
made for the
CreateBillingGroup
API.
The maximum 5 5 Yes

number of
CreateDynamicThingGroup
transactions per
that can be
made for the
CreateDynamicThingGroup
API.

number of
CreateThing transactions per
can be made for
the CreateThing
API.

number of
CreateThingGrouptransactions per
that can be
made for the
CreateThingGroup
API.

number of
CreateThingType transactions per
that can be
made for the
CreateThingType
API.

number of
DeleteBillingGroup
transactions per
that can be
made for the
DeleteBillingGroup
API.
Version 1.0
526
Service quotas

name in select AWS
*
Regions
The maximum 5 5 Yes

number of
DeleteDynamicThingGroup
transactions per
that can be
made for the
DeleteDynamicThingGroup
API.

number of
DeleteThing transactions per
can be made for
the DeleteThing
API.

number of
DeleteThingGrouptransactions per
that can be
made for the
DeleteThingGroup
API.

number of
DeleteThingType transactions per
that can be
made for the
DeleteThingType
API.

number of
DeprecateThingType
transactions per
that can be
made for the
DeprecateThingType
API.

number of
DescribeBillingGroup
transactions per
that can be
made for the
DescribeBillingGroup
API.
Version 1.0
527
Service quotas

name in select AWS
*
Regions

number of
DescribeThing transactions per
can be made for
the DescribeThing
API.

number of
DescribeThingGroup
transactions per
that can be
made for the
DescribeThingGroup
API.

number of
DescribeThingType
transactions per
that can be
made for the
DescribeThingType
API.

number of
DetachThingPrincipal
transactions per
that can be
made for the
DetachThingPrincipal
API.

number of
ListBillingGroups
transactions per
that can be
made for the
ListBillingGroups
API.

number of
ListPrincipalThings
transactions per
that can be
made for the
ListPrincipalThings
API.
Version 1.0
528
Service quotas

name in select AWS
*
Regions

number of
ListTagsForResource
transactions per
that can be
made for the
ListTagsForResource
API.

number of
ListThingGroups transactions per
that can be
made for the
ListThingGroups
API.

number of
ListThingGroupsForThing
transactions per
that can be
made for the
ListThingGroupsForThing
API.

number of
ListThingPrincipals
transactions per
that can be
made for the
ListThingPrincipals
API.

number of
ListThingTypes transactions per
can be made for
the ListThingTypes
API.

number of
ListThings API transactions per
TPS second (TPS) that
can be made for
the ListThings API.
Version 1.0
529
Service quotas

name in select AWS
*
Regions

number of
ListThingsInBillingGroup
transactions per
that can be
made for the
ListThingsInBillingGroup
API.

number of
ListThingsInThingGroup
transactions per
that can be
made for the
ListThingsInThingGroup
API.

number of
RegisterThing transactions per
can be made for
the RegisterThing
API.

number of
RemoveThingFromBillingGroup
transactions per
that can be
made for the
RemoveThingFromBillingGroup
API.

number of
RemoveThingFromThingGroup
transactions per
that can be
made for the
RemoveThingFromThingGroup
API.

number of
TagResource transactions per
can be made for
the TagResource
API.
Version 1.0
530
Service quotas

name in select AWS
*
Regions

number of
UntagResource transactions per
that can be
made for the
UntagResource
API.

number of
UpdateBillingGroup
transactions per
that can be
made for the
UpdateBillingGroup
API.
The maximum 5 5 Yes

number of
UpdateDynamicThingGroup
transactions per
that can be
made for the
UpdateDynamicThingGroup
API.

number of
UpdateThing transactions per
can be made for
the UpdateThing
API.

number of
UpdateThingGrouptransactions per
that can be
made for the
UpdateThingGroup
API.
*
China (Ningxia)
Version 1.0
531
Service quotas
AWS IoT Fleet Indexing

AWS IoT Device Management fleet indexing limits and quotas
The maximum length of 1024 Yes

a custom field name.
Maximum length of
a custom field
name
The maximum length 1000 Yes

of a query in UTF-8
Maximum length of encoded characters.
a query

of * wildcard operators
Maximum number per query term.
of * wildcard
operators per
query term

of ? wildcard operators
Maximum number per query term.
of ? wildcard
operators per
query term

of custom fields in AWS
Maximum number of thing groups index.
custom fields in
AWS thing groups
index

of custom fields in AWS
Maximum number of things index.
custom fields in
AWS things index

of dynamic groups per
Maximum number of customer.
dynamic groups

of fleet metrics per
Maximum number of customer.
fleet metrics

of names in the named
Maximum number shadow names filter
of names in the
named shadow names
filter
Version 1.0
532
Service quotas

of values for percentile
Maximum number of aggregation type per
percentile values fleet metric.
per fleet metric

of query terms per fleet
Maximum number of metric.
query terms per
fleet metric

of query terms per
Maximum number of query.
query terms per
query

of results per search
Maximum number of query.
results per search
query
The maximum period 86400 Seconds No

of a fleet metric in
Maximum period of seconds.
a fleet metric
The minimum period 60 Seconds No

of a fleet metric in
Minimum period of seconds.
a fleet metric
AWS IoT Device Management fleet indexing API limits

of DescribeIndex calls
DescribeIndex rate per second.

of GetCardinality calls
GetCardinality per second.
rate
The maximum 20 Yes

number of
GetIndexingConfiguration
GetIndexingConfiguration
rate calls per second.

of GetPercentiles calls
GetPercentiles per second.
rate
Version 1.0
533
Service quotas

of GetStatistics calls per
GetStatistics rate second.

of ListIndices calls per
ListIndices rate second.

of SearchIndex calls per
SearchIndex rate second.
The maximum 1 Yes

number of
UpdateIndexingConfiguration
UpdateIndexingConfiguration
rate calls per second.
AWS IoT Jobs

AWS IoT Device Management jobs limits and quotas

of active Jobs in your
Active continuous AWS account per
jobs region. This limit value
is an aggregation of
both active snapshot
jobs and active
continuous jobs.

of active Jobs in your
Active snapshot AWS account per
jobs region. This limit value
is an aggregation of
both active snapshot
jobs and active
continuous jobs.
The maximum 2028 No

comment length (in
Comment length characters).

of concurrent jobs in
Concurrent jobs your AWS account per
region.
The throttle limit for 10 Yes

CreateJobTemplate.
CreateJobTemplate
throttle limit
Version 1.0
534
Service quotas

of days that job data
Data retention and job execution data
will be retained for
inactive jobs (jobs that
aren't IN_PROGRESS).

DeleteJobTemplate.
DeleteJobTemplate
throttle limit
The maximum 200 No

number of total read
DescribeJobExecution/
GetPendingJobExecutions
per account which can
throttle limit be caused by invoking
DescribeJobExecution
and/or
GetPendingJobExecutions.
In the control plane,
is limited to 10 TPS per
invocation.

DescribeJobTemplate.
DescribeJobTemplate
throttle limit

of characters in a job
DocumentSource document source.
length
The maximum job 10080 No

execution InProgress
In Progress timeout value (in
timeout minutes).

of targets you can
Job Targets assign to a job.

Job Template template description.
description length

Job description description.
length
Version 1.0
535
Service quotas

of job executions that
Job execution roll you can roll out per
out rate minute.

of characters in a Job
JobId Length id.

JobTemplateId template id.
Length

of list results per page.
List results per
page

ListJobTemplates.
ListJobTemplates
throttle limit

of job templates you
Maximum number of can own.
job templates
The minimum number 1 No

of job executions that
Minimum job you can roll out per
execution roll out minute.
rate
The minimum lifetime 60 Seconds No

(in seconds) of a pre-
Minimum pre-signed signed URL.
URL lifetime
The maximum lifetime 3600 Seconds No

(in seconds) of a pre-
Pre-signed URL signed URL.
lifetime
The maximum length 32768 Bytes Yes

of an S3 job document
S3 job document that can be sent to
length an AWS IoT device (in
Bytes).
Version 1.0
536
Service quotas
The maximum 200 No

number of total write
StartNextPendingJobExecution/
UpdateJobExecution per account which can
throttle limit be caused by invoking
StartNextPendingJobExecution
and/or
UpdatePendingJobExecution.
The maximum length of 128 No

a StatusDetail map key
StatusDetail map (in characters).
key length

of key-value pairs
StatusDetail map you can have in a
key-value pairs StatusDetail map.
The maximum length 1024 No

of a StatusDetail map
StatusDetail map value (in characters).
value length
The maximum job 10080 No

execution step timeout
Step Timer value (in minutes).
AWS IoT Device Management jobs API action limits

AssociateTargetsWithJob.
AssociateTargetsWithJob
throttle limit

CancelJob.
CancelJob throttle
limit

CancelJobExecution.
CancelJobExecution
throttle limit
The throttle limit for 10 No

CreateJob.
CreateJob throttle
limit

DeleteJob.
DeleteJob throttle
limit
Version 1.0
537
Service quotas

DeleteJobExecution.
DeleteJobExecution
throttle limit

DescribeJob.
DescribeJob
throttle limit

DescribeJobExecution.
throttle limit

GetJobDocument.
GetJobDocument
throttle limit

ListJobExecutionsForJob.
ListJobExecutionsForJob
throttle limit

ListJobExecutionsForThing.
ListJobExecutionsForThing
throttle limit

ListJobs.
ListJobs throttle
limit

UpdateJob.
UpdateJob throttle
limit
†
For definitions of data plane and control plane, see What are the ways for accessing AWS IoT Core? in
the AWS IoT Core FAQs
AWS IoT Secure Tunneling

AWS IoT Device Management secure tunneling limits and quotas

of transactions per
CloseTunnel API second per account
throttle limit which can be caused by
invoking CloseTunnel.

of transactions
Version 1.0
538
Service quotas

DescribeTunnel API per second per
throttle limit account which can be
caused by invoking
DescribeTunnel.

of transactions
ListTagsForResource per second per
API throttle limit account which can be
caused by invoking
ListTagsForResource.

of transactions per
ListTunnels API second per account
invoking ListTunnels.
The maximum 800 No

bandwidth per tunnel
Maximum bandwidth (in kbps).
per tunnel

of transactions for
Maximum connection connecting to a tunnel
rate per second.

of tags that can be used
Maximum number of per resource.
tags per resource

of Unicode characters in
Maximum tag key a tag key. Each resource
length and tag key must be
unique.

of Unicode characters
Maximum tag value in a tag value. Each tag
length key can have one value.
The maximum tunnel 12 No

lifetime (in hours), after
Maximum tunnel which a tunnel will be
lifetime closed after reaching.

of transactions per
OpenTunnel API second per account
invoking OpenTunnel.
Version 1.0
539
AWS IoT Events

of transactions per
TagResource API second per account
invoking TagResource.

of transactions
UntagResource API per second per
trottle limit account which can be
caused by invoking
UntagResource.
Fleet Hub for AWS IoT Device Management

Fleet Hub limits and quotas

of applications per
Number of Region per AWS
applications per account.
Region per AWS
account
Fleet Hub API throttling limits
Alarms 100 per Region per account Yes
CreateApplication 10 TPS Yes
DeleteApplication 10 TPS Yes
DescribeApplication 10 TPS Yes
ListApplications 10 TPS Yes
ListTagsForResource 10 TPS Yes
TagResource 10 TPS Yes
UntagResource 10 TPS Yes
UpdateApplication 10 TPS Yes
AWS IoT Events endpoints and quotas

Version 1.0
540
Service endpoints
Service endpoints
Control plane endpoints
The following table contains AWS Region-specific endpoints that AWS IoT Events supports for control
plane operations. For more information, see AWS IoT Events operations in the AWS IoT Events API
Reference.

Name
US East us-east-2 iotevents.us-east-2.amazonaws.com HTTPS

(Ohio)
iotevents-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 iotevents.us-east-1.amazonaws.com HTTPS

Virginia)
iotevents-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 iotevents.us-west-2.amazonaws.com HTTPS

(Oregon)
iotevents-fips.us-west-2.amazonaws.com HTTPS
Asia ap- iotevents.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- iotevents.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- iotevents.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- iotevents.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- iotevents.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- iotevents.ca-central-1.amazonaws.com HTTPS

(Central) central-1
iotevents-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- iotevents.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 iotevents.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 iotevents.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
541
Service endpoints

Name
AWS us-gov- iotevents.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) iotevents-fips.us-gov-west-1.amazonaws.com HTTPS
Data plane endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Events supports for data
plane operations. For more information, see AWS IoT Events data operations in the AWS IoT Events API
Reference.

Name
US East us-east-2 data.iotevents.us-east-2.amazonaws.com HTTPS

(Ohio)
data.iotevents-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 data.iotevents.us-east-1.amazonaws.com HTTPS

Virginia)
data.iotevents-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 data.iotevents.us-west-2.amazonaws.com HTTPS

(Oregon)
data.iotevents-fips.us-west-2.amazonaws.com HTTPS
Asia ap- data.iotevents.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- data.iotevents.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- data.iotevents.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- data.iotevents.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- data.iotevents.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- data.iotevents.ca-central-1.amazonaws.com HTTPS

(Central) central-1
data.iotevents-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- data.iotevents.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 data.iotevents.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
542
Service quotas

Name
Europe eu-west-2 data.iotevents.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- data.iotevents.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) data.iotevents-fips.us-gov- HTTPS
Service quotas

Description
Detector model definition size Each supported No The maximum size (in
Region: 512 Kilobytes) of a detector
Kilobytes model definition.
Detector model versions Each supported Yes The maximum number

Region: 500 of versions of a single
detector model for this
account.
Detector models Each supported Yes The maximum number of

Region: 50 Detector models for this
account.
Detector models per input Each supported No The maximum number of

Region: 10 Detector models associated
with a single input.
Detectors per detector model Each supported Yes The maximum number
Region: 100,000 of detectors created by a
detector model.
Inputs Each supported Yes The maximum number of

Region: 50 inputs for this account.
Maximum actions per alarm model Each supported Yes The maximum number of
Region: 10 actions allowed in an alarm
model.
Maximum actions per event Each supported Yes The maximum number of
Region: 10 actions allowed in an event
in a detector model.
Maximum alarm model versions per alarm Each supported Yes The maximum number of
model Region: 500 versions of a single alarm
model for this account.
Maximum alarm models per account Each supported Yes The maximum number
Region: 200 of alarm models for this
account.
Version 1.0
543
Service quotas

Description
Maximum alarm models per input Each supported No The maximum number of
Region: 10 alarm models associated
with a single input.
Maximum alarms per alarm model Each supported Yes The maximum number of
Region: 100,000 alarms created by an alarm
model.
Maximum events per state Each supported Yes The maximum number of
Region: 20 events allowed in a state in
a detector model.
Maximum messages per alarm per second Each supported No The maximum number of
Region: 10 messages sent in 1 second
to an alarm.
Maximum number of alarm models per Each supported Yes The maximum number
property in an AWS IoT SiteWise asset Region: 10 of alarm models that can
model be created for a given
property in an AWS IoT
SiteWise asset model
Maximum number of recipients per Each supported Yes The maximum number
notification action in an alarm model Region: 10 of recipients that can be
specified in a notification
action in an alarm model
Maximum total messages evaluated per Each supported Yes The maximum number of
second Region: 1,000 message evaluations across
all detectors and alarms in
a second for this account.
Maximum transition events per state Each supported Yes The maximum number of
Region: 20 transition events allowed in
a state in a detector model.
Message size Each supported Yes The maximum size of a

Region: 1 Kilobytes message (in Kilobytes).
Messages per detector per second Each supported No The maximum number of
Region: 10 messages sent in 1 second
to a detector.
Minimum timer duration Each supported Yes The smallest duration a

Region: 60 Seconds detector model timer can
be set (in seconds).
Number of detector model analyses in Each supported Yes The maximum number of
RUNNING status Region: 10 detector model analyses
in RUNNING status for this
account.
State variables per detector model Each supported Yes The maximum number of
definition Region: 50 state variables in a detector
model definition.
Version 1.0
544
AWS IoT FleetWise

Description
States per detector model Each supported Yes The maximum number of
Region: 20 states allowed in a detector
model.
Timers scheduled per detector Each supported Yes The maximum number
Region: 5 of timers scheduled by a
detector.
Trigger expressions Each supported Yes The maximum number of

Region: 20 trigger expressions per
state
For more information, see AWS IoT Events quotas in the AWS IoT Events User Guide.
AWS IoT FleetWise endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 iotfleetwise.us-east-1.amazonaws.com HTTPS

Virginia)
Europe eu-central-1 iotfleetwise.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Service quotas
The limit for AWS Control Tower is 5,000 TPS.
Resource Description Quota Adjustable
Signal catalogs in this The maximum number 1 No

account in the current of signal catalogs in this
Region account in the current
Region.
Rate of API requests The maximum number 20 TPS (or RPS) Yes
in this account in the of API requests that you
current Region can send per second
current Region.
Version 1.0
545
AWS IoT Greengrass V1
Nodes in a signal The maximum number 5,000 Yes

catalog in this account of nodes in a signal
in the current Region catalog in this account
Signals in a campaign The maximum number 500 Yes

in this account in the of signals in a campaign
current Region in this account in the
current Region.
Vehicles in a fleet in this The maximum number 2,000 Yes

account in the current of vehicles in a fleet
Region in this account in the
current Region.
Campaigns for each The maximum number 20 Yes

account in the current of campaigns in this
Region.
Model manifests in this The maximum number 150 Yes

account in the current of model manifests
current Region.
Decoder manifests for a The maximum number 100 Yes

model manifest in this of decoder manifests
account in the current for a model manifest
current Region.
Rate of ingesting The maximum number 1,000 TPS Yes

messages in this of messages AWS IoT
account in the current FleetWise can ingest
Region per second in this
Region.
Rate of ingesting The maximum number 1 TPS Yes

messages per vehicle of messages AWS IoT
in this account in the FleetWise can ingest
current Region per second for each
vehicle in this account
Note
AWS IoT FleetWise will drop messages from the vehicle if the ingest rate exceeds the default
quota. Revisit your campaign and fleet definitions to adjust the expected number of messages.
Any dropped messages cannot be recovered.
AWS IoT Greengrass V1 endpoints and quotas

Version 1.0
546
Service endpoints
Service endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass supports for group
management operations.

Name
US East us-east-2 greengrass.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 greengrass.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- greengrass.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- greengrass.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- greengrass.ap-southeast-1.amazonaws.com HTTPS

(Singapore)

(Sydney)

(Tokyo)
Europe eu- greengrass.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 greengrass.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
AWS us-gov- greengrass.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) greengrass.us-gov-east-1.amazonaws.com HTTPS
greengrass-ats.iot.us-gov-east-1.amazonaws.com MQTT and

HTTPS
greengrass-fips.us-gov-east-1.amazonaws.com
Version 1.0
547
Service endpoints

Name
HTTPS
AWS us-gov- greengrass.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) greengrass-ats.iot.us-gov-west-1.amazonaws.com MQTT and
HTTPS
greengrass.us-gov-west-1.amazonaws.com
HTTPS
AWS IoT Device Operations

The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.
To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.
US East (Ohio) us-east-2 prefix-ats.iot.us-east-2.amazonaws.com HTTPS, MQTT
US East (N. us-east-1 prefix-ats.iot.us-east-1.amazonaws.com HTTPS, MQTT

Virginia)
US West us-west-2 prefix-ats.iot.us-west-2.amazonaws.com HTTPS, MQTT

(Oregon)
Asia Pacific ap-south-1 prefix-ats.iot.ap-south-1.amazonaws.com HTTPS, MQTT

(Mumbai)
Asia Pacific ap-northeast-2 prefix-ats.iot.ap-northeast-2.amazonaws.com HTTPS, MQTT

(Seoul)
Asia Pacific ap-southeast-1 prefix-ats.iot.ap-southeast-1.amazonaws.com HTTPS, MQTT

(Singapore)

(Sydney)

(Tokyo)
China (Beijing) cn-north-1 prefix.ats.iot.cn-north-1.amazonaws.com.cn HTTPS, MQTT
Europe eu-central-1 prefix-ats.iot.eu-central-1.amazonaws.com HTTPS, MQTT

(Frankfurt)
Europe eu-west-1 prefix-ats.iot.eu-west-1.amazonaws.com HTTPS, MQTT

(Ireland)

(London)
AWS GovCloud us-gov-west-1 prefix-ats.iot.us-gov-west-1.amazonaws.com HTTPS, MQTT

(US-West)
Version 1.0
548
Service endpoints
AWS GovCloud us-gov-east-1 prefix-ats.iot.us-gov-east-1.amazonaws.com HTTPS, MQTT

(US-East)
Note
Legacy Verisign endpoints are currently supported for some Regions (p. 550), but we
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.
Discovery Operations
The following table contains AWS Region-specific ATS endpoints for device discovery operations using
the AWS IoT Greengrass Discovery API. This is a data plane API.
US East (Ohio) us-east-2 greengrass-ats.iot.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 greengrass-ats.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass-ats.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia Pacific ap-south-1 greengrass-ats.iot.ap-south-1.amazonaws.com HTTPS

(Mumbai)
Asia Pacific ap-northeast-2 greengrass-ats.iot.ap- HTTPS

Asia Pacific ap-southeast-1 greengrass-ats.iot.ap- HTTPS



China (Beijing) cn-north-1 greengrass.ats.iot.cn-north-1.amazonaws.com.cn HTTPS
Europe eu-central-1 greengrass-ats.iot.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Europe eu-west-1 greengrass-ats.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
AWS GovCloud us-gov-west-1 greengrass-ats.iot.us-gov-west-1.amazonaws.com HTTPS

(US-West)
AWS GovCloud us-gov-east-1 greengrass-ats.iot.us-gov-east-1.amazonaws.com HTTPS

(US-East)
Version 1.0
549
Service endpoints
Note
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.
Supported Legacy Endpoints

We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.
When using legacy Verisign endpoints, you must use Verisign root CA certificates.
AWS IoT Device Operations (Legacy Endpoints)
US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com HTTPS, MQTT

Virginia)
US West us-west-2 prefix.iot.us-west-2.amazonaws.com HTTPS, MQTT

(Oregon)
Asia Pacific ap- prefix.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT

Asia Pacific ap- prefix.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT

(Tokyo) northeast-1
Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com HTTPS, MQTT

(Frankfurt)
Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com HTTPS, MQTT

(Ireland)
To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.
Discovery Operations (Legacy Endpoints)
US East (N. us-east-1 greengrass.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia Pacific ap- greengrass.iot.ap-southeast-2.amazonaws.com HTTPS

Asia Pacific ap- greengrass.iot.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) northeast-1
Europe eu-central-1 greengrass.iot.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Version 1.0
550
Service quotas
Europe eu-west-1 greengrass.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas
AWS IoT Greengrass Cloud API
Description Default
Maximum number of AWS IoT devices per AWS 2500

IoT Greengrass group.
Maximum number of Lambda functions per group. 200
Maximum number of resources per Lambda 20

function.
Maximum number of resources per group. 200
Maximum number of transactions per second See the section called “TPS” (p. 551).
(TPS) on the AWS IoT Greengrass APIs.
Maximum number of subscriptions per group. 10000
Maximum number of subscriptions that specify 50

Cloud as the source per group.
Maximum length of a core thing name. 124 bytes of UTF-8 encoded characters.
TPS
The default quota for the maximum number of transactions per second on the AWS IoT Greengrass APIs
depends on the API and the AWS Region where AWS IoT Greengrass is used.
For most APIs and supported AWS Regions (p. 547), the default quota is 30. Exceptions are noted in the
following tables.
API exceptions
API Default
CreateDeployment 20
AWS Region exceptions
AWS Region Default
China (Beijing) 10
AWS GovCloud (US-West) 10
AWS GovCloud (US-East) 10
Version 1.0
551
AWS IoT Greengrass V2
This quota applies per AWS account. For example, in the US East (N. Virginia) Region, each account has
a default quota of 30 TPS. Each API (such as CreateGroupVersion or ListFunctionDefinitions)
has a quota of 30 TPS. This includes control plane and data plane operations. Requests that exceed the
account or API quotas are throttled. To request account and API quota increases, including quotas for
specific APIs, contact your AWS Enterprise Support representative.
AWS IoT Greengrass Core
Description Default
Maximum number of routing table entries that 50 (matches AWS IoT subscription quota)
specify Cloud as the source.
Maximum size of messages sent by an AWS IoT 128 KB (matches AWS IoT message size quota)
device.
Minimum message queue size in the Greengrass 256 KB

core router.
Maximum length of a topic string. 256 bytes of UTF-8 encoded characters.
Maximum number of forward slashes (/) in a topic 7

or topic filter.
Minimum disk space needed to run the Greengrass 128 MB

Core software.
400 MB when using OTA updates
Minimum RAM to run the Greengrass Core 128 MB

software.
198 MB when using stream manager
The Greengrass Core software provides a service to detect the IP addresses of your Greengrass core
devices. It sends this information to the AWS IoT Greengrass cloud service and allows AWS IoT devices to
download the IP address of the Greengrass core they need to connect to.
Do not use this feature if any of the following is true:
• The IP address of a Greengrass core device changes frequently.

• The Greengrass core device is not always available to AWS IoT devices in its group.
• The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine
which address to use.
• Your organization's security policies don't allow you to send devices' IP addresses to the AWS Cloud.
AWS IoT Greengrass V2 endpoints and quotas

Version 1.0
552
Service endpoints
Service endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass V2 supports for
operations to manage components, devices, and deployments.

Name
US East us-east-2 greengrass.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 greengrass.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- greengrass.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- greengrass.ca-central-1.amazonaws.com HTTPS

(Central) central-1
China cn-north-1 greengrass.cn-north-1.amazonaws.com.cn HTTPS

(Beijing)
Europe eu- greengrass.eu-central-1.amazonaws.com HTTPS


(Ireland)

(London)
AWS us-gov- greengrass.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) greengrass.us-gov-west-1.amazonaws.com HTTPS
greengrass-ats.iot.us-gov-west-1.amazonaws.com
Version 1.0
553
Service endpoints

Name
MQTT and
HTTPS
AWS us-gov- greengrass.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) greengrass.us-gov-east-1.amazonaws.com HTTPS
greengrass-ats.iot.us-gov-east-1.amazonaws.com MQTT and

HTTPS
AWS IoT Device Operations

The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.
To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.
US East (Ohio) us-east-2 prefix-ats.iot.us-east-2.amazonaws.com HTTPS, MQTT
US East (N. us-east-1 prefix-ats.iot.us-east-1.amazonaws.com HTTPS, MQTT

Virginia)
US West us-west-2 prefix-ats.iot.us-west-2.amazonaws.com HTTPS, MQTT

(Oregon)
Asia Pacific ap-south-1 prefix-ats.iot.ap-south-1.amazonaws.com HTTPS, MQTT

(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca-central-1 prefix-ats.iot.ca-central-1.amazonaws.com HTTPS, MQTT

(Central)
China (Beijing) cn-north-1 prefix.ats.iot.cn-north-1.amazonaws.com.cn HTTPS, MQTT
Europe eu-central-1 prefix-ats.iot.eu-central-1.amazonaws.com HTTPS, MQTT

(Frankfurt)

(Ireland)

(London)
Version 1.0
554
Service endpoints
AWS GovCloud us-gov-west-1 prefix-ats.iot.us-gov-west-1.amazonaws.com HTTPS, MQTT

(US-West)
AWS GovCloud us-gov-east-1 prefix-ats.iot.us-gov-east-1.amazonaws.com HTTPS, MQTT

(US-East)
Note
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.
Date Plane Operations

The following table contains AWS Region-specific ATS endpoints for data plane API operations, such as
ResolveComponentCandidates.
US East (Ohio) us-east-2 greengrass-ats.iot.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 greengrass-ats.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass-ats.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia Pacific ap-south-1 greengrass-ats.iot.ap-south-1.amazonaws.com HTTPS

(Mumbai)




Canada ca-central-1 greengrass-ats.iot.ap- HTTPS

(Central) northeast-1.amazonaws.com
China (Beijing) cn-north-1 greengrass.ats.iot.cn-north-1.amazonaws.com.cn HTTPS
Europe eu-central-1 greengrass-ats.iot.eu-central-1.amazonaws.com HTTPS

(Frankfurt)

(Ireland)

(London)
Version 1.0
555
Service endpoints
AWS GovCloud us-gov-west-1 greengrass-ats.iot.us-gov-west-1.amazonaws.com HTTPS

(US-West)
AWS GovCloud us-gov-east-1 greengrass-ats.iot.us-gov-east-1.amazonaws.com HTTPS

(US-East)
Note
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.
Supported Legacy Endpoints

We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass V2 currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.
When using legacy Verisign endpoints, you must use Verisign root CA certificates.
AWS IoT Device Operations (Legacy Endpoints)
US East (N. us-east-1 prefix.iot.us-east-1.amazonaws.com HTTPS, MQTT

Virginia)
US West us-west-2 prefix.iot.us-west-2.amazonaws.com HTTPS, MQTT

(Oregon)
Asia Pacific ap- prefix.iot.ap-southeast-2.amazonaws.com HTTPS, MQTT

Asia Pacific ap- prefix.iot.ap-northeast-1.amazonaws.com HTTPS, MQTT

(Tokyo) northeast-1
Europe eu-central-1 prefix.iot.eu-central-1.amazonaws.com HTTPS, MQTT

(Frankfurt)
Europe eu-west-1 prefix.iot.eu-west-1.amazonaws.com HTTPS, MQTT

(Ireland)
To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.
Data Plane Operations (Legacy Endpoints)
US East (N. us-east-1 greengrass.iot.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 greengrass.iot.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
556
Service quotas
Asia Pacific ap- greengrass.iot.ap-southeast-2.amazonaws.com HTTPS

Asia Pacific ap- greengrass.iot.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) northeast-1
Europe eu-central-1 greengrass.iot.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Europe eu-west-1 greengrass.iot.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas
The following tables describe quotas in AWS IoT Greengrass V2. For more information about quotas and
how to request quota increases, see AWS service quotas (p. 991).
Quotas for core devices
Maximum length of a core 124 bytes of UTF-8 encoded No

device thing name characters
Quotas for components
Resource Quota Adjustable Notes
Maximum number of 5,000 components per Yes

components Region
Maximum number of 5,000 versions per Yes

component versions component per Region
Maximum size of 8 KB No
component recipe
Maximum total size of 2 GB No This quota applies to

component artifacts the sum of all artifacts
for a component.
Quotas for deployments
Maximum size of 7 KB No The deployment

deployment document document includes
for a thing deployment the component
(without large configurations,
configuration support) deployment
configurations, and
payload overhead.
Version 1.0
557
AWS IoT RoboRunner
Maximum size of 31 KB No The deployment

for a thing group the component
deployment (without configurations,
large configuration deployment
support) configurations, and
payload overhead.
Maximum size of 6 MB No The deployment

with large configuration the component
support configurations,
deployment
configurations, and
payload overhead.
Quotas for API operations
Request rate for 1 request per second No

CreateComponentVersion per Region
Request rate for other 30 requests per second No This quota applies to
API operations per Region the combination of API
requests for all control
plane operations.
Exceptions
• China (Beijing) – 10
requests per second
per Region
• AWS GovCloud (US-
West) – 10 requests
per second per
Region
• AWS GovCloud (US-
East) – 10 requests
per second per
Region
AWS IoT RoboRunner endpoints and quotas

Version 1.0
558
Service endpoints
Service endpoints

Name
US East (N. us-east-1 iotroborunner.us-east-1.amazonaws.com HTTPS

Virginia)
Europe eu-central-1 iotroborunner.eu-central-1.amazonaws.com HTTPS

(Frankfurt)
Service quotas

Description
Action templates Each supported Yes The maximum number of

Region: 150 action templates you can
current region.
Actions Each supported Yes The maximum number of

Region: 150 actions you can create in
region.
Activities Each supported Yes The maximum number of

Region: 30 activities you can create in
region.
Destination relationships Each supported Yes The maximum number of

Region: 30 destination relationships
region.
Destinations Each supported Yes The maximum number

Region: 15 of destinations you can
current region.
Rate of CreateAction requests Each supported No The maximum number of

Region: 10 CreateAction requests that
Rate of CreateActionTemplate requests Each supported No The maximum number

Region: 10 of CreateActionTemplate
per second.
Rate of CreateActionTemplateDependency Each supported No The maximum number of

requests Region: 10 CreateActionTemplateDependency
per second.
Version 1.0
559
Service quotas

Description
Rate of CreateActivity requests Each supported No The maximum number of

Region: 10 CreateActivity requests that
Rate of CreateActivityDependency Each supported No The maximum number of

requests Region: 10 CreateActivityDependency
per second.
Rate of CreateDestination requests Each supported No The maximum number of

Region: 5 CreateDestination requests
that you can make per
second.
Rate of CreateDestinationRelationship Each supported No The maximum number of

requests Region: 5 CreateDestinationRelationship
per second.
Rate of CreateSite requests Each supported No The maximum number of

Region: 5 CreateSite requests that
Rate of CreateTask requests Each supported No The maximum number of

Region: 10 CreateTask requests that
Rate of CreateTaskDependency requests Each supported No The maximum number of

Region: 10 CreateTaskDependency
per second.
Rate of CreateWorker requests Each supported No The maximum number of

Region: 5 CreateWorker requests that
Rate of CreateWorkerFleet requests Each supported No The maximum number of

Region: 5 CreateWorkerFleet requests
second.
Rate of DeleteAction requests Each supported No The maximum number of

Region: 3 DeleteAction requests that
Rate of DeleteActionTemplate requests Each supported No The maximum number

Region: 3 of DeleteActionTemplate
per second.
Rate of DeleteActionTemplateDependency Each supported No The maximum number of

requests Region: 3 DeleteActionTemplateDependency
per second.
Version 1.0
560
Service quotas

Description
Rate of DeleteActivity requests Each supported No The maximum number of

Region: 3 DeleteActivity requests that
Rate of DeleteActivityDependency Each supported No The maximum number of

requests Region: 3 DeleteActivityDependency
per second.
Rate of DeleteDestination requests Each supported No The maximum number of

Region: 3 DeleteDestination requests
second.
Rate of DeleteDestinationRelationship Each supported No The maximum number of

requests Region: 3 DeleteDestinationRelationship
per second.
Rate of DeleteSite requests Each supported No The maximum number of

Region: 3 DeleteSite requests that
Rate of DeleteTask requests Each supported No The maximum number of

Region: 3 DeleteTask requests that
Rate of DeleteTaskDependency requests Each supported No The maximum number of

Region: 3 DeleteTaskDependency
per second.
Rate of DeleteWorker requests Each supported No The maximum number of

Region: 3 DeleteWorker requests that
Rate of DeleteWorkerFleet requests Each supported No The maximum number of

Region: 3 DeleteWorkerFleet requests
second.
Rate of GetAction requests Each supported No The maximum number of

Region: 20 GetAction requests that you
can make per second.
Rate of GetActionTemplate requests Each supported No The maximum number

Region: 20 of GetActionTemplate
per second.
Rate of GetActivity requests Each supported No The maximum number of

Region: 20 GetActivity requests that
Version 1.0
561
Service quotas

Description
Rate of GetDestination requests Each supported No The maximum number of

Region: 20 GetDestination requests
second.
Rate of GetDestinationRelationship Each supported No The maximum number of

requests Region: 20 GetDestinationRelationship
per second.
Rate of GetSite requests Each supported No The maximum number of

Region: 20 GetSite requests that you
Rate of GetTask requests Each supported No The maximum number of

Region: 20 GetTask requests that you
Rate of GetWorker requests Each supported No The maximum number of

Region: 20 GetWorker requests that
Rate of GetWorkerFleet requests Each supported No The maximum number of

Region: 20 GetWorkerFleet requests
second.
Rate of ListActionTemplates requests Each supported No The maximum number

Region: 30 of ListActionTemplates
per second.
Rate of ListActions requests Each supported No The maximum number of

Region: 30 ListActions requests that
Rate of ListActivities requests Each supported No The maximum number of

Region: 30 ListActivities requests that
Rate of ListDestinationRelationships Each supported No The maximum number of

requests Region: 30 ListDestinationRelationships
per second.
Rate of ListDestinations requests Each supported No The maximum number of

Region: 30 ListDestinations requests
second.
Rate of ListSites requests Each supported No The maximum number of

Region: 30 ListSites requests that you
Rate of ListTasks requests Each supported No The maximum number of

Region: 30 ListTasks requests that you
Version 1.0
562
Service quotas

Description
Rate of ListWorkerFleets requests Each supported No The maximum number of

Region: 30 ListWorkerFleets requests
second.
Rate of ListWorkers requests Each supported No The maximum number of

Region: 30 ListWorkers requests that
Rate of UpdateActionState requests Each supported No The maximum number

Region: 10 of UpdateActionState
per second.
Rate of UpdateActivity requests Each supported No The maximum number of

Region: 10 UpdateActivity requests
second.
Rate of UpdateDestination requests Each supported No The maximum number of

Region: 5 UpdateDestination requests
second.
Rate of UpdateSite requests Each supported No The maximum number of

Region: 5 UpdateSite requests that
Rate of UpdateTask requests Each supported No The maximum number of

Region: 10 UpdateTask requests that
Rate of UpdateWorker requests Each supported No The maximum number of

Region: 5 UpdateWorker requests
second.
Rate of UpdateWorkerFleet requests Each supported No The maximum number

Region: 5 of UpdateWorkerFleet
per second.
Sites Each supported Yes The maximum number

Region: 3 of sites you can create in
region.
Tasks Each supported Yes The maximum number

Region: 30 of tasks you can create in
region.
Worker fleets Each supported Yes The maximum number

Region: 9 of worker fleets you can
current region.
Version 1.0
563
AWS IoT SiteWise

Description
Workers Each supported Yes The maximum number of

Region: 60 workers you can create in
region.
AWS IoT SiteWise endpoints and quotas

Service endpoints

Name
US East us-east-2 iotsitewise.us-east-2.amazonaws.com HTTPS

(Ohio)
iotsitewise-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 iotsitewise.us-east-1.amazonaws.com HTTPS

Virginia)
iotsitewise-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 iotsitewise.us-west-2.amazonaws.com HTTPS

(Oregon)
iotsitewise-fips.us-west-2.amazonaws.com HTTPS
Asia ap- iotsitewise.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- iotsitewise.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- iotsitewise.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- iotsitewise.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- iotsitewise.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- iotsitewise.ca-central-1.amazonaws.com HTTPS

(Central) central-1
iotsitewise-fips.ca-central-1.amazonaws.com HTTPS
Version 1.0
564
Service quotas

Name
Europe eu- iotsitewise.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 iotsitewise.eu-west-1.amazonaws.com HTTPS

(Ireland)
AWS us-gov- iotsitewise.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) iotsitewise-fips.us-gov-west-1.amazonaws.com HTTPS
For more information, see AWS IoT SiteWise endpoints in the AWS IoT SiteWise User Guide.
Service quotas

Description
Depth of asset model hierarchy tree Each supported Yes The maximum asset model
Region: 30 hierarchy tree depth.
Number of OPC UA sources per gateway Each supported No The maximum number
Region: 100 of OPC-UA sources per
gateway.
Number of asset models per Region per Each supported Yes The maximum number of
AWS account Region: 1,000 asset models per Region
per AWS account.
Number of asset models per hierarchy tree Each supported Yes The maximum number of
Region: 100 asset models per hierarchy
tree.
Number of assets per asset model Each supported Yes The maximum number of
Region: 10,000 assets per asset model.
Number of child assets per parent asset Each supported Yes The maximum number
Region: 2,000 of child assets per parent
asset.
Number of dashboards per project Each supported Yes The maximum number of
Region: 100 dashboards per project.
Number of data points per second per Each supported No The maximum number of
data quality per asset property Region: 10 data points with the same
timestamp in seconds per
data quality for each asset
property. You can store up
to this number of good-
quality, uncertain-quality,
and bad-quality data points
for any given second for
each asset property.
Version 1.0
565
Service quotas

Description
Number of days between the start Each supported Yes The maximum number
date in the past and today for Region: 28 of days between the
GetInterpolatedAssetPropertyValues start date and today.
This quota applies to
the startTimeInSeconds
parameter when
you specify a start
date in the past for
GetInterpolatedAssetPropertyValues
requests.
Number of functions per property formula Each supported No The maximum number of
expression Region: 10 functions that can be used
in one property formula
expression.
Number of gateways per Region per AWS Each supported Yes The maximum number of
account Region: 100 gateways per Region per
AWS account.
Number of hierarchy definitions per asset Each supported Yes The maximum number of
model Region: 30 hierarchy definitions per
asset model.
Number of metrics per dashboard Each supported Yes The maximum number
visualization Region: 5 of metrics per dashboard
visualization.
Number of parent asset models per child Each supported Yes The maximum number of
asset model Region: 10,000 parent asset models per
child asset model.
Number of portals per Region per AWS Each supported Yes The maximum number of
account Region: 100 portals per Region per AWS
account.
Number of projects per portal Each supported Yes The maximum number of
Region: 100 projects per portal.
Number of properties per asset model Each supported Yes The maximum number of
Region: 500 properties per asset model.
Number of properties that depend on a Each supported No The maximum number of

single property Region: 30 properties that directly
or indirectly depend
on a single property, as
defined across all formula
expressions.
Number of properties that directly depend Each supported Yes The maximum number of
on a single property Region: 20 properties that directly
depend on a single
property, as defined across
all formula expressions.
Version 1.0
566
Service quotas

Description
Number of property variables per property Each supported No The maximum number of
formula expression Region: 10 property variables that can
be used in one property
formula expression.
Number of results per Each supported Yes The maximum

GetInterpolatedAssetPropertyValues Region: 10 number of results to
request return per paginated
GetInterpolatedAssetPropertyValues
request.
Number of root assets per project Each supported No The maximum number of
Region: 1 root assets associated per
project.
Number of visualizations per dashboard Each supported Yes The maximum number
Region: 10 of visualizations per
dashboard.
Rate of BatchPutAssetPropertyValue Each supported No The maximum number of

entries ingested per asset property Region: 10 BatchPutAssetPropertyValue
entries ingested per second
per asset property per
Region per AWS account.
Rate of GetAssetPropertyAggregates Each supported No The maximum

request and Region: 50 number of total
BatchGetAssetPropertyAggregates entry GetAssetPropertyAggregates
queries per asset property requests and
BatchGetAssetPropertyAggregates
entries for each asset
property per second per
Region per AWS Account.
Rate of GetAssetPropertyValue request Each supported No The maximum

and BatchGetAssetPropertyValue entry Region: 500 number of total
queries per asset property GetAssetPropertyValue
requests and
BatchGetAssetPropertyValue
Rate of GetAssetPropertyValueHistory Each supported No The maximum

request and Region: 30 number of total
BatchGetAssetPropertyValueHistory entry GetAssetPropertyValueHistory
queries per asset property requests and
BatchGetAssetPropertyValueHistory
Version 1.0
567
Service quotas

Description

GetInterpolatedAssetPropertyValues Region: 500 GetInterpolatedAssetPropertyValues
requests requests per second that
Region.
Rate of data points ingested Each supported Yes The maximum number of
Region: 1,000 timestamp-quality-value
(TQV) data points ingested
per second per Region per
AWS account.
Request rate for AssociateAssets Each supported Yes The maximum number of
Region: 100 requests per second per
Region per AWS account for
AssociateAssets.
Request rate for Each supported Yes The maximum number of

AssociateTimeSeriesToAssetProperty Region: 100 requests per second per
AssociateTimeSeriesToAssetProperty.

BatchGetAssetPropertyAggregates Region: 200 requests per second per
BatchGetAssetPropertyAggregates.

BatchGetAssetPropertyValue Region: 500 requests per second per
BatchGetAssetPropertyValue.

BatchGetAssetPropertyValueHistory Region: 200 requests per second per
BatchGetAssetPropertyValueHistory.

BatchPutAssetPropertyValue Region: 1,000 requests per second per
BatchPutAssetPropertyValue.
Request rate for CreateAsset Each supported Yes The maximum number of
CreateAsset.
Request rate for CreateAssetModel Each supported Yes The maximum number of
CreateAssetModel.
Request rate for DeleteAsset Each supported Yes The maximum number of
DeleteAsset.
Version 1.0
568
Service quotas

Description
Request rate for DeleteAssetModel Each supported Yes The maximum number of
DeleteAssetModel.
Request rate for DeleteTimeSeries Each supported Yes The maximum number of
DeleteTimeSeries.
Request rate for DescribeAsset Each supported Yes The maximum number of
DescribeAsset.
Request rate for DescribeAssetModel Each supported Yes The maximum number of
DescribeAssetModel.
Request rate for DescribeAssetProperty Each supported Yes The maximum number of
DescribeAssetProperty.

DescribeDefaultEncryptionConfiguration Region: 10 requests per second per
DescribeDefaultEncryptionConfiguration.
Request rate for DescribeLoggingOptions Each supported Yes The maximum number of
DescribeLoggingOptions.

DescribeStorageConfiguration Region: 10 requests per second per
DescribeStorageConfiguration.
Request rate for DescribeTimeSeries Each supported Yes The maximum number of
DescribeTimeSeries.
Request rate for DisassociateAssets Each supported Yes The maximum number of
DisassociateAssets.

DisassociateTimeSeriesFromAssetProperty Region: 100 requests per second per
DisassociateTimeSeriesFromAssetProperty
Version 1.0
569
Service quotas

Description

GetAssetPropertyAggregates Region: 1,000 requests per second per
GetAssetPropertyAggregates.
Request rate for GetAssetPropertyValue Each supported Yes The maximum number of
Region: 1,000 requests per second per
GetAssetPropertyValue.

GetAssetPropertyValueHistory Region: 1,000 requests per second per
GetAssetPropertyValueHistory.
Request rate for ListAssetModels Each supported Yes The maximum number of
ListAssetModels.
Request rate for ListAssetRelationships Each supported Yes The maximum number of
ListAssetRelationships.
Request rate for ListAssets Each supported Yes The maximum number of
ListAssets.
Request rate for ListAssociatedAssets Each supported Yes The maximum number of
ListAssociatedAssets.
Request rate for ListTagsForResource Each supported Yes The maximum number of
ListTagsForResource.
Request rate for ListTimeSeries Each supported Yes The maximum number of
ListTimeSeries.

PutDefaultEncryptionConfiguration Region: 10 requests per second per
PutDefaultEncryptionConfiguration.
Request rate for PutLoggingOptions Each supported Yes The maximum number of
PutLoggingOptions.
Version 1.0
570
AWS IoT TwinMaker

Description
Request rate for PutStorageConfiguration Each supported Yes The maximum number of
PutStorageConfiguration.
Request rate for TagResource Each supported Yes The maximum number of
TagResource.
Request rate for UntagResource Each supported Yes The maximum number of
UntagResource.
Request rate for UpdateAsset Each supported Yes The maximum number of
UpdateAsset.
Request rate for UpdateAssetModel Each supported Yes The maximum number of
UpdateAssetModel.
Request rate for UpdateAssetProperty Each supported Yes The maximum number of
UpdateAssetProperty.
For more information, see AWS IoT SiteWise quotas in the AWS IoT SiteWise User Guide.
AWS IoT TwinMaker endpoints and quotas

Service endpoints
US East (N. Virginia) us-east-1 iottwinmaker.us- HTTPS

US West (Oregon) us-west-2 iottwinmaker.us- HTTPS

Europe (Ireland) eu-west-1 iottwinmaker.eu- HTTPS

Version 1.0
571
Service quotas
Asia Pacific (Singapore) ap-southeast-1 iottwinmaker.ap- HTTPS

Europe (Frankfurt) eu-central-1 iottwinmaker.eu- HTTPS

Asia Pacific (Sydney) ap-southeast-2 iottwinmaker.ap- HTTPS

Service quotas
Workspaces in this The maximum number 15 Yes

account in the current of workspaces in this
Region.
Component types per The maximum number 150 Yes

workspace of unique component
types per workspace.
Depth of component The maximum depth 10 Yes

type hierarchy of the component type
hierarchy tree.
Parent component The maximum number 10 No

types per child of multi-inheritance
component type parent component
types or extendsFrom
relationships one
component type can
have.
Properties per The maximum number 200 Yes

component type or of properties that
component can be defined on a
component type or
added to any given
component instance.
Entities per workspace The maximum number 10000 Yes

of entities allowed per
workspace.
Components per entity The maximum number 10 Yes

of components that
can be defined on one
entity.
Depth of entity The maximum depth 10 Yes

hierarchy of the entity hierarchy
tree.
Version 1.0
572
AWS IoT TwinMaker API throttling limits
Child entities per parent The maximum number 100 Yes

entity of direct children for
one entity in the entity
hierarchy tree.
Scenes per workspace The maximum number 100 Yes

of scenes within a
workspace.
Tags per resource The maximum number 50 No

of tags that can be
placed on any resource
with an ARN (such
as workspace, entity,
component type, etc.).
AWS IoT TwinMaker API throttling limits

This topic describes the maximum number of transactions per second (TPS) that can be made to AWS IoT
TwinMaker API actions per AWS account.
• Request rate for Model and Scene API operations limit: 10 TPS per AWS account.
• Request rate for Data read and write API operations limit: 100 TPS per AWS account.
Note
The TPS limits apply to all regions, and are not adjustable.
Amazon Interactive Video Service endpoints and

quotas
Service endpoints
Amazon IVS uses an API for setting up and configuring IVS streaming applications. Amazon IVS Chat uses
the main Chat API for setting up and managing chat rooms, and the Chat Messaging API for sending and
receiving chat messages.
IVS endpoints
US East (N. Virginia) us-east-1 ivs.us-east-1.amazonaws.com HTTPS
Version 1.0
573
Service quotas
US West (Oregon) us-west-2 ivs.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 ivs.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 ivs.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 ivs.ap-northeast-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 ivs.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 ivs.eu-west-1.amazonaws.com HTTPS
IVS Chat endpoints
US East (N. Virginia) us-east-1 ivschat.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 ivschat.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 ivschat.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 ivschat.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 ivschat.ap-northeast-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 ivschat.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 ivschat.eu-west-1.amazonaws.com HTTPS
IVS Chat Messaging endpoints
US East (N. Virginia) us-east-1 edge.ivschat.us-east-1.amazonaws.com WSS
US West (Oregon) us-west-2 edge.ivschat.us-west-2.amazonaws.com WSS
Asia Pacific (Mumbai) ap-south-1 edge.ivschat.ap-south-1.amazonaws.com WSS
Asia Pacific (Seoul) ap-northeast-2 edge.ivschat.ap- WSS

Asia Pacific (Tokyo) ap-northeast-1 edge.ivschat.ap- WSS

Europe (Frankfurt) eu-central-1 edge.ivschat.eu-central-1.amazonaws.com WSS
Europe (Ireland) eu-west-1 edge.ivschat.eu-west-1.amazonaws.com WSS
Service quotas
For more information, see Service Quotas in the Amazon IVS User Guide.
Version 1.0
574
Service quotas
If there is a discrepancy, regard the User Guide as definitive.
IVS quotas
Channels 5,000 Yes Maximum number of channels, per AWS Region.
Concurrent streams 100 Yes Maximum number of channels that can be

streamed simultaneously, per AWS Region. If you
exceed this threshold, the stream is rejected.
Concurrent views 15,000 Yes Maximum number of views allowed to playback a

live channel simultaneously, across all channels,
in an AWS Region. (A view is a unique viewing
session which is actively downloading or playing
video.)
Ingest bitrate (channel 1.5 Mbps No Maximum bits per second that can be streamed to
type BASIC) or a channel whose type is BASIC.
3.5 Mbps
• If input video quality is 480p or less, the default
quota is 1.5 Mbps.
• If input video quality is more than 480p but less
than 1080p, the default quota is 3.5 Mbps.
Warning: If you exceed this threshold, the stream

probably will disconnect immediately. See the
Amazon IVS API Reference for details about
channel type.
Ingest bitrate (channel 8.5 Mbps No Maximum bits per second that can be streamed to
type STANDARD) a channel whose type is STANDARD (the default).
Warning: If you exceed this threshold, the stream
probably will disconnect immediately. See the
Amazon IVS API Reference for details about
channel type.
Metadata payload 1 KB No Maximum size of a PutMetadata request payload

(Amazon IVS API).
Playback authorization 3 No Maximum number of playback authorization key

key pairs pairs, per AWS Region.
Playback token size 2 KB No Maximum size of the entire JSON web token
(JWT) used to initiate playback.
PutMetadata rate per 5 No Maximum PutMetadata transactions per second

channel per channel.
Recording 20 Yes Maximum number of recording configurations, per

configurations AWS Region.
Stream key 1 No Maximum number of stream keys per channel.
Version 1.0
575
Amazon Kendra
IVS Chat quotas
Concurrent chat 5,000 Yes Maximum number of concurrent chat connections

connections per account, across all your rooms in an AWS
Region.
Message review handler 200 No Timeout period in milliseconds for all your
timeout period message review handlers in the current AWS
Region. If this is exceeded, the message is
allowed or denied depending on the value of the
fallbackResult field you configured for the
message review handler.
Rate of DeleteMessage 10 Yes Maximum number of DeleteMessage requests

requests across all your that can be made per second across all your
rooms rooms. The requests can come from either the
Amazon IVS Chat API or the Amazon IVS Chat
Messaging API (WebSocket).
Rate of DisconnectUser 10 Yes Maximum number of DisconnectUser requests

requests across all your that can be made per second across all your
rooms rooms. The requests can come from either the
Amazon IVS Chat API or the Amazon IVS Chat
Rate of messaging 3 No Maximum number of messaging requests per

requests per connection second that a chat connection can make. The
message rate limit per chat room is configurable
with the maximumMessageRatePerSecond field
of Create Room and Update Room.
Rate of SendMessage 100 Yes Maximum number of SendMessage requests that

requests across all your can be made per second across all your rooms.
rooms These requests come from the Amazon IVS Chat
Rate of SendMessage 10 No Maximum number of SendMessage requests

requests per room that can be made per second for any one
of your rooms. This is configurable with the
maximumMessageRatePerSecond field of
Create Room and Update Room. These requests
come from the Amazon IVS Chat Messaging API
(WebSocket).
Rooms 5,000 Yes Maximum number of chat rooms per account, per
AWS Region.
Amazon Kendra endpoints and quotas

Version 1.0
576
Service endpoints
Service endpoints
Name
US East us-east-2 kendra.us-east-2.amazonaws.com HTTPS

(Ohio)
kendra-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 kendra.us-east-1.amazonaws.com HTTPS

Virginia)
kendra-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 kendra.us-west-2.amazonaws.com HTTPS

(Oregon)
kendra-fips.us-west-2.amazonaws.com HTTPS
Asia ap- kendra.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- kendra.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Canada ca- kendra.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu-west-1 kendra.eu-west-1.amazonaws.com HTTPS

(Ireland)
AWS us-gov- kendra.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) kendra-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Data sources (developer edition) Each supported No The maximum number of

Region: 5 data sources per developer
edition index.
Data sources (enterprise edition) Each supported Yes The maximum number of
Region: 50 data sources per enterprise
edition index.
Developer edition indexes Each supported Yes The maximum number of

Region: 5 developer edition indexes
that can be created per
account.
Enterprise edition indexes Each supported Yes The maximum number of

Region: 5 enterprise edition indexes
account.
Version 1.0
577
Service quotas

Description
Extracted text size Each supported Yes The maximum extracted

Region: 5 text size, in MB, from a file
Megabytes that can be ingested.
FAQs Each supported Yes The maximum number of

Region: 30 FAQs that can be created
per index.
File size Each supported Yes The maximum file size, in

Region: 50 MB, that can be ingested.
Megabytes
Ingestion attributes string list size Each supported Yes The maximum string list
Region: 10 size per ingestion attribute.
Items in a query suggestions block list Each supported Yes The maximum number
Region: 20,000 of items in a query
suggestions block list.
Query attributes user group list size Each supported Yes The maximum user group
Region: 10 list size per query attribute.
Query capacity units Each supported Yes The maximum number of

Region: 100 query capacity units per
index.
Query suggestions block list file size Each supported Yes The maximum query
Region: 2 suggestions block list file
Megabytes size in MB.
Query suggestions block lists Each supported No The maximum number of

Region: 1 query suggestions block
lists per index.
Query suggestions returned in API Each supported Yes The maximum number of
Region: 10 query suggestions returned
in a GetQuerySuggestions
API call.
Spell correction query suggestions Each supported Yes The maximum number
Region: 1 of spell-corrected query
suggestions to return in a
Query API call.
Storage capacity units Each supported Yes The maximum number of

Region: 100 storage capacity units per
index.
Synonym rules per thesaurus Each supported Yes The maximum number
Region: 10,000 of synonym rules per
thesaurus.
Synonyms per term Each supported No The maximum number of

Region: 10 synonyms per term in all
thesauri in a index.
Thesauri Each supported No The maximum number of

Region: 1 thesauri per index.
Version 1.0
578
Amazon Keyspaces

Description
Thesaurus file size Each supported Yes The maximum thesaurus

Region: 5 file size in MB.
Megabytes
Amazon Keyspaces (for Apache Cassandra)

Service endpoints

Name
US East us-east-2 cassandra.us-east-2.amazonaws.com HTTPS

(Ohio) and TLS
US East (N. us-east-1 cassandra.us-east-1.amazonaws.com HTTPS

Virginia) and TLS
cassandra-fips.us-east-1.amazonaws.com
TLS
US us-west-1 cassandra.us-west-1.amazonaws.com HTTPS

West (N. and TLS
California)
US West us-west-2 cassandra.us-west-2.amazonaws.com HTTPS

(Oregon) and TLS
cassandra-fips.us-west-2.amazonaws.com
TLS
Asia ap-east-1 cassandra.ap-east-1.amazonaws.com HTTPS

Pacific and TLS
(Hong
Kong)
Asia ap- cassandra.ap-south-1.amazonaws.com HTTPS

Pacific south-1 and TLS
(Mumbai)
Asia ap- cassandra.ap-northeast-2.amazonaws.com HTTPS

Pacific northeast-2 and TLS
(Seoul)
Asia ap- cassandra.ap-southeast-1.amazonaws.com HTTPS

Pacific southeast-1 and TLS
(Singapore)
Version 1.0
579
Service endpoints

Name
Asia ap- cassandra.ap-southeast-2.amazonaws.com HTTPS

Pacific southeast-2 and TLS
(Sydney)
Asia ap- cassandra.ap-northeast-1.amazonaws.com HTTPS

Pacific northeast-1 and TLS
(Tokyo)
Canada ca- cassandra.ca-central-1.amazonaws.com HTTPS

(Central) central-1 and TLS
Europe eu- cassandra.eu-central-1.amazonaws.com HTTPS

(Frankfurt) central-1 and TLS
Europe eu-west-1 cassandra.eu-west-1.amazonaws.com HTTPS

(Ireland) and TLS

(London) and TLS

(Paris) and TLS
Europe eu-north-1 cassandra.eu-north-1.amazonaws.com HTTPS

(Stockholm) and TLS
Middle me- cassandra.me-south-1.amazonaws.com HTTPS

East south-1 and TLS
(Bahrain)
South sa-east-1 cassandra.sa-east-1.amazonaws.com HTTPS

America and TLS
(São
Paulo)
AWS us-gov- cassandra.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1 and TLS
(US-East) cassandra.us-gov-east-1.amazonaws.com
TLS
AWS us-gov- cassandra.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1 and TLS
(US-West) cassandra.us-gov-west-1.amazonaws.com
TLS
For the following AWS Regions, FIPS endpoints are available.
Region Region FIPS Endpoint Protocol

Name
US East (N. us-east-1 cassandra-fips.us-east-1.amazonaws.com TLS

Virginia)
US West us-west-2 cassandra-fips.us-west-2.amazonaws.com TLS

(Oregon)
Version 1.0
580
Service quotas
Service quotas

Description
Account-level read throughput quota Each supported Yes The maximum number of
(Provisioned mode) Region: 80,000 aggregate read capacity
units (RCUs) allocated for
the account per region;
keyspaces/latest/devguide/
quotas.html
Account-level write throughput quota Each supported Yes The maximum number of
(Provisioned mode) Region: 80,000 aggregate write capacity
units (WCUs) allocated for
the account per region;
quotas.html
Concurrent DDL operations Each supported No The maximum number

Region: 50 of concurrent DDL
operations allowed
per region. For more
quotas.html
Keyspaces per region Each supported Yes The maximum number

Region: 256 of keyspaces that can be
created per region.
Max Schema size Each supported No The maximum size for a

Region: 358,400 table schema. For more
Bytes information, see https://
quotas.html
Max amount of data restored using Point- Each supported Yes The maximum size of data
in-time Recovery (PITR) Region: 5 Terabytes that can be restored using
PITR within 24 hours.
Max clustering key size Each supported No The maximum combined

Region: 850 Bytes size of all clustering
columns. Up to 4 bytes
of additional storage are
added to the raw size of
Version 1.0
581
Service quotas

Description
each clustering column
for metadata. For more
quotas.html
Max concurrent table restores using Point- Each supported Yes The maximum number of
in-time Recovery (PITR) Region: 4 concurrent table restores
using PITR per subscriber is
4
Max partition key size Each supported No The maximum size of the
Region: 2,048 Bytes compound partition key.
Up to 3 bytes of additional
storage are added to the
raw size of each column
included in the partition
key for metadata. For more
quotas.html
Max row size Each supported No The maximum size

Region: 1 of a row, excluding
Megabytes static column data.
For details see https://
quotas.html
Max static data per logical partition Each supported No The maximum aggregate
Region: 1 size of static data in a
Megabytes logical partition. For
details see https://
quotas.html
Table-level read throughput quota Each supported Yes The maximum read
Region: 40,000 throughput (RCUs & RRUs
per second) that can
be allocated to a table
in the region. For more
quotas.html
Version 1.0
582
AWS KMS

Description
Table-level write throughput quota Each supported Yes The maximum write
Region: 40,000 throughput (WCUs &
WRUs per second) that
can be allocated to a
table per region. For more
quotas.html
Tables per region Each supported Yes The maximum number

Region: 256 of tables that can be
created per region across
all keyspaces.
For more information, see Quotas for Amazon Keyspaces (for Apache Cassandra) in the Amazon
Keyspaces (for Apache Cassandra) Developer Guide.
AWS Key Management Service endpoints and

quotas
Service endpoints
Name
US East us-east-2 kms.us-east-2.amazonaws.com HTTPS

(Ohio)
kms-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 kms.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 kms.us-west-1.amazonaws.com HTTPS

West (N.
California) kms-fips.us-west-1.amazonaws.com HTTPS
kms-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 kms.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
583
Service endpoints

Name
Africa af-south-1 kms.af-south-1.amazonaws.com HTTPS

(Cape
Town) kms-fips.af-south-1.amazonaws.com HTTPS
kms-fips.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 kms.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong kms-fips.ap-east-1.amazonaws.com HTTPS
Kong)
kms-fips.ap-east-1.amazonaws.com HTTPS
Asia ap- kms.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) kms-fips.ap-southeast-3.amazonaws.com HTTPS
kms-fips.ap-southeast-3.amazonaws.com HTTPS
Asia ap- kms.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) kms-fips.ap-south-1.amazonaws.com HTTPS
kms-fips.ap-south-1.amazonaws.com HTTPS
Asia ap- kms.ap-northeast-3.amazonaws.com HTTPS

(Osaka) kms-fips.ap-northeast-3.amazonaws.com HTTPS
kms-fips.ap-northeast-3.amazonaws.com HTTPS

(Seoul) kms-fips.ap-northeast-2.amazonaws.com HTTPS

(Singapore) kms-fips.ap-southeast-1.amazonaws.com HTTPS

(Sydney) kms-fips.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) kms-fips.ap-northeast-1.amazonaws.com HTTPS
Version 1.0
584
Service endpoints

Name
Canada ca- kms.ca-central-1.amazonaws.com HTTPS

(Central) central-1
kms-fips.ca-central-1.amazonaws.com HTTPS
kms-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- kms.eu-central-1.amazonaws.com HTTPS

kms-fips.eu-central-1.amazonaws.com HTTPS
kms-fips.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 kms.eu-west-1.amazonaws.com HTTPS

(Ireland)
kms-fips.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- kms.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
kms-fips.eu-south-1.amazonaws.com HTTPS
kms-fips.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 kms.eu-north-1.amazonaws.com HTTPS

(Stockholm)
kms-fips.eu-north-1.amazonaws.com HTTPS
kms-fips.eu-north-1.amazonaws.com HTTPS
Middle me- kms.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) kms-fips.me-south-1.amazonaws.com HTTPS
kms-fips.me-south-1.amazonaws.com HTTPS
Middle me- kms.me-central-1.amazonaws.com HTTPS

kms-fips.me-central-1.amazonaws.com HTTPS
kms-fips.me-central-1.amazonaws.com HTTPS
South sa-east-1 kms.sa-east-1.amazonaws.com HTTPS

America
(São kms-fips.sa-east-1.amazonaws.com HTTPS
Paulo)
kms-fips.sa-east-1.amazonaws.com HTTPS
Version 1.0
585
Service quotas

Name
AWS us-gov- kms.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) kms-fips.us-gov-east-1.amazonaws.com HTTPS
kms-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- kms.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) kms-fips.us-gov-west-1.amazonaws.com HTTPS
kms-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Aliases per CMK Each supported Yes The maximum number of

Region: 50 customer-created aliases
per CMK permitted in each
AWS Region of this AWS
account. Aliases that AWS
creates in your account
with the aws/ prefix do
not count against this
quota. An alias is a friendly
name for a customer
master key (CMK). Each
alias is associated with one
CMK, but a CMK can have
multiple aliases.
CancelKeyDeletion request rate Each supported Yes Maximum

Region: 5 per CancelKeyDeletion requests
second per second. When you
reach this quota, KMS
rejects requests for this
operation for the remainder
of the interval.
ConnectCustomKeyStore request rate Each supported Yes Maximum

Region: 5 per ConnectCustomKeyStore
second requests per second. When
you reach this quota, KMS
of the interval.
CreateAlias request rate Each supported Yes Maximum CreateAlias

Region: 5 per requests per second. When
second you reach this quota, KMS
of the interval.
Version 1.0
586
Service quotas

Description
CreateCustomKeyStore request rate Each supported Yes Maximum

Region: 5 per CreateCustomKeyStore
of the interval.
CreateGrant request rate Each supported Yes Maximum CreateGrant

of the interval.
CreateKey request rate Each supported Yes Maximum CreateKey

of the interval.
Cryptographic operations (ECC) request Each supported Yes Maximum Sign and Verify
rate Region: 300 per requests with ECC CMKs per
second second. When you reach
this quota, KMS rejects
this type of request for the
Cryptographic operations (RSA) request Each supported Yes Maximum requests for
rate Region: 500 per cryptographic operations
second with RSA CMKs per second.
This shared quota applies
to Encrypt, Decrypt,
ReEncrypt, Sign, and Verify
requests using RSA CMKs.
When you reach this quota,
KMS rejects this type of
request for the remainder
of the interval.
Version 1.0
587
Service quotas

Description
Cryptographic operations (symmetric) us-east-1: 50,000 Yes Maximum requests for

request rate per second cryptographic operations
with a symmetric CMK
us-east-2: 10,000 per second. This shared
per second quota applies to Decrypt,
Encrypt, GenerateDataKey,
us-west-2: 50,000 GenerateDataKeyWithoutPlaintext,
per second GenerateMac,
GenerateRandom,
ap-northeast-1:
ReEncrypt, and VerifyMac
10,000 per second
requests. When you reach
ap-southeast-1: this quota, KMS rejects
10,000 per second this type of request for the
ap-southeast-2:
10,000 per second
eu-central-1:
10,000 per second
eu-west-1: 50,000
per second
eu-west-2: 10,000
per second
Each of the other

supported Regions:
5,500 per second
Customer Master Keys (CMKs) Each supported Yes The maximum number
Region: 100,000 of customer managed
CMKs permitted in each
AWS Region of this AWS
account. This quota does
not apply to AWS managed
CMKs.
DeleteAlias request rate Each supported Yes Maximum DeleteAlias

of the interval.
DeleteCustomKeyStore request rate Each supported Yes Maximum

Region: 5 per DeleteCustomKeyStore
of the interval.
Version 1.0
588
Service quotas

Description
DeleteImportedKeyMaterial request rate Each supported Yes Maximum

Region: 5 per DeleteImportedKeyMaterial
of the interval.
DescribeCustomKeyStores request rate Each supported Yes Maximum

Region: 5 per DescribeCustomKeyStores
of the interval.
DescribeKey request rate Each supported Yes Maximum DescribeKey

Region: 2,000 per requests per second. When
of the interval.
DisableKey request rate Each supported Yes Maximum DisableKey

of the interval.
DisableKeyRotation request rate Each supported Yes Maximum

Region: 5 per DisableKeyRotation
of the interval.
DisconnectCustomKeyStore request rate Each supported Yes Maximum

Region: 5 per DisconnectCustomKeyStore
of the interval.
EnableKey request rate Each supported Yes Maximum EnableKey

of the interval.
Version 1.0
589
Service quotas

Description
EnableKeyRotation request rate Each supported Yes Maximum

Region: 15 per EnableKeyRotation
of the interval.
GenerateDataKeyPair (ECC_NIST_P256) Each supported Yes Maximum requests per

request rate Region: 25 per second to generate
second ECC_NIST_P256 data
key pairs. This shared
quota applies to
GenerateDataKeyPair and
GenerateDataKeyPairWithoutPlaintext
requests for
ECC_NIST_P256 data key
pairs. When you reach this
quota, KMS rejects this
type of request for the

quota applies to
requests for

quota applies to
requests for
Version 1.0
590
Service quotas

Description
GenerateDataKeyPair (ECC_SECG_P256K1) Each supported Yes Maximum requests per

second ECC_SECG_P256K1
data key pairs. This
shared quota applies to
requests for
ECC_SECG_P256K1 data
key pairs. When you reach
GenerateDataKeyPair (RSA_2048) request Each supported Yes Maximum requests per

rate Region: 1 per second to generate
second RSA_2048 data key
pairs. This shared
quota applies to
requests for RSA_2048 data
key pairs. When you reach

rate Region: 0.5 per second to generate
pairs. This shared
quota applies to
key pairs. By default, KMS
allows one request in each
2-second interval. When
rejects this type of request
interval.
Version 1.0
591
Service quotas

Description

rate Region: 0.1 per second to generate
pairs. This shared
quota applies to
key pairs. By default, KMS
allows one request in each
10-second interval. When
rejects this type of request
interval.
GetKeyPolicy request rate Each supported Yes Maximum GetKeyPolicy

of the interval.
GetKeyRotationStatus request rate Each supported Yes Maximum

Region: 1,000 per GetKeyRotationStatus
of the interval.
GetParametersForImport request rate Each supported Yes Maximum

Region: 0.25 per GetParametersForImport
second requests per second.
KMS allows one
GetParametersForImport
request in each 4-second
interval. It rejects any
additional requests for
this operation during the
interval.
GetPublicKey request rate Each supported Yes Maximum GetPublicKey

of the interval.
Grants per CMK Each supported Yes The maximum number of

Region: 50,000 grants permitted for each
customer managed CMK.
This quota includes grants
created by AWS services,
but it does not apply to
AWS managed CMKs.
Version 1.0
592
Service quotas

Description
ImportKeyMaterial request rate Each supported Yes Maximum

Region: 5 per ImportKeyMaterial requests
second per second. When you
reach this quota, KMS
of the interval.
Key policy document size Each supported No The maximum number of

Region: 32,768 bytes in each key policy
Bytes document. If a key policy
document exceeds this
length, operations that use
the key policy document to
set or change the key policy
fail.
ListAliases request rate Each supported Yes Maximum ListAliases

of the interval.
ListGrants request rate Each supported Yes Maximum ListGrants

of the interval.
ListKeyPolicies request rate Each supported Yes Maximum ListKeyPolicies

of the interval.
ListKeys request rate Each supported Yes Maximum ListKeys requests

Region: 500 per per second. When you
second reach this quota, KMS
of the interval.
ListResourceTags request rate Each supported Yes Maximum ListResourceTags

of the interval.
Version 1.0
593
Service quotas

Description
ListRetirableGrants request rate Each supported Yes Maximum

Region: 100 per ListRetirableGrants
of the interval.
PutKeyPolicy request rate Each supported Yes Maximum PutKeyPolicy

of the interval.
ReplicateKey request rate Each supported Yes Maximum ReplicateKey

of the interval.
RetireGrant request rate Each supported Yes Maximum RetireGrant

of the interval.
RevokeGrant request rate Each supported Yes Maximum RevokeGrant

of the interval.
ScheduleKeyDeletion request rate Each supported Yes Maximum

Region: 15 per ScheduleKeyDeletion
of the interval.
TagResource request rate Each supported Yes Maximum TagResource

of the interval.
Version 1.0
594
Kinesis Data Analytics

Description
UntagResource request rate Each supported Yes Maximum UntagResource

of the interval.
UpdateAlias request rate Each supported Yes Maximum UpdateAlias

of the interval.
UpdateCustomKeyStore request rate Each supported Yes Maximum

Region: 5 per UpdateCustomKeyStore
of the interval.
UpdateKeyDescription request rate Each supported Yes Maximum

Region: 5 per UpdateKeyDescription
of the interval.
UpdatePrimaryRegion request rate Each supported Yes Maximum

Region: 5 per UpdatePrimaryRegion
of the interval.
Amazon Kinesis Data Analytics endpoints and

quotas
Version 1.0
595
Service endpoints
Service endpoints

Name
US East us-east-2 kinesisanalytics.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 kinesisanalytics.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 kinesisanalytics.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 kinesisanalytics.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 kinesisanalytics.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 kinesisanalytics.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- kinesisanalytics.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- kinesisanalytics.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- kinesisanalytics.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- kinesisanalytics.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Version 1.0
596
Service quotas

Name
Europe eu- kinesisanalytics.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kinesisanalytics.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- kinesisanalytics.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 kinesisanalytics.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- kinesisanalytics.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 kinesisanalytics.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- kinesisanalytics.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- kinesisanalytics.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas

Description
Apache Flink Kinesis Processing Units Each supported Yes The maximum number of
(KPUs) Region: 32 Kinesis Processing Units
(KPUs) that your Apache
Flink application can use.
Application count Each supported Yes The maximum number of

Region: 50 applications per account
per Region.
Input Parallelism in input streams for SQL Each supported No The maximum number
applications Region: 64 of in-application
input streams for SQL
applications.
Version 1.0
597
Kinesis Data Firehose

Description
Kinesis Processing Units (KPUs) Each supported Yes The maximum number
Region: 8 of Kinesis Processing
Units (KPUs) that your
application can use.
SQL Kinesis Processing Units (KPUs) Each supported Yes The maximum number of
Region: 8 Kinesis Processing Units
(KPUs) that your SQL
application can use.
For more information, see Quotas in the Amazon Kinesis Data Analytics for Apache Flink Developer Guide.
Amazon Kinesis Data Firehose endpoints and

quotas
Service endpoints

Name
US East us-east-2 firehose.us-east-2.amazonaws.com HTTPS

(Ohio)
firehose-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 firehose.us-east-1.amazonaws.com HTTPS

Virginia)
firehose-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 firehose.us-west-1.amazonaws.com HTTPS

West (N.
California) firehose-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 firehose.us-west-2.amazonaws.com HTTPS

(Oregon)
firehose-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 firehose.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 firehose.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
598
Service endpoints

Name
Asia ap- firehose.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- firehose.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- firehose.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- firehose.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- firehose.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 firehose.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- firehose.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 firehose.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- firehose.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 firehose.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
599
Service quotas

Name
AWS us-gov- firehose.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) firehose-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- firehose.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) firehose-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Delivery streams Each supported Yes The maximum number of

Region: 50 delivery streams you can
current Region.
Dynamic Partitions Each supported No The maximum number

Region: 500 of dynamic partitions for
a delivery stream in the
current Region.
Rate of CreateDeliveryStream requests Each supported No The maximum number

Region: 5 of CreateDeliveryStream
second in this account in
the current Region.
Rate of DeleteDeliveryStream requests Each supported No The maximum number

Region: 5 of DeleteDeliveryStream
the current Region.
Rate of DescribeDeliveryStream requests Each supported No The maximum number of

Region: 5 DescribeDeliveryStream
the current Region.
Rate of ListDeliveryStream requests Each supported No The maximum number of

Region: 5 ListDeliveryStream requests
you can make per second in
Region.
Rate of ListTagsForDeliveryStream Each supported No The maximum number of

requests Region: 5 ListTagsForDeliveryStream
the current Region.
Version 1.0
600
Service quotas

Description
Rate of Put requests us-east-1: 2,000 No The maximum number of

combined PutRecord and
us-west-2: 2,000 PutRecordBatch requests
per second for a delivery
eu-west-1: 2,000 stream in the current
Region.
Each of the other
supported Regions:
1,000
Rate of StartDeliveryStreamEncryption Each supported No The maximum number of

requests Region: 5 StartDeliveryStreamEncryption
the current Region.
Rate of StopDeliveryStreamEncryption Each supported No The maximum number of

requests Region: 5 StopDeliveryStreamEncryption
the current Region.
Rate of TagDeliveryStream requests Each supported No The maximum number

Region: 5 of TagDeliveryStream
the current Region.
Rate of UntagDeliveryStream requests Each supported No The maximum number

Region: 5 of UntagDeliveryStream
the current Region.
Rate of UpdateDestination requests Each supported No The maximum number of

Region: 5 UpdateDestination requests
you can make per second in
Region.
Rate of data us-east-1: 5 No The maximum capacity in

mebibyte per second for
us-west-2: 5 a delivery stream in the
current Region.
eu-west-1: 5
Each of the other

supported Regions:
1
Version 1.0
601
Kinesis Data Streams

Description
Rate of records us-east-1: 500,000 No The maximum capacity

in records per second for
us-west-2: 500,000 a delivery stream in the
current Region.
eu-west-1: 500,000
Each of the other

supported Regions:
100,000
For more information, see Amazon Kinesis Data Firehose Quotas in the Amazon Kinesis Data Firehose
Developer Guide.
Amazon Kinesis Data Streams endpoints and

quotas
Service endpoints
Name
US East us-east-2 kinesis.us-east-2.amazonaws.com HTTPS

(Ohio)
kinesis-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 kinesis.us-east-1.amazonaws.com HTTPS

Virginia)
kinesis-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 kinesis.us-west-1.amazonaws.com HTTPS

West (N.
California) kinesis-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 kinesis.us-west-2.amazonaws.com HTTPS

(Oregon)
kinesis-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 kinesis.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 kinesis.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
602
Service endpoints

Name
Asia ap- kinesis.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- kinesis.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- kinesis.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- kinesis.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- kinesis.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kinesis.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- kinesis.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 kinesis.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- kinesis.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- kinesis.me-central-1.amazonaws.com HTTPS

Version 1.0
603
Service quotas

Name
South sa-east-1 kinesis.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- kinesis.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) kinesis.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- kinesis.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) kinesis.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Shards per Region us-east-1: 500 Yes The maximum number

of shards that you can
us-west-2: 500 create in this account in the
current Region.
eu-west-1: 500
Each of the other

supported Regions:
200
For more information, see Amazon Kinesis Data Streams Quotas in the Amazon Kinesis Data Streams
Developer Guide.
Amazon Kinesis Video Streams endpoints and

quotas
Service endpoints
Name
US East us-east-2 kinesisvideo.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
604
Service endpoints

Name
US East (N. us-east-1 kinesisvideo.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 kinesisvideo.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 kinesisvideo.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 kinesisvideo.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- kinesisvideo.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- kinesisvideo.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- kinesisvideo.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- kinesisvideo.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- kinesisvideo.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- kinesisvideo.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- kinesisvideo.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kinesisvideo.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
South sa-east-1 kinesisvideo.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
605
Service quotas
Service quotas
Description
ConnectAsMaster GO_AWAY message Each supported No The maximum duration

grace period Region: 60 Seconds of the grace period that
follows the received
GO_AWAY message,
after which the master
connection is terminated in
Region.
ConnectAsMaster connection duration Each supported No The maximum duration

Region: 3,600 of a master connection
Seconds per signaling channel in
Region.
ConnectAsMaster connections per Each supported No The maximum number of

signaling channel Region: 1 master connections per
signaling channel in this
Region.
ConnectAsMaster idle connection timeout Each supported No The maximum duration of

Region: 600 an idle master connection
Seconds before the connection
times out in this account in
the current Region.
ConnectAsViewer GO_AWAY message Each supported No The maximum duration

grace period Region: 60 Seconds of the grace period that
follows the received
GO_AWAY message,
after which the viewer
connection is terminated in
Region.
ConnectAsViewer connection duration Each supported No The maximum duration

Region: 3,600 of a viewer connection
Seconds per signaling channel in
Region.
ConnectAsViewer connections per Each supported Yes The maximum number of

signaling channel Region: 10 viewer connections per
Region.
ConnectAsViewer idle connection timeout Each supported No The maximum duration of

Region: 600 an idle viewer connection
Seconds before the connection
times out in this account in
the current Region.
Version 1.0
606
Service quotas

Description
GetClip file size Each supported No The maximum size of a

Region: 100 video file in megabytes
Megabytes retrieved by the GetClip API
in this AWS account and
Region.
GetClip fragments Each supported No The maximum number

Region: 200 of fragments that can be
contained in a video file
retrieved by the GetClip API
in this AWS account and
Region.
GetDASHManifestPlaylist fragments Each supported No The maximum number

Region: 5,000 of fragments per
GetDASHManifestPlaylist
request per playlist in this
Region.
GetHLSMediaPlaylist fragments Each supported No The maximum number

GetHLSMediaPlaylist
request per playlist in this
Region.
GetMedia bandwidth Each supported Yes The maximum bandwidth

Region: 200 for GetMedia requests
Megabits per in megabits per second
second (Mbps) in this account in
the current Region.
GetMedia concurrent connections per Each supported Yes The maximum number of
stream Region: 3 concurrent connections
that you can make with
GetMedia per stream in
Region.
GetMediaForFragmentList bandwidth Each supported Yes The maximum

Region: 200 bandwidth for
Megabits per GetMediaForFragmentList
second requests in megabits per
second (Mbps) in this
Region.
GetMediaForFragmentList connections per Each supported No The maximum number of

GetMediaForFragmentList
per stream in this account
Version 1.0
607
Service quotas

Description
GetMediaForFragmentList fragments Each supported No The maximum number

GetMediaForFragmentList
request in this account in
the current Region.
Number of signaling channels us-east-1: 10,000 Yes The maximum number of

signaling channels that you
us-west-2: 10,000 can create in this account in
the current Region.
Each of the other
supported Regions:
5,000
Number of video streams us-east-1: 10,000 Yes The maximum number of

video streams that you can
us-west-2: 10,000 create in this account in the
current Region.
Each of the other
supported Regions:
5,000
PutMedia bandwidth Each supported Yes The maximum bandwidth

Region: 100 for PutMedia requests
Megabits per in megabits per second
second (Mbps) in this account in
the current Region.
PutMedia concurrent connections per Each supported No The maximum number of

PutMedia per stream in
Region.
PutMedia fragment duration Each supported Yes The maximum fragment

Region: 10 Seconds duration in seconds for
PutMedia requests in this
Region.
PutMedia fragment size Each supported No The maximum fragment

Region: 50 size in megabytes for
Megabytes PutMedia requests in this
Region.
PutMedia minimum fragment duration Each supported No The minimum fragment

Region: 1 Seconds duration in seconds for
PutMedia requests in this
Region.
Version 1.0
608
Service quotas

Description
PutMedia tracks Each supported No The maximum number of

Region: 3 tracks within the media
that is uploaded with
PutMedia into this stream
current Region.
Rate of ConnectAsMasterAPI requests per Each supported No The maximum number of

signaling channel Region: 3 per ConnectAsMaster requests
second per signaling
channel in this account in
the current Region.
Rate of ConnectAsViewerAPI requests per Each supported No The maximum number of

signaling channel Region: 3 per ConnectAsViewer burst
per second per signaling
the current Region.
Rate of CreateSignalingChannelAPI Each supported Yes The maximum number of

requests Region: 50 per CreateSignalingChannel
per second in this account
Rate of CreateStreamAPI requests Each supported Yes The maximum number of

Region: 50 per CreateStream requests that
Region.
Rate of DeleteSignalingChannelAPI Each supported Yes The maximum number of

requests Region: 50 per DeleteSignalingChannel
Rate of DeleteSignalingChannelAPI Each supported Yes The maximum number of

requests per signaling channel Region: 5 per DeleteSignalingChannel
the current Region.
Rate of DeleteStreamAPI requests Each supported Yes The maximum number of

Region: 50 per DeleteStream requests that
Region.
Version 1.0
609
Service quotas

Description
Rate of DeleteStreamAPI requests per Each supported Yes The maximum number of
stream Region: 5 per DeleteStream requests that
Rate of DescribeSignalingChannelAPI Each supported Yes The maximum number of

requests Region: 300 per DescribeSignalingChannel
Rate of DescribeSignalingChannelAPI Each supported Yes The maximum number of

requests per signaling channel Region: 5 per DescribeSignalingChannel
the current Region.
Rate of DescribeStreamAPI requests Each supported Yes The maximum number of

Region: 300 per DescribeStream requests
the current Region.
Rate of DescribeStreamAPI requests per Each supported Yes The maximum number of
stream Region: 5 per DescribeStream requests
second per stream in this
Region.
Rate of GetDASHManifestPlaylistAPI Each supported Yes The maximum number of

requests per session Region: 5 per GetDASHManifestPlaylist
per second per session in
Region.
Rate of GetDASHStreamingSessionURLAPI Each supported Yes The maximum number of

requests per stream Region: 25 per GetDASHStreamingSessionURL
per stream per second in
Region.
Rate of GetDataEndpointAPI requests Each supported Yes The maximum number of

Region: 300 per GetDataEndpoint requests
the current Region.
Version 1.0
610
Service quotas

Description
Rate of GetDataEndpointAPI requests per Each supported Yes The maximum number of
stream Region: 5 per GetDataEndpoint requests
Region.
Rate of GetHLSMasterPlaylistAPI requests Each supported Yes The maximum number

per session Region: 5 per of GetHLSMasterPlaylist
Region.
Rate of GetHLSMediaPlaylistAPI requests Each supported Yes The maximum number

per session Region: 5 per of GetHLSMediaPlaylist
Region.
Rate of GetHLSStreamingSessionURLAPI Each supported Yes The maximum number of

requests per stream Region: 25 per GetHLSStreamingSessionURL
per stream per second in
Region.
Rate of GetICEServerConfigAPI requests Each supported No The maximum number

per signaling channel Region: 5 per of GetICEServerConfig
make per second for this
Region.
Rate of GetMP4InitFragmentAPI requests Each supported Yes The maximum number

per session Region: 5 per of GetMP4InitFragment
Region.
Rate of GetMP4MediaFragmentAPI Each supported Yes The maximum number of

requests per session Region: 20 per GetMP4MediaFragment
Region.
Rate of GetMediaAPI requests per stream Each supported Yes The maximum number of
Region: 5 per GetMedia requests that you
second can make per second per
stream in this account in
the current Region.
Version 1.0
611
Service quotas

Description
Rate of GetSignalingChannelEndpointAPI Each supported Yes The maximum number of

requests Region: 300 per GetSignalingChannelEndpoint
Rate of GetSignalingChannelEndpointAPI Each supported Yes The maximum number of

requests per signaling channel Region: 5 per GetSignalingChannelEndpoint
the current Region.
Rate of GetTSFragmentAPI requests per Each supported Yes The maximum number of
session Region: 20 per GetTSFragment requests
second per session in this
Region.
Rate of ListSignalingChannelsAPI requests Each supported Yes The maximum number

Region: 50 per of ListSignalingChannels
Rate of ListStreamsAPI requests Each supported Yes The maximum number of

Region: 50 per ListStreams requests that
Region.
Rate of ListTagsForResourceAPI requests Each supported Yes The maximum number

Rate of ListTagsForResourceAPI requests Each supported Yes The maximum number

per resource Region: 5 per of ListTagsForResource
per second per resource in
Region.
Rate of ListTagsForStreamAPI requests Each supported Yes The maximum number of

Region: 50 per ListTagsForStream requests
the current Region.
Version 1.0
612
Service quotas

Description
Rate of ListTagsForStreamAPI requests per Each supported Yes The maximum number of
stream Region: 5 per ListTagsForStream requests
Region.
Rate of PutMediaAPI requests per stream Each supported Yes The maximum number of
Region: 5 per PutMedia requests that you
second can make per second per
stream in this account in
the current Region.
Rate of SendAlexaOfferToMasterAPI Each supported No The maximum number of

requests per signaling channel Region: 5 per SendAlexaOfferToMaster
make per second for this
Region.
Rate of SendICECandidateAPI requests per Each supported No The maximum number of

websocket connection Region: 20 per SendICECandidate requests
second per websocket in
Region.
Rate of SendSDPAnswerAPI requests per Each supported No The maximum number of

websocket connection Region: 5 per SendSDPAnswer requests
Region.
Rate of SendSDPOfferAPI requests per Each supported No The maximum number of

websocket connection Region: 5 per SendSDPOffer requests
Region.
Rate of TagResourceAPI requests Each supported Yes The maximum number of

Region: 50 per TagResource requests that
Region.
Rate of TagResourceAPI requests per Each supported Yes The maximum number of
resource Region: 5 per TagResource requests that
per resource in this account
Version 1.0
613
Service quotas

Description
Rate of TagStreamAPI requests Each supported Yes The maximum number of

Region: 50 per TagStream requests that
Region.
Rate of TagStreamAPI requests per stream Each supported Yes The maximum number of
Region: 5 per TagStream requests that
Rate of UntagResourceAPI requests Each supported Yes The maximum number of

the current Region.
Rate of UntagResourceAPI requests per Each supported Yes The maximum number of
resource Region: 5 per TagResource requests that
per resource in this account
Rate of UntagStreamAPI requests Each supported Yes The maximum number of

Region: 50 per UntagStream requests that
Region.
Rate of UntagStreamAPI requests per Each supported Yes The maximum number of
stream Region: 5 per UntagStream requests that
Rate of UpdateDataRetentionAPI requests Each supported Yes The maximum number

Region: 50 per of UpdateDataRetention
Rate of UpdateDataRetentionAPI requests Each supported Yes The maximum number

per stream Region: 5 per of UpdateDataRetention
per second per stream in
Region.
Rate of UpdateSignalingChannelAPI Each supported Yes The maximum number of

requests Region: 50 per UpdateSignalingChannel
Version 1.0
614
Service quotas

Description
Rate of UpdateSignalingChannelAPI Each supported Yes The maximum number of

requests per signaling channel Region: 5 per UpdateSignalingChannel
the current Region.
Rate of UpdateStreamAPI requests Each supported Yes The maximum number of

Region: 50 per UpdateStream requests
the current Region.
Rate of UpdateStreamAPI requests per Each supported Yes The maximum number of
stream Region: 5 per UpdateStream requests
Region.
Rate of archived fragment media per Each supported Yes The maximum number
stream Region: 500 per of fragments that you
second can request media for per
stream per second in this
Region.
Rate of archived fragment metadata per Each supported Yes The maximum number of
stream Region: 10,000 per fragments that you can
second request metadata for per
stream per second in this
Region.
SendICECandidate message payload size Each supported No The maximum size

Region: 10 Kilobytes (in kilobytes) of
SendICECandidate message
payload.
SendSDPAnswer message payload size Each supported No The maximum size

Region: 10 Kilobytes (in kilobytes) of
SendSDPAnswer message
payload.
SendSDPOffer message payload size Each supported No The maximum size (in
Region: 10 Kilobytes kilobytes) of SendSDPOffer
message payload.
TURN session bandwidth Each supported No The maximum bandwidth

Region: 5 Megabits in megabits per second
per second (Mbps) that is supported
per TURN session in this
Region.
Version 1.0
615
Lake Formation

Description
TURN session concurrent allocations per Each supported No The maximum number
signaling channel Region: 50 of concurrent allocated
TURN sessions per signaling
the current Region.
TURN session expiration Each supported No The maximum valid

Region: 300 duration of TURN session
Seconds credentials in this account
For more information, see Kinesis Video Streams quotas in the Amazon Kinesis Video Streams Developer
Guide.
AWS Lake Formation endpoints and quotas

Service endpoints

Name
US East us-east-2 lakeformation.us-east-2.amazonaws.com HTTPS

(Ohio)
lakeformation-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 lakeformation.us-east-1.amazonaws.com HTTPS

Virginia)
lakeformation-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 lakeformation.us-west-1.amazonaws.com HTTPS

West (N.
California) lakeformation-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 lakeformation.us-west-2.amazonaws.com HTTPS

(Oregon)
lakeformation-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 lakeformation.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 lakeformation.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
616
Service endpoints

Name
Asia ap- lakeformation.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- lakeformation.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- lakeformation.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- lakeformation.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- lakeformation.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- lakeformation.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 lakeformation.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- lakeformation.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 lakeformation.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- lakeformation.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 lakeformation.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- lakeformation.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) lakeformation-fips.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
617
Service quotas

Name
AWS us-gov- lakeformation.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) lakeformation-fips.us-gov- HTTPS
Service quotas
Description
Length of a path that can be registered Each supported Yes The maximum length of a
Region: 700 path that can be registered
per catalog.
Number of data lake administrators Each supported Yes The maximum number of
Region: 30 data lake administrators
per catalog.
Number of lf tag per account Each supported Yes The maximum number of lf
Region: 1,000 tag per account
Number of lf tag policy per principal per Each supported Yes The maximum number of lf
resource type Region: 50 tag policy per principal per
resource type
Number of registered paths Each supported Yes The maximum number

Region: 10,000 of registered paths per
catalog.
Number of subfolders in an Amazon S3 Each supported Yes The maximum number of

path Region: 20 subfolders in an Amazon S3
path per catalog.
Number of tag values per lf tag Each supported Yes The maximum number of
Region: 15 tag values per lf tag.
AWS Lambda endpoints and quotas

Service endpoints
Name
US East us-east-2 lambda.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
618
Service endpoints

Name
lambda-fips.us-east-2.amazonaws.com HTTPS
lambda.us-east-2.api.aws HTTPS
US East (N. us-east-1 lambda.us-east-1.amazonaws.com HTTPS

Virginia)
lambda-fips.us-east-1.amazonaws.com HTTPS
lambda.us-east-1.api.aws HTTPS
US us-west-1 lambda.us-west-1.amazonaws.com HTTPS

West (N.
California) lambda-fips.us-west-1.amazonaws.com HTTPS
lambda.us-west-1.api.aws HTTPS
US West us-west-2 lambda.us-west-2.amazonaws.com HTTPS

(Oregon)
lambda-fips.us-west-2.amazonaws.com HTTPS
lambda.us-west-2.api.aws HTTPS
Africa af-south-1 lambda.af-south-1.amazonaws.com HTTPS

(Cape
Town) lambda.af-south-1.api.aws HTTPS
Asia ap-east-1 lambda.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong lambda.ap-east-1.api.aws HTTPS
Kong)
Asia ap- lambda.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) lambda.ap-southeast-3.api.aws HTTPS
Asia ap- lambda.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) lambda.ap-south-1.api.aws HTTPS
Asia ap- lambda.ap-northeast-3.amazonaws.com HTTPS

(Osaka) lambda.ap-northeast-3.api.aws HTTPS

(Seoul) lambda.ap-northeast-2.api.aws HTTPS

(Singapore) lambda.ap-southeast-1.api.aws HTTPS

(Sydney) lambda.ap-southeast-2.api.aws HTTPS

(Tokyo) lambda.ap-northeast-1.api.aws HTTPS
Version 1.0
619
Service endpoints

Name
Canada ca- lambda.ca-central-1.amazonaws.com HTTPS

(Central) central-1
lambda.ca-central-1.api.aws HTTPS
Europe eu- lambda.eu-central-1.amazonaws.com HTTPS

lambda.eu-central-1.api.aws HTTPS
Europe eu-west-1 lambda.eu-west-1.amazonaws.com HTTPS

(Ireland)
lambda.eu-west-1.api.aws HTTPS

(London)
Europe eu- lambda.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
lambda.eu-south-1.api.aws HTTPS

(Paris)
Europe eu-north-1 lambda.eu-north-1.amazonaws.com HTTPS

(Stockholm)
lambda.eu-north-1.api.aws HTTPS
Middle me- lambda.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) lambda.me-south-1.api.aws HTTPS
Middle me- lambda.me-central-1.amazonaws.com HTTPS

South sa-east-1 lambda.sa-east-1.amazonaws.com HTTPS

America
(São lambda.sa-east-1.api.aws HTTPS
Paulo)
AWS us-gov- lambda.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) lambda-fips.us-gov-east-1.amazonaws.com HTTPS
lambda.us-gov-east-1.api.aws HTTPS
AWS us-gov- lambda.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) lambda-fips.us-gov-west-1.amazonaws.com HTTPS
lambda.us-gov-west-1.api.aws HTTPS
Version 1.0
620
Service quotas
Service quotas
Description
Asynchronous payload Each supported No The maximum size of an

Region: 256 incoming asynchronous
Kilobytes invocation request.
Burst concurrency us-east-1: 3,000 No The maximum immediate

increase in function
us-east-2: 1,000 concurrency that can occur
when your functions scale
us-west-2: 3,000 in response to a burst of
traffic. After the initial
ap-northeast-1:
burst, concurrency scales by
1,000
500 executions per minute
eu-central-1: 1,000 up to your concurrency
limit.
eu-west-1: 3,000
Each of the other

supported Regions:
500
Concurrent executions Each supported Yes The maximum number of

Region: 1,000 events that functions can
process simultaneously in
the current Region.
Deployment package size (console editor) Each supported No The maximum size of a
Region: 3 deployment package or
Megabytes layer archive when you
upload it through the
console editor. Upload
larger files with Amazon S3.
Deployment package size (direct upload) Each supported No The maximum size of
Region: 50 a deployment package
Megabytes or layer archive when
you upload it directly to
Lambda. Upload larger files
with Amazon S3.
Deployment package size (unzipped) Each supported No The maximum size of the
Region: 250 contents of a deployment
Megabytes package or layer archive
when its unzipped.
Elastic network interfaces per VPC Each supported Yes The maximum number
Region: 250 of network interfaces
that Lambda creates for
a VPC with functions
attached. Lambda creates
a network interface for
each combination of subnet
and security group that
functions connect to.
Version 1.0
621
Service quotas

Description
Environment variable size Each supported No The maximum combined

Region: 4 Kilobytes size of environment
variables that are
configured on a function.
File descriptors Each supported No The maximum number

Region: 1,024 of file descriptors that a
function can have open.
Function and layer storage Each supported Yes The amount of storage
Region: 75 thats available for
Gigabytes deployment packages and
layer archives in the current
Region.
Function layers Each supported No The maximum number of

Region: 5 layers that you can add to
your function.
Function memory maximum Each supported No The maximum amount

Region: 10,240 of memory that you can
Megabytes configure for a function.
Function memory minimum Each supported No The minimum amount

Region: 128 of memory that you can
Megabytes configure for a function.
Function resource-based policy Each supported No The maximum combined

Region: 20 Kilobytes size of resource-based
policies that are configured
on a function.
Function timeout Each supported No The maximum timeout that

Region: 900 you can configure for a
function.
Processes and threads Each supported No The maximum combined

Region: 1,024 number of processes and
threads that a function can
have open.
Rate of GetFunction API requests Each supported No The maximum number of

Region: 100 GetFunction API requests
per second.
Rate of GetPolicy API requests Each supported No The maximum number of

Region: 15 GetPolicy API requests per
second.
Rate of control plane API requests Each supported No The maximum number of
(excludes invocation, GetFunction, and Region: 15 API requests per second
GetPolicy requests) (excluding invocation,
GetFunction, and GetPolicy
requests).
Version 1.0
622
AWS Launch Wizard

Description
Synchronous payload Each supported No The maximum size of an

Region: 6 incoming synchronous
Megabytes invocation request or
outgoing response.
Temporary storage Each supported No The amount of storage

Region: 512 space thats available to
Megabytes a function in the /tmp
directory.
Test events (console editor) Each supported No The maximum amount of

Region: 10 test events for a function
through the console editor.
For more information, see Lambda quotas in the AWS Lambda Developer Guide.
AWS Launch Wizard endpoints and quotas

Service endpoints

Name
US East us-east-2 appwizard.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 appwizard.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 appwizard.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 appwizard.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 appwizard.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 appwizard.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Version 1.0
623
Service endpoints

Name
Asia ap- appwizard.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- appwizard.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)
Asia ap- appwizard.ap-southeast-1.amazonaws.com HTTP and

(Singapore)
Asia ap- appwizard.ap-southeast-2.amazonaws.com HTTP and

(Sydney)

(Tokyo)
Canada ca- appwizard.ca-central-1.amazonaws.com HTTP and

Europe eu- appwizard.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 appwizard.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- appwizard.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 appwizard.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- appwizard.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
South sa-east-1 appwizard.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- appwizard.us-gov-east-1.amazonaws.com HTTP and

(US-East)
Version 1.0
624
Service quotas

Name
AWS us-gov- appwizard.us-gov-west-1.amazonaws.com HTTP and

(US-West)
Service quotas
Description
Active applications Each supported Yes The maximum number of

Region: 25 active applications with
status IN_PROGRESS or
COMPLETED in this account
Application name length Each supported No The maximum number of

Region: 10 characters in the name of
an application deployed by
Launch Wizard.
Applications Each supported Yes The maximum number of

Region: 150 applications in this account
Parallel deployments Each supported No The maximum number

Region: 3 of parallel IN_PROGRESS
application deployments in
Region.
Amazon Lex endpoints and quotas

V2 service endpoints
Model building endpoints

Name
US East (N. us-east-1 models-v2-lex.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 models-v2-lex.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
625

Name
Africa af-south-1 models-v2-lex.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- models-v2-lex.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- models-v2-lex.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- models-v2-lex.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- models-v2-lex.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- models-v2-lex.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- models-v2-lex.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 models-v2-lex.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 models-v2-lex.eu-west-2.amazonaws.com HTTPS

(London)
Runtime endpoints

Name
US East (N. us-east-1 runtime-v2-lex.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 runtime-v2-lex.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 runtime-v2-lex.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- runtime-v2-lex.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- runtime-v2-lex.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Version 1.0
626

Name
Asia ap- runtime-v2-lex.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- runtime-v2-lex.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- runtime-v2-lex.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- runtime-v2-lex.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 runtime-v2-lex.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 runtime-v2-lex.eu-west-2.amazonaws.com HTTPS

(London)
Model building endpoints

Name
US East (N. us-east-1 models.lex.us-east-1.amazonaws.com HTTPS

Virginia)
models-fips.lex.us-east-1.amazonaws.com HTTPS
US West us-west-2 models.lex.us-west-2.amazonaws.com HTTPS

(Oregon)
models-fips.lex.us-west-2.amazonaws.com HTTPS
Asia ap- models.lex.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- models.lex.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- models.lex.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- models.lex.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 models.lex.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
627
Service quotas

Name
Europe eu-west-2 models.lex.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- models.lex.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) models-fips.lex.us-gov-west-1.amazonaws.com HTTPS
Runtime endpoints

Name
US East (N. us-east-1 runtime.lex.us-east-1.amazonaws.com HTTPS

Virginia)
runtime-fips.lex.us-east-1.amazonaws.com HTTPS
US West us-west-2 runtime.lex.us-west-2.amazonaws.com HTTPS

(Oregon)
runtime-fips.lex.us-west-2.amazonaws.com HTTPS
Asia ap- runtime.lex.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- runtime.lex.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- runtime.lex.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- runtime.lex.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 runtime.lex.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 runtime.lex.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- runtime.lex.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) runtime-fips.lex.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Bot channel associations per bot alias (V2) Each supported No The maximum number of
Region: 10 bot channel associations
that you can create per bot
Version 1.0
628
Service quotas

Description
alias in this account in the
current Region.
Bots per account (V2) Each supported Yes The maximum number of
Region: 100 bots that you can create in
Region.
Characters per custom slot type value (V2) Each supported No The maximum number of
Region: 500 characters that you can
have per custom slot type
value in this account in the
current Region.
Characters per sample utterance (V2) Each supported No The maximum number of
Region: 500 characters that you can
have per intent or slot
sample utterance in this
Region.
Custom slot type values and synonyms per Each supported No The maximum number of
bot locale (V2) Region: 50,000 custom slot type values
and synonyms that you can
have per locale per bot in
Region.
Custom slot types per bot locale (V2) Each supported No The maximum number of
Region: 100 custom slot types that you
can create per locale per
bot in this account in the
current Region.
Sample utterances per intent (V2) Each supported Yes The maximum number of
Region: 1,500 sample utterances that you
can create per intent in
Region.
Sample utterances per slot (V2) Each supported Yes The maximum number of
Region: 10 sample utterances that
you can create per slot in
Region.
Slots per bot locale (V2) Each supported No The maximum number of
Region: 2,000 slots that you can create
per locale per bot in this
Region.
Slots per intent (V2) Each supported No The maximum number of

Region: 100 slots that you can create
per intent in this account in
the current Region.
Version 1.0
629
AWS License Manager

Description
Total characters in sample utterances per Each supported No The maximum number of
bot locale (V2) Region: 200,000 characters that you can
use per locale per bot for
all intent and slot sample
utterances in this account
Values and synonyms per custom slot type Each supported No The maximum number of
(V2) Region: 10,000 values and synonyms that
you can have per custom
slot type in this account in
the current Region.
Versions per bot (V2) Each supported No The maximum number of

Region: 100 versions that you can create
per bot in this account in
the current Region.
AWS License Manager endpoints and quotas

Service endpoints
Topics
• Endpoints for working with licenses (p. 630)
• Endpoints for user-based subscriptions (p. 632)
Endpoints for working with licenses

Name
US East us-east-2 license-manager.us-east-2.amazonaws.com HTTPS

(Ohio)
license-manager-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 license-manager.us-east-1.amazonaws.com HTTPS

Virginia)
license-manager-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 license-manager.us-west-1.amazonaws.com HTTPS

West (N.
California) license-manager-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 license-manager.us-west-2.amazonaws.com HTTPS

(Oregon)
license-manager-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
630
Service endpoints

Name
Africa af-south-1 license-manager.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 license-manager.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- license-manager.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- license-manager.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- license-manager.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- license-manager.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- license-manager.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 license-manager.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- license-manager.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 license-manager.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
631
Service endpoints

Name
Middle me- license-manager.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 license-manager.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- license-manager.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) license-manager-fips.us-gov- HTTPS
AWS us-gov- license-manager.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) license-manager-fips.us-gov- HTTPS
Endpoints for user-based subscriptions

Name
US East us-east-2 license-manager-user-subscriptions.us- HTTPS

(Ohio) east-2.amazonaws.com
HTTPS
license-manager-user-subscriptions-fips.us-
US East (N. us-east-1 license-manager-user-subscriptions.us- HTTPS

HTTPS
US us-west-1 license-manager-user-subscriptions.us- HTTPS

West (N. west-1.amazonaws.com
California) HTTPS
US West us-west-2 license-manager-user-subscriptions.us- HTTPS

HTTPS
Africa af-south-1 license-manager-user-subscriptions.af- HTTPS

(Cape south-1.amazonaws.com
Town)
Asia ap-east-1 license-manager-user-subscriptions.ap- HTTPS

Pacific east-1.amazonaws.com
Version 1.0
632
Service endpoints

Name
(Hong
Kong)
Asia ap- license-manager-user-subscriptions.ap- HTTPS

(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- license-manager-user-subscriptions.ca- HTTPS

Europe eu- license-manager-user-subscriptions.eu- HTTPS

Europe eu-west-1 license-manager-user-subscriptions.eu- HTTPS


Europe eu- license-manager-user-subscriptions.eu- HTTPS


Europe eu-north-1 license-manager-user-subscriptions.eu- HTTPS

Middle me- license-manager-user-subscriptions.me- HTTPS

(Bahrain)
South sa-east-1 license-manager-user-subscriptions.sa- HTTPS

America east-1.amazonaws.com
(São
Paulo)
Version 1.0
633
Service quotas
Service quotas
Topics
• Quotas for working with licenses (p. 634)
• Quotas for working with user-based subscriptions (p. 635)
Quotas for working with licenses

Description
Extend license consumption per Each supported No The number of

consumption token Region: 1 ExtendLicenseConsumption
calls that can be made for
a consumption token per
hour.
GetAccessTokens calls Each supported No The total number of

Region: 10 GetAccessToken calls that
can be made for a license
per hour.
License configuration associations per Each supported Yes Number of license

resource Region: 10 configurations that can be
associated with a resource.
License configurations Each supported Yes Total number of license

Region: 25 configurations that can be
created in an account.
License conversion tasks per resource per Each supported Yes Number of license
day Region: 5 conversion tasks that can
be created per resource per
day.
Maximum number of concurrent Each supported No The maximum number of

organization grant activities Region: 10 concurrent grant activities
for an organization.
Number of Report generators Each supported No The Total number of report

Region: 25 generators that can be
created.
Number of account discovery mode Each supported No The maximum number of

updates per day Region: 1 account discovery mode
updates per day for an
account.
Number of grants per license Each supported No The total number of active
Region: 2,000 grants per license.
Number of licenses you can create Each supported No The total number of
Region: 2,000 licenses that can be created
in an account.
Version 1.0
634
Lightsail

Description
Number of received licenses per product Each supported No The total number of
Region: 10 licenses received with same
product SKU.
Number of tokens per account and license Each supported No The total number of tokens
Region: 10 per license that can be
created in an account.
Number of updates for a report generator Each supported No The maximum number of
per day Region: 25 updates per day for a given
report generator.
Total number counted entitlements per Each supported No The total number of
checkout Region: 5 counted entitlements that
can be specified on a single
CheckoutLicense call.
Total number counted entitlements per Each supported No The total number of
license Region: 25 counted entitlements
allowed per license.
Total number uncounted entitlements per Each supported No The total number of
license Region: 25 uncounted entitlements
allowed per license.
Quotas for working with user-based subscriptions

Description
Instance associations per user Each supported Yes No Description Available

Region: 25
User-based subscriptions for Visual Studio Each supported Yes No Description Available
Enterprise Region: 30
User-based subscriptions for Visual Studio Each supported Yes No Description Available
Professional Region: 50
Amazon Lightsail endpoints and quotas

Version 1.0
635
Service endpoints
Service endpoints

Name
US East us-east-2 lightsail.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 lightsail.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 lightsail.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- lightsail.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- lightsail.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- lightsail.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- lightsail.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- lightsail.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- lightsail.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- lightsail.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 lightsail.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 lightsail.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Service quotas
New AWS accounts might start with quotas that are lower than those described here.
Version 1.0
636
Service quotas

Description
Allowed cookies per cache behavior for a Each supported No The maximum number of
distribution Region: 10 allowed cookies per cache
behavior.
Allowed headers per cache behavior for a Each supported No The maximum number of
distribution Region: 10 allowed headers per cache
behavior.
Allowed query strings per cache behavior Each supported No The maximum number of
for a distribution Region: 10 allowed query strings per
cache behavior.
Block storage disks per instance Each supported No The maximum number of
Region: 15 block storage disks that can
be attached per instance.
Container service certificates Each supported No The maximum number of

Region: 4 certificates that can be
attached per container
service.
Container service custom domains Each supported No The maximum number

Region: 4 of custom domains per
container service.
Container service deployment containers Each supported No The maximum number of

Region: 10 containers per deployment
on a container service.
Container service deployment versions Each supported No The maximum number of

Region: 50 deployment versions per
container service.
Container service logs storage days Each supported No The maximum number of
Region: 4 days that container service
logs are stored.
Container service nodes Each supported No The maximum number of

Region: 20 nodes per container service.
Container service stored container images Each supported No The maximum number of
Region: 150 stored container images per
container service.
Container services Each supported No The maximum number

Region: 100 of container services per
region.
Custom domain names per distribution Each supported No The maximum number
Region: 10 of custom domain names
per distribution. You can
specify up to 10 domains
for a Lightsail SSL/TLS
certificate. You can then
use the certificate to enable
custom domains on your
Lightsail distribution.
Version 1.0
637
Service quotas

Description
DNS zones (or domains) Each supported No The maximum number of

Region: 3 DNS zones (or domains) per
account.
Data transfer rate per distribution Each supported No The maximum data transfer
Region: 150 rate (in GB per second) per
distribution.
Databases Each supported No The maximum number of

Region: 40 databases per region.
Default behaviors (default cache behavior) Each supported No The maximum number
per distribution Region: 1 of default behaviors
(default cache behavior) per
distribution.
Directory and file overrides per Each supported No The maximum number of
distribution Region: 25 directory and file overrides
per distribution. You can
create up to 25 directory
and file overrides, and
you can specify one cache
behavior per override.
Distributions Each supported No The maximum number of

Region: 20 distributions per account.
Instances Each supported Yes The maximum number of

Region: 20 instances per region.
Load balancers Each supported No The maximum number of

Region: 5 load balancers per region.
Maximum active certificates Each supported No The maximum number

Region: 10 of active certificates per
region, per account.
Maximum block storage disk space Each supported No The maximum amount of
Region: 16,000 disk space (in GB) per block
Gigabytes storage disk.
Maximum buckets per account Each supported No The maximum number of

Region: 20 buckets per account
Maximum certificates Each supported No The maximum number of

Region: 20 certificates per region, per
account in the last 365
days.
Maximum keys per bucket Each supported No The maximum number of

Region: 2 keys per bucket
Minimum block storage disk space Each supported No The minimum amount of
Region: 8 Gigabytes disk space (in GB) per block
storage disk.
Version 1.0
638
Amazon Location Service

Description
Origins per distribution Each supported No The maximum number of

Region: 1 origins per distribution. You
can specify one instance
or one load balancer per
distribution.
Parallel RDP connections using the Each supported No The maximum number of
browser-based RDP client Region: 1 parallel RDP connections
using the browser-based
RDP client per region, per
account.
Parallel SSH connections using the Each supported No The maximum number of
browser-based SSH client Region: 5 parallel SSH connections
using the browser-based
SSH client per region, per
account.
Response timeout per origin for a Each supported No The response timeout per
distribution Region: 60 Seconds origin (4-60 seconds).
Static IP addresses Each supported Yes The maximum number

Region: 5 of static IP addresses per
region.
Tags Each supported No The maximum number of

Region: 50 tags per resource.
Total attached block storage disk space Each supported No The maximum amount of
Region: 20,000 attached block storage disk
Gigabytes space (in GB) per region.
Amazon Location Service endpoints and quotas

Service endpoints
Amazon Location is available in the following AWS Regions:
Region name Region code
Asia Pacific (Tokyo) ap-northeast-1
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Europe (Frankfurt) eu-central-1
Version 1.0
639
Service quotas
Region name Region code
Europe (Ireland) eu-west-1
Europe (Stockholm) eu-north-1
US East (N. Virginia) us-east-1
US East (Ohio) us-east-2
US West (Oregon) us-west-2
The general syntax for an Amazon Location regional endpoint is as follows:
protocol://service-code.geo.region-code.amazonaws.com
Within this syntax, Amazon Location uses the following service codes:
Service Service code
Amazon Location Maps maps
Amazon Location Places places
Amazon Location Routes routes
Amazon Location Geofences geofencing
Amazon Location Trackers tracking
For example, the regional endpoint for Amazon Location Maps for US East (N. Virginia) is:
https://maps.geo.us-east-1.amazonaws.com.
Service quotas

Description
Geofence Collection resources per account Each supported No The maximum number
Region: 1,500 of Geofence Collection
resources that you can
create per account.
Geofences per Geofence Collection Each supported No The maximum number

Region: 50,000 of Geofences that you
can create per Geofence
Collection.
Map resources per account Each supported No The maximum number of

Region: 40 Map resources that you can
create per account.
Place Index resources per account Each supported No The maximum number of
Region: 40 Place Index resources that
you can create per account.
Version 1.0
640
Service quotas

Description
Rate of AssociateTrackerConsumer API Each supported Yes The maximum number of

requests Region: 10 per AssociateTrackerConsumer
per second. Additional
Rate of BatchDeleteDevicePositionHistory Each supported Yes The maximum number of

API requests Region: 50 per BatchDeleteDevicePositionHistory
Rate of BatchDeleteGeofence API requests Each supported Yes The maximum number
Region: 50 per of BatchDeleteGeofence
Rate of BatchEvaluateGeofences API Each supported Yes The maximum number of

requests Region: 50 per BatchEvaluateGeofences
Rate of BatchGetDevicePosition API Each supported Yes The maximum number of

requests Region: 50 per BatchGetDevicePosition
Rate of BatchPutGeofence API requests Each supported Yes The maximum number of
Region: 50 per BatchPutGeofence requests
second. Additional requests
are throttled.
Rate of BatchUpdateDevicePosition API Each supported Yes The maximum number of

requests Region: 50 per BatchUpdateDevicePosition
Rate of CalculateRoute API requests Each supported Yes The maximum number of
Region: 10 per CalculateRoute requests
are throttled.
Rate of CalculateRouteMatrix API requests Each supported Yes The maximum number
Region: 5 per of CalculateRouteMatrix
Version 1.0
641
Service quotas

Description
Rate of CreateGeofenceCollection API Each supported Yes The maximum number of

requests Region: 10 per CreateGeofenceCollection
Rate of CreateMap API requests Each supported Yes The maximum number of
Region: 10 per CreateMap requests that
second you can make per second.
throttled.
Rate of CreatePlaceIndex API requests Each supported Yes The maximum number of
Region: 10 per CreatePlaceIndex requests
are throttled.
Rate of CreateRouteCalculator API Each supported Yes The maximum number

requests Region: 10 per of CreateRouteCalculator
Rate of CreateTracker API requests Each supported Yes The maximum number of
Region: 10 per CreateTracker requests that
throttled.
Rate of DeleteGeofenceCollection API Each supported Yes The maximum number of

requests Region: 10 per DeleteGeofenceCollection
Rate of DeleteMap API requests Each supported Yes The maximum number of
Region: 10 per DeleteMap requests that
throttled.
Rate of DeletePlaceIndex API requests Each supported Yes The maximum number of
Region: 10 per DeletePlaceIndex requests
are throttled.
Rate of DeleteRouteCalculator API Each supported Yes The maximum number

requests Region: 10 per of DeleteRouteCalculator
Version 1.0
642
Service quotas

Description
Rate of DeleteTracker API requests Each supported Yes The maximum number of
Region: 10 per DeleteTracker requests that
throttled.
Rate of DescribeGeofenceCollection API Each supported Yes The maximum number of

requests Region: 10 per DescribeGeofenceCollection
Rate of DescribeMap API requests Each supported Yes The maximum number of
Region: 10 per DescribeMap requests that
throttled.
Rate of DescribePlaceIndex API requests Each supported Yes The maximum number
Region: 10 per of DescribePlaceIndex
Rate of DescribeRouteCalculator API Each supported Yes The maximum number of

requests Region: 10 per DescribeRouteCalculator
Rate of DescribeTracker API requests Each supported Yes The maximum number of
Region: 10 per DescribeTracker requests
are throttled.
Rate of DisassociateTrackerConsumer API Each supported Yes The maximum number of

requests Region: 10 per DisassociateTrackerConsumer
Rate of GetDevicePosition API requests Each supported Yes The maximum number of
Region: 50 per GetDevicePosition requests
are throttled.
Rate of GetDevicePositionHistory API Each supported Yes The maximum number of

requests Region: 50 per GetDevicePositionHistory
Version 1.0
643
Service quotas

Description
Rate of GetGeofence API requests Each supported Yes The maximum number of
Region: 50 per GetGeofence requests that
throttled.
Rate of GetMapGlyphs API requests Each supported Yes The maximum number of
Region: 50 per GetMapGlyphs requests
are throttled.
Rate of GetMapSprites API requests Each supported Yes The maximum number of
Region: 50 per GetMapSprites requests
are throttled.
Rate of GetMapStyleDescriptor API Each supported Yes The maximum number of

requests Region: 50 per GetMapStyleDescriptor
Rate of GetMapTile API requests Each supported Yes The maximum number of
Region: 500 per GetMapTile requests that
throttled.
Rate of GetPlace API requests Each supported Yes The maximum number
Region: 50 per of GetPlace requests that
throttled.
Rate of ListDevicePositions API requests Each supported Yes The maximum number
Region: 50 per of ListDevicePositions
Rate of ListGeofenceCollections API Each supported Yes The maximum number of

requests Region: 10 per ListGeofenceCollections
Rate of ListGeofences API requests Each supported Yes The maximum number of
Region: 50 per ListGeofences requests that
throttled.
Version 1.0
644
Service quotas

Description
Rate of ListMaps API requests Each supported Yes The maximum number
Region: 10 per of ListMaps requests that
throttled.
Rate of ListPlaceIndexes API requests Each supported Yes The maximum number of
Region: 10 per ListPlaceIndexes requests
are throttled.
Rate of ListRouteCalculators API requests Each supported Yes The maximum number
Region: 10 per of ListRouteCalculators
Rate of ListTagsForResource API requests Each supported Yes The maximum number
Rate of ListTrackerConsumers API requests Each supported Yes The maximum number
Region: 10 per of ListTrackerConsumers
Rate of ListTrackers API requests Each supported Yes The maximum number of
Region: 10 per ListTrackers requests that
throttled.
Rate of PutGeofence API requests Each supported Yes The maximum number of
Region: 50 per PutGeofence requests that
throttled.
Rate of SearchPlaceIndexForPosition API Each supported Yes The maximum number of

requests Region: 50 per SearchPlaceIndexForPosition
Rate of SearchPlaceIndexForSuggestions Each supported Yes The maximum number of

API requests Region: 50 per SearchPlaceIndexForSuggestions
Version 1.0
645
Service quotas

Description
Rate of SearchPlaceIndexForText API Each supported Yes The maximum number of

requests Region: 50 per SearchPlaceIndexForText
Rate of TagResource API requests Each supported Yes The maximum number of
Region: 10 per TagResource requests that
throttled.
Rate of UntagResource API requests Each supported Yes The maximum number of
are throttled.
Rate of UpdateGeofenceCollection API Each supported Yes The maximum number of

requests Region: 10 per UpdateGeofenceCollection
Rate of UpdateMap API requests Each supported Yes The maximum number of
Region: 10 per UpdateMap requests that
throttled.
Rate of UpdatePlaceIndex API requests Each supported Yes The maximum number of
Region: 10 per UpdatePlaceIndex requests
are throttled.
Rate of UpdateRouteCalculator API Each supported Yes The maximum number of

requests Region: 10 per UpdateRouteCalculator
Rate of UpdateTracker API requests Each supported Yes The maximum number of
Region: 10 per UpdateTracker requests
are throttled.
Route Calculator resources per account Each supported No The maximum number of
Region: 40 Route Calculator resources
account.
Version 1.0
646
Lookout for Equipment

Description
Tracker consumers per tracker Each supported No The maximum number of

Region: 5 Geofence Collection that
Tracker resource can be
associated with.
Tracker resources per account Each supported No The maximum number of

Region: 500 Tracker resources that you
can create per account.
For more information, see Amazon Location Service Quotas in the Amazon Location Service Developer
Guide.
Amazon Lookout for Equipment endpoints and

quotas
Service endpoints
Name
US East (N. us-east-1 lookoutequipment.us-east-1.amazonaws.com HTTPS

Virginia)
Asia ap- lookoutequipment.ap- HTTPS

(Seoul)
Europe eu-west-1 lookoutequipment.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas
Description
Components per dataset Each supported No Maximum number of

Region: 3,000 components per dataset.
Datasets Each supported Yes Maximum number of

Region: 15 datasets per account.
Inference schedulers per model Each supported No Maximum number of

Region: 1 inference schedulers per
model.
Version 1.0
647
Service quotas

Description
Label groups Each supported Yes Maximum number of label

Region: 15 groups per account.
Length of component name Each supported No Maximum length of

Region: 200 component name.
Models Each supported Yes Maximum number of

Region: 15 models per account.
Number of columns across components in Each supported No Maximum number

training data (excluding timestamp) Region: 300 of columns across
components in training
data (excluding timestamp)
Number of columns across components Each supported No Maximum number

per dataset (excluding timestamp) Region: 3,000 of columns across
components per dataset
(excluding timestamp).
Number of components in training data Each supported No Maximum number of

Region: 300 components in training
data.
Number of files per component (per Each supported No Maximum number of

dataset) Region: 1,000 files per component (per
dataset).
Number of files per component (per Each supported No Maximum number of

inference execution) Region: 60 files per component (per
inference execution).
Number of labels per label group Each supported Yes Maximum number of labels
Region: 5,000 per label group.
Number of rows in evaluation data (after Each supported No Maximum number of rows
resampling) Region: 1,500,000 in evaluation data (after
resampling).
Number of rows in inference input data, Each supported No Maximum number of rows
after resampling (1-hour scheduling Region: 3,600 in inference input data,
frequency) after resampling (1-hour
scheduling frequency).
after resampling (10-min scheduling Region: 600 in inference input data,
frequency) after resampling (10-min
after resampling (30-min scheduling Region: 1,800 in inference input data,
Version 1.0
648
Lookout for Metrics

Description
Number of rows in training data (after Each supported No Maximum number of rows
resampling) Region: 1,500,000 in training data (after
resampling).
Pending data ingestion jobs Each supported Yes Maximum number of

Region: 5 pending data ingestion jobs
per account.
Pending models Each supported Yes Maximum number of

Region: 5 pending models per
account.
Size of raw data in inference input data (1- Each supported No Maximum size of raw data
hour scheduling frequency) Region: 60 in inference input data (1-
Megabytes hour scheduling frequency).
Size of raw data in inference input data Each supported No Maximum size of raw data
(10-min scheduling frequency) Region: 10 in inference input data (10-
Megabytes min scheduling frequency).
Size of raw data in inference input data (5- Each supported No Maximum size of raw data
min scheduling frequency) Region: 5 in inference input data (5-
Size per dataset Each supported No Maximum size per dataset.

Region: 50
Gigabytes
Size per file Each supported No Maximum size per file.

Region: 5 Gigabytes
Timespan of training data Each supported No Minimum timespan of

Region: 180 per day training data
Amazon Lookout for Metrics endpoints and quotas

Version 1.0
649
Service endpoints
Service endpoints
Name
US East us-east-2 lookoutmetrics.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 lookoutmetrics.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 lookoutmetrics.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- lookoutmetrics.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- lookoutmetrics.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- lookoutmetrics.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- lookoutmetrics.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 lookoutmetrics.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-north-1 lookoutmetrics.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Service quotas
Description
Alerts Each supported Yes The maximum number of

Region: 10 alerts that you can add to a
detector.
Data size for historical data (backtest Each supported No The maximum size of the
mode) Region: 102,400 data (in MB) that can be
processed in historical data
for backtest mode.
Data size for historical data (continuous Each supported No The maximum size of the
mode) Region: 102,400 data (in MB) that can be
for continuous mode.
Data size per interval (10m) Each supported No The maximum size of the
Region: 200 data (in MB) that can be
Megabytes
Version 1.0
650
Service quotas

Description
processed for a 10-minute
interval.
Data size per interval (1d) Each supported No The maximum size of the
Megabytes processed for a 1-day
interval.
Data size per interval (1h) Each supported No The maximum size of the
Megabytes processed for a 1-hour
interval.
Data size per interval (5m) Each supported No The maximum size of the
Megabytes processed for a 5-minute
interval.
Datasets per detector Each supported No The maximum number of

Region: 1 datasets that you can add
to a detector.
Datasources per dataset Each supported No The maximum number of

Region: 1 datasources that you can
add to a dataset.
Detectors Each supported Yes The maximum number

Region: 10 of detectors that you can
current AWS Region.
Dimensions filters per dataset Each supported No The maximum number of

Region: 5 dimension filters that you
can add to a dataset.
Dimensions per dataset Each supported No The maximum number of

Region: 10 dimensions that you can
add to a dataset.
Files in historical data Each supported No The maximum number of

Region: 3,000 files that can be processed
in historical data.
Files per interval (10m) Each supported Yes The maximum number of
Region: 5 files that can be ingested
for a 10-minute interval.
Files per interval (1d) Each supported Yes The maximum number of
for a 1-day interval.
Files per interval (1h) Each supported Yes The maximum number of
for a 1-hour interval.
Files per interval (5m) Each supported Yes The maximum number of
for a 5-minute interval.
Version 1.0
651
Service quotas

Description
Intervals in historical data (backtest mode) Each supported No The maximum number
Region: 3,000 of intervals that can be
for backtest mode.
Intervals in historical data (continuous Each supported No The maximum number

mode) Region: 2,500 of intervals that can be
for continuous mode.
Measures per dataset Each supported No The maximum number of

Region: 10 measures that you can add
to a dataset.
Records per interval (10m) Each supported Yes The maximum number
Region: 24,000 of records that can be
interval.
Records per interval (1d) Each supported Yes The maximum number
processed for a 1-day
interval.
Records per interval (1h) Each supported Yes The maximum number
processed for a 1-hour
interval.
Records per interval (5m) Each supported Yes The maximum number
interval.
Throttle rate Each supported Yes The maximum number

Region: 10 of requests allowed per
Throttle rate (ActivateAnomalyDetector) Each supported Yes The maximum number of

Region: 1 ActivateAnomalyDetector
Throttle rate (BackTestAnomalyDetector) Each supported Yes The maximum number of

Region: 1 BackTestAnomalyDetector
Throttle rate (CreateAlert) Each supported Yes The maximum number

Region: 1 of CreateAlert requests
allowed per second in this
Region.
Version 1.0
652
Service quotas

Description
Throttle rate (CreateAnomalyDetector) Each supported Yes The maximum number of

Region: 1 CreateAnomalyDetector
Throttle rate (CreateMetricSet) Each supported Yes The maximum number of

Region: 1 CreateMetricSet requests
Region.
Throttle rate (DeactivateAnomalyDetector) Each supported Yes The maximum number of

Region: 1 DeactivateAnomalyDetector
Throttle rate (DeleteAlert) Each supported Yes The maximum number

Region: 1 of DeleteAlert requests
Region.
Throttle rate (DeleteAnomalyDetector) Each supported Yes The maximum number of

Region: 1 DeleteAnomalyDetector
Throttle rate (DescribeAlert) Each supported Yes The maximum number

Region: 2 of DescribeAlert requests
Region.
Throttle rate Each supported Yes The maximum number of

(DescribeAnomalyDetectionExecutions) Region: 2 DescribeAnomalyDetectionExecutions
Throttle rate (DescribeAnomalyDetector) Each supported Yes The maximum number of

Region: 2 DescribeAnomalyDetector
Throttle rate (DescribeMetricSet) Each supported Yes The maximum number of

Region: 2 DescribeMetricSet requests
Region.
Version 1.0
653
Service quotas

Description
Throttle rate (DetectMetricSetConfig) Each supported Yes The maximum number of

Region: 1 DetectMetricSetConfig
Throttle rate (GetAnomalyGroup) Each supported Yes The maximum number of

Region: 2 GetAnomalyGroup requests
Region.
Throttle rate (GetDataQualityMetrics) Each supported Yes The maximum number of

Region: 2 GetDataQualityMetrics
Throttle rate (GetFeedback) Each supported Yes The maximum number

Region: 2 of GetFeedback requests
Region.
Throttle rate (GetSampleData) Each supported Yes The maximum number of

Region: 2 GetSampleData requests
Region.
Throttle rate (ListAlerts) Each supported Yes The maximum number of

Region: 2 ListAlerts requests allowed
in the current AWS Region.
Throttle rate (ListAnomalyDetectors) Each supported Yes The maximum number

Region: 2 of ListAnomalyDetectors

(ListAnomalyGroupRelatedMetrics) Region: 2 ListAnomalyGroupRelatedMetrics

(ListAnomalyGroupSummaries) Region: 2 ListAnomalyGroupSummaries
Version 1.0
654
Service quotas

Description

(ListAnomalyGroupTimeSeries) Region: 2 ListAnomalyGroupTimeSeries
Throttle rate (ListMetricSets) Each supported Yes The maximum number of

Region: 2 ListMetricSets requests
Region.
Throttle rate (ListTagsForResource) Each supported Yes The maximum number

Region: 1 of ListTagsForResource
Throttle rate (PutFeedback) Each supported Yes The maximum number

Region: 1 of PutFeedback requests
Region.
Throttle rate (TagResource) Each supported Yes The maximum number

Region: 1 of TagResource requests
Region.
Throttle rate (UntagResource) Each supported Yes The maximum number of

Region.
Throttle rate (UpdateAnomalyDetector) Each supported Yes The maximum number of

Region: 1 UpdateAnomalyDetector
Throttle rate (UpdateMetricSet) Each supported Yes The maximum number of

Region: 1 UpdateMetricSet requests
Region.
Time series per interval (10m) Each supported No The maximum number
Region: 10,000 of time series that can be
interval.
Version 1.0
655
Lookout for Vision

Description
Time series per interval (1d) Each supported Yes The maximum number
Region: 50,000 of time series that can
be processed for a 1-day
interval.
Time series per interval (1h) Each supported Yes The maximum number
processed for a 1-hour
interval.
Time series per interval (5m) Each supported No The maximum number
interval.
Value filters per dimension filter Each supported No The maximum number of
Region: 10 value filters that you can
add to a dimension filter.
Value length Each supported Yes The maximum length of a

Region: 40 Bytes value in a record.
Amazon Lookout for Vision endpoints and quotas

Service endpoints
Name
US East us-east-2 lookoutvision.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 lookoutvision.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 lookoutvision.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- lookoutvision.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- lookoutvision.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- lookoutvision.eu-central-1.amazonaws.com HTTPS

Version 1.0
656
Service quotas

Name
Europe eu-west-1 lookoutvision.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas
Description
Maximum image dimension for a training Each supported No Maximum image dimension
or test image (in pixels) Region: 4,096 (in pixels) for a training or
test image in an Amazon S3
bucket.
Maximum image file size (in MB) for a Each supported No The maximum file size (in
training or test image Region: 8 MB) for a training or test
Megabytes image stored in an Amazon
S3 bucket.
Maximum number of API requests per Each supported Yes The maximum number of
second, excluding DetectAnomalies Region: 5 per API requests (excluding
second DetectAnomalies) that
you can make, per API,
per second, in this AWS
account, in the current AWS
Region.
Maximum number of DetectAnomalies API Each supported Yes The maximum number
requests per second Region: 10 per of DetectAnomalies API
AWS account in the current
AWS Region.
Maximum number of concurrent model Each supported Yes The maximum number
packaging jobs Region: 3 of concurrently running
Amazon Lookout for Vision
model packaging jobs per
AWS account.
Maximum number of concurrent training Each supported Yes The maximum number
jobs Region: 2 of concurrently running
training jobs per AWS
account.
Maximum number of concurrent trial Each supported Yes The maximum number
detection tasks Region: 2 of concurrently running
trial detection tasks per
AWS account.
Maximum number of images in a test Each supported No The maximum number of

dataset Region: 4,000 images that you can have in
a test dataset.
Version 1.0
657
Macie

Description
Maximum number of images in a training Each supported No The maximum number of

dataset Region: 16,000 images that you can have in
a training dataset.
Maximum number of images in a trial Each supported No The maximum number of

detection dataset Region: 2,000 images in a trial detection
dataset.
Maximum number of inference units per Each supported Yes The maximum number of
started model Region: 5 inference units per started
model.
Maximum number of models per project Each supported Yes The maximum number of
Region: 100 Amazon Lookout for Vision
models per project.
Maximum number of projects Each supported Yes The maximum number of

Region: 100 Amazon Lookout for Vision
projects per AWS account.
Maximum number of running models Each supported Yes The maximum number
Region: 2 of concurrently running
models per AWS account.
Minimum image dimension (in pixels) for a Each supported No The minimum image
training or test image Region: 64 dimension (in pixels) for a
training or test image in an
Amazon S3 bucket.
For more information, see Quotas in Amazon Lookout for Vision.
Amazon Macie endpoints and quotas

Service endpoints
Name
US East us-east-2 macie2.us-east-2.amazonaws.com HTTPS

(Ohio)
macie2-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 macie2.us-east-1.amazonaws.com HTTPS

Virginia)
macie2-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
658
Service endpoints

Name
US us-west-1 macie2.us-west-1.amazonaws.com HTTPS

West (N.
California) macie2-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 macie2.us-west-2.amazonaws.com HTTPS

(Oregon)
macie2-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 macie2.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 macie2.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- macie2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- macie2.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- macie2.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- macie2.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- macie2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- macie2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 macie2.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- macie2.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
Version 1.0
659
Service quotas

Name

(Paris)
Europe eu-north-1 macie2.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- macie2.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 macie2.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Apache Avro container (.avro) file size Each supported No The maximum size (in GB)
Region: 8 Gigabytes of an individual Apache
Avro object container
(.avro) file that Macie can
analyze. If a file is larger,
Macie doesnt analyze any
data in the file.
Apache Parquet (.parquet) file size Each supported No The maximum size (in GB)
Region: 8 Gigabytes of an individual Apache
Parquet (.parquet) file that
Macie can analyze. If a
file is larger, Macie doesnt
analyze any data in the file.
Custom data identifiers per account Each supported No The maximum number of
Region: 10,000 custom data identifiers
that can be created for
Region.
Custom data identifiers per sensitive data Each supported No The maximum number of
discovery job Region: 30 custom data identifiers
that you can configure a
sensitive data discovery job
to use.
Extracted archive bytes Each supported No The maximum amount of

Region: 10 data (in GB) that Macie can
Gigabytes extract and analyze in a
compressed or archive file.
If Macie starts analyzing
this type of file and
determines that the file
Version 1.0
660
Service quotas

Description
contains more than this
amount of data, Macie
stops analyzing the file
and creates sensitive data
findings and discovery
results only for the data
that was processed.
Extracted archive files Each supported No The maximum number

Region: 1,000,000 of files that Macie can
extract and analyze in an
archive file. If Macie starts
analyzing data in an archive
file and determines that
the file contains more than
the maximum number of
files, Macie stops analyzing
data in the file and creates
sensitive data findings
and discovery results only
for the data that was
processed.
Findings rules Each supported No The maximum number of

Region: 1,000 filter rules and suppression
rules that you can create
for this account in the
current Region.
Full names detected Each supported No The maximum number of

Region: 1,000 full names that Macie can
detect and report for a file,
including individual archive
files. After Macie detects
the maximum number,
Macie stops incrementing
the count and reporting
location data for full
names.
GNU Zip compressed archive (.gz or .gzip) Each supported No The maximum size (in GB)
file size Region: 8 Gigabytes of an individual GNU Zip
compressed archive (.gz
or .gzip) file that Macie can
data in the file.
Version 1.0
661
Service quotas

Description
Mailing addresses detected Each supported No The maximum number

Region: 1,000 of mailing addresses that
Macie can detect and
report for a file, including
individual archive files.
After Macie detects the
maximum number, Macie
stops incrementing the
count and reporting
location data for mailing
addresses.
Member accounts by invitation Each supported No The maximum number of

Region: 1,000 member accounts that can
be associated with a Macie
administrator account by
invitation in the current
Region.
Member accounts through AWS Each supported No The maximum number

Organizations Region: 5,000 of member accounts that
can be associated with
the Macie administrator
account for an AWS
Organizations organization
Microsoft Excel workbook (.xls or .xlsx) file Each supported No The maximum size (in MB)
size Region: 512 of an individual Microsoft
Megabytes Excel workbook (.xls
or .xlsx) file that Macie can
data in the file.
Microsoft Word document (.doc or .docx) Each supported No The maximum size (in MB)
file size Region: 512 of an individual Microsoft
Megabytes Word document (.doc
or .docx) file that Macie can
data in the file.
Nested levels Each supported No The maximum number of

Region: 10 nested levels that Macie
can analyze in an archive
file. If the metadata for an
archive file indicates that
the file contains more than
the maximum number of
nested levels, Macie doesnt
extract or analyze any data
in the file.
Version 1.0
662
Service quotas

Description
Nested levels in structured data Each supported No The maximum number of

Region: 256 nested levels that Macie
can analyze in a JSON
(.json) or JSON Lines (.jsonl)
file. If a file contains more
than the maximum number
of nested levels, Macie
doesnt analyze any data in
the file.
Non-binary text file size Each supported No The maximum size (in GB)
Region: 20 of an individual non-binary
Gigabytes text file that Macie can
data in the file.
Portable Document Format (.pdf) file size Each supported No The maximum size (in MB)
Region: 1,024 of an individual Portable
Megabytes Document Format (.pdf) file
that Macie can analyze. If a
file is larger, Macie doesnt
analyze any data in the file.
S3 buckets per sensitive data discovery job Each supported No The maximum number
Region: 1,000 of S3 buckets that you
can explicitly select for a
sensitive data discovery
job to analyze. If youre
the Macie administrator
for an organization, the
buckets can span as many
as 1,000 accounts in your
organization.
Sensitive data discovery occurrences Each supported No The maximum number

Region: 1,000 of occurrences of each
type of sensitive data that
Macie detects and provides
detailed location data for
in sensitive data discovery
results.
Sensitive data discovery per month per Each supported Yes The maximum amount
account Region: 5 Terabytes of data (in TB) that you
can analyze by running
sensitive data discovery
jobs for this account in the
current Region.
Sensitive data finding occurrences Each supported No The maximum number

Region: 15 of detection locations
that Macie provides in a
sensitive data finding.
Version 1.0
663
AWS Mainframe Modernization

Description
TAR archive (.tar) file size Each supported No The maximum size (in GB)
Region: 20 of an individual TAR archive
Gigabytes (.tar) file that Macie can
data in the file.
ZIP compressed archive (.zip) file size Each supported No The maximum size (in
Region: 8 Gigabytes GB) of an individual ZIP
compressed archive (.zip)
file that Macie can analyze.
If a file is larger, Macie
doesnt analyze any data in
the file.
For more information, see Amazon Macie quotas in the Amazon Macie User Guide.
AWS Mainframe Modernization endpoints and

quotas
Service endpoints
Name
US East (N. us-east-1 m2.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 m2.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- m2.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Canada ca- m2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- m2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 m2.eu-west-1.amazonaws.com HTTPS

(Ireland)
South sa-east-1 m2.sa-east-1.amazonaws.com HTTPS

America
Version 1.0
664
Service quotas

Name
(São
Paulo)
Service quotas
Number of applications per AWS 20 No

account
Number of runtime 20 No
environments per AWS account
Number of instances per high 12 No

availability cluster
Number of Amazon EFS 1 No

file systems per runtime
environment
Number of Amazon FSx 1 No

file systems per runtime
environment
Amazon Machine Learning endpoints and quotas

Service endpoints

Name
US East (N. us-east-1 machinelearning.us-east-1.amazonaws.com HTTPS

Virginia)
Europe eu-west-1 machinelearning.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
665
Service quotas
Service quotas

Description
Batch prediction input records Each supported Yes The maximum number of
Region: records of batch prediction
100,000,000 input.
Batch prediction input size Each supported Yes The maximum size (in TB)
Region: 1 Terabytes of batch prediction input.
Classes for multiclass ML models Each supported Yes The maximum number of
Region: 100 classes for multiclass ML
models.
Job runtime Each supported No The maximum runtime

Region: 7 length (in days) for any job.
ML model size Each supported No The maximum ML model

Region: 2 Gigabytes size (in GB).
Observation size Each supported Yes The maximum size (in KB)
Region: 100 of each observation.
Kilobytes
Rate of real-time prediction requests per Each supported Yes The maximum number
endpoint Region: 200 of requests per second
that you can perform with
each real-time prediction
endpoint.
Recipe complexity Each supported Yes The maximum recipe

Region: 10,000 complexity (number
of processed output
variables).
Simultaneous jobs Each supported Yes The maximum number of

Region: 25 simultaneous jobs.
Tags per object Each supported No The maximum number of

Region: 50 tags per object.
Total RAM for all real-time prediction Each supported Yes The maximum total RAM
endpoints Region: 10 (in GB) for all real-time
Gigabytes prediction endpoints.
Total rate of all real-time prediction Each supported Yes The maximum total
requests Region: 10,000 number of requests per
second that you can
perform with all of your
real-time prediction
endpoints.
Training data size Each supported Yes The maximum size (in GB)
Region: 100 of training data.
Gigabytes
Version 1.0
666
Managed Blockchain

Description
Variables per data file Each supported Yes The maximum number
Region: 1,000 of variables in a data file
(schema).
For more information, see Amazon ML Quotas in the Amazon Machine Learning Developer Guide.
Amazon Managed Blockchain endpoints and

quotas
Service endpoints

Name
US East (N. us-east-1 managedblockchain.us-east-1.amazonaws.com HTTPS

Virginia)
Asia ap- managedblockchain.ap- HTTPS

(Seoul)

(Singapore)

(Tokyo)
Europe eu-west-1 managedblockchain.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 managedblockchain.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- managedblockchain.us-gov- HTTPS

(US-West)
Version 1.0
667
Service quotas
Service quotas
Description
Number of Hyperledger Fabric channels Each supported Yes The maximum number
per Standard Edition network Region: 8 of Hyperledger Fabric
channels per Standard
Edition network.
Number of Hyperledger Fabric channels Each supported Yes The maximum number
per Starter Edition network Region: 8 of Hyperledger Fabric
channels per Starter Edition
network.
Number of Standard Edition networks in Each supported Yes The maximum number
which an AWS account can have a member Region: 6 of Hyperledger Fabric
Standard Edition networks
in which an AWS account
can have a member.
Number of Starter Edition networks in Each supported Yes The maximum number of
which an AWS account can have a member Region: 6 Hyperledger Fabric Starter
Edition networks in which
an AWS account can have a
member.
For information about attributes of Starter Edition and Standard Edition networks, such as the number
of members per network, peer nodes per member, available instance types, and more, see Amazon
Managed Blockchain Pricing.
AWS Managed Services endpoints and quotas

Service endpoints
See AMS VPC endpoints and AMS Supported configurations in the AWS Managed Services User Guide.
Service quotas
See AMS account limits in the AWS Managed Services User Guide.
AWS Management Console service endpoints

AWS Management Console has Regional endpoints that allow you to directly access the console in a
given AWS Region. The general syntax of a Regional endpoint is as follows:
Version 1.0
668
Service endpoints
https://region-code.console.aws.amazon.com
For example, https://us-west-2.console.aws.amazon.com is the endpoint for the AWS

Management Console service in the US West (Oregon) Region.
The table below lists the name, code, and endpoint of each AWS Region.
Service endpoints
Name
US East us-east-2 us-east-2.console.aws.amazon.com HTTPS

(Ohio)
US East (N. us-east-1 us-east-1.console.aws.amazon.com HTTPS

Virginia)
US West (N. us-west-1 us-west-1.console.aws.amazon.com HTTPS

California)
US West us-west-2 us-west-2.console.aws.amazon.com HTTPS

(Oregon)
Africa (Cape af-south-1 af-south-1.console.aws.amazon.com HTTPS

Town)
Asia Pacific ap-east-1 ap-east-1.console.aws.amazon.com HTTPS

(Hong Kong)
Asia Pacific ap- ap-southeast-3.console.aws.amazon.com HTTPS

(Jakarta) southeast-3
Asia Pacific ap-south-1 ap-south-1.console.aws.amazon.com HTTPS

(Mumbai)
Asia Pacific ap- ap-northeast-3.console.aws.amazon.com HTTPS

(Osaka) northeast-3

(Seoul) northeast-2



(Tokyo) northeast-1
Canada ca-central-1 ca-central-1.console.aws.amazon.com HTTPS

(Central)
Europe eu-central-1 eu-central-1.console.aws.amazon.com HTTPS

(Frankfurt)
Europe eu-west-1 eu-west-1.console.aws.amazon.com HTTPS

(Ireland)
Version 1.0
669
Amazon MWAA

Name

(London)
Europe eu-south-1 eu-south-1.console.aws.amazon.com HTTPS

(Milan)

(Paris)
Europe eu-north-1 eu-north-1.console.aws.amazon.com HTTPS

(Stockholm)
Middle East me-south-1 me-south-1.console.aws.amazon.com HTTPS

(Bahrain)
Middle East me- me-central-1.console.aws.amazon.com HTTPS

(UAE) central-1
South sa-east-1 sa-east-1.console.aws.amazon.com HTTPS

America
(São Paulo)
AWS us-gov- us-gov-east-1.console.amazonaws-us-gov.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- us-gov-west-1.console.amazonaws-us-gov.com HTTPS

GovCloud west-1
(US-West)
Amazon Managed Workflows for Apache Airflow

Service endpoints
Name
US East us-east-2 airflow.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 airflow.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 airflow.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
670
Service quotas

Name
Asia ap- airflow.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- airflow.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- airflow.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- airflow.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- airflow.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- airflow.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- airflow.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 airflow.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 airflow.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 airflow.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Environments per account per Region Each supported Yes The maximum number of
Region: 10 environments per account
per Region.
Workers per environment Each supported Yes The maximum number of

Region: 25 workers per environment.
Version 1.0
671
AWS Marketplace
AWS Marketplace endpoints and quotas

AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy,
and manage third-party software and services that customers need to build solutions and run their
businesses.
Service endpoints
The AWS Marketplace website is available globally. The AWS Marketplace console is available in the
US East (N. Virginia) Region. The product vendor determines the Regions in which their products are
available.
AWS Marketplace Catalog API

Name
US East (N. us-east-1 catalog.marketplace.us-east-1.amazonaws.com HTTPS

Virginia)
AWS Marketplace Commerce Analytics

Name
US East (N. us-east-1 marketplacecommerceanalytics.us- HTTPS

AWS Marketplace Entitlement Service

Name
US East (N. us-east-1 entitlement.marketplace.us- HTTPS

AWS Marketplace Metering Service

Name
US East us-east-2 metering.marketplace.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
672
Service endpoints

Name
US East (N. us-east-1 metering.marketplace.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 metering.marketplace.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 metering.marketplace.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 metering.marketplace.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 metering.marketplace.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- metering.marketplace.ap- HTTPS

(Jakarta)

(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- metering.marketplace.ca- HTTPS

Europe eu- metering.marketplace.eu- HTTPS

Europe eu-west-1 metering.marketplace.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
673
Mechanical Turk

Name

(London)
Europe eu- metering.marketplace.eu- HTTPS


(Paris)
Europe eu-north-1 metering.marketplace.eu- HTTPS

Middle me- metering.marketplace.me- HTTPS

(Bahrain)
Middle me- metering.marketplace.me- HTTPS

East (UAE) central-1 central-1.amazonaws.com
South sa-east-1 metering.marketplace.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- metering.marketplace.us-gov- HTTPS

(US-East)
AWS us-gov- metering.marketplace.us-gov- HTTPS

(US-West)
Amazon Mechanical Turk endpoints and quotas

Service endpoints
Region Endpoint Protocol
Sandbox endpoint mturk-requester-sandbox.us-east-1.amazonaws.com HTTPS

for Amazon
Mechanical Turk
actions.
Production mturk-requester.us-east-1.amazonaws.com HTTPS

endpoint for
Amazon Mechanical
Turk actions.
Version 1.0
674
Service quotas
Service quotas

Description
Monthly Usage Each supported Yes The maximum monthly

Region: 1,000 spend in USD
Amazon Managed Streaming for Apache Kafka

Service endpoints

Name
US East us-east-2 kafka.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 kafka.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 kafka.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 kafka.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 kafka.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 kafka.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- kafka.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- kafka.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
675
Service endpoints

Name
Asia ap- kafka.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- kafka.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- kafka.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kafka.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- kafka.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 kafka.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- kafka.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 kafka.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- kafka.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- kafka.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Version 1.0
676
Service quotas
Service quotas
Description
Number of brokers per account Each supported Yes The maximum number of
Region: 90 brokers that can be created
per account.
Number of brokers per cluster Each supported Yes The maximum number of
Region: 30 brokers that a cluster can
contain.
Number of configurations per account Each supported Yes The maximum number of
Region: 100 custom configurations that
can be created per account.
Number of revisions per configuration Each supported Yes The maximum number of
Region: 50 revisions that can be made
to a custom configuration.
Amazon MSK Connect endpoints and quotas

Service endpoints
Name
US East us-east-2 kafkaconnect.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 kafkaconnect.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 kafkaconnect.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 kafkaconnect.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- kafkaconnect.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- kafkaconnect.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Version 1.0
677
Service quotas

Name
Asia ap- kafkaconnect.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- kafkaconnect.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- kafkaconnect.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- kafkaconnect.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- kafkaconnect.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 kafkaconnect.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 kafkaconnect.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 kafkaconnect.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Dimension Quota
Maximum custom plugins 100
Maximum worker configurations 100
Maximum connect workers Up to 60 connect workers. If a connector is set

up to have auto scaled capacity, MSK Connect
uses the maximum number of workers configured
for that connector to calculate the quota for the
account.
Version 1.0
678
MediaConnect
AWS Elemental MediaConnect endpoints and

quotas
Service endpoints

Name
US East us-east-2 mediaconnect.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 mediaconnect.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 mediaconnect.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 mediaconnect.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 mediaconnect.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- mediaconnect.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mediaconnect.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- mediaconnect.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- mediaconnect.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- mediaconnect.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- mediaconnect.eu-central-1.amazonaws.com HTTPS

Version 1.0
679
Service quotas

Name
Europe eu-west-1 mediaconnect.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 mediaconnect.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 mediaconnect.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Description
Entitlements Each supported No The maximum number of

Region: 50 entitlements that you can
grant on a flow.
Flows Each supported Yes The maximum number of

Region: 20 flows that you can create in
each AWS Region.
Outputs Each supported No The maximum number of

Region: 50 outputs that a flow can
have.
For more information, see Quotas in the AWS Elemental MediaConnect User Guide.
AWS Elemental MediaConvert endpoints and

quotas
Service endpoints
Use these endpoints only to request an account-specific endpoint, using the DescribeEndpoints
operation. Send all your transcoding requests to the account-specific endpoint that the service returns.
For more information, see Getting Started with the API in the MediaConvert API Reference.
Version 1.0
680
Service endpoints

Name
US East us-east-2 mediaconvert.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 mediaconvert.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 mediaconvert.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 mediaconvert.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- mediaconvert.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mediaconvert.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- mediaconvert.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- mediaconvert.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- mediaconvert.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- mediaconvert.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- mediaconvert.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mediaconvert.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 mediaconvert.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 mediaconvert.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
681
Service quotas

Name
AWS us-gov- mediaconvert.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Concurrent jobs across all on-demand us-east-1: 40 Yes The maximum number of
queues, baseline jobs that the service will
us-west-2: 40 process at one time, across
all of your on-demand
eu-west-1: 40 queues in the current
Region.
Each of the other
supported Regions:
20
Concurrent jobs per on-demand queue, us-east-1: 200 Yes The maximum number of
peak jobs the service will process
us-west-2: 200 at one time per on-demand
queue.
eu-west-1: 200
Each of the other

supported Regions:
100
Custom job templates Each supported Yes The maximum number

Region: 100 of custom job templates
Region.
Custom output presets Each supported Yes The maximum number

Region: 100 of custom output presets
Region.
Queues (on-demand) per Region, per Each supported Yes The maximum number
account Region: 10 of on-demand queues
Region.
Queues (reserved) per Region, per account Each supported Yes The maximum number of
Region: 30 reserved queues that you
the current Region.
Request rate for API calls in aggregate Each supported Yes The maximum number of
Region: 2 aggregate API requests per
Version 1.0
682
MediaLive

Description
Region.
Request rate for API calls in aggregate, in a Each supported Yes The maximum number of
burst Region: 100 aggregate requests that
you can send in one burst in
Region.
Request rate for DescribeEndpoints Each supported No The maximum number of

Region: 0.01667 DescribeEndpoints requests
send in this account in
the current Region. You
send this request only to
get your endpoint. This
endpoint is specific to
your AWS Region and
won’t change. Request this
endpoint once, and then
hardcode or cache it.
Request rate for DescribeEndpoints, in a Each supported No You can’t send

burst Region: 0 DescribeEndpoints requests
in a burst. You send this
request only to get your
endpoint. This endpoint is
specific to your AWS Region
and won’t change. Request
this endpoint once, and
then hardcode or cache it.
AWS Elemental MediaLive endpoints and quotas

Service endpoints
When you submit requests using the AWS CLI or SDKs, either leave the Region and endpoint unspecified,
or specify us-east-1 as the Region. When you submit requests using the MediaLive API, use the us-east-1
Region to sign requests. For more information about signing MediaLive API requests, see Signature
Version 4 signing process (p. 1012).

Name
US East us-east-2 medialive.us-east-2.amazonaws.com HTTPS

(Ohio)
medialive-fips.us-east-2.amazonaws.com HTTPS
Version 1.0
683
Service quotas

Name
US East (N. us-east-1 medialive.us-east-1.amazonaws.com HTTPS

Virginia)
medialive-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 medialive.us-west-2.amazonaws.com HTTPS

(Oregon)
medialive-fips.us-west-2.amazonaws.com HTTPS
Asia ap- medialive.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- medialive.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- medialive.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- medialive.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- medialive.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- medialive.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 medialive.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 medialive.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 medialive.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
Description
CDI Channels Each supported Yes The maximum number of

Region: 2 CDI channels (channels that
include one or more CDI
Version 1.0
684
MediaPackage

Description
inputs) that you can create
Channels Each supported Yes The maximum number

Region: 5 of channels that you can
Device Inputs Each supported Yes The maximum number of

Region: 100 device inputs (an input
from a device) that you can
HEVC Channels Each supported Yes The maximum number of

Region: 5 HEVC channels (channels
that include one or more
HEVC outputs) that you can
Input Security Groups Each supported Yes The maximum number

Region: 5 of input security groups
current region.
Multiplexes Each supported Yes The maximum number of

Region: 2 multiplexes that you can
Pull Inputs Each supported Yes The maximum number of

Region: 100 pull inputs that you can
Push Inputs Each supported Yes The maximum number of

Region: 5 push inputs that you can
Reservations Each supported Yes The maximum number of

Region: 50 reservations that you can
UHD Channels Each supported Yes The maximum number of

Region: 1 UHD channels (channels
that include one or more
UHD outputs) that you can
VPC Inputs Each supported Yes The maximum number of

Region: 50 VPC inputs that you can
AWS Elemental MediaPackage endpoints and

quotas
Version 1.0
685
Service endpoints
Service endpoints
These are the endpoints for live content workflows.

Name
US East us-east-2 mediapackage.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 mediapackage.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 mediapackage.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 mediapackage.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- mediapackage.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mediapackage.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- mediapackage.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- mediapackage.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- mediapackage.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- mediapackage.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mediapackage.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 mediapackage.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
686
Service endpoints

Name
South sa-east-1 mediapackage.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
These are the endpoints for video on demand (VOD) content workflows.

Name
US East us-east-2 mediapackage-vod.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 mediapackage-vod.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 mediapackage-vod.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 mediapackage-vod.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- mediapackage-vod.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mediapackage-vod.ap- HTTPS

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Europe eu- mediapackage-vod.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mediapackage-vod.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Version 1.0
687
Service quotas

Name
Europe eu-north-1 mediapackage-vod.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 mediapackage-vod.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Assets per packaging group Each supported Yes The maximum number
Region: 10,000 of assets per packaging
group that you can create.
Remember that this is
a per packaging group
limit. If you have 1000 or
fewer assets in a group, you
dont need an asset limit
increase, regardless of how
many groups you have.
Burst rate of REST API requests (Live) Each supported No The maximum number
Region: 50 of REST API requests per
second that you can burst
to this account in this
region.
Burst rate of REST API requests (VOD) Each supported No The maximum number
second that you can burst
Region.
Channels Each supported Yes The maximum number

Region: 30 of channels that you can
create in this account
This limit doesnt affect
endpoint limits. If you arent
exceeding the endpoint
limit per channel, you
dont need to increase your
endpoint limits when you
increase your channels.
Concurrent harvest jobs Each supported Yes The maximum number of

Region: 10 harvest jobs that can be in
progress at the same time.
Version 1.0
688
Service quotas

Description
Content retention Each supported No The maximum number of

Region: 336 hours that you can retain
ingested content.
Endpoints per channel Each supported Yes The maximum number of

Region: 10 endpoints per channel that
you can create. Remember
that this is a per channel
limit. If you have 10 or
fewer endpoints on a
channel, you dont need an
endpoint limit increase,
regardless of how many
channels you have.
Ingest streams per asset Each supported No The maximum number of

Region: 20 streams per asset that you
can ingest.
Ingest streams per channel Each supported No The maximum number of

Region: 20 streams per channel that
you can ingest.
Live manifest length Each supported Yes The maximum length of a

Region: 5 live manifest, in minutes.
Packaging configurations per packaging Each supported Yes The maximum number of
group Region: 10 packaging configurations
per packaging group that
you can create. Remember
that this is a per packaging
group limit. If you have 10
or fewer configurations in
a group, you dont need a
configuration limit increase,
regardless of how many
groups you have.
Packaging groups Each supported Yes The maximum number of

Region: 10 packaging groups that you
the current Region.
Rate of REST API requests (Live) Each supported No The maximum number
second that you can send
region.
Rate of REST API requests (VOD) Each supported No The maximum number
second that you can send
Region.
Version 1.0
689
MediaStore

Description
Rate of ingest requests per channel Each supported No The maximum number of
Region: 50 ingest requests per second
allowed per channel.
Rate of manifest egress requests per asset Each supported No The maximum number of
Region: 1,000 manifest egress requests
per second allowed per
asset.
Rate of manifest egress requests per origin Each supported No The maximum number of
endpoint Region: 5,000 manifest egress requests
per second allowed per
origin endpoint.
Rate of segment egress requests per asset Each supported No The maximum number
Region: 600 of media segment egress
requests per second
allowed per asset.
Rate of segment egress requests per origin Each supported No The maximum number
endpoint Region: 300 of media segment egress
requests per second
allowed per origin
endpoint.
Time-shifted manifest length Each supported No The maximum length of a

Region: 24 time-shifted manifest, in
hours.
Tracks per ingest stream (Live) Each supported No The maximum number of
Region: 10 tracks per stream that you
can ingest.
Tracks per ingest stream (VOD) Each supported No The maximum number of
Region: 10 tracks per stream that you
can ingest.
For more information, see Quotas in the AWS Elemental MediaPackage User Guide.
AWS Elemental MediaStore endpoints and quotas

Version 1.0
690
Service endpoints
Service endpoints

Name
US East (N. us-east-1 mediastore.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 mediastore.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- mediastore.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- mediastore.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- mediastore.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- mediastore.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mediastore.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 mediastore.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 mediastore.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Service quotas

Description
Containers Each supported No The maximum number of

Region: 100 containers that you can
Folder levels Each supported No The maximum number of

Region: 10 folder levels that you can
create in a container. You
can create as many folders
as you want, as long as they
are not nested more than
10 levels within a container.
Object size Each supported No The maximum size of a

Region: 25 single object.
Megabytes
Version 1.0
691
Service quotas

Description
Rate of DeleteObject API requests Each supported Yes The maximum number of
Region: 100 DeleteObject requests that
throttled.
Rate of DescribeObject API requests Each supported Yes The maximum number of
Region: 1,000 DescribeObject requests
are throttled.
Rate of GetObject API requests for Each supported Yes The maximum number of
standard upload availability Region: 1,000 GetObject requests that
you can make per second,
when you use standard
upload availability.
throttled.
Rate of GetObject API requests for Each supported Yes The maximum number of
streaming upload availability Region: 25 GetObject requests that
when you use streaming
throttled.
Rate of ListItems API requests Each supported Yes The maximum number of
Region: 5 ListItems requests that
throttled.
Rate of PutObject API requests for Each supported Yes The maximum number of
chunked transfer encoding (also known as Region: 10 PutObject requests that
streaming upload availability) you can make per second
with chunked transfer
encoding of the body (also
known as streaming upload
availability). Additional
Rate of PutObject API requests for Each supported Yes The maximum number of
standard upload availability Region: 100 PutObject requests that
when you use standard
throttled.
For more information, see Quotas in the AWS Elemental MediaStore User Guide.
Version 1.0
692
MediaTailor
AWS Elemental MediaTailor endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 api.mediatailor.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US West us-west-2 api.mediatailor.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Asia ap- api.mediatailor.ap-southeast-1.amazonaws.com HTTP and

(Singapore)
Asia ap- api.mediatailor.ap-southeast-2.amazonaws.com HTTP and

(Sydney)
Asia ap- api.mediatailor.ap-northeast-1.amazonaws.com HTTP and

(Tokyo)
Europe eu- api.mediatailor.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 api.mediatailor.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS
Service quotas
Description
Ad decision server (ADS) length Each supported No The maximum number of

Region: 25,000 characters in an ad decision
server (ADS) specification.
Ad decision server (ADS) redirects Each supported No The maximum depth of

Region: 5 redirects that MediaTailor
follows in VAST wrapper
tags.
Ad decision server (ADS) timeout Each supported No The maximum number of

Region: 3 Seconds seconds that MediaTailor
waits before timing out on
an open connection to an
Version 1.0
693
Service quotas

Description
ad decision server (ADS).
When a connection times
out, MediaTailor is unable
to fill the ad avail with ads
due to no response from
the ADS.
Configurations Each supported No The maximum number

Region: 1,000 of configurations that
MediaTailor allows.
Content origin length Each supported No The maximum number of

Region: 512 characters in a content
origin specification.
Content origin server timeout Each supported No The maximum number of

Region: 2 Seconds seconds that MediaTailor
waits before timing out
on an open connection to
the content origin server
when requesting template
manifests. Timeouts
generate HTTP 504
(GatewayTimeoutException)
response errors.
Manifest size Each supported No The maximum size, in MB,

Region: 2 of any playback manifest,
Megabytes whether in input or output.
To ensure that you stay
under the quota, use gzip
to compress your input
manifests into MediaTailor.
Session expiration Each supported No The maximum amount

Region: 10 of time (quota times the
Megabytes manifest duration) that
MediaTailor allows a
session to remain inactive
before ending the session.
Session activity can be
a player request or an
advance by the origin
server. When the session
expires, MediaTailor returns
an HTTP 400 (Bad Request)
response error.
Version 1.0
694
Migration Hub

Description
Transactions Each supported Yes The maximum number of

Region: 10,000 concurrent transactions
per second across all
request types. This is
an account-level quota.
Your transaction count
depends largely on how
often players request
updated manifests and the
number of players. Each
player request counts as a
transaction.
For more information, see Quotas in the AWS Elemental MediaTailor User Guide.
AWS Migration Hub endpoints and quotas

Service endpoints
The migration tools that integrate with AWS Migration Hub send migration status to the Migration Hub
in the home Region you choose. For information about choosing a home Region, see The AWS Migration
Hub Home Region in the AWS Migration Hub User Guide.

Name
US East (N. us-east-1 mgh.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 mgh.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- mgh.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- mgh.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- mgh.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mgh.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
695
Service quotas

Name
Europe eu-west-2 mgh.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
The quotas associated with AWS Migration Hub are the AWS Application Discovery Service quotas. For
more information, see AWS Application Discovery Service Quotas (p. 59).
Migration Hub Orchestrator endpoints and quotas

Service endpoints

Name
US East (N. us-east-1 migrationhub-orchestrator.us- HTTPS

US West us-west-2 migrationhub-orchestrator.us- HTTPS

Asia ap- migrationhub-orchestrator.ap- HTTPS

(Sydney)
Asia ap- migrationhub-orchestrator.ap- HTTPS

(Tokyo)
Europe eu- migrationhub-orchestrator.eu- HTTPS

Europe eu-west-1 migrationhub-orchestrator.eu- HTTPS

Europe eu-west-2 migrationhub-orchestrator.eu- HTTPS

Version 1.0
696
Service quotas
Service quotas
Maximum steps 15 No The maximum number

of steps in a step group.
Maximum step groups 15 No The maximum number

of step groups in a
migration workflow.
Maximum migration 50 No The maximum number

workflows of migration workflows
in progress.
AWS Migration Hub Refactor Spaces endpoints and

quotas
Service endpoints
US East (Ohio) us-east-2 refactor-spaces.us- HTTPS

US East (N. Virginia) us-east-1 refactor-spaces.us- HTTPS

US West (Oregon) us-west-2 refactor-spaces.us- HTTPS

Asia Pacific (Singapore) ap-southeast-1 refactor-spaces.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 refactor-spaces.ap- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 refactor-spaces.ap- HTTPS

Europe (Frankfurt) eu-central-1 refactor-spaces.eu- HTTPS

Europe (Ireland) eu-west-1 refactor-spaces.eu- HTTPS

Europe (London) eu-west-2 refactor-spaces.eu- HTTPS

Version 1.0
697
Service quotas
Europe (Stockholm) eu-north-1 refactor-spaces.eu- HTTPS

Service quotas

Description
Applications Each supported Yes The maximum number

Region: 600 of Refactor Spaces
applications that you can
current Region.
Environments Each supported Yes The maximum number

Region: 50 of Refactor Spaces
environments that you can
current Region.
Routes Each supported Yes The maximum number of

Region: 1,000 Refactor Spaces routes
Region.
Services Each supported Yes The maximum number of

Region: 500 Refactor Spaces services
Region.
Migration Hub Strategy Recommendations

Service endpoints

Name
US East (N. us-east-1 migrationhub-strategy.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
698
Service quotas

Name
US West us-west-2 migrationhub-strategy.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- migrationhub-strategy.ap- HTTPS

(Sydney)
Asia ap- migrationhub-strategy.ap- HTTPS

(Tokyo)
Europe eu- migrationhub-strategy.eu- HTTPS

Europe eu-west-1 migrationhub-strategy.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 migrationhub-strategy.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
Description
Active Assessment Maximum Each supported Yes The maximum number

Region: 1 of concurrent active
assessments
Active Import Maximum Each supported Yes The maximum number of

Region: 5 concurrent active import
tasks
Assessment Maximum Each supported Yes The maximum number

Region: 50 of assessments per AWS
account
Maximum Server per Assessment Each supported Yes The maximum number of
Region: 300 servers per assessment
Amazon Monitron endpoints and quotas

Service endpoints
Amazon Monitron is currently supported in the following Regions:
Version 1.0
699
Service quotas
• US East (N. Virginia): us-east-1

• Europe (Ireland): eu-west-1
Service quotas
Description
Assets per site Each supported Yes The maximum number of

Region: 100 assets per site.
Gateways per site Each supported Yes The maximum number of

Region: 200 gateways per site.
Positions per asset Each supported Yes The maximum number of

Region: 20 positions per asset.
Projects per account Each supported Yes The maximum number of

Region: 10 projects that can be created
for an account.
Sites per project Each supported Yes The maximum number of

Region: 50 sites per project.
Users per site Each supported Yes The maximum number of

Region: 20 users per site.
Amazon MQ endpoints and quotas

Service endpoints
Name
US East us-east-2 mq.us-east-2.amazonaws.com HTTPS

(Ohio)
mq-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 mq.us-east-1.amazonaws.com HTTPS

Virginia)
mq-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 mq.us-west-1.amazonaws.com HTTPS

West (N.
California) mq-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 mq.us-west-2.amazonaws.com HTTPS

(Oregon)
mq-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
700
Service endpoints

Name
Africa af-south-1 mq.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 mq.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- mq.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- mq.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- mq.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- mq.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- mq.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 mq.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- mq.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 mq.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
701
Service quotas

Name
Middle me- mq.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 mq.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- mq.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) mq-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- mq.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) mq-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
API burst limit Each supported No The API burst limit,

Region: 100 aggregated per AWS
account, across all Amazon
MQ APIs to maintain
service bandwidth. This
doesnt apply to ActiveMQ
or RabbitMQ broker
messaging APIs. For
example, Amazon MQ
doesnt throttle the sending
or receiving of messages.
API rate limit Each supported No The API rate limit,

Region: 15 aggregated per AWS
account, across all Amazon
MQ APIs to maintain
service bandwidth. This
doesnt apply to ActiveMQ
or RabbitMQ broker
messaging APIs. For
example, Amazon MQ
doesnt throttle the sending
or receiving of messages.
Destinations monitored in CloudWatch Each supported No The maximum number of

(ActiveMQ) Region: 200 destinations (ActiveMQ
queues, ActiveMQ topics)
monitored in CloudWatch.
Destinations monitored in CloudWatch Each supported No The maximum number of

(RabbitMQ) Region: 500 destinations (RabbitMQ
Version 1.0
702
Service quotas

Description
queues) monitored in
CloudWatch.
Groups per user (simple auth) Each supported No The maximum number of
Region: 20 groups per user (simple
auth). This does not apply
to RabbitMQ brokers.
Job scheduler usage limit per broker Each supported No The job scheduler usage
backed by Amazon EBS Region: 50 limit (in GB) per broker
Gigabytes backed by Amazon EBS.
This does not apply to
RabbitMQ brokers.
Number of brokers, per region Each supported Yes The maximum number of
Region: 50 brokers, per region.
Revisions per configuration Each supported No The maximum number of

Region: 300 revisions per configuration.
RabbitMQ brokers.
Security groups per broker Each supported No The maximum number of

Region: 5 security groups per broker.
Storage capacity per larger broker Each supported No The maximum storage
Region: 200 capacity (in GB) per larger
Gigabytes broker (mq.*.large instance
type brokers).
Storage capacity per smaller broker Each supported No The maximum storage
Region: 20 capacity (in GB) per smaller
Gigabytes broker (mq.*.micro instance
type brokers).
Tags per broker Each supported No The maximum number of

Region: 50 tags per broker.
Temporary storage capacity per larger Each supported No The maximum temporary
broker Region: 50 storage capacity (in GB) per
Gigabytes larger broker (mq.*.*large
instance type brokers).
RabbitMQ brokers.
Temporary storage capacity per smaller Each supported No The maximum temporary
broker Region: 5 Gigabytes storage capacity (in GB) per
smaller broker (mq.*.micro
RabbitMQ brokers.
Users per broker (simple auth) Each supported No The maximum number of
Region: 250 users per broker (simple
auth). This does not apply
to RabbitMQ brokers.
Version 1.0
703
Neptune

Description
Wire-level connections per larger broker Each supported Yes The maximum number of
Region: 1,000 wire-level connections per
larger broker (mq.*.*large
RabbitMQ brokers.
Wire-level connections per smaller broker Each supported Yes The maximum number of
Region: 100 wire-level connections per
smaller broker (mq.*.micro
RabbitMQ brokers.
For more information, see Quotas in Amazon MQ in the Amazon MQ Developer Guide.
Amazon Neptune endpoints and quotas

Service endpoints

Name
US East us-east-2 rds.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 rds.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 rds.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 rds.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 rds.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 rds.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Version 1.0
704
Service endpoints

Name
Asia ap- rds.ap-south-1.amazonaws.com HTTP and

(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- rds.ca-central-1.amazonaws.com HTTP and

Europe eu- rds.eu-central-1.amazonaws.com HTTP and


(Ireland) HTTPS

(London) HTTPS

(Paris) HTTPS
Europe eu-north-1 rds.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- rds.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
South sa-east-1 rds.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- rds.us-gov-east-1.amazonaws.com HTTP and

(US-East)
AWS us-gov- rds.us-gov-west-1.amazonaws.com HTTP and

(US-West)
Version 1.0
705
Service quotas
Service quotas

Description
Cluster endpoints per DB cluster Each supported Yes The maximum number of
Region: 5 cluster endpoints per DB
cluster.
Cross-region snapshot copy requests Each supported Yes The maximum number of
Region: 5 cross-region snapshot copy
requests.
DB cluster Roles Each supported Yes The maximum number of

Region: 5 DB cluster roles.
DB cluster manuals snapshots Each supported Yes The maximum number

Region: 100 of DB cluster manual
snapshots.
DB cluster parameter groups Each supported Yes The maximum number

groups.

Region: 40 DB clusters.
DB instance parameter groups Each supported Yes The maximum number of

Region: 50 DB instance parameter
groups.

Region: 40 DB instances.

Region: 50 DB subnet groups.

Region: 20 event subscriptions.
Read replicas per cluster Each supported No The maximum number of

Region: 15 read replicas per cluster.
Reserved DB instances Each supported Yes The maximum number of

Region: 40 reserved DB instances.
Tags per resource Each supported Yes The maximum number of

Region: 50 tags per resource.
For more information, see Amazon Neptune quotas in the Amazon Neptune User Guide.
AWS Network Firewall endpoints and quotas

Version 1.0
706
Service endpoints
Service endpoints

Name
US East us-east-2 network-firewall.us-east-2.amazonaws.com HTTPS

(Ohio)
network-firewall-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 network-firewall.us-east-1.amazonaws.com HTTPS

Virginia)
network-firewall-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 network-firewall.us-west-1.amazonaws.com HTTPS

West (N.
California) network-firewall-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 network-firewall.us-west-2.amazonaws.com HTTPS

(Oregon)
network-firewall-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 network-firewall.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 network-firewall.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- network-firewall.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- network-firewall.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- network-firewall.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- network-firewall.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- network-firewall.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Version 1.0
707
Service quotas

Name
network-firewall-fips.ca- HTTPS
Europe eu- network-firewall.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 network-firewall.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- network-firewall.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 network-firewall.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- network-firewall.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 network-firewall.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- network-firewall.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) network-firewall-fips.us-gov- HTTPS
AWS us-gov- network-firewall.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) network-firewall-fips.us-gov- HTTPS
Service quotas
Description
Firewall policies Each supported Yes The maximum number of

Region: 20 firewall policies per account
per Region.
Firewalls Each supported Yes The maximum number of

Region: 5 firewalls per account per
Region.
Stateful rulegroups Each supported Yes The maximum number of

Region: 50 stateful rule groups per
account per Region.
Version 1.0
708
Network Manager

Description
Stateless rulegroups Each supported Yes The maximum number of

Region: 50 stateless rule groups per
account per Region.
For more information, see AWS Network Firewall quotas in the Network Firewall Developer Guide.
AWS Network Manager endpoints and quotas

Service endpoints
Name
US West us-west-2 networkmanager.us-west-2.amazonaws.com HTTPS

(Oregon)
AWS us-gov- networkmanager.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas
Description
Attachments per core network Each supported Yes The maximum number
Region: 5,000 of attachments per core
network
Connect peers per connect attachment Each supported No The maximum number of
Region: 4 connect peers per connect
attachment
Connections per global network Each supported Yes The maximum number of
Region: 500 connections per global
network
Core network attachments per VPC Each supported No The maximum number of
Region: 5 core network attachments
per VPC
Core network policy size in KB Each supported No The maximum size of a core
Region: 100 network policy in KB
Kilobytes
Version 1.0
709
Nimble Studio

Description
Core networks per global network Each supported No The maximum number of
Region: 1 core networks per global
network
Devices per global network Each supported Yes The maximum number of
Region: 200 devices per global network
Edges per region per core network Each supported No The maximum number of
Region: 1 edges per region per core
network
Global networks per account Each supported Yes The maximum number
Region: 5 of global networks per
account
Links per global network Each supported Yes The maximum number of
Region: 200 links per global network
Peerings per core network Each supported Yes The maximum number of
Region: 50 peerings per core network
Policy versions per core network Each supported Yes The maximum number of
Region: 10,000 policy versions per core
network
Retention duration in seconds for core Each supported No The maximum retention
network policies with out of date change Region: 7,776,000 duration in seconds for core
sets Seconds network policies with out of
date change sets
Segments per core network Each supported No The maximum number of

Region: 20 segments per core network
Sites per global network Each supported Yes The maximum number of
Region: 200 sites per global network
For more information, see Network Manager quotas.
Amazon Nimble Studio endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 nimble.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
710
Service quotas

Name
US West us-west-2 nimble.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- nimble.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- nimble.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- nimble.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu-west-2 nimble.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas

Description
Active Directory studio components per Each supported No The maximum number
studio Region: 1 of Active Directory
created per studio in the
current AWS Region.
Custom streaming images per studio Each supported Yes The maximum number of
Region: 10 custom streaming images
studio in the current AWS
Region.
G5 streaming sessions per studio Each supported Yes The maximum number of
Region: 0 G5 streaming sessions that
can be created per studio in
Launch profiles per studio Each supported Yes The maximum number of
Region: 50 launch profiles that can be
current AWS Region.
Shared file system studio components per Each supported Yes The maximum number of
studio Region: 10 shared file system studio
current AWS Region.
Streaming sessions per studio Each supported Yes The maximum number of
Region: 2 streaming sessions that can
be created per studio in the
current AWS Region.
Version 1.0
711
OpenSearch Service

Description
Studio components per studio Each supported Yes The maximum number of
Region: 50 studio components that can
be created per studio in the
current AWS Region.
Studio creation per account Each supported No The maximum number of

Region: 1 studios that can be created
AWS Region.
Amazon OpenSearch Service endpoints and quotas

Service endpoints

Name
US East us-east-2 es.us-east-2.amazonaws.com HTTPS

(Ohio)
es-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 es.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 es.us-west-1.amazonaws.com HTTPS

West (N.
California) es-fips.us-west-1.amazonaws.com HTTPS
es-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 es.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 es.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 es.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
712
Service endpoints

Name
(Hong
Kong)
Asia ap- es.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- es.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- es.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- es.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- es.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 es.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- es.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 es.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- es.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
713
Service quotas

Name
Middle me- es.me-central-1.amazonaws.com HTTPS

South sa-east-1 es.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- es.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) es-fips.us-gov-east-1.amazonaws.com HTTPS
es-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- es.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) es-fips.us-gov-west-1.amazonaws.com HTTPS
es-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Dedicated master instances per domain Each supported No The maximum number
Region: 5 of dedicated master
instances in a single
Amazon OpenSearch
Service domain.
Domains per Region Each supported Yes The maximum number

Region: 100 of Amazon OpenSearch
Service domains you can
create in each AWS Region.
Instances per domain Each supported Yes The maximum number

Region: 80 of instances in a single
Amazon OpenSearch
Service domain. You can
request an increase up to
200 instances per domain.
Instances per domain (T2 instance type) Each supported No The maximum number of
Region: 10 T2 instances in a single
Amazon OpenSearch
Service domain.
Warm instances per domain Each supported No The maximum number of

Region: 150 warm nodes in a single
Amazon OpenSearch
Service cluster.
For more information, see Amazon OpenSearch Service limits.
Version 1.0
714
AWS OpsWorks
AWS OpsWorks endpoints and quotas

Service endpoints
AWS OpsWorks CM
You can create and manage AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet
Enterprise servers in the following Regions. Resources can be managed only in the Region in which
they are created. Resources that are created in one Regional endpoint are not available, nor can they be
cloned to, another Regional endpoint.

Name
US East us-east-2 opsworks-cm.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 opsworks-cm.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 opsworks-cm.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 opsworks-cm.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- opsworks-cm.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- opsworks-cm.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- opsworks-cm.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- opsworks-cm.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 opsworks-cm.eu-west-1.amazonaws.com HTTPS

(Ireland)
AWS OpsWorks Stacks

You can create and manage AWS OpsWorks resources in all of the following Regions. The Canada
(Central) Region Region is API-only; you cannot create stacks in Canada (Central) Region by using the
Version 1.0
715
Service endpoints
AWS Management Console. Resources can be managed only in the Region in which they are created.
Resources that are created in one Regional endpoint are not available—nor can they be cloned to—
another Regional endpoint.

Name
US East us-east-2 opsworks.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 opsworks.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 opsworks.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 opsworks.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- opsworks.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- opsworks.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- opsworks.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- opsworks.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- opsworks.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- opsworks.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- opsworks.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 opsworks.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
South sa-east-1 opsworks.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
716
Service quotas
Service quotas
The following quotas are for AWS OpsWorks CM.

Description
Automated (scheduled) backup Each supported Yes Automated (scheduled)

generations per server Region: 10 backup generations
per server. Each server
(Chef Automate or
Puppet Enterprise) can
have a maximum of 30
generations of automated
backups.
Chef Automate or Puppet Enterprise Each supported Yes Number of servers per
servers Region: 5 account
Manual backups per server Each supported Yes Number of manual backups
Region: 10 per server (Chef Automate
or Puppet Enterprise)
The following quotas are for AWS OpsWorks stacks.

Description
Apps per stack Each supported Yes The maximum number of

Region: 40 apps that you can have
in an OpsWorks stack. An
AWS OpsWorks Stacks
app represents code that
you want to run on an
application server. Apps
are deployed by using Chef
recipes.
Instances per stack Each supported Yes The maximum number

Region: 40 of instances that you can
have in an OpsWorks stack,
including both instances
created in OpsWorks and
outside of OpsWorks.
Instances within an
OpsWorks stack serve a
particular purpose, such
as serving applications or
hosting a database server.
Layers per stack Each supported Yes The maximum number of

Region: 40 layers that you can create
in an OpsWorks stack. A
layer contains a set of EC2
instances within a stack
that serve a particular
purpose, such as serving
Version 1.0
717
Organizations

Description
applications or hosting a
database server. Layers use
Chef recipes to run tasks on
instances such as installing
packages, deploying apps,
and running scripts.
Stacks Each supported Yes The maximum number

Region: 40 of AWS OpsWorks stacks
account. A stack is a group
of OpsWorks instances that
perform different roles--
such as application servers,
database servers, or load
balancers--to run a web
application.
AWS Organizations endpoints and quotas

Service endpoints
Because AWS Organizations is a global service, there is a single global endpoint for all of the AWS
Regions in each partition.

Name
US East us-east-2 organizations.us-east-1.amazonaws.com HTTPS

(Ohio)
organizations-fips.us-east-1.amazonaws.com HTTPS
organizations.us-east-1.amazonaws.com HTTPS
US East (N. us-east-1 organizations.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 organizations.us-east-1.amazonaws.com HTTPS

West (N.
California) organizations-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 organizations.us-east-1.amazonaws.com HTTPS

(Oregon)
Version 1.0
718
Service endpoints

Name
Africa af-south-1 organizations.us-east-1.amazonaws.com HTTPS

(Cape
Town) organizations-fips.us-east-1.amazonaws.com HTTPS
Asia ap-east-1 organizations.us-east-1.amazonaws.com HTTPS

Pacific
(Hong organizations-fips.us-east-1.amazonaws.com HTTPS
Kong)
Asia ap- organizations.us-east-1.amazonaws.com HTTPS

(Jakarta) organizations-fips.us-east-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) organizations-fips.us-east-1.amazonaws.com HTTPS

(Osaka) organizations-fips.us-east-1.amazonaws.com HTTPS

(Seoul) organizations-fips.us-east-1.amazonaws.com HTTPS

(Singapore) organizations-fips.us-east-1.amazonaws.com HTTPS

(Sydney) organizations-fips.us-east-1.amazonaws.com HTTPS

(Tokyo) organizations-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
719
Service endpoints

Name
Canada ca- organizations.us-east-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- organizations.us-east-1.amazonaws.com HTTPS

Europe eu-west-1 organizations.us-east-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- organizations.us-east-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 organizations.us-east-1.amazonaws.com HTTPS

(Stockholm)
Middle me- organizations.us-east-1.amazonaws.com HTTPS

East south-1
(Bahrain) organizations-fips.us-east-1.amazonaws.com HTTPS
Middle me- organizations.us-east-1.amazonaws.com HTTPS

South sa-east-1 organizations.us-east-1.amazonaws.com HTTPS

America
(São organizations-fips.us-east-1.amazonaws.com HTTPS
Paulo)
Version 1.0
720
Service quotas

Name
AWS us-gov- organizations.us-gov-west-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) organizations.us-gov-west-1.amazonaws.com HTTPS
organizations.us-gov-west-1.amazonaws.com HTTPS
AWS us-gov- organizations.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) organizations.us-gov-west-1.amazonaws.com HTTPS
organizations.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Default maximum number of accounts Each supported Yes The default maximum
Region: 10 number of accounts
allowed in an organization.
Enable all features request expiration Each supported No Maximum number of days
Region: 90 to allow before request to
enable all features expires.
Handshake expiration Each supported No Maximum number of

Region: 30 days to allow to complete
handshake.
Invitation acceptance expiration Each supported No Maximum number of days

Region: 15 to allow before invitations
to join an organization
expire.
Member accounts you can concurrently Each supported No Maximum number of

close Region: 3 accounts that you can
concurrently close. As soon
as one finishes, you can
close another.
Member accounts you can concurrently Each supported No Maximum number of

create Region: 5 accounts that you can
concurrently create. As
soon as one finishes, you
can start another.
Minimum age for removal of created Each supported No The minimum number of
accounts Region: 7 days a created account
must exist before you
can remove it from the
organization.
Number of accounts you can close within Each supported No The default maximum
a 30 day period. The actual number of Region: 1 number of member
accounts that can be closed
Version 1.0
721
Service quotas

Description
accounts you can close is 10-percent of within a 30 day period.
your total active member accounts The actual number of
accounts you can close is 10
percent of your total active
member accounts. For more
organizations/
latest/userguide/
orgs_reference_limits.html
Number of invitation attempts you can Each supported No Maximum number of

perform in a 24-hour period Region: 20 invitation attempts you
can perform in a 24-hour
period. The number of
attempts can be either 20
or the maximum number
of accounts allowed in your
organization, whichever is
greater.
OU maximum nesting in a root Each supported No The maximum number of

Region: 5 levels that you can nest
OUs under the root.
OUs in an organization Each supported No The maximum number of

Region: 1,000 OUs that you can include in
an organization.
Policies in an organization Each supported No The maximum number

Region: 1,000 of policies allowed per
organization.
Roots in an organization Each supported No The maximum number of

Region: 1 root accounts allowed per
organization.
Service control policies per OU Each supported No The maximum number

Region: 5 of service control policies
(SCPs) allowed per OU.
Service control policies per account Each supported No The maximum number
(SCPs) allowed per account.
Service control policies per root Each supported No The maximum number
(SCPs) allowed per root.
Service control policy (SCP) document size Each supported No The maximum document
Region: 5,120 Bytes size (in bytes) allowed for
service control policies
(SCPs).
For more information, see Quotas for AWS Organizations in the AWS Organizations User Guide.
Version 1.0
722
AWS Outposts
AWS Outposts endpoints and quotas

Service endpoints

Name
US East us-east-2 outposts.us-east-2.amazonaws.com HTTPS

(Ohio)
outposts-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 outposts.us-east-1.amazonaws.com HTTPS

Virginia)
outposts-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 outposts.us-west-1.amazonaws.com HTTPS

West (N.
California) outposts-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 outposts.us-west-2.amazonaws.com HTTPS

(Oregon)
outposts-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 outposts.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 outposts.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- outposts.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- outposts.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- outposts.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)
Version 1.0
723
Amazon S3 on Outposts

Name

(Sydney)

(Tokyo)
Canada ca- outposts.ca-central-1.amazonaws.com HTTPS

(Central) central-1
outposts-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- outposts.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 outposts.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- outposts.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 outposts.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- outposts.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 outposts.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- outposts.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) outposts.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- outposts.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) outposts.us-gov-west-1.amazonaws.com HTTPS

Name
US East us-east-2 s3-outposts.us-east-2.amazonaws.com HTTPS

(Ohio)
Version 1.0
724

Name
s3-outposts-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 s3-outposts.us-east-1.amazonaws.com HTTPS

Virginia)
s3-outposts-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 s3-outposts.us-west-1.amazonaws.com HTTPS

West (N.
California) s3-outposts-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 s3-outposts.us-west-2.amazonaws.com HTTPS

(Oregon)
s3-outposts-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 s3-outposts.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 s3-outposts.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- s3-outposts.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- s3-outposts.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- s3-outposts.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- s3-outposts.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- s3-outposts.ca-central-1.amazonaws.com HTTPS

(Central) central-1
s3-outposts-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- s3-outposts.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 s3-outposts.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
725
Service quotas

Name

(London)
Europe eu- s3-outposts.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 s3-outposts.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- s3-outposts.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 s3-outposts.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- s3-outposts.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) s3-outposts-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- s3-outposts.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) s3-outposts-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Outpost sites Each supported Yes The maximum number

Region: 100 of Outpost sites that
region. An Outpost site is
the customer-managed
physical building where
you power and attach your
Outpost equipment to the
network.
Outposts per site Each supported Yes The maximum number

Region: 10 of Outposts that you
can create per site. AWS
Outposts includes hardware
and virtual resources
known as Outposts. This
quota limits your Outpost
virtual resources.
Version 1.0
726
AWS Panorama
AWS Panorama endpoints and quotas

Service endpoints

Name
US East (N. us-east-1 panorama.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 panorama.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- panorama.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- panorama.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Canada ca- panorama.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu-west-1 panorama.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Applications per device Each supported No The maximum number of

Region: 10 application instances that
you can run on a device.
Assets per package Each supported No The maximum number of

Region: 50 assets that you upload per
node package.
Camera nodes per application Each supported No The maximum number of

Region: 8 camera nodes that you can
add to an application.
Devices Each supported No The maximum number

Region: 50 of devices that you can
register in this account in
Version 1.0
727
Service quotas

Description
Node packages Each supported No The maximum number of

Region: 50 node packages that you can
current AWS Region.
Package artifact size Each supported No The maximum size of a

Region: 8 Gigabytes node package artifact.
Rate of CreateApplicationInstance API Each supported No The maximum number of

requests Region: 1 CreateApplicationInstance
API requests per second
that you can perform in this
Region.
Rate of CreateJobForDevices API requests Each supported No The maximum number of

Region: 1 CreateJobForDevices API
Region.
Rate of CreateNodeFromTemplateJob API Each supported No The maximum number of

requests Region: 1 CreateNodeFromTemplateJob
Region.
Rate of CreatePackage API requests Each supported No The maximum number of

Region: 1 CreatePackage API requests
Rate of CreatePackageImportJob API Each supported No The maximum number of

requests Region: 1 CreatePackageImportJob
Region.
Rate of DeleteDevice API requests Each supported No The maximum number of

Region: 1 DeleteDevice API requests
Rate of DeletePackage API requests Each supported No The maximum number of

Region: 1 DeletePackage API requests
Version 1.0
728
Service quotas

Description
Rate of DeregisterPackageVersion API Each supported No The maximum number of

requests Region: 1 DeregisterPackageVersion
Region.
Rate of DescribePackage API requests Each supported No The maximum number

Region: 1 of DescribePackage API
Region.
Rate of ProvisionDevice API requests Each supported No The maximum number

Region: 1 of ProvisionDevice API
Region.
Rate of RegisterPackageVersion API Each supported No The maximum number of

requests Region: 1 RegisterPackageVersion
Region.
Rate of RemoveApplicationInstance API Each supported No The maximum number of

requests Region: 1 RemoveApplicationInstance
Region.
Rate of deployments Each supported No The maximum number of

Region: 200 times that you can deploy
an application per day, per
device.
Rate of total API requests Each supported No The maximum number of

Region: 5 API requests per second
Region.
Versions per package Each supported No The maximum number

Region: 20 of package versions that
you can create per node
package.
Version 1.0
729
Amazon Personalize
Amazon Personalize endpoints and quotas

Service endpoints
Amazon Personalize
US East (N. Virginia) us-east-1 personalize.us- HTTPS

US East (Ohio) us-east-2 personalize.us- HTTPS

US West (Oregon) us-west-2 personalize.us- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 personalize.ap- HTTPS

Asia Pacific (Mumbai) ap-south-1 personalize.ap- HTTPS

Asia Pacific (Seoul) ap-northeast-2 personalize.ap- HTTPS

Asia Pacific (Singapore) ap-southeast-1 personalize.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 personalize.ap- HTTPS

China (Beijing) cn-north-1 personalize.cn- HTTPS

Canada (Central) ca-central-1 personalize.ca- HTTPS

Europe (Ireland) eu-west-1 personalize.eu- HTTPS

Europe (Frankfurt) eu-central-1 personalize.eu- HTTPS

Version 1.0
730
Service endpoints
Amazon Personalize Events
US East (N. Virginia) us-east-1 personalize-events.us- HTTPS

US East (Ohio) us-east-2 personalize-events.us- HTTPS

US West (Oregon) us-west-2 personalize-events.us- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 personalize-events.ap- HTTPS

Asia Pacific (Mumbai) ap-south-1 personalize-events.ap- HTTPS

Asia Pacific (Seoul) ap-northeast-2 personalize-events.ap- HTTPS

Asia Pacific (Singapore) ap-southeast-1 personalize-events.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 personalize-events.ap- HTTPS

China (Beijing) cn-north-1 personalize-events.cn- HTTPS

Canada (Central) ca-central-1 personalize-events.ca- HTTPS

Europe (Ireland) eu-west-1 personalize-events.eu- HTTPS

Europe (Frankfurt) eu-central-1 personalize-events.eu- HTTPS

Amazon Personalize Runtime
US East (N. Virginia) us-east-1 personalize-runtime.us- HTTPS

US East (Ohio) us-east-2 personalize-runtime.us- HTTPS

US West (Oregon) us-west-2 personalize-runtime.us- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 personalize-runtime.ap- HTTPS

Version 1.0
731
Service quotas
Asia Pacific (Mumbai) ap-south-1 personalize-runtime.ap- HTTPS

Asia Pacific (Seoul) ap-northeast-2 personalize-runtime.ap- HTTPS

Asia Pacific (Singapore) ap-southeast-1 personalize-runtime.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 personalize-runtime.ap- HTTPS

China (Beijing) cn-north-1 personalize-runtime.cn- HTTPS

Canada (Central) ca-central-1 personalize-runtime.ca- HTTPS

Europe (Ireland) eu-west-1 personalize-runtime.eu- HTTPS

Europe (Frankfurt) eu-central-1 personalize-runtime.eu- HTTPS

Service quotas

Description
Active campaigns per dataset group Each supported Yes The total number of active
Region: 5 campaigns per dataset
group in the current
Region.
Active dataset groups Each supported Yes The total number of active
Region: 5 dataset groups that you can
current Region.
Active filters per dataset group Each supported Yes The total number of active
Region: 10 filters per dataset group in
the current Region.
Active solutions per dataset group Each supported Yes The total number of active
Region: 10 solutions per dataset group
Amount of data for HRNN recipe Each supported No The maximum amount
Region: 100 of data for an individual
Gigabytes dataset for HRNN recipe
Amount of data for Personalized-Ranking Each supported No The maximum amount

recipe Region: 100 of data for an individual
Gigabytes dataset for Personalized-
Ranking recipe
Version 1.0
732
Service quotas

Description
Amount of data for Popularity-Count Each supported No The maximum amount

recipe Region: 100 of data for an individual
Gigabytes dataset for Popularity-
Count recipe
Amount of data for SIMS recipe Each supported No The maximum amount
Region: 100 of data for an individual
Gigabytes dataset for SIMS recipe
Amount of data per incremental import. Each supported Yes The maximum amount of
Region: 1 Gigabytes data (in GB) you can import
with a single incremental
import in this account in
the current Region.
Amount of interactions data for HRNN- Each supported No The maximum amount
coldstart recipe Region: 100 of data for interactions
Gigabytes dataset for HRNN-coldstart
recipe
Amount of interactions data for HRNN- Each supported No The maximum amount
metadata recipe Region: 100 of data for interactions
Gigabytes dataset for HRNN-
metadata recipe
Amount of users and items data combined Each supported No The maximum amount of
for HRNN-coldstart recipe Region: 5 Gigabytes data for users dataset and
items dataset combined for
HRNN-coldstart recipe
Amount of users and items data combined Each supported No The maximum amount of
for HRNN-metadata recipe Region: 5 Gigabytes data for users dataset and
items dataset combined for
HRNN-metadata recipe
Event size Each supported No The maximum size of an

Region: 10 Kilobytes event in kilobytes.
Maximum number of interactions per Each supported Yes The maximum number
event type per user considered by a filter. Region: 100 of interactions per event
type per user Amazon
Personalize considers when
filtering recommendations.
This quota applies to each
get recommendations
request in this account in
the current Region.
Maximum number of recommenders per Each supported No The total number of

dataset group Region: 5 recommenders per dataset
group in the current
Region.
Minimum data points for model training Each supported No The minimum number of
Region: 1,000 data points required for
training a model (creating a
solution)
Version 1.0
733
Service quotas

Description
Minimum unique users for model training Each supported No The minimum number of
Region: 25 unique users required for
training a model (creating a
solution).
Number of events in PutEvents call Each supported No The maximum number of

Region: 10 events in a PutEvents call.
Number of interactions for model training Each supported No The maximum number
Region: of interactions that are
500,000,000 considered by a model
during training.
Number of items used in model training Each supported No The maximum number of
Region: 750,000 items that are considered
by a model during training.
Number of schemas Each supported No The total number of active

Region: 500 schemas that you can
current Region.
Pending or In Progress batch inference Each supported Yes The total number of
jobs Region: 5 pending or in progress
batch inference jobs that
Region.
Pending or In Progress solution versions Each supported Yes The total number of
Region: 20 pending or in progress
solution versions that you
the current Region.
Rate of CreateCampaign requests Each supported No The maximum number of

Region: 1 CreateCampaign requests
second.
Rate of CreateDataset requests Each supported No The maximum number of

Region: 1 CreateDataset requests that
Rate of CreateDatasetGroup requests Each supported No The maximum number

Region: 1 of CreateDatasetGroup
per second
Rate of CreateDatasetImportJob requests Each supported No The maximum number of

Region: 1 CreateDatasetImportJob
per second.
Version 1.0
734
Service quotas

Description
Rate of CreateEventTracker requests Each supported No The maximum number

Region: 1 of CreateEventTracker
per second.
Rate of CreateSchema requests Each supported No The maximum number of

Region: 1 CreateSchema requests
second.
Rate of CreateSolution requests Each supported No The maximum number of

Region: 1 CreateSolution requests
second.
Rate of CreateSolutionVersion requests Each supported No The maximum number

Region: 1 of CreateSolutionVersion
per second.
Rate of DeleteCampaign requests Each supported No The maximum number of

Region: 1 DeleteCampaign requests
second.
Rate of DeleteDataset requests Each supported No The maximum number of

Region: 1 DeleteDataset requests that
Rate of DeleteDatasetGroup requests Each supported No The maximum number

Region: 1 of DeleteDatasetGroup
per second.
Rate of DeleteDatasetImportJob requests Each supported No The maximum number of

Region: 1 DeleteDatasetImportJob
per second.
Rate of DeleteEventTracker requests Each supported No The maximum number

Region: 1 of DeleteEventTracker
per second.
Rate of DeleteSchema requests Each supported No The maximum number of

Region: 1 DeleteSchema requests
second
Rate of DeleteSolution requests Each supported No The maximum number of

Region: 1 DeleteSolution requests
second.
Version 1.0
735
Service quotas

Description
Rate of DescribeAlgorithm requests Each supported No The maximum number of

Region: 1 DescribeAlgorithm requests
second.
Rate of DescribeCampaign requests Each supported No The maximum number of

Region: 1 DescribeCampaign requests
second.
Rate of DescribeDataset requests Each supported No The maximum number of

Region: 1 DescribeDataset requests
second.
Rate of DescribeDatasetGroup requests Each supported No The maximum number

Region: 1 of DescribeDatasetGroup
per second.
Rate of DescribeDatasetImportJob Each supported No The maximum number of

requests Region: 1 DescribeDatasetImportJob
per second.
Rate of DescribeEventTracker requests Each supported No The maximum number

Region: 1 of DescribeEventTracker
per second.
Rate of DescribeFeatureTransformation Each supported No The maximum number of

requests Region: 1 DescribeFeatureTransformation
per second.
Rate of DescribeRecipe requests Each supported No The maximum number of

Region: 1 DescribeRecipe requests
second.
Rate of DescribeSchema requests Each supported No The maximum number of

Region: 1 DescribeSchema requests
second.
Rate of DescribeSolution requests Each supported No The maximum number of

Region: 1 DescribeSolution requests
second.
Rate of GetPersonalizedRanking requests Each supported No The maximum number of

per campaign Region: 500 GetPersonalizedRanking
per second per campaign.
Version 1.0
736
Service quotas

Description
Rate of GetRecommendations requests per Each supported No The maximum number

campaign Region: 500 of GetRecommendations
per second per campaign.
Rate of GetSolutionMetrics requests Each supported No The maximum number

Region: 1 of GetSolutionMetrics
per second.
Rate of ListCampaigns requests Each supported No The maximum number of

Region: 1 ListCampaigns requests
second.
Rate of ListDatasetGroups requests Each supported No The maximum number of

Region: 1 ListDatasetGroups requests
second.
Rate of ListDatasetImportJobRuns Each supported No The maximum number of

requests Region: 1 ListDatasetImportJobRuns
per second.
Rate of ListDatasetImportJobs requests Each supported No The maximum number

Region: 1 of ListDatasetImportJobs
per second.
Rate of ListDatasets requests Each supported No The maximum number of

Region: 1 ListDatasets requests that
Rate of ListEventTrackers requests Each supported No The maximum number of

Region: 1 ListEventTrackers requests
second.
Rate of ListRecipes requests Each supported No The maximum number of

Region: 1 ListRecipes requests that
Rate of ListSchemas requests Each supported No The maximum number of

Region: 1 ListSchemas requests that
Rate of ListSolutionVersions requests Each supported No The maximum number

Region: 1 of ListSolutionVersions
per second.
Rate of ListSolutions requests Each supported No The maximum number of

Region: 1 ListSolutions requests that
Version 1.0
737
Amazon Pinpoint

Description
Rate of PutEvents requests per dataset Each supported Yes The maximum number of
group Region: 1,000 PutEvents requests that
per dataset group from
Region.
Rate of UpdateCampaign requests Each supported No The maximum number of

Region: 1 UpdateCampaign requests
second.
Rate of UpdateDataset requests Each supported No The maximum number of

Region: 1 UpdateDataset requests
second.
Rate of transactions per account Each supported No The maximum transactions

Region: 2,500 per second per account.
Transaction is a single
recommendation request.
Amazon Pinpoint endpoints and quotas

Amazon Pinpoint includes the Amazon Pinpoint API and the Amazon Pinpoint SMS and Voice API.
Service endpoints
Amazon Pinpoint API

Name
US East us-east-2 pinpoint.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 pinpoint.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 pinpoint.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- pinpoint.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
738
Service endpoints

Name
Asia ap- pinpoint.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- pinpoint.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- pinpoint.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- pinpoint.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- pinpoint.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- pinpoint.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 pinpoint.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 pinpoint.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- pinpoint.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Note
You can't use the Amazon Pinpoint API to send SMS messages in the Asia Pacific (Seoul) Region.
Amazon Pinpoint SMS and Voice API

Name
US East (N. us-east-1 sms-voice.pinpoint.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 sms-voice.pinpoint.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- sms-voice.pinpoint.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- sms-voice.pinpoint.ap- HTTPS

(Sydney)
Version 1.0
739
Service quotas

Name
Europe eu- sms-voice.pinpoint.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sms-voice.pinpoint.eu-west-1.amazonaws.com HTTPS

(Ireland)
Note
The Amazon Pinpoint SMS and Voice API is not available in the following Regions:
• Asia Pacific (Seoul) Region

• Asia Pacific (Singapore) Region
• Asia Pacific (Tokyo) Region
• Canada (Central) Region
• Europe (London) Region
Service quotas

Description
APNs sandbox message payload size per Each supported No The maximum APNs
message Region: 4 Kilobytes sandbox message payload
size (in KB) per message.
Active campaigns per account Each supported Yes The maximum number
Region: 200 of active campaigns
per account. An active
campaign is a campaign
that hasnt completed or
failed. Active campaigns
have a status of
SCHEDULED, EXECUTING,
or PENDING_NEXT_RUN.
All other operations burst quota Each supported No The maximum number of
that you can make at one
time.
All other operations rate quota Each supported No The maximum number of
second.
Amazon Device Messaging (ADM) message Each supported No The maximum Amazon
payload size per message Region: 6 Kilobytes Device Messaging (ADM)
message payload size (in
KB) per message.
Apple Push Notification service (APNs) Each supported No The maximum Apple Push
message payload size per message Region: 4 Kilobytes Notification service (APNs)
Version 1.0
740
Service quotas

Description
KB) per message.
Attribute name length Each supported No The maximum attribute

Region: 50 name length in characters.
Attribute value length Each supported No The maximum attribute

Region: 100 value length in characters.
Baidu Cloud Push message payload size Each supported No The maximum Baidu Cloud
per message Region: 4 Kilobytes Push message payload size
(in KB) per message.
CreateCampaign operation burst quota Each supported No The maximum number of

Region: 25 CreateCampaign operation
at one time.
CreateCampaign operation rate quota Each supported No The maximum number of

Region: 25 CreateCampaign operation
per second.
CreateSegment operation burst quota Each supported No The maximum number of

Region: 25 CreateSegment operation
at one time.
CreateSegment operation rate quota Each supported No The maximum number of

Region: 25 CreateSegment operation
per second.
DeleteCampaign operation burst quota Each supported No The maximum number of

Region: 25 DeleteCampaign operation
at one time.
DeleteCampaign operation rate quota Each supported No The maximum number of

Region: 25 DeleteCampaign operation
per second.
DeleteEndpoint operation burst quota Each supported No The maximum number of

Region: 1,000 DeleteEndpoint operation
at one time.
DeleteEndpoint operation rate quota Each supported No The maximum number of

Region: 1,000 DeleteEndpoint operation
per second.
DeleteSegment operation burst quota Each supported No The maximum number of

Region: 25 DeleteSegment operation
at one time.
Version 1.0
741
Service quotas

Description
DeleteSegment operation rate quota Each supported No The maximum number of

Region: 25 DeleteSegment operation
per second.
Firebase Cloud Messaging (FCM) message Each supported No The maximum Firebase
payload size per message Region: 4 Kilobytes Cloud Messaging (FCM)
KB) per message.
GetEndpoint operation burst quota Each supported No The maximum number of

Region: 7,000 GetEndpoint operation
at one time.
GetEndpoint operation rate quota Each supported No The maximum number of

Region: 7,000 GetEndpoint operation
per second.
Import size per import job Each supported Yes The maximum import size
Region: 1 (in GB) per import job.
Invocation payload size Each supported No The maximum invocation

Region: 7 payload size (in MB).
Megabytes
Maximum amount of time to wait for a Each supported No The maximum amount of
Lambda function to process data Region: 15 Seconds time (in seconds) to wait
for a Lambda function to
process data.
Maximum length of a recommended Each supported No The maximum length of

attribute display name Region: 25 a recommended attribute
display name (the name
that appears in the
Attribute finder on the
console).
Maximum length of a recommended Each supported No The maximum length of

attribute name Region: 50 a recommended attribute
name.
Maximum length of a recommended Each supported No Maximum length

attribute value thats retrieved from Region: 100 (in characters) of a
Amazon Personalize recommended attribute
value thats retrieved from
Amazon Personalize.
Maximum message size, including Each supported No The maximum message

attachments Region: 10 size (in MB), including
Megabytes attachments.
Maximum number of active journeys per Each supported Yes The maximum number of
account Region: 50 active journeys per account.
Version 1.0
742
Service quotas

Description
Maximum number of attempts to invoke a Each supported No The maximum number

Lambda function Region: 3 Seconds of attempts to invoke a
Lambda function.
Maximum number of attribute keys and Each supported No The maximum number of
metric keys for each event per request Region: 40 attribute keys and metric
keys for each event per
request.
Maximum number of characters for an Each supported No The maximum number of

event attribute name in a custom channel Region: 128 characters for an event
response attribute name in a custom
channel response.
Maximum number of characters for an Each supported No The maximum number of

event attribute value in a custom channel Region: 128 characters for an event
response attribute value in a custom
channel response.
Maximum number of characters in Each supported No The maximum number of

ADM-specific template parts of a push Region: 4,000 characters in ADM-specific
notification template template parts of a push
notification template.

APN-specific template parts of a push Region: 2,000 characters in APN-specific

Baidu-specific template parts of a push Region: 4,000 characters in Baidu-specific

FCM-specific template parts of a push Region: 4,000 characters in FCM-specific
Maximum number of characters in a voice Each supported No The maximum number

template Region: 10,000 of characters in a voice
template.
Maximum number of characters in an SMS Each supported No The maximum number

template Region: 1,600 of characters in an SMS
template.
Maximum number of characters in an Each supported No The maximum number

email template Region: 500,000 of characters in an email
template.

the default template parts of a push Region: 2,000 characters in the default
Version 1.0
743
Service quotas

Description
Maximum number of characters per Each supported No The maximum number of

attribute key Region: 50 characters per attribute
key.
Maximum number of characters per Each supported No The maximum number of

attribute value Region: 200 characters per attribute
value. If the number of
characters exceeds 200 the
event is dropped.
Maximum number of custom attribute Each supported No The maximum number of

keys per app Region: 500 custom attribute keys per
app.
Maximum number of custom attribute Each supported No The maximum number of

values per attribute key Region: 100,000 custom attribute values per
attribute key.
Maximum number of custom event types Each supported No The maximum number of
per app Region: 1,500 custom event types per
app.
Maximum number of custom metric keys Each supported No The maximum number of
per app Region: 500 custom metric keys per
app.
Maximum number of dimensions that can Each supported No The maximum number of
be used to create a segment Region: 100 dimensions that can be
used to create a segment.
Maximum number of event attributes per Each supported No The maximum number
endpoint in a custom channel response Region: 5 of event attributes per
endpoint in a custom
channel response.
Maximum number of events in a request Each supported No The maximum number of

Region: 100 events in a request.
Maximum number of journey activities per Each supported Yes The maximum number
journey Region: 40 of journey activities per
journey.
Maximum number of message templates Each supported Yes The maximum number of
per account Region: 10,000 message templates per
account.
Maximum number of model configurations Each supported No The maximum number of

per account Region: 100 model configurations per
account.
Maximum number of model configurations Each supported No The maximum number of

per message template Region: 1 model configurations per
message template.
Version 1.0
744
Service quotas

Description
Maximum number of push notifications Each supported Yes The maximum number of
that can be sent per second in a campaign Region: 25,000 push notifications that can
be sent per second in a
campaign.
Maximum number of recommendations Each supported No The maximum number

per endpoint or user Region: 5 of recommendations per
endpoint or user.
Maximum number of recommended Each supported No The maximum number of

attributes per endpoint or user Region: 1 recommended attributes
per endpoint or user if
the attribute values arent
processed by an AWS
Lambda function.
Maximum number of recommended Each supported No The maximum number of

attributes per endpoint or user (AWS Region: 10 recommended attributes
Lambda function) per endpoint or user if
the attribute values are
processed by an AWS
Lambda function.
Maximum number of versions per Each supported No The maximum number of

template Region: 5,000 versions per template.
Maximum segment size per campaign Each supported No The maximum segment
Region: size for imported segments
100,000,000 per campaign. For dynamic
segments: unlimited.
Maximum segment size per journey Each supported No The maximum segment size
Region: per journey. For imported
100,000,000 segments: 100,000,000
per journey. For dynamic
segments: unlimited.
Maximum size of a request Each supported No The maximum size (in MB)
Region: 4 of a request.
Megabytes
Maximum size of an individual event Each supported No The maximum size (in KB)
Region: 1,000 of an individual event.
Kilobytes
Maximum size of an invocation payload Each supported No The maximum size (in MB)
(request and response) for a Lambda Region: 6 of an invocation payload
function Megabytes (request and response) for a
Lambda function.
Maximum size per endpoint Each supported No The maximum size (in KB)
Region: 15 Kilobytes per endpoint.
Number of Amazon Pinpoint projects Each supported No The maximum number of

Region: 100 Amazon Pinpoint projects
per account.
Version 1.0
745
Service quotas

Description
Number of Amazon SNS topics for two- Each supported Yes The maximum number of
way SMS per account Region: 100,000 Amazon SNS topics for
two-way SMS per account.
Number of EndpointBatchItem objects in Each supported No The maximum number

an EndpointBatchRequest payload Region: 100 of EndpointBatchItem
objects in an
EndpointBatchRequest
payload. The payload size
cant exceed 7 MB.
Number of SMS messages that can be sent Each supported Yes The maximum number of
each second (sending rate) Region: 20 SMS messages that can be
sent each second (sending
rate).
Number of SMS messages that can be sent Each supported No The maximum number of
to a single recipient each second Region: 1 SMS messages that can be
sent to a single recipient
each second.
Number of attributes assigned to the Each supported Yes The maximum number of
Attributes parameter Region: 250 attributes assigned to the
Attributes parameter.
Attributes, Metrics, and UserAttributes Region: 250 attributes assigned to the
parameters collectively Attributes, Metrics, and
UserAttributes parameters
collectively per endpoint.
Metrics parameter Region: 250 attributes assigned to the
Metrics parameter.
UserAttributes parameter Region: 250 attributes assigned to the
UserAttributes parameter.
Number of characters in a voice message Each supported No The maximum number

Region: 6,000 of characters in a voice
message. 3,000 billable
characters, in words
that are spoken 6,000
characters total, including
billable characters and
SSML tags.
Number of concurrent import jobs Each supported Yes The maximum number of
Region: 10 concurrent import jobs per
account.
Version 1.0
746
Service quotas

Description
Number of emails that can be sent each Each supported Yes The maximum number of
second (sending rate) Region: 1 emails that can be sent
each second (sending
rate). If your account is in
the sandbox, 1 email per
second. If your account is
out of the sandbox, the
rate varies based on your
specific use case. This rate
is based on the number
of recipients, as opposed
to the number of unique
messages sent.
Number of emails that can be sent per 24- Each supported Yes The maximum number of
hour period (sending quota) Region: 200 emails that can be sent per
24-hour period (sending
quota). If your account is
in the sandbox, 200 emails
per 24-hour period. If
your account is out of the
sandbox, the quota varies
based on your specific use
case. This quota is based on
the number of recipients, as
opposed to the number of
unique messages sent.
Number of endpoints with the same user Each supported No The maximum number of
ID Region: 10 endpoints with the same
user ID.
Number of event-based campaigns Each supported Yes The maximum number of

Region: 25 event-based campaigns.
Campaigns that use event-
based triggers have to
use dynamic segments.
They cant use imported
segments.
Number of identities that you can verify Each supported No The maximum number
Region: 10,000 of identities that you can
verify per AWS region.
Identities refers to email
addresses or domains, or
any combination of the
two. Every email you send
using Amazon Pinpoint
must be sent from a
verified identity.
Number of recipients per message Each supported No The maximum number of

Region: 50 recipients per message.
Version 1.0
747
Service quotas

Description
Number of values assigned to the Each supported No The maximum number

Attributes parameter attributes per Region: 50 of values assigned to the
attribute Attributes parameter
attributes per attribute.
Number of values assigned to the Each supported No The maximum number

UserAttributes parameter attributes per Region: 50 of values assigned to the
attribute UserAttributes parameter
attributes per attribute.
Number of verified identities Each supported No The maximimum number

Region: 10,000 of verified identities.
Identities refers to email
addresses or domains, or
any combination of the
two. Every email you send
using Amazon Pinpoint
must be sent from a
verified identity.
Number of voice configuration sets per Each supported No The maximum number of
AWS region Region: 10,000 configuration sets per AWS
region.
Number of voice messages that can be Each supported No The maximum number of
sent during a 24-hour period Region: 20 voice messages that can
be sent during a 24-hour
period. If your account is in
the sandbox: 20 messages.
If your account is out of the
sandbox: unlimited.
Number of voice messages that can be Each supported No The maximum number
sent from a single originating phone Region: 1 of voice messages that
number per second can be sent from a single
originating phone number
per second.
Number of voice messages that can be Each supported No The maximum number
sent per minute Region: 5 of voice messages that
can be sent per minute.
If your account is in the
sandbox: 5 calls per minute.
If your account is out of
the sandbox: 20 calls per
minute.
Number of voice messages that can be Each supported No The maximum number of
sent to a single recipient during a 24-hour Region: 5 voice messages that can be
period sent to a single recipient
during a 24-hour period.
PhoneNumberValidate operation burst Each supported No The maximum number

quota Region: 20 of PhoneNumberValidate
operation requests that you
can make at one time.
Version 1.0
748
Service quotas

Description
PhoneNumberValidate operation rate Each supported No The maximum number

quota Region: 20 of PhoneNumberValidate
PutEvents operation burst quota Each supported No The maximum number

Region: 7,000 of PutEvents operation
at one time.
PutEvents operation rate quota Each supported No The maximum number

Region: 7,000 of PutEvents operation
per second.
SMS spending threshold Each supported Yes The maximum SMS

Region: 1 spending threshold per
account (in USD).
SendMessages operation burst quota Each supported No The maximum number of

Region: 4,000 SendMessages operation
at one time.
SendMessages operation rate quota Each supported No The maximum number of

Region: 4,000 SendMessages operation
per second.
SendUsersMessages operation burst quota Each supported No The maximum number

Region: 6,000 of SendUsersMessages
SendUsersMessages operation rate quota Each supported No The maximum number

Region: 6,000 of SendUsersMessages
UpdateCampaign operation burst quota Each supported No The maximum number of

Region: 25 UpdateCampaign operation
at one time.
UpdateCampaign operation rate quota Each supported No The maximum number of

Region: 25 UpdateCampaign operation
per second.
UpdateEndpoint operation burst quota Each supported No The maximum number of

Region: 5,000 UpdateEndpoint operation
at one time.
Version 1.0
749
Amazon Polly

Description
UpdateEndpoint operation rate quota Each supported No The maximum number of

Region: 5,000 UpdateEndpoint operation
per second.
UpdateEndpointsBatch operation burst Each supported No The maximum number of

quota Region: 5,000 UpdateEndpointsBatch
UpdateEndpointsBatch operation rate Each supported No The maximum number of

quota Region: 5,000 UpdateEndpointsBatch
UpdateSegment operation burst quota Each supported No The maximum number of

Region: 25 UpdateSegment operation
at one time.
UpdateSegment operation rate quota Each supported No The maximum number of

Region: 25 UpdateSegment operation
per second.
Voice message length Each supported No The maximum voice

Region: 30 message length. If your
account is in the sandbox:
30 seconds. If your account
is out of the sandbox: 5
minutes.
For more information, see Amazon Pinpoint quotas in the Amazon Pinpoint Developer Guide.
Amazon Polly endpoints and quotas

Service endpoints
Name
US East us-east-2 polly.us-east-2.amazonaws.com HTTPS

(Ohio)
polly-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 polly.us-east-1.amazonaws.com HTTPS

Virginia)
Version 1.0
750
Service endpoints

Name
polly-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 polly.us-west-1.amazonaws.com HTTPS

West (N.
California) polly-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 polly.us-west-2.amazonaws.com HTTPS

(Oregon)
polly-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 polly.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 polly.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- polly.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- polly.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- polly.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- polly.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- polly.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- polly.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- polly.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 polly.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 polly.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
751
Service quotas

Name
Middle me- polly.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 polly.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- polly.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) polly-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Concurrent connections Each supported Yes The maximum number of

Region: 90 concurrent connections in
region.
Lexicon count Each supported No The maximum number of

Region: 100 lexicons you can have in
region.
Lexicon size Each supported No The maximum size of a

Region: 4,000 single lexicon in characters.
Rate of GetSpeechSynthesisTask and Each supported Yes The maximum number of

ListSpeechSynthesisTasks requests Region: 10 GetSpeechSynthesisTask
and
ListSpeechSynthesisTasks
requests per second
region.
Rate of StartSpeechSynthesisTask (neural) Each supported Yes The maximum number of

requests Region: 1 StartSpeechSynthesisTask
(neural engine) requests
current region.
Rate of StartSpeechSynthesisTask Each supported Yes The maximum number of

(standard) requests Region: 10 StartSpeechSynthesisTask
(standard engine) requests
current region.
Version 1.0
752
Service quotas

Description
Rate of SynthesizeSpeech (neural) Each supported Yes The maximum number of

requests Region: 8 SynthesizeSpeech (neural
engine) requests per second
region.
Rate of SynthesizeSpeech (standard) Each supported Yes The maximum number

requests Region: 80 of SynthesizeSpeech
(standard engine) requests
current region. This also
includes DescribeVoices
requests.
Rate of lexicon management requests Each supported Yes The maximum number
Region: 2 of lexicon management
requests per second
region. This limit applies
to following operations
combined: ListLexicon,
GetLexicon, PutLexicon,
DeleteLexicon.
StartSpeechSynthesisTask billed Each supported Yes Maximum size of the

characters count Region: 100,000 StartSpeechSynthesisTask
input text in billed
characters. SSML tags
are not counted as billed
characters. Applies to
both standard and neural
synthesis.
StartSpeechSynthesisTask lexicon count Each supported No Maximum number

Region: 5 of lexicons that
can be used with
StartSpeechSynthesisTask
operation. Applies to
synthesis.
StartSpeechSynthesisTask total characters Each supported Yes Maximum size of the

limit Region: 200,000 StartSpeechSynthesisTask
input text in characters,
including SSML tags and
whitespace. Applies to
synthesis.
Version 1.0
753
Amazon Managed Service for Prometheus

Description
SynthesizeSpeech billed character count Each supported Yes Maximum size of the
Region: 3,000 SynthesizeSpeech input
text in billed characters.
SSML tags are not counted
as billed characters. Applies
to both standard and
neural synthesis.
SynthesizeSpeech lexicon count Each supported No Maximum number of

Region: 5 lexicons that can be used
with SynthesizeSpeech
operation. Applies to
synthesis.
SynthesizeSpeech total character count Each supported Yes Maximum size of the
Region: 6,000 SynthesizeSpeech input
text in characters, including
SSML tags and whitespace.
Applies to both standard
and neural synthesis.
For more information, see Quotas in the Amazon Polly Developer Guide.
Amazon Managed Service for Prometheus

Service endpoints

Name
US East us-east-2 aps.us-east-2.amazonaws.com HTTPS

(Ohio)
aps-workspaces.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 aps.us-east-1.amazonaws.com HTTPS

Virginia)
aps-workspaces.us-east-1.amazonaws.com HTTPS
US West us-west-2 aps.us-west-2.amazonaws.com HTTPS

(Oregon)
aps-workspaces.us-west-2.amazonaws.com HTTPS
Version 1.0
754
Service quotas

Name
Asia ap- aps.ap-southeast-1.amazonaws.com HTTPS

(Singapore) aps-workspaces.ap-southeast-1.amazonaws.com HTTPS
Asia ap- aps.ap-southeast-2.amazonaws.com HTTPS

(Sydney) aps-workspaces.ap-southeast-2.amazonaws.com HTTPS
Asia ap- aps.ap-northeast-1.amazonaws.com HTTPS

(Tokyo) aps-workspaces.ap-northeast-1.amazonaws.com HTTPS
Europe eu- aps.eu-central-1.amazonaws.com HTTPS

aps-workspaces.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 aps.eu-west-1.amazonaws.com HTTPS

(Ireland)
aps-workspaces.eu-west-1.amazonaws.com HTTPS
Europe eu-west-2 aps.eu-west-2.amazonaws.com HTTPS

(London)
aps-workspaces.eu-west-2.amazonaws.com HTTPS
Europe eu-north-1 aps.eu-north-1.amazonaws.com HTTPS

(Stockholm)
aps-workspaces.eu-north-1.amazonaws.com HTTPS
Service quotas
Amazon Managed Service for Prometheus has the following quotas for series, labels, and API requests.
The Possible error message column shows what error message you might see if your Prometheus
data exceeds a limit. If you see one of these error messages, you should request an increase to the
corresponding limit.
Name Default Adjustable Possible error message
Active series per workspace 1,000,000 Yes per-user series limit of 1000000
(metrics that have reported data exceeded, please contact
in the past 2 hours) administrator to raise it
Active series per metric name 200,000 Yes per-metric series limit of 200000
exceeded, please contact
administrator to raise it
Ingestion rate 70,000 Yes ingestion rate limit (...) exceeded

samples per
second
Ingestion burst size 1,000,000 Yes ingestion rate limit (...) exceeded
samples
Labels per metric series 70 Yes series has too many labels (...)
series: '%s'
Version 1.0
755
Service quotas
Name Default Adjustable Possible error message
Query bytes for instant queries 750MB that No the query hit the aggregated
can be scanned chunks size limit
by a single
instant query (A chunk stores raw samples of
series for a certain time span.)
Query bytes for range queries 750MB that No the query hit the aggregated
can be scanned chunks size limit
per 24-hour
interval in a (A chunk stores raw samples of
single range series for a certain time span.)
query
Query time range 32 days No the query time range exceeds

between the the limit (query length: xxx,
start time and limit: yyy)
the end time
of a PromQL
query
Query samples 12,000,000 No query processing would load too

samples that many samples into memory in
can be scanned query execution
during a single
query
Retention time for ingested data 150 days. Data No

older than this
is deleted from
the workspace.
Workspaces per Region per 10 Yes Limit exceeded. Maximum

account workspaces per account.
Workspace management 10 transactions Yes

API operations, including per second
CreateWorkspace, (TPS), with a
DeleteWorkspace, burst limit of
DescribeWorkspaces, 10 TPS
ListWorkspaces, and
UpdateWorkspaceAlias
Rules and alert manager quotas
Active alerts 1000 Yes
Alert aggregation group size 1K Yes
Alert manager API operations, including 100 TPS No

CreateAlertManagerDefinition,
DeleteAlertManagerDefinition,
DescribeAlertManagerDefinition, and
PutAlertManagerDefinition
Version 1.0
756
Additional quotas for ingested data
Alert manager definition file size 1 MB No
Alerts per workspace, in size 20 MB Yes
Inhibition rules 100 Yes
Nodes in the alert manager routing tree 100 Yes
Rule evaluation interval 60 seconds No
Rule groups in a workspace 100 Yes
Rule groups namespaces in a workspace 10 Yes
Rules in a rule group 20 Yes
Rules definition file size 1 MB No
Templates in the alert manager definition file 100 Yes
Additional quotas for ingested data

Amazon Managed Service for Prometheus has additional quotas for data that's ingested into Amazon
Managed Service for Prometheus workspaces.
• Metric samples older than 1 hour are refused from being ingested.
• Every sample and metadata must have a metric name.
• Maximum length accepted for label names: 1024 bytes
• Maximum length accepted for label value: 2048 bytes
• Maximum number of metadata per metric: 10
• Maximum size of ingestion or query request: 1 MB
• Maximum length accepted for metric metadata, which includes metric name, HELP, and UNIT: 1024
bytes
• Maximum number of active metrics with metadata per workspace: 20,000
• Maximum retention time for ingested metrics: 150 days. Data older than this is deleted from the
workspace.
AWS Proton endpoints and quotas

Version 1.0
757
Service endpoints
Service endpoints

Name
US East us-east-2 proton.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 proton.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 proton.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- proton.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu-west-1 proton.eu-west-1.amazonaws.com HTTPS

(Ireland)
Service quotas

Description
Components per account Each supported Yes Maximum number of

Region: 100 components per account
Environment account connections per Each supported Yes Maximum number of

environment account Region: 5 environment account
connections per
environment account
Environments per account Each supported Yes Maximum number of

Region: 100 environments per account
Service instances per service Each supported Yes Maximum number of

Region: 20 service instances per service
Services per account Each supported Yes Maximum number of

Region: 1,000 services per account
Template versions per template Each supported Yes Maximum number

Region: 500 of template versions
registered per template
Templates per account Each supported Yes Maximum number of

Region: 100 registered templates
per account, service and
environment templates
combined
For more information, see AWS Proton quotas in the AWS Proton Administrator Guide.
Version 1.0
758
QLDB
Amazon QLDB endpoints and quotas

Service endpoints
QLDB resource management API

Name
US East us-east-2 qldb.us-east-2.amazonaws.com HTTPS

(Ohio)
qldb-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 qldb.us-east-1.amazonaws.com HTTPS

Virginia)
qldb-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 qldb.us-west-2.amazonaws.com HTTPS

(Oregon)
qldb-fips.us-west-2.amazonaws.com HTTPS
Asia ap- qldb.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- qldb.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- qldb.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- qldb.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- qldb.ca-central-1.amazonaws.com HTTPS

(Central) central-1
qldb-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- qldb.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 qldb.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 qldb.eu-west-2.amazonaws.com HTTPS

(London)
Version 1.0
759
Service quotas
QLDB transactional data API

Name
US East us-east-2 session.qldb.us-east-2.amazonaws.com HTTPS

(Ohio)
session.qldb-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 session.qldb.us-east-1.amazonaws.com HTTPS

Virginia)
session.qldb-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 session.qldb.us-west-2.amazonaws.com HTTPS

(Oregon)
session.qldb-fips.us-west-2.amazonaws.com HTTPS
Asia ap- session.qldb.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- session.qldb.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- session.qldb.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- session.qldb.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- session.qldb.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- session.qldb.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 session.qldb.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 session.qldb.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas

Description
Ledgers Each supported Yes The maximum number of

Region: 5 active ledgers allowed per
account in a given region.
QLDB exports per ledger Each supported Yes The maximum number of
Region: 2 active exports allowed per
Version 1.0
760
Amazon QuickSight

Description
ledger per account in a
given region.
QLDB streams per ledger Each supported Yes The maximum number of
Region: 5 active streams allowed per
ledger per account in a
given region.
For more information, see Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.
Amazon QuickSight endpoints and quotas

Service endpoints
QuickSight

Name
US East us-east-2 quicksight.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 quicksight.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 quicksight.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- quicksight.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- quicksight.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- quicksight.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- quicksight.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- quicksight.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Version 1.0
761
Service quotas

Name
Canada ca- quicksight.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- quicksight.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 quicksight.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 quicksight.eu-west-2.amazonaws.com HTTPS

(London)
South sa-east-1 quicksight.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- quicksight.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
QuickSight Websites
Region Name Region Endpoint
US East (Ohio) us-east-2 https://us-east-2.quicksight.amazonaws.com
US East (N. Virginia) us-east-1 https://us-east-1.quicksight.amazonaws.com
US West (Oregon) us-west-2 https://us-west-2.quicksight.aws.amazon.com
Asia Pacific ap-southeast-1 https://ap-southeast-1.quicksight.aws.amazon.com

(Singapore)
Asia Pacific (Sydney) ap-southeast-2 https://ap-southeast-2.quicksight.aws.amazon.com
Asia Pacific (Tokyo) ap-northeast-1 https://ap-northeast-1.quicksight.aws.amazon.com
Europe (Frankfurt) eu-central-1 https://eu-central-1.quicksight.aws.amazon.com
Europe (Ireland) eu-west-1 https://eu-west-1.quicksight.aws.amazon.com
Europe (London) eu-west-2 https://eu-west-2.quicksight.aws.amazon.com
Service quotas

Description
API_CREATE-INGESTION: Calls per 24 hour Each supported No The maximum number of

period from Enterprise edition Region: 32 calls to the createIngestion
API function in a floating
24-hour window. The
Version 1.0
762
Service quotas

Description
time period is measured
starting 24 hours before
the current date and time.
This maximum applies
to AWS accounts that
use Amazon QuickSight
Enterprise edition.
API_CREATE-INGESTION: Calls per 24 hour Each supported No The maximum number of

period from Standard edition Region: 8 calls to the createIngestion
API function in a floating
24-hour window. The
time period is measured
starting 24 hours before
the current date and time.
This maximum applies
to AWS accounts that
use Amazon QuickSight
Standard edition.
Calculated field expression length Each supported No The maximum number of

Region: 250,000 characters that you can
use in an expression for a
calculated field.
Custom action name length Each supported No The maximum number of

Region: 256 characters that you can use
in naming a custom action.
Custom actions per visual Each supported No The maximum number of

Region: 10 custom actions that you
can configure for each
visual in an analysis.
Data Prep: Fields per dataset Each supported No The maximum number
Region: 2,000 of fields that a dataset
can contain. File imports
and query result sets can
contain more than 2,000
columns. However, you
must edit the dataset
settings and manually
exclude fields until there
are less than 2,000 selected
or included.
Display items per sheet control Each supported No The maximum number of
Region: 10,000 distinct items that a sheet
control can display.
Email aliases per group for email reports Each supported No The maximum number
Region: 5,000 of members in any group
that QuickSight sends
email reports to. If you try
to send reports to larger
groups, the report fails.
Version 1.0
763
AWS RAM

Description
Maximum number of characters per Each supported No The maximum number

specified Control values Region: 200,000 of characters used in the
entries that you type in
to display inside sheet
controls. An example is
the values specified for
a dropdown. This doesnt
apply to values created
from a dataset.
Query timeout for visuals Each supported No The maximum amount

Region: 120 of time that QuickSight
Seconds waits for a database to
finish sending data. This
applies to queries initiated
by visuals.
The maximum amount of time to wait for Each supported No The maximum amount of
a dataset preview Region: 45 Seconds time that QuickSight waits
for a data preview to finish
loading.
URL action hyperlink length Each supported No The maximum number of

Region: 2,048 characters allowed in the
hyperlink (URL) of a custom
action thats defined as a
URL action. This includes all
variations of the link for the
different parameters you
include.
AWS Resource Access Manager endpoints and

quotas
Service endpoints
Name
US East us-east-2 ram.us-east-2.amazonaws.com HTTPS

(Ohio)
ram-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ram.us-east-1.amazonaws.com HTTPS

Virginia)
ram-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
764
Service endpoints

Name
US us-west-1 ram.us-west-1.amazonaws.com HTTPS

West (N.
California) ram-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ram.us-west-2.amazonaws.com HTTPS

(Oregon)
ram-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ram.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ram.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ram.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ram.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ram.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ram.ca-central-1.amazonaws.com HTTPS

(Central) central-1
ram-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- ram.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ram.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
765
Service quotas

Name
Europe eu- ram.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ram.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- ram.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 ram.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ram.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ram.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- ram.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) ram.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Number of pending invitations Each supported Yes The maximum number of

Region: 20 pending invitations.
Number of resource shares Each supported Yes The maximum number of

Region: 5,000 resource shares.
Number of shared resources Each supported Yes The maximum number of

Region: 5,000 shared resources.
Notes
• The quota for Number of pending invitations applies to only sending accounts who share
with accounts that are not part of sender's AWS Organization.
• There is no quota for how many pending invitations a receiving account can have.
• Invitations are not used when sharing between accounts that are part of the same AWS
Organization and resource sharing within that AWS Organization is turned on.
Version 1.0
766
Amazon Redshift
Amazon Redshift endpoints and quotas

Service endpoints
Redshift API

Name
US East us-east-2 redshift.us-east-2.amazonaws.com HTTPS

(Ohio)
redshift-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 redshift.us-east-1.amazonaws.com HTTPS

Virginia)
redshift-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 redshift.us-west-1.amazonaws.com HTTPS

West (N.
California) redshift-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 redshift.us-west-2.amazonaws.com HTTPS

(Oregon)
redshift-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 redshift.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 redshift.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- redshift.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- redshift.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- redshift.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
767
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- redshift.ca-central-1.amazonaws.com HTTPS

(Central) central-1
redshift-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- redshift.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 redshift.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- redshift.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 redshift.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- redshift.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- redshift.me-central-1.amazonaws.com HTTPS

South sa-east-1 redshift.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- redshift.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) redshift.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- redshift.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) redshift.us-gov-west-1.amazonaws.com HTTPS
Redshift Serverless API
Version 1.0
768
Service endpoints

Name
US East us-east-2 redshift-serverless.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 redshift-serverless.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 redshift-serverless.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- redshift-serverless.ap- HTTPS

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Europe eu- redshift-serverless.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 redshift-serverless.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 redshift-serverless.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 redshift-serverless.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Redshift Data API

Name
US East us-east-2 redshift-data.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 redshift-data.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 redshift-data.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 redshift-data.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
769
Service endpoints

Name
Africa af-south-1 redshift-data.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 redshift-data.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- redshift-data.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- redshift-data.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- redshift-data.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- redshift-data.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- redshift-data.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 redshift-data.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- redshift-data.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 redshift-data.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
770
Service endpoints

Name
Middle me- redshift-data.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 redshift-data.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- redshift-data.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- redshift-data.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Redshift query editor v2

Name
US East us-east-2 sqlworkbench.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 sqlworkbench.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 sqlworkbench.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 sqlworkbench.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 sqlworkbench.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 sqlworkbench.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- sqlworkbench.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- sqlworkbench.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- sqlworkbench.ap-northeast-3.amazonaws.com HTTPS

(Osaka)
Version 1.0
771
Service quotas

Name

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- sqlworkbench.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- sqlworkbench.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sqlworkbench.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- sqlworkbench.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 sqlworkbench.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- sqlworkbench.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- sqlworkbench.me-central-1.amazonaws.com HTTPS

South sa-east-1 sqlworkbench.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas
For information, see Quotas and limits in Amazon Redshift in the Amazon Redshift Management Guide.
Version 1.0
772
Amazon Rekognition
Amazon Rekognition endpoints and quotas

Service endpoints

Name
US East us-east-2 rekognition.us-east-2.amazonaws.com HTTPS

(Ohio)
rekognition-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 rekognition.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 rekognition.us-west-1.amazonaws.com HTTPS

West (N.
California) rekognition-fips.us-west-1.amazonaws.com HTTPS
rekognition-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 rekognition.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- rekognition.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- rekognition.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- rekognition.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- rekognition.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- rekognition.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Version 1.0
773
Service endpoints

Name
Canada ca- rekognition.ca-central-1.amazonaws.com HTTPS

(Central) central-1
rekognition-fips.ca-central-1.amazonaws.com HTTPS
rekognition-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- rekognition.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 rekognition.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 rekognition.eu-west-2.amazonaws.com HTTPS

(London)
AWS us-gov- rekognition.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) rekognition-fips.us-gov-west-1.amazonaws.com HTTPS
rekognition-fips.us-gov-west-1.amazonaws.com HTTPS
The following are differences for certain Amazon Rekognition features and AWS Regions.
Amazon Rekognition Video streaming API

The Amazon Rekognition Video streaming API is available in the following Regions only.
• US East (N. Virginia)

• US West (Oregon)
• Asia Pacific (Tokyo)
• Europe (Frankfurt)
• Europe (Ireland)
Amazon Rekognition Custom Labels

Amazon Rekognition Custom Labels is available in the following Regions only.

• US East (Ohio)
• Europe (London)
• Asia Pacific (Mumbai)
• Asia Pacific (Singapore)
• Asia Pacific (Sydney)
• Asia Pacific (Seoul)
Version 1.0
774
Service quotas
Canada (Central) Region

The Canada (Central) Region supports the following operations only.
• CompareFaces
• CreateCollection
• DeleteCollection
• DeleteFaces
• DescribeCollection
• DetectFaces
• IndexFaces
• ListCollections
• ListFaces
• SearchFaces
• SearchFacesByImage
Note
These operations are only available through use of the AWS CLI or SDK, as the Canada (Central)
Region doesn't currently provide a console experience for these operations.
Service quotas
The quotas listed on this page are defaults. You can request a quota increase for Amazon Rekognition
using the AWS Support Center. To request a quota increase for a Amazon Rekognition Transactions Per
Second (TPS) limit, follow the instructions at Default quotas in the Amazon Rekognition Developer Guide.
Quotas increases affect only the specific API operation for the Region in which you make the request.
Other API operations and Regions are not affected.
Resource Default
Transactions per second per account for individual Amazon • US East (Ohio) Region – 5
Rekognition Image data plane operations: • US East (N. Virginia) Region –
50
• DetectLabels
• US West (N. California) Region
• DetectModerationLabels –5
• DetectText
• US West (Oregon) Region – 50
• GetCelebrityInfo • Asia Pacific (Mumbai) Region –
• IndexFaces 5
• ListFaces • Asia Pacific (Seoul) Region – 5
• RecognizeCelebrities • Asia Pacific (Singapore) Region
• SearchFaces –5
• SearchFacesByImage • Asia Pacific (Sydney) Region –
5
• Asia Pacific (Tokyo) Region – 5
• Canada (Central) – 5 (For
supported operations, see
Service endpoints (p. 773)).
• Europe (Frankfurt) Region – 5
• Europe (Ireland) Region – 50
Version 1.0
775
Service quotas
Resource Default
• Europe (London) Region – 5
• AWS GovCloud (US-West) – 5
Rekognition Image data plane operations: • US East (N. Virginia) Region –
100
• CompareFaces
• DetectFaces – 25
• US West (Oregon) Region –
100
• Asia Pacific (Mumbai) Region –
25
• Asia Pacific (Seoul) Region –
25
– 25
• Asia Pacific (Sydney) Region –
25
• Asia Pacific (Tokyo) Region –
25
• Canada (Central) – 25 (For
supported operations, see
Service endpoints (p. 773)).
Transactions per second per account for the personal protective In each Region that Amazon
equipment data plane operation: Rekognition Image supports – 5
• DetectProtectiveEquipment
Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Image control plane operations: Rekognition Image supports – 5
• CreateCollection
• DeleteCollection
• DeleteFaces
• DescribeCollection
• ListCollections
Version 1.0
776
Service quotas
Resource Default
Transactions per second per account for individual stored video In each Region that Amazon
start operations: Rekognition Video supports – 5
• StartCelebrityRecognition StartCelebrityRecognition
• StartContentModeration is not available in AWS GovCloud
(US).
• StartFaceDetection
• StartFaceSearch
• StartLabelDetection
• StartPersonTracking
• StartTextDetection
• StartSegmentDetection
Rekognition Video stored video get operations: • US East (N. Virginia) Region –
20
• GetCelebrityRecognition
• GetContentModeration –5
• GetFaceDetection
• US West (Oregon) Region – 20
• GetFaceSearch • Asia Pacific (Mumbai) Region –
• GetLabelDetection 5
• GetPersonTracking • Asia Pacific (Seoul) Region – 5
• GetTextDetection • Asia Pacific (Singapore) Region
• GetSegmentDetection –5
• Asia Pacific (Sydney) Region –
5
• Asia Pacific (Tokyo) Region – 5
(GetCelebrityRecognition
is not available in this Region.)
Maximum number of concurrent stored video jobs per account 20
Maximum number of streaming video stream processors per In each Region that Amazon
account that can simultaneously exist Rekognition Video supports – 10
Transactions per second per account for individual streaming video In each Region that Amazon
operations: Rekognition Video supports – 1
• CreateStreamProcessor
• DeleteStreamProcessor
• DescribeStreamProcessor
• ListStreamProcessors
• StartStreamProcessor
• StopStreamProcessor
Version 1.0
777
Service quotas
Resource Default
Transactions per second per account for individual Amazon In all Regions that Amazon
Rekognition Custom Label data plane operations: Rekognition Custom Labels
supports – 50
• DetectCustomLabels
Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Custom Labels control plane operations: Rekognition Custom Labels
supports – 5
• CopyProjectVersion
• CreateDataset
• CreateProject
• CreateProjectVersion
• DeleteDataset
• DeleteProject
• DeleteProjectPolicy
• DeleteProjectVersion
• DescribeDataset
• DescribeProjects
• DescribeProjectVersions
• DistributeDatasetEntries
• ListDatasetEntries
• ListDatasetLabels
• ListProjectPolicies
• PutProjectPolicy
• StartProjectVersion
• StopProjectVersion
• UpdateDatasetEntries
Maximum number of Amazon Rekognition Custom Labels projects 100

per account.
Maximum number of Amazon Rekognition Custom Labels models 100

per project.
Maximum number of concurrent Amazon Rekognition Custom • All Regions except Asia Pacific
Labels training jobs per account. (Sydney) – 2
• Asia Pacific (Sydney) – 1
Maximum number of concurrently running Amazon Rekognition 2

Custom Labels models per account.
Maximum inference units per started model. 5
Maximum number of images per dataset. 250,000
For more information, see Guidelines and quotas in Amazon Rekognition in the Amazon Rekognition
Developer Guide.
Version 1.0
778
Amazon RDS
Amazon Relational Database Service endpoints

and quotas
Service endpoints
Amazon RDS

Name

(Ohio)
rds-fips.us-east-2.api.aws HTTPS
rds.us-east-2.api.aws HTTPS
rds-fips.us-east-2.amazonaws.com HTTPS

Virginia)
rds-fips.us-east-1.api.aws HTTPS
rds-fips.us-east-1.amazonaws.com HTTPS
rds.us-east-1.api.aws HTTPS

West (N.
California) rds.us-west-1.api.aws HTTPS
rds-fips.us-west-1.amazonaws.com HTTPS
rds-fips.us-west-1.api.aws HTTPS

(Oregon)
rds-fips.us-west-2.amazonaws.com HTTPS
rds.us-west-2.api.aws HTTPS
rds-fips.us-west-2.api.aws HTTPS

(Cape
Town) rds.af-south-1.api.aws HTTPS

Pacific
(Hong rds.ap-east-1.api.aws HTTPS
Kong)
Version 1.0
779
Service endpoints

Name

(Jakarta)

Pacific south-1
(Mumbai) rds.ap-south-1.api.aws HTTPS

(Osaka) rds.ap-northeast-3.api.aws HTTPS

(Seoul) rds.ap-northeast-2.api.aws HTTPS

(Singapore) rds.ap-southeast-1.api.aws HTTPS

(Sydney) rds.ap-southeast-2.api.aws HTTPS

(Tokyo) rds.ap-northeast-1.api.aws HTTPS

(Central) central-1
rds.ca-central-1.api.aws HTTPS
rds-fips.ca-central-1.api.aws HTTPS
rds-fips.ca-central-1.amazonaws.com HTTPS

rds.eu-central-1.api.aws HTTPS

(Ireland)
rds.eu-west-1.api.aws HTTPS

(London)

(Milan) south-1
rds.eu-south-1.api.aws HTTPS

(Paris)
Version 1.0
780
Service endpoints

Name

(Stockholm)
rds.eu-north-1.api.aws HTTPS

East south-1
(Bahrain) rds.me-south-1.api.aws HTTPS


America
(São rds.sa-east-1.api.aws HTTPS
Paulo)

GovCloud east-1
(US-East)

GovCloud west-1
(US-West)
Amazon RDS Performance Insights

Name
US East us-east-2 pi.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 pi.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 pi.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 pi.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 pi.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 pi.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- pi.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Version 1.0
781
Service endpoints

Name
Asia ap- pi.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- pi.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- pi.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- pi.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 pi.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- pi.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 pi.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- pi.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- pi.me-central-1.amazonaws.com HTTPS

South sa-east-1 pi.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
782
Service quotas
Service quotas

Description
Authorizations per DB security group Each supported No Number of security group

Region: 20 authorizations per DB
security group
Custom engine versions Each supported Yes The maximum number of

Region: 40 custom engine versions
the current Region
DB cluster parameter groups Each supported No The maximum number

groups

Region: 40 Aurora clusters allowed in
Region

Region

Data API HTTP request body size Each supported No The maximum size allowed
Region: 4 for the HTTP request body.
Megabytes
Data API maximum concurrent cluster- Each supported No The maximum number
secret pairs Region: 30 of unique pairs of Aurora
Serverless DB clusters and
secrets in concurrent Data
API requests for the current
account and AWS Region.
Data API maximum concurrent requests Each supported No The maximum number
Region: 500 of Data API requests to
an Aurora Serverless
DB cluster that use the
same secret and can be
processed at the same
time. Additional requests
are queued and processed
as in-process requests
complete.
Data API maximum result set size Each supported No The maximum size of the
Region: 1 database result set that can
Megabytes be returned by the Data
API.
Version 1.0
783
Service quotas

Description
Data API maximum size of JSON response Each supported No The maximum size of the
string Region: 10 simplified JSON response
Megabytes string returned by the RDS
Data API.
Data API requests per second Each supported No The maximum number of
Region: 1,000 per requests to the Data API
second per second allowed in this
Region.

IAM roles per DB cluster Each supported Yes The maximum number of
DB cluster
IAM roles per DB instance Each supported Yes The maximum number of
DB instance
Manual DB cluster snapshots Each supported Yes The maximum number

Region: 100 of manual DB cluster
snapshots
Manual DB instance snapshots Each supported Yes The maximum number

Region: 100 of manual DB instance
snapshots
Option groups Each supported Yes The maximum number of

Region: 20 option groups
Parameter groups Each supported Yes The maximum number of

Region: 50 parameter groups
Proxies Each supported Yes The maximum number

Region: 20 of proxies allowed in this
Region
Read replicas per master Each supported Yes The maximum number of
Region: 5 read replicas per master
Reserved DB instances Each supported Yes The maximum number

Region: 40 of reserved DB instances
the current AWS Region
Rules per security group Each supported No The maximum number of

Region: 20 rules per DB security group
Security groups Each supported Yes The maximum number of

Region: 25 DB security groups
Security groups (VPC) Each supported No The maximum number

Amazon VPC
Version 1.0
784
Resilience Hub

Description
Subnets per DB subnet group Each supported No The maximum number

group

resource
Total storage for all DB instances Each supported Yes The maximum total storage
Region: 100,000 (in GB) for all DB instances
Gigabytes added together
AWS Resilience Hub endpoints and quotas

Service endpoints
Name
US East us-east-2 resiliencehub.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 resiliencehub.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 resiliencehub.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 resiliencehub.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 resiliencehub.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 resiliencehub.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- resiliencehub.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- resiliencehub.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Version 1.0
785
Service quotas

Name
Asia ap- resiliencehub.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- resiliencehub.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- resiliencehub.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- resiliencehub.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- resiliencehub.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 resiliencehub.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- resiliencehub.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 resiliencehub.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- resiliencehub.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 resiliencehub.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Number of Resiliency Policies Each supported Yes The maximum number of

Region: 10 resiliency policies an AWS
account can create in the
current region
Number of application components per Each supported No The maximum number of

resource Region: 5 application components an
Version 1.0
786
Service quotas

Description
AWS account can have for a
given resource
Number of application components per Each supported No The maximum number of

template Region: 65 application components an
AWS account can have for a
given template
Number of applications Each supported Yes The maximum number

Region: 10 of applications an AWS
account can create in the
current region
Number of assessments per application Each supported Yes The maximum number
per month Region: 200 of assessments an AWS
account can run for a given
application in a given
month
Number of concurrent assessments per Each supported No The maximum number of

account Region: 20 concurrent assessments an
AWS account can run
Number of concurrent assessments per Each supported No The maximum number of

application Region: 1 concurrent assessments an
AWS account can run for a
given application
Number of concurrent recommendation Each supported No The maximum number of

templates per account Region: 100 recommendation templates
an AWS account can
concurrently create
Number of concurrent recommendation Each supported No The maximum number of

templates per application Region: 1 recommendation templates
an AWS account can create
for a given application
Number of recommendation templates per Each supported Yes The maximum number of
application per month Region: 100 recommendation templates
an AWS account can create
for a given application in a
given month
Number of resources per template Each supported No The maximum number

Region: 100 of resources an AWS
account can have for a
given template
Number of stacks to import Each supported No The maximum number of

Region: 20 stacks an AWS account can
import
Number of terraform state files to import Each supported No The maximum number of
Region: 20 terraform state files an
AWS account can import
Version 1.0
787
Resource Groups and Tagging

Description
Retention period of past assessments/ Each supported No Retention period of

recommendations in days Region: 365 past assessments/
recommendations in days
Retention period of past recommendation Each supported No Retention period of past

templates in days Region: 365 recommendation templates
in days
Template size in bytes Each supported No The maximum size of a

Region: 51,200 template in bytes
Terraform state file maximum size Each supported No The maximum import size
Region: 4,194,305 limit for terraform state
files
AWS Resource Groups and Tagging endpoints and

quotas
AWS Resource Groups

Service endpoints

Name
US East us-east-2 resource-groups.us-east-2.amazonaws.com HTTPS

(Ohio)
resource-groups-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 resource-groups.us-east-1.amazonaws.com HTTPS

Virginia)
resource-groups-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 resource-groups.us-west-1.amazonaws.com HTTPS

West (N.
California) resource-groups-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 resource-groups.us-west-2.amazonaws.com HTTPS

(Oregon)
resource-groups-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 resource-groups.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 resource-groups.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
788
AWS Resource Groups

Name
(Hong
Kong)
Asia ap- resource-groups.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- resource-groups.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- resource-groups.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- resource-groups.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- resource-groups.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 resource-groups.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- resource-groups.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 resource-groups.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- resource-groups.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
789
AWS Resource Groups Tagging API

Name
South sa-east-1 resource-groups.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- resource-groups.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) resource-groups.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- resource-groups.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) resource-groups.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Resource groups per account Each supported Yes The maximum number
Region: 100 of resource groups that
account. A resource group
is a collection of AWS
resources that match a
specific criteria.

Service endpoints

Name
US East us-east-2 tagging.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 tagging.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 tagging.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 tagging.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 tagging.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 tagging.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
790

Name
(Hong
Kong)
Asia ap- tagging.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- tagging.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- tagging.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- tagging.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- tagging.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 tagging.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- tagging.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 tagging.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- tagging.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
791
AWS RoboMaker

Name
Middle me- tagging.me-central-1.amazonaws.com HTTPS

South sa-east-1 tagging.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- tagging.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- tagging.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
AWS RoboMaker endpoints and quotas

Service endpoints

Name
US East us-east-2 robomaker.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 robomaker.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 robomaker.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- robomaker.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- robomaker.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- robomaker.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 robomaker.eu-west-1.amazonaws.com HTTPS

(Ireland)
Version 1.0
792
Service quotas

Name
AWS us-gov- robomaker.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas

Description
Batch timeout Each supported No The maximum timeout in

Region: 14 days for a simulation job
batch
Concurrent GPU simulation jobs Each supported Yes The maximum number of
Region: 1 concurrent GPU simulation
jobs you can run in this
Region.
Concurrent World Export Jobs Each supported Yes The maximum number of
Region: 3 concurrent world export
jobs that you can run in this
account in this region.
Concurrent World Generation Jobs Each supported Yes The maximum number
Region: 3 of concurrent world
generation jobs that you
can run in this account in
this region.
Concurrent deployment jobs Each supported Yes The maximum number of

Region: 20 concurrent deployment
jobs you can run in this
Region.
Concurrent simulation job batches Each supported Yes The maximum number
Region: 5 of concurrent simulation
job batches you can run in
Region.
Concurrent simulation jobs Each supported Yes The maximum number of

Region: 1 concurrent simulation jobs
you can run in this account
Fleets Each supported Yes The maximum number of

Region: 20 fleets you can create in
Region.
GPU Simulation Job Creation Rate Per Each supported No The maximum number of
Minute Region: 2 GPU simulation job you can
Version 1.0
793
Service quotas

Description
current Region per minute.
Minimum batch timeout Each supported No The minimum timeout

Region: 5 in minutes that you can
specify for a simulation job
batch.
Minimum simulation duration Each supported No The minimum duration

Region: 5 in minutes that you can
specify for a simulation job.
Robot applications Each supported Yes The maximum number of

Region: 40 robot applications you can
current Region.
Robots Each supported Yes The maximum number of

Region: 100 robots you can create in
Region.
Robots per fleet Each supported Yes The maximum number of

Region: 100 robots you can register to a
fleet.
Simulation Job Creation Rate Per Minute us-east-1: 10 No The maximum number
of simulation job you can
us-west-2: 10 create in this account in the
current Region per minute.
Each of the other
supported Regions:
5
Simulation applications Each supported Yes The maximum number of

Region: 40 simulation applications you
the current Region.
Simulation duration Each supported No The maximum duration

Region: 14 in days that a simulation
job can run for including
restarts.
Simulation job requests per batch Each supported Yes The maximum number of
Region: 20 simulation job requests
that can be submitted in a
StartSimulationJobBatch
call
Source size Each supported No The maximum size (in GB)

Region: 5 Gigabytes for any source of robot
application or simulation
application.
Versions per robot application Each supported Yes The maximum number of
Region: 40 versions you can create for
a Robot Application.
Version 1.0
794
Route 53

Description
Versions per simulation application Each supported Yes The maximum number of
Region: 40 versions you can create for
a Simulation Application.
World Templates Per Account Each supported Yes The maximum number of
Region: 40 world templates that you
this region.
Worlds Per Export Job Each supported No The maximum number of

Region: 1 worlds in a world export
job request.
Worlds Per Generation Job Each supported No The maximum number

Region: 50 of worlds in a world
generation job request.
Amazon Route 53 endpoints and quotas

Service endpoints
Hosted zones, records, health checks, DNS query logs, reusable
delegation sets, traffic policies, and cost allocation tags
When you use the AWS CLI or SDKs to submit requests, you can either leave the Region and endpoint
unspecified, or specify the applicable Region:
• Route 53 in AWS Regions other than the Beijing and Ningxia Regions: specify us-east-1 as the Region.
• Route 53 in the Beijing and Ningxia Regions: specify cn-northwest-1.
When you use the Route 53 API to submit requests, use the same Regions as above to sign requests.
For more information about signing Route 53 API requests, see Signature Version 4 signing
process (p. 1012).

Name
US East us-east-2 route53.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 route53.amazonaws.com HTTPS

Virginia)
Version 1.0
795
Service endpoints

Name
US us-west-1 route53.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 route53.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 route53.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 route53.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- route53.amazonaws.com HTTPS

(Jakarta)

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- route53.amazonaws.com HTTPS

(Central) central-1
Europe eu- route53.amazonaws.com HTTPS

Europe eu-west-1 route53.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
796
Service endpoints

Name
Europe eu- route53.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 route53.amazonaws.com HTTPS

(Stockholm)
Middle me- route53.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- route53.amazonaws.com HTTPS

South sa-east-1 route53.amazonaws.com HTTPS

America
(São
Paulo)
Requests for domain registration

Name
US East (N. us-east-1 route53domains.us-east-1.amazonaws.com HTTPS

Virginia)
Requests for Route 53 Resolver

Name
US East us-east-2 route53resolver.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 route53resolver.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 route53resolver.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 route53resolver.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 route53resolver.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Version 1.0
797
Service endpoints

Name
Asia ap-east-1 route53resolver.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- route53resolver.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- route53resolver.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- route53resolver.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- route53resolver.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- route53resolver.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 route53resolver.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- route53resolver.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 route53resolver.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- route53resolver.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
798
Service quotas

Name
South sa-east-1 route53resolver.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- route53resolver.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- route53resolver.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Requests for Route 53 auto naming

Amazon Route 53 auto naming has been released as a separate service, AWS Cloud Map. For a list of
service endpoints, see Service endpoints (p. 147). For AWS Cloud Map documentation, see AWS Cloud
Map Documentation.
Service quotas
Description
Amazon VPCs that you can associate with Each supported Yes The maximum number of
a private hosted zone Region: 300 Amazon VPCs that you can
associate with a private
hosted zone
Authorizations that let you associate VPCs Each supported No The maximum number of
with a hosted zone that was created by Region: 1,000 authorizations that you can
another account create that allow you to
associate VPCs that were
created using one account
with a hosted zone that
was created using another
account
CIDR blocks per collection Each supported Yes The maximum number of
Region: 1,000 CIDR blocks that you can
create per CIDR collection
CIDR collections Each supported Yes The maximum number of

Region: 5 CIDR collections that you
can create per account
Child health checks that a calculated Each supported No The maximum number of
health check can monitor Region: 255 child health checks that a
calculated health check can
monitor
Domain count limit Each supported No The maximum number of

Region: 20 domains you can register
using this account
Version 1.0
799
Service quotas

Description
Geolocation records that have the same Each supported No The maximum number of
name and type Region: 100 records that you can create
that have a geolocation
routing policy and that
have the same name and
type
Geoproximity records that have the same Each supported No The maximum number of
name and type Region: 30 records that you can create
that have a geoproximity
type
Health checks Each supported Yes The maximum number of

Region: 200 health checks that you can
create using this account
Hosted zones Each supported Yes The maximum number of

Region: 500 hosted zones that you can
create using this account
Hosted zones that can use the same Each supported Yes The maximum number
reusable delegation set Region: 100 of hosted zones that can
use the same reusable
delegation set
Key signing keys per hosted zone Each supported No The maximum number of
Region: 2 key signing keys that you
can create per hosted zone
Multivalue answer records that have the Each supported No The maximum number of
same name and type Region: 100 records that you can create
that have a multivalue
answer routing policy and
that have the same name
and type
Query log configurations per hosted zone Each supported No The maximum number of
Region: 1 query log configurations
hosted zone
Records per hosted zone Each supported Yes The maximum number of
Region: 10,000 records that you can create
in a hosted zone
Reusable delegation sets Each supported Yes The maximum number of

Region: 100 reusable delegation sets
that you can create using
this account
Traffic flow policies Each supported Yes The maximum number of

Region: 50 traffic flow policies that
you can create using this
account
Version 1.0
800
Service quotas

Description
Traffic flow policy records Each supported Yes The maximum number of
Region: 5 traffic flow policy records
that you can create using
this account
Traffic flow policy versions per traffic flow Each supported No The maximum number of
policy Region: 1,000 traffic flow policy versions
traffic flow policy
Values in a record Each supported No The maximum number of

Region: 400 values that you can add to
a record
Weighted records that have the same Each supported No The maximum number
name and type Region: 100 of records that you can
create that have a weighted
type
The following quotas are for Route 53 Resolver.

Description
Associations between resolver rules and Each supported Yes Maximum number of
VPCs per AWS Region Region: 2,000 associations between
resolver rules and VPCs per
AWS Region
DNS Firewall rule group associations per Each supported No The maximum number of
VPC Region: 5 DNS Firewall rule groups
that you can associate to a
VPC.
DNS Firewall rules groups per Region Each supported Yes The maximum number of
Region: 1,000 DNS Firewall rules groups
per Region.
Domain lists per account Each supported Yes The maximum number of
Region: 1,000 domain lists for an account.
Domains in a file imported from S3 Each supported Yes The maximum number
Region: 250,000 of domains that you can
import from a single file
thats stored in an Amazon
S3 bucket.
Domains per account Each supported Yes The maximum number

Region: 100,000 of domains that you can
specify across all of the
domain lists for an account.
Version 1.0
801
Route 53 ARC

Description
IP addresses per resolver endpoint Each supported Yes Maximum number of IP

Region: 6 addresses per resolver
endpoint
Maximum number of resolver endpoints Each supported Yes Resolver endpoints per
per AWS Region Region: 4 AWS Region
Resolver rules per AWS Region Each supported Yes Maximum number of
Region: 1,000 resolver rules per AWS
Region
Rules in a DNS Firewall rule group Each supported Yes The maximum number of
Region: 100 rules in a DNS Firewall rule
group.
Target IP addresses per resolver rule Each supported No Maximum number of target
Region: 6 IP addresses per resolver
rule
For more information, see Route 53 quotas in the Amazon Route 53 Developer Guide.
Amazon Route 53 Application Recovery Controller

Service endpoints
When you use the AWS CLI or SDKs to submit requests with Route 53 ARC, you must specify the AWS
Region as us-west-2.
For the Route 53 ARC Recovery Readiness API (for readiness checks) or Recovery Control Configuration
API, use the following endpoints, respectively.

Name
US West us-west-2 route53-recovery-readiness.amazonaws.com HTTPS

(Oregon)
Region
US West us-west-2 route53-recovery-control-config.amazonaws.com HTTPS

(Oregon)
Region
Version 1.0
802
Service quotas
For the Route 53 ARC Recovery Cluster API, in addition to specifying the Region as us-west-2, you also
must specify one of your five Regional cluster endpoints. The endpoint that you specify must target the
Route 53 ARC cluster that hosts the routing controls that you want to get or update the state for.
Route 53 ARC creates endpoints for each cluster in the following five Regions: US East (N. Virginia) (us-
east-1), Europe (Ireland) (eu-west-1), Europe (London) (us-west-2), Asia Pacific (Tokyo) (ap-northeast-1),
and Asia Pacific (Sydney) (ap-southeast-2). It's a best practice to retry with each of the available cluster
endpoints. To learn more, see Get and update routing control states using the API and Best practices
for Amazon Route 53 Application Recovery Controller in the Amazon Route 53 Application Recovery
Controller Developer Guide.
The following are examples of the Regional cluster endpoints in Route 53 ARC.
Endpoint Region
https://aaaaaaaa.route53-recovery-cluster.eu-west-1.amazonaws.com eu-west-1
https://bbbbbbb.route53-recovery-cluster.ap-northeast-1.amazonaws.com ap-northeast-1
https://ccccccc.route53-recovery-cluster.us-west-2.amazonaws.com us-west-2
https://ddddddd.route53-recovery-cluster.us-east-1.amazonaws.com us-east-1
https://eeeeeee.route53-recovery-cluster.ap-southeast-2.amazonaws.com ap-southeast-2
Service quotas
For information, see Quotas in Amazon Route 53 Application Recovery Controller in the Amazon
Route 53 Application Recovery Controller Developer Guide.
Amazon SageMaker endpoints and quotas

Service endpoints
The following table provides a list of Region-specific endpoints that SageMaker supports for training
and deploying models. This include creating and managing notebook instances, training jobs, model,
endpoint configurations, and endpoints.

Name
US East us-east-2 api.sagemaker.us-east-2.amazonaws.com HTTPS

(Ohio)
api-fips.sagemaker.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 api.sagemaker.us-east-1.amazonaws.com HTTPS

Virginia)
api-fips.sagemaker.us-east-1.amazonaws.com HTTPS
Version 1.0
803
Service endpoints

Name
US us-west-1 api.sagemaker.us-west-1.amazonaws.com HTTPS

West (N.
California) api-fips.sagemaker.us-west-1.amazonaws.com HTTPS
US West us-west-2 api.sagemaker.us-west-2.amazonaws.com HTTPS

(Oregon)
api-fips.sagemaker.us-west-2.amazonaws.com HTTPS
Africa af-south-1 api.sagemaker.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 api.sagemaker.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- api.sagemaker.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- api.sagemaker.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- api.sagemaker.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- api.sagemaker.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- api.sagemaker.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 api.sagemaker.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
804
Service endpoints

Name
Europe eu- api.sagemaker.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 api.sagemaker.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- api.sagemaker.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 api.sagemaker.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- api.sagemaker.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) api-fips.sagemaker.us-gov- HTTPS
The following table provides a list of Region-specific endpoints that Amazon SageMaker supports for
making inference requests against models hosted in SageMaker.

Name
US East us-east-2 runtime.sagemaker.us-east-2.amazonaws.com HTTPS

(Ohio)
runtime-fips.sagemaker.us- HTTPS
US East (N. us-east-1 runtime.sagemaker.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 runtime.sagemaker.us-west-1.amazonaws.com HTTPS

West (N.
California) runtime-fips.sagemaker.us- HTTPS
US West us-west-2 runtime.sagemaker.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 runtime.sagemaker.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 runtime.sagemaker.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
805
Service endpoints

Name
(Hong
Kong)
Asia ap- runtime.sagemaker.ap- HTTPS

(Jakarta)
Asia ap- runtime.sagemaker.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- runtime.sagemaker.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- runtime.sagemaker.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 runtime.sagemaker.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- runtime.sagemaker.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 runtime.sagemaker.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- runtime.sagemaker.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
806
Service endpoints

Name
South sa-east-1 runtime.sagemaker.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- runtime.sagemaker.us-gov- HTTPS

(US-West) HTTPS
runtime.sagemaker.us-gov-
SageMaker Edge Manager.

Name
US East us-east-2 edge.sagemaker.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 edge.sagemaker.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 edge.sagemaker.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- edge.sagemaker.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- edge.sagemaker.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 edge.sagemaker.eu-west-1.amazonaws.com HTTPS

(Ireland)
SageMaker Feature Store.

Name
US East us-east-2 featurestore.us-east-2.amazonaws.com

(Ohio)
US East (N. us-east-1 featurestore.us-east-1.amazonaws.com

Virginia)
US us-west-1 featurestore.us-west-1.amazonaws.com
West (N.
California)
Version 1.0
807
Service endpoints

Name
US West us-west-2 featurestore.us-west-2.amazonaws.com

(Oregon)
Africa af-south-1 featurestore.af-south-1.amazonaws.com

(Cape
Town)
Asia ap-east-1 featurestore.ap-east-1.amazonaws.com

Pacific
(Hong
Kong)
Asia ap- featurestore.ap-south-1.amazonaws.com

Pacific south-1
(Mumbai)
Asia ap- featurestore.ap-northeast-2.amazonaws.com

(Seoul)
Asia ap- featurestore.ap-southeast-1.amazonaws.com

(Singapore)
Asia ap- featurestore.ap-southeast-2.amazonaws.com

(Sydney)
Asia ap- featurestore.ap-northeast-1.amazonaws.com

(Tokyo)
Canada ca- featurestore.ca-central-1.amazonaws.com

(Central) central-1
Europe eu- featurestore.eu-central-1.amazonaws.com

Europe eu-west-1 featurestore.eu-west-1.amazonaws.com

(Ireland)

(London)
Europe eu- featurestore.eu-south-1.amazonaws.com

(Milan) south-1

(Paris)
Europe eu-north-1 featurestore.eu-north-1.amazonaws.com

(Stockholm)
Middle me- featurestore.me-south-1.amazonaws.com

East south-1
(Bahrain)
Version 1.0
808
Service quotas

Name
South sa-east-1 featurestore.sa-east-1.amazonaws.com

America
(São
Paulo)
Service quotas
Depending on your activities and resource usage over time, your SageMaker quotas might be different
from the default SageMaker quotas listed in the following tables. The default quotas in this page are
based on new accounts. If you encounter error messages that you've exceeded your quota, use AWS
Support to request a service limit increase for SageMaker resources you want to scale up. For instructions
on how to request a service limit increase, see Supported Regions and Quotas in the Amazon SageMaker
Developer Guide. For information on Amazon EC2 instance types, see Amazon EC2 Instance Types.
SageMaker Studio
Resource Default
Total Domains per Region 1
KernelGateway-ml.c5.large 0
KernelGateway-ml.c5.xlarge 0
KernelGateway-ml.c5.2xlarge 0
KernelGateway-ml.g4dn.xlarge 0
KernelGateway-ml.g4dn.2xlarge 0
KernelGateway-ml.m5.large 0
KernelGateway-ml.m5.xlarge 0
KernelGateway-ml.m5.2xlarge 0
Version 1.0
809
Service quotas
Resource Default
KernelGateway-ml.p3.2xlarge 0
KernelGateway-ml.t3.medium 2
KernelGateway-ml.t3.large 0
KernelGateway-ml.t3.xlarge 0
KernelGateway-ml.t3.2xlarge 0
Maximum number of UserProfiles per Domain 2
Maximum number of Running Apps per Domain 20
Maximum number of custom images per Domain 30
Maximum number of custom images per UserProfile 5
SageMaker Images
Resource Default
Number of SageMaker Images 250
Number of image versions per SageMaker image 1,000
SageMaker Notebooks
Resource Default
ml.t2.medium instances 2
ml.t2.large instances 0
ml.t2.xlarge instances 0
ml.t2.2xlarge instances 0
ml.m4.xlarge instances 0
Version 1.0
810
Service quotas
Resource Default
ml.m4.2xlarge instances 0
ml.c4.xlarge instances 0
ml.c4.2xlarge instances 0
ml.c5d.xlarge instances 0
ml.c5d.2xlarge instances 0
ml.p2.xlarge instances 0
ml.p2.8xlarge instances 0
ml.g4dn.xlarge instances 2
ml.g4dn.2xlarge instances 2
Version 1.0
811
Service quotas
Resource Default
ml.eia1.medium instances 0
ml.eia1.large instances 0
ml.eia1.xlarge instances 0
ml.eia2.medium instances 0
ml.eia2.large instances 0
ml.eia2.xlarge instances 0
Number of accelerators 0
Number of notebook instances 4
EBS volume size in GB for an instance 102400
SageMaker Ground Truth
Resource Default
Total labeling jobs 1
Total streaming labeling jobs 0
Max dataset objects per labeling job 10,000
Number of workteams 25
SageMaker Projects
Resource Default
Number of projects 500
SageMaker Pipelines
Resource Default
Number of pipelines 5,000
SageMaker Pipeline Executions
Resource Default
Maximum execution time 28 days
Version 1.0
812
Service quotas
Resource Default
Concurrent pipeline executions per account 200
Concurrent pipeline executions per pipeline 200
Parameters
Resource Default
Parameters per pipeline 50
Parameter name length 64 characters
Parameters name regular expression pattern ([A-Za-z0-9\\-_])*
Parameter description length 4,096 characters
Parameter enum values 16 distinct values
SageMaker Condition Steps
Resource Default
Conditions per ConditionStep 200
Steps in If-List 20
Steps in Else-List 20
Conditions in Or-List 200
Property Files
Resource Default
PropertyFiles in a pipeline 10
JsonGet functions in a pipeline 200
Size of the property file 2 MB
SageMaker Metadata
Resource Default
Maximum number of metadata 20 key-value pairs
Metadata key size 128 characters
Metadata key regular expression pattern ([A-Za-z0-9\\-_])*
Maximum metadata value size 1024 characters
Metadata value regular expression pattern [\\p{M}\\p{L}\\p{S}\\p{S}\

\p{N}\\p{P}\\s
Version 1.0
813
Service quotas
SageMaker Feature Store
Resource Default
Number of feature groups 100
Concurrent feature group creation workflows 4
SageMaker Processing
Resource Default
ml.c4.xlarge 4
ml.c4.2xlarge 4
ml.c4.4xlarge 4
ml.c4.8xlarge 4
ml.c5.xlarge 4
ml.c5.2xlarge 4
ml.c5.4xlarge 1
ml.c5.9xlarge 1
ml.c5.18xlarge 1
ml.g4dn.xlarge 0
ml.g4dn.2xlarge 0
ml.g4dn.4xlarge 0
ml.g4dn.8xlarge 0
ml.g4dn.12xlarge 0
ml.g4dn.16xlarge 0
ml.m4.xlarge 4
ml.m4.2xlarge 4
ml.m4.4xlarge 2
ml.m4.10xlarge 1
ml.m4.16xlarge 1
ml.m5.large 4
ml.m5.xlarge 4
ml.m5.2xlarge 4
ml.m5.4xlarge 2
ml.m5.12xlarge 0
Version 1.0
814
Service quotas
Resource Default
ml.m5.24xlarge 0
ml.p2.xlarge 0
ml.p2.8xlarge 0
ml.p2.16xlarge 0
ml.p3.2xlarge 0
ml.p3.8xlarge 0
ml.p3.16xlarge 0
ml.r5.large 4
ml.r5.xlarge 4
ml.r5.2xlarge 4
ml.r5.4xlarge 1
ml.r5.8xlarge 1
ml.r5.12xlarge 1
ml.r5.16xlarge 1
ml.r5.24xlarge 0
ml.t3.medium 4
ml.t3.large 4
ml.t3.xlarge 2
ml.t3.2xlarge 0
Longest run time for a processing job 5 days
Number of instances across a single processing job 4
Total number of instances across all processing jobs 20
Size of EBS volume for an instance 1 TB
Note
In case of SageMaker training, on-demand and spot instance quotas are tracked and modified
separately. For example, with the default quotas, you can run up to 20 training jobs with
ml.m4.xlarge on-demand instances and up to 20 training jobs with ml.m4.xlarge spot instances
simultaneously.
SageMaker Training
Resource Default
Version 1.0
815
Service quotas
Resource Default
ml.c5n.xlarge instances 0
ml.c5n.2xlarge instances 0
ml.g5.xlarge instances 0
ml.g5.2xlarge instances 0
Version 1.0
816
Service quotas
Resource Default
ml.m5.large instances 4
ml.p3dn.24xlarge instances 0
ml.p4d.24xlarge instances 0
The longest run time for a training job 5 days
Number of instances per single training job 4
Total number of instances across training jobs 20
Size of EBS volume for an instance 1 TB
SageMaker Managed Spot Training
Resource Default
ml.c5n.xlarge instances 0
Version 1.0
817
Service quotas
Resource Default
ml.g5.xlarge instances 0
Version 1.0
818
Service quotas
Resource Default
ml.p3dn.24xlarge instances 0
Number of instances across training jobs 20
Number of instances per training job 4
SageMaker Autopilot
Resource Regions Default limits Can be increased up to
Size of input dataset All 100 GB Hundreds of GBs
Size of a single Parquet All 2 GB Tens of GBs

file*
Target dataset size for All 5 GB Hundreds of GBs

subsampling**
Number of concurrent us-east-1, us-east-2,us- 4 Hundreds

SageMaker Autopilot west-2, ap-northeast-1,
jobs eu-west-1, eu-central-1
ap-northeast-2, ap- 2 Hundreds

southeast-2, eu-west-2,
ap-southeast-1
All other regions 1 Tens
Note
*This 2 GB size limit is for a single compressed Parquet file. You can provide a Parquet dataset
that includes multiple compressed Parquet files. After the files are decompressed, they may
each expand to a larger size.
**SageMaker Autopilot automatically subsamples input datasets that are larger than the target
dataset size while accounting for class imbalance and preserving rare class labels.
The resource quotas documented in the following sections are valid for versions of Amazon
SageMaker Studio 3.22.2 and higher. For information on updating your version of SageMaker
Studio, see Update SageMaker Studio and Studio Apps
You can increase these limits by contacting AWS Support Center.For instructions on how to
request increases, see Update SageMaker Studio and Studio Apps.
SageMaker Automatic Model Hyperparameter Tuning
Resource Default
Number of concurrent hyperparameter tuning jobs 100
Version 1.0
819
Service quotas
Resource Default
Number of parallel training jobs per hyperparameter tuning job 10
Number of training jobs per hyperparameter tuning job 500
SageMaker Experiments (Lineage Tracking / Experiment Tracking)
Resource Default
Experiments 5,000
Trial components 20,000
Trial components in a single trial 50
Trials in a single experiment 300
Trials a single trial component can be associated with 500
Number of actions 3,000
Number of artifacts 6,000
Number of associations 6,000
Number of contexts 500
Note
Use AWS Support to request a service limit increase in order to use an instance with a default
quota of 0.
SageMaker Hosting
Resource Default
ml.c4.* instances 0
ml.c5.* instances 0
ml.c5d.* instances 0
ml.c5n.* instances 0
ml.c6i.* instances 0
ml.g4dn.* instances 0
ml.g5.* instances 0
Version 1.0
820
Service quotas
Resource Default
ml.m5d.* instances 0
ml.m5dn.* instances 0
ml.m5n.* instances 0
ml.p2.* instances 0
ml.p3.* instances 0
ml.r5.* instances 0
ml.r5d.* instances 0
ml.r5dn.* instances 0
ml.r5n.* instances 0
Number of instances across endpoints 2
Number of instances per endpoint 0
Number of accelerators per endpoint 4
Total TPS for all endpoints 10,000
Maximum payload size for endpoint invocation 6 MB
Version 1.0
821
Service quotas
Resource Default
Inference timeout for endpoint invocation 60 seconds
Maximum shared memory size Up to half of memory on

instance (subject to this
Exclusion List)
SageMaker Batch Transform
Resource Default
ml.g4dn.xlarge 0
ml.g4dn.2xlarge 0
ml.g4dn.4xlarge 0
ml.g4dn.8xlarge 0
ml.g4dn.12xlarge 0
ml.g4dn.16xlarge 0
Version 1.0
822
Secrets Manager
Resource Default
Number of instances per transform job 4
SageMaker Human Task UI
Resource Default
Number of human task UIs 100
SageMaker Serverless Inference
Resource Default
Maximum concurrent invocations per endpoint 200
Total concurrency for all serverless endpoints per Region in an 1000

account for the following Regions: US East (Ohio), US East (N.
Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific
(Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland)
Total concurrency for all serverless endpoints per Region in an 500

account for the following Regions: US West (N. California), Africa
(Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Mumbai),
Asia Pacific (Osaka), Asia Pacific (Seoul), Canada (Central), Europe
(London), Europe (Milan), Europe (Paris), Europe (Stockholm),
Middle East (Bahrain), South America (São Paulo)
Maximum number of serverless endpoints per Region in an account 50
Maximum memory size per endpoint 6144 MB
Maximum container size 10 GB
AWS Secrets Manager endpoints and quotas

Version 1.0
823
Service endpoints
Service endpoints

Name
US East us-east-2 secretsmanager.us-east-2.amazonaws.com HTTPS

(Ohio)
secretsmanager-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 secretsmanager.us-east-1.amazonaws.com HTTPS

Virginia)
secretsmanager-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 secretsmanager.us-west-1.amazonaws.com HTTPS

West (N.
California) secretsmanager-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 secretsmanager.us-west-2.amazonaws.com HTTPS

(Oregon)
secretsmanager-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 secretsmanager.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 secretsmanager.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- secretsmanager.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- secretsmanager.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- secretsmanager.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
824
Service quotas

Name
Canada ca- secretsmanager.ca-central-1.amazonaws.com HTTPS

(Central) central-1
secretsmanager-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- secretsmanager.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 secretsmanager.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- secretsmanager.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 secretsmanager.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- secretsmanager.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- secretsmanager.me-central-1.amazonaws.com HTTPS

South sa-east-1 secretsmanager.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- secretsmanager.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) secretsmanager-fips.us-gov- HTTPS
AWS us-gov- secretsmanager.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) secretsmanager-fips.us-gov- HTTPS
Service quotas

Description
Combined rate of DeleteResourcePolicy, Each supported No The maximum transactions

GetResourcePolicy, PutResourcePolicy, and Region: 50 per per second for
ValidateResourcePolicy API requests second DeleteResourcePolicy,
GetResourcePolicy,
PutResourcePolicy, and
Version 1.0
825
Service quotas

Description
ValidateResourcePolicy API
requests combined.
Combined rate of DescribeSecret and Each supported No The maximum

GetSecretValue API requests Region: 5,000 per transactions per second
second for DescribeSecret and
GetSecretValue API
requests combined.
Combined rate of ListSecrets and Each supported No The maximum transactions

ListSecretVersionIds API requests Region: 50 per per second for ListSecrets
second and ListSecretVersionIds
API requests combined.
Combined rate of PutSecretValue, Each supported No The maximum

RemoveRegionsFromReplication, Region: 50 per transactions per second
ReplicateSecretToRegion, second for PutSecretValue,
StopReplicationToReplica, UpdateSecret, RemoveRegionsFromReplication,
and UpdateSecretVersionStage API ReplicateSecretToRegion,
requests StopReplicationToReplica,
UpdateSecret, and
UpdateSecretVersionStage
API requests combined.
Combined rate of RestoreSecret API Each supported No The maximum transactions

requests Region: 50 per per second for
second RestoreSecret API requests.
Combined rate of RotateSecret and Each supported No The maximum transactions

CancelRotateSecret API requests Region: 50 per per second for RotateSecret
second and CancelRotateSecret API
requests combined.
Combined rate of TagResource and Each supported No The maximum transactions

UntagResource API requests Region: 50 per per second for TagResource
second and UntagResource API
requests combined.
Rate of CreateSecret API requests Each supported No The maximum transactions

Region: 50 per per second for CreateSecret
second API requests.
Rate of DeleteSecret API requests Each supported No The maximum transactions

Region: 50 per per second for DeleteSecret
second API requests.
Rate of GetRandomPassword API requests Each supported No The maximum transactions

Region: 50 per per second for
second GetRandomPassword API
requests.
Resource-based policy length Each supported No The maximum number of

Region: 20,480 characters in a resource-
based permissions policy
attached to a secret.
Version 1.0
826
Security Hub

Description
Secret value size Each supported No The maximum size of an

Region: 65,536 encrypted secret value. If
Bytes the secret value is a string,
then this is the number of
characters permitted in the
secret value.
Secrets Each supported No The maximum number of

Region: 500,000 secrets in each AWS Region
of this AWS account.
Staging labels attached across all versions Each supported No The maximum number of
of a secret Region: 20 staging labels attached
across all versions of a
secret.
Versions per secret Each supported No The maximum number of

Region: 100 versions of a secret.
AWS Security Hub endpoints and quotas

Service endpoints
Name
US East us-east-2 securityhub.us-east-2.amazonaws.com HTTPS

(Ohio)
securityhub-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 securityhub.us-east-1.amazonaws.com HTTPS

Virginia)
securityhub-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 securityhub.us-west-1.amazonaws.com HTTPS

West (N.
California) securityhub-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 securityhub.us-west-2.amazonaws.com HTTPS

(Oregon)
securityhub-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 securityhub.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 securityhub.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
827
Service endpoints

Name
(Hong
Kong)
Asia ap- securityhub.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- securityhub.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- securityhub.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- securityhub.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- securityhub.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 securityhub.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- securityhub.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 securityhub.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- securityhub.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
828
Service quotas

Name
South sa-east-1 securityhub.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- securityhub.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) securityhub-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- securityhub.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) securityhub-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Number of Security Hub member accounts Each supported No The maximum number
Region: 5,000 of Security Hub member
accounts that can be added
per AWS account (Security
Hub administrator account)
per Region.
Number of Security Hub outstanding Each supported No The maximum number of

invitations Region: 1,000 outstanding Security Hub
member account invitations
that can be sent per AWS
account (Security Hub
administrator account) per
Region.
Number of custom actions Each supported No The maximum number of

Region: 50 custom actions that can
be created per account per
Region.
Number of custom insights Each supported No The maximum number

Region: 100 of user-defined custom
insights that can be created
per AWS account per
Region.
Number of insight results Each supported No The maximum number of

Region: 100 aggregated results returned
for the GetInsightsResults
API operation.
Security Hub finding retention time Each supported No The maximum number
Region: 90 of days a Security Hub
finding is saved. This is 90
days after the most recent
update or 90 days after the
Version 1.0
829
AWS STS

Description
creation date if no update
occurs.
For more information about Security Hub quotas, see Quotas in the AWS Security Hub User Guide.
AWS Security Token Service endpoints and quotas

Service endpoints
By default, the AWS Security Token Service (AWS STS) is available as a global service, and all STS
requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional
STS endpoints to reduce latency, build in redundancy, and increase session token validity. Most Regional
endpoints are active by default, but you must manually enable endpoints for some Regions, such as Asia
Pacific (Hong Kong). You can deactivate STS endpoints for any Regions that are enabled by default if you
do not intend to use those Regions.
For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

Name
US East us-east-2 sts.us-east-2.amazonaws.com HTTPS

(Ohio)
sts-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 sts.us-east-1.amazonaws.com HTTPS

Virginia)
sts-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 sts.us-west-1.amazonaws.com HTTPS

West (N.
California) sts-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 sts.us-west-2.amazonaws.com HTTPS

(Oregon)
sts-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 sts.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 sts.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
830
Service endpoints

Name
Asia ap- sts.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- sts.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- sts.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- sts.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- sts.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sts.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- sts.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 sts.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- sts.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- sts.me-central-1.amazonaws.com HTTPS

Version 1.0
831
AWS SMS

Name
South sa-east-1 sts.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- sts.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- sts.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
AWS Server Migration Service endpoints and

quotas
Service endpoints
Name
US East us-east-2 sms.us-east-2.amazonaws.com HTTPS

(Ohio)
sms-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 sms.us-east-1.amazonaws.com HTTPS

Virginia)
sms-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 sms.us-west-1.amazonaws.com HTTPS

West (N.
California) sms-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 sms.us-west-2.amazonaws.com HTTPS

(Oregon)
sms-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 sms.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 sms.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Version 1.0
832
Service endpoints

Name
Asia ap- sms.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- sms.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- sms.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- sms.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- sms.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- sms.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- sms.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sms.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- sms.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 sms.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- sms.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 sms.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- sms.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) sms-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- sms.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) sms-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
833
Service quotas
Service quotas
Description
Concurrent VM migrations Each supported Yes The maximum number of

Region: 50 concurrent VM migrations
(replication jobs) for this
region.
Duration of service usage per VM in days Each supported Yes The maximum number of
Region: 90 days of service usage per
VM for this account in the
current region.
Service Quotas endpoints and quotas

Service endpoints
Name
US East us-east-2 servicequotas.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 servicequotas.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 servicequotas.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 servicequotas.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 servicequotas.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 servicequotas.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- servicequotas.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Version 1.0
834
Service endpoints

Name
Asia ap- servicequotas.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- servicequotas.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- servicequotas.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- servicequotas.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 servicequotas.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- servicequotas.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 servicequotas.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- servicequotas.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 servicequotas.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- servicequotas.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) servicequotas.us-gov-east-1.amazonaws.com HTTPS
Version 1.0
835
Service quotas

Name
AWS us-gov- servicequotas.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) servicequotas.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
Active requests per account Each supported No The maximum number

Region: 20 of active service quota
increase requests allowed
per account
Active requests per account per Region Each supported No The maximum number
increase requests allowed
per account, in the current
Region
Active requests per quota Each supported No The maximum number

increase requests per
quota, in the current
Region
Max requests per template Each supported No The maximum number

Region: 10 of service quota increase
template
Throttle Rate for Each supported No The maximum number of

AssociateServiceQuotaTemplate Region: 1 per AssociateServiceQuotaTemplate
second per account, in the
current Region
Throttle rate for Each supported No The maximum number of

DeleteServiceQuotaIncreaseRequestFromTemplate
Region: 2 per DeleteServiceQuotaIncreaseRequestFromT
current Region

DisassociateServiceQuotaTemplate Region: 1 per DisassociateServiceQuotaTemplate
current Region

GetAWSDefaultServiceQuota Region: 5 per GetAWSDefaultServiceQuota
current Region
Version 1.0
836
Service quotas

Description

GetAssociationForServiceQuotaTemplate Region: 2 per GetAssociationForServiceQuotaTemplate
current Region

GetRequestedServiceQuotaChange Region: 5 per GetRequestedServiceQuotaChange
current Region
Throttle rate for GetServiceQuota Each supported No The maximum number of

Region: 5 per GetServiceQuota requests
second allowed per second per
account, in the current
Region

GetServiceQuotaIncreaseRequestFromTemplate
Region: 2 per GetServiceQuotaIncreaseRequestFromTem
current Region

ListAWSDefaultServiceQuotas Region: 10 per ListAWSDefaultServiceQuotas
current Region

ListRequestedServiceQuotaChangeHistory Region: 5 per ListRequestedServiceQuotaChangeHistory
current Region

ListRequestedServiceQuotaChangeHistoryByQuota
Region: 5 per ListRequestedServiceQuotaChangeHistory
current Region

ListServiceQuotaIncreaseRequestsInTemplateRegion: 2 per ListServiceQuotaIncreaseRequestsInTempl
current Region
Throttle rate for ListServiceQuotas Each supported No The maximum number of

Region: 10 per ListServiceQuotas requests
Region
Version 1.0
837
AWS Serverless Application Repository

Description
Throttle rate for ListServices Each supported No The maximum number

Region: 10 per of ListServices requests
Region
Throttle rate for ListTagsForResource Each supported No The maximum number

current Region

PutServiceQuotaIncreaseRequestIntoTemplate
Region: 1 per PutServiceQuotaIncreaseRequestIntoTemp
current Region

RequestServiceQuotaIncrease Region: 3 per RequestServiceQuotaIncrease
current Region
Throttle rate for TagResource Each supported No The maximum number

Region: 10 per of TagResource requests
Region
Throttle rate for UntagResource Each supported No The maximum number of

Region
AWS Serverless Application Repository endpoints

and quotas
Version 1.0
838
Service endpoints
Service endpoints

Name
US East us-east-2 serverlessrepo.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 serverlessrepo.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 serverlessrepo.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 serverlessrepo.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 serverlessrepo.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- serverlessrepo.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- serverlessrepo.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- serverlessrepo.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- serverlessrepo.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- serverlessrepo.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- serverlessrepo.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- serverlessrepo.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 serverlessrepo.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Version 1.0
839
Service quotas

Name
Europe eu-north-1 serverlessrepo.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- serverlessrepo.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 serverlessrepo.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- serverlessrepo.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) serverlessrepo.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- serverlessrepo.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) serverlessrepo.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Application policy length Each supported No The maximum application

Region: 6,144 policy length (in
characters).
Free Amazon S3 storage for code packages Each supported No The maximum amount
Region: 5 Gigabytes (in GB) of free Amazon S3
storage for code packages
per AWS account per AWS
region.
Public applications Each supported Yes The maximum number of

Region: 100 public applications per AWS
account per AWS region.
For more information, see AWS Serverless Application Repository Quotas in the AWS Serverless
Application Repository Developer Guide.
AWS Service Catalog endpoints and quotas

offer FIPS endpoints in selected Regions. For more information, see Amazon service endpoints. Service
quotas, also referred to as limits, are the maximum number of service resources or operations for your
AWS account. For more information, see Amazon service quotas.
Version 1.0
840
Service endpoints
Service endpoints

Name
US East us-east-2 servicecatalog.us-east-2.amazonaws.com HTTPS

(Ohio)
servicecatalog-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 servicecatalog.us-east-1.amazonaws.com HTTPS

Virginia)
servicecatalog-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 servicecatalog.us-west-1.amazonaws.com HTTPS

West (N.
California) servicecatalog-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 servicecatalog.us-west-2.amazonaws.com HTTPS

(Oregon)
servicecatalog-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 servicecatalog.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 servicecatalog.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- servicecatalog.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- servicecatalog.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- servicecatalog.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
841
Service quotas

Name
Canada ca- servicecatalog.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- servicecatalog.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 servicecatalog.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- servicecatalog.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 servicecatalog.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- servicecatalog.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 servicecatalog.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- servicecatalog.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) servicecatalog-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- servicecatalog.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) servicecatalog-fips.us-gov- HTTPS
Service quotas

Description
Applications per attribute group Each supported Yes The maximum number of
Region: 1,000 applications per attribute
group
Applications per region Each supported Yes The maximum number of

Region: 2,000 applications you can create
per region
Attribute groups per application Each supported Yes The maximum number
Region: 1,000 of attribute groups per
application
Version 1.0
842
Service quotas

Description
Attribute groups per region Each supported Yes The maximum number of
Region: 2,000 attribute groups you can
create per region
Delegated administrators per organization Each supported No The maximum number of

Region: 50 delegated administrators
you can register per
organization
Portfolios per region Each supported Yes The maximum number of

Region: 100 portfolios you can create
per region
Product versions per product Each supported Yes The maximum number of
Region: 100 product versions you can
create per product
Products per portfolio Each supported Yes The maximum number of

Region: 150 products you can create per
portfolio
Products per region Each supported Yes The maximum number of

Region: 350 products you can create per
region
Resources per application Each supported Yes The maximum number of

Region: 1,000 resources per applications
Service action associations per Each supported No The maximum number of

provisioning artifact Region: 25 service action associations
you can create per
provisioning artifact
Service actions per region Each supported No The maximum number of

Region: 200 service actions you can
create per region
Shared accounts per portfolio Each supported No The maximum number

Region: 5,000 of shared accounts per
portfolio
TagOptions per resource Each supported No The maximum number

Region: 25 of TagOptions you can
associate with a resource
Tags per portfolio Each supported No The maximum number of

Region: 20 tags you can create per
portfolio
Tags per product Each supported No The maximum number of

product
Tags per provisioned product Each supported No The maximum number of

provisioned product
Version 1.0
843
Shield Advanced

Description
Users, groups, and roles per portfolio Each supported Yes The maximum number of
Region: 100 users, groups, and roles you
can create per portfolio
Users, groups, and roles per product Each supported Yes The maximum number of
Region: 200 users, groups, and roles you
can create per portfolio
Values per TagOption Each supported No The maximum number of

Region: 25 different values for each
TagOption
For more information, see AWS Service Catalog default service quotas in the AWS Service Catalog
Administrator Guide.
AWS Shield Advanced endpoints and quotas

Service endpoints

Name
US East us-east-2 shield.us-east-1.amazonaws.com HTTPS

(Ohio)
shield.us-east-1.amazonaws.com HTTPS
shield-fips.us-east-1.amazonaws.com HTTPS
US East (N. us-east-1 shield.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 shield.us-east-1.amazonaws.com HTTPS

West (N.
California) shield.us-east-1.amazonaws.com HTTPS
US West us-west-2 shield.us-east-1.amazonaws.com HTTPS

(Oregon)
Version 1.0
844
Service endpoints

Name
Africa af-south-1 shield.us-east-1.amazonaws.com HTTPS

(Cape
Town) shield.us-east-1.amazonaws.com HTTPS
Asia ap-east-1 shield.us-east-1.amazonaws.com HTTPS

Pacific
(Hong shield.us-east-1.amazonaws.com HTTPS
Kong)
Asia ap- shield.us-east-1.amazonaws.com HTTPS

(Jakarta) shield.us-east-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) shield.us-east-1.amazonaws.com HTTPS

(Osaka) shield.us-east-1.amazonaws.com HTTPS

(Seoul) shield.us-east-1.amazonaws.com HTTPS

(Singapore) shield.us-east-1.amazonaws.com HTTPS

(Sydney) shield.us-east-1.amazonaws.com HTTPS

(Tokyo) shield.us-east-1.amazonaws.com HTTPS
Canada ca- shield.us-east-1.amazonaws.com HTTPS

(Central) central-1
Version 1.0
845
Service quotas

Name
Europe eu- shield.us-east-1.amazonaws.com HTTPS

Europe eu-west-1 shield.us-east-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- shield.us-east-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 shield.us-east-1.amazonaws.com HTTPS

(Stockholm)
Middle me- shield.us-east-1.amazonaws.com HTTPS

East south-1
(Bahrain) shield.us-east-1.amazonaws.com HTTPS
South sa-east-1 shield.us-east-1.amazonaws.com HTTPS

America
(São shield.us-east-1.amazonaws.com HTTPS
Paulo)
Service quotas

Description
AWS Global Accelerator accelerator Each supported Yes The maximum number of
protections Region: 1,000 AWS Global Accelerator
Version 1.0
846
Amazon SES

Description
accelerators you can
monitor and protect.
Amazon Route 53 hosted zone protections Each supported Yes The maximum number of
Region: 1,000 Amazon Route 53 hosted
zones you can monitor and
protect.
CloudFront distribution protections Each supported Yes The maximum number

Region: 1,000 of Amazon CloudFront
distributions you can
Elastic IP address protections Each supported Yes The maximum number of

Region: 1,000 Elastic IP addresses you can
Elastic Load Balancing load balancer Each supported Yes The maximum number of
protections Region: 1,000 Elastic Load Balancing load
balancers you can monitor
and protect.
Amazon Simple Email Service endpoints and

quotas
Service endpoints
API Endpoints

Name
US East us-east-2 email.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 email.us-east-1.amazonaws.com HTTPS

Virginia)
email-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 email.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 email.us-west-2.amazonaws.com HTTPS

(Oregon)
email-fips.us-west-2.amazonaws.com HTTPS
Version 1.0
847
Service endpoints

Name
Africa af-south-1 email.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- email.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- email.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- email.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- email.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- email.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- email.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 email.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- email.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 email.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- email.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 email.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
848
Service endpoints

Name
AWS us-gov- email.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) email-fips.us-gov-west-1.amazonaws.com HTTPS
SMTP Endpoints
Note
SMTP endpoints are not currently available in Africa (Cape Town), Europe (Milan), Middle East
(Bahrain).
US East (Ohio) us-east-2 email-smtp.us- SMTP

US East (N. us-east-1 email-smtp.us- SMTP

email-smtp-
fips.us-
US West (N. us-west-1 email-smtp.us- SMTP

US West (Oregon) us-west-2 email-smtp.us- SMTP

email-smtp-
fips.us-
Asia Pacific ap-south-1 email-smtp.ap- SMTP

Asia Pacific ap-northeast-3 email-smtp.ap- SMTP

(Osaka) northeast-3.amazonaws.com
Asia Pacific (Seoul) ap-northeast-2 email-smtp.ap- SMTP

Asia Pacific ap-southeast-1 email-smtp.ap- SMTP

Asia Pacific ap-southeast-2 email-smtp.ap- SMTP

Asia Pacific ap-northeast-1 email-smtp.ap- SMTP

Canada (Central) ca-central-1 email-smtp.ca- SMTP

Europe (Frankfurt) eu-central-1 email-smtp.eu- SMTP

Version 1.0
849
Service endpoints
Europe (Ireland) eu-west-1 email-smtp.eu- SMTP

Europe (London) eu-west-2 email-smtp.eu- SMTP

Europe (Paris) eu-west-3 email-smtp.eu- SMTP

Europe eu-north-1 email-smtp.eu- SMTP

South America sa-east-1 email-smtp.sa- SMTP

(São Paulo) east-1.amazonaws.com
AWS GovCloud us-gov-west-1 email- SMTP

(US) smtp.us-gov-
email-smtp-
fips.us-gov-
DKIM Domains
Region Name Region AWS DKIM

domain
Africa (Cape Town) af-south-1 dkim.af-

south-1.amazonses.com
Asia Pacific ap-northeast-3 dkim.ap-

(Osaka) northeast-3.amazonses.com
Europe (Milan) eu-south-1 dkim.eu-

south-1.amazonses.com
All other regions dkim.amazonses.com
Email Receiving Endpoints
Amazon SES doesn't support email receiving in the following Regions: US East (Ohio), US West (N.
California) Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (London), Europe
(Paris), Europe (Stockholm), Middle East (Bahrain), South America (São Paulo), and AWS GovCloud (US).
Region Name Region Receiving

Endpoint
US East (N. us-east-1 inbound-smtp.us-

US West (Oregon) us-west-2 inbound-smtp.us-

Version 1.0
850
Service quotas
Region Name Region Receiving

Endpoint
Europe (Ireland) eu-west-1 inbound-smtp.eu-

Service quotas
Description
Sending quota Each supported Yes The maximum number of

Region: 200 emails that you can send
in a 24-hour period for
Region.
Sending rate Each supported Yes The maximum number of

Region: 1 emails that Amazon SES
can accept each second for
Region.
For more information, see Service quotas in Amazon SES in the Amazon Simple Email Service Developer
Guide.
AWS Signer endpoints and quotas

Service endpoints with Lambda

Name
US East us-east-2 signer.us-east-2.amazonaws.com HTTPS

(Ohio)
signer-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 signer.us-east-1.amazonaws.com HTTPS

Virginia)
signer-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 signer.us-west-1.amazonaws.com HTTPS

West (N.
California) signer-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 signer.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
851
Service endpoints with Lambda

Name
signer-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 signer.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 signer.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- signer.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- signer.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- signer.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- signer.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- signer.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- signer.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- signer.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 signer.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- signer.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 signer.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- signer.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
852
Service endpoints with IoT

Name
South sa-east-1 signer.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service endpoints with IoT
US East (Ohio) us-east-2 signer.us- HTTPS

US East (N. Virginia) us-east-1 signer.us- HTTPS

US West (N. California) us-west-1 signer.us- HTTPS

US West (Oregon) us-west-2 signer.us- HTTPS

Africa (Cape Town) af-south-1 signer.af- HTTPS

Asia Pacific (Hong ap-east-1 signer.ap- HTTPS

Kong) east-1.amazonaws.com
Asia Pacific (Mumbai) ap-south-1 signer.ap- HTTPS

Asia Pacific (Seoul) ap-northeast-2 signer.ap- HTTPS

Asia Pacific (Singapore) ap-southeast-1 signer.ap- HTTPS

Asia Pacific (Sydney) ap-southeast-2 signer.ap- HTTPS

Asia Pacific (Tokyo) ap-northeast-1 signer.ap- HTTPS

Canada (Central) ca-central-1 signer.ca- HTTPS

China (Beijing) cn-north-1 acm.cn- HTTPS

China (Ningxia) cn-northwest-1 acm.cn- HTTPS

northwest-1.amazonaws.com.cn
Europe (Frankfurt) eu-central-1 signer.eu- HTTPS

Version 1.0
853
Service quotas
Europe (Ireland) eu-west-1 signer.eu- HTTPS

Europe (London) eu-west-2 signer.eu- HTTPS

Europe (Milan) eu-south-1 signer.eu- HTTPS

Europe (Paris) eu-west-3 signer.eu- HTTPS

Europe (Stockholm) eu-north-1 signer.eu- HTTPS

Middle East (Bahrain) me-south-1 signer.me- HTTPS

South America (São sa-east-1 signer.sa- HTTPS

Service quotas
Description
API calls per second Each supported No The maximum number of

Region: 25 API calls across all APIs for
region.
Rate of AddProfilePermission requests Each supported Yes The maximum number

Region: 3 of AddProfilePermission
region.
Rate of CancelSigningProfile requests Each supported Yes The maximum number

Region: 3 of CancelSigningProfile
region.
Rate of DescribeSigningJob requests Each supported Yes The maximum number

Region: 6 of DescribeSigningJob
region.
Rate of GetSigningPlatform requests Each supported Yes The maximum number

Region: 3 of GetSigningPlatform
Version 1.0
854
Service quotas

Description
region.
Rate of GetSigningProfile requests Each supported Yes The maximum number of

Region: 3 GetSigningProfile requests
that you can make, per
the current region.
Rate of ListProfilePermissions requests Each supported Yes The maximum number

Region: 6 of ListProfilePermissions
region.
Rate of ListSigningJobs requests Each supported Yes The maximum number of

Region: 6 ListSigningJobs requests
the current region.
Rate of ListSigningPlatforms requests Each supported Yes The maximum number

Region: 6 of ListSigningPlatforms
region.
Rate of ListSigningProfiles requests Each supported Yes The maximum number of

Region: 6 ListSigningProfiles requests
the current region.
Rate of ListTagsForResource requests Each supported Yes The maximum number

Region: 6 of ListTagsForResource
region.
Rate of PutSigningProfile requests Each supported Yes The maximum number of

Region: 3 PutSigningProfile requests
the current region.
Rate of RemoveProfilePermission requests Each supported Yes The maximum number of

Region: 3 RemoveProfilePermission
region.
Version 1.0
855
AWS Sign-In

Description
Rate of RevokeSignature requests Each supported Yes The maximum number of

Region: 3 RevokeSignature requests
the current region.
Rate of RevokeSigningProfile requests Each supported Yes The maximum number

Region: 3 of RevokeSigningProfile
region.
Rate of StartSigningJob requests Each supported Yes The maximum number of

Region: 3 StartSigningJob requests
the current region.
Rate of TagResource requests Each supported Yes The maximum number

Region: 3 of TagResource requests
the current region.
Rate of UntagResource requests Each supported Yes The maximum number of

the current region.
AWS Sign-In endpoints and quotas

Service endpoints
Name
US East us-east-2 us-east-2.signin.aws.amazon.com HTTPS

(Ohio)
US East (N. us-east-1 signin.aws.amazon.com HTTPS

Virginia)
US us-west-1 us-west-1.signin.aws.amazon.com HTTPS

West (N.
California)
Version 1.0
856
Service endpoints

Name
US West us-west-2 us-west-2.signin.aws.amazon.com HTTPS

(Oregon)
Africa af-south-1 af-south-1.signin.aws.amazon.com HTTPS

(Cape
Town)
Asia ap-east-1 ap-east-1.signin.aws.amazon.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ap-southeast-3.signin.aws.amazon.com HTTPS

(Jakarta)
Asia ap- ap-south-1.signin.aws.amazon.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ap-northeast-3.signin.aws.amazon.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ca-central-1.signin.aws.amazon.com HTTPS

(Central) central-1
Europe eu- eu-central-1.signin.aws.amazon.com HTTPS

Europe eu-west-1 eu-west-1.signin.aws.amazon.com HTTPS

(Ireland)

(London)
Europe eu- eu-south-1.signin.aws.amazon.com HTTPS

(Milan) south-1

(Paris)
Version 1.0
857
Service quotas

Name
Europe eu-north-1 eu-north-1.signin.aws.amazon.com HTTPS

(Stockholm)
Middle me- me-south-1.signin.aws.amazon.com HTTPS

East south-1
(Bahrain)
Middle me- me-central-1.signin.aws.amazon.com HTTPS

South sa-east-1 sa-east-1.signin.aws.amazon.com HTTPS

America
(São
Paulo)
AWS us-gov- us-gov-east-1.signin.amazonaws-us-gov.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- signin.amazonaws-us-gov.com HTTPS

GovCloud west-1
(US-West)
Service quotas
AWS Sign-In has no increasable quotas.
Amazon Simple Notification Service endpoints and

quotas
Service endpoints
Name
US East us-east-2 sns.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
US East (N. us-east-1 sns.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 sns.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
Version 1.0
858
Service endpoints

Name
US West us-west-2 sns.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Africa af-south-1 sns.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 sns.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Asia ap- sns.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- sns.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- sns.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- sns.ca-central-1.amazonaws.com HTTP and

Europe eu- sns.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 sns.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- sns.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Version 1.0
859
Service endpoints

Name
Europe eu-north-1 sns.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- sns.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- sns.me-central-1.amazonaws.com HTTP and

South sa-east-1 sns.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- sns.us-gov-east-1.amazonaws.com HTTP and

(US-East)
AWS us-gov- sns.us-gov-west-1.amazonaws.com HTTP and

(US-West)
FIFO topics
FIFO topics are supported on the following regions:
Region name Region
US West (N. California) us-west-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka) ap-northeast-3
Version 1.0
860
Service quotas
Region name Region
Asia Pacific (Seoul) ap-northeast-2
South America (São Paulo) sa-east-1
Middle East (Bahrain) me-south-1
Canada (Central) ca-central-1
China (Beijing) cn-north-1
China (Ningxia) cn-northwest-1
Service quotas
The following quotas determine how many Amazon SNS resources you can create in your AWS account,
and they determine the rate at which you can issue Amazon SNS API requests.
Amazon SNS resource

To request an increase, submit an SNS Quota Increase case.
Resource Default
Topics • Standard: 100,000 per

account
• FIFO: 1,000 per account
Subscriptions • Standard: 12,500,000 per

topic
For Kinesis Data Firehose

delivery streams, 5 per topic,
per subscription owner
• FIFO: 100 per topic
Pending subscriptions 5,000 per account
Account spend threshold for SMS 1.00 USD per account
Delivery rate for promotional SMS messages 20 messages per second
Delivery rate for transactional SMS messages 20 messages per second
Delivery rate for email messages 10 messages per second
Maximum number of messages in PublishBatchRequest 10 PublishBatchRequestEntries
Subscription filter policies 200 per account
Amazon SNS API throttling

The following quotas throttle the rate at which you can issue Amazon SNS API requests.
Version 1.0
861
Service quotas
Hard
The following quotas cannot be increased.
API Transactions per second
AddPermission 10
CheckIfPhoneNumberIsOptedOut 50
CreateSMSSandboxPhoneNumber 1
DeleteSMSSandboxPhoneNumber 1
GetSMSAttributes 20
GetSMSSandboxAccountStatus 10
ListEndpointsByPlatformApplication 30
ListOriginationNumbers 1
ListPhoneNumbersOptedOut 10
ListPlatformApplications 15
ListSMSSandboxPhoneNumbers 1
ListSubscriptions 30
ListSubscriptionsByTopic 30
ListTagsForResource 10
ListTopics 30
OptInPhoneNumber 20
RemovePermission 10
SetSMSAttributes 1
Subscribe 100
TagResource 10
Unsubscribe 100
UntagResource 10
VerifySMSSandboxPhoneNumber 1
Soft
The following quotas vary by AWS Region. The messages per second quota is based on the number of
messages published to an Amazon SNS region, combining Publish and PublishBatch API requests.
For example, if your regional quota is 30,000 messages per second, there are a few ways this quota can
be reached:
Version 1.0
862
Service quotas
• Using the Publish action at a rate of 30,000 API requests per second to publish 30,000 messages
(one message per API request).
• Using the PublishBatch action at a rate of 3,000 API requests per second to publish 30,000
messages (10 messages per batch API request).
• Using the Publish action at a rate of 10,000 API requests per second to publish 10,000 messages
(one message per API request) and the PublishBatch action at a rate of 2,000 API requests per
second to publish 20,000 messages (10 messages per batch API request) for a total of 30,000
messages published per second.
Publish API throttling
API AWS Regions Standard topics FIFO topics
Publish and US East (N. Virginia) 30,000 messages per 300 messages per
PublishBatch Region second second or 10 MB per
second, per topic,
US West (Oregon) 9,000 messages per whichever comes first.
Region second This is a hard limit and
can not be increased.
Europe (Ireland) Region
For cross region
US East (Ohio) Region 1,500 messages per
delivery cases, FIFO
second
US West (N. California) topics support 100
Region messages per second
or 3 MB per second,
Asia Pacific (Mumbai) whichever comes first.
Region
Asia Pacific (Seoul)

Region
Asia Pacific (Singapore)

Region
Asia Pacific (Sydney)

Region
Asia Pacific (Tokyo)

Region
Europe (Frankfurt)
Region
Africa (Cape Town) 300 messages per

Region second
Asia Pacific (Hong

Kong) Region
Asia Pacific (Osaka)

Region
Canada (Central) Region
China (Beijing) Region
China (Ningxia) Region
Version 1.0
863
Service quotas
API AWS Regions Standard topics FIFO topics

Europe (London) Region
Europe (Milan) Region
Europe (Paris) Region
Europe (Stockholm)
Region
Middle East (Bahrain)

Region
South America (São

Paulo) Region
Other API throttling
APIs AWS Regions Transactions per second
ConfirmSubscription US East (N. Virginia) Region 3,000
CreatePlatformApplication US West (Oregon) Region 900
CreatePlatformEndpoint Europe (Ireland) Region
CreateTopic US East (Ohio) Region 150
DeleteEndpoint US West (N. California) Region
DeletePlatformApplication Asia Pacific (Mumbai) Region
DeleteTopic Asia Pacific (Seoul) Region
GetEndpointAttributes Asia Pacific (Singapore) Region
GetDataProtectionPolicy Asia Pacific (Sydney) Region
GetPlatformApplicationAttributes Asia Pacific (Tokyo) Region
GetSubscriptionAttributes Europe (Frankfurt) Region
GetTopicAttributes Africa (Cape Town) Region 30
SetEndpointAttributes Asia Pacific (Hong Kong) Region
SetPlatformApplicationAttributes Asia Pacific (Osaka) Region
SetSubscriptionAttributes Canada (Central) Region
SetTopicAttributes China (Beijing) Region
China (Ningxia) Region
Europe (London) Region
Europe (Milan) Region
Europe (Paris) Region
Version 1.0
864
Amazon SQS
APIs AWS Regions Transactions per second

Europe (Stockholm) Region
Middle East (Bahrain) Region
South America (São Paulo)

Region
PutDataProtectionPolicy All Commercial Regions 1
Amazon Simple Queue Service endpoints and

quotas
Service endpoints
Amazon SQS

Name
US East us-east-2 sqs.us-east-2.amazonaws.com HTTP and

(Ohio) HTTPS
sqs-fips.us-east-2.amazonaws.com
HTTPS
US East (N. us-east-1 sqs.us-east-1.amazonaws.com HTTP and

Virginia) HTTPS
sqs-fips.us-east-1.amazonaws.com
HTTPS
US us-west-1 sqs.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California) sqs-fips.us-west-1.amazonaws.com
HTTPS
US West us-west-2 sqs.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
sqs-fips.us-west-2.amazonaws.com
HTTPS
Africa af-south-1 sqs.af-south-1.amazonaws.com HTTP and

(Cape HTTPS
Town)
Asia ap-east-1 sqs.ap-east-1.amazonaws.com HTTP and

Pacific HTTPS
(Hong
Kong)
Version 1.0
865
Service endpoints

Name
Asia ap- sqs.ap-southeast-3.amazonaws.com HTTP and

(Jakarta)
Asia ap- sqs.ap-south-1.amazonaws.com HTTP and

(Mumbai)
Asia ap- sqs.ap-northeast-3.amazonaws.com HTTP and

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- sqs.ca-central-1.amazonaws.com HTTP and

Europe eu- sqs.eu-central-1.amazonaws.com HTTP and

Europe eu-west-1 sqs.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS

(London) HTTPS
Europe eu- sqs.eu-south-1.amazonaws.com HTTP and


(Paris) HTTPS
Europe eu-north-1 sqs.eu-north-1.amazonaws.com HTTP and

(Stockholm) HTTPS
Middle me- sqs.me-south-1.amazonaws.com HTTP and

East south-1 HTTPS
(Bahrain)
Middle me- sqs.me-central-1.amazonaws.com HTTP and

Version 1.0
866
Service endpoints

Name
South sa-east-1 sqs.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
AWS us-gov- sqs.us-gov-east-1.amazonaws.com HTTP and

(US-East) sqs.us-gov-east-1.amazonaws.com
HTTPS
AWS us-gov- sqs.us-gov-west-1.amazonaws.com HTTP and

(US-West) sqs.us-gov-west-1.amazonaws.com
HTTPS
Legacy endpoints
If you use the AWS CLI or SDK for Python, you can use the following legacy endpoints.
US East (Ohio) us-east-2 us- HTTP and HTTPS

east-2.queue.amazonaws.com
US East (N. Virginia) us-east-1 queue.amazonaws.com HTTP and HTTPS
US West (N. California) us-west-1 us- HTTP and HTTPS

west-1.queue.amazonaws.com
US West (Oregon) us-west-2 us- HTTP and HTTPS

Africa (Cape Town) af-south-1 af- HTTP

south-1.queue.amazonaws.com
Asia Pacific (Mumbai) ap-south-1 ap- HTTP and HTTPS

south-1.queue.amazonaws.com
Asia Pacific (Osaka) ap-northeast-3 ap- HTTP and HTTPS

northeast-3.queue.amazonaws.com
Asia Pacific (Seoul) ap-northeast-2 ap- HTTP and HTTPS

Asia Pacific (Singapore) ap-southeast-1 ap- HTTP and HTTPS

southeast-1.queue.amazonaws.com
Asia Pacific (Sydney) ap-southeast-2 ap- HTTP and HTTPS

southeast-2.queue.amazonaws.com
Asia Pacific (Tokyo) ap-northeast-1 ap- HTTP and HTTPS

Canada (Central) ca-central-1 ca- HTTP and HTTPS

central-1.queue.amazonaws.com
Version 1.0
867
Service quotas
China (Beijing) cn-north-1 cn- HTTP and HTTPS

north-1.queue.amazonaws.com
China (Ningxia) cn-northwest-1 cn- HTTP and HTTPS

northwest-1.queue.amazonaws.com
Europe (Frankfurt) eu-central-1 eu- HTTP and HTTPS

central-1.queue.amazonaws.com
Europe (Ireland) eu-west-1 eu- HTTP and HTTPS

Europe (London) eu-west-2 eu- HTTP and HTTPS

Europe (Paris) eu-west-3 eu- HTTP and HTTPS

Europe (Stockholm) eu-north-1 eu- HTTP and HTTPS

north-1.queue.amazonaws.com
South America (São sa-east-1 sa- HTTP and HTTPS

Paulo) east-1.queue.amazonaws.com
Service quotas

Description
Actions per Queue Policy Each supported No The number of actions in a

Region: 7 queue policy.
Attributes per Message Each supported No The number of attributes

Region: 10 added to a message.
Batched Message ID Length Each supported No The length of a batched

Region: 80 message ID.
Batched Message Throughput for FIFO Each supported Yes The number of batched
Queues Region: 3,000 transactions per second
(TPS) for FIFO queues.
Conditions per Queue Policy Each supported No The number of conditions

Region: 10 in a queue policy.
In-Flight Messages per FIFO Queue Each supported No The number of in-flight
Region: 20,000 messages in a FIFO queue.
In-Flight Messages per Standard Queue Each supported No The number of in-flight
Region: 120,000 messages in a standard
queue.
Message Invisibility Period Each supported No The length of time, in

Region: 0 Seconds seconds, for which a
message consumed from a
Version 1.0
868
Service quotas

Description
queue remains invisible to
other consumers.
Message Retention Time Each supported No The length of time, in

Region: 345,600 seconds, for which Amazon
Seconds SQS retains a message if it
isnt deleted. The maximum
is 14 days (1,209,600
seconds).
Message Size Each supported No The size of a message, in

Region: 256 kilobytes.
Kilobytes
Message Size in S3 Bucket Each supported No The size of a message, in

Region: 2 Gigabytes gigabytes, in an Amazon S3
bucket.
Messages per Batch Each supported No The number of messages in

Region: 10 a message batch.
Principals per Queue Policy Each supported No The number of principals in

Region: 50 a queue policy.
Queue Delivery Delay Each supported No The length of time, in

Region: 15 minutes, by which to
delay the initial delivery of
messages to a queue.
Queue Name Length Each supported No The queue name length.

Region: 80
Queue Policy Size Each supported No The size, in bytes, of a

Region: 8,192 Bytes queue policy.
Statements per Queue Policy Each supported No The number of statements

Region: 20 in a queue policy.
Tags per Queue Each supported No The number of tags added

Region: 50 to a queue.
UTF-8 Queue Tag Key Length Each supported No The length of a UTF-8
Region: 128 queue tag key.
UTF-8 Queue Tag Value Length Each supported No The length of a UTF-8
Region: 256 queue tag value.
Unbatched Message Throughput for FIFO Each supported No The number of unbatched
Queues Region: 300 transactions per second
(TPS) for FIFO queues.
For more information, see Amazon SQS quotas in the Amazon Simple Queue Service Developer Guide and
the "Limits and Restrictions" section of the Amazon SQS FAQs.
Version 1.0
869
Amazon S3
Amazon Simple Storage Service endpoints and

quotas
Service endpoints
Amazon S3 endpoints
When you use the REST API to send requests to the endpoints shown in the table below, you can use the
virtual-hosted style and path-style methods. For more information, see Virtual Hosting of Buckets.
Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support
US East us-east-2 Standard endpoints: us-east-2 HTTP and Versions 4

(Ohio) HTTPS only
• s3.us-east-2.amazonaws.com
• s3-fips.us-
• s3.dualstack.us-
east-2.amazonaws.com**
• s3-fips.dualstack.us-
• account-id.s3-control.us-
• account-id.s3-control-
fips.us-east-2.amazonaws.com
• account-id.s3-
control.dualstack.us-
fips.dualstack.us-
Amazon S3 Access Points

endpoints (HTTPS only):
• s3-accesspoint.us-
• s3-accesspoint-fips.us-
• s3-accesspoint.dualstack.us-
Version 1.0
870
Service endpoints

Support
• s3-accesspoint-
fips.dualstack.us-
US East (N. us-east-1 Standard endpoints: us-east-1 HTTP and Versions 2

Virginia) HTTPS and 4
• s3.us-east-1.amazonaws.com
• s3-fips.us-
• s3.amazonaws.com
fips.us-east-1.amazonaws.com
• account-id.s3-
fips.dualstack.us-

• s3-accesspoint-
fips.dualstack.us-
Version 1.0
871
Service endpoints

Support
US West (N. us-west-1 Standard endpoints: us-west-1 HTTP and Versions 2

California) HTTPS and 4
• s3.us-west-1.amazonaws.com
• s3-fips.us-
west-1.amazonaws.com**
• account-id.s3-
control-fips.us-
• account-id.s3-
fips.dualstack.us-

• s3-accesspoint-
fips.dualstack.us-
Version 1.0
872
Service endpoints

Support
US West us-west-2 Standard endpoints: us-west-2 HTTP and Versions 2

(Oregon) HTTPS and 4
• s3.us-west-2.amazonaws.com
• s3-fips.us-
• account-id.s3-
control-fips.us-
• account-id.s3-
fips.dualstack.us-

• s3-accesspoint-
fips.dualstack.us-
Version 1.0
873
Service endpoints

Support
Africa af-south-1 Standard endpoints: af-south-1 HTTP and Version 4

(Cape HTTPS only
Town) • s3.af-south-1.amazonaws.com
• s3.dualstack.af-
south-1.amazonaws.com**
• account-id.s3-control.af-
• account-id.s3-
control.dualstack.af-

• s3-accesspoint.af-
• s3-accesspoint.dualstack.af-
Asia Pacific ap-east-1 Standard endpoints: ap-east-1 HTTP and Version 4

(Hong HTTPS only
Kong)*** • s3.ap-east-1.amazonaws.com
• s3.dualstack.ap-
• account-id.s3-control.ap-
• account-id.s3-
control.dualstack.ap-

• s3-accesspoint.ap-
• s3-accesspoint.dualstack.ap-
Version 1.0
874
Service endpoints

Support
Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4

(Jakarta) southeast-3 southeast-3 HTTPS only
• s3.ap-
southeast-3.amazonaws.com**
• account-id.s3-

Asia Pacific ap-south-1 Standard endpoints: ap-south-1 HTTP and Version 4

(Mumbai) HTTPS only
• s3.ap-
• account-id.s3-

Version 1.0
875
Service endpoints

Support

(Osaka) northeast-3 northeast-3 HTTPS only
• s3.ap-
northeast-3.amazonaws.com**
• account-id.s3-


(Seoul) northeast-2 northeast-2 HTTPS only
• s3.ap-
• account-id.s3-

Version 1.0
876
Service endpoints

Support
Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2

(Singapore) southeast-1 southeast-1 HTTPS and 4
• s3.ap-
• account-id.s3-


(Sydney) southeast-2 southeast-2 HTTPS and 4
• s3.ap-
• account-id.s3-

Version 1.0
877
Service endpoints

Support

(Tokyo) northeast-1 northeast-1 HTTPS and 4
• s3.ap-
• account-id.s3-

Version 1.0
878
Service endpoints

Support
Canada ca- Standard endpoints: ca- HTTP and Version 4

(Central) central-1 central-1 HTTPS only
• s3.ca-
• s3-fips.ca-
• s3.dualstack.ca-
central-1.amazonaws.com**
• s3-fips.dualstack.ca-
• account-id.s3-control.ca-
• account-id.s3-
control-fips.ca-
• account-id.s3-
control.dualstack.ca-
fips.dualstack.ca-

• s3-accesspoint.ca-
• s3-accesspoint-fips.ca-
• s3-accesspoint.dualstack.ca-
• s3-accesspoint-
fips.dualstack.ca-
Version 1.0
879
Service endpoints

Support
China cn-north-1 Valid endpoint name for this cn-north-1 HTTP and Version 4
(Beijing) Region: HTTPS only
• s3.cn-
• s3.dualstack.cn-
• account-id.s3-control.cn-
• account-id.s3-
control.dualstack.cn-

• s3-accesspoint.cn-
• s3-accesspoint.dualstack.cn-
China cn- Valid endpoint name for this cn- HTTP and Version 4
(Ningxia) northwest-1 Region: northwest-1 HTTPS only
• s3.cn-
• s3.dualstack.cn-
• account-id.s3-control.cn-
• account-id.s3-
control.dualstack.cn-

• s3-accesspoint.cn-
northwest-1.amazonaws.com
• s3-accesspoint.dualstack.cn-
northwest-1.amazonaws.com
Version 1.0
880
Service endpoints

Support
Europe eu- Standard endpoints: eu- HTTP and Version 4

(Frankfurt) central-1 central-1 HTTPS only
• s3.eu-
• s3.dualstack.eu-
• account-id.s3-control.eu-
• account-id.s3-
control.dualstack.eu-

• s3-accesspoint.eu-
• s3-accesspoint.dualstack.eu-
Europe eu-west-1 Standard endpoints: EU or eu- HTTP and Versions 2

(Ireland) west-1 HTTPS and 4
• s3.eu-west-1.amazonaws.com
• account-id.s3-

Version 1.0
881
Service endpoints

Support
Europe eu-west-2 Standard endpoints: eu-west-2 HTTP and Version 4

(London) HTTPS only
• account-id.s3-

Europe eu-south-1 Standard endpoints: eu-south-1 HTTP and Version 4

(Milan) HTTPS only
• s3.eu-
• account-id.s3-

Version 1.0
882
Service endpoints

Support
Europe eu-west-3 Standard endpoints: eu-west-3 HTTP and Version 4

(Paris) HTTPS only
• account-id.s3-

Europe eu-north-1 Standard endpoints: eu-north-1 HTTP and Version 4

(Stockholm) HTTPS only
• s3.eu-
• account-id.s3-
north-1.amazonaws.com**

north-1.amazonaws.com**
Version 1.0
883
Service endpoints

Support
South sa-east-1 Standard endpoints: sa-east-1 HTTP and Versions 2

America HTTPS and 4
(São Paulo) • s3.sa-east-1.amazonaws.com
• s3.dualstack.sa-
• account-id.s3-control.sa-
• account-id.s3-
control.dualstack.sa-

• s3-accesspoint.sa-
• s3-accesspoint.dualstack.sa-
Middle East me-south-1 Standard endpoints: me-south-1 HTTP and Versions 4

(Bahrain) HTTPS only
• s3.me-
• s3.dualstack.me-
• account-id.s3-control.me-
• account-id.s3-
control.dualstack.me-

• s3-accesspoint.me-
• s3-accesspoint.dualstack.me-
Version 1.0
884
Service endpoints

Support
Middle East me- Standard endpoints: me- HTTP and Versions 4

(UAE) central-1 central-1 HTTPS only
• s3.me-
• s3.dualstack.me-
• account-id.s3-control.me-
• account-id.s3-
control.dualstack.me-

• s3-accesspoint.me-central-1-
amazonaws.com
• s3-accesspoint.dualstack.me-
Version 1.0
885
Service endpoints

Support
AWS us-gov- Standard endpoints: us-gov- HTTP and

GovCloud east-1 east-1 HTTPS
(US-East) • s3.us-gov-
• s3-fips.us-gov-
• s3.dualstack.us-gov-
• s3-fips.dualstack.us-gov-
gov-east-1.amazonaws.com
• account-id.s3-
control-fips.us-gov-
• account-id.s3-
control.dualstack.us-gov-
fips.dualstack.us-gov-

• s3-accesspoint.us-gov-
• s3-accesspoint-fips.us-gov-
gov-east-1.amazonaws.com**
• s3-accesspoint-
Version 1.0
886
Service endpoints

Support
AWS us-gov- Standard endpoints: us-gov- HTTP and

GovCloud west-1 west-1 HTTPS
(US-West) • s3.us-gov-
• s3-fips.us-gov-
• s3.dualstack.us-gov-
• s3-fips.dualstack.us-gov-
gov-west-1.amazonaws.com
• account-id.s3-
control-fips.us-gov-
• account-id.s3-
control.dualstack.us-gov-

• s3-accesspoint.us-gov-
• s3-accesspoint-fips.us-gov-
gov-west-1.amazonaws.com**
• s3-accesspoint-
**Amazon S3 dual-stack endpoints support requests to S3 buckets over IPv6 and IPv4. For more
information, see Using Dual-Stack Endpoints.
***You must enable this Region before you can use it.
When using the preceding endpoints the following additional considerations apply:
• The s3-control endpoints are used with Amazon S3 account-level operations

• The s3-accesspoint endpoints are used only to make requests through Amazon S3 Access Points. For
more information, see Working with Amazon S3 Access Points.
• Amazon S3 renamed the US Standard Region to the US East (N. Virginia) Region to be consistent with
AWS Regional naming conventions. There is no change to the endpoint, and you do not need to make
any changes to your application.
Version 1.0
887
Service endpoints
• If you use a Region other than the US East (N. Virginia) endpoint to create a bucket, you must set the
LocationConstraint bucket parameter to the same Region. Both the AWS SDK for Java and AWS SDK
for .NET use an enumeration for setting location constraints (Region for Java, S3Region for .NET). For
more information, see PUT Bucket in the Amazon Simple Storage Service API Reference.
Amazon S3 website endpoints

When you configure your bucket as a website, the website is available using the following Region-specific
website endpoints. Note that the website endpoints are different than the REST API endpoints listed in
the preceding table. For more information about hosting websites on Amazon S3, see Hosting Websites
on Amazon S3 in the Amazon Simple Storage Service User Guide. You need the hosted zone IDs when
using the Amazon Route 53 API to add an alias record to your hosted zone.
Note
Amazon S3 website endpoints do not support HTTPS or Amazon S3 Access Points. If you want
to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
For more information, see Configuring a static website using a custom domain registered with
Route 53 and Improving the performance of your website using CloudFront in the Amazon S3
User Guide.
Region Name Website Endpoint Route 53 Hosted

Zone ID
US East (Ohio) s3-website.us-east-2.amazonaws.com Z2O1EMRO9K5GLX
US East (N. s3-website-us-east-1.amazonaws.com Z3AQBSTGFYJSTF

Virginia)
US West (N. s3-website-us-west-1.amazonaws.com Z2F56UZL2M1ACD

California)
US West s3-website-us-west-2.amazonaws.com Z3BJ6K6RIION7M

(Oregon)
Africa (Cape s3-website.af-south-1.amazonaws.com Z83WF9RJE8B12

Town)
Asia Pacific s3-website.ap-east-1.amazonaws.com ZNB98KWMFR0R6

(Hong Kong)
Asia Pacific s3-website.ap-south-1.amazonaws.com Z11RGJOFQNVJUP

(Mumbai)
Asia Pacific s3-website.ap-northeast-3.amazonaws.com Z2YQB5RD63NC85

(Osaka)
Asia Pacific s3-website.ap-northeast-2.amazonaws.com Z3W03O7B5YMIYP

(Seoul)
Asia Pacific s3-website-ap-southeast-1.amazonaws.com Z3O0J2DXBE1FTB

(Singapore)
Asia Pacific s3-website-ap-southeast-2.amazonaws.com Z1WCIGYICN2BYD

(Sydney)
Asia Pacific s3-website-ap-northeast-1.amazonaws.com Z2M4EHUR26P7ZW

(Tokyo)
Canada (Central) s3-website.ca-central-1.amazonaws.com Z1QDHH18159H29
Version 1.0
888
Service quotas
Region Name Website Endpoint Route 53 Hosted

Zone ID
China (Ningxia) s3-website.cn-northwest-1.amazonaws.com.cn Z282HJ1KT0DH03
Europe s3-website.eu-central-1.amazonaws.com Z21DNDUVLTQW6Q

(Frankfurt)
Europe (Ireland) s3-website-eu-west-1.amazonaws.com Z1BKCTXD74EZPE
Europe (London) s3-website.eu-west-2.amazonaws.com Z3GKZC51ZF0DB4
Europe (Milan) s3-website.eu-south-1.amazonaws.com Z30OZKI7KPW7MI
Europe (Paris) s3-website.eu-west-3.amazonaws.com Z3R1K369G5AVDG
Europe s3-website.eu-north-1.amazonaws.com Z3BAZG2TWCNX0D

(Stockholm)
Asia Pacific s3-website.ap-southeast-3.amazonaws.com Z01613992JD795ZI93075

(Jakarta)
Middle s3-website.me-south-1.amazonaws.com Z1MPMWCPA7YB62

East(Bahrain)
Middle East s3-website.me-central-1.amazonaws.com Z06143092I8HRXZRUZROF

(UAE)
South America s3-website-sa-east-1.amazonaws.com Z7KQH4QJS55SO

(São Paulo)
AWS GovCloud s3-website.us-gov-east-1.amazonaws.com Z2NIFVYYW2VKV1

(US-East)
AWS GovCloud s3-website-us-gov-west-1.amazonaws.com Z31GFT0UA1I2HV

(US-West)
Service quotas
Amazon S3

Description
Access Points Each supported Yes The number of Amazon

Region: 10,000 S3 Access Points that you
can create per region in an
account
Bucket policy Each supported No The maximum size (in KB)

Region: 20 Kilobytes of a bucket policy for an
Amazon S3 bucket
Bucket tags Each supported No The maximum number of

Region: 50 tags you can assign to an
Amazon S3 bucket
Version 1.0
889
Service quotas

Description
Buckets Each supported Yes The number of Amazon S3

Region: 100 buckets that you can create
in an account
CRR rules Each supported No The maximum number

Region: 1,000 of rules you can specify
in an Amazon S3 Cross
Region Replication (CRR)
configuration
Event notifications Each supported No The maximum number

Region: 100 of event notifications per
Amazon S3 bucket
Lifecycle rules Each supported No The maximum number of

Region: 1,000 rules you can specify for
an Amazon S3 lifecycle
configuration
Maximum part size Each supported No The maximum size (in GB)
Region: 5 Gigabytes of an Amazon S3 object
part in a Multipart upload
using the API
Minimum part size Each supported No The minimum size (in MB)
Region: 5 of an Amazon S3 object
Megabytes part in a Multipart upload
using the API. The last part
uploaded can be less than
the stated minimum
Multi-Region Access Point Regions Each supported No Maximum Regions per

Region: 20 Multi-Region Access Point.
Multi-Region Access Points Each supported No Multi-Region Access Points

Region: 100 per Account.
Object size Each supported No The maximum size (in TB)

Region: 5 Terabytes of an Amazon S3 object
Object size (Console upload) Each supported No The maximum size (in GB)
Region: 160 of an Amazon S3 object
Gigabytes that you can upload using
the console
Object tags Each supported No The maximum number of

Region: 10 tags you can assign to an
Amazon S3 object
Parts Each supported No The maximum number of

Region: 10,000 Amazon S3 object parts per
Multipart upload
Version 1.0
890
Amazon SWF

Description
Replication transfer rate Each supported Yes The maximum Replication

Region: 1 Gigabits Time Control transfer rate
per second that you can replicate from
the source region in this
account.
S3 Glacier: Number of random restore Each supported No The number of random

requests. Region: 35 restore requests from S3
Glacier storage class per PiB
stored per day.
S3 Glacier: Provisioned capacity units Each supported No The maximum number of

Region: 2 S3 Glacier storage class
provisioned capacity units
available to purchase per
account.

Description
Access Points Each supported No The maximum number of

Region: 10 Amazon S3 on Outposts
access points that you can
create per S3 on Outposts
bucket in the AWS account
in the current Outpost.
Buckets Each supported No The maximum number of

Region: 100 Amazon S3 on Outposts
buckets that you can create
per AWS account in the
current Outpost.
Amazon Simple Workflow Service endpoints and

quotas
Version 1.0
891
Service endpoints
Service endpoints

Name
US East us-east-2 swf.us-east-2.amazonaws.com HTTPS

(Ohio)
swf-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 swf.us-east-1.amazonaws.com HTTPS

Virginia)
swf-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 swf.us-west-1.amazonaws.com HTTPS

West (N.
California) swf-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 swf.us-west-2.amazonaws.com HTTPS

(Oregon)
swf-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 swf.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 swf.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- swf.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- swf.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- swf.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
892
Service quotas

Name
Canada ca- swf.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- swf.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 swf.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- swf.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 swf.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- swf.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- swf.me-central-1.amazonaws.com HTTPS

South sa-east-1 swf.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- swf.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) swf.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- swf.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) swf.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
CountClosedWorkflowExecutions throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 CountClosedWorkflowExecutions
calls you can burst without
being throttled.
CountClosedWorkflowExecutions throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 6 CountClosedWorkflowExecutions
calls you can make per
Version 1.0
893
Service quotas

Description
second without being
throttled.
CountOpenWorkflowExecutions throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 CountOpenWorkflowExecutions
being throttled.
CountOpenWorkflowExecutions throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 6 CountOpenWorkflowExecutions
throttled.
CountPendingActivityTasks throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 200 CountPendingActivityTasks
being throttled.
CountPendingActivityTasks throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 6 CountPendingActivityTasks
throttled.
CountPendingDecisionTasks throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 200 CountPendingDecisionTasks
being throttled.
CountPendingDecisionTasks throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 6 CountPendingDecisionTasks
throttled.
DeprecateActivityType throttle burst limit Each supported Yes The maximum number
in transactions per second Region: 200 of DeprecateActivityType
being throttled.
DeprecateActivityType throttle refill limit Each supported Yes The maximum number of
in transactions per second Region: 6 DeprecateActivityType calls
DeprecateDomain throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 200 DeprecateDomain calls you
can burst without being
throttled.
DeprecateDomain throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 6 DeprecateDomain calls
Version 1.0
894
Service quotas

Description
DeprecateWorkflowType throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 200 DeprecateWorkflowType
being throttled.
DeprecateWorkflowType throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 6 DeprecateWorkflowType
throttled.
DescribeActivityType throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 2,000 of DescribeActivityType
being throttled.
DescribeActivityType throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 6 DescribeActivityType calls
DescribeDomain throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 200 DescribeDomain calls you
throttled.
DescribeDomain throttle refill limit in Each supported Yes The maximum number
transactions per second Region: 6 of DescribeDomain calls
DescribeWorkflowExecution throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 2,000 DescribeWorkflowExecution
being throttled.
DescribeWorkflowExecution throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 6 DescribeWorkflowExecution
throttled.
DescribeWorkflowType throttle burst limit Each supported Yes The maximum number of
in transactions per second Region: 2,000 DescribeWorkflowType
being throttled.
DescribeWorkflowType throttle refill limit Each supported Yes The maximum number of
in transactions per second Region: 6 DescribeWorkflowType calls
Events in Workflow execution history Each supported No The maximum number of

Region: 25,000 events for a given workflow
execution.
Version 1.0
895
Service quotas

Description
GetWorkflowExecutionHistory throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 GetWorkflowExecutionHistory
being throttled.
GetWorkflowExecutionHistory throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 60 GetWorkflowExecutionHistory
throttled.
Input / result data size Each supported No This limit affects activity or
Region: 32,768 workflow execution result
data, input data when
scheduling activity tasks or
workflow executions, and
input sent with a workflow
execution signal.
ListActivityTypes throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 200 ListActivityTypes calls you
throttled.
ListActivityTypes throttle refill limit in Each supported Yes The maximum number
transactions per second Region: 6 of ListActivityTypes calls
ListClosedWorkflowExecutions throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 200 ListClosedWorkflowExecutions
being throttled.
ListClosedWorkflowExecutions throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 6 ListClosedWorkflowExecutions
throttled.
ListDomains throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 100 of ListDomains calls you
throttled.
ListDomains throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 6 ListDomains calls you can
being throttled.
ListOpenWorkflowExecutions throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 200 ListOpenWorkflowExecutions
being throttled.
Version 1.0
896
Service quotas

Description
ListOpenWorkflowExecutions throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 48 ListOpenWorkflowExecutions
throttled.
ListWorkflowTypes throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 200 ListWorkflowTypes calls
you can burst without
being throttled.
ListWorkflowTypes throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 6 ListWorkflowTypes calls
Maximum workflow and activity types per Each supported Yes The maximum number of
domain Region: 10,000 registered workflow and
activity types per domain
for this account in the
current region.
Open activity tasks per workflow Each supported No This limit includes both
execution Region: 1,000 activity tasks that have
been scheduled and
those being processed by
workers.
Open child workflow executions Each supported No The maximum number

Region: 1,000 of open child workflow
executions per workflow
execution.
Open timers per workflow execution Each supported No The maximum number of
Region: 1,000 concurrently open timers
per workflow execution.
Open workflow executions per domain Each supported Yes The maximum number of
Region: 100,000 open workflow executions
per domain for this account
PollForActivityTask throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 2,000 PollForActivityTask calls
you can burst without
being throttled.
PollForActivityTask throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 200 PollForActivityTask calls
PollForDecisionTask throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 2,000 of PollForDecisionTask
being throttled.
Version 1.0
897
Service quotas

Description
PollForDecisionTask throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 200 PollForDecisionTask calls
Pollers per task list Each supported No You can have a maximum
Region: 1,000 of 1,000 pollers which
simultaneously poll a
particular task list.
RecordActivityTaskHeartbeat throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 RecordActivityTaskHeartbeat
being throttled.
RecordActivityTaskHeartbeat throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 160 RecordActivityTaskHeartbeat
throttled.
RegisterActivityType throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 200 of RegisterActivityType
being throttled.
RegisterActivityType throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 60 RegisterActivityType calls
RegisterDomain throttle burst limit in Each supported Yes The maximum number of
transactions per second Region: 100 RegisterDomain calls you
throttled.
RegisterDomain throttle refill limit in Each supported Yes The maximum number
transactions per second Region: 6 of RegisterDomain calls
RegisterWorkflowType throttle burst limit Each supported Yes The maximum number
in transactions per second Region: 200 of RegisterWorkflowType
being throttled.
RegisterWorkflowType throttle refill limit Each supported Yes The maximum number of
in transactions per second Region: 60 RegisterWorkflowType calls
Registered domains Each supported Yes The maximum number

Region: 100 of registered domains for
region.
Version 1.0
898
Service quotas

Description
Request size Each supported No The total data size in

Region: 1 megabytes per Simple
Megabytes Workflow API request,
including the request
header and all other
associated request data.
RequestCancelExternalWorkflowExecution Each supported Yes The maximum number of

throttle burst limit in transactions per Region: 1,200 RequestCancelExternalWorkflowExecution
second calls you can burst without
being throttled.
RequestCancelExternalWorkflowExecution Each supported Yes The maximum number of

throttle refill limit in transactions per Region: 120 RequestCancelExternalWorkflowExecution
second calls you can make per
throttled.
RequestCancelWorkflowExecution throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 RequestCancelWorkflowExecution
being throttled.
RequestCancelWorkflowExecution throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 30 RequestCancelWorkflowExecution
throttled.
RespondActivityTaskCanceled throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 RespondActivityTaskCanceled
being throttled.
RespondActivityTaskCanceled throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 200 RespondActivityTaskCanceled
throttled.
RespondActivityTaskCompleted throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 RespondActivityTaskCompleted
being throttled.
RespondActivityTaskCompleted throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 200 RespondActivityTaskCompleted
throttled.
RespondActivityTaskFailed throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 2,000 RespondActivityTaskFailed
being throttled.
Version 1.0
899
Service quotas

Description
RespondActivityTaskFailed throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 200 RespondActivityTaskFailed
throttled.
RespondDecisionTaskCompleted throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 RespondDecisionTaskCompleted
being throttled.
RespondDecisionTaskCompleted throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 200 RespondDecisionTaskCompleted
throttled.
SWF task in queue in year Each supported No The maximum time for a
Region: 1 task to stay in queued state
(constrained by workflow
execution time limit).
ScheduleActivityTask throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 1,000 of ScheduleActivityTask
being throttled.
ScheduleActivityTask throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 200 ScheduleActivityTask calls
SignalExternalWorkflowExecution throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 1,200 SignalExternalWorkflowExecution
being throttled.
SignalExternalWorkflowExecution throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 120 SignalExternalWorkflowExecution
throttled.
SignalWorkflowExecution throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 2,000 SignalWorkflowExecution
being throttled.
SignalWorkflowExecution throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 30 SignalWorkflowExecution
throttled.
Version 1.0
900
Service quotas

Description
StartChildWorkflowExecution throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 500 StartChildWorkflowExecution
being throttled.
StartChildWorkflowExecution throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 12 StartChildWorkflowExecution
throttled.
StartTimer throttle burst limit in Each supported Yes The maximum number
transactions per second Region: 2,000 of StartTimer calls you
throttled.
StartTimer throttle refill limit in Each supported Yes The maximum number of
transactions per second Region: 200 StartTimer calls you can
being throttled.
StartWorkflowExecution throttle burst Each supported Yes The maximum number of

limit in transactions per second Region: 2,000 StartWorkflowExecution
being throttled.
StartWorkflowExecution throttle refill Each supported Yes The maximum number of

limit in transactions per second Region: 200 StartWorkflowExecution
throttled.
Task execution time in year Each supported No The maximum time for a
Region: 1 task to stay in execution
state (constrained by
workflow execution time
limit).
TerminateWorkflowExecution throttle Each supported Yes The maximum number of

burst limit in transactions per second Region: 2,000 TerminateWorkflowExecution
being throttled.
TerminateWorkflowExecution throttle Each supported Yes The maximum number of

refill limit in transactions per second Region: 60 TerminateWorkflowExecution
throttled.
Workflow execution idle time limit in years Each supported Yes The maximum time in years
Region: 1 a workflow execution can
be idle for (constrained by
workflow execution time
limit).
Version 1.0
901
Amazon SimpleDB

Description
Workflow execution time in years Each supported No The maximum time in years
Region: 1 a workflow execution can
run for.
Workflow retention time in days Each supported Yes After this time, the
Region: 90 workflow history can no
longer be retrieved or
viewed. There is no further
limit to the number of
closed workflow executions
that are retained by
Amazon SWF.
For more information, see Amazon SWF Quotas in the Amazon Simple Workflow Service Developer Guide.
Amazon SimpleDB endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 sdb.amazonaws.com HTTP and

Virginia) HTTPS
US us-west-1 sdb.us-west-1.amazonaws.com HTTP and

West (N. HTTPS
California)
US West us-west-2 sdb.us-west-2.amazonaws.com HTTP and

(Oregon) HTTPS
Asia ap- sdb.ap-southeast-1.amazonaws.com HTTP and

(Singapore)
Asia ap- sdb.ap-southeast-2.amazonaws.com HTTP and

(Sydney)
Asia ap- sdb.ap-northeast-1.amazonaws.com HTTP and

(Tokyo)
Europe eu-west-1 sdb.eu-west-1.amazonaws.com HTTP and

(Ireland) HTTPS
Version 1.0
902
Service quotas

Name
South sa-east-1 sdb.sa-east-1.amazonaws.com HTTP and

America HTTPS
(São
Paulo)
Service quotas
Resource Default
Domains 250
For more information, see Amazon SimpleDB Quotas in the Amazon SimpleDB Developer Guide.
AWS IAM Identity Center (successor to AWS Single

Sign-On) endpoints and quotas
Service endpoints
IAM Identity Center

Name
US East us-east-2 sso.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 sso.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 sso.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 sso.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- sso.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
903
Service endpoints

Name
Asia ap- sso.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- sso.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- sso.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- sso.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- sso.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sso.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- sso.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 sso.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- sso.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 sso.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- sso.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) sso.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- sso.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) sso.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
904
Service endpoints
Identity Store

Name
US East us-east-2 identitystore.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 identitystore.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 identitystore.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- identitystore.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- identitystore.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- identitystore.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- identitystore.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- identitystore.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- identitystore.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- identitystore.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 identitystore.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 identitystore.eu-west-2.amazonaws.com HTTPS

(London)
Europe eu-north-1 identitystore.eu-north-1.amazonaws.com HTTPS

(Stockholm)
AWS us-gov- identitystore.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) identitystore.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- identitystore.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) identitystore.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
905
Service quotas
Service quotas

Description
File size of service provider SAML Each supported No The maximum file size (in
certificates (in PEM format) Region: 2 Kilobytes KB) of service provider
SAML certificates (in PEM
format).
Number of groups supported in IAM Each supported No The maximum number of

Identity Center Region: 10,000 groups supported in IAM
Identity Center.
Number of permission sets allowed in IAM Each supported Yes The maximum number of
Identity Center Region: 500 permission sets allowed in
IAM Identity Center.
Number of permission sets allowed per Each supported Yes The maximum number of
AWS account Region: 50 permission sets allowed per
AWS account.
Number of unique directory groups that Each supported Yes The maximum number of
can be assigned Region: 2,500 unique directory groups
that can be assigned
for using accounts and
applications. Users can
belong to many directory
groups, and a directory may
contain many groups.
Number of unique groups that can be used Each supported No The maximum number
to evaluate the permissions for a user Region: 500 of unique groups that
can be used to evaluate
the permissions for a
user. Before displaying
the user’s available AWS
accounts and application
icons in the AWS access
portal, IAM Identity Center
evaluates the user’s
effective permissions by
evaluating their group
memberships.
Number of users supported in IAM Identity Each supported No The maximum number of
Center Region: 50,000 users supported in IAM
Identity Center.
Total number of AWS accounts or Each supported Yes The maximum total
applications that can be configured Region: 500 number of AWS accounts
or applications (total
combined) that can be
configured. For example,
you might configure
275 accounts and 225
applications, resulting in a
Version 1.0
906
Snow Family

Description
total of 500 accounts and
applications.
For more information, see AWS IAM Identity Center (successor to AWS Single Sign-On) quotas in the AWS
IAM Identity Center (successor to AWS Single Sign-On) User Guide.
AWS Snow Family endpoints and quotas

Service endpoints
Snow Family devices are available in the following AWS Regions.

Name
US East us-east-2 snowball.us-east-2.amazonaws.com

(Ohio) HTTPS
snowball-fips.us-east-2.amazonaws.com
US East (N. us-east-1 snowball.us-east-1.amazonaws.com

Virginia) HTTPS
snowball-fips.us-east-1.amazonaws.com
US us-west-1 snowball.us-west-1.amazonaws.com
West (N. HTTPS
California) snowball-fips.us-west-1.amazonaws.com
US West us-west-2 snowball.us-west-2.amazonaws.com

(Oregon) HTTPS
snowball-fips.us-west-2.amazonaws.com
Africa af-south-1 snowball.af-south-1.amazonaws.com

(Cape
Town)
Asia ap-east-1 snowball.ap-east-1.amazonaws.com

Pacific
(Hong
Kong)
Asia ap- snowball.ap-southeast-3.amazonaws.com

(Jakarta)
Asia ap- snowball.ap-south-1.amazonaws.com

(Mumbai) snowball-fips.ap-south-1.amazonaws.com
Version 1.0
907
Service endpoints

Name
Asia ap- snowball.ap-northeast-3.amazonaws.com

(Osaka) snowball-fips.ap-northeast-3.amazonaws.com

(Seoul) snowball-fips.ap-northeast-2.amazonaws.com

(Singapore) snowball-fips.ap-southeast-1.amazonaws.com

(Sydney) snowball-fips.ap-southeast-2.amazonaws.com

(Tokyo) snowball-fips.ap-northeast-1.amazonaws.com
Canada ca- snowball.ca-central-1.amazonaws.com

snowball-fips.ca-central-1.amazonaws.com
Europe eu- snowball.eu-central-1.amazonaws.com

snowball-fips.eu-central-1.amazonaws.com
Europe eu-west-1 snowball.eu-west-1.amazonaws.com

(Ireland) HTTPS
snowball-fips.eu-west-1.amazonaws.com

(London) HTTPS
Europe eu- snowball.eu-south-1.amazonaws.com

(Milan) south-1

(Paris) HTTPS
Europe eu-north-1 snowball.eu-north-1.amazonaws.com

(Stockholm)
South sa-east-1 snowball.sa-east-1.amazonaws.com

America HTTPS
(São snowball-fips.sa-east-1.amazonaws.com
Paulo)
AWS us-gov- snowball.us-gov-east-1.amazonaws.com

(US-East) snowball-fips.us-gov-east-1.amazonaws.com
Version 1.0
908
Service quotas

Name
AWS us-gov- snowball.us-gov-west-1.amazonaws.com

(US-West) snowball-fips.us-gov-west-1.amazonaws.com
AWS Snowcone is available only in the following AWS Regions:

• US East (Ohio)
• US West (N. California)
• Canada (Central)
• South America (São Paulo)
• Europe (London)
• Europe (Paris)
Service quotas

Description
Snowball Edge devices Each supported Yes The maximum number of

Region: 1 Snowball Edge devices.
Snowcone devices Each supported Yes The maximum number of

Region: 1 Snowcone devices.
AWS Step Functions endpoints and quotas

Version 1.0
909
Service endpoints
Service endpoints

Name
US East us-east-2 states.us-east-2.amazonaws.com HTTPS

(Ohio)
sync-states-fips.us-east-2.amazonaws.com HTTPS
states-fips.us-east-2.amazonaws.com HTTPS
sync-states.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 states.us-east-1.amazonaws.com HTTPS

Virginia)
sync-states-fips.us-east-1.amazonaws.com HTTPS
states-fips.us-east-1.amazonaws.com HTTPS
sync-states.us-east-1.amazonaws.com HTTPS
US us-west-1 states.us-west-1.amazonaws.com HTTPS

West (N.
California) sync-states-fips.us-west-1.amazonaws.com HTTPS
states-fips.us-west-1.amazonaws.com HTTPS
sync-states.us-west-1.amazonaws.com HTTPS
US West us-west-2 states.us-west-2.amazonaws.com HTTPS

(Oregon)
sync-states-fips.us-west-2.amazonaws.com HTTPS
states-fips.us-west-2.amazonaws.com HTTPS
sync-states.us-west-2.amazonaws.com HTTPS
Africa af-south-1 states.af-south-1.amazonaws.com HTTPS

(Cape
Town) sync-states.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 states.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong sync-states.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- states.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) sync-states.ap-southeast-3.amazonaws.com HTTPS
Asia ap- states.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) sync-states.ap-south-1.amazonaws.com HTTPS
Asia ap- states.ap-northeast-3.amazonaws.com HTTPS

(Osaka) sync-states.ap-northeast-3.amazonaws.com HTTPS
Version 1.0
910
Service endpoints

Name

(Seoul) sync-states.ap-northeast-2.amazonaws.com HTTPS

(Singapore) sync-states.ap-southeast-1.amazonaws.com HTTPS

(Sydney) sync-states.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) sync-states.ap-northeast-1.amazonaws.com HTTPS
Canada ca- states.ca-central-1.amazonaws.com HTTPS

(Central) central-1
sync-states.ca-central-1.amazonaws.com HTTPS
Europe eu- states.eu-central-1.amazonaws.com HTTPS

sync-states.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 states.eu-west-1.amazonaws.com HTTPS

(Ireland)
sync-states.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- states.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
sync-states.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 states.eu-north-1.amazonaws.com HTTPS

(Stockholm)
sync-states.eu-north-1.amazonaws.com HTTPS
Middle me- states.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) sync-states.me-south-1.amazonaws.com HTTPS
Middle me- states.me-central-1.amazonaws.com HTTPS

sync-states.me-central-1.amazonaws.com HTTPS
South sa-east-1 states.sa-east-1.amazonaws.com HTTPS

America
(São sync-states.sa-east-1.amazonaws.com HTTPS
Paulo)
Version 1.0
911
Service quotas

Name
AWS us-gov- states.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) sync-states-fips.us-gov-east-1.amazonaws.com HTTPS
states-fips.us-gov-east-1.amazonaws.com HTTPS
sync-states.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- states.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) sync-states.us-gov-west-1.amazonaws.com HTTPS
states.us-gov-west-1.amazonaws.com HTTPS
sync-states.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Activity pollers per ARN Each supported No The number of polls that
Region: 1,000 can be waiting per activity
resource ARN.
CreateActivity throttle token bucket size Each supported Yes The maximum number of
Region: 100 CreateActivity calls you can
make at one time.
CreateActivity throttle token refill rate per Each supported Yes The token refill rate per
second Region: 1 second of CreateActivity
calls.
CreateStateMachine throttle token bucket Each supported Yes The maximum number of
size Region: 100 CreateStateMachine calls
you can make at one time.
CreateStateMachine throttle token refill Each supported Yes The token refill rate per
rate per second Region: 1 second of CreateActivity
calls.
DeleteActivity throttle token bucket size Each supported Yes The maximum number of
Region: 100 DeleteActivity calls you can
make at one time.
DeleteActivity throttle token refill rate per Each supported Yes The token refill rate per
second Region: 1 second of DeleteActivity
calls.
DeleteStateMachine throttle token bucket Each supported Yes The maximum number of
size Region: 100 DeleteStateMachine calls
Version 1.0
912
Service quotas

Description
DeleteStateMachine throttle token refill Each supported Yes The token refill
rate per second Region: 1 rate per second of
DeleteStateMachine calls.
DescribeActivity throttle token bucket size Each supported Yes The maximum number of
Region: 200 DescribeActivity calls you
DescribeActivity throttle token refill rate Each supported Yes The token refill rate per
per second Region: 1 second of DescribeActivity
calls.
DescribeExecution throttle token bucket us-east-1: 300 Yes The maximum number of
size DescribeExecution calls you
us-west-2: 300 can make at one time.
eu-west-1: 300
Each of the other

supported Regions:
250
DescribeExecution throttle token refill rate us-east-1: 15 Yes The token refill
per second rate per second of
us-west-2: 15 DescribeExecution calls.
eu-west-1: 15
Each of the other

supported Regions:
10
DescribeStateMachine throttle token Each supported Yes The maximum number of

bucket size Region: 200 DescribeStateMachine calls
DescribeStateMachine throttle token refill Each supported Yes The token refill
DescribeStateMachine calls.
DescribeStateMachineForExecution Each supported Yes The maximum number of

throttle token bucket size Region: 200 DescribeStateMachineForExecution
calls you can make at one
time.
DescribeStateMachineForExecution Each supported Yes The token refill

throttle token refill rate per second Region: 1 rate per second of
DescribeStateMachineForExecution
calls.
Events in execution history size Each supported No The maximum number

Region: 25,000 of events for a given
execution
Execution history retention time in days Each supported No The amount of time in days
Region: 90 the execution information
is stored after completion.
Version 1.0
913
Service quotas

Description
Execution idle time in years Each supported No The amount of time in

Region: 1 years an execution can be
idle for.
Execution time in years Each supported No The maximum time in years

Region: 1 an execution can run for.
Executions displayed in Step Functions Each supported No The maximum amount of

console Region: 1,000 executions displayed in the
Step Functions dashboard.
GetActivityTask throttle token bucket size us-east-1: 3,000 Yes The maximum number of
GetActivityTask calls you
us-west-2: 3,000 can make at one time.
eu-west-1: 3,000
Each of the other

supported Regions:
1,500
GetActivityTask throttle token refill rate us-east-1: 500 Yes The token refill rate per
per second second of GetActivityTask
us-west-2: 500 calls.
eu-west-1: 500
Each of the other

supported Regions:
300
GetExecutionHistory throttle token bucket Each supported Yes The maximum number of
size Region: 400 GetExecutionHistory calls
GetExecutionHistory throttle token refill Each supported Yes The token refill
GetExecutionHistory calls.
Input or result data size in task state or Each supported No The maximum input or
execution Region: 262,144 result data size in bytes as a
Bytes UTF-8 encoded string for a
task, state, or execution.
ListActivities throttle token bucket size Each supported Yes The maximum number of
Region: 100 ListActivities calls you can
make at one time.
ListActivities throttle token refill rate per us-east-1: 10 Yes The token refill rate per
second second of ListActivities
eu-west-1: 10
Each of the other

supported Regions:
5
Version 1.0
914
Service quotas

Description
ListExecutions throttle token bucket size us-east-1: 200 Yes The maximum number of
ListExecutions calls you can
us-west-2: 200 make at one time.
eu-west-1: 200
Each of the other

supported Regions:
100
ListExecutions throttle token refill rate per us-east-1: 5 Yes The token refill rate per
second second of ListExecutions
us-west-2: 5 calls.
eu-west-1: 5
Each of the other

supported Regions:
2
ListStateMachines throttle token bucket Each supported Yes The maximum number of
size Region: 100 ListStateMachines calls you
ListStateMachines throttle token refill rate Each supported Yes The token refill
per second Region: 5 rate per second of
ListStateMachines calls.
ListTagsForResource throttle token bucket Each supported Yes The maximum number of
size Region: 100 ListTagsForResource calls
ListTagsForResource throttle token refill Each supported Yes The token refill
ListTagsForResource calls.
Open executions Each supported Yes The maximum number

Region: 1,000,000 of open executions per
region.
Registered activities Each supported Yes The maximum number of

Region: 10,000 activities for this account in
the current region.
Registered state machines Each supported Yes The maximum number of

Region: 10,000 state machines for this
region.
Resource name length Each supported No The maximum character

Region: 80 length of state machine,
execution, and activity
resource types
Version 1.0
915
Service quotas

Description
SendTaskFailure throttle token bucket size us-east-1: 3,000 Yes The maximum number of
SendTaskFailure calls you
eu-west-1: 3,000
Each of the other

supported Regions:
1,500
SendTaskFailure throttle token refill rate us-east-1: 500 Yes The token refill rate per
per second second of SendTaskFailure
eu-west-1: 500
Each of the other

supported Regions:
300
SendTaskHeartbeat throttle token bucket us-east-1: 3,000 Yes The maximum number of
size SendTaskHeartbeat calls
us-west-2: 3,000 you can make at one time.
eu-west-1: 3,000
Each of the other

supported Regions:
1,500
SendTaskHeartbeat throttle token refill us-east-1: 500 Yes The token refill
rate per second rate per second of
us-west-2: 500 SendTaskHeartbeat calls.
eu-west-1: 500
Each of the other

supported Regions:
300
SendTaskSuccess throttle token bucket us-east-1: 3,000 Yes The maximum number of
size SendTaskSuccess calls you
eu-west-1: 3,000
Each of the other

supported Regions:
1,500
SendTaskSuccess throttle token refill rate us-east-1: 500 Yes The token refill rate per
per second second of SendTaskSuccess
eu-west-1: 500
Each of the other

supported Regions:
300
Version 1.0
916
Service quotas

Description
Size per API request Each supported No The total data size in
Region: 1 megabytes per Step
Megabytes Functions API request,
including the request
header and all other
associated request data.
StartExecution throttle token bucket size us-east-1: 1,300 Yes The maximum number of
StartExecution calls you can
us-west-2: 1,300 make at one time.
eu-west-1: 1,300
Each of the other

supported Regions:
800
StartExecution throttle token refill rate per us-east-1: 300 Yes The token refill rate per
second second of StartExecution
eu-west-1: 300
Each of the other

supported Regions:
150
StateTransition throttle token bucket size us-east-1: 5,000 Yes The maximum number of
StateTransition calls you
eu-west-1: 5,000
Each of the other

supported Regions:
800
StateTransition throttle token refill rate us-east-1: 1,500 Yes The token refill rate per
per second second of StateTransition
us-west-2: 1,500 calls.
eu-west-1: 1,500
Each of the other

supported Regions:
500
Step Functions task in queue in year Each supported No The maximum time in years
Region: 1 that Step Functions keeps a
task in the queue.
Version 1.0
917
Storage Gateway

Description
StopExecution throttle token bucket size us-east-1: 1,000 Yes The maximum number of
StopExecution calls you can
us-west-2: 1,000 make at one time.
eu-west-1: 1,000
Each of the other

supported Regions:
500
StopExecution throttle token refill rate per us-east-1: 200 Yes The token refill rate per
second second of StopExecution
eu-west-1: 200
Each of the other

supported Regions:
25
TagResource throttle token bucket size Each supported Yes The maximum number of
Region: 200 TagResource calls you can
make at one time.
TagResource throttle token refill rate per Each supported Yes The token refill rate per
second Region: 1 second of TagResource
calls.
Task execution time in year Each supported No The maximum lifetime

Region: 1 in years that a task can
execute.
UntagResource throttle token bucket size Each supported Yes The maximum number of
Region: 200 UntagResource calls you
UntagResource throttle token refill rate Each supported Yes The token refill rate per
per second Region: 1 second of UntagResource
calls.
UpdateStateMachine throttle token bucket Each supported Yes The maximum number of
size Region: 100 UpdateStateMachine calls
UpdateStateMachine throttle token refill Each supported No The token refill

UpdateStateMachine calls.
For more information, see Quotas in the AWS Step Functions Developer Guide.
AWS Storage Gateway endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect to an AWS service,
you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints
in selected Regions. For more information, see AWS service endpoints (p. 987). Service quotas, also
Version 1.0
918
Service endpoints
referred to as limits, are the maximum number of service resources or operations for your AWS account.
For more information, see AWS service quotas (p. 991).
Service endpoints
Storage Gateway

Name
US East us-east-2 storagegateway.us-east-2.amazonaws.com HTTPS

(Ohio)
storagegateway-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 storagegateway.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 storagegateway.us-west-1.amazonaws.com HTTPS

West (N.
California) storagegateway-fips.us-west-1.amazonaws.com HTTPS
storagegateway-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 storagegateway.us-west-2.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 storagegateway.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 storagegateway.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- storagegateway.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- storagegateway.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- storagegateway.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Version 1.0
919
Service endpoints

Name

(Singapore)

(Sydney)

(Tokyo)
Canada ca- storagegateway.ca-central-1.amazonaws.com HTTPS

(Central) central-1
storagegateway-fips.ca-central-1.amazonaws.com HTTPS
storagegateway-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- storagegateway.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 storagegateway.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- storagegateway.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 storagegateway.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- storagegateway.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 storagegateway.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- storagegateway.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) storagegateway-fips.us-gov- HTTPS
HTTPS
storagegateway-fips.us-gov-
Version 1.0
920
Service quotas

Name
AWS us-gov- storagegateway.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) storagegateway-fips.us-gov- HTTPS
HTTPS
storagegateway-fips.us-gov-
For AWS Regions that the hardware appliance is supported in, see Storage Gateway hardware appliance
regions (p. 921).
Storage Gateway hardware appliance regions

The Storage Gateway hardware appliance is available for shipping worldwide where it is legally allowed
and permitted for exporting by the US government.
Storage Gateway hardware appliance is supported in the following AWS Regions.
• US East (Ohio)
• US West (N. California)
• Asia Pacific (Seoul)
• Canada (Central)
• Europe (London)
• Europe (Paris)
• Europe (Stockholm)
• South America (São Paulo)
Service quotas
Description
Cached volume gateway Cache Maximum Each supported No Maximum cache size for
in TiB Region: 16 Cached Volume Gateway
Cached volume gateway Cache Minimum Each supported No Minimum cache size for
in GiB Region: 150 Cached Volume Gateway
Cached volume gateway Upload Buffer Each supported No Maximum upload buffer
Maximum in TiB Region: 2 size for Cached Volume
Gateway
Version 1.0
921
Service quotas

Description
Cached volume gateway Upload Buffer Each supported No Minimum upload buffer
Minimum in GiB Region: 150 size for Cached Volume
Gateway
Cached volume size in TiB Each supported No Maximum size of a cached

Region: 32 volume
Cached volumes per gateway Each supported No Maximum number of

Region: 32 cached volumes per
gateway
File gateway Cache Maximum in TiB Each supported No Maximum cache size for File
Region: 16 Gateway
File gateway Cache Minimum in GiB Each supported No Minimum cache size for File
Region: 150 Gateway
File shares per S3 bucket Each supported No Maximum number of file

Region: 1 shares per Amazon S3
bucket
File shares per gateway Each supported No Maximum number of file

Region: 10 shares per gateway
File size Each supported No The maximum size of an

Region: 5 Terabytes individual file, which is
the maximum size of an
individual object in Amazon
S3
Max size of a virtual tape in TiB Each supported No Maximum size of a virtual
Region: 5 tape
Max virtual tapes in a VTL Each supported No Maximum number of

Region: 1,500 virtual tapes for a virtual
tape library (VTL)
Minimum size of a virtual tape in GiB Each supported No Minimum size of a virtual
Region: 100 tape
Path length Each supported No Maximum path length

Region: 1,024 Bytes
Size of all cached volumes per gateway in Each supported No Total size of all cached
TiB Region: 1,024 volumes for a gateway
Size of all stored volumes per gateway in Each supported No Total size of all stored
TiB Region: 512 volumes for a gateway
Stored volume gateway Upload Buffer Each supported No Maximum upload buffer
Maximum in TiB Region: 2 size for Stored Volume
Gateway
Stored volume gateway Upload Buffer Each supported No Minimum upload buffer
Minimum in GiB Region: 150 size for Stored Volume
Gateway
Version 1.0
922
Sumerian

Description
Stored volume size in TiB Each supported No Maximum size of a stored

Region: 16 volume
Stored volumes per gateway Each supported No Maximum number of stored

Region: 32 volumes per gateway
Tape gateway Cache Maximum in TiB Each supported No Maximum cache size for
Region: 16 Tape Gateway
Tape gateway Cache Minimum in GiB Each supported No Minimum cache size for
Region: 150 Tape Gateway
Tape gateway Upload Buffer Maximum in Each supported No Maximum upload buffer
TiB Region: 2 size for Tape Gateway
Tape gateway Upload Buffer Minimum in Each supported No Minimum upload buffer
GiB Region: 150 size for Tape Gateway
Total size of tapes in a virtual tape library Each supported No Total size of all tapes in a
in PiB Region: 1 virtual tape library (VTL)
For more information, see Storage Gateway quotas in the AWS Storage Gateway User Guide.
Amazon Sumerian endpoints and quotas

Service endpoints

Name
US East us-east-2 sumerian.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 sumerian.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 sumerian.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 sumerian.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- sumerian.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
923
Service quotas

Name
Asia ap- sumerian.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- sumerian.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- sumerian.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- sumerian.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- sumerian.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- sumerian.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 sumerian.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 sumerian.eu-north-1.amazonaws.com HTTPS

(Stockholm)
South sa-east-1 sumerian.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Model file size Each supported No The maximum model file

Region: 50 size (in MB).
Megabytes
Projects Each supported No The maximum number of

Region: 1,000 projects.
Scenes Each supported No The maximum number of

Region: 10,000 scenes.
Version 1.0
924
AWS Support

Description
Script file size Each supported No The maximum script file

Megabytes
Sound file size Each supported No The maximum sound file

Megabytes
Texture file size Each supported No The maximum texture file

Megabytes
ZIP file size Each supported No The maximum ZIP file size
Region: 200 (in MB).
Megabytes
AWS Support endpoints and quotas

Service endpoints
Name
US East us-east-2 support.us-east-1.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 support.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 support.us-east-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 support.us-east-1.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 support.us-east-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 support.us-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- support.us-east-1.amazonaws.com HTTPS

(Jakarta)
Version 1.0
925
Service endpoints

Name

Pacific south-1
(Mumbai)

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- support.us-east-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- support.us-east-1.amazonaws.com HTTPS

Europe eu-west-1 support.us-east-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- support.us-east-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 support.us-east-1.amazonaws.com HTTPS

(Stockholm)
Middle me- support.us-east-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- support.us-east-1.amazonaws.com HTTPS

South sa-east-1 support.us-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Version 1.0
926
Service quotas

Name
AWS us-gov- support.us-gov-west-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- support.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) support.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Description
AWS Support API operations Each supported No The maximum number

Region: 5 of AWS Support API
operations that you can
perform per second.
AWS Trusted Advisor API operations Each supported No The maximum number of
Region: 100 AWS Trusted Advisor API
operations that you can
perform per second.
Number of AWS Support cases that you Each supported No The maximum number of
can create Region: 10 AWS Support cases that
you can create per hour.
For more information, see the AWS Support User Guide.
AWS Support App in Slack endpoints

Name
US East (N. us-east-1 supportapp.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 supportapp.us-west-2.amazonaws.com HTTPS

(Oregon)
Europe eu-west-1 supportapp.eu-west-1.amazonaws.com HTTPS

(Ireland)
AWS Systems Manager endpoints and quotas

Version 1.0
927
Service endpoints
Service endpoints

Name
US East us-east-2 ssm.us-east-2.amazonaws.com HTTPS

(Ohio)
ssm-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ssm.us-east-1.amazonaws.com HTTPS

Virginia)
ssm-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 ssm.us-west-1.amazonaws.com HTTPS

West (N.
California) ssm-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 ssm.us-west-2.amazonaws.com HTTPS

(Oregon)
ssm-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 ssm.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ssm.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ssm.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ssm.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ssm.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Version 1.0
928
Service endpoints

Name
Canada ca- ssm.ca-central-1.amazonaws.com HTTPS

(Central) central-1
ssm-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- ssm.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ssm.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- ssm.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ssm.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- ssm.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- ssm.me-central-1.amazonaws.com HTTPS

South sa-east-1 ssm.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- ssm.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) ssm.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- ssm.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) ssm.us-gov-west-1.amazonaws.com HTTPS
In addition to the ssm.* endpoints, your managed instances must also allow HTTPS (port 443)
outbound traffic to the following endpoints. For more information, see Reference: ec2messages,
ssmmessages, and Other API Calls in the AWS Systems Manager User Guide.
• ec2messages.*
• ssmmessages.*
For information about AWS AppConfig endpoints and quotas, see AWS AppConfig endpoints and
quotas (p. 36).
Version 1.0
929
Service quotas
Service quotas
Capability Resource Default
Application Manager Maximum number of applications in 100

Application Manager
When you add an
application in Application
Manager, Systems Manager
automatically creates a
resource group to organize
all of the resources for that
application. The maximum
number of applications is
based on the underlying
quota for AWS Resource
Groups.
Application Manager Maximum number of AWS resources you For applications based on
can assign to an application AWS CloudFormation stacks:
200
For applications based on

AWS Resource Groups:
Unlimited
Automation Concurrently running automations 100
Each AWS account can

run 100 automations
simultaneously. This
includes child automations
(automations that are
started by another
automation), and rate
control automations. If
you attempt to run more
automations than this,
Systems Manager adds the
additional automations to a
queue and displays a status
of Pending.
Automation Automation queue 1000
If you attempt to run more

automations than the
concurrent automation limit,
subsequent automations
are added to a queue. Each
AWS account can queue
1,000 automations. When
an automation completes
(or reaches a terminal state),
the first automation in the
queue is started.
Version 1.0
930
Service quotas
Automation Concurrently running rate control 25

automations
Each AWS account can run
25 rate control automations
simultaneously. If you
attempt to run more
rate control automations
than the concurrent rate
control automation limit,
Systems Manager adds the
subsequent rate control
automations to a queue
and displays a status of
Pending.
Automation Rate control automation queue 1000
If you attempt to run

more automations than
the concurrent rate
control automation limit,
subsequent automations are
added to a queue. Each AWS
account can queue 1,000
rate control automations.
When an automation
completes (or reaches a
terminal state), the first
automation in the queue is
started.
Automation Number of levels of nested automation 5
A parent-level Automation
runbook can start a child-
level Automation runbook.
This represents one level
of nested automation. The
child-level Automation
runbook can start another
Automation runbook,
resulting in two levels of
nested automation. This can
continue up to a maximum
of five (5) levels below the
top-level parent Automation
runbook.
Automation Number of days an automation 30

execution history is stored in the system
Automation Additional automation executions that 1,000

can be queued
Version 1.0
931
Service quotas
Automation Maximum duration an automation 12 hours

execution can run when running in the
context of a user If you expect an automation
to run longer than 12 hours,
then you must run the
automation by using a
service role (or assume role).
Automation executeScript action run time 10 minutes
Each executeScript
action can run up to a
maximum duration of 10
minutes.
Automation executeScript action maximum Up to 100KB.

output
Automation invokeLambdaFunction action run 5 minutes

time
Each
invokeLambdaFunction
action can run up to a
maximum duration of five
(5) minutes.
Automation invokeLambdaFunction action Up to 200KB.

maximum output
Automation Number of Automation runbook 5

attachments
Each runbook can have up
to five (5) attachments.
Automation Automation runbook attachment size 256 MB
Each attachment can be up

to 256 MB.
Compliance Maximum size of any single 800 KB

AWS:ComplianceItem object
Distributor Maximum number of attachments in a 20

Distributor package
Distributor Maximum size per attachment in a 1 GB

Distributor package
Distributor Maximum number of files in a Distributor 1000

package
Distributor Maximum number of Distributor 500

packages per AWS account, per Region
Distributor Maximum number of package versions 25

per Distributor package
Distributor Maximum package size in Distributor 20 GB
Version 1.0
932
Service quotas
Distributor Maximum package manifest size in 64 KB

Distributor
Explorer Maximum number of resource data syncs 5

(per AWS account per Region)
Fleet Manager Maximum Remote Desktop session limit 60 minutes
Fleet Manager Maximum number of Remote Desktop 5

sessions (per AWS account per Region)
The maximum number of concurrent

Remote Desktop sessions (per AWS
account per Region). Service quota
increase requests up to 25 are
automatically approved. Service quota
increases can take up to two and a half
hours to take effect.
Inventory Maximum number of resource data syncs 5

(per AWS account per Region)
Inventory Inventory data collected per instance per 1 MB

call
This maximum adequately
supports most inventory
collection scenarios. When
this quota is reached, no
new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.
Inventory Inventory data collected per instance per 5 MB

day
When this quota is reached,
no new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.
Inventory Custom inventory types 20
You can add up to 20

custom inventory types.
Inventory Custom inventory type size 200 KB
This is the maximum size of

the type, not the inventory
collected.
Version 1.0
933
Service quotas
Inventory Custom inventory type attributes 50
This is the maximum

number of attributes within
the custom inventory type.
Inventory Inventory data expiration 30 days
If you terminate an
instance, inventory data
for that instance is deleted
immediately. For running
instances, inventory data
older than 30 days is
deleted. If you need to store
inventory data longer than
30 days, you can use AWS
Config to record history
or periodically query and
upload the data to an
Amazon S3 bucket. For more
information, see, Recording
Amazon EC2 managed
instance inventory in the
AWS Config Developer Guide.
Maintenance Windows Maintenance windows per AWS account 50
Maintenance Windows Tasks per maintenance window 20
Maintenance Windows Targets per maintenance window 100
Maintenance Windows Instance IDs per target 50
Maintenance Windows Targets per task 10
Maintenance Windows Concurrent executions of a single 1

maintenance window
Maintenance Windows Concurrent executions of maintenance 5

windows
Maintenance Windows Execution history retention 30 days
Version 1.0
934
Service quotas
Managed Instances - Hybrid Total number of registered on-premises Standard instances: 1,000
Environment servers and virtual machines (VMs) in a (per account per Region)
hybrid environment
Advanced instances:
Advanced instances are
available on a pay-per-use
basis. Advanced instances
also enable you to connect
to your hybrid machines
by using AWS Systems
Manager Session Manager.
For more information about
activating on-premises
instances for use in your
hybrid environment, see
Create a Managed-Instance
Activation in the AWS
Systems Manager User
Guide. For more information
about enabling advanced
instances, see Using the
Advanced-Instances Tier.
OpsCenter Total number of OpsItems allowed per 500,000

AWS account per Region (including Open
and Resolved OpsItems)
OpsCenter Maximum number of OpsItems per AWS 10,000

account per month
OpsCenter Maximum operational data value size 20 KB
OpsCenter Maximum number of associated 10

Automation runbooks per OpsItem
OpsCenter Maximum number of Automation 10

runbook executions stored in operational
data under a single associated runbook
OpsCenter Maximum number of related resources 100

you can specify per OpsItem
OpsCenter Maximum number of related OpsItems 10

you can specify per OpsItem
OpsCenter Maximum length of a deduplication 64 characters

string
OpsCenter Duration before an OpsItem is 36 months

automatically archived by the system
(regardless of status)
Version 1.0
935
Service quotas
Parameter Store Total number of parameters allowed Standard parameters:

10,000
(per AWS account and Region)
Advanced parameters:
100,000
For more information about

advanced parameters, see
About Systems Manager
Advanced Parameters in the
AWS Systems Manager User
Guide.
Parameter Store Max size for parameter value Standard parameter: 4 KB
Advanced parameter: 8 KB
Parameter Store Max number of parameter policies per 10

advanced parameter
Parameter Store Max throughput (transactions per Default throughput: 40

second) (Shared by the following API
actions: GetParameter,
GetParameters,
GetParametersByPath)
Higher throughput: 100

(GetParametersByPath)
Higher throughput: 3000

(Shared by the following API
actions: GetParameter and
GetParameters)
For more information

about Parameter Store
throughput, see Increasing
Parameter Store Throughput
in the AWS Systems Manager
User Guide.
Parameter Store Max history for a parameter 100 past values
Patch Manager Patch baselines per AWS account 50
Patch Manager Patch groups per patch baseline 25
Patch Manager Operation history retention Most recent 150 operations
Version 1.0
936
Service quotas
Run Command Execution history retention 30 days
The history of each

command is available for
up to 30 days. In addition,
you can store a copy of all
log files in Amazon Simple
Storage Service or have an
audit trail of all API calls in
AWS CloudTrail.
Session Manager Maximum idle time before session Default: 20 minutes

termination
Configurable to between 1
and 60 minutes.
SSM Documents Total documents 500

create a maximum of 500
documents per Region.
SSM Documents Document versions 1000
A single SSM document can

have a maximum of 1,000
versions.
SSM Documents Privately shared Systems Manager 1000

document
A single Systems Manager
document can be shared
with a maximum of 1000
AWS accounts.
SSM Documents Publicly shared Systems Manager 5

document
publicly share a maximum of
five documents.
State Manager Concurrent State Manager associations 2,000

have 2,000 associations per
Region at one time.
State Manager State Manager association versions 1,000
You can create a maximum

of 1,000 versions of a State
Manager association.
Version 1.0
937
Amazon Textract
Amazon Textract endpoints and quotas

Service endpoints

Name
US East us-east-2 textract.us-east-2.amazonaws.com HTTPS

(Ohio)
textract-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 textract.us-east-1.amazonaws.com HTTPS

Virginia)
textract-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 textract.us-west-1.amazonaws.com HTTPS

West (N.
California) textract-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 textract.us-west-2.amazonaws.com HTTPS

(Oregon)
textract-fips.us-west-2.amazonaws.com HTTPS
Asia ap- textract.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- textract.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- textract.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- textract.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Canada ca- textract.ca-central-1.amazonaws.com HTTPS

(Central) central-1
textract-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- textract.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 textract.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Version 1.0
938
Service Quotas

Name

(Paris)
AWS us-gov- textract.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) textract-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- textract.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) textract-fips.us-gov-west-1.amazonaws.com HTTPS
Service Quotas
Resources Regions
Synchronous API US East US West US East Europe Asia Other

Operations (N.Virginia) (Oregon) (Ohio) (Ireland) Pacific Regions
(Mumbai)
Transactions AnalyzeDocument
10 10 10 5 5 1
per second
per DetectDocumentText
25 25 10 5 5 1
account
AnalyzeExpense
5 5 1 1 1 1
for
synchronous AnalyzeID 5 5 1 1 1 1
operations
AsynchronousAPI US East US West US East Europe Asia Other

Operations (N.Virginia) (Oregon) (Ohio) (Ireland) Pacific Regions
(Mumbai)
Transactions StartDocumentAnalysis
10 10 10 5 5 2
per second
per StartDocumentTextDetection
15 15 5 5 5 1
account
StartExpenseAnalysis
5 5 1 1 1 1
for all
start
(asynchronous)
operations
Transactions GetDocumentAnalysis
10 10 10 5 5 5
per second
per GetDocumentTextDetection
25 25 10 5 5 5
account
GetExpenseAnalysis
5 5 5 5 5 5
for all get
(asynchronous)
operations
Maximum 600 600 100 100 100 100

number of
asynchronous
jobs per
account
Version 1.0
939
Timestream
Resources Regions
that can
simultaneously
exist
For more information, see Amazon Textract Quotas in the Amazon Textract Developer Guide.
Amazon Timestream endpoints and quotas

Service endpoints
Use the following endpoints to acquire the endpoints for the write API.

Name
US East us-east-2 ingest.timestream.us-east-2.amazonaws.com HTTPS

(Ohio)
ingest.timestream-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 ingest.timestream.us-east-1.amazonaws.com HTTPS

Virginia)
ingest.timestream-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 ingest.timestream.us-west-2.amazonaws.com HTTPS

(Oregon)
ingest.timestream-fips.us-west-2.amazonaws.com HTTPS
Asia ap- ingest.timestream.ap- HTTPS

(Sydney)
Asia ap- ingest.timestream.ap- HTTPS

(Tokyo)
Europe eu- ingest.timestream.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ingest.timestream.eu-west-1.amazonaws.com HTTPS

(Ireland)
Use the following endpoints to acquire the endpoints for the query API.
Version 1.0
940
Service quotas

Name
US East us-east-2 query.timestream.us-east-2.amazonaws.com HTTPS

(Ohio)
query.timestream-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 query.timestream.us-east-1.amazonaws.com HTTPS

Virginia)
query.timestream-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 query.timestream.us-west-2.amazonaws.com HTTPS

(Oregon)
query.timestream-fips.us-west-2.amazonaws.com HTTPS
Asia ap- query.timestream.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- query.timestream.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu- query.timestream.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 query.timestream.eu-west-1.amazonaws.com HTTPS

(Ireland)
For more information, see Using the API in the Amazon Timestream Developer Guide.
Service quotas

Description
Data size for query result Each supported No The maximum data size for
Region: 5 Gigabytes a query result.
Database name length Each supported No The maximum number of

Region: 256 Bytes bytes for a database name.
Databases per account Each supported No The maximum number of

Region: 500 databases you can create
per AWS account.
Dimension name dimension value pair size Each supported No The maximum size of
per series Region: 2 Kilobytes dimension name and
dimension value pair per
series.
Dimension name length Each supported No The maximum number

Region: 60 Bytes of bytes for a dimension
name.
Dimensions per table Each supported No The maximum number of

Region: 128 dimensions per table.
Version 1.0
941
Service quotas

Description
Execution duration for queries in hours Each supported No The maximum execution
Region: 1 duration (in hours) for a
query. Queries that take
longer will timeout.
Future ingestion period in minutes Each supported No The maximum lead time
Region: 30 (in minutes) for your time
series data compared to
the current system time.
For example, if the future
ingestion period is 30
minutes, then Timestream
will accept data that is up
to 30 minutes ahead of the
current system time.
Maximum count of active magnetic store Each supported No Maximum number of active
partitions per database Region: 250 magnetic store partitions
per database. A partition
may remain active for up
to 6 hours after receiving
ingestion.
Maximum retention period for magnetic Each supported No The maximum duration (in
store in days Region: 73,000 days) for which data can be
retained in the magnetic
store.
Maximum retention period for memory Each supported No The maximum duration (in
store in hours Region: 8,766 hours) for which data can
be retained in the memory
store per table.
Measure name length Each supported No The maximum number of

Region: 256 Bytes bytes for a measure name.
Measure value size per multi-measure Each supported No The maximum size of
record Region: 2,048 Bytes measure values per multi-
measure record.
Measures per multi-measure record Each supported No The maximum number

Region: 256 of measures per multi-
measure record.
Measures per table Each supported No The maximum number of

Region: 8,192 measures per table.
Metadata size for query result Each supported No The maximum metadata
Region: 100 size for a query result.
Kilobytes
Minimum retention period for magnetic Each supported No The minimum duration (in
store in days Region: 1 days) for which data must
be retained in the magnetic
store per table.
Version 1.0
942
Amazon Transcribe

Description
Minimum retention period for memory Each supported No The minimum duration (in
store in hours Region: 1 hours) for which data must
be retained in the memory
store per table.
QueryString length in KiB Each supported No The maximum length (in

Region: 256 KiB) of a query string in
UTF-8 encoded chars for a
query.
Records per WriteRecords API request Each supported No The maximum number of
Region: 100 records in a WriteRecords
API request.
Scheduled queries per account Each supported No The maximum number of

Region: 10,000 scheduled queries you can
create per AWS account.
Table name length Each supported No The maximum number of

Region: 256 Bytes bytes for a table name.
Tables per account Each supported No The maximum number of

Region: 50,000 tables you can create per
AWS account.
Throttle rate for CRUD APIs Each supported No The maximum number
Region: 1 of Create/Update/List/
Describe/Delete database/
table API requests allowed
per second per account, in
the current region.
Unique measures across multi-measure Each supported No The unique measures in

records per table Region: 1,024 all the multi-measure
records defined in a single
table. A single multi-
measure record can have
MaximumMeasureAttributesPerRecord
unique measures,
and a table can have
MaximumMeasureAttributesPerTable
unique measures defined
across multi-measure
records.
For more information, see Quotas in the Amazon Timestream Developer Guide.
Amazon Transcribe endpoints and quotas

Version 1.0
943
Service endpoints
Service endpoints
Amazon Transcribe

Name
US East us-east-2 transcribe.us-east-2.amazonaws.com HTTPS

(Ohio)
fips.transcribe.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 transcribe.us-east-1.amazonaws.com HTTPS

Virginia)
fips.transcribe.us-east-1.amazonaws.com HTTPS
US us-west-1 transcribe.us-west-1.amazonaws.com HTTPS

West (N.
California) fips.transcribe.us-west-1.amazonaws.com HTTPS
US West us-west-2 transcribe.us-west-2.amazonaws.com HTTPS

(Oregon)
fips.transcribe.us-west-2.amazonaws.com HTTPS
Africa af-south-1 transcribe.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 transcribe.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- transcribe.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- transcribe.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- transcribe.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- transcribe.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- transcribe.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- transcribe.ca-central-1.amazonaws.com HTTPS

(Central) central-1
fips.transcribe.ca-central-1.amazonaws.com HTTPS
Europe eu- transcribe.eu-central-1.amazonaws.com HTTPS

Version 1.0
944
Service endpoints

Name
Europe eu-west-1 transcribe.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 transcribe.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- transcribe.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 transcribe.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- transcribe.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) fips.transcribe.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- transcribe.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) fips.transcribe.us-gov-west-1.amazonaws.com HTTPS
Amazon Transcribe Streaming

Name
US East us-east-2 transcribestreaming.us-east-2.amazonaws.com HTTPS

(Ohio)
transcribestreaming-fips.us- HTTPS
US East (N. us-east-1 transcribestreaming.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 transcribestreaming.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- transcribestreaming.ap- HTTPS

(Seoul)
Version 1.0
945
Service endpoints

Name

(Sydney)

(Tokyo)
Canada ca- transcribestreaming.ca-central-1.amazonaws.com HTTPS

(Central) central-1
transcribestreaming-fips.ca- HTTPS
Europe eu- transcribestreaming.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 transcribestreaming.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 transcribestreaming.eu-west-2.amazonaws.com HTTPS

(London)
South sa-east-1 transcribestreaming.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- transcribestreaming.us-gov- HTTPS

(US-East)
AWS us-gov- transcribestreaming.us-gov- HTTPS

(US-West)
Amazon Transcribe Medical

Name
US East us-east-2 transcribe-medical.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 transcribe-medical.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 transcribe-medical.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 transcribe-medical.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 transcribe-medical.ap-east-1.amazonaws.com HTTPS

Pacific
Version 1.0
946
Service quotas

Name
(Hong
Kong)
Asia ap- transcribe-medical.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- transcribe-medical.ap- HTTPS

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- transcribe-medical.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- transcribe-medical.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 transcribe-medical.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Middle me- transcribe-medical.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 transcribe-medical.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
Service quotas

Description
Job queue bandwidth ratio Each supported Yes The ratio of jobs that can
Region: 0.9 be queued in this account
in the current Region
Version 1.0
947
Service quotas

Description
Maximum audio file length Each supported No The maximum length of an

Region: 14,400 audio file in seconds.
Seconds
Maximum audio file length (Medical) Each supported No The maximum audio file
Region: 14,400 length in seconds (Medical).
Seconds
Maximum audio file length for Call Each supported No The maximum audio file
Analytics batch jobs Region: 14,400 length (in seconds) for Call
Seconds Analytics batch jobs.
Maximum audio file size Each supported No The maximum size of an

Region: 2 Gigabytes audio file in Gigabytes.
Maximum audio file size (Medical) Each supported No The maximum audio file
Region: 2 Gigabytes size (in GB) for medical
transcription.
Maximum audio file size for Call Analytics Each supported No The maximum audio
batch jobs Region: 500 file size (in MB) for Call
Megabytes Analytics batch jobs.
Maximum length of a custom vocabulary Each supported No The maximum number

phrase Region: 256 of characters in a custom
vocabulary phrase.
Maximum number of categories for Call Each supported Yes The maximum number of
Analytics batch jobs Region: 200 categories per account for
Call Analytics batch jobs.
Maximum number of rules per category Each supported Yes The maximum number of
for Call Analytics batch jobs Region: 20 rules per category for Call
Analytics batch jobs.
Maximum number of targets allowed per Each supported Yes The maximum number
category for Call Analytics batch jobs Region: 100 of targets allowed per
category for Call Analytics
batch jobs
Maximum number of vocabulary filters Each supported No The maximum number of

Region: 100 vocabulary filters from
Region.
Maximum size of a custom vocabulary Each supported No The maximum size (in KB)
Region: 50 Kilobytes of a custom vocabulary.
Maximum size of a vocabulary filter Each supported No The maximum size (in KB)
Region: 50 Kilobytes of a vocabulary filter.
Minimum audio file duration Each supported No The minimum audio file
Region: 500 duration (in ms).
Milliseconds
Version 1.0
948
Service quotas

Description
Minimum audio file duration (Medical) Each supported No The minimum audio file
Region: 500 duration, in milliseconds
Milliseconds (ms) for medical
transcription.
Minimum audio file duration for Call Each supported No The minimum audio file
Analytics batch jobs Region: 500 duration, in milliseconds
Milliseconds (ms), for Call Analytics
batch jobs.
Number of Each supported Yes The maximum number of

StartMedicalStreamTranscription Region: 25 StartMedicalStreamTranscription
Websocket requests Websocket requests.
Number of StartStreamTranscription Each supported Yes The maximum number of

Websocket requests Region: 25 StartStreamTranscription
Websocket requests that
from this account in the
current Region.
Number of channels for channel Each supported Yes The maximum number of
identification Region: 2 channels that an audio file
can contain for channel
identification transcription
jobs.
Number of channels for channel Each supported No The maximum number

identification (Medical) Region: 2 of channels for channel
identification (Medical).
Number of channels for channel Each supported No The maximum number

identification for Call Analytics batch jobs Region: 2 of channels for channel
identification for Call
Number of concurrent Call Analytics batch Each supported Yes The maximum number of
jobs Region: 100 concurrent Call Analytics
batch jobs.
Number of concurrent HTTP/2 streams for Each supported Yes The maximum number
streaming transcription. Region: 25 of concurrent stream
transcription jobs in this
Region
Number of concurrent batch transcription Each supported Yes The maximum number of
jobs Region: 250 concurrent transcription
jobs in this account in the
current Region
Number of concurrent medical batch Each supported Yes The maximum number of
transcription jobs Region: 250 concurrent medical batch
transcription jobs.
Version 1.0
949
Service quotas

Description
Number of concurrently training custom Each supported Yes The maximum number of
language models Region: 3 custom language models
that can be trained at one
time in this account in the
current Region.
Number of days that job records are Each supported No The number of days that
retained Region: 90 job records are retained.
Number of days that job records are Each supported No The maximum number of
retained (Medical) Region: 90 days that job records are
retained (Medical).
Number of days that job records are Each supported No The number of days job
retained for Call Analytics batch jobs Region: 90 records are retained for Call
Number of pending medical vocabularies Each supported Yes The maximum number
Region: 10 of pending medical
vocabularies.
Number of pending vocabularies Each supported Yes The maximum number of

Region: 10 vocabularies that can be in
the pending state at one
time in this account in the
current Region.
Total number of custom language models Each supported Yes The maximum number of
per account Region: 10 custom language models in
Region.
Total number of medical vocabularies per Each supported Yes The maximum total
account Region: 100 number of medical
vocabularies per account.
Total number of vocabularies per account Each supported Yes The total number of
Region: 100 vocabularies that you can
current Region.
Transactions per second, Each supported Yes The maximum transactions

CreateCallAnalyticsCategory operation Region: 10 per second for the
CreateCallAnalyticsCategory
operation.
Transactions per second, CreateVocabulary Each supported Yes The maximum number of
operation Region: 10 CreateVocabulary requests
second from this account in
the current Region.

DeleteCallAnalyticsCategory operation Region: 5 per second for the
DeleteCallAnalyticsCategory
operation.
Version 1.0
950
Service quotas

Description

DeleteCallAnalyticsJob operation Region: 5 per second for the
DeleteCallAnalyticsJob
operation.
Transactions per second, Each supported Yes The maximum

DeleteMedicalTranscriptionJob operation Region: 5 transactions per second,
DeleteMedicalTranscriptionJob
operation.

DeleteMedicalVocabulary operation Region: 5 per second for the
DeleteMedicalVocabulary
operation.
Transactions per second, Each supported Yes The maximum number of

DeleteTranscriptionJob operation Region: 5 DeleteTranscriptionJob
make per second from
Region.
Transactions per second, DeleteVocabulary Each supported Yes The maximum number of
operation Region: 5 DeleteVocabulary requests
the current Region.

GetCallAnalyticsCategory operation Region: 20 per second for the
GetCallAnalyticsCategory
operation.

GetCallAnalyticsJob operation Region: 20 per second for the
GetCallAnalyticsJob
operation.

GetMedicalTranscriptionJob operation Region: 30 per second for the
GetMedicalTranscriptionJob
operation.

GetMedicalVocabulary operation Region: 20 per second for the
GetMedicalVocabulary
operation.
Transactions per second, Each supported Yes The maximum number

GetTranscriptionJob operation Region: 30 of GetTranscriptionJob
Region.
Version 1.0
951
Service quotas

Description
Transactions per second, GetVocabulary Each supported Yes The maximum number of
operation Region: 20 GetVocabulary requests
the current Region.

ListCallAnalyticsCategories operation Region: 5 per second for the
ListCallAnalyticsCategories
operation.

ListCallAnalyticsJobs operation Region: 5 per second for the
ListCallAnalyticsJobs
operation.

ListMedicalTranscriptionJobs operation Region: 5 per second for the
ListMedicalTranscriptionJobs
operation.

ListMedicalVocabularies operation Region: 5 per second for the
ListMedicalVocabularies
operation.

ListTranscriptionJobs operation Region: 5 of ListTranscriptionJobs
Region.
Transactions per second, ListVocabularies Each supported Yes The maximum number of
operation Region: 5 ListVocabularies requests
the current Region.

StartCallAnalyticsJob operation Region: 10 per second for the
StartCallAnalyticsJob
operation.

StartMedicalStreamTranscription Region: 25 per second for the
operation StartMedicalStreamTranscription
operation.

StartMedicalTranscriptionJob operation Region: 25 per second for the
StartMedicalTranscriptionJob
operation.
Version 1.0
952
Transfer Family

Description

StartStreamTranscription operation Region: 25 StartStreamTranscription
Region.

StartTranscriptionJob operation Region: 25 of StartTranscriptionJob
Region.

UpdateCallAnalyticsCategory operation Region: 10 per second for the
UpdateCallAnalyticsCategory
operation.

UpdateMedicalVocabulary operation Region: 10 per second for the
UpdateMedicalVocabulary
operation.

UpdateVocabulary operation Region: 10 UpdateVocabulary requests
the current Region.
For more information, see Guidelines and quotas in the Amazon Transcribe Developer Guide.
AWS Transfer Family endpoints and quotas

Service endpoints
Name
US East us-east-2 transfer.us-east-2.amazonaws.com HTTPS

(Ohio)
transfer-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 transfer.us-east-1.amazonaws.com HTTPS

Virginia)
transfer-fips.us-east-1.amazonaws.com HTTPS
Version 1.0
953
Service endpoints

Name
US us-west-1 transfer.us-west-1.amazonaws.com HTTPS

West (N.
California) transfer-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 transfer.us-west-2.amazonaws.com HTTPS

(Oregon)
transfer-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 transfer.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 transfer.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- transfer.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- transfer.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)
Asia ap- transfer.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- transfer.ap-southeast-2.amazonaws.com HTTPS

(Sydney)

(Tokyo)
Canada ca- transfer.ca-central-1.amazonaws.com HTTPS

(Central) central-1
transfer-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- transfer.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 transfer.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- transfer.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
Version 1.0
954
Service quotas

Name

(Paris)
Europe eu-north-1 transfer.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- transfer.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 transfer.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- transfer.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) transfer-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- transfer.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) transfer-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Concurrent sessions per server Each supported No Maximum number of

Region: 10,000 concurrent sessions per
server
File size Each supported No Maximum size of an

Region: 5 Terabytes individual file, which is
the maximum size of an
individual object in Amazon
S3
Idle connection timeout Each supported No Inactivity timeout for SFTP/

Region: 1,800 FTP(S) connections. If there
Seconds is no activity after the
period has passed the client
may be disconnected
Maximum number of AD Groups for access Each supported Yes Number of Active Directory
Region: 100 Groups allowed for
mapping to access per
server
Maximum number of new executions per Each supported No Maximum number of new
workflow Region: 100 executions allowed per
workflow at one time.
Version 1.0
955
Amazon Translate

Description
New executions refill rate per workflow Each supported No The new executions refill
per second Region: 1 rate per workflow per
second
Number of Service Managed users per Each supported Yes Maximum number of
server Region: 10,000 Service Managed users per
server
Number of authentication requests per Each supported No If your identity provider

user per second Region: 2 type is AWS Directory
Service, there is a limit of
2 authentications per user
per second per directory
SSH keys per Service Managed user Each supported Yes Maximum number of SSH
Region: 50 keys per Service Managed
user
Servers per account Each supported Yes Maximum number of

Region: 50 servers per account
VPC_ENDPOINT servers per account Each supported No Maximum number of

Region: 10 VPC_ENDPOINT servers per
account
Workflows per account Each supported Yes Maximum number of

Region: 10 workflows per account
Amazon Translate endpoints and quotas

Service endpoints

Name
US East us-east-2 translate.us-east-2.amazonaws.com HTTPS

(Ohio)
translate-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 translate.us-east-1.amazonaws.com HTTPS

Virginia)
translate-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 translate.us-west-1.amazonaws.com HTTPS

West (N.
California)
Version 1.0
956
Service endpoints

Name
US West us-west-2 translate.us-west-2.amazonaws.com HTTPS

(Oregon)
translate-fips.us-west-2.amazonaws.com HTTPS
Asia ap-east-1 translate.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- translate.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- translate.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- translate.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- translate.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- translate.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- translate.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- translate.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 translate.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 translate.eu-north-1.amazonaws.com HTTPS

(Stockholm)
AWS us-gov- translate.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) translate-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
957
Service quotas
Service quotas

Description
Concurrent batch translation jobs Each supported Yes The maximum number
Region: 10 of concurrent batch
translation jobs in this
Region.
Custom terminology files Each supported Yes The maximum number

Region: 100 of custom terminology
files you can store in this
Region.
Parallel data resources Each supported Yes The maximum number of

Region: 1,000 parallel data resources in
Region.
For more information, see Guidelines and Quotas in the Amazon Translate Developer Guide.
Amazon Virtual Private Cloud endpoints and

quotas
Service endpoints

Name
US East us-east-2 ec2.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 ec2.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 ec2.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 ec2.us-west-2.amazonaws.com HTTPS

(Oregon)
Version 1.0
958
Service endpoints

Name
Africa af-south-1 ec2.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 ec2.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- ec2.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- ec2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- ec2.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- ec2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- ec2.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 ec2.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- ec2.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 ec2.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Version 1.0
959
Service quotas

Name
Middle me- ec2.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Middle me- ec2.me-central-1.amazonaws.com HTTPS

South sa-east-1 ec2.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)

GovCloud east-1
(US-East)

GovCloud west-1
(US-West)
If you specify the general endpoint (ec2.amazonaws.com), Amazon VPC directs your request to the us-
east-1 endpoint.
Service quotas
Description
Active VPC peering connections per VPC Each supported Yes The maximum number
Region: 50 of active VPC peering
connections per VPC. This
quota can be increased up
to a maximum of 125.
Characters per VPC endpoint policy Each supported No The maximum number
Region: 20,480 of characters in a VPC
endpoint policy, including
white space.
Egress-only internet gateways per Region Each supported Yes The maximum number of
Region: 5 egress-only (outbound-
only) internet gateways
per Region. This quota
is directly tied to the
maximum number of VPCs
per Region. To increase this
quota, increase the number
of VPCs per Region.
Gateway VPC endpoints per Region Each supported Yes The maximum number of
Region: 20 gateway VPC endpoints per
Region. The maximum is
255 gateway endpoints per
VPC.
Version 1.0
960
Service quotas

Description
IPv4 CIDR blocks per VPC Each supported Yes The maximum number of
Region: 5 IPv4 CIDR blocks per VPC.
The primary CIDR block and
all secondary CIDR blocks
count toward this quota.
This quota can be increased
up to a maximum of 50.
IPv6 CIDR blocks per VPC Each supported Yes The maximum number of
Region: 5 IPv6 CIDR blocks per VPC.
Inbound or outbound rules per security Each supported Yes The maximum number
group Region: 60 of inbound or outbound
rules per VPC security
group (120 rules in total).
This quota is enforced
separately for IPv4 and
IPv6 rules. A rule that
references a security group
or prefix list ID counts as
one rule each for IPv4 and
IPv6. This quota multiplied
by the security groups per
network interface quota
cannot exceed 1000.
Interface VPC endpoints per VPC Each supported Yes The maximum number of
Region: 50 interface VPC endpoints
per VPC.
Internet gateways per Region Each supported Yes The maximum number
Region: 5 of internet gateways
per Region. This quota
is directly tied to the
maximum number of VPCs
per Region. To increase this
quota, increase the number
of VPCs per Region.
NAT gateways per Availability Zone Each supported Yes The maximum number
Region: 5 of NAT gateways per
Availability Zone. This
includes NAT gateways
in the pending, active, or
deleting state.
Network ACLs per VPC Each supported Yes The maximum number of
Region: 200 network ACLs per VPC.
Network Address Usage Each supported Yes The maximum Network

Region: 64,000 Address Usage for a single
VPC.
Network interfaces per Region Each supported Yes The maximum number
Region: 5,000 of network interfaces per
Region.
Version 1.0
961
Service quotas

Description
Outstanding VPC peering connection Each supported Yes The maximum number of
requests Region: 25 outstanding VPC peering
connection requests that
youve requested.
Participant accounts per VPC Each supported Yes The maximum number
Region: 100 of distinct participant
accounts that subnets in
a VPC can be shared with.
This is a per VPC quota
and applies across all the
subnets shared in a VPC.
Peered Network Address Usage Each supported Yes The maximum Network
Region: 128,000 Address Usage for a VPC
and its peers.
Route tables per VPC Each supported Yes The maximum number of
Region: 200 route tables per VPC. The
main route table counts
toward this quota.
Routes per route table Each supported Yes The maximum number of
Region: 50 non-propagated routes
per route table. This
quota can be increased
up to a maximum of
1000; however, network
performance might be
impacted. This quota is
enforced separately for
IPv4 and IPv6 routes.
Rules per network ACL Each supported Yes The maximum number of
Region: 20 inbound rules or outbound
rules per network ACL
(a total of 40 rules). This
includes both IPv4 and IPv6
rules, and the default deny
rules. This quota can be
increased up to a maximum
of 40; however, network
performance might be
impacted.
Security groups per network interface Each supported Yes The maximum number
Region: 5 of security groups per
network interface. The
maximum is 16. This quota,
multiplied by the quota for
rules per security group,
cannot exceed 1000.
Subnets per VPC Each supported Yes The maximum number of

Region: 200 subnets per VPC.
Version 1.0
962
AWS WAF

Description
Subnets that can be shared with an Each supported Yes The maximum number of
account Region: 100 subnets that can be shared
with an AWS account.
VPC peering connection request expiry Each supported No The maximum number
hours Region: 168 of hours after which an
unaccepted VPC peering
connection request expires.
The default value is 168
hours (one week).
VPC security groups per Region Each supported Yes The maximum number of
Region: 2,500 VPC security groups per
Region.
VPCs per Region Each supported Yes The maximum number

Region: 5 of VPCs per Region. This
quota is directly tied to
the maximum number
of internet gateways per
Region.
• Amazon VPC quotas

• AWS Transit Gateway quotas
• AWS Network Manager quotas
• Traffic Mirroring quotas
• VPC Reachability Analyzer quotas
• Network Access Analyzer quotas
• AWS Client VPN quotas
• Site-to-Site VPN quotas
AWS WAF endpoints and quotas

Note
This page provides information related the latest version of AWS WAF, released in November
2019. The names of the entities that you use to access AWS WAF, like endpoints and
namespaces, all have the versioning information added, like V2 or v2, to distinguish from the
prior version.
Version 1.0
963
Service endpoints
Service endpoints

Name
US East us-east-2 wafv2.us-east-2.amazonaws.com HTTPS

(Ohio)
wafv2-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 wafv2.us-east-1.amazonaws.com HTTPS

Virginia)
wafv2-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 wafv2.us-west-1.amazonaws.com HTTPS

West (N.
California) wafv2-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 wafv2.us-west-2.amazonaws.com HTTPS

(Oregon)
wafv2-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 wafv2.af-south-1.amazonaws.com HTTPS

(Cape
Town) wafv2-fips.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 wafv2.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong wafv2-fips.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- wafv2.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) wafv2-fips.ap-southeast-3.amazonaws.com HTTPS
Asia ap- wafv2.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) wafv2-fips.ap-south-1.amazonaws.com HTTPS
Asia ap- wafv2.ap-northeast-3.amazonaws.com HTTPS

(Osaka) wafv2-fips.ap-northeast-3.amazonaws.com HTTPS

(Seoul) wafv2-fips.ap-northeast-2.amazonaws.com HTTPS

(Singapore) wafv2-fips.ap-southeast-1.amazonaws.com HTTPS

(Sydney) wafv2-fips.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) wafv2-fips.ap-northeast-1.amazonaws.com HTTPS
Version 1.0
964
Service quotas

Name
Canada ca- wafv2.ca-central-1.amazonaws.com HTTPS

(Central) central-1
wafv2-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- wafv2.eu-central-1.amazonaws.com HTTPS

wafv2-fips.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 wafv2.eu-west-1.amazonaws.com HTTPS

(Ireland)
wafv2-fips.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- wafv2.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
wafv2-fips.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 wafv2.eu-north-1.amazonaws.com HTTPS

(Stockholm)
wafv2-fips.eu-north-1.amazonaws.com HTTPS
Middle me- wafv2.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) wafv2-fips.me-south-1.amazonaws.com HTTPS
South sa-east-1 wafv2.sa-east-1.amazonaws.com HTTPS

America
(São wafv2-fips.sa-east-1.amazonaws.com HTTPS
Paulo)
AWS us-gov- wafv2.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) wafv2-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- wafv2.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) wafv2-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Maximum IP sets per account in WAF for Each supported No The maximum number of IP
CloudFront Region: 100 sets you can create in your
account for CloudFront.
Version 1.0
965
Service quotas

Description
Maximum IP sets per account in WAF for Each supported No The maximum number of IP
regional Region: 100 sets you can create in your
account for regional.
Maximum number of IP addresses in an IP Each supported No The maximum number of IP

set in WAF for CloudFront Region: 10,000 addresses allowed in an IP
set for CloudFront.
Maximum number of IP addresses in an IP Each supported No The maximum number of IP

set in WAF for regional Region: 10,000 addresses allowed in an IP
set for regional.
Maximum number of bytes in a string Each supported No The maximum number of

match (byte match) string in WAF for Region: 200 bytes you can create in a
CloudFront string match (byte match)
string for CloudFront.
Maximum number of bytes in a string Each supported No The maximum number of

match (byte match) string in WAF for Region: 200 bytes you can create in a
regional string match (byte match)
string for regional.
Maximum number of characters allowed Each supported No The maximum number

in a regex pattern per account in WAF for Region: 200 of characters allowed in
Cloudfront a regex pattern in your
Maximum number of characters allowed Each supported No The maximum number

in a regex pattern per account in WAF for Region: 200 of characters allowed in
regional a regex pattern in your
Maximum number of log destination Each supported No The maximum number of

configs per web ACL in WAF for Cloudfront Region: 1 log destination configs
allowed in a web ACL for
CloudFront.
Maximum number of log destination Each supported No The maximum number of

configs per web ACL in WAF for regional Region: 1 log destination configs
regional.
Maximum number of patterns in a regex Each supported No The maximum number of

pattern set per account in WAF for Region: 10 patterns in a regex pattern
Cloudfront set you can create in your
Maximum number of patterns in a regex Each supported No The maximum number of

pattern set per account in WAF for Region: 10 patterns in a regex pattern
regional set you can create in your
Maximum number of rate-based Each supported No The maximum number

statements per web ACL in WAF for Region: 10 of rate-based statements
Cloudfront allowed in a web ACL for
CloudFront.
Version 1.0
966
Service quotas

Description
Maximum number of rate-based Each supported No The maximum number

statements per web ACL in WAF for Region: 10 of rate-based statements
regional allowed in a web ACL for
regional.
Maximum number of referenced Each supported No The maximum number

statements per rule group or web ACL in Region: 50 of referenced statements
WAF for Cloudfront allowed within a rule group
or web ACL for CloudFront.
Maximum number of referenced Each supported No The maximum number

statements per rule group or web ACL in Region: 50 of referenced statements
WAF for regional allowed within a rule group
or web ACL for regional.
Maximum number of web ACL capacity Each supported Yes The maximum number of
units in a rule group in WAF for CloudFront Region: 1,500 web ACL capacity units
allowed in a rule group for
CloudFront.
units in a rule group in WAF for regional Region: 1,500 web ACL capacity units
allowed in a rule group for
regional.
units in a web ACL in WAF for CloudFront Region: 1,500 web ACL capacity units
CloudFront.
units in a web ACL in WAF for regional Region: 1,500 web ACL capacity units
regional.
Maximum regex pattern sets per account Each supported No The maximum number of
in WAF for CloudFront Region: 10 regex pattern sets you can
create in your account for
CloudFront.
Maximum regex pattern sets per account Each supported No The maximum number of
in WAF for regional Region: 10 regex pattern sets you can
regional.
Maximum rule groups per account in WAF Each supported Yes The maximum number
for CloudFront Region: 100 of rule groups you can
CloudFront.
Maximum rule groups per account in WAF Each supported Yes The maximum number
for regional Region: 100 of rule groups you can
regional.
Version 1.0
967
AWS WAF Classic

Description
Maximum web ACLs per account in WAF Each supported Yes The maximum number
for CloudFront Region: 100 of web ACLs you can
CloudFront.
Maximum web ACLs per account in WAF Each supported Yes The maximum number of
for regional Region: 100 web ACLs you can create in
your account for regional.
Number of CloudWatch Logs log streams Each supported Yes The number of CloudWatch
per web ACL for CloudFront Region: 35 Logs log streams per web
ACL for CloudFront.
Number of CloudWatch Logs log streams Each supported Yes The number of CloudWatch
per web ACL for regional Region: 35 Logs log streams per web
ACL for regional.
For more information, see AWS WAF quotas in the AWS WAF Developer Guide.
AWS WAF Classic endpoints and quotas

Note
This page provides information related to AWS WAF Classic. If you created AWS WAF resources,
like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated your
web ACLs over yet, you must use AWS WAF Classic to access those resources. Otherwise, do not
use this version.
For information related to the latest version of AWS WAF, see AWS WAF endpoints and
quotas (p. 963).
Service endpoints
Name
US East us-east-2 waf.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 waf.amazonaws.com HTTPS

Virginia)
waf-fips.amazonaws.com HTTPS
waf-fips.amazonaws.com HTTPS
US us-west-1 waf.amazonaws.com HTTPS

West (N.
California)
Version 1.0
968
Service endpoints

Name
US West us-west-2 waf.amazonaws.com HTTPS

(Oregon)
Africa af-south-1 waf.amazonaws.com HTTPS

(Cape
Town)
Asia ap-east-1 waf.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- waf.amazonaws.com HTTPS

Pacific south-1
(Mumbai)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- waf.amazonaws.com HTTPS

(Central) central-1
Europe eu- waf.amazonaws.com HTTPS

Europe eu-west-1 waf.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- waf.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 waf.amazonaws.com HTTPS

(Stockholm)
Middle me- waf.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
969
Service endpoints

Name
South sa-east-1 waf.amazonaws.com HTTPS

America
(São
Paulo)
AWS WAF Classic for Application Load Balancers and API Gateway APIs has the following endpoints:

Name
US East us-east-2 waf-regional.us-east-2.amazonaws.com HTTPS

(Ohio)
waf-regional-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 waf-regional.us-east-1.amazonaws.com HTTPS

Virginia)
waf-regional-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 waf-regional.us-west-1.amazonaws.com HTTPS

West (N.
California) waf-regional-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 waf-regional.us-west-2.amazonaws.com HTTPS

(Oregon)
waf-regional-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 waf-regional.af-south-1.amazonaws.com HTTPS

(Cape
Town) waf-regional-fips.af-south-1.amazonaws.com HTTPS
Asia ap-east-1 waf-regional.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong waf-regional-fips.ap-east-1.amazonaws.com HTTPS
Kong)
Asia ap- waf-regional.ap-southeast-3.amazonaws.com HTTPS

(Jakarta) waf-regional-fips.ap-southeast-3.amazonaws.com HTTPS
Asia ap- waf-regional.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai) waf-regional-fips.ap-south-1.amazonaws.com HTTPS
Asia ap- waf-regional.ap-northeast-3.amazonaws.com HTTPS

(Osaka) waf-regional-fips.ap-northeast-3.amazonaws.com HTTPS

(Seoul) waf-regional-fips.ap-northeast-2.amazonaws.com HTTPS

(Singapore) waf-regional-fips.ap-southeast-1.amazonaws.com HTTPS
Version 1.0
970
Service endpoints

Name

(Sydney) waf-regional-fips.ap-southeast-2.amazonaws.com HTTPS

(Tokyo) waf-regional-fips.ap-northeast-1.amazonaws.com HTTPS
Canada ca- waf-regional.ca-central-1.amazonaws.com HTTPS

(Central) central-1
waf-regional-fips.ca-central-1.amazonaws.com HTTPS
Europe eu- waf-regional.eu-central-1.amazonaws.com HTTPS

waf-regional-fips.eu-central-1.amazonaws.com HTTPS
Europe eu-west-1 waf-regional.eu-west-1.amazonaws.com HTTPS

(Ireland)
waf-regional-fips.eu-west-1.amazonaws.com HTTPS

(London)
Europe eu- waf-regional.eu-south-1.amazonaws.com HTTPS

(Milan) south-1
waf-regional-fips.eu-south-1.amazonaws.com HTTPS

(Paris)
Europe eu-north-1 waf-regional.eu-north-1.amazonaws.com HTTPS

(Stockholm)
waf-regional-fips.eu-north-1.amazonaws.com HTTPS
Middle me- waf-regional.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain) waf-regional-fips.me-south-1.amazonaws.com HTTPS
South sa-east-1 waf-regional.sa-east-1.amazonaws.com HTTPS

America
(São waf-regional-fips.sa-east-1.amazonaws.com HTTPS
Paulo)
AWS us-gov- waf-regional.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) waf-regional-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- waf-regional.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) waf-regional-fips.us-gov-west-1.amazonaws.com HTTPS
Version 1.0
971
Service quotas
Service quotas

Description
Conditions per rule Each supported No The maximum number of

Region: 10 conditions you can add to a
rule.
Filters per SQL injection match condition Each supported No The maximum number of
Region: 10 filters you can add to a SQL
injection match condition.
Filters per cross-site scripting match Each supported No The maximum number of
condition Region: 10 filters you can add to a
cross-site scripting match
condition.
Filters per size constraint condition Each supported No The maximum number of
Region: 10 filters you can add to a size
constraint condition.
Filters per string match condition Each supported No The maximum number of
Region: 10 filters you can add to a
string match condition.
GeoMatchSets Each supported No The maximum number of

Region: 50 GeoMatchSets you can add
to your account.
HTTP header name length Each supported No The length, in bytes, that
Region: 40 you want AWS WAF to
inspect the HTTP header
for in a size constraint
condition.
IP address ranges per IP set match Each supported No The maximum number of
condition Region: 10,000 IP address ranges (in CIDR
notation) you can add to an
IP Set match condition.
IP addresses blocked per rate-based rule Each supported No The maximum number of IP
Region: 10,000 addresses blocked per rate-
based rule.
Locations per GeoMatchSet Each supported No The maximum number of

Region: 50 locations you can add to a
GeoMatchSet.
Logging destination configurations per Each supported No The maximum number

web ACL Region: 1 of logging destination
configurations you can add
to a web ACL.
Pattern sets per regex match condition Each supported No The maximum number of
Region: 1 pattern sets you can add to
regex match condition.
Version 1.0
972
Service quotas

Description
Patterns per pattern set Each supported No The maximum number of

Region: 10 patterns you can add to
a pattern set in a regex
match condition.
Rate of requests Each supported Yes The maximum number of

Region: 10,000 requests per second on an
Application Load Balancer.
This limit applies only to
AWS WAF on an Application
Load Balancer. This limit
can be increased using the
AWS console.
Rate-based rule rate Each supported No The maximum number of

Region: 2,000 requests from a single IP
address allowed in a five-
minute period.
Rate-based rules Each supported Yes The maximum number of

Region: 5 rate-based rules you can
create in your account.
Regex pattern length Each supported No The number of characters

Region: 70 that you want AWS WAF to
search for in the pattern in
a regex match condition.
Regex pattern sets Each supported No The maximum number of

Region: 5 regex pattern sets you can
add to your account.
Rules Each supported Yes The maximum number of

Region: 100 rules you can create in your
account.
Rules per web ACL Each supported No The maximum number of

Region: 10 rules you can add to a web
ACL.
Search length Each supported No The length, in bytes,

Region: 50 that you want AWS WAF
to watch for in a size
constraint condition.
Web ACLs Each supported Yes The maximum number of

Region: 50 Web ACLs you can create in
your account.
For more information, see AWS WAF Classic quotas in the AWS WAF Developer Guide.
Version 1.0
973
AWS Well-Architected Tool
AWS Well-Architected Tool endpoints and quotas

Service endpoints

Name
US East us-east-2 wellarchitected.us-east-2.amazonaws.com HTTPS

(Ohio)
US East (N. us-east-1 wellarchitected.us-east-1.amazonaws.com HTTPS

Virginia)
US us-west-1 wellarchitected.us-west-1.amazonaws.com HTTPS

West (N.
California)
US West us-west-2 wellarchitected.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap-east-1 wellarchitected.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- wellarchitected.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- wellarchitected.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- wellarchitected.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- wellarchitected.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- wellarchitected.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- wellarchitected.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- wellarchitected.eu-central-1.amazonaws.com HTTPS

Version 1.0
974
Service quotas

Name
Europe eu-west-1 wellarchitected.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)

(Paris)
Europe eu-north-1 wellarchitected.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- wellarchitected.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
South sa-east-1 wellarchitected.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- wellarchitected.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East)
AWS us-gov- wellarchitected.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West)
Service quotas

Description
Choices per question Each supported No The maximum number of

Region: 15 choices that can be created
for a question.
Lens size Each supported No The maximum lens size, in

Region: 500 KB.
Kilobytes
Lenses per account per Region Each supported No The maximum number of
Region: 15 lenses that can be created
per account in a Region.
Lenses per workload Each supported No The maximum number

Region: 20 of lenses that can be
associated with a workload.
Milestones per workload Each supported No The maximum number

Region: 100 of milestones that can be
created for a workload.
Version 1.0
975
Amazon WorkDocs

Description
Pillars per lens Each supported No The maximum number of

Region: 10 pillars that can be created
for a lens.
Questions per pillar Each supported No The maximum number

Region: 20 of questions that can be
created for a pillar.
Shares per lens Each supported No The maximum number of

Region: 300 shares that can be created
for a lens.
Shares per workload Each supported No The maximum number of

Region: 20 shares that can be created
for a workload.
Versions per lens Each supported No The maximum number

Region: 100 of versions that can be
created for a lens.
Workloads per account per Region Each supported No The maximum number
Region: 1,000 of workloads that can be
created per account in a
Region.
Amazon WorkDocs endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 workdocs.us-east-1.amazonaws.com HTTPS

Virginia)
workdocs-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 workdocs.us-west-2.amazonaws.com HTTPS

(Oregon)
workdocs-fips.us-west-2.amazonaws.com HTTPS
Asia ap- workdocs.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- workdocs.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Version 1.0
976
Amazon WorkMail

Name
Asia ap- workdocs.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Europe eu-west-1 workdocs.eu-west-1.amazonaws.com HTTPS

(Ireland)
Amazon WorkMail endpoints and quotas

Service endpoints
Region Name Region Service Endpoint
US East (N. Virginia) us-east-1 Amazon WorkMail https://workmail.us-

SDK east-1.amazonaws.com
US East (N. Virginia) us-east-1 Autodiscover autodiscover-service.mail.us-

east-1.awsapps.com
US East (N. Virginia) us-east-1 Exchange web ews.mail.us-east-1.awsapps.com

services
US East (N. Virginia) us-east-1 Exchange ActiveSync mobile.mail.us-east-1.awsapps.com
US East (N. Virginia) us-east-1 MAPI Proxy outlook.mail.us-east-1.awsapps.com
US East (N. Virginia) us-east-1 IMAPS imap.mail.us-east-1.awsapps.com
US East (N. Virginia) us-east-1 SMTP via TLS (port smtp.mail.us-east-1.awsapps.com

465)
US West (Oregon) us-west-2 Amazon WorkMail https://workmail.us-

SDK west-2.amazonaws.com
US West (Oregon) us-west-2 Autodiscover autodiscover-service.mail.us-

west-2.awsapps.com
US West (Oregon) us-west-2 Exchange web ews.mail.us-west-2.awsapps.com

services
US West (Oregon) us-west-2 Exchange ActiveSync mobile.mail.us-west-2.awsapps.com
US West (Oregon) us-west-2 MAPI Proxy outlook.mail.us-west-2.awsapps.com
US West (Oregon) us-west-2 IMAPS imap.mail.us-west-2.awsapps.com
US West (Oregon) us-west-2 SMTP via TLS (port smtp.mail.us-west-2.awsapps.com

465)
Version 1.0
977
Service quotas
Region Name Region Service Endpoint
Europe (Ireland) eu-west-1 Amazon WorkMail https://workmail.eu-

SDK west-1.amazonaws.com
Europe (Ireland) eu-west-1 Autodiscover autodiscover-service.mail.eu-

west-1.awsapps.com
Europe (Ireland) eu-west-1 Exchange web ews.mail.eu-west-1.awsapps.com

services
Europe (Ireland) eu-west-1 Exchange ActiveSync mobile.mail.eu-west-1.awsapps.com
Europe (Ireland) eu-west-1 MAPI Proxy outlook.mail.eu-west-1.awsapps.com
Europe (Ireland) eu-west-1 IMAPS imap.mail.eu-west-1.awsapps.com
Europe (Ireland) eu-west-1 SMTP via TLS (port smtp.mail.eu-west-1.awsapps.com

465)
Service quotas
For more information, see Amazon WorkMail Quotas.
WorkSpaces endpoints and quotas

Service endpoints

Name
US East (N. us-east-1 workspaces.us-east-1.amazonaws.com HTTPS

Virginia)
workspaces-fips.us-east-1.amazonaws.com HTTPS
US West us-west-2 workspaces.us-west-2.amazonaws.com HTTPS

(Oregon)
workspaces-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 workspaces.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Asia ap- workspaces.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Version 1.0
978
Service quotas

Name
Asia ap- workspaces.ap-northeast-2.amazonaws.com HTTPS

(Seoul)
Asia ap- workspaces.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Asia ap- workspaces.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- workspaces.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- workspaces.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- workspaces.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 workspaces.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 workspaces.eu-west-2.amazonaws.com HTTPS

(London)
South sa-east-1 workspaces.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- workspaces.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) workspaces-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas
Resource Default Description Adjustable
WorkSpaces 1 The maximum number Yes

of WorkSpaces in this
Region.
Graphics WorkSpaces 0 The maximum number Yes

of Graphics WorkSpaces
current Region.
GraphicsPro 0 The maximum number Yes

WorkSpaces of GraphicsPro
WorkSpaces in this
Version 1.0
979
Service quotas
Resource Default Description Adjustable

Region.
Images 40 The maximum number Yes

of images in this
Region.
Bundles 50 The maximum number No

of bundles in this
Region. This quota
applies only to custom
bundles, not to public
bundles.
Connection aliases 20 The maximum number No

of connection aliases
current Region.
Directories 50 The maximum number No

of directories that
can be registered
for use with Amazon
WorkSpaces in this
Region.
IP access control groups 100 The maximum number No

of IP access control
groups in this account
Rules per IP access 10 The maximum number No

control group of rules per IP access
control group in this
Region.
IP access control groups 25 The maximum number No

per directory of IP access control
groups per directory
current Region.
The following quotas are for Amazon WorkSpaces Application Manager. For more information, see
Amazon WorkSpaces Application Manager quotas in the Amazon WAM Administration Guide.

Description
Application assignments per user Each supported Yes The maximum number of
Region: 50 application assignments
per user, in this account in
the current Region.
Version 1.0
980
Amazon WorkSpaces Web

Description
Application size Each supported No The maximum application

Region: 5 Gigabytes size (in GB) that can be
packaged in this account
Applications that are
larger than 5 GB cannot be
packaged using Amazon
WorkSpaces Application
Manager (Amazon WAM).
Total package size without storage fees Each supported No The maximum total size (in
Region: 100 GB) of all your packages
Gigabytes without storage fees,
current Region. There is
no quota for the number
of applications you can
package, but storage fees
will be applied if your
packages exceed 100 GB.
User/WorkSpace or group assignments per Each supported Yes The maximum number
application Region: 200 of user/WorkSpace or
group assignments per
application, in this account
Amazon WorkSpaces Web endpoints and quotas

Service endpoints
Name
US East (N. us-east-1 workspaces-web.us-east-1.amazonaws.com HTTPS

Virginia)
US West us-west-2 workspaces-web.us-west-2.amazonaws.com HTTPS

(Oregon)
Asia ap- workspaces-web.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- workspaces-web.ap-southeast-1.amazonaws.com HTTPS

(Singapore)
Version 1.0
981
Service quotas

Name
Asia ap- workspaces-web.ap-southeast-2.amazonaws.com HTTPS

(Sydney)
Asia ap- workspaces-web.ap-northeast-1.amazonaws.com HTTPS

(Tokyo)
Canada ca- workspaces-web.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- workspaces-web.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 workspaces-web.eu-west-1.amazonaws.com HTTPS

(Ireland)
Europe eu-west-2 workspaces-web.eu-west-2.amazonaws.com HTTPS

(London)
Service quotas
Number of maximum Each supported Region: Yes The maximum

concurrent sessions per 25 number of concurrent
web portal sessions for a Amazon
WorkSpaces Web portal
current Region.
Number of web portals Each supported Region: Yes The maximum number
1 of Amazon WorkSpaces
Web portals in this
Region.
Number of browser Each supported Region: Yes The maximum number

settings 3 of Amazon WorkSpaces
Web browser settings
current Region.
Number of certificates Each supported Region: Yes The maximum number

per trust store 100 of certificates in an
Amazon WorkSpaces
Web trust store in this
Region.
Number of identity Each supported Region: Yes The maximum number

providers per web 1 of identity providers for
portal an Amazon WorkSpaces
Web portal in this
Version 1.0
982
X-Ray

Region.
Number of network Each supported Region: Yes The maximum number

settings 3 of Amazon WorkSpaces
Web network settings
current Region.
Number of trust stores Each supported Region: Yes The maximum number
Web trust stores in this
Region.
Number of user settings Each supported Region: Yes The maximum number
Web user settings in
this account in the
current Region.
AWS X-Ray endpoints and quotas

Service endpoints

Name
US East us-east-2 xray.us-east-2.amazonaws.com HTTPS

(Ohio)
xray-fips.us-east-2.amazonaws.com HTTPS
US East (N. us-east-1 xray.us-east-1.amazonaws.com HTTPS

Virginia)
xray-fips.us-east-1.amazonaws.com HTTPS
US us-west-1 xray.us-west-1.amazonaws.com HTTPS

West (N.
California) xray-fips.us-west-1.amazonaws.com HTTPS
US West us-west-2 xray.us-west-2.amazonaws.com HTTPS

(Oregon)
xray-fips.us-west-2.amazonaws.com HTTPS
Africa af-south-1 xray.af-south-1.amazonaws.com HTTPS

(Cape
Town)
Version 1.0
983
Service endpoints

Name
Asia ap-east-1 xray.ap-east-1.amazonaws.com HTTPS

Pacific
(Hong
Kong)
Asia ap- xray.ap-southeast-3.amazonaws.com HTTPS

(Jakarta)
Asia ap- xray.ap-south-1.amazonaws.com HTTPS

Pacific south-1
(Mumbai)
Asia ap- xray.ap-northeast-3.amazonaws.com HTTPS

(Osaka)

(Seoul)

(Singapore)

(Sydney)

(Tokyo)
Canada ca- xray.ca-central-1.amazonaws.com HTTPS

(Central) central-1
Europe eu- xray.eu-central-1.amazonaws.com HTTPS

Europe eu-west-1 xray.eu-west-1.amazonaws.com HTTPS

(Ireland)

(London)
Europe eu- xray.eu-south-1.amazonaws.com HTTPS

(Milan) south-1

(Paris)
Europe eu-north-1 xray.eu-north-1.amazonaws.com HTTPS

(Stockholm)
Middle me- xray.me-south-1.amazonaws.com HTTPS

East south-1
(Bahrain)
Version 1.0
984
Service quotas

Name
Middle me- xray.me-central-1.amazonaws.com HTTPS

South sa-east-1 xray.sa-east-1.amazonaws.com HTTPS

America
(São
Paulo)
AWS us-gov- xray.us-gov-east-1.amazonaws.com HTTPS

GovCloud east-1
(US-East) xray-fips.us-gov-east-1.amazonaws.com HTTPS
AWS us-gov- xray.us-gov-west-1.amazonaws.com HTTPS

GovCloud west-1
(US-West) xray-fips.us-gov-west-1.amazonaws.com HTTPS
Service quotas

Description
Custom sampling rules per region Each supported Yes The maximum number of
Region: 25 custom sampling rules per
region.
Groups in an account Each supported No The maximum number of

Region: 25 groups per account.
Indexed annotations per trace Each supported No The maximum number of

Region: 50 annotations that can be
added to a single trace.
Segment document size Each supported No The maximum size for

Region: 64 Kilobytes segment documents.
Tags per custom sampling rule Each supported No The maximum number of
Region: 50 tags per custom sampling
rule.
Tags per group Each supported No The maximum number of

Region: 50 tags per group.
Trace and service graph retention in days Each supported No The number of days to
Region: 30 retain trace and service
map data.
Trace data modification period in days Each supported No The number of days to
Region: 7 update recorded data at no
additional cost.
Trace document size (dynamic upper limit) Each supported No The maximum size of a
Region: 500 trace document.
Kilobytes
Version 1.0
985
Service quotas

Description
Trace document size (lower limit) Each supported No The maximum size of a
Region: 100 trace document.
Kilobytes
Version 1.0
986
AWS service endpoints
AWS resources
The following pages provide information that helps you work with AWS resources.
Contents
• AWS service endpoints (p. 987)
• Managing AWS Regions (p. 989)
• AWS service quotas (p. 991)
• Tagging AWS resources (p. 992)
• Amazon Resource Names (ARNs) (p. 996)
AWS service endpoints

To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the
entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI)
automatically use the default endpoint for each service in an AWS Region. But you can specify an
alternate endpoint for your API requests.
If a service supports Regions, the resources in each Region are independent of similar resources in other
Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region.
When you do, the instance or queue is independent of instances or queues in all other Regions.
Contents
• Regional endpoints (p. 987)
• View the service endpoints (p. 988)
• FIPS endpoints (p. 989)
Regional endpoints
Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The
general syntax of a Regional endpoint is as follows.
protocol://service-code.region-code.amazonaws.com
For example, https://dynamodb.us-west-2.amazonaws.com is the endpoint for the Amazon

DynamoDB service in the US West (Oregon) Region.
The following table lists the name and code of each Region.
Name Code
US West (N. California) us-west-1
Version 1.0
987
View the service endpoints
Name Code
Africa (Cape Town) af-south-1
Asia Pacific (Hong Kong) ap-east-1
Asia Pacific (Jakarta) ap-southeast-3
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka) ap-northeast-3
Asia Pacific (Seoul) ap-northeast-2
Canada (Central) ca-central-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Europe (Paris) eu-west-3
Middle East (Bahrain) me-south-1
Middle East (UAE) me-central-1
South America (São Paulo) sa-east-1
AWS GovCloud (US-East) us-gov-east-1
AWS GovCloud (US-West) us-gov-west-1
Some services, such as IAM, do not support Regions. The endpoints for these services do not include
a Region. Other services, such as Amazon EC2, support Regions but let you specify an endpoint that
does not include a Region, such as https://ec2.amazonaws.com. When you use an endpoint with
no Region, AWS routes the Amazon EC2 request to US East (N. Virginia) (us-east-1), which is the default
Region for API calls.
View the service endpoints

You can view the AWS service endpoints using the following options:
• Open Service endpoints and quotas (p. 18), search for the service name, and click the link to open
the page for that service. To view the supported endpoints for all AWS services in the documentation
without switching pages, view the information in the Service Endpoints and Quotas page in the PDF
instead.
• To programmatically check for service availability using the SDK for Java, see Checking for Service
Availability in an AWS Region in the AWS SDK for Java Developer Guide.
Version 1.0
988
FIPS endpoints
• To programmatically view Region and service information using Systems Manager, see Calling AWS
Service, Region, and Endpoint Public Parameters in the AWS Systems Manager User Guide. For
information about how to use public parameters, see Query for AWS Regions, Endpoints, and More
Using AWS Systems Manager Parameter Store.
• To see the supported AWS services in each Region (without endpoints), see the Region Table.
FIPS endpoints
Some AWS services offer FIPS endpoints in selected Regions. Unlike standard AWS endpoints, FIPS
endpoints use a TLS software library that complies with Federal Information Processing Standard
(FIPS) 140-2. These endpoints might be required by enterprises that interact with the United States
government. For more information, see Federal Information Processing Standard (FIPS) 140-2 on the
AWS Compliance site.
To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS SDK or tool
to specify a custom endpoint. For example, the AWS SDKs provide an AWS_USE_FIPS_ENDPOINT
environment variable. The AWS Command Line Interface provides the --endpoint-url option. The
following example uses the FIPS endpoint for the US West (Oregon) Region with an operation for AWS
Key Management Service (AWS KMS).
aws kms create-key --endpoint-url https://kms-fips.us-west-2.amazonaws.com
Minimum TLS version for FIPS endpoints

With FIPS endpoints, the minimum requirement is TLS 1.2. AWS revoked the ability to use TLS 1.0
and TLS 1.1 on all FIPS endpoints in all Regions as of March 31, 2021. For information about how to
determine whether your applications were impacted by this change, see this AWS Security Blog post
from May 3, 2021.
Learn more
You can find endpoint information from the following sources:
• To learn about enabling Regions that are disabled by default, see Managing AWS Regions (p. 989).
• For information about the AWS services and endpoints available in the China Regions, see China
(Beijing) Region Endpoints and China (Ningxia) Region Endpoints.
Managing AWS Regions

An AWS Region is a collection of AWS resources in a geographic area. Each AWS Region is isolated and
independent of the other Regions. Regions provide fault tolerance, stability, and resilience, and can also
reduce latency. They enable you to create redundant resources that remain available and unaffected by a
Regional outage.
The resources that you create in one Region do not exist in any other Region unless you explicitly use a
replication feature offered by an AWS service. For example, Amazon S3 and Amazon EC2 support cross-
Region replication. Some services, such as AWS Identity and Access Management (IAM), do not have
Regional resources.
You can use policy conditions to control access to AWS services in an AWS Region.
Resources
• For a list of Region names and codes, see this table (p. 987).
Version 1.0
989
Enabling a Region
• For a map of available and upcoming Regions, see Regions and Availability Zones.
• For a list of AWS services supported in each Region (without endpoints), see the AWS Regional Services
List.
Enabling a Region
Regions introduced before March 20, 2019 are enabled by default. You can begin creating and managing
resources in these Regions immediately. You cannot enable or disable a Region that is enabled by
default.
If a Region is disabled by default, you must enable it before you can create and manage resources. The
following Regions are disabled by default:
• Africa (Cape Town)

• Asia Pacific (Hong Kong)
• Asia Pacific (Jakarta)
• Europe (Milan)
• Middle East (Bahrain)
• Middle East (UAE)
When you enable a Region, AWS performs actions to prepare your account in that Region, such as
distributing your IAM resources to the Region. This process takes a few minutes for most accounts, but
this can take several hours. You cannot use the Region until this process is complete.
Requirements
To enable a Region that is disabled, you must have permission to enable Regions. To view an example
IAM policy, see Allow enabling and disabling AWS Regions in the IAM User Guide.
To enable a Region
1. Sign in to the AWS Management Console.

2. In the upper right corner of the console, choose your account name or number and then choose
Account.
3. Under AWS Regions, in the Action column for the Region to enable, choose Enable.
Tip
If the Status column says Enabled by default, then you do not need to enable the Region.
4. In the dialog box, review the informational text and then choose Enable Region.
5. Wait until the Region is ready to use.
Disabling a Region
If you enabled one of the following Regions, which are disabled by default, then you can disable it as
needed:
• Africa (Cape Town)

• Asia Pacific (Hong Kong)
• Asia Pacific (Jakarta)
• Europe (Milan)
• Middle East (Bahrain)
• Middle East (UAE)
Version 1.0
990
Describing your Regions using the AWS CLI
After you disable a Region, the resources in this Region become unavailable based on eventual
consistency. However, they are not deleted. You can enable this Region again as needed.
Requirements
• You cannot disable a Region that is enabled by default.

• To disable a Region, you must have permission to disable Regions. To view an example IAM policy, see
Allow enabling and disabling AWS Regions in the IAM User Guide.
• Before you disable a Region, we recommend that you remove all resources from that Region. After you
disable a Region, you can no longer view or manage resources in the Region from that account through
the AWS Management console or AWS APIs with IAM principals. However, resources in that Region can
continue to incur charges. For more information, see Enabling and disabling Regions in the AWS Billing
and Cost Management User Guide.
To disable a Region
1. Sign in to the AWS Management Console.

2. In the upper right corner of the console, choose your account name or number and then choose
Account.
3. Under AWS Regions, in the Action column for the Region to disable, choose Disable.
4. In the dialog box, review the informational text and then choose Disable Region.
Describing your Regions using the AWS CLI

Use the describe-regions command to describe the Regions available for your account, whether they are
enabled or disabled.
aws ec2 describe-regions --all-regions
If the Region is enabled by default, the output includes the following:
"OptInStatus": "opt-in-not-required"
If the Region is not enabled, the output includes the following:
"OptInStatus": "not-opted-in"
After an opt-in Region is enabled, the output includes the following:
"OptInStatus": "opted-in"
AWS service quotas

Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless
otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other
quotas cannot be increased.
Service Quotas is an AWS service that helps you manage your quotas for many AWS services, from one
location. Along with looking up the quota values, you can also request a quota increase from the Service
Quotas console.
Version 1.0
991
Tagging AWS resources
AWS Support might approve, deny, or partially approve your requests.
To view service quotas
You can view service quotas using the following options:
• Open the Service endpoints and quotas (p. 18) page in the documentation, search for the service
name, and click the link to go to the page for that service. To view the service quotas for all AWS
services in the documentation without switching pages, view the information in the Service Endpoints
and Quotas page in the PDF instead.
• Open the Service Quotas console. In the navigation pane, choose AWS services and select a service.
• Use the list-service-quotas and list-aws-default-service-quotas AWS CLI commands.
To request a quota increase
You can request a quota increase using Service Quotas and AWS Support Center. If a service is not yet
available in Service Quotas, use AWS Support Center instead. Increases are not granted immediately. It
might take a couple of days for your increase to become effective.
• (Recommended) Open the Service Quotas console. In the navigation pane, choose AWS services.
Select a service, select a quota, and follow the directions to request a quota increase. For more
information, see Requesting a Quota Increase in the Service Quotas User Guide.
• Use the request-service-quota-increase AWS CLI command.
• Open the AWS Support Center page, sign in if necessary, and choose Create case. Choose Service limit
increase. Complete and submit the form.
Tagging AWS resources

You can assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a
user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
You can create tags to categorize resources by purpose, owner, environment, or other criteria.
Each tag has two parts:
• A tag key (for example, CostCenter, Environment, or Project). Tag keys are case sensitive.
• A tag value (for example, 111122223333 or Production). Like tag keys, tag values are case sensitive.
You can use tags to categorize resources by purpose, owner, environment, or other criteria.
You can tag resources for all cost-accruing services in AWS. For the following services, AWS recommends
newer alternative AWS services that support tagging to better meet customer use cases.
• Amazon Cloud Directory

• Amazon CloudSearch
• Amazon Cognito Sync
• AWS Data Pipeline
• AWS DeepLens
• Amazon Elastic Transcoder
• Amazon Machine Learning
• AWS OpsWorks Stacks
• Amazon S3 Glacier Direct
• Amazon SimpleDB
Version 1.0
992
Best practices
• Amazon WorkSpaces Application Manager (Amazon WAM)
Best practices
As you create a tagging strategy for AWS resources, follow best practices:
• Do not add personally identifiable information (PII) or other confidential or sensitive information in
tags. Tags are accessible to many AWS services, including billing. Tags are not intended to be used for
private or sensitive data.
• Use a standardized, case-sensitive format for tags, and apply it consistently across all resource types.
• Consider tag guidelines that support multiple purposes, like managing resource access control, cost
tracking, automation, and organization.
• Use automated tools to help manage resource tags. AWS Resource Groups and the Resource Groups
Tagging API enable programmatic control of tags, making it easier to automatically manage, search,
and filter tags and resources.
• Use too many tags rather than too few tags.
• Remember that it is easy to change tags to accommodate changing business requirements, but
consider the consequences of future changes. For example, changing access control tags means you
must also update the policies that reference those tags and control access to your resources.
• You can automatically enforce the tagging standards that your organization chooses to adopt by
creating and deploying tag policies using AWS Organizations. Tag policies let you specify tagging
rules that define valid key names and the values that are valid for each key. You can choose to only
monitor, giving you an opportunity to evaluate and clean up your existing tags. Once your tags are
in compliance with your chosen standards, you can then turn on enforcement in the tag policies to
prevent non-compliant tags from being created. For more information, see Tag policies in the AWS
Organizations User Guide.
Tagging categories
Companies that are most effective in their use of tags typically create business-relevant tag groupings
to organize their resources along technical, business, and security dimensions. Companies that use
automated processes to manage their infrastructure also include additional, automation-specific tags.
Technical tags Tags for automation Business tags Security tags
• Name – Identify • Date/Time – Identify • Project – Identify • Confidentiality –

individual resources the date or time a projects that the An identifier for
• Application ID – resource should be resource supports the specific data
Identify resources started, stopped, • Owner – Identify who confidentiality level a
that are related to a deleted, or rotated is responsible for the resource supports
specific application • Opt in/Opt out – resource • Compliance –
• Application Role – Indicate whether • Cost Center/Business An identifier for
Describe the function a resource should Unit – Identify workloads that
of a particular be included in an the cost center must adhere to
resource (such as automated activity or business unit specific compliance
web server, message such as starting, associated with a requirements
broker, database) stopping, or resizing resource, typically for
instances cost allocation and
• Cluster – Identify
resource farms that • Security – Determine tracking
share a common requirements, such • Customer – Identify
configuration and as encryption or a specific client that
enabling of Amazon
Version 1.0
993
Tag naming limits and requirements
Technical tags Tags for automation Business tags Security tags

perform a specific VPC flow logs; a particular group of
function for an identify route tables resources serves
application or security groups
• Environment – that need extra
Distinguish between scrutiny
development, test,
and production
resources
• Version – Help
distinguish between
versions of resources
or applications
Tag naming limits and requirements

The following basic naming and usage requirements apply to tags:
• Each resource can have a maximum of 50 user created tags.

• System created tags that begin with aws: are reserved for AWS use, and do not count against this
limit. You can't edit or delete a tag that begins with the aws: prefix.
• For each resource, each tag key must be unique, and each tag key can have only one value.
• The tag key must be a minimum of 1 and a maximum of 128 Unicode characters in UTF-8.
• The tag value must be a minimum of 0 and a maximum of 256 Unicode characters in UTF-8.
• Allowed characters can vary by AWS service. For information about what characters you can use to tag
resources in a particular AWS service, see its documentation. In general, the allowed characters are
letters, numbers, spaces representable in UTF-8, and the following characters: _ . : / = + - @.
• Tag keys and values are case sensitive. As a best practice, decide on a strategy for capitalizing tags,
and consistently implement that strategy across all resource types. For example, decide whether to use
Costcenter, costcenter, or CostCenter, and use the same convention for all tags. Avoid using
similar tags with inconsistent case treatment.
Common tagging strategies

Use the following tagging strategies to help identify and manage AWS resources.
Contents
• Tags for resource organization (p. 994)
• Tags for cost allocation (p. 995)
• Tags for automation (p. 995)
• Tags for access control (p. 995)
Tags for resource organization

Tags are a good way to organize AWS resources in the AWS Management Console. You can configure tags
to be displayed with resources, and can search and filter by tag. With the AWS Resource Groups service,
you can create groups of AWS resources based on one or more tags or portions of tags. You can also
create groups based on their occurrence in an AWS CloudFormation stack. Using Resource Groups and
Version 1.0
994
Tagging governance
Tag Editor, you can consolidate and view data for applications that consist of multiple services, resources,
and Regions in one place.
Tags for cost allocation

AWS Cost Explorer and detailed billing reports let you break down AWS costs by tag. Typically, you
use business tags such as cost center/business unit, customer, or project to associate AWS costs with
traditional cost-allocation dimensions. But a cost allocation report can include any tag. This lets you
associate costs with technical or security dimensions, such as specific applications, environments, or
compliance programs. The following is an example of a partial cost allocation report.
For some services, you can use an AWS-generated createdBy tag for cost allocation purposes, to help
account for resources that might otherwise go uncategorized. The createdBy tag is available only for
supported AWS services and resources. Its value contains data associated with specific API or console
events. For more information, see AWS-Generated Cost Allocation Tags in the AWS Billing and Cost
Management User Guide.
Tags for automation

Resource or service-specific tags are often used to filter resources during automation activities.
Automation tags are used to opt in or opt out of automated tasks or to identify specific versions of
resources to archive, update, or delete. For example, you can run automated start or stop scripts that
turn off development environments during nonbusiness hours to reduce costs. In this scenario, Amazon
Elastic Compute Cloud (Amazon EC2) instance tags are a simple way to identify instances to opt out of
this action. For scripts that find and delete stale, out-of-date, or rolling Amazon EBS snapshots, snapshot
tags can add an extra dimension of search criteria.
Tags for access control

IAM policies support tag-based conditions, letting you constrain IAM permissions based on specific tags
or tag values. For example, IAM user or role permissions can include conditions to limit EC2 API calls to
specific environments (such as development, test, or production) based on their tags. The same strategy
can be used to limit API calls to specific Amazon Virtual Private Cloud (Amazon VPC) networks. Support
for tag-based, resource-level IAM permissions is service specific. When you use tag-based conditions for
access control, be sure to define and restrict who can modify the tags. For more information about using
tags to control API access to AWS resources, see AWS services that work with IAM in the IAM User Guide.
Tagging governance
An effective tagging strategy uses standardized tags and applies them consistently and
programmatically across AWS resources. You can use both reactive and proactive approaches for
governing tags in your AWS environment.
Version 1.0
995
Learn more
• Reactive governance is for finding resources that are not properly tagged using tools such as the
Resource Groups Tagging API, AWS Config Rules, and custom scripts. To find resources manually, you
can use Tag Editor and detailed billing reports.
• Proactive governance uses tools such as AWS CloudFormation, AWS Service Catalog, tag policies in
AWS Organizations, or IAM resource-level permissions to ensure standardized tags are consistently
applied at resource creation.
For example, you can use the AWS CloudFormation Resource Tags property to apply tags to
resource types. In AWS Service Catalog, you can add portfolio and product tags that are combined and
applied to a product automatically when it is launched. More rigorous forms of proactive governance
include automated tasks. For example, you can use the Resource Groups Tagging API to search an AWS
environment’s tags, or run scripts to quarantine or delete improperly tagged resources.
Learn more
This page provides general information on tagging AWS resources. For more information about tagging
resources in a particular AWS service, see its documentation. The following are also good sources of
information about tagging:
• For information about the AWS Resource Groups Tagging API, see the Resource Groups Tagging API
Reference Guide.
• For information about Tag Editor, see Working with Tag Editor in the AWS Resource Groups User Guide.
• For information about using tags to control access to AWS resources, see Control Access Using IAM
Tags in the IAM User Guide.
Amazon Resource Names (ARNs)

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to
specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database
Service (Amazon RDS) tags, and API calls.
The Service Authorization Reference lists the ARNs that you can use in IAM policies.
ARN format
The following are the general formats for ARNs. The specific formats depend on the resource. To use an
ARN, replace the italicized text with the resource-specific information. Be aware that the ARNs for
some resources omit the Region, the account ID, or both the Region and the account ID.
arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id
partition
The partition in which the resource is located. A partition is a group of AWS Regions. Each AWS
account is scoped to one partition.
The following are the supported partitions:

• aws - AWS Regions
• aws-cn - China Regions
• aws-us-gov - AWS GovCloud (US) Regions
Version 1.0
996
Paths in ARNs
service
The service namespace that identifies the AWS product. For example, s3 for Amazon S3. To find a
service namespace, open the Service Authorization Reference, open the page for the service, and
find the phrase "service prefix" in the first sentence. For example, the following text appears in the
first sentence on the page for Amazon S3:
(service prefix: s3)
region
The Region code. For example, us-east-2 for US East (Ohio). For the list of Region codes, see
Regional endpoints (p. 987).
account-id
The ID of the AWS account that owns the resource, without the hyphens. For example,
123456789012.
resource-id
The resource identifier. This part of the ARN can be the name or ID of the resource or a resource
path (p. 997). For example, user/Bob for an IAM user or instance/i-1234567890abcdef0 for
an EC2 instance. Some resource identifiers include a parent resource (sub-resource-type/parent-
resource/sub-resource) or a qualifier such as a version (resource-type:resource-name:qualifier).
Paths in ARNs
Resource ARNs can include a path. For example, in Amazon S3, the resource identifier is an object name
that can include slashes (/) to form a path. Similarly, IAM user names and group names can include
paths.
Paths can include a wildcard character, namely an asterisk (*). For example, if you are writing an IAM
policy, you can specify all IAM users that have the path product_1234 using a wildcard as follows:
arn:aws:iam::123456789012:user/Development/product_1234/*
Similarly, you can specify user/* to mean all users or group/* to mean all groups, as in the following
examples:
"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"
The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a
path:
arn:aws:s3:::my_corporate_bucket/*
arn:aws:s3:::my_corporate_bucket/Development/*
Incorrect wildcard usage
You cannot use a wildcard in the portion of the ARN that specifies the resource type, such as the term
user in an IAM ARN. For example, the following is not allowed.
arn:aws:iam::123456789012:u* <== not allowed
Version 1.0
997
Download
AWS IP address ranges

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current
ranges, download the .json file. To maintain history, save successive versions of the .json file on your
system. To determine whether there have been changes since the last time that you saved the file, check
the publication time in the current file and compare it to the publication time in the last file that you
saved.
The IP address ranges that you bring to AWS through bring your own IP addresses (BYOIP) are not
included in the .json file.
Contents
• Download (p. 998)
• Syntax (p. 998)
• Filtering the JSON file (p. 1000)
• Implementing egress control (p. 1003)
• AWS IP address ranges notifications (p. 1004)
• Release notes (p. 1006)
Download
Download ip-ranges.json.
If you access this file programmatically, it is your responsibility to ensure that the application downloads
the file only after successfully verifying the TLS certificate presented by the server.
Syntax
The syntax of ip-ranges.json is as follows.
{
"syncToken": "0123456789",
"createDate": "yyyy-mm-dd-hh-mm-ss",
"prefixes": [
{
"ip_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
],
"ipv6_prefixes": [
{
"ipv6_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
]
Version 1.0
998
Syntax
syncToken
The publication time, in Unix epoch time format.
Type: String
Example: "syncToken": "1416435608"

createDate
The publication date and time, in UTC YY-MM-DD-hh-mm-ss format.
Type: String
Example: "createDate": "2014-11-19-23-29-02"

prefixes
The IP prefixes for the IPv4 address ranges.
Type: Array
ipv6_prefixes
The IP prefixes for the IPv6 address ranges.
Type: Array
ip_prefix
The public IPv4 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges. For example, prefix 96.127.0.0/17 in the file may be advertised as 96.127.0.0/21,
96.127.8.0/21, 96.127.32.0/19, and 96.127.64.0/18.
Type: String
Example: "ip_prefix": "198.51.100.2/24"

ipv6_prefix
The public IPv6 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges.
Type: String
Example: "ipv6_prefix": "2001:db8:1234::/64"

network_border_group
The name of the network border group, which is a unique set of Availability Zones or Local Zones
from where AWS advertises IP addresses.
Type: String
Example: "network_border_group": "us-west-2-lax-1"

region
The AWS Region or GLOBAL for edge locations. The CLOUDFRONT and ROUTE53 ranges are GLOBAL.
Type: String
Valid values: ap-east-1 | ap-northeast-1 | ap-northeast-2 | ap-northeast-3 | ap-south-1

| ap-southeast-1 | ap-southeast-2 | ca-central-1 | cn-north-1 | cn-northwest-1 | eu-
Version 1.0
999
Filtering the JSON file
central-1 | eu-north-1 | eu-west-1 | eu-west-2 | eu-west-3 | me-central-1 | me-south-1

| sa-east-1 | us-east-1 | us-east-2 | us-gov-east-1 | us-gov-west-1 | us-west-1 | us-
west-2 | GLOBAL
Example: "region": "us-east-1"

service
The subset of IP address ranges. The addresses listed for API_GATEWAY are egress only. Specify
AMAZON to get all IP address ranges (meaning that every subset is also in the AMAZON subset).
However, some IP address ranges are only in the AMAZON subset (meaning that they are not also
available in another subset).
Type: String
Valid values: AMAZON | AMAZON_APPFLOW | AMAZON_CONNECT | API_GATEWAY

| CHIME_MEETINGS | CHIME_VOICECONNECTOR | CLOUD9 | CLOUDFRONT |
CLOUDFRONT_ORIGIN_FACING | CODEBUILD | DYNAMODB | EBS | EC2 | EC2_INSTANCE_CONNECT
| GLOBALACCELERATOR | KINESIS_VIDEO_STREAMS | ROUTE53 | ROUTE53_HEALTHCHECKS |
ROUTE53_HEALTHCHECKS_PUBLISHING | ROUTE53_RESOLVER | S3 | WORKSPACES_GATEWAYS
Example: "service": "AMAZON"
Filtering the JSON file

You can download a command line tool to help you filter the information to just what you are looking
for.
Windows
The AWS Tools for Windows PowerShell includes a cmdlet, Get-AWSPublicIpAddressRange, to parse
this JSON file. The following examples demonstrate its use. For more information, see Querying the
Public IP Address Ranges for AWS and Get-AWSPublicIpAddressRange.
Example 1. Get the creation date
PS C:\> Get-AWSPublicIpAddressRange -OutputPublicationDate
Wednesday, August 22, 2018 9:22:35 PM
Example 2. Get the information for a specific Region
PS C:\> Get-AWSPublicIpAddressRange -Region us-east-1
IpPrefix Region NetworkBorderGroup Service

-------- ------ ------- -------
23.20.0.0/14 us-east-1 us-east-1 AMAZON
...
Example 3. Get all IP addresses
PS C:\> (Get-AWSPublicIpAddressRange).IpPrefix
23.20.0.0/14
27.0.0.0/22
Version 1.0
1000
Linux
43.250.192.0/24
...
2406:da00:ff00::/64
2600:1fff:6000::/40
2a01:578:3::/64
2600:9000::/28
Example 4. Get all IPv4 addresses
PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select

IpPrefix
IpPrefix
--------
23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...
PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv6"} | select

IpPrefix
IpPrefix
--------
2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...
Example 6. Get all IP addresses for a specific service
PS C:\> Get-AWSPublicIpAddressRange -ServiceKey CODEBUILD | select IpPrefix
IpPrefix
--------
52.47.73.72/29
13.55.255.216/29
52.15.247.208/29
...
Linux
The following example commands use the jq tool to parse a local copy of the JSON file.
Example 1. Get the creation date
$ jq .createDate < ip-ranges.json
"2016-02-18-17-22-15"
Example 2. Get the information for a specific Region
$ jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json
Version 1.0
1001
Linux
"ip_prefix": "23.20.0.0/14",
"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "50.16.0.0/15",
"service": "AMAZON"
},
{
"ip_prefix": "50.19.0.0/16",
"service": "AMAZON"
},
...
$ jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json
23.20.0.0/14
27.0.0.0/22
43.250.192.0/24
...
$ jq -r '.ipv6_prefixes | .[].ipv6_prefix' < ip-ranges.json
2a05:d07c:2000::/40
2a05:d000:8000::/40
2406:dafe:2000::/40
...
Example 5. Get all IPv4 addresses for a specific service
$ jq -r '.prefixes[] | select(.service=="CODEBUILD") | .ip_prefix' < ip-ranges.json
52.47.73.72/29
13.55.255.216/29
52.15.247.208/29
...
Example 6. Get all IPv4 addresses for a specific service in a specific Region
$ jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="CODEBUILD")

| .ip_prefix' < ip-ranges.json
34.228.4.208/28
Example 7. Get information for a certain network border group
$ jq -r '.prefixes[] | select(.region=="us-west-2") | select(.network_border_group=="us-

west-2-lax-1") | .ip_prefix' < ip-ranges.json
70.224.192.0/18
52.95.230.0/24
Version 1.0
1002
Implementing egress control
15.253.0.0/16
...
Implementing egress control

To allow an instance to access only AWS services, create a security group with rules that allow outbound
traffic to the CIDR blocks in the AMAZON list, minus the CIDR blocks that are also in the EC2 list. IP
addresses in the EC2 list can be assigned to EC2 instances.
Windows PowerShell
The following PowerShell example shows you how to get the IP addresses that are in the AMAZON list but
not the EC2 list. Copy the script and save it in a file named Select_address.ps1.
$amazon_addresses = Get-AWSPublicIpAddressRange -ServiceKey amazon

$ec2_addresses = Get-AWSPublicIpAddressRange -ServiceKey ec2
ForEach ($address in $amazon_addresses)

{
if( $ec2_addresses.IpPrefix -notcontains $address.IpPrefix)
{
($address).IpPrefix
}
}
You can run this script as follows:
PS C:\> .\Select_address.ps1
13.32.0.0/15
13.35.0.0/16
13.248.0.0/20
13.248.16.0/21
13.248.24.0/22
13.248.28.0/22
27.0.0.0/22
43.250.192.0/24
43.250.193.0/24
...
jq
The following example shows you how to get the IP addresses that are in the AMAZON list but not the
EC2 list, for all Regions:
jq -r '[.prefixes[] | select(.service=="AMAZON").ip_prefix] - [.prefixes[] |

select(.service=="EC2").ip_prefix] | .[]' < ip-ranges.json
52.94.22.0/24
52.94.17.0/24
52.95.154.0/23
52.95.212.0/22
54.239.0.240/28
54.239.54.0/23
52.119.224.0/21
...
Version 1.0
1003
Python
The following example shows you how to filter the results to one Region:
jq -r '[.prefixes[] | select(.region=="us-east-1" and .service=="AMAZON").ip_prefix] -

[.prefixes[] | select(.region=="us-east-1" and .service=="EC2").ip_prefix] | .[]' < ip-
ranges.json
Python
The following python script shows you how to get the IP addresses that are in the AMAZON list but not
the EC2 list. Copy the script and save it in a file named get_ips.py.
#!/usr/bin/env python
import requests
ip_ranges = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json').json()
['prefixes']
amazon_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "AMAZON"]
ec2_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "EC2"]
amazon_ips_less_ec2=[]
for ip in amazon_ips:
if ip not in ec2_ips:
amazon_ips_less_ec2.append(ip)
for ip in amazon_ips_less_ec2: print(str(ip))
You can run this script as follows:
$ python ./get_ips.py
13.32.0.0/15
13.35.0.0/16
13.248.0.0/20
13.248.16.0/21
13.248.24.0/22
13.248.28.0/22
27.0.0.0/22
43.250.192.0/24
43.250.193.0/24
...
AWS IP address ranges notifications

Whenever there is a change to the AWS IP address ranges, we send notifications to subscribers of the
AmazonIpSpaceChanged topic. The payload contains information in the following format:
{
"create-time":"yyyy-mm-ddThh:mm:ss+00:00",
"synctoken":"0123456789",
"md5":"6a45316e8bc9463c9e926d5d37836d33",
"url":"https://ip-ranges.amazonaws.com/ip-ranges.json"
}
create-time
The creation date and time.
Version 1.0
1004
AWS IP address ranges notifications
Notifications could be delivered out of order. Therefore, we recommend that you check the
timestamps to ensure the correct order.
synctoken
The publication time, in Unix epoch time format.

md5
The cryptographic hash value of the ip-ranges.json file. You can use this value to check whether
the downloaded file is corrupted.
url
The location of the ip-ranges.json file.
If you want to be notified whenever there is a change to the AWS IP address ranges, you can subscribe as
follows to receive notifications using Amazon SNS.
To subscribe to AWS IP address range notifications
1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must select this
Region because the SNS notifications that you are subscribing to were created in this Region.
3. In the navigation pane, choose Subscriptions.
4. Choose Create subscription.
5. In the Create subscription dialog box, do the following:
a. For Topic ARN, copy the following Amazon Resource Name (ARN):
arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged
b. For Protocol, choose the protocol to use (for example, Email).

c. For Endpoint, type the endpoint to receive the notification (for example, your email address).
d. Choose Create subscription.
6. You'll be contacted on the endpoint that you specified and asked to confirm your subscription. For
example, if you specified an email address, you'll receive an email message with the subject line
AWS Notification - Subscription Confirmation. Follow the directions to confirm your
subscription.
Notifications are subject to the availability of the endpoint. Therefore, you might want to check the
JSON file periodically to ensure that you've got the latest ranges. For more information about Amazon
SNS reliability, see https://aws.amazon.com/sns/faqs/#Reliability.
If you no longer want to receive these notifications, use the following procedure to unsubscribe.
To unsubscribe from AWS IP address ranges notifications
1. Open the Amazon SNS console at https://console.aws.amazon.com/sns/v3/home.

2. In the navigation pane, choose Subscriptions.
3. Select the check box for the subscription.
4. Choose Actions, Delete subscriptions.
5. When prompted for confirmation, choose Delete.
For more information about Amazon SNS, see the Amazon Simple Notification Service Developer Guide.
Version 1.0
1005
Release notes
Release notes
The following table describes updates to the AWS IP address ranges. We also add new Region codes with
each Region launch.
Description Release date
Added the CLOUDFRONT_ORIGIN_FACING service October 12, 2021

code.
Added the ROUTE53_RESOLVER service code. June 24, 2021
Added the EBS service code. May 12, 2021
Added the KINESIS_VIDEO_STREAMS service November 19, 2020

code.
Added the CHIME_MEETINGS and June 19, 2020

CHIME_VOICECONNECTOR service codes.
Added the AMAZON_APPFLOW service code. June 9, 2020
Add support for the network border group. April 7, 2020
Added the WORKSPACES_GATEWAYS service code. March 30, 2020
Added the January 30, 2020

ROUTE53_HEALTHCHECK_PUBLISHING service
code.
Added the API_GATEWAY service code. September 26, 2019
Added the EC2_INSTANCE_CONNECT service June 26, 2019

code.
Added the DYNAMODB service code. April 25, 2019
Added the GLOBALACCELERATOR service code. December 20, 2018
Added the AMAZON_CONNECT service code. June 20, 2018
Added the CLOUD9 service code. June 20, 2018
Added the CODEBUILD service code. April 19, 2018
Added the S3 service code. February 28, 2017
Added support for IPv6 address ranges. August 22, 2016
Initial release November 19, 2014
Learn more
• AMAZON_APPFLOW – IP address ranges
• AMAZON_CONNECT – Set up your network
• CLOUDFRONT – Locations and IP address ranges of CloudFront edge servers
• DYNAMODB – IP address ranges
Version 1.0
1006
Learn more
• EC2 – Public IPV4 addresses

• EC2_INSTANCE_CONNECT – Set up EC2 Instance Connect
• GLOBALACCELERATOR – Location and IP address ranges of Global Accelerator edge servers
• ROUTE53 – IP address ranges of Amazon Route 53 servers
• ROUTE53_HEALTHCHECKS – IP address ranges of Amazon Route 53 servers
• ROUTE53_HEALTHCHECKS_PUBLISHING – IP address ranges of Amazon Route 53 servers
• WORKSPACES_GATEWAYS – PCoIP gateway servers
Version 1.0
1007
Services that support IPv6
AWS services that support IPv6

Computers and smart devices use IP addresses to communicate with each other over the internet and
other networks. As the internet continues to grow, so does the need for IP addresses. The most common
format for IP addresses is IPv4. The new format for IP addresses is IPv6, which provides a larger address
space than IPv4.
AWS services support for IPv6 includes support for dual stack configuration (IPv4 and IPv6) or IPv6 only
configurations. For example, a virtual private cloud (VPC) is a logically isolated section of the AWS Cloud
where you can launch AWS resources. Within a VPC, you can create subnets that are IPv4 only, dual stack,
or IPv6 only.
AWS services support access through public endpoints. Some AWS services also support access using
private endpoints powered by AWS PrivateLink. AWS services can support IPv6 through their private
endpoints even if they do not support IPv6 through their public endpoints. Endpoints that support IPv6
can respond to DNS queries with AAAA records.
Services that support IPv6

The following table lists the AWS services that provide dual stack support, IPv6 only support, and
endpoints that support IPv6. We will update this table as we release additional support for IPv6.
Service name Dual stack IPv6 only Public Private

support support endpoints endpoints
support IPv6 support IPv6
App Mesh Yes Yes Yes No
Amazon CloudFront Yes No No No
AWS Cloud Map Yes Yes Yes No
Amazon EC2 Yes Yes Yes No
Amazon ECS Yes No No No
Amazon EKS Yes Yes No No
Elastic Load Balancing Yes Yes No No
AWS Fargate Yes No No No
AWS Global Accelerator Yes No No No
AWS IoT Yes Yes No No
AWS Lambda No No Yes No
Amazon Lightsail Yes No No No
Version 1.0
1008
Additional IPv6 support
Service name Dual stack IPv6 only Public Private

support support endpoints endpoints
support IPv6 support IPv6
Amazon RDS Yes No Yes No
Amazon Route 53 Yes Yes No No
Amazon S3 Yes No Yes No
AWS Secrets Manager Yes No Yes No
AWS Site-to-Site VPN Yes No Yes No
Amazon VPC Yes Yes Yes No
Amazon WorkSpaces Yes No No No
Additional IPv6 support

• AWS CloudTrail records include source IPv6 information.
• Amazon EC2 provides IPv6 endpoints for Instance Metadata Service (IMDS) and Amazon Time Sync
Service.
• AWS Global Accelerator provides two IPv6 static addresses for dual-stack accelerators, in addition to
two IPv4 static addresses.
• AWS Identity and Access Management (IAM) supports IPv6 addresses in IAM policies.
• Amazon Macie supports IPv6 addresses in personally identifiable information (PII).
• AWS PrivateLink supports IPv6 for endpoint services and interface endpoints.
• Amazon Route 53 supports DNS records for IPv6.
• AWS Shield supports threat protection based on IPv6 addresses.
• AWS WAF supports allowing or blocking requests based on IPv6 addresses.
Learn more
• IPv6 on AWS
• Dual Stack and IPv6-only Amazon VPC Reference Architectures (PDF)
Version 1.0
1009
API retries
AWS APIs
The following pages provide information that is useful when using an AWS API.
Contents
• Error retries and exponential backoff in AWS (p. 1010)
• Signing AWS API requests (p. 1011)
• AWS SDK support for Amazon S3 client-side encryption (p. 1047)
Error retries and exponential backoff in AWS

Numerous components on a network, such as DNS servers, switches, load balancers, and others can
generate errors anywhere in the life of a given request. The usual technique for dealing with these error
responses in a networked environment is to implement retries in the client application. This technique
increases the reliability of the application and reduces operational costs for the developer.
Each AWS SDK implements automatic retry logic. The AWS SDK for Java automatically retries requests,
and you can configure the retry settings using the ClientConfiguration class. For example, you
might want to turn off the retry logic for a web page that makes a request with minimal latency and no
retries. Use the ClientConfiguration class and provide a maxErrorRetry value of 0 to turn off the
retries.
If you're not using an AWS SDK, you should retry original requests that receive server (5xx) or throttling
errors. However, client errors (4xx) indicate that you need to revise the request to correct the problem
before trying again.
In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow
control. The idea behind exponential backoff is to use progressively longer waits between retries for
consecutive error responses. You should implement a maximum delay interval, as well as a maximum
number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed
values, and should be set based on the operation being performed, as well as other local factors, such as
network latency.
Most exponential backoff algorithms use jitter (randomized delay) to prevent successive collisions.
Because you aren't trying to avoid such collisions in these cases, you don't need to use this random
number. However, if you use concurrent clients, jitter can help your requests succeed faster. For more
information, see the blog post for Exponential Backoff and Jitter.
The following pseudo code shows one way to poll for status using an increasing delay.
Do some asynchronous operation.
retries = 0
DO
wait for (2^retries * 100) milliseconds
status = Get the result of the asynchronous operation.
IF status = SUCCESS
retry = false
ELSE IF status = NOT_READY
retry = true
ELSE IF status = THROTTLED
Version 1.0
1010
Signing AWS API requests
retry = true
ELSE
Some other error occurred, so stop calling the API.
retry = false
END IF
retries = retries + 1
WHILE (retry AND (retries < MAX_RETRIES))
Signing AWS API requests

Important
The AWS SDKs, AWS Command Line Interface (AWS CLI), and other AWS tools sign API requests
for you using the access key that you specify when you configure the tool. When you use these
tools, you don’t need to learn how to sign API requests. The following documentation
explains how to sign API requests, but is only useful if you’re writing your own code to send
and sign AWS API requests. We recommend that you use the AWS SDKs or other AWS tools to
send API requests, instead of writing your own code.
When you send API requests to AWS, you sign the requests so that AWS can identify who sent them.
You sign requests with your AWS access key, which consists of an access key ID and secret access key.
Some requests don’t need to be signed, including anonymous requests to Amazon Simple Storage
Service (Amazon S3) and some API operations in AWS Security Token Service (AWS STS) such as
AssumeRoleWithWebIdentity.
When to sign requests

When you write custom code to send API requests to AWS, you need to include code to sign the requests.
You might do this for the following reasons:
• You are working with a programming language for which there is no AWS SDK.
• You want complete control over how a request is sent to AWS.
You don’t need to sign requests when you use the AWS CLI or one of the AWS SDKs. These tools calculate
the signature for you, and also manage the connection details, handle request retries, and provide error
handling. In most cases, they also contain sample code, tutorials, and other resources to help you get
started writing applications that interact with AWS.
Why requests are signed

The signing process helps secure requests in the following ways:
• Verify the identity of the requester
Signing makes sure that the request has been sent by someone with a valid access key. For more
information, see Understanding and getting your AWS credentials (p. 3).
• Protect data in transit
To prevent tampering with a request while it's in transit, some of the request elements are used to
calculate a hash (digest) of the request, and the resulting hash value is included as part of the request.
When an AWS service receives the request, it uses the same information to calculate a hash and
matches it against the hash value in your request. If the values don't match, AWS denies the request.
• Protect against potential replay attacks
Version 1.0
1011
Signing requests
In most cases, a request must reach AWS within five minutes of the time stamp in the request.
Otherwise, AWS denies the request.
Signing requests
To sign a request, you first calculate a hash (digest) of the request. Then you use the hash value, some
other information from the request, and your secret access key to calculate another hash known as the
signature. Then you add the signature to the request in one of the following ways:
• Using the HTTP Authorization header.

• Adding a query string value to the request. Because the signature is part of the URL in this case, this
type of URL is called a presigned URL.
Signature versions
AWS supports Signature Version 4 (SigV4) and Signature Version 2 (SigV2). All AWS services in all AWS
Regions support SigV4, except Amazon SimpleDB which requires SigV2. The AWS SDKs, including the
AWS CLI, automatically use SigV4 for all services that support it. If you manually sign API requests, you
should do the same.
AWS is rolling out an extension to SigV4 called Signature Version 4A (SigV4A). This extension enables
signatures that are valid in more than one AWS Region. This is required for signing multi-Region API
requests, for example with Amazon S3 Multi-Region Access Points. The AWS SDKs and AWS CLI support
SigV4A and use it automatically when it’s needed.
Note
To use SigV4A with temporary security credentials—for example, when using IAM roles—make
sure that you request the temporary credentials from a regional endpoint in AWS Security Token
Service (AWS STS). Don’t use the global endpoint for AWS STS (sts.amazonaws.com), because
by default temporary credentials from the global endpoint don’t work with SigV4A. You can use
any of the regional endpoints for AWS STS.
Signature Version 4 signing process

Important
Signature Version 4 (SigV4) is the process to add authentication information to AWS API requests sent
by HTTP. For security, most requests to AWS must be signed with an access key. The access key consists
of an access key ID and secret access key, which are commonly referred to as your security credentials.
For details on how to obtain credentials for your account, see Understanding and getting your AWS
credentials (p. 3).
How Signature Version 4 works
1. Create a canonical request.

2. Use the canonical request and additional metadata to create a string for signing.
3. Derive a signing key from your AWS secret access key. Then use the signing key, and the string from
the previous step, to create a signature.
Version 1.0
1012
4. Add the resulting signature to the HTTP request in a header or as a query string parameter.
When an AWS service receives the request, it performs the same steps that you did to calculate the
signature you sent in your request. AWS then compares its calculated signature to the one you sent with
the request. If the signatures match, the request is processed. If the signatures don't match, the request
is denied.
For more information, see the following resources:
• To get started with the signing process, see Signing AWS requests with Signature Version 4 (p. 1015).
• For sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 1030).
• If you have questions about Signature Version 4, post your question in the AWS Identity and Access
Management forum.
Changes in Signature Version 4

Signature Version 4 is the current AWS signing protocol. It includes several changes from the previous
Signature Version 2:
• To sign your message, you use a signing key that is derived from your secret access key rather than
using the secret access key itself. For more information about deriving keys, see Task 3: Calculate the
signature for AWS Signature Version 4 (p. 1023).
• You derive your signing key from the credential scope, which means that you don't need to include the
key itself in the request. Credential scope is represented by a slash-separated string of dimensions in
the following order:
1. Date information as an eight-digit string representing the year (YYYY), month (MM), and day (DD)
of the request (for example, 20150830). For more information about handling dates, see Handling
dates in Signature Version 4 (p. 1027).
2. Region information as a lowercase alphanumeric string. Use the Region name that is part of the
service's endpoint. For services with a globally unique endpoint such as IAM, use us-east-1.
3. Service name information as a lowercase alphanumeric string (for example, iam). Use the
service name that is part of the service's endpoint. For example, the IAM endpoint is https://
iam.amazonaws.com, so you use the string iam as part of the Credential parameter.
4. A special termination string: aws4_request.
• You use the credential scope in each signing task:
• If you add signing information to the query string, include the credential scope as part of the X-
Amz-Credential parameter when you create the canonical request in Task 1: Create a canonical
request for Signature Version 4 (p. 1017).
• You must include the credential scope as part of your string to sign in Task 2: Create a string to sign
for Signature Version 4 (p. 1022).
• Finally, you use the date, Region, and service name components of the credential scope to derive
your signing key in Task 3: Calculate the signature for AWS Signature Version 4 (p. 1023).
Elements of an AWS Signature Version 4 request

Each HTTP/HTTPS request that uses version 4 signing must contain these elements.
• Endpoint Specification
• Action
• Required and Optional Parameters
Version 1.0
1013
• Date
• Authentication Parameters
Endpoint specification
This is specified as the Host header in HTTP/1.1 requests. This header specifies the DNS name of the
computer to which you send the request, like dynamodb.us-east-1.amazonaws.com.
You must include the Host header with HTTP/1.1 requests. For HTTP/2 requests, you can use the
:authority header or the Host header. Use only the :authority header for compliance with the
HTTP/2 specification. Not all services support HTTP/2 requests, so check the service documentation for
details.
The endpoint usually contains the service name and Region, both of which you must use as part of the
Credential authentication parameter. For example, the Amazon DynamoDB endpoint for the eu-
west-1 Region is dynamodb.eu-west-1.amazonaws.com. If you don't specify a Region, a web service
uses the default Region, us-east-1. If you use a service like IAM that uses a globally unique endpoint,
use the default Region (us-east-1), as part of the Credential authentication parameter (described
later in this topic).
For a complete list of endpoints supported by AWS, see Regions and Endpoints.
Action
This element specifies the action that you want a web service to perform, such as the DynamoDB
CreateTable action or the Amazon EC2 DescribeInstances action. The specified action determines
the parameters used in the request. For query APIs, the action is an API name. For non-query APIs (such
as RESTful APIs), see the service documentation for the appropriate actions.
Required and optional parameters

This element specifies the parameters to the request action. Each action in a web service has a set of
required and optional parameters that define an API call. The API version is usually a required parameter.
See the service documentation for the details of required and optional parameters.
Date
This is the date and time at which you make the request. Including the date in the request helps prevent
third parties from intercepting your request and resubmitting it later. The date is specified using the
ISO8601 Basic format via the x-amz-date header in the YYYYMMDD'T'HHMMSS'Z' format.
Authentication parameters
Each request that you send must include the following set of parameters that AWS uses to ensure the
validity and authenticity of the request.
• Algorithm. The hash algorithm that you're using as part of the signing process. For example, if you use
SHA-256 to create hashes, use the value AWS4-HMAC-SHA256.
• Credential scope. A string separated by slashes ("/") that is formed by concatenating your access key
ID and your credential scope components. Credential scope includes the date in YYYYMMDD format,
the AWS Region, the service name, and a special termination string (aws4_request). For example, the
following string represents the Credential parameter for an IAM request in the us-east-1 Region.
AKIAIOSFODNN7EXAMPLE/20111015/us-east-1/iam/aws4_request
Important
You must use lowercase characters for the Region, service name, and special termination
string.
Version 1.0
1014
• SignedHeaders A list delimited by semicolons (";") of HTTP/HTTPS headers to include in the signature.
• Signature A hexadecimal-encoded string that represents the output of the signature operation
described in Task 3: Calculate the signature for AWS Signature Version 4 (p. 1023). You must calculate
the signature using the algorithm that you specified in the Algorithm parameter.
To view sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 1030).
Signing AWS requests with Signature Version 4

This section explains how to create a signature and add it to an HTTP request to AWS.
Summary of signing steps

To create a signed request, complete the following:
• Task 1: Create a canonical request for Signature Version 4 (p. 1017)
Arrange the contents of your request (host, action, headers, etc.) into a standard (canonical) format.
The canonical request is one of the inputs used to create a string to sign.
• Task 2: Create a string to sign for Signature Version 4 (p. 1022)
Create a string to sign with the canonical request and extra information such as the algorithm, request
date, credential scope, and the digest (hash) of the canonical request.
• Task 3: Calculate the signature for AWS Signature Version 4 (p. 1023)
Derive a signing key by performing a succession of keyed hash operations (HMAC operations) on the
request date, Region, and service, with your AWS secret access key as the key for the initial hashing
operation. After you derive the signing key, you then calculate the signature by performing a keyed
hash operation on the string to sign. Use the derived signing key as the hash key for this operation.
• Task 4: Add the signature to the HTTP request (p. 1025)
After you calculate the signature, add it to an HTTP header or to the query string of the request.
Important
The AWS SDKs handle the signature calculation process for you, so you do not have to manually
complete the signing process. For more information, see Tools for Amazon Web Services.
Additional resources
The following resources illustrate aspects of the signing process:
• Examples of how to derive a signing key for Signature Version 4 (p. 1027). This page shows how to
derive a signing key using Java, C#, Python, Ruby, and JavaScript.
• Examples of the complete Signature Version 4 signing process (Python) (p. 1030). This set of programs
in Python provide complete examples of the signing process. The examples show signing with a POST
request, with a GET request that has signing information in a request header, and with a GET request
that has signing information in the query string.
Version 1.0
1015
What signing looks like in a request

The following example shows what an HTTPS request might look like as it is sent from your client to
AWS, without any signing information.
GET https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08 HTTP/1.1

Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: iam.amazonaws.com
X-Amz-Date: 20150830T123600Z
After you complete the signing tasks, you add the authentication information to the request. You can
add the authentication information in two ways:
Authorization header
You can add the authentication information to the request with an Authorization header. Although
the HTTP header is named Authorization, the signing information is actually used for authentication
to establish who the request came from.
The Authorization header includes the following information:
• Algorithm you used for signing (AWS4-HMAC-SHA256)

• Credential scope (with your access key ID)
• List of signed headers
• Calculated signature. The signature is based on your request information, and you use your AWS secret
access key to produce the signature. The signature confirms your identity to AWS.
The following example shows what the preceding request might look like after you've created the
signing information and added it to the request in the Authorization header.
Note that in the actual request, the Authorization header would appear as a continuous line of text.
The version below has been formatted for readability.

Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
content-type: application/x-www-form-urlencoded; charset=utf-8
host: iam.amazonaws.com
x-amz-date: 20150830T123600Z
Query string
As an alternative to adding authentication information with an HTTP request header, you can include it
in the query string. The query string contains everything that is part of the request, including the name
and parameters for the action, the date, and the authentication information.
The following example shows how you might construct a GET request with the action and authentication
information in the query string.
(In the actual request, the query string would appear as a continuous line of text. The version below has
been formatted with line breaks for readability.)
GET https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60
Version 1.0
1016
&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02 HTTP/1.1
content-type: application/x-www-form-urlencoded; charset=utf-8
host: iam.amazonaws.com
GET and POST requests in the Query API

The query API that many AWS services support lets you make requests using either HTTP GET or POST.
(In the query API, you can use GET even if you're making requests that change state; that is, the query
API is not inherently RESTful.) Because GET requests pass parameters on the query string, they are
limited to the maximum length of a URL. If a request includes a large payload (for example, you might
upload a large IAM policy or send many parameters in JSON format for a DynamoDB request), you
generally use a POST request.
The signing process is the same for both types of requests.
Task 1: Create a canonical request for Signature Version 4

To begin the signing process, create a string that includes information from your request in a
standardized (canonical) format. This ensures that when AWS receives the request, it can calculate the
same signature that you calculated.
Follow the steps here to create a canonical version of the request. Otherwise, your version and the
version calculated by AWS won't match, and the request will be denied.
The following example shows the pseudocode to create a canonical request.
Example Canonical request pseudocode
CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))
In this pseudocode, Hash represents a function that produces a message digest, typically SHA-256. (Later
in the process, you specify which hashing algorithm you're using.) HexEncode represents a function
that returns the base-16 encoding of the digest in lowercase characters. For example, HexEncode("m")
returns the value 6d rather than 6D. Each input byte must be represented as exactly two hexadecimal
characters.
Signature Version 4 does not require that you use a particular character encoding to encode the
canonical request. However, some AWS services might require a specific encoding. For more information,
consult the documentation for that service.
The following examples show how to construct the canonical form of a request to IAM. The original
request might look like this as it is sent from the client to AWS, except that this example does not include
the signing information yet.
Example Request

X-Amz-Date: 20150830T123600Z
The preceding example request is a GET request (method) that makes a ListUsers API (action) call to
AWS Identity and Access Management (host). This action takes the Version parameter.
Version 1.0
1017
To create a canonical request, concatenate the following components from each step into a
single string:
1. Start with the HTTP request method (GET, PUT, POST, etc.), followed by a newline character.
Example Request method
GET
2. Add the canonical URI parameter, followed by a newline character. The canonical URI is the URI-
encoded version of the absolute path component of the URI, which is everything in the URI from the
HTTP host to the question mark character ("?") that begins the query string parameters (if any).
Normalize URI paths according to RFC 3986. Remove redundant and relative path components. Each
path segment must be URI-encoded twice (except for Amazon S3 which only gets URI-encoded
once).
Example Canonical URI with encoding
/documents%2520and%2520settings/
Note
In exception to this, you do not normalize URI paths for requests to Amazon S3.
For example, if you have a bucket with an object named my-object//example//
photo.user, use that path. Normalizing the path to my-object/example/photo.user
will cause the request to fail. For more information, see Task 1: Create a Canonical Request
in the Amazon Simple Storage Service API Reference.
If the absolute path is empty, use a forward slash (/). In the example IAM request, nothing follows
the host in the URI, so the absolute path is empty.
Example Canonical URI
3. Add the canonical query string, followed by a newline character. If the request does not include a
query string, use an empty string (essentially, a blank line). The example request has the following
query string.
Example Canonical query string
Action=ListUsers&Version=2010-05-08
To construct the canonical query string, complete the following steps:
a. Sort the parameter names by character code point in ascending order. Parameters with
duplicate names should be sorted by value. For example, a parameter name that begins with
the uppercase letter F precedes a parameter name that begins with a lowercase letter b.
b. URI-encode each parameter name and value according to the following rules:
• Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9,
hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
• Percent-encode all other characters with %XY, where X and Y are hexadecimal characters (0-9
and uppercase A-F). For example, the space character must be encoded as %20 (not using '+',
as some encoding schemes do) and extended UTF-8 characters must be in the form %XY%ZA
%BC. Version 1.0
1018
• Double-encode any equals ( = ) characters in parameter values.

c. Build the canonical query string by starting with the first parameter name in the sorted list.
d. For each parameter, append the URI-encoded parameter name, followed by the equals
sign character (=), followed by the URI-encoded parameter value. Use an empty string for
parameters that have no value.
e. Append the ampersand character (&) after each parameter value, except for the last value in the
list.
One option for the query API is to put all request parameters in the query string. For example, you
can do this for Amazon S3 to create a presigned URL. In that case, the canonical query string must
include not only parameters for the request, but also the parameters used as part of the signing
process—the hashing algorithm, credential scope, date, and signed headers parameters.
The following example shows a query string that includes authentication information. The example
is formatted with line breaks for readability, but the canonical query string must be one continuous
line of text in your code.
Example Authentication parameters in a query string
Action=ListUsers&
Version=2010-05-08&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request&
X-Amz-Date=20150830T123600Z&
X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date
For more information about authentication parameters, see Task 2: Create a string to sign for
Signature Version 4 (p. 1022).
Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you add signing information to the query string you must add an additional query
parameter for the security token. The parameter name is X-Amz-Security-Token, and
the parameter's value is the URI-encoded session token (the string you received from AWS
STS when you obtained temporary security credentials).
For some services, you must include the X-Amz-Security-Token query parameter in the
canonical (signed) query string. For other services, you add the X-Amz-Security-Token
parameter at the end, after you calculate the signature. For details, see the API reference
documentation for that service.
4. Add the canonical headers, followed by a newline character. The canonical headers consist of a list of
all the HTTP headers that you are including with the signed request.
For HTTP/1.1 requests, you must include the host header at a minimum. Standard headers like
content-type are optional. For HTTP/2 requests, you must include the :authority header
instead of the host header. Different services might require other headers.
Example Canonical headers
content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:iam.amazonaws.com\n
x-amz-date:20150830T123600Z\n
To create the canonical headers list, convert all header names to lowercase and remove leading
spaces and trailing spaces. Convert sequential spaces in the header value to a single space.
Version 1.0
1019
The following pseudocode describes how to construct the canonical list of headers:
CanonicalHeaders =
CanonicalHeadersEntry0 + CanonicalHeadersEntry1 + ... + CanonicalHeadersEntryN
CanonicalHeadersEntry =
Lowercase(HeaderName) + ':' + Trimall(HeaderValue) + '\n'
Lowercase represents a function that converts all characters to lowercase. The Trimall function
removes excess white space before and after values, and converts sequential spaces to a single
space.
Build the canonical headers list by sorting the (lowercase) headers by character code and then
iterating through the header names. Construct each header according to the following rules:
• Append the lowercase header name followed by a colon.

• Append a comma-separated list of values for that header. Do not sort the values in headers that
have multiple values.
• Append a new line ('\n').
The following examples compare a more complex set of headers with their canonical form:
Example Original headers
Host:iam.amazonaws.com\n
Content-Type:application/x-www-form-urlencoded; charset=utf-8\n
My-header1: a b c \n
X-Amz-Date:20150830T123600Z\n
My-Header2: "a b c" \n
Example Canonical form
content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:iam.amazonaws.com\n
my-header1:a b c\n
my-header2:"a b c"\n
x-amz-date:20150830T123600Z\n
Note
Each header is followed by a newline character, meaning the complete list ends with a
newline character.
In the canonical form, the following changes were made:
• The header names were converted to lowercase characters.

• The headers were sorted by character code.
• Leading and trailing spaces were removed from the my-header1 and my-header2 values.
• Sequential spaces in a b c were converted to a single space for the my-header1 and my-
header2 values.
Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you include signing information in the Authorization header you must add an
Version 1.0
1020
additional HTTP header for the security token. The header name is X-Amz-Security-
Token, and the header's value is the session token (the string you received from AWS STS
when you obtained temporary security credentials).
5. Add the signed headers, followed by a newline character. This value is the list of headers that you
included in the canonical headers. By adding this list of headers, you tell AWS which headers in the
request are part of the signing process and which ones AWS can ignore (for example, any additional
headers added by a proxy) for purposes of validating the request.
For HTTP/1.1 requests, the host header must be included as a signed header. For HTTP/2
requests that include the :authority header instead of the host header, you must include the
:authority header as a signed header. If you include a date or x-amz-date header, you must also
include that header in the list of signed headers.
To create the signed headers list, convert all header names to lowercase, sort them by character
code, and use a semicolon to separate the header names. The following pseudocode describes how
to construct a list of signed headers. Lowercase represents a function that converts all characters
to lowercase.
SignedHeaders =
Lowercase(HeaderName0) + ';' + Lowercase(HeaderName1) + ";" + ... +
Lowercase(HeaderNameN)
Build the signed headers list by iterating through the collection of header names, sorted by
lowercase character code. For each header name except the last, append a semicolon (';') to the
header name to separate it from the following header name.
Example Signed headers
content-type;host;x-amz-date\n
6. Use a hash (digest) function like SHA256 to create a hashed value from the payload in the body of
the HTTP or HTTPS request. Signature Version 4 does not require that you use a particular character
encoding to encode text in the payload. However, some AWS services might require a specific
encoding. For more information, consult the documentation for that service.
Example Structure of payload
HashedPayload = Lowercase(HexEncode(Hash(requestPayload)))
When you create the string to sign, you specify the signing algorithm that you used to hash the
payload. For example, if you used SHA256, you will specify AWS4-HMAC-SHA256 as the signing
algorithm. The hashed payload must be represented as a lowercase hexadecimal string.
If the payload is empty, use an empty string as the input to the hash function. In the IAM example,
the payload is empty.
Example Hashed payload (empty string)
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
7. To construct the finished canonical request, combine all the components from each step as a single
string. As noted, each component ends with a newline character. If you follow the canonical request
pseudocode explained earlier, the resulting canonical request is shown in the following example.
Version 1.0
1021
Example Canonical request
GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:iam.amazonaws.com
x-amz-date:20150830T123600Z
content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
8. Create a digest (hash) of the canonical request with the same algorithm that you used to hash the
payload.
Note
Signature Version 4 does not require that you use a particular character encoding to encode
the canonical request before calculating the digest. However, some AWS services might
require a specific encoding. For more information, consult the documentation for that
service.
The hashed canonical request must be represented as a string of lowercase hexadecimal characters.
The following example shows the result of using SHA-256 to hash the example canonical request.
Example Hashed canonical request
f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59
You include the hashed canonical request as part of the string to sign in Task 2: Create a string to
sign for Signature Version 4 (p. 1022).
Task 2: Create a string to sign for Signature Version 4

The string to sign includes meta information about your request and about the canonical request that
you created in Task 1: Create a canonical request for Signature Version 4 (p. 1017). You will use the
string to sign and a derived signing key that you create later as inputs to calculate the request signature
in Task 3: Calculate the signature for AWS Signature Version 4 (p. 1023).
To create the string to sign, concatenate the algorithm, date and time, credential scope, and digest of the
canonical request, as shown in the following pseudocode:
Structure of string to sign
StringToSign =
Algorithm + \n +
RequestDateTime + \n +
CredentialScope + \n +
HashedCanonicalRequest
The following example shows how to construct the string to sign with the same request from Task 1:
Create A Canonical Request (p. 1017).
Example HTTPS request

Version 1.0
1022
X-Amz-Date: 20150830T123600Z
To create the string to sign
1. Start with the algorithm designation, followed by a newline character. This value is the hashing
algorithm that you use to calculate the digests in the canonical request. For SHA256, AWS4-HMAC-
SHA256 is the algorithm.
AWS4-HMAC-SHA256\n
2. Append the request date value, followed by a newline character. The date is specified with ISO8601
basic format in the x-amz-date header in the format YYYYMMDD'T'HHMMSS'Z'. This value must
match the value you used in any previous steps.
20150830T123600Z\n
3. Append the credential scope value, followed by a newline character. This value is a string that
includes the date, the Region you are targeting, the service you are requesting, and a termination
string ("aws4_request") in lowercase characters. The Region and service name strings must be
UTF-8 encoded.
20150830/us-east-1/iam/aws4_request\n
• The date must be in the YYYYMMDD format. Note that the date does not include a time value.
• Verify that the Region you specify is the Region that you are sending the request to.
4. Append the hash of the canonical request that you created in Task 1: Create a canonical request
for Signature Version 4 (p. 1017). This value is not followed by a newline character. The hashed
canonical request must be lowercase base-16 encoded, as defined by Section 8 of RFC 4648.
The following string to sign is a request to IAM on August 30, 2015.
Example string to sign
AWS4-HMAC-SHA256
20150830T123600Z
20150830/us-east-1/iam/aws4_request
Task 3: Calculate the signature for AWS Signature Version 4

Before you calculate a signature, you derive a signing key from your AWS secret access key. Because the
derived signing key is specific to the date, service, and Region, it offers a greater degree of protection.
You don't just use your secret access key to sign the request. You then use the signing key and the string
to sign that you created in Task 2: Create a string to sign for Signature Version 4 (p. 1022) as the inputs
to a keyed hash function. The hex-encoded result from the keyed hash function is the signature.
Signature Version 4 does not require that you use a particular character encoding to encode the string to
sign. However, some AWS services might require a specific encoding. For more information, consult the
documentation for that service.
Version 1.0
1023
To calculate a signature
1. Derive your signing key. To do this, use your secret access key to create a series of hash-based
message authentication codes (HMACs). This is shown in the following pseudocode, where
HMAC(key, data) represents an HMAC-SHA256 function that returns output in binary format. The
result of each hash function becomes input for the next one.
Pseudocode for deriving a signing key
kSecret = your secret access key

kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
Note that the date used in the hashing process is in the format YYYYMMDD (for example, 20150830),
and does not include the time.
Make sure you specify the HMAC parameters in the correct order for the programming language you
are using. This example shows the key as the first parameter and the data (message) as the second
parameter, but the function that you use might specify the key and data in a different order.
Use the digest (binary format) for the key derivation. Most languages have functions to compute
either a binary format hash, commonly called a digest, or a hex-encoded hash, called a hexdigest.
The key derivation requires that you use a binary-formatted digest.
The following example show the inputs to derive a signing key and the resulting output, where
kSecret = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY.
The example uses the same parameters from the request in Task 1 and Task 2 (a request to IAM in
the us-east-1 Region on August 30, 2015).
Example inputs
HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20150830"),"us-east-1"),"iam"),"aws4_request")
The following example shows the derived signing key that results from this sequence of HMAC hash
operations. This shows the hexadecimal representation of each byte in the binary signing key.
Example signing key
c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9
For more information about how to derive a signing key in different programming languages, see
Examples of how to derive a signing key for Signature Version 4 (p. 1027).
2. Calculate the signature. To do this, use the signing key that you derived and the string to sign as
inputs to the keyed hash function. After you calculate the signature, convert the binary value to a
hexadecimal representation.
The following pseudocode shows how to calculate the signature.
signature = HexEncode(HMAC(derived signing key, string to sign))
Note
Make sure you specify the HMAC parameters in the correct order for the programming
language you are using. This example shows
Version 1.0 the key as the first parameter and the data
1024
(message) as the second parameter, but the function that you use might specify the key and
data in a different order.
The following example shows the resulting signature if you use the same signing key and the string
to sign from Task 2:
Example signature
5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
Task 4: Add the signature to the HTTP request

After you calculate the signature, add it to the request. You can add the signature to a request in one of
two ways:
• An HTTP header named Authorization

• The query string
You cannot pass signing information in both the Authorization header and the query string.
Note
You can use temporary security credentials provided by the AWS Security Token Service (AWS
STS) to sign a request. The process is the same as using long-term credentials, but requires
an additional HTTP header or query string parameter for the security token. The name of
the header or query string parameter is X-Amz-Security-Token, and the value is the
session token (the string you received from AWS STS when you obtained temporary security
credentials).
When you add the X-Amz-Security-Token parameter to the query string, some services
require that you include this parameter in the canonical (signed) request. For other services,
you add this parameter at the end, after you calculate the signature. For details, see the API
reference documentation for that service.
Adding signing information to the authorization header
You can include signing information by adding it to an HTTP header named Authorization. The
contents of the header are created after you calculate the signature as described in the preceding steps,
so the Authorization header is not included in the list of signed headers. Although the header is
named Authorization, the signing information is actually used for authentication.
The following pseudocode shows the construction of the Authorization header.
Authorization: algorithm Credential=access key ID/credential scope,

SignedHeaders=SignedHeaders, Signature=signature
The following example shows a finished Authorization header.
Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.
Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
Note the following:
Version 1.0
1025
• There is no comma between the algorithm and Credential. However, the SignedHeaders and
Signature are separated from the preceding values with a comma.
• The Credential value starts with the access key ID, which is followed by a forward slash (/), which
is followed by the credential scope that you calculated in Task 2: Create a string to sign for Signature
Version 4 (p. 1022). The secret access key is used to derive the signing key for the signature, but is not
included in the signing information sent in the request.
Adding signing information to the Query string

You can make requests and pass all request values in the query string, including signing information. This
is sometimes referred to as a presigned URL, because it produces a single URL with everything required
in order to make a successful call to AWS. It's commonly used in Amazon S3. For more information, see
Authenticating Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple
Storage Service API Reference.
Important
If you make a request in which all parameters are included in the query string, the resulting URL
represents an AWS action that is already authenticated. Therefore, treat the resulting URL with
as much caution as you would treat your actual credentials. We recommend you specify a short
expiration time for the request with the X-Amz-Expires parameter.
When you use this approach, all the query string values (except the signature) are included in the
canonical query string that is part of the canonical query that you construct in the first part of the
signing process (p. 1017).
The following pseudocode shows the construction of a query string that contains all request parameters.
querystring = Action=action
querystring += &X-Amz-Algorithm=algorithm
querystring += &X-Amz-Credential= urlencode(access_key_ID + '/' + credential_scope)
querystring += &X-Amz-Date=date
querystring += &X-Amz-Expires=timeout interval
querystring += &X-Amz-SignedHeaders=signed_headers
After the signature is calculated (which uses the other query string values as part of the calculation), you
add the signature to the query string as the X-Amz-Signature parameter:
querystring += &X-Amz-Signature=signature
The following example shows what a request might look like when all the request parameters and the
signing information are included in query string parameters.
Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.
https://iam.amazonaws.com?Action=ListUsers&Version=2010-05-08
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60
&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02
Note the following:
• For the signature calculation, query string parameters must be sorted in code point order from low to
high, and their values must be URI-encoded. See the step about creating a canonical query string in
Task 1: Create a canonical request for Signature Version 4 (p. 1017).
Version 1.0
1026
• Set the timeout interval (X-Amz-Expires) to the minimal viable time for the operation you're
requesting.
Handling dates in Signature Version 4

The date that you use as part of your credential scope must match the date of your request. You can
include the date as part of your request in several ways. You can use a date header, an x-amz-date
header or include x-amz-date as a query parameter. For example requests, see Examples of the
complete Signature Version 4 signing process (Python) (p. 1030).
The time stamp must be in UTC and in the following ISO 8601 format: YYYYMMDD'T'HHMMSS'Z'. For
example, 20150830T123600Z is a valid time stamp. Do not include milliseconds in the time stamp.
AWS first checks the x-amz-date header or parameter for a time stamp. If AWS can't find a value for x-
amz-date, it looks for the date header. AWS then checks the credential scope for an eight-digit string
representing the year (YYYY), month (MM), and day (DD) of the request. For example, if the x-amz-date
header value is 20111015T080000Z and the date component of the credential scope is 20111015, AWS
allows the authentication process to proceed.
If the dates don't match, AWS rejects the request, even if the time stamp is only seconds away from the
date in the credential scope. For example, AWS will reject a request that has an x-amz-date header
value of 20151014T235959Z and a credential scope that has the date 20151015.
Examples of how to derive a signing key for Signature Version 4

This page shows examples in several programming languages for how to derive a signing key for
Signature Version 4. The examples on this page show only how to derive a signing key, which is just
one part of signing AWS requests. For examples that show the complete process, see Examples of the
complete Signature Version 4 signing process (Python) (p. 1030).
Important
If you are using one of the AWS SDKs (including the SDK for Java, .NET, Python, Ruby, or
JavaScript), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.
Examples
• Deriving a signing key using Java (p. 1027)
• Deriving a signing key using .NET (C#) (p. 1028)
• Deriving a signing key using Python (p. 1028)
• Deriving a signing key using Ruby (p. 1028)
• Deriving a signing key using JavaScript (Node.js) (p. 1028)
• Deriving a signing key using other languages (p. 1029)
• Common coding errors (p. 1029)
Deriving a signing key using Java
static byte[] HmacSHA256(String data, byte[] key) throws Exception {

String algorithm="HmacSHA256";
Mac mac = Mac.getInstance(algorithm);
mac.init(new SecretKeySpec(key, algorithm));
return mac.doFinal(data.getBytes("UTF-8"));
}
Version 1.0
1027
static byte[] getSignatureKey(String key, String dateStamp, String regionName, String

serviceName) throws Exception {
byte[] kSecret = ("AWS4" + key).getBytes("UTF-8");
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
Deriving a signing key using .NET (C#)
static byte[] HmacSHA256(String data, byte[] key)

{
String algorithm = "HmacSHA256";
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create(algorithm);
kha.Key = key;
return kha.ComputeHash(Encoding.UTF8.GetBytes(data));
}
static byte[] getSignatureKey(String key, String dateStamp, String regionName, String

serviceName)
{
byte[] kSecret = Encoding.UTF8.GetBytes(("AWS4" + key).ToCharArray());
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}
Deriving a signing key using Python
def sign(key, msg):

return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):

kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, "aws4_request")
return kSigning
Deriving a signing key using Ruby
def getSignatureKey key, dateStamp, regionName, serviceName

kDate = OpenSSL::HMAC.digest('sha256', "AWS4" + key, dateStamp)
kRegion = OpenSSL::HMAC.digest('sha256', kDate, regionName)
kService = OpenSSL::HMAC.digest('sha256', kRegion, serviceName)
kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
kSigning
end
Deriving a signing key using JavaScript (Node.js)

The following example uses the crypto-js library. For more information, see https://www.npmjs.com/
package/crypto-js and https://code.google.com/archive/p/crypto-js/.
Version 1.0
1028
var crypto = require("crypto-js");
function getSignatureKey(key, dateStamp, regionName, serviceName) {

var kDate = crypto.HmacSHA256(dateStamp, "AWS4" + key);
var kRegion = crypto.HmacSHA256(regionName, kDate);
var kService = crypto.HmacSHA256(serviceName, kRegion);
var kSigning = crypto.HmacSHA256("aws4_request", kService);
return kSigning;
}
Deriving a signing key using other languages

If you need to implement this logic in a different programming language, we recommend testing the
intermediary steps of the key derivation algorithm against the values in this section. The following
example in Ruby prints the results using the hexEncode function after each step in the algorithm.
def hexEncode bindata

result=""
data=bindata.unpack("C*")
data.each {|b| result+= "%02x" % b}
result
end
Given the following test input:
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
Your program should generate the following values for the values in getSignatureKey. Note that
these are hex-encoded representations of the binary data; the key itself and the intermediate values
should be in binary format.
kSecret =
'41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'
Common coding errors

To simplify your task, avoid the following common coding errors.
Tip
Examine the HTTP request that you're sending to AWS with a tool that shows you what your raw
HTTP requests look like. This can help you spot issues that aren't evident from your code.
• Don't include an extra newline character, or forget one where it's required.
• Don't format the date incorrectly in the credential scope, such as using a time stamp instead of
YYYYMMDD format.
• Make sure the headers in the canonical headers and the signed headers are the same.
• Don't inadvertently swap the key and the data (message) when calculating intermediary keys. The
result of the previous step's computation is the key, not the data. Check the documentation for your
cryptographic primitives carefully to ensure that you place the parameters in the proper order.
Version 1.0
1029
• Don't forget to add the string "AWS4" in front of the key for the first step. If you implement the key
derivation using a for loop or iterator, don't forget to special-case the first iteration so that it includes
the "AWS4" string.
For more information about possible errors, see Troubleshooting AWS Signature Version 4
errors (p. 1037).
Examples of the complete Signature Version 4 signing process

(Python)
This section shows example programs written in Python that illustrate how to work with Signature
Version 4 in AWS. We deliberately wrote these example programs to be simple (to use few Python-
specific features) to make it easier to understand the overall process of signing AWS requests.
Note
If you are using one of the AWS SDKs (including the SDK for C++, SDK for Go, SDK for Java,
AWS SDK for JavaScript, AWS SDK for .NET, SDK for PHP, SDK for Python (Boto3), or SDK for
Ruby), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.
In order to work with these example programs, you need the following:
• Python 2.x installed on your computer, which you can get from the Python site. These programs were
tested using Python 2.7 and 3.6.
• The Python requests library, which is used in the example script to make web requests. A convenient
way to install Python packages is to use pip, which gets packages from the Python package index site.
You can then install requests by running pip install requests at the command line.
• An access key (access key ID and secret access key) in environment variables named
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Alternatively, you can keep these values in a
credentials file and read them from that file. As a best practice, we recommend that you do not embed
credentials in code. For more information, see Best Practices for Managing AWS Access Keys in the
Amazon Web Services General Reference.
The following examples use UTF-8 to encode the canonical request and string to sign, but Signature
Version 4 does not require that you use a particular character encoding. However, some AWS services
might require a specific encoding. For more information, consult the documentation for that service.
Examples
• Using GET with an authorization header (Python) (p. 1030)
• Using POST (Python) (p. 1033)
• Using GET with authentication information in the Query string (Python) (p. 1035)
Using GET with an authorization header (Python)

The following example shows how to make a request using the Amazon EC2 query API without SDK for
Python (Boto3). The request makes a GET request and passes authentication information to AWS using
the Authorization header.
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0
"""
Important
Version 1.0
1030
The AWS SDKs sign API requests for you using the access key that you specify when you
configure the SDK. When you use an SDK, you don’t need to learn how to sign API requests.
We recommend that you use the AWS SDKs to send API requests, instead of writing your own
code.
The following example is a reference to help you get started if you have a need to write
your own code to send and sign requests. The example is for reference only and is not
maintained as functional code.
"""
# AWS Version 4 signing example
# EC2 API (DescribeRegions)
# See: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
# This version makes a GET request and passes the signature
# in the Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests
# ************* REQUEST VALUES *************

method = 'GET'
service = 'ec2'
host = 'ec2.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://ec2.amazonaws.com'
request_parameters = 'Action=DescribeRegions&Version=2013-10-15'
# Key derivation functions. See:

# http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-
examples-python
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kSigning = sign(kService, 'aws4_request')
return kSigning
# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = os.environ.get('AWS_ACCESS_KEY_ID')
secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
sys.exit()
# Create a date for headers and the credential string

t = datetime.datetime.utcnow()
amzdate = t.strftime('%Y%m%dT%H%M%SZ')
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope
# ************* TASK 1: CREATE A CANONICAL REQUEST *************

# http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
# Step 1 is to define the verb (GET, POST, etc.)--already done.
# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'
# Step 3: Create the canonical query string. In this example (a GET request),
# request parameters are in the query string. Query string values must
Version 1.0
1031
# be URL-encoded (space=%20). The parameters must be sorted by name.

# For this example, the query string is pre-formatted in the request_parameters variable.
canonical_querystring = request_parameters
# Step 4: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note that there is a trailing \n.
canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'
# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers lists those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
signed_headers = 'host;x-amz-date'
# Step 6: Create payload hash (hash of the request body content). For GET
# requests, the payload is an empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()
# Step 7: Combine elements to create canonical request

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash
# ************* TASK 2: CREATE THE STRING TO SIGN*************

# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
# ************* TASK 3: CALCULATE THE SIGNATURE *************

# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, datestamp, region, service)
# Sign the string_to_sign using the signing_key

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()
# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************

# The signing information can be either in a query string value or in
# a header named Authorization. This code shows how to use a header.
# Create authorization header and add to request headers
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature
# The request can include any headers, but MUST include "host", "x-amz-date",
# and (for this scenario) "Authorization". "host" and "x-amz-date" must
# be included in the canonical_headers and signed_headers, as noted
# earlier. Order here is not significant.
# Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'x-amz-date':amzdate, 'Authorization':authorization_header}
# ************* SEND THE REQUEST *************

request_url = endpoint + '?' + canonical_querystring
print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = requests.get(request_url, headers=headers)
print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
Version 1.0
1032
print('Response code: %d\n' % r.status_code)

print(r.text)
Using POST (Python)

The following example shows how to make a request using the Amazon DynamoDB query API without
SDK for Python (Boto3). The request makes a POST request and passes values to AWS in the body of the
request. Authentication information is passed using the Authorization request header.

"""
Important
code.
"""
# DynamoDB API (CreateTable)
# This version makes a POST request and passes request parameters
# in the body (payload) of the request. Auth information is passed in
# an Authorization header.
import sys, os, base64, datetime, hashlib, hmac
# ************* REQUEST VALUES *************

method = 'POST'
service = 'dynamodb'
host = 'dynamodb.us-west-2.amazonaws.com'
region = 'us-west-2'
endpoint = 'https://dynamodb.us-west-2.amazonaws.com/'
# POST requests use a content type header. For DynamoDB,
# the content is JSON.
content_type = 'application/x-amz-json-1.0'
# DynamoDB requires an x-amz-target header that has this format:
# DynamoDB_<API version>.<operationName>
amz_target = 'DynamoDB_20120810.CreateTable'
# Request parameters for CreateTable--passed in a JSON block.

request_parameters = '{'
request_parameters += '"KeySchema": [{"KeyType": "HASH","AttributeName": "Id"}],'
request_parameters += '"TableName": "TestTable","AttributeDefinitions": [{"AttributeName":
"Id","AttributeType": "S"}],'
request_parameters += '"ProvisionedThroughput": {"WriteCapacityUnits":
5,"ReadCapacityUnits": 5}'
request_parameters += '}'

examples-python
def sign(key, msg):
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
Version 1.0
1033
def getSignatureKey(key, date_stamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
return kSigning
sys.exit()

amz_date = t.strftime('%Y%m%dT%H%M%SZ')
date_stamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

# Step 1 is to define the verb (GET, POST, etc.)--already done.
canonical_uri = '/'
## Step 3: Create the canonical query string. In this example, request

# parameters are passed in the body of the request and the query string
# is blank.
canonical_querystring = ''
# Step 4: Create the canonical headers. Header names must be trimmed

# and lowercase, and sorted in code point order from low to high.
# Note that there is a trailing \n.
canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-
date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'
# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers include those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
# For DynamoDB, content-type and x-amz-target are also required.
signed_headers = 'content-type;host;x-amz-date;x-amz-target'
# Step 6: Create payload hash. In this example, the payload (body of

# the request) contains the request parameters.
payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()


credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +
Version 1.0
1034

# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, date_stamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'),

# Put the signature information in a header named Authorization.
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature
# For DynamoDB, the request can include any headers, but MUST include "host", "x-amz-date",
# "x-amz-target", "content-type", and "Authorization". Except for the authorization
# header, the headers must be included in the canonical_headers and signed_headers values,
as
# noted earlier. Order here is not significant.
# # Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'Content-Type':content_type,
'X-Amz-Date':amz_date,
'X-Amz-Target':amz_target,
'Authorization':authorization_header}
# ************* SEND THE REQUEST *************

print('Request URL = ' + endpoint)
r = requests.post(endpoint, data=request_parameters, headers=headers)
print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print(r.text)
Using GET with authentication information in the Query string (Python)

The following example shows how to make a request using the IAM query API without SDK for Python
(Boto3). The request makes a GET request and passes parameters and signing information using the
query string.

"""
Important
code.
"""
# IAM API (CreateUser)
Version 1.0
1035
# This version makes a GET request and passes request parameters

# and authorization information in the query string
import sys, os, datetime, hashlib, hmac, urllib.parse
# ************* REQUEST VALUES *************

method = 'GET'
service = 'iam'
host = 'iam.amazonaws.com'
region = 'us-east-1'
endpoint = 'https://iam.amazonaws.com'

examples-python
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
return kSigning
sys.exit()

amz_date = t.strftime('%Y%m%dT%H%M%SZ') # Format date as YYYYMMDD'T'HHMMSS'Z'
datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope

# Because almost all information is being passed in the query string,

# the order of these steps is slightly different than examples that
# use an authorization header.
# Step 1: Define the verb (GET, POST, etc.)--already done.
canonical_uri = '/'
# Step 3: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note trailing \n in canonical_headers.
# signed_headers is the list of headers that are being included
# as part of the signing process. For requests that use query strings,
# only "host" is included in the signed headers.
canonical_headers = 'host:' + host + '\n'
signed_headers = 'host'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
Version 1.0
1036
# Step 4: Create the canonical query string. In this example, request

# parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
canonical_querystring = 'Action=CreateUser&UserName=NewUser&Version=2010-05-08'
canonical_querystring += '&X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring += '&X-Amz-Credential=' + urllib.parse.quote_plus(access_key + '/' +
credential_scope)
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-Expires=30'
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers
# Step 5: Create payload hash. For GET requests, the payload is an

# empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()


string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +

# Create the signing key
signing_key = getSignatureKey(secret_key, datestamp, region, service)

signature = hmac.new(signing_key, (string_to_sign).encode("utf-8"),

# The auth information can be either in a query string
# value or in a header named Authorization. This code shows how to put
# everything into a query string.
canonical_querystring += '&X-Amz-Signature=' + signature
# ************* SEND THE REQUEST *************

# The 'host' header is added automatically by the Python 'request' lib. But it
# must exist as a header in the request.
request_url = endpoint + "?" + canonical_querystring
print('Request URL = ' + request_url)
r = requests.get(request_url)
print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print(r.text)
Troubleshooting AWS Signature Version 4 errors

When you develop code that implements Signature Version 4, you might receive errors from AWS
products that you test against. The errors typically come from an error in the canonicalization of the
request, the incorrect derivation or use of the signing key, or a validation failure of signature-specific
parameters sent along with the request.
Errors
• Troubleshooting canonicalization errors (p. 1038)
• Troubleshooting credential scope errors (p. 1038)
Version 1.0
1037
• Troubleshooting key signing errors (p. 1040)
Troubleshooting canonicalization errors

Consider the following request:
https://iam.amazonaws.com/?MaxItems=100
&Action=ListGroupsForUser
&UserName=Test
&Version=2010-05-08
&X-Amz-Date=20120223T063000Z
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20120223/us-east-1/iam/aws4_request
&X-Amz-SignedHeaders=host
&X-Amz-Signature=<calculated value>
If you incorrectly calculate the canonical request or the string to sign, the signature verification step
performed by the service fails. The following example is a typical error response, which includes the
canonical string and the string to sign as computed by the service. You can troubleshoot your calculation
error by comparing the returned strings with the canonical string and your calculated string to sign.
<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service documentation for
details.
The canonical string for this request should have been 'GET /
Action=ListGroupsForUser&MaxItems=100&UserName=Test&Version=2010-05-08&X-Amz-
Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential
=AKIAIOSFODNN7EXAMPLE%2F20120223%2Fus-east-1%2Fiam%2Faws4_request&X-Amz-
Date=20120223T063000Z&X-Amz-SignedHeaders=host
host:iam.amazonaws.com
host
<hashed-value>'
The String-to-Sign should have been

'AWS4-HMAC-SHA256
20120223T063000Z
20120223/us-east-1/iam/aws4_request
<hashed-value>'
</Message>
</Error>
<RequestId>4ced6e96-5de8-11e1-aa78-a56908bdf8eb</RequestId>
</ErrorResponse>
Troubleshooting credential scope errors

AWS products validate credentials for proper scope; the credential parameter must specify the correct
service, Region, and date. For example, the following credential references the Amazon RDS service:
Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-east-1/rds/aws4_request
If you use the same credentials to submit a request to IAM, you'll receive the following error response:
Version 1.0
1038
<Error>
<Type>Sender</Type>
<Message>Credential should be scoped to correct service: 'iam'. </Message>
</Error>
<RequestId>aa0da9de-5f2b-11e1-a2c0-c1dc98b6c575</RequestId>
The credential must also specify the correct Region. For example, the following credential for an IAM
request incorrectly specifies the US West (N. California) Region.
Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-west-1/iam/aws4_request
If you use the credential to submit a request to IAM, which accepts only the us-east-1 Region
specification, you'll receive the following response:
comma-separated<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Message>Credential should be scoped to a valid Region, not 'us-west-1'. </Message>
</Error>
<RequestId>8e229682-5f27-11e1-88f2-4b1b00f424ae</RequestId>
</ErrorResponse>
You'll receive the same type of invalid Region response from AWS products that are available in multiple
Regions if you submit requests to a Region that differs from the Region specified in your credential
scope.
The credential must also specify the correct Region for the service and action in your request.
The date that you use as part of the credential must match the date value in the x-amz-date header.
For example, the following x-amz-date header value does not match the date value used in the
Credential parameter that follows it.
x-amz-date:"20120224T213559Z"
Credential=AKIAIOSFODNN7EXAMPLE/20120225/us-east-1/iam/aws4_request
If you use this pairing of x-amz-date header and credential, you'll receive the following error response:
<Error>
<Type>Sender</Type>
<Message>Date in Credential scope does not match YYYYMMDD from ISO-8601 version of date
from HTTP: '20120225' != '20120224', from '20120 224T213559Z'.</Message>
</Error>
<RequestId>9d6ddd2b-5f2f-11e1-b901-a702cd369eb8</RequestId>
</ErrorResponse>
An expired signature can also generate an error response. For example, the following error response was
generated due to an expired signature.
<Error>
<Type>Sender</Type>
<Message>Signature expired: 20120306T074514Z is now earlier than 20120306T074556Z
(20120306T080056Z - 15 min.)</Message>
Version 1.0
1039
</Error>
<RequestId>fcc88440-5dec-11e1-b901-a702cd369eb8</RequestId>
</ErrorResponse>
Troubleshooting key signing errors

Errors that are caused by an incorrect derivation of the signing key or improper use of cryptography are
more difficult to troubleshoot. The error response will tell you that the signature does not match. If you
verified that the canonical string and the string to sign are correct, the cause of the signature mismatch
is most likely one of the two following issues:
• The secret access key does not match the access key ID that you specified in the Credential
parameter.
• There is a problem with your key derivation code.
To check whether the secret key matches the access key ID, you can use your secret key and access key ID
with a known working implementation. One way is to use one of the AWS SDKs to write a program that
makes a simple request to AWS using the access key ID and secret access key that you want to use.
To check whether your key derivation code is correct, you can compare it to our example derivation code.
For more information, see Examples of how to derive a signing key for Signature Version 4 (p. 1027).
Service-specific reference for Signature Version 4

To learn more about making and signing HTTP requests in the context of specific AWS services, see the
documentation for the following services:
• Amazon CloudSearch
• Amazon CloudWatch
• AWS Data Pipeline
• Amazon Elastic Compute Cloud (Amazon EC2)
• Amazon Elastic Transcoder
• Amazon S3 Glacier
• Amazon Mobile Analytics
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Simple Storage Service (Amazon S3)
• Amazon Simple Workflow Service (Amazon SWF)
• AWS WAF

Important
If you must write your own code to sign AWS API requests, use Signature Version 4
(SigV4) (p. 1012).
Version 1.0
1040
Supported Regions and services

You can use Signature Version 2 to sign API requests for some AWS services in some AWS Regions.
Otherwise, you must use Signature Version 4 to sign API requests.
Regions that support Signature Version 2
• US East (N. Virginia) Region

• US West (Oregon) Region
• Europe (Ireland) Region
• Asia Pacific (Tokyo) Region
• Asia Pacific (Sydney) Region
• South America (São Paulo) Region
Services that support Signature Version 2
• Amazon EC2 Auto Scaling

• AWS CloudFormation
• Amazon CloudWatch
• AWS Elastic Beanstalk
• Amazon Elastic Compute Cloud (Amazon EC2)
• Elastic Load Balancing
• Amazon EMR
• Amazon ElastiCache
• AWS Identity and Access Management (IAM)
• AWS Import/Export
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon SimpleDB
Services deprecating Signature Version 2
• Amazon Simple Storage Service (Amazon S3) - Amazon S3 Update - SigV2 Deprecation
• Amazon Simple Email Service (Amazon SES)
Components of a query request for Signature Version 2

AWS requires that each HTTP or HTTPS Query request formatted for Signature Version 2 contains the
following:
Endpoint
Also known as the host part of an HTTP request. This is the DNS name of the computer where you
send the Query request. This is different for each AWS Region.
Version 1.0
1041
Action
The action you want a web service to perform. This value determines the parameters used in the
request.
AWSAccessKeyId
A value distributed by AWS when you sign up for an AWS account.

SignatureMethod
The hash-based protocol used to calculate the signature. This can be either HMAC-SHA1 or HMAC-
SHA256 for Signature Version 2.
SignatureVersion
The version of the AWS signature protocol.

Timestamp
The time at which you make the request. Include this in the Query request to help prevent third
parties from intercepting your request.
Required and optional parameters
Each action has a set of required and optional parameters that define the API call.
Signature
The calculated value that ensures the signature is valid and has not been tampered.
The following is an example Amazon EMR Query request formatted as an HTTPS GET request.
• The endpoint, elasticmapreduce.amazonaws.com, is the default endpoint and maps to the Region
us-east-1.
• The action is DescribeJobFlows, which requests information about one or more job flows.
Note
In the actual Query request, there are no spaces or newline characters. The request is a
continuous line of text. The version below is formatted for human readability.
https://elasticmapreduce.amazonaws.com?
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&Action=DescribeJobFlows
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2011-10-03T15%3A19%3A30
&Version=2009-03-31
&Signature=calculated value
How to generate a signature for a Query request

Web service requests are sent across the Internet and are vulnerable to tampering. To check that the
request has not been altered, AWS calculates the signature to determine if any of the parameters or
parameter values were changed en route. AWS requires a signature as part of every request.
Be sure to URI encode the request. For example, blank spaces in your request should be encoded as
%20. Although an unencoded space is normally allowed by the HTTP protocol specification, unencoded
Version 1.0
1042
characters create an invalid signature in your Query request. Do not encode spaces as a plus sign (+) as
this will cause errors.
The following topics describe the steps needed to calculate a signature using AWS Signature Version 2.
Task 1: Format the Query request

Before you can sign the Query request, format the request in a standardized (canonical) format. This is
needed because the different ways to format a Query request will result in different HMAC signatures.
Format the request in a canonical format before signing. This ensures your application and AWS will
calculate the same signature for a request.
To create the string to sign, you concatenate the Query request components. The following example
generates the string to sign for the following call to the Amazon EMR API.
Action=DescribeJobFlows
&Version=2009-03-31
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&SignatureVersion=2
&Timestamp=2011-10-03T15:19:30
Note
In the preceding request, the last four parameters (AWSAccessKeyID through Timestamp) are
called authentication parameters. They're required in every Signature Version 2 request. AWS
uses them to identify who is sending the request and whether to grant the requested access.
To create the string to sign
1. Start with the request method (either GET or POST), followed by a newline character. For human
readability, the newline character is represented as \n.
GET\n
2. Add the HTTP host header (endpoint) in lowercase, followed by a newline character. The port
information is omitted if it is the standard port for the protocol (port 80 for HTTP and port 443 for
HTTPS), but included if it is a nonstandard port.
elasticmapreduce.amazonaws.com\n
3. Add the URL-encoded version of each path segment of the URI, which is everything between the
HTTP host header to the question mark character (?) that begins the query string parameters,
followed by a newline character. Don't encode the forward slash (/) that delimits each path
segment.
In this example, if the absolute path is empty, use a forward slash (/).
/\n
4. a. Add the query string components, as UTF-8 characters which are URL encoded (hexadecimal
characters must be uppercase). You do not encode the initial question mark character (?) in the
request. For more information, see RFC 3986.
b. Sort the query string components by byte order. Byte ordering is case sensitive. AWS sorts these
components based on the raw bytes.
For example, this is the original order for the query string components.
Version 1.0
1043
Version=2009-03-31
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
SignatureVersion=2
SignatureMethod=HmacSHA256
Timestamp=2011-10-03T15%3A19%3A30
The query string components would be reorganized as the following:
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2011-10-03T15%3A19%3A30
Version=2009-03-31
c. Separate parameter names from their values with the equal sign character (=), even if the value
is empty. Separate parameter and value pairs with the ampersand character (&). Concatenate
the parameters and their values to make one long string with no spaces. Spaces within a
parameter value are allowed, but must be URL encoded as %20. In the concatenated string,
period characters (.) are not escaped. RFC 3986 considers the period character an unreserved
character, so it is not URL encoded.
Note
RFC 3986 does not specify what happens with ASCII control characters, extended
UTF-8 characters, and other characters reserved by RFC 1738. Since any values may be
passed into a string value, these other characters should be percent encoded as %XY
where X and Y are uppercase hex characters. Extended UTF-8 characters take the form
%XY%ZA... (this handles multibytes).
The following example shows the query string components, with the parameters concatenated with
the ampersand character (&), and sorted by byte order.
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer
5. To construct the finished canonical request, combine all the components from each step. As shown,
each component ends with a newline character.
GET\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer
Task 2: Calculate the signature

After you've created the canonical string as described in Task 1: Format the Query request (p. 1043),
calculate the signature by creating a hash-based message authentication code (HMAC) that uses either
the HMAC-SHA1 or HMAC-SHA256 protocols. The HMAC-SHA256 is preferred.
In this example, the signature is calculated with the following canonical string and secret key as inputs to
a keyed hash function:
• Canonical query string:
GET\n
Version 1.0
1044
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersi
• Sample secret key:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
The resulting signature must be base-64 encoded.
i91nKc4PWAt0JJIdXwz9HxZCJDdiy6cf%2FMj6vPxyYIs%3D
Add the resulting value to the query request as a Signature parameter. When you add this parameter
to the request, you must URI encode it just like any other parameter. You can use the signed request in
an HTTP or HTTPS call.
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersion
%2FMj6vPxyYIs%3D
Note
You can use temporary security credentials provided by AWS Security Token Service (AWS STS)
to sign a request. The process is the same as using long-term credentials, but requests require
an additional parameter for the security token.
The following request uses a temporary access key ID and the SecurityToken parameter.
Example Example request with temporary security credentials
https://sdb.amazonaws.com/
?Action=GetAttributes
&AWSAccessKeyId=access-key-from-AWS Security Token Service
&DomainName=MyDomain
&ItemName=MyItem
&SignatureVersion=2
&Timestamp=2010-01-25T15%3A03%3A07-07%3A00
&Version=2009-04-15
&Signature=signature-calculated-using-the-temporary-access-key
&SecurityToken=session-token
For more information, see the following resources:
• The Amazon EMR Developer Guide has information about Amazon EMR API calls.
• The API documentation for each service has information about requirements and specific parameters
for an action.
• The AWS SDKs offer functions to generate Query request signatures. To see an example using the AWS
SDK for Java, see Using the Java SDK to sign a Query request (p. 1046).
Troubleshooting request signatures

This section describes some error codes you might see when you are initially developing code to generate
the signature to sign Query requests.
Version 1.0
1045
SignatureDoesNotMatch signing error in a web service

The following error response is returned when a web service attempts to validate the request signature
by recalculating the signature value and generates a value that does not match the signature you
appended to the request. This can occur because the request was altered between the time you sent it
and the time it reached a web service endpoint (which is what the signature is designed to detect) or
because the signature was calculated improperly. A common cause of the following error message is not
properly creating the string to sign, such as forgetting to URL-encode characters such as the colon (:) and
the forward slash (/) in Amazon S3 bucket names.
<ErrorResponse xmlns="http://elasticmapreduce.amazonaws.com/doc/2009-03-31">
<Error>
<Type>Sender</Type>
<Message>The request signature we calculated does not match the signature you
provided.
Check your AWS Secret Access Key and signing method.
Consult the service documentation for details.</Message>
</Error>
<RequestId>7589637b-e4b0-11e0-95d9-639f87241c66</RequestId>
</ErrorResponse>
IncompleteSignature signing error in a web service

The following error indicates that signature is missing information or has been improperly formed.
<ErrorResponse xmlns="http://elasticmapreduce.amazonaws.com/doc/2009-03-31">
<Error>
<Type>Sender</Type>
<Code>IncompleteSignature</Code>
<Message>Request must contain a signature that conforms to AWS standards</Message>
</Error>
<RequestId>7146d0dd-e48e-11e0-a276-bd10ea0cbb74</RequestId>
</ErrorResponse>
Using the Java SDK to sign a Query request

The following example uses the amazon.webservices.common package of the AWS SDK for Java to
generate an AWS Signature Version 2 Query request signature. To do so, it creates an RFC 2104-
compliant HMAC signature. For more information about HMAC, see HMAC: Keyed-Hashing for Message
Authentication.
Note
Java is used as an example implementation. You can use the programming language of your
choice to implement the HMAC algorithm to sign Query requests.
import java.security.SignatureException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import com.amazonaws.util.*;
/**
* This class defines common routines for generating
* authentication signatures for AWS Platform requests.
*/
public class Signature {
private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
Version 1.0
1046
AWS SDK support for Amazon S3 client-side encryption
/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The signed data.
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws
* java.security.SignatureException when signature generation fails
*/
public static String calculateRFC2104HMAC(String data, String key)
throws java.security.SignatureException
{
String result;
try {
// Get an hmac_sha256 key from the raw key bytes.

SecretKeySpec signingKey = new SecretKeySpec(key.getBytes("UTF-8"),
HMAC_SHA256_ALGORITHM);
// Get an hmac_sha256 Mac instance and initialize with the signing key.
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
// Compute the hmac on input data bytes.

byte[] rawHmac = mac.doFinal(data.getBytes("UTF-8"));
// Base64-encode the hmac by using the utility in the SDK

result = BinaryUtils.toBase64(rawHmac);
} catch (Exception e) {
throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
}
return result;
}
}
AWS SDK support for Amazon S3 client-side

encryption
The following tables list the cryptographic algorithms and features that are supported by the language–
specific AWS SDKs. For information about how to use the features for a particular SDK, see the developer
guide for that SDK.
If you are new to cryptography, see the AWS Cryptographic Services and Tools Guide to learn the terms
and concepts.
Note
The AWS Encryption SDK is a client-side encryption library that is independent of the AWS SDKs.
You can use this encryption library to more easily implement encryption best practices. Unlike
the Amazon S3 encryption clients in the language–specific AWS SDKs, the AWS Encryption SDK
returns a portable ciphertext that is not tied to Amazon S3, does not require an AWS account,
and can be used to encrypt or decrypt any unformatted data.
The AWS Encryption SDK and the Amazon S3 encryption clients are not compatible because
they produce ciphertexts with different data formats. For more information about the AWS
Encryption SDK, see the AWS Encryption SDK Developer Guide.
Version 1.0
1047
AWS SDK features for Amazon S3 client-side encryption
AWS SDK features for Amazon S3 client-side

encryption
To use the Amazon S3 client-side encryption library to encrypt data before uploading to Amazon S3, you
must provide a root key to the Amazon S3 encryption client. You can provide a client-side root key or use
an AWS KMS key from AWS Key Management Service (AWS KMS) . The AWS KMS keys make it easier to
create and manage cryptographic keys securely. For more information about these features, choose the
links provided in the Feature column.
For details about how to use the features for a particular SDK, see the SDK's developer guide.
In the following table, each column indicates whether the AWS Command Line Interface or SDK for a
specific language supports the features used in client-side encryption.
Feature Java .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI
Amazon Yes Yes Yes No No Yes No Yes Yes

S3
client-
side
encryption
AWS Yes Yes Yes No No Yes No Yes Yes

KMS
keys
For information about the v2 Amazon S3 encryption clients that support client-side encryption, see our
blog post about Updates to the Amazon S3 Encryption Client.
For more details about the legacy v1 Amazon S3 encryption client, see the following blog posts.
• Client-Side Data Encryption for Amazon S3 Using the AWS SDK for Java
• Client Side Data Encryption with AWS SDK for .NET and Amazon S3
• Using Client-Side Encryption for Amazon S3 in the AWS SDK for Ruby
• Using the AWS SDK for Go Encryption Client
• Amazon S3 Encryption Client Now Available for C++ Developers
Amazon S3 encryption client cryptographic

algorithms
The following table lists the algorithms that each language–specific AWS SDK supports for encrypting
keys and data when using the Amazon S3 encryption client.
AlgorithmJava .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI
Key Yes Yes Yes No No No No No No

Wrap:
RSA-
OAEP-
SHA1
Version 1.0
1048
Amazon S3 encryption client cryptographic algorithms
AlgorithmJava .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI
Key Yes Yes Yes No No No No No Yes

Wrap:
AES/
GCM
Key Yes Yes Yes No No Yes No Yes Yes

Wrap:
KMS
+context
Key DeprecatedDeprecatedDeprecatedNo No No No No No
Wrap:
AES/
ECB
Key DeprecatedDeprecatedDeprecatedNo No No No No Deprecated

Wrap:
AESWrap
Key DeprecatedNo DeprecatedNo No No No No No

Wrap:
RSA
Key DeprecatedDeprecatedDeprecatedNo No DeprecatedNo DeprecatedDeprecated

Wrap:
KMS
Content Yes Yes Yes No No Yes No Yes Yes

Encryption:
AES/
GCM
Content DeprecatedNo DeprecatedNo No No No DeprecatedDeprecated

Encryption:
AES/
CBC
For more information about authenticated and encryption-only modes, see the Amazon S3 Client-Side
Authenticated Encryption blog post.
Version 1.0
1049
Document conventions
The following are the common typographical conventions for AWS technical publications.
Inline code (for example, commands, operations, parameters, constants, XML elements, and regular
expressions)
Formatting: Text in a monospace font
Example: java -version

Example blocks (for example, sample code and scripts)
Formatting: Text in a monospace font inside a shaded block
Example:
# ls -l /var/www/html/index.html
-rw-rw-r-- 1 root root 1872 Jun 21 09:33 /var/www/html/index.html
# date
Wed Jun 21 09:33:42 EDT 2006
Mutually exclusive options
Formatting: Text separated by vertical bars
Example: (start | stride | edge)

Optional parameters
Formatting: Text enclosed in square brackets
Example: [-n, -quiet]

Definitions
Formatting: Text in italics
Example: Amazon Machine Image (AMI)

Technical publications
Example: Amazon Simple Storage Service User Guide

Elements in the user interface
Formatting: Text in bold
Example: Choose File, Properties.

User input (text that a user types)
Formatting: Text in a monospace font
Example: For the name, type my-new-resource.

Placeholder text for a required value
Version 1.0
1050
Example:
aws ec2 register-image --image-location my-s3-bucket/image.manifest.xml
Version 1.0
1051
AWS glossary
Numbers and symbols (p. 1052) | A (p. 1052) | B (p. 1069) | C (p. 1070) | D (p. 1075) | E (p. 1078) | F (p. 1081) |
G (p. 1082) | H (p. 1083) | I (p. 1084) | J (p. 1086) | K (p. 1087) | L (p. 1087) | M (p. 1088) | N (p. 1091) | O (p. 1092)
| P (p. 1093) | Q (p. 1096) | R (p. 1097) | S (p. 1100) | T (p. 1106) | U (p. 1108) | V (p. 1109) | W (p. 1110) | X, Y,
Z (p. 1110)
Numbers and symbols

100-continue A method that gives a client the ability to see whether a server can accept a
request before actually sending it. For large PUT requests, this method can save
both time and bandwidth charges.
A
Z (p. 1110)
AAD See additional authenticated data.
Access Analyzer A feature of AWS Identity and Access Management (IAM) (p. 1065) that you can
use to identify the resources in your organization and accounts that are shared
with an external entity. Example resources include Amazon S3 buckets or IAM
roles.
See Also https://aws.amazon.com/about-aws/whats-new/2019/12/introducing-
aws-identity-and-access-management-access-analyzer/.
access control list (ACL) A document that defines who can access a particular bucket (p. 1070) or
object. Each bucket (p. 1070) and object in Amazon S3 (p. 1060) has an ACL.
This document defines what each type of user can do, such as write and read
permissions.
access identifiers See credentials.
access key The combination of an access key ID (p. 1052) (for example,
AKIAIOSFODNN7EXAMPLE) and a secret access key (p. 1101) (for example,
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign
API requests that you make to AWS.
access key ID A unique identifier that's associated with a secret access key (p. 1101); the
access key ID and secret access key are used together to sign programmatic AWS
requests cryptographically.
Version 1.0
1052
access key rotation A method to increase security by changing the AWS access key ID. You can use
this method to retire an old key at your discretion.
access policy language A language for writing documents (specifically, policies (p. 1094)) that specify
who can access a particular AWS resource (p. 1099) and under what conditions.
account A formal relationship with AWS that's associated with all of the following:
• The owner email address and password

• The control of resources created under its umbrella
• Payment for the AWS activity related to those resources
The AWS account has permission to do anything and everything with all the
AWS account resources. This is in contrast to a user (p. 1108), which is an entity
contained within the account.
account activity A webpage showing your month-to-date AWS usage and costs. The account
activity page is located at https://aws.amazon.com/account-activity/.
ACL See access control list (ACL).
ACM See the section called “ACM”.
ACM PCA See the section called “AWS Private CA”.
ACM Private CA See the section called “AWS Private CA”.
action An API function. Also called operation or call. The activity the principal (p. 1095)
has permission to perform. The action is B in the statement "A has permission
to do B to C where D applies." For example, Jane sends a request to Amazon
SQS (p. 1060) with Action=ReceiveMessage.
Amazon CloudWatch (p. 1054): The response initiated by the change in an alarm's
state (for example, from OK to ALARM). The state change might be caused by a
metric reaching the alarm threshold, or by a SetAlarmState request. Each alarm
can have one or more actions assigned to each state. Actions are performed once
each time the alarm changes to a state that has an action assigned. Example
actions include an Amazon Simple Notification Service (p. 1059) notification,
running an Amazon EC2 Auto Scaling (p. 1056) policy (p. 1094), and an Amazon
EC2 (p. 1055) instance (p. 1085) stop/terminate action.
active trusted key groups A list that shows each of the trusted key groups (p. 1108), and the IDs of the
public keys in each key group, that are active for a distribution in Amazon
CloudFront. CloudFront can use the public keys in these key groups to verify the
signatures of CloudFront signed URLs and signed cookies.
active trusted signers See active trusted key groups (p. 1053).
additional authenticated data Information that's checked for integrity but not encrypted, such as headers or
other contextual metadata.
administrative suspension Amazon EC2 Auto Scaling (p. 1056) might suspend processes for Auto Scaling
group (p. 1062) that repeatedly fail to launch instances. Auto Scaling groups
that most commonly experience administrative suspension have zero running
instances, have been trying to launch instances for more than 24 hours, and have
not succeeded in that time.
alarm An item that watches a single metric over a specified time period and starts an
Amazon SNS (p. 1059) topic (p. 1107) or an Amazon EC2 Auto Scaling (p. 1056)
Version 1.0
1053
policy (p. 1094). These actions are started if the value of the metric crosses a
threshold value over a predetermined number of time periods.
allow One of two possible outcomes (the other is deny (p. 1077)) when an
IAM (p. 1065) access policy (p. 1094) is evaluated. When a user makes a request
to AWS, AWS evaluates the request based on all permissions that apply to the
user and then returns either allow or deny.
Amazon API Gateway A fully managed service that developers can use to create, publish, maintain,
monitor, and secure APIs at any scale.
See Also https://aws.amazon.com/api-gateway.
Amazon AppStream 2.0 A fully managed, secure service for streaming desktop applications to users
without rewriting those applications.
See Also https://aws.amazon.com/appstream/.
Amazon Athena An interactive query service that you can use to analyze data in Amazon S3 using
ANSI SQL. Athena is serverless, so there's no infrastructure to manage. Athena
scales automatically and is simple to use, so you can start analyzing your datasets
within seconds.
See Also https://aws.amazon.com/athena/.
Amazon Aurora A fully managed MySQL-compatible relational database engine that combines
the speed and availability of commercial databases with the simplicity and cost-
effectiveness of open-source databases.
See Also https://aws.amazon.com/rds/aurora/.
Amazon Chime A secure, real-time, unified communications service that transforms meetings by
making them more efficient and easier to conduct.
See Also https://aws.amazon.com/chime/.
Amazon Cloud Directory A service that provides a highly scalable directory store for your application’s
(Cloud Directory) multihierarchical data.
See Also https://aws.amazon.com/cloud-directory/.
Amazon CloudFront An AWS content delivery service that helps you improve the performance,
reliability, and availability of your websites and applications.
See Also https://aws.amazon.com/cloudfront.
Amazon CloudSearch A fully managed service in the AWS Cloud that you can use to set up, manage,
and scale a search solution for your website or application.
Amazon CloudWatch A web service that you can use to monitor and manage various metrics, and
configure alarm actions based on data from those metrics.
See Also https://aws.amazon.com/cloudwatch.
Amazon CloudWatch Events A web service that you can use to deliver a timely stream of system events that
describe changes in AWS resources (p. 1099) to AWS Lambda (p. 1066) functions,
streams in Amazon Kinesis Data Streams (p. 1057), Amazon Simple Notification
Service (p. 1059) topics, or built-in targets.
Amazon CloudWatch Logs A web service for monitoring and troubleshooting your systems and applications
from your existing system, application, and custom log files. You can send your
existing log files to CloudWatch Logs and monitor these logs in near-real time.
Amazon Cognito A web service that you can use to save mobile user data in the AWS Cloud without
writing any backend code or managing any infrastructure. Examples of mobile
Version 1.0
1054
user data that you can save include app preferences and game states. Amazon
Cognito offers mobile identity management and data synchronization across
devices.
See Also https://aws.amazon.com/cognito/.
Amazon Comprehend A natural language processing (NLP) service that uses machine learning to find
insights and relationships in text.
See Also https://aws.amazon.com/comprehend/.
Amazon Comprehend Medical A HIPAA-eligible natural language processing (NLP) service that uses machine
learning to extract health data from medical text.
See Also https://aws.amazon.com/comprehend/medical/.
Amazon Connect A service solution that offers self-service configuration and provides dynamic,
personal, and natural customer engagement at any scale.
See Also https://aws.amazon.com/connect/.
Amazon Corretto A no-cost, multiplatform, production-ready distribution of the Open Java

Development Kit (OpenJDK).
See Also https://aws.amazon.com/corretto/.
Amazon Detective A service that collects log data from your AWS resources to analyze and identify
the root cause of security findings or suspicious activities. The Detective behavior
graph provides visualizations to help you to determine the nature and extent of
possible security issues and conduct an efficient investigation.
See Also https://aws.amazon.com/detective/.
Amazon DocumentDB (with A managed database service that you can use to set up, operate, and scale
MongoDB compatibility) MongoDB-compatible databases in the cloud.
See Also https://aws.amazon.com/documentdb/.
Amazon DynamoDB A fully managed NoSQL database service that provides fast and predictable
performance with seamless scalability.
See Also https://aws.amazon.com/dynamodb/.
Amazon DynamoDB A software library that helps you protect your table data before you send it to
Encryption Client Amazon DynamoDB (p. 1055).
Amazon DynamoDB Storage A storage backend for the Titan graph database implemented on top of Amazon
Backend for Titan DynamoDB. Titan is a scalable graph database optimized for storing and querying
graphs.
Amazon DynamoDB Streams An AWS service that captures a time-ordered sequence of item-level
modifications in any Amazon DynamoDB table. This service also stores this
information in a log for up to 24 hours. Applications can access this log and view
the data items as they appeared before and after they were modified, in near-real
time.
Amazon EBS-backed AMI A type of Amazon Machine Image (AMI) (p. 1058) whose instances use an Amazon
EBS (p. 1056) volume (p. 1110) as their root device. Compare this with instances
launched from instance backeds (p. 1085), which use the instance store (p. 1085)
as the root device.
Amazon EC2 A web service for launching and managing Linux/UNIX and Windows Server
instances (p. 1085) in Amazon data centers.
See Also Amazon Elastic Compute Cloud (Amazon EC2), https://aws.amazon.com/
ec2.
Version 1.0
1055
Amazon EC2 Auto Scaling A web service that launches or terminates instances automatically based on user-
defined policies (p. 1094), schedules, and health checks (p. 1083).
See Also https://aws.amazon.com/ec2/autoscaling.
Amazon Elastic Block Store A service that provides block level storage volumes (p. 1110) or use with EC2
(Amazon EBS) instances (p. 1078).
See Also https://aws.amazon.com/ebs.
Amazon Elastic Compute A web service that you can use to launch and manage Linux/UNIX and Windows
Cloud (Amazon EC2) Server instances (p. 1085) in Amazon data centers.
See Also https://aws.amazon.com/ec2.
Amazon Elastic Container A fully managed Docker container registry that you can use to store, manage,
Registry (Amazon ECR) and deploy Docker container images. Amazon ECR is integrated with Amazon
Elastic Container Service (Amazon ECS) (p. 1056) and AWS Identity and Access
Management (IAM) (p. 1065).
See Also https://aws.amazon.com/ecr.
Amazon Elastic Container A highly scalable, fast, container (p. 1073) management service that you can
Service (Amazon ECS) use to run, stop, and manage Docker containers on a cluster (p. 1072) of EC2
instances.
See Also https://aws.amazon.com/ecs.
Amazon Elastic File System A file storage service for EC2 (p. 1055) instances (p. 1085). Amazon EFS provides
(Amazon EFS) an interface that you can use to create and configure file systems. Amazon EFS
storage capacity grows and shrinks automatically as you add and remove files.
See Also https://aws.amazon.com/efs/.
Amazon Elastic Kubernetes A managed service that you can use to run Kubernetes on AWS without needing
Service (Amazon EKS) to stand up or maintain your own Kubernetes control plane.
See Also https://aws.amazon.com/eks/.
Amazon Elastic Transcoder A cloud-based media transcoding service. Elastic Transcoder is a highly scalable
tool for converting (or transcoding) media files from their source format into
versions that play on devices such as smartphones, tablets, and PCs.
See Also https://aws.amazon.com/elastictranscoder/.
Amazon ElastiCache A web service that simplifies deploying, operating, and scaling an in-memory
cache in the cloud. The service improves the performance of web applications by
providing information retrieval from fast, managed, in-memory caches, instead of
relying entirely on slower disk-based databases.
See Also https://aws.amazon.com/elasticache/.
Amazon OpenSearch Service An AWS managed service for deploying, operating, and scaling OpenSearch, an
(OpenSearch Service) open-source search and analytics engine, in the AWS Cloud. Amazon OpenSearch
Service (OpenSearch Service) also offers security options, high availability, data
durability, and direct access to the OpenSearch API.
See Also https://aws.amazon.com/elasticsearch-service.
Amazon EMR A web service that you can use to process large amounts of data efficiently.
Amazon EMR uses Hadoop (p. 1083) processing combined with several AWS
products to do such tasks as web indexing, data mining, log file analysis, machine
learning, scientific simulation, and data warehousing.
See Also https://aws.amazon.com/elasticmapreduce.
Amazon EventBridge A serverless event bus service that you can use to connect your applications
with data from a variety of sources and routes that data to targets such as AWS
Lambda. You can set up routing rules to determine where to send your data to
build application architectures that react in real time to all of your data sources.
See Also https://aws.amazon.com/eventbridge/.
Version 1.0
1056
Amazon Forecast A fully managed service that uses statistical and machine learning algorithms to
produce highly accurate time-series forecasts.
See Also https://aws.amazon.com/forecast/.
Amazon GameLift A managed service for deploying, operating, and scaling session-based
multiplayer games.
See Also https://aws.amazon.com/gamelift/.
Amazon GuardDuty A continuous security monitoring service. Amazon GuardDuty can help to identify
unexpected and potentially unauthorized or malicious activity in your AWS
environment.
See Also https://aws.amazon.com/guardduty/.
Amazon Inspector An automated security assessment service that helps improve the security and
compliance of applications deployed on AWS. Amazon Inspector automatically
assesses applications for vulnerabilities or deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed report with
prioritized steps for remediation.
See Also https://aws.amazon.com/inspector.
Amazon Kinesis A platform for streaming data on AWS. Kinesis offers services that simplify the
loading and analysis of streaming data.
See Also https://aws.amazon.com/kinesis/.
Amazon Kinesis Data Firehose A fully managed service for loading streaming data into AWS. Kinesis Data
Firehose can capture and automatically load streaming data into Amazon
S3 (p. 1060) and Amazon Redshift (p. 1059), enabling near real-time analytics
with existing business intelligence tools and dashboards. Kinesis Data Firehose
automatically scales to match the throughput of your data and requires no
ongoing administration. It can also batch, compress, and encrypt the data before
loading it.
See Also https://aws.amazon.com/kinesis/firehose/.
Amazon Kinesis Data Streams A web service for building custom applications that process or analyze streaming
data for specialized needs. Amazon Kinesis Data Streams can continuously
capture and store terabytes of data per hour from hundreds of thousands of
sources.
See Also https://aws.amazon.com/kinesis/streams/.
Amazon Lightsail You can use Lightsail to launch and manage a virtual private server with AWS.
Lightsail offers bundled plans that include everything you need to deploy a
virtual private server, for a low monthly rate.
See Also https://aws.amazon.com/lightsail/.
Amazon Lookout for A machine learning service that uses data from sensors mounted on factory
Equipment equipment to detect abnormal behavior so you can take action before machine
failures occur.
See Also https://aws.amazon.com/lookout-for-equipment/.
Amazon Lookout for Vision A machine learning service that uses computer vision (CV) to find defects in
industrial products. Amazon Lookout for Vision can identify missing components
in an industrial product, damage to vehicles or structures, irregularities in
production lines, and even minuscule defects in silicon wafers—or any other
physical item where quality is important.
See Also https://aws.amazon.com/lookout-for-vision/.
Amazon Lumberyard A cross-platform, 3D game engine for creating high-quality games. You can
connect games to the compute and storage of the AWS Cloud and engage fans on
Twitch.
Version 1.0
1057
See Also https://aws.amazon.com/lumberyard/.
Amazon Machine Image (AMI) An encrypted machine image stored in Amazon Elastic Block Store (Amazon
EBS) (p. 1056) or Amazon Simple Storage Service (p. 1060). AMIs function similar
to a template of a computer's root drive. They contain the operating system and
can also include software and layers of your application, such as database servers,
middleware, and web servers.
Amazon Machine Learning A cloud-based service that creates machine learning (ML) models by finding
patterns in your data, and uses these models to process new data and generate
predictions.
See Also http://aws.amazon.com/machine-learning/.
Amazon Macie A security service that uses machine learning to automatically discover, classify,
and protect sensitive data in AWS.
See Also http://aws.amazon.com/macie/.
Amazon Managed Blockchain A fully managed service for creating and managing scalable blockchain networks
using popular open source frameworks.
See Also http://aws.amazon.com/managed-blockchain/.
Amazon Managed Grafana A fully managed and secure data visualization service that you can use to
instantly query, correlate, and visualize operational metrics, logs, and traces from
multiple data sources.
See Also https://aws.amazon.com/grafana/.
Amazon Managed Service for A service that provides highly available, secure, and managed monitoring for your
Prometheus containers.
See Also https://aws.amazon.com/prometheus/.
Amazon ML See Amazon Machine Learning.
Amazon Mobile Analytics A service for collecting, visualizing, understanding, and extracting mobile app
(Mobile Analytics) usage data at scale.
See Also https://aws.amazon.com/mobileanalytics.
Amazon Monitron An end-to-end system that uses machine learning (ML) to detect abnormal
behavior in industrial machinery. Use Amazon Monitron to implement predictive
maintenance and reduce unplanned downtime.
See Also https://aws.amazon.com/monitron/.
Amazon MQ A managed message broker service for Apache ActiveMQ that you can use to set
up and operate message brokers in the cloud.
See Also https://aws.amazon.com/amazon-mq/.
Amazon Neptune A managed graph database service that you can use to build and run applications
that work with highly connected datasets. Neptune supports the popular graph
query languages Apache TinkerPop Gremlin and W3C’s SPARQL, enabling you to
build queries that efficiently navigate highly connected datasets.
See Also https://aws.amazon.com/neptune/.
Amazon Personalize An artificial intelligence service for creating individualized product and content
recommendations.
See Also https://aws.amazon.com/personalize/.
Amazon Polly A text-to-speech (TTS) service that turns text into natural-sounding human
speech. Amazon Polly provides dozens of lifelike voices across a broad set of
languages so that you can build speech-enabled applications that work in many
different countries.
Version 1.0
1058
See Also https://aws.amazon.com/polly/.
Amazon QuickSight A fast, cloud-powered business analytics service that you can use to build
visualizations, perform analysis, and quickly get business insights from your data.
See Also https://aws.amazon.com/quicksight/.
Amazon Rekognition A machine learning service that identifies objects, people, text, scenes, and
activities, including inappropriate content, in either image or video files. With
Amazon Rekognition Custom Labels, you can create a customized ML model that
detects objects and scenes specific to your business in images.
See Also https://aws.amazon.com/rekognition/.
Amazon Redshift A fully managed, petabyte-scale data warehouse service in the cloud. With
Amazon Redshift, you can analyze your data using your existing business
intelligence tools.
See Also https://aws.amazon.com/redshift/.
Amazon Relational Database A web service that makes it easier to set up, operate, and scale a relational
Service (Amazon RDS) database in the cloud. It provides cost-efficient, resizable capacity for an industry-
standard relational database and manages common database administration
tasks.
See Also https://aws.amazon.com/rds.
Amazon Resource Name A standardized way to refer to an AWS resource (p. 1099) (for example,
(ARN) arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob).
Amazon Route 53 A web service that you can use to create a new DNS service or to migrate your
existing DNS service to the cloud.
See Also https://aws.amazon.com/route53.
Amazon S3 Storage for the internet. You can use it to store and retrieve any amount of data
at any time, from anywhere on the web.
See Also Amazon Simple Storage Service (Amazon S3), https://aws.amazon.com/
s3.
Amazon S3-Backed AMI See instance store-backed AMI.
Amazon S3 Glacier A secure, durable, and low-cost storage service for data archiving and long-term
backup. You can reliably store large or small amounts of data for significantly
less than on-premises solutions. S3 Glacier is optimized for infrequently accessed
data, where a retrieval time of several hours is suitable.
See Also https://aws.amazon.com/glacier/.
AWS Security Hub A service that provides a comprehensive view of the security state of your AWS
resources. Security Hub collects security data from AWS accounts and services and
helps you analyze your security trends to identify and prioritize the security issues
across your AWS environment.
See Also https://aws.amazon.com/security-hub/.
Amazon Silk A next-generation web browser that's available only on Fire OS tablets and
phones. Built on a split architecture that divides processing between the client
and the AWS Cloud, Amazon Silk creates a faster, more responsive mobile
browsing experience.
Amazon Simple Email Service An simple and cost-effective email solution for applications.
(Amazon SES) See Also https://aws.amazon.com/ses.
Amazon Simple Notification A web service that applications, users, and devices can use to instantly send and
Service (Amazon SNS) receive notifications from the cloud.
See Also https://aws.amazon.com/sns.
Version 1.0
1059
Amazon Simple Queue Reliable and scalable hosted queues for storing messages as they travel between
Service (Amazon SQS) computers.
See Also https://aws.amazon.com/sqs.
Amazon Simple Storage Storage for the internet. You can use it to store and retrieve any amount of data
Service (Amazon S3) at any time, from anywhere on the web.
See Also https://aws.amazon.com/s3.
Amazon Simple Workflow A fully managed service that helps developers build, run, and scale background
Service (Amazon SWF) jobs that have parallel or sequential steps. Amazon SWF functions similar to a
state tracker and task coordinator in the AWS Cloud.
See Also https://aws.amazon.com/swf/.
Amazon Sumerian A set of tools for creating and running high-quality 3D, augmented reality (AR),
and virtual reality (VR) applications on the web.
See Also https://aws.amazon.com/sumerian/.
Amazon Textract A service that automatically extracts text and data from scanned documents.
Amazon Textract goes beyond simple optical character recognition (OCR) to also
identify the contents of fields in forms and information stored in tables.
See Also https://aws.amazon.com/textract/.
Amazon Transcribe A machine learning service that uses automatic speech recognition (ASR) to
quickly and accurately convert speech to text.
See Also https://aws.amazon.com/transcribe/.
Amazon Transcribe Medical An automatic speech recognition (ASR) service for adding medical speech-to-text
capabilities to voice-enabled clinical documentation applications.
See Also https://aws.amazon.com/transcribe/medical/.
Amazon Translate A neural machine translation service that delivers fast, high-quality, and
affordable language translation.
See Also https://aws.amazon.com/translate/.
Amazon Virtual Private Cloud A web service for provisioning a logically isolated section of the AWS Cloud virtual
(Amazon VPC) network that you define. You control your virtual networking environment by
selecting your own IP address range, creating subnets (p. 1105) and configuring
route tables (p. 1100) and network gateways.
See Also https://aws.amazon.com/vpc.
Amazon VPC See Amazon Virtual Private Cloud (Amazon VPC).
Amazon Web Services (AWS) An infrastructure web services platform in the cloud for companies of all sizes.
See Also https://aws.amazon.com/what-is-cloud-computing/.
Amazon WorkDocs A managed, secure enterprise document storage and sharing service with
administrative controls and feedback capabilities.
See Also https://aws.amazon.com/workdocs/.
Amazon WorkLink A cloud-based service that provides secure access to internal websites and web
apps from mobile devices.
See Also https://aws.amazon.com/worklink/.
Amazon WorkMail A managed, secure business email and calendar service with support for existing
desktop and mobile email clients.
See Also https://aws.amazon.com/workmail/.
Amazon WorkSpaces A managed, secure desktop computing service for provisioning cloud-
based desktops and providing users access to documents, applications, and
resources (p. 1099) from supported devices.
Version 1.0
1060
See Also https://aws.amazon.com/workspaces/.
Amazon WorkSpaces A web service for deploying and managing applications for WorkSpaces. Amazon
Application Manager (Amazon WAM accelerates software deployment, upgrades, patching, and retirement by
WAM) packaging Windows desktop applications into virtualized application containers.
See Also https://aws.amazon.com/workspaces/applicationmanager.
AMI See Amazon Machine Image (AMI).
analysis scheme Amazon CloudSearch (p. 1054): Language-specific text analysis options that
are applied to a text field to control stemming and configure stopwords and
synonyms.
application AWS Elastic Beanstalk (p. 1064): A logical collection of components, including
environments, versions, and environment configurations. An application is
conceptually similar to a folder.
AWS CodeDeploy (p. 1063): A name that uniquely identifies the application to be
deployed. AWS CodeDeploy uses this name to ensure the correct combination of
revision, deployment configuration, and deployment group are referenced during
a deployment.
Application Auto Scaling A web service that you can use to configure automatic scaling for AWS resources
beyond Amazon EC2, such as Amazon ECS services, Amazon EMR clusters, and
DynamoDB tables.
See Also https://aws.amazon.com/autoscaling/.
Application Billing The location where your customers manage the Amazon DevPay products they've
purchased. The web address is http://www.amazon.com/dp-applications.
application revision AWS CodeDeploy (p. 1063): An archive file containing source content—such
as source code, webpages, executable files, and deployment scripts—along
with an application specification file (p. 1061). Revisions are stored in Amazon
S3 (p. 1060) buckets (p. 1070) or GitHub (p. 1082) repositories. For Amazon S3, a
revision is uniquely identified by its Amazon S3 object key and its ETag, version, or
both. For GitHub, a revision is uniquely identified by its commit ID.
application specification file AWS CodeDeploy (p. 1063): A YAML-formatted file used to map the source files
in an application revision to destinations on the instance. The file is also used to
specify custom permissions for deployed files and specify scripts to be run on
each instance at various stages of the deployment process.
application version AWS Elastic Beanstalk (p. 1064): A specific, labeled iteration of an application
that represents a functionally consistent set of deployable application code. A
version points to an Amazon S3 (p. 1060) object (a JAVA WAR file) that contains
the application code.
AppSpec file See application specification file.
ARN See Amazon Resource Name (ARN).
artifact AWS CodePipeline (p. 1063): A copy of the files or changes that are worked on by
the pipeline.
asymmetric encryption Encryption (p. 1079) that uses both a public key and a private key.
asynchronous bounce A type of bounce (p. 1070) that occurs when a receiver (p. 1097) initially accepts
an email message for delivery and then subsequently fails to deliver it.
atomic counter DynamoDB: A method of incrementing or decrementing the value of an existing

attribute without interfering with other write requests.
Version 1.0
1061
attribute A fundamental data element, something that doesn't need to be broken down
any further. In DynamoDB, attributes are similar in many ways to fields or
columns in other database systems.
Amazon Machine Learning: A unique, named property within an observation in a

dataset. In tabular data, such as spreadsheets or comma-separated values (.csv)
files, the column headings represent the attributes, and the rows contain values
for each attribute.
AUC Area Under a Curve. An industry-standard metric to evaluate the quality of a

binary classification machine learning model. AUC measures the ability of the
model to predict a higher score for positive examples, those that are “correct,”
than for negative examples, those that are “incorrect.” The AUC metric returns a
decimal value from 0 to 1. AUC values near 1 indicate an ML model that's highly
accurate.
Aurora See the section called “Amazon Aurora”.
authenticated encryption Encryption (p. 1079) that provides confidentiality, data integrity, and authenticity
assurances of the encrypted data.
authentication The process of proving your identity to a system.
Auto Scaling group A representation of multiple EC2 instances (p. 1078) that share similar
characteristics, and that are treated as a logical grouping for the purposes of
instance scaling and management.
Availability Zone A distinct location within a Region (p. 1098) that's insulated from failures in other
Availability Zones, and provides inexpensive, low-latency network connectivity to
other Availability Zones in the same Region.
AWS See Amazon Web Services (AWS).
AWS Application Discovery A web service that helps you plan to migrate to AWS by identifying IT assets
Service in a data center—including servers, virtual machines, applications, application
dependencies, and network infrastructure.
See Also https://aws.amazon.com/about-aws/whats-new/2016/04/aws-
application-discovery-service/.
AWS AppSync An enterprise level, fully managed GraphQL service with real-time data
synchronization and offline programming features.
See Also https://aws.amazon.com/appsync/.
AWS Auto Scaling A fully managed service that you can use to quickly discover the scalable AWS
resources that are part of your application and configure dynamic scaling.
See Also https://aws.amazon.com/autoscaling/.
AWS Backup A managed backup service that you can use to centralize and automate the
backup of data across AWS services in the cloud and on premises.
See Also https://aws.amazon.com/backup/.
AWS Billing and Cost The AWS Cloud computing model where you pay for services on demand and
Management use as much or as little as you need. While resources (p. 1099) are active under
your account, you pay for the cost of allocating those resources. You also pay for
any incidental usage associated with those resources, such as data transfer or
allocated storage.
See Also https://aws.amazon.com/billing/new-user-faqs/.
AWS Blockchain Templates A service for creating and deploying open-source blockchain frameworks on AWS,
such as Ethereum and Hyperledger Fabric.
Version 1.0
1062
See Also https://aws.amazon.com/blockchain/templates/.
AWS Certificate Manager A web service for provisioning, managing, and deploying Secure Sockets
(ACM) Layer/Transport Layer Security (p. 1108) (SSL/TLS) certificates for use with AWS
services.
See Also https://aws.amazon.com/certificate-manager/.
AWS Private Certificate A hosted private certificate authority service for issuing and revoking private
Authority (AWS Private CA) digital certificates (p. 1071).
See Also https://aws.amazon.com/certificate-manager/private-certificate-
authority/.
AWS Cloud Development Kit An open-source software development framework for defining your cloud
(AWS CDK) infrastructure in code and provisioning it through AWS CloudFormation.
See Also https://aws.amazon.com/cdk/.
AWS Cloud Map A service that you use to create and maintain a map of the backend services and
resources that your applications depend on. With AWS Cloud Map, you can name
and discover your AWS Cloud resources.
See Also https://aws.amazon.com/cloud-map.
AWS Cloud9 A cloud-based integrated development environment (IDE) that you use to write,
run, and debug code.
See Also https://aws.amazon.com/cloud9/.
AWS CloudFormation A service for writing or changing templates that create and delete related AWS
resources (p. 1099) together as a unit.
See Also https://aws.amazon.com/cloudformation.
AWS CloudHSM A web service that helps you meet corporate, contractual, and regulatory
compliance requirements for data security by using dedicated hardware security
module (HSM) appliances within the AWS Cloud.
See Also https://aws.amazon.com/cloudhsm/.
AWS CloudTrail A web service that records AWS API calls for your account and delivers log files to
you. The recorded information includes the identity of the API caller, the time of
the API call, the source IP address of the API caller, the request parameters, and
the response elements returned by the AWS service.
See Also https://aws.amazon.com/cloudtrail/.
AWS CodeBuild A fully managed continuous integration service that compiles source code, runs
tests, and produces software packages that are ready to deploy.
See Also https://aws.amazon.com/codebuild.
AWS CodeCommit A fully managed source control service that companies can use to host secure and
highly scalable private Git repositories.
See Also https://aws.amazon.com/codecommit.
AWS CodeDeploy A service that automates code deployments to any instance, including EC2
instances (p. 1078) and instances (p. 1085) running on-premises.
See Also https://aws.amazon.com/codedeploy.
AWS CodeDeploy agent A software package that, when installed and configured on an instance, enables
that instance to be used in CodeDeploy deployments.
AWS CodePipeline A continuous delivery service for fast and reliable application updates.
See Also https://aws.amazon.com/codepipeline.
AWS Command Line Interface A unified downloadable and configurable tool for managing AWS services.
(AWS CLI) Control multiple AWS services from the command line and automate them
through scripts.
Version 1.0
1063
See Also https://aws.amazon.com/cli/.
AWS Config A fully managed service that provides an AWS resource (p. 1099) inventory,
configuration history, and configuration change notifications for better security
and governance. You can create rules that automatically check the configuration
of AWS resources that AWS Config records.
See Also https://aws.amazon.com/config/.
AWS Database Migration A web service that can help you migrate data to and from many widely used
Service commercial and open-source databases.
See Also https://aws.amazon.com/dms.
AWS Data Pipeline A web service for processing and moving data between different AWS compute
and storage services, as well as on-premises data sources, at specified intervals.
See Also https://aws.amazon.com/datapipeline.
AWS Device Farm (Device An app testing service that allows developers to test Android, iOS, and Fire OS
Farm) devices on real, physical phones and tablets that are hosted by AWS.
See Also https://aws.amazon.com/device-farm.
AWS Direct Connect A web service that simplifies establishing a dedicated network connection
from your premises to AWS. Using AWS Direct Connect, you can establish
private connectivity between AWS and your data center, office, or colocation
environment.
See Also https://aws.amazon.com/directconnect.
AWS Directory Service A managed service for connecting your AWS resources (p. 1099) to an existing
on-premises Microsoft Active Directory or to set up and operate a new,
standalone directory in the AWS Cloud.
See Also https://aws.amazon.com/directoryservice.
AWS Elastic Beanstalk A web service for deploying and managing applications in the AWS Cloud without
worrying about the infrastructure that runs those applications.
See Also https://aws.amazon.com/elasticbeanstalk.
AWS Elemental MediaConnect A service that broadcasters and other premium video providers can reliably use
to ingest live video into the AWS Cloud and distribute it to multiple destinations
inside or outside the AWS Cloud.
See Also https://aws.amazon.com/mediaconnect.
AWS Elemental MediaConvert A file-based video conversion service that transforms media into formats required
for traditional broadcast and for internet streaming to multi-screen devices.
See Also https://aws.amazon.com/mediaconvert.
AWS Elemental MediaLive A video service that you can use to create live outputs for broadcast and
streaming delivery.
See Also https://aws.amazon.com/medialive.
AWS Elemental MediaPackage A just-in-time packaging and origination service that you can use to format highly
secure and reliable live outputs for a variety of devices.
See Also https://aws.amazon.com/mediapackage.
AWS Elemental MediaStore A storage service optimized for media that provides the performance, consistency,
and low latency required to deliver live and on-demand video content at scale.
See Also https://aws.amazon.com/mediastore.
AWS Elemental MediaTailor A video service that you can use to serve targeted ads to viewers while
maintaining broadcast quality in over-the-top (OTT) video applications.
See Also https://aws.amazon.com/mediatailor.
Version 1.0
1064
AWS Encryption SDK A client-side encryption library that you can use to encrypt and decrypt data
using industry standards and best practices.
See Also https://aws.amazon.com/blogs/security/tag/aws-encryption-sdk/.
AWS Firewall Manager A service that you use with AWS WAF to simplify your AWS WAF administration
and maintenance tasks across multiple accounts and resources. With AWS Firewall
Manager, you set up your firewall rules only once. The service automatically
applies your rules across your accounts and resources, even as you add new
resources.
See Also https://aws.amazon.com/firewall-manager.
AWS Global Accelerator A network layer service that you use to create accelerators that direct traffic to
optimal endpoints over the AWS global network. This improves the availability
and performance of your internet applications that are used by a global audience.
See Also https://aws.amazon.com/global-accelerator.
AWS Glue A fully managed extract, transform, and load (ETL) (p. 1081) service that you can
use to catalog data and load it for analytics. With AWS Glue, you can discover
your data, develop scripts to transform sources into targets, and schedule and run
ETL jobs in a serverless environment.
See Also https://aws.amazon.com/glue.
AWS GovCloud (US) An isolated AWS Region that hosts sensitive workloads in the cloud, ensuring that
this work meets the US government's regulatory and compliance requirements.
The AWS GovCloud (US) Region adheres to United States International Traffic
in Arms Regulations (ITAR), Federal Risk and Authorization Management
Program (FedRAMP) requirements, Department of Defense (DOD) Cloud Security
Requirements Guide (SRG) Levels 2 and 4, and Criminal Justice Information
Services (CJIS) Security Policy requirements.
See Also https://aws.amazon.com/govcloud-us/.
AWS IAM Identity Center A cloud-based service that brings together adminstration of users and their access
(successor to AWS Single to AWS accounts and cloud applications. You can control single sign-on access
Sign-On) and user permissions across all your AWS accounts in AWS Organizations.
See Also https://aws.amazon.com/single-sign-on/.
AWS Identity and Access A web service that Amazon Web Services (AWS) (p. 1060) customers can use to
Management (IAM) manage users and user permissions within AWS.
See Also https://aws.amazon.com/iam.
AWS Import/Export A service for transferring large amounts of data between AWS and portable
storage devices.
See Also https://aws.amazon.com/importexport.
AWS IoT Core A managed cloud platform that lets connected devices easily and securely
interact with cloud applications and other devices.
See Also https://aws.amazon.com/iot.
AWS IoT 1-Click A service that simple devices can use to launch AWS Lambda functions.
See Also https://aws.amazon.com/iot-1-click.
AWS IoT Analytics A fully managed service used to run sophisticated analytics on massive volumes
of IoT data.
See Also https://aws.amazon.com/iot-analytics.
AWS IoT Device Defender An AWS IoT security service that you can use to audit the configuration of your
devices, monitor your connected devices to detect abnormal behavior, and to
mitigate security risks.
See Also https://aws.amazon.com/iot-device-defender.
Version 1.0
1065
AWS IoT Device Management A service used to securely onboard, organize, monitor, and remotely manage IoT
devices at scale.
See Also https://aws.amazon.com/iot-device-management.
AWS IoT Events A fully managed AWS IoT service that you can use to detect and respond to
events from IoT sensors and applications.
See Also https://aws.amazon.com/iot-events.
AWS IoT Greengrass Software that you can use to run local compute, messaging, data caching, sync,
and ML inference capabilities for connected devices in a secure way.
See Also https://aws.amazon.com/greengrass.
AWS IoT SiteWise A managed service that you can use to collect, organize, and analyze data from
industrial equipment at scale.
See Also https://aws.amazon.com/iot-sitewise.
AWS IoT Things Graph A service that you can use to visually connect different devices and web services
to build IoT applications.
See Also https://aws.amazon.com/iot-things-graph.
AWS Key Management A managed service that simplifies the creation and control of
Service (AWS KMS) encryption (p. 1079) keys that are used to encrypt data.
See Also https://aws.amazon.com/kms.
AWS Lambda A web service that you can use to run code without provisioning or managing
servers. You can run code for virtually any type of application or backend service
with zero administration. You can set up your code to automatically start from
other AWS services or call it directly from any web or mobile app.
See Also https://aws.amazon.com/lambda/.
AWS managed key One type of KMS key in AWS Key Management Service (AWS KMS) (p. 1066).
AWS managed policy An IAM (p. 1065) managed policy (p. 1089) that's created and managed by AWS.
AWS Management Console A graphical interface to manage compute, storage, and other cloud
resources (p. 1099).
See Also https://aws.amazon.com/console.
AWS Management Portal for A web service for managing your AWS resources (p. 1099) using VMware
vCenter vCenter. You install the portal as a vCenter plugin within your existing vCenter
environment. After it's installed, you can migrate VMware VMs to Amazon
EC2 (p. 1055) and manage AWS resources from within vCenter.
See Also https://aws.amazon.com/ec2/vcenter-portal/.
AWS Marketplace A web portal where qualified partners market and sell their software to AWS
customers. AWS Marketplace is an online software store that helps customers
find, buy, and immediately start using the software and services that run on AWS.
See Also https://aws.amazon.com/partners/aws-marketplace/.
AWS Migration Hub A service that provides a single location to track migration tasks across multiple
AWS tools and partner solutions.
See Also https://aws.amazon.com/migration-hub/.
AWS Mobile Hub (Mobile Hub) An integrated console for building, testing, and monitoring mobile apps.
See Also https://aws.amazon.com/mobile.
AWS Mobile SDK A software development kit whose libraries, code examples, and documentation
help you build high-quality mobile apps for the iOS, Android, Fire OS, Unity, and
Xamarin platforms.
Version 1.0
1066
See Also https://aws.amazon.com/mobile/sdk.
AWS OpsWorks A configuration management service that helps you use Chef to configure and
operate groups of instances and applications. You can define the application’s
architecture and the specification of each component including package
installation, software configuration, and resources (p. 1099) such as storage. You
can automate tasks based on time, load, or lifecycle events.
See Also https://aws.amazon.com/opsworks/.
AWS Organizations An account management service that you can use to consolidate multiple AWS
accounts into an organization that you create and centrally manage.
See Also https://aws.amazon.com/organizations/.
AWS Resource Access A service that you can use to share your resources with any AWS account or
Manager organization in AWS Organizations.
See Also https://aws.amazon.com/ram/.
AWS ParallelCluster An AWS supported open source cluster management tool that helps you to
deploy and manage high performance computing (HPC) clusters in the AWS
Cloud.
AWS SDK for C++ A software development kit for that provides C++ APIs for many AWS
services including Amazon S3 (p. 1060), Amazon EC2 (p. 1055), Amazon
DynamoDB (p. 1055), and more. The single, downloadable package includes the
AWS C++ library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-cpp/.
AWS SDK for Go A software development kit for integrating your Go application with the full suite
of AWS services.
See Also https://aws.amazon.com/sdk-for-go/.
AWS SDK for Java A software development kit that provides Java API operations for many AWS
services including Amazon S3 (p. 1060), Amazon EC2 (p. 1055), Amazon
DynamoDB (p. 1055), and more. The single, downloadable package includes the
AWS Java library, code examples, and documentation.
See Also https://aws.amazon.com/sdk-for-java/.
AWS SDK for JavaScript in the A software development kit for accessing AWS services from JavaScript code
Browser running in the browser. Authenticate users through Facebook, Google, or Login
with Amazon using web identity federation. Store application data in Amazon
DynamoDB (p. 1055), and save user files to Amazon S3 (p. 1060).
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.
AWS SDK for JavaScript in A software development kit for accessing AWS services from JavaScript in
Node.js Node.js. The SDK provides JavaScript objects for AWS services, including Amazon
S3 (p. 1060), Amazon EC2 (p. 1055), Amazon DynamoDB (p. 1055), and Amazon
Simple Workflow Service (Amazon SWF) (p. 1060). The single, downloadable
package includes the AWS JavaScript library and documentation.
See Also https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/.
AWS SDK for .NET A software development kit that provides .NET API operations for AWS services
including Amazon S3 (p. 1060), Amazon EC2 (p. 1055), IAM (p. 1065), and more.
You can download the SDK as multiple service-specific packages on NuGet.
See Also https://aws.amazon.com/sdk-for-net/.
AWS SDK for PHP A software development kit and open-source PHP library for integrating your
PHP application with AWS services such as Amazon S3 (p. 1060), Amazon S3
Glacier (p. 1059), and Amazon DynamoDB (p. 1055).
See Also https://aws.amazon.com/sdk-for-php/.
Version 1.0
1067
AWS SDK for Python (Boto) A software development kit for using Python to access AWS services such
as Amazon EC2 (p. 1055), Amazon EMR (p. 1056), Amazon EC2 Auto
Scaling (p. 1056), Amazon Kinesis (p. 1057), or AWS Lambda (p. 1066).
See Also http://boto.readthedocs.org/en/latest/.
AWS SDK for Ruby A software development kit for accessing AWS services from Ruby. The SDK
provides Ruby classes for many AWS services including Amazon S3 (p. 1060),
Amazon EC2 (p. 1055), Amazon DynamoDB (p. 1055) and more. The single,
downloadable package includes the AWS Ruby Library and documentation.
See Also https://aws.amazon.com/sdk-for-ruby/.
AWS Secrets Manager A service for securely encrypting, storing, and rotating credentials for databases
and other services.
See Also https://aws.amazon.com/secrets-manager/.
AWS Security Token Service A web service for requesting temporary, limited-privilege credentials for AWS
(AWS STS) Identity and Access Management (IAM) (p. 1065) users or for users that you
authenticate (federated users (p. 1081)).
See Also https://aws.amazon.com/iam/.
AWS Service Catalog A web service that helps organizations create and manage catalogs of IT services
that are approved for use on AWS. These IT services can include everything from
virtual machine images, servers, software, and databases to complete multitier
application architectures.
See Also https://aws.amazon.com/servicecatalog/.
AWS Shield A service that helps to protect your resources—such as Amazon EC2 instances,
Elastic Load Balancing load balancers, Amazon CloudFront distributions, and
Route 53 hosted zones—against DDoS attacks. AWS Shield is automatically
included at no extra cost beyond what you already pay for AWS WAF and your
other AWS services. For added protection against DDoS attacks, AWS offers AWS
Shield Advanced.
See Also https://aws.amazon.com/shield.
AWS Step Functions A web service that coordinates the components of distributed applications as a
series of steps in a visual workflow.
See Also https://aws.amazon.com/step-functions/.
AWS Snowball A petabyte-scale data transport solution that uses devices that are secure to
transfer large amounts of data into and out of the AWS Cloud.
See Also https://aws.amazon.com/snowball.
Storage Gateway A web service that connects an on-premises software appliance with cloud-based
storage. Storage Gateway provides seamless and secure integration between an
organization’s on-premises IT environment and AWS storage infrastructure.
See Also https://aws.amazon.com/storagegateway/.
AWS Toolkit for Eclipse An open-source plugin for the Eclipse Java integrated development environment
(IDE) that makes it easier to develop, debug, and deploy Java applications using
Amazon Web Services.
See Also https://aws.amazon.com/eclipse/.
AWS Toolkit for JetBrains An open-source plugin for the integrated development environments (IDEs)
from JetBrains that makes it easier to develop, debug, and deploy serverless
applications using Amazon Web Services.
See Also https://aws.amazon.com/intellij/, https://aws.amazon.com/pycharm/.
AWS Toolkit for Visual Studio An extension for Visual Studio that helps in developing, debugging, and
deploying .NET applications using Amazon Web Services.
See Also https://aws.amazon.com/visualstudio/.
Version 1.0
1068
AWS Toolkit for Visual Studio An open-source plugin for the Visual Studio Code (VS Code) editor that makes it
Code easier to develop, debug, and deploy applications using Amazon Web Services.
See Also https://aws.amazon.com/visualstudiocode/.
AWS Tools for PowerShell A set of PowerShell cmdlets to help developers and administrators manage their
AWS services from the PowerShell scripting environment.
See Also https://aws.amazon.com/powershell/.
AWS Toolkit for Microsoft Provides tasks you can use in build and release definitions in VSTS to interact with
Azure DevOps AWS services.
See Also https://aws.amazon.com/vsts/.
AWS Trusted Advisor A web service that inspects your AWS environment and makes recommendations
for saving money, improving system availability and performance, and helping to
close security gaps.
See Also https://aws.amazon.com/premiumsupport/trustedadvisor/.
AWS VPN CloudHub Enables secure communication between branch offices using a simple hub-and-
spoke model, with or without a VPC (p. 1110).
AWS WAF A web application firewall service that controls access to content by allowing or
blocking web requests based on criteria that you specify. For example, you can
filter access based on the header values or the IP addresses that the requests
originate from. AWS WAF helps protect web applications from common web
exploits that could affect application availability, compromise security, or
consume excessive resources.
See Also https://aws.amazon.com/waf/.
AWS X-Ray A web service that collects data about requests that your application serves. X-
Ray provides tools that you can use to view, filter, and gain insights into that data
to identify issues and opportunities for optimization.
See Also https://aws.amazon.com/xray/.
B
Z (p. 1110)
basic monitoring Monitoring of AWS provided metrics derived at a 5-minute frequency.
batch See document batch.
BGP ASN Border Gateway Protocol Autonomous System Number. A unique identifier for a
network, for use in BGP routing. Amazon EC2 (p. 1055) supports all 2-byte ASN
numbers in the range of 1 – 65335, with the exception of 7224, which is reserved.
batch prediction Amazon Machine Learning: An operation that processes multiple input data
observations at one time (asynchronously). Unlike real-time predictions, batch
predictions aren't available until all predictions have been processed.
See Also real-time predictions.
billing See the section called “Billing and Cost Management”.
binary attribute Amazon Machine Learning: An attribute for which one of two possible values is
possible. Valid positive values are 1, y, yes, t, and true answers. Valid negative
values are 0, n, no, f, and false. Amazon Machine Learning outputs 1 for positive
values and 0 for negative values.
Version 1.0
1069
See Also attribute.
binary classification model Amazon Machine Learning: A machine learning model that predicts the answer to
questions where the answer can be expressed as a binary variable. For example,
questions with answers of “1” or “0”, “yes” or “no”, “will click” or “will not click”
are questions that have binary answers. The result for a binary classification
model is always either a “1” (for a “true” or affirmative answers) or a “0” (for a
“false” or negative answers).
block A dataset. Amazon EMR (p. 1056) breaks large amounts of data into subsets. Each
subset is called a data block. Amazon EMR assigns an ID to each block and uses a
hash table to keep track of block processing.
block device A storage device that supports reading and (optionally) writing data in fixed-size
blocks, sectors, or clusters.
block device mapping A mapping structure for every AMI (p. 1058) and instance (p. 1085) that specifies
the block devices attached to the instance.
blue/green deployment CodeDeploy: A deployment method where the instances in a deployment group
(the original environment) are replaced by a different set of instances (the
replacement environment).
bootstrap action A user-specified default or custom action that runs a script or an application on
all nodes of a job flow before Hadoop (p. 1083) starts.
Border Gateway Protocol See BGP ASN.

Autonomous System Number
bounce A failed email delivery attempt.
breach Amazon EC2 Auto Scaling (p. 1056): The condition where a user-set
threshold (upper or lower boundary) is passed. If the duration of the breach is
significant, as set by a breach duration parameter, it can possibly start a scaling
activity (p. 1100).
bucket Amazon Simple Storage Service (Amazon S3) (p. 1060): A container for stored
objects. Every object is contained in a bucket. For example, if the object named
photos/puppy.jpg is stored in the DOC-EXAMPLE-BUCKET bucket, then
authorized users can access the object with the URL https://s3-bucket-
endpoint/DOC-EXAMPLE-BUCKET/photos/puppy.jpg.
bucket owner The person or organization that owns a bucket (p. 1070) in Amazon S3 (p. 1060).
In the same way that Amazon is the only owner of the domain name
Amazon.com, only one person or organization can own a bucket.
bundling A commonly used term for creating an Amazon Machine Image (AMI) (p. 1058). It
specifically refers to creating instance store-backed AMIs (p. 1085).
C
Z (p. 1110)
cache cluster A logical cache distributed over multiple cache nodes (p. 1071). A cache cluster
can be set up with a specific number of cache nodes.
Version 1.0
1070
cache cluster identifier Customer-supplied identifier for the cache cluster that must be unique for that
customer in an AWS Region (p. 1098).
cache engine version The version of the Memcached service that's running on the cache node.
cache node A fixed-size chunk of secure, network-attached RAM. Each cache node runs an
instance of the Memcached service, and has its own DNS name and port. Multiple
types of cache nodes are supported, each with varying amounts of associated
memory.
cache node type An EC2 instance (p. 1078) type used to run the cache node.
cache parameter group A container for cache engine parameter values that can be applied to one or more
cache clusters.
cache security group A group maintained by ElastiCache that combines inbound authorizations
to cache nodes for hosts belonging to Amazon EC2 (p. 1055) security
groups (p. 1101) that are specified through the console or the API or command
line tools.
campaign Amazon Personalize (p. 1058): A deployed solution version (trained model)
with provisioned dedicated transaction capacity for creating real-time
recommendations for your application users. After you create a campaign, you
use the getRecommendations or getPersonalizedRanking personalization
operations to get recommendations.
See Also recommendations, solution version.
canned access policy A standard access control policy that you can apply to a bucket (p. 1070)
or object. Options include: private, public-read, public-read-write, and
authenticated-read.
canonicalization The process of converting data into a standard format that a service such as
Amazon S3 (p. 1060) can recognize.
capacity The amount of available compute size at a given time. Each Auto Scaling
group (p. 1062) is defined with a minimum and maximum compute size. A scaling
activity (p. 1100) increases or decreases the capacity within the defined minimum
and maximum values.
Cartesian product processor A processor that calculates a Cartesian product. Also known as a Cartesian data
processor.
Cartesian product A mathematical operation that returns a product from multiple sets.
CDN See content delivery network (CDN).
certificate A credential that some AWS products use to authenticate AWS accounts (p. 1053)
and users. Also known as an X.509 certificate (p. 1110). The certificate is paired
with a private key.
chargeable resources Features or services whose use incurs fees. Although some AWS products are
free, others include charges. For example, in an AWS CloudFormation (p. 1063)
stack (p. 1104), AWS resources (p. 1099) that have been created incur charges.
The amount charged depends on the usage load. Use the Amazon Web Services
Simple Monthly Calculator to estimate your cost prior to creating instances,
stacks, or other resources.
CIDR block Classless Inter-Domain Routing. An internet protocol address allocation and route
aggregation methodology.
See Also Classless Inter-Domain Routing on Wikipedia.
Version 1.0
1071
ciphertext Information that has been encrypted (p. 1079), as opposed to plaintext (p. 1094),
which is information that has not.
classification In machine learning, a type of problem that seeks to place (classify) a data sample
into a single category or “class.” Often, classification problems are modeled to
choose one category (class) out of two. These are binary classification problems.
Problems with more than two available categories (classes) are called "multiclass
classification" problems.
See Also binary classification model, multiclass classification model.
CLI See AWS Command Line Interface (AWS CLI).
Cloud Directory See the section called “Cloud Directory”.
cloud service provider (CSP) A company that provides subscribers with access to internet-hosted computing,
storage, and software services.
CloudHub See AWS VPN CloudHub.
cluster A logical grouping of container instances (p. 1073) that you can place
tasks (p. 1106) on.
Amazon OpenSearch Service (OpenSearch Service) (p. 1056): A logical grouping

of one or more data nodes, optional dedicated master nodes, and storage
required to run Amazon OpenSearch Service (OpenSearch Service) and operate
your OpenSearch Service domain.
See Also data node, dedicated master node, node.
cluster compute instance A type of instance (p. 1085) that provides a great amount of CPU power
coupled with increased networking performance, making it well suited for High
Performance Compute (HPC) applications and other demanding network-bound
applications.
cluster placement group A logical cluster compute instance (p. 1072) grouping to provide lower latency
and high-bandwidth connectivity between the instances (p. 1085).
cluster status Amazon OpenSearch Service (OpenSearch Service) (p. 1056): An indicator of the
health of a cluster. A status can be green, yellow, or red. At the shard level, green
means that all shards are allocated to nodes in a cluster, yellow means that the
primary shard is allocated but the replica shards aren't, and red means that the
primary and replica shards of at least one index aren't allocated. The shard status
determines the index status, and the index status determines the cluster status.
CNAME Canonical Name Record. A type of resource record (p. 1099) in the Domain
Name System (DNS) that specifies that the domain name is an alias of another,
canonical domain name. Specifically, it's an entry in a DNS table that you can use
to alias one fully qualified domain name to another.
Code Signing for AWS IoT A service for signing code that you create for any IoT device that's supported by
Amazon Web Services (AWS).
complaint The event where a recipient (p. 1097) who doesn't want to receive an email
message chooses "Mark as Spam" within the email client, and the internet service
provider (ISP) (p. 1085) sends a notification to Amazon SES (p. 1059).
compound query Amazon CloudSearch (p. 1054): A search request that specifies multiple search
criteria using the Amazon CloudSearch structured search syntax.
condition IAM (p. 1065): Any restriction or detail about a permission. The condition is D in
the statement "A has permission to do B to C where D applies."
Version 1.0
1072
AWS WAF (p. 1069): A set of attributes that AWS WAF searches for in web
requests to AWS resources (p. 1099) such as Amazon CloudFront (p. 1054)
distributions. Conditions can include values such as the IP addresses that web
requests originate from or values in request headers. Based on the specified
conditions, you can configure AWS WAF to allow or block web requests to AWS
resources.
conditional parameter See mapping.
configuration API Amazon CloudSearch (p. 1054): The API call that you use to create, configure, and
manage search domains.
configuration template A series of key–value pairs that define parameters for various AWS products so
that AWS Elastic Beanstalk (p. 1064) can provision them for an environment.
consistency model The method a service uses to achieve high availability. For example, it could
involve replicating data across multiple servers in a data center.
See Also eventual consistency.
console See AWS Management Console.
consolidated billing A feature of the AWS Organizations service for consolidating payment for
multiple AWS accounts. You create an organization that contains your AWS
accounts, and you use the management account of your organization to pay for
all member accounts. You can see a combined view of AWS costs that are incurred
by all accounts in your organization, and you can get detailed cost reports for
individual accounts.
container A container is a standard unit of software that contains application code and all
relevant dependencies.
container definition A container definition specifies the details that are associated with running a
container (p. 1073) on Amazon ECS. More specifically, a container definition
specifies details such as the container image to use and how much CPU and
memory the container is allocated. The container definition is included as part of
an Amazon ECS task definition (p. 1107).
container instance A container instance is a self-managed EC2 instance (p. 1078) or an on-
premises server or virtual machine (VM) that's running the Amazon Elastic
Container Service (Amazon ECS) container agent and has been registered into
a cluster (p. 1072). A container instance serves as the infrastructure that your
Amazon ECS workloads are run on.
container registry A container registry is a collection of repositories that store container images.
One example is Amazon Elastic Container Registry (Amazon ECR).
content delivery network A web service that speeds up distribution of your static and dynamic web content
(CDN) —such as .html, .css, .js, media files, and image files—to your users by using
a worldwide network of data centers. When a user requests your content, the
request is routed to the data center that provides the lowest latency (time delay).
If the content is already in the location with the lowest latency, the CDN delivers
it immediately. If not, the CDN retrieves it from an origin that you specify (for
example, a web server or an Amazon S3 bucket). With some CDNs, you can help
secure your content by configuring an HTTPS connection between users and data
centers, and between data centers and your origin. Amazon CloudFront is an
example of a CDN.
contextual metadata Amazon Personalize (p. 1058): Interactions data that you collect about a user's
browsing context (such as device used or location) when an event (such as a click)
Version 1.0
1073
occurs. Contextual metadata can improve recommendation relevance for new and
existing users.
See Also Interactions dataset, event.
continuous delivery A software development practice where code changes are automatically built,
tested, and prepared for a release to production.
See Also https://aws.amazon.com/devops/continuous-delivery/.
continuous integration A software development practice where developers regularly merge code changes
into a central repository, after which automated builds and tests are run.
See Also https://aws.amazon.com/devops/continuous-integration/.
cooldown period Amount of time that Amazon EC2 Auto Scaling (p. 1056) doesn't allow the
desired size of the Auto Scaling group (p. 1062) to be changed by any other
notification from an Amazon CloudWatch (p. 1054) alarm (p. 1053).
core node An EC2 instance (p. 1078) that runs Hadoop (p. 1083) map and reduce tasks and
stores data using the Hadoop Distributed File System (HDFS). Core nodes are
managed by the master node (p. 1089), which assigns Hadoop tasks to nodes and
monitors their status. The EC2 instances you assign as core nodes are capacity
that must be allotted for the entire job flow run. Because core nodes store data,
you can't remove them from a job flow. However, you can add more core nodes to
a running job flow.
Core nodes run both the DataNodes and TaskTracker Hadoop daemons.
corpus Amazon CloudSearch (p. 1054): A collection of data that you want to search.
coverage Amazon Personalize (p. 1058): An evaluation metric that tells you the proportion
of unique items that Amazon Personalize might recommend using your model
out of the total number of unique items in Interactions and Items datasets. To
make sure Amazon Personalize recommends more of your items, use a model
with a higher coverage score. Recipes that feature item exploration, such as user-
personalization, have higher coverage than those that don’t, such as popularity-
count.
See Also metrics, Items dataset, Interactions dataset, item exploration, user-
personalization recipe, popularity-count recipe.
credential helper AWS CodeCommit (p. 1063): A program that stores credentials for repositories
and supplies them to Git when making connections to those repositories. The
AWS CLI (p. 1063) includes a credential helper that you can use with Git when
connecting to CodeCommit repositories.
credentials Also called access credentials or security credentials. In authentication and

authorization, a system uses credentials to identify who is making a call and
whether to allow the requested access. In AWS, these credentials are typically the
access key ID (p. 1052) and the secret access key (p. 1101).
cross-account access The process of permitting limited, controlled use of resources (p. 1099) in one
AWS account (p. 1053) by a user in another AWS account. For example, in AWS
CodeCommit (p. 1063) and AWS CodeDeploy (p. 1063) you can configure cross-
account access so that a user in AWS account A can access an CodeCommit
repository created by account B. Or a pipeline in AWS CodePipeline (p. 1063)
created by account A can use CodeDeploy resources created by account B. In
IAM (p. 1065) you use a role (p. 1099) to delegate (p. 1076) temporary access to
a user (p. 1108) in one account to resources in another.
cross-Region replication A solution for replicating data across different AWS Regions (p. 1098), in near-
real time.
Version 1.0
1074
customer gateway A router or software application on your side of a VPN tunnel that's managed
by Amazon VPC (p. 1060). The internal interfaces of the customer gateway are
attached to one or more devices in your home network. The external interface is
attached to the virtual private gateway (VGW) (p. 1109) across the VPN tunnel.
customer managed policy An IAM (p. 1065) managed policy (p. 1089) that you create and manage in your
AWS account (p. 1053).
customer master key (CMK) We no longer use customer master key or CMK. These terms are replaced by
AWS KMS key (first mention) and KMS key (subsequent mention). For more
information, see KMS key (p. 1087).
D
Z (p. 1110)
dashboard See service health dashboard.
data consistency A concept that describes when data is written or updated successfully and
all copies of the data are updated in all AWS Regions (p. 1098). However, it
takes time for the data to propagate to all storage locations. To support varied
application requirements, Amazon DynamoDB (p. 1055) supports both eventually
consistent and strongly consistent reads.
See Also eventual consistency, eventually consistent read, strongly consistent
read.
data node Amazon OpenSearch Service (OpenSearch Service) (p. 1056): An OpenSearch
instance that holds data and responds to data upload requests.
See Also dedicated master node, node.
data schema See schema.
data source The database, file, or repository that provides information required by an
application or database. For example, in AWS OpsWorks (p. 1067), valid data
sources include an instance (p. 1085) for a stack’s MySQL layer or a stack’s
Amazon RDS (p. 1059) service layer. In Amazon Redshift (p. 1059), valid data
sources include text files in an Amazon S3 (p. 1060) bucket (p. 1070), in an
Amazon EMR (p. 1056) cluster, or on a remote host that a cluster can access
through an SSH connection.
See Also datasource.
database engine The database software and version running on the DB instance (p. 1076).
database name The name of a database hosted in a DB instance (p. 1076). A DB instance can host
multiple databases, but databases hosted by the same DB instance must each
have a unique name within that instance.
dataset Amazon Personalize (p. 1058): A container for the data used by Amazon
Personalize. There are three types of Amazon Personalize datasets: Users, Items,
and Interactions.
See Also Interactions dataset, Users dataset, Items dataset.
dataset group Amazon Personalize (p. 1058): A container for Amazon Personalize components,
including datasets, event trackers, solutions, filters, campaigns, and batch
inference jobs. A dataset group organizes your resources into independent
Version 1.0
1075
collections, so resources from one dataset group can’t influence resources in any
other dataset group.
See Also dataset, event tracker, solution, campaign.
datasource Amazon Machine Learning (p. 1058): An object that contains metadata about the
input data. Amazon ML reads the input data, computes descriptive statistics on its
attributes, and stores the statistics—along with a schema and other information
—as part of the datasource object. Amazon ML uses datasources to train and
evaluate a machine learning model and generate batch predictions.
See Also data source.
DB compute class The size of the database compute platform used to run the instance.
DB instance An isolated database environment running in the cloud. A DB instance can contain
multiple user-created databases.
DB instance identifier User-supplied identifier for the DB instance. The identifier must be unique for
that user in an AWS Region (p. 1098).
DB parameter group A container for database engine parameter values that apply to one or more DB
instances (p. 1076).
DB security group A method that controls access to the DB instance (p. 1076). By default, network
access is turned off to DB instances. After inbound traffic is configured for a
security group (p. 1101), the same rules apply to all DB instances associated with
that group.
DB snapshot A user-initiated point backup of a DB instance (p. 1076).
Dedicated Host A physical server with EC2 instance (p. 1078) capacity fully dedicated to a user.
Dedicated Instance An instance (p. 1085) that's physically isolated at the host hardware level and
launched within a VPC (p. 1110).
dedicated master node Amazon OpenSearch Service (OpenSearch Service) (p. 1056): An OpenSearch
instance that performs cluster management tasks, but doesn't hold data or
respond to data upload requests. Amazon OpenSearch Service (OpenSearch
Service) uses dedicated master nodes to increase cluster stability.
See Also data node, node.
Dedicated Reserved Instance An option that you purchase to guarantee that sufficient capacity will be available
to launch Dedicated Instances (p. 1076) into a VPC (p. 1110).
delegation Within a single AWS account (p. 1053): Giving AWS users (p. 1108) access to
resources (p. 1099) your AWS account.
Between two AWS accounts: Setting up a trust between the account that owns
the resource (the trusting account), and the account that contains the users that
need to access the resource (the trusted account).
See Also trust policy.
delete marker An object with a key and version ID, but without content. Amazon S3 (p. 1060)
inserts delete markers automatically into versioned buckets (p. 1070) when an
object is deleted.
deliverability The likelihood that an email message arrives at its intended destination.
deliveries The number of email messages, sent through Amazon SES (p. 1059), that
were accepted by an internet service provider (ISP) (p. 1085) for delivery to
recipients (p. 1097) over a period of time.
Version 1.0
1076
deny The result of a policy (p. 1094) statement that includes deny as the effect, so
that a specific action or actions are expressly forbidden for a user, group, or role.
Explicit deny take precedence over explicit allow (p. 1054).
deployment configuration AWS CodeDeploy (p. 1063): A set of deployment rules and success and failure
conditions used by the service during a deployment.
deployment group AWS CodeDeploy (p. 1063): A set of individually tagged instances (p. 1085) or
EC2 instances (p. 1078) in Auo Scaling groups (p. 1062), or both.
detailed monitoring Monitoring of AWS provided metrics derived at a 1-minute frequency.
Description property A property added to parameters, resources (p. 1099) , resource properties,
mappings, and outputs to help you to document AWS CloudFormation (p. 1063)
template elements.
dimension A name–value pair (for example, InstanceType=m1.small, or EngineName=mysql),

that contains additional information to identify a metric.
discussion forums A place where AWS users can post technical questions and feedback to help
accelerate their development efforts and to engage with the AWS community. For
more information, see the Amazon Web Services Discussion Forums.
distribution A link between an origin server (such as an Amazon S3 (p. 1060)

bucket (p. 1070)) and a domain name, which CloudFront (p. 1054) automatically
assigns. Through this link, CloudFront identifies the object you have stored in your
origin server (p. 1093).
DKIM DomainKeys Identified Mail. A standard that email senders use to sign their
messages. ISPs use those signatures to verify that messages are legitimate. For
more information, see https://tools.ietf.org/html/rfc6376.
DNS See Domain Name System.
Docker image A layered file system template that's the basis of a Docker container (p. 1073).
Docker images can comprise specific operating systems or applications.
document Amazon CloudSearch (p. 1054): An item that can be returned as a search result.
Each document has a collection of fields that contain the data that can be
searched or returned. The value of a field can be either a string or a number. Each
document must have a unique ID and at least one field.
document batch Amazon CloudSearch (p. 1054): A collection of add and delete document
operations. You use the document service API to submit batches to update the
data in your search domain.
document service API Amazon CloudSearch (p. 1054): The API call that you use to submit document
batches to update the data in a search domain.
document service endpoint Amazon CloudSearch (p. 1054): The URL that you connect to when sending
document updates to an Amazon CloudSearch domain. Each search domain has
a unique document service endpoint that remains the same for the life of the
domain.
domain Amazon OpenSearch Service (OpenSearch Service) (p. 1056): The hardware,
software, and data exposed by Amazon OpenSearch Service (OpenSearch Service)
endpoints. An OpenSearch Service domain is a service wrapper around an
OpenSearch cluster. An OpenSearch Service domain encapsulates the engine
instances that process OpenSearch Service requests, the indexed data that you
want to search, snapshots of the domain, access policies, and metadata.
Version 1.0
1077
See Also cluster, Elasticsearch.
Domain Name System A service that routes internet traffic to websites by translating human-readable
domain names (for example, www.example.com) into the numeric IP addresses,
such as 192.0.2.1, which computers use to connect to each other.
Donation button An HTML-coded button to provide a simple and secure way for US-based, IRS-
certified 501(c)(3) nonprofit organizations to solicit donations.
DynamoDB stream An ordered flow of information about changes to items in anAmazon

DynamoDB (p. 1055) table. When you enable a stream on a table, DynamoDB
captures information about every modification to data items in the table.
See Also Amazon DynamoDB Streams.
E
Z (p. 1110)
EBS See Amazon Elastic Block Store (Amazon EBS).
EC2 See Amazon EC2.
EC2 instance A compute instance (p. 1085) in the Amazon EC2 (p. 1055) service. Other AWS
services use the term EC2 instance to distinguish these instances from other types
of instances they support.
ECR See the section called “Amazon ECR”.
ECS See Amazon Elastic Container Service (Amazon ECS).
edge location A data center that an AWS service uses to perform service-specific operations.
For example, CloudFront (p. 1054) uses edge locations to cache copies of
your content, so the content is closer to your users and can be delivered faster
regardless of their location. Route 53 (p. 1059) uses edge locations to speed up
the response to public DNS queries.
EFS See Amazon Elastic File System (Amazon EFS).
Elastic A company that provides open-source solutions—including OpenSearch,

Logstash, Kibana, and Beats—that take data from any source and search, analyze,
and visualize it in real time.
Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also Amazon OpenSearch Service (OpenSearch Service), Elasticsearch.
Elastic Block Store See Amazon Elastic Block Store (Amazon EBS).
Elastic IP address A fixed (static) IP address that you have allocated in Amazon EC2 (p. 1055) or
Amazon VPC (p. 1060) and then attached to an instance (p. 1085). Elastic IP
addresses are associated with your account, not a specific instance. They are
elastic because you can easily allocate, attach, detach, and free them as your
needs change. Unlike traditional static IP addresses, Elastic IP addresses allow you
to mask instance or Availability Zone (p. 1062) failures by rapidly remapping your
public IP addresses to another instance.
Version 1.0
1078
Elastic Load Balancing A web service that improves an application's availability by distributing incoming
traffic between two or more EC2 instances (p. 1078).
See Also https://aws.amazon.com/elasticloadbalancing.
elastic network interface An additional network interface that can be attached to an instance (p. 1085).
Elastic network interfaces include a primary private IP address, one or more
secondary private IP addresses, an Elastic IP Address (optional), a MAC address,
membership in specified security groups (p. 1101), a description, and a source/
destination check flag. You can create an elastic network interface, attach it to an
instance, detach it from an instance, and attach it to another instance.
Elasticsearch An open-source, real-time distributed search and analytics engine used for full-
text search, structured search, and analytics. OpenSearch was developed by the
Elastic company.
Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also Amazon OpenSearch Service (OpenSearch Service), Elastic.
EMR See Amazon EMR.
encrypt To use a mathematical algorithm to make data unintelligible to unauthorized

users (p. 1108). Encryption also gives authorized users a method (such as a key or
password) to convert the altered data back to its original state.
encryption context A set of key–value pairs that contains additional information associated with AWS
Key Management Service (AWS KMS) (p. 1066)–encrypted information.
endpoint A URL that identifies a host and port as the entry point for a web service. Every
web service request contains an endpoint. Most AWS products provide endpoints
for a Region to enable faster connectivity.
Amazon ElastiCache (p. 1056): The DNS name of a cache node (p. 1071).
Amazon RDS (p. 1059): The DNS name of a DB instance (p. 1076).
AWS CloudFormation (p. 1063): The DNS name or IP address of the server that
receives an HTTP request.
endpoint port Amazon ElastiCache (p. 1056): The port number used by a cache node (p. 1071).
Amazon RDS (p. 1059): The port number used by a DB instance (p. 1076).
envelope encryption The use of a master key and a data key to algorithmically protect data. The
master key is used to encrypt and decrypt the data key and the data key is used to
encrypt and decrypt the data itself.
environment AWS Elastic Beanstalk (p. 1064): A specific running instance of an

application (p. 1061). The application has a CNAME and includes an application
version and a customizable configuration (which is inherited from the default
container type).
AWS CodeDeploy (p. 1063): Instances in a deployment group in a blue/green

deployment. At the start of a blue/green deployment, the deployment group is
made up of instances in the original environment. At the end of the deployment,
the deployment group is made up of instances in the replacement environment.
environment configuration A collection of parameters and settings that define how an environment and its
associated resources behave.
Version 1.0
1079
ephemeral store See instance store.
epoch The date from which time is measured. For most Unix environments, the epoch is
January 1, 1970.
ETL See extract, transform, and load (ETL).
evaluation Amazon Machine Learning: The process of measuring the predictive performance
of a machine learning (ML) model.
Also a machine learning object that stores the details and result of an ML model
evaluation.
evaluation datasource The data that Amazon Machine Learning uses to evaluate the predictive accuracy
of a machine learning model.
event Amazon Personalize (p. 1058): A user activity—such as a click, a purchase, or a

video viewing—that you record and upload to an Amazon Personalize Interactions
dataset. You record events individually in real time or record and upload events in
bulk.
See Also dataset, Interactions dataset.
event tracker Amazon Personalize (p. 1058): Specifies a destination dataset group for event
data that you record in real time. When you record events in real time, you
provide the ID of the event tracker so that Amazon Personalize knows where to
add the data.
See Also dataset group, event.
eventual consistency The method that AWS services use to achieve high availability. This involves
replicating data across multiple servers in Amazon data centers. When data is
written or updated and Success is returned, all copies of the data are updated.
However, it takes time for the data to propagate to all storage locations. The data
will eventually be consistent, but an immediate read might not show the change.
Consistency is usually reached within seconds.
See Also data consistency, eventually consistent read, strongly consistent read.
eventually consistent read A read process that returns data from only one Region and might not show the
most recent write information. However, if you repeat your read request after a
short time, the response should eventually return the latest data.
See Also data consistency, eventual consistency, strongly consistent read.
eviction The deletion by CloudFront (p. 1054) of an object from an edge

location (p. 1078) before its expiration time. If an object in an edge location
isn't frequently requested, CloudFront might evict the object (remove the object
before its expiration date) to make room for objects that are more popular.
exbibyte (EiB) A contraction of exa binary byte. An exbibyte (EiB) is 2^60 or

1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or
1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte (ZiB) (p. 1111).
expiration For CloudFront (p. 1054) caching, the time when CloudFront stops responding
to user requests with an object. If you don't use headers or CloudFront
distribution (p. 1077) settings to specify how long you want objects to stay in
an edge location (p. 1078), the objects expire after 24 hours. The next time a
user requests an object that has expired, CloudFront forwards the request to the
origin (p. 1093).
explicit impressions Amazon Personalize (p. 1058): A list of items that you manually add to an
Amazon Personalize Interactions dataset to influence future recommendations.
Version 1.0
1080
Unlike implicit impressions, where Amazon Personalize automatically derives the

impressions data, you choose what to include in explicit impressions.
See Also recommendations, Interactions dataset, impressions data, implicit
impressions.
explicit launch permission An Amazon Machine Image (AMI) (p. 1058) launch permission granted to a
specific AWS account (p. 1053).
exponential backoff A strategy that incrementally increases the wait between retry attempts in order
to reduce the load on the system and increase the likelihood that repeated
requests will succeed. For example, client applications might wait up to 400
milliseconds before attempting the first retry, up to 1600 milliseconds before the
second, and up to 6400 milliseconds (6.4 seconds) before the third.
expression Amazon CloudSearch (p. 1054): A numeric expression that you can use to control
how search hits are sorted. You can construct Amazon CloudSearch expressions
using numeric fields, other rank expressions, a document's default relevance
score, and standard numeric operators and functions. When you use the sort
option to specify an expression in a search request, the expression is evaluated for
each search hit and the hits are listed according to their expression values.
extract, transform, and load A process that's used to integrate data from multiple sources. Data is collected
(ETL) from sources (extract), converted to an appropriate format (transform), and
written to a target data store (load) for purposes of analysis and querying.
ETL tools combine these three functions to consolidate and move data from one
environment to another. AWS Glue (p. 1065) is a fully managed ETL service for
discovering and organizing data, transforming it, and making it available for
search and analytics.
F
Z (p. 1110)
facet Amazon CloudSearch (p. 1054): An index field that represents a category that you
want to use to refine and filter search results.
facet enabled Amazon CloudSearch (p. 1054): An index field option that enables facet
information to be calculated for the field.
FBL See feedback loop (FBL).
feature transformation Amazon Machine Learning: The machine learning process of constructing more
predictive input representations or “features” from the raw input variables to
optimize a machine learning model’s ability to learn and generalize. Also known
as data transformation or feature engineering.
federated identity Allows individuals to sign in to different networks or services, using the same
management (FIM) group or personal credentials to access data across all networks. With identity
federation in AWS, external identities (federated users) are granted secure access
to resources (p. 1099) in an AWS account (p. 1053) without having to create IAM
users (p. 1108). These external identities can come from a corporate identity
store (such as LDAP or Windows Active Directory) or from a third party (such as
Login with Amazon, Facebook, or Google). AWS federation also supports SAML
2.0.
Version 1.0
1081
federated user See federated identity management (FIM).
federation See federated identity management (FIM).
feedback loop (FBL) The mechanism by which a mailbox provider (for example, an internet service
provider (ISP) (p. 1085)) forwards a recipient (p. 1097)'s complaint (p. 1072) back
to the sender (p. 1101).
field weight The relative importance of a text field in a search index. Field weights control how
much matches in particular text fields affect a document's relevance score.
filter A criterion that you specify to limit the results when you list or describe your
Amazon EC2 (p. 1055) resources (p. 1099).
filter query A way to filter search results without affecting how the results are scored and
sorted. Specified with the Amazon CloudSearch (p. 1054) fq parameter.
FIM See federated identity management (FIM).
Firehose See Amazon Kinesis Data Firehose.
format version See template format version.
forums See discussion forums.
function See intrinsic function.
fuzzy search A simple search query that uses approximate string matching (fuzzy matching) to
correct for typographical errors and misspellings.
G
Z (p. 1110)
geospatial search A search query that uses locations specified as a latitude and longitude to
determine matches and sort the results.
gibibyte (GiB) A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes.
A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte
(TiB) (p. 1107).
GitHub A web-based repository that uses Git for version control.
global secondary index An index with a partition key and a sort key that can be different from those on
the table. A global secondary index is considered global because queries on the
index can span all of the data in a table, across all partitions.
See Also local secondary index.
grant AWS Key Management Service (AWS KMS) (p. 1066): A mechanism for giving AWS
principals (p. 1095) long-term permissions to use KMS keys.
grant token A type of identifier that allows the permissions in a grant (p. 1082) to take effect
immediately.
ground truth The observations used in the machine learning (ML) model training process
that include the correct value for the target attribute. To train an ML model to
Version 1.0
1082
predict house sales prices, the input observations would typically include prices
of previous house sales in the area. The sale prices of these houses constitute the
ground truth.
group A collection of IAM (p. 1065) users (p. 1108). You can use IAM groups to simplify
specifying and managing permissions for multiple users.
H
Z (p. 1110)
Hadoop Software that enables distributed processing for big data by using clusters
and simple programming models. For more information, see http://
hadoop.apache.org.
hard bounce A persistent email delivery failure such as "mailbox does not exist."
hardware VPN A hardware-based IPsec VPN connection over the internet.
health check A system call to check on the health status of each instance in an Amazon EC2
Auto Scaling (p. 1056) group.
high-quality email Email that recipients find valuable and want to receive. Value means different
things to different recipients and can come in such forms as offers, order
confirmations, receipts, or newsletters.
highlights Amazon CloudSearch (p. 1054): Excerpts returned with search results that show
where the search terms appear within the text of the matching documents.
highlight enabled Amazon CloudSearch (p. 1054): An index field option that enables matches within
the field to be highlighted.
hit A document that matches the criteria specified in a search request. Also referred
to as a search result.
HMAC Hash-based Message Authentication Code. A specific construction for calculating

a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. You can use it to verify both the data integrity and
the authenticity of a message at the same time. AWS calculates the HMAC using a
standard, cryptographic hash algorithm, such as SHA-256.
hosted zone A collection of resource record (p. 1099) sets that Amazon Route 53 (p. 1059)
hosts. Similar to a traditional DNS zone file, a hosted zone represents a collection
of records that are managed together under a single domain name.
HRNN Amazon Personalize (p. 1058): A hierarchical recurrent neural network machine
learning algorithm that models changes in user behavior and predicts the items
that a user might interact with in personal recommendation applications.
HTTP-Query See Query.
HVM virtualization Hardware Virtual Machine virtualization. Allows the guest VM to run as though it's
on a native hardware platform, except that it still uses paravirtual (PV) network
and storage drivers for improved performance.
See Also PV virtualization.
Version 1.0
1083
I
Z (p. 1110)
IAM See AWS Identity and Access Management (IAM).
IAM Identity Center See AWS IAM Identity Center (successor to AWS Single Sign-On).
IAM group See group.
IAM policy simulator See policy simulator.
IAM role See role.
IAM user See user.
Identity and Access See AWS Identity and Access Management (IAM).
Management
identity provider (IdP) An IAM (p. 1065) entity that holds metadata about external identity providers.
IdP See identity provider (IdP) .
image See Amazon Machine Image (AMI).
import/export station A machine that uploads or downloads your data to or from Amazon S3 (p. 1060).
import log A report that contains details about how AWS Import/Export (p. 1065) processed
your data.
implicit impressions Amazon Personalize (p. 1058): The recommendations that your application shows
a user. Unlike explicit impressions, where you manually record each impression,
Amazon Personalize automatically derives implicit impressions from your
recommendation data.
See Also recommendations, impressions data, explicit impressions.
impressions data Amazon Personalize (p. 1058): The list of items that you presented to a user
when they interacted with a particular item such as by clicking it, watching it,
or purchasing it. Amazon Personalize uses impressions data to calculate the
relevance of new items for a user based on how frequently users have selected or
ignored the same item.
See Also explicit impressions, implicit impressions.
in-place deployment CodeDeploy: A deployment method where the application on each instance in the
deployment group is stopped, the latest application revision is installed, and the
new version of the application is started and validated. You can choose to use a
load balancer so each instance is deregistered during its deployment and then
restored to service after the deployment is complete.
index See search index.
index field A name–value pair that's included in an Amazon CloudSearch (p. 1054) domain's
index. An index field can contain text or numeric data, dates, or a location.
indexing options Configuration settings that define an Amazon CloudSearch (p. 1054) domain's
index fields, how document data is mapped to those index fields, and how the
index fields can be used.
Version 1.0
1084
inline policy An IAM (p. 1065) policy (p. 1094) that's embedded in a single IAM user (p. 1108),
group (p. 1083), or role (p. 1099).
input data Amazon Machine Learning: The observations that you provide to Amazon
Machine Learning to train and evaluate a machine learning model and generate
predictions.
instance A copy of an Amazon Machine Image (AMI) (p. 1058) running as a virtual server in
the AWS Cloud.
instance family A general instance type (p. 1085) grouping using either storage or CPU capacity.
instance group A Hadoop (p. 1083) cluster contains one master instance group that contains
one master node (p. 1089), a core instance group that contains one or more core
node (p. 1074) and an optional task node (p. 1107) instance group, which can
contain any number of task nodes.
instance profile A container that passes IAM (p. 1065) role (p. 1099) information to an EC2
instance (p. 1078) at launch.
instance store Disk storage that's physically attached to the host computer for an EC2
instance (p. 1078), and therefore has the same lifespan as the instance. When the
instance is terminated, you lose any data in the instance store.
instance store-backed AMI A type of Amazon Machine Image (AMI) (p. 1058) whose instances (p. 1085) use
an instance store (p. 1085) volume (p. 1110) as the root device. Compare this
with instances launched from Amazon EBS (p. 1056)-backed AMIs, which use an
Amazon EBS volume as the root device.
instance type A specification that defines the memory, CPU, storage capacity, and usage cost for
an instance (p. 1085). Some instance types are for standard applications, whereas
others are for CPU-intensive, memory-intensive applications.
Interactions dataset Amazon Personalize (p. 1058): A container for historical and real-time data
collected from interactions between users and items (called events). Interactions
data can include impressions data and contextual metadata.
See Also dataset, event, impressions data, contextual metadata.
internet gateway Connects a network to the internet. You can route traffic for IP addresses outside
your VPC (p. 1110) to the internet gateway.
internet service provider (ISP) A company that provides subscribers with access to the internet. Many ISPs are
also mailbox providers (p. 1088). Mailbox providers are sometimes referred to as
ISPs, even if they only provide mailbox services.
intrinsic function A special action in a AWS CloudFormation (p. 1063) template that assigns values
to properties not available until runtime. These functions follow the format
Fn::Attribute, such as Fn::GetAtt. Arguments for intrinsic functions can be
parameters, pseudo parameters, or the output of other intrinsic functions.
IP address A numerical address (for example, 192.0.2.44) that networked devices use
to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 1078) is assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 1091)):
a private IP address (following RFC 1918) and a public IP address. Instances
launched in a VPC (p. 1060) are assigned only a private IP address. Instances
launched in your default VPC are assigned both a private IP address and a public
IP address.
IP match condition AWS WAF (p. 1069): An attribute that specifies the IP addresses or IP
address ranges that web requests originate from. Based on the specified IP
Version 1.0
1085
addresses, you can configure AWS WAF to allow or block web requests to AWS
resources (p. 1099) such as Amazon CloudFront (p. 1054) distributions.
ISP See internet service provider (ISP).
issuer The person who writes a policy (p. 1094) to grant permissions to a
resource (p. 1099). The issuer (by definition) is always the resource owner. AWS
doesn't permit Amazon SQS (p. 1060) users to create policies for resources they
don't own. If John is the resource owner, AWS authenticates John's identity when
he submits the policy he's written to grant permissions for that resource.
item A group of attributes that's uniquely identifiable among all of the other items.
Items in Amazon DynamoDB (p. 1055) are similar in many ways to rows, records,
or tuples in other database systems.
item exploration Amazon Personalize (p. 1058): The process that Amazon Personalize uses to test
different item recommendations, including recommendations of new items with
no or little interaction data, and learn how users respond. You configure item
exploration at the campaign level for solution versions created with the user-
personalization recipe.
See Also recommendations, campaign, solution version, user-personalization
recipe.
item-to-item similarities Amazon Personalize (p. 1058): A RELATED_ITEMS recipe that uses the data from
(SIMS) recipe an Interactions dataset to make recommendations for items that are similar to
a specified item. The SIMS recipe calculates similarity based on the way users
interact with items instead of matching item metadata, such as price or age.
See Also recipe, RELATED_ITEMS recipes, Interactions dataset.
Items dataset Amazon Personalize (p. 1058): A container for metadata about items, such as
price, genre, or availability.
See Also dataset.
J
Z (p. 1110)
job flow Amazon EMR (p. 1056): One or more steps (p. 1104) that specify all of the
functions to be performed on the data.
job ID A five-character, alphanumeric string that uniquely identifies an AWS Import/

Export (p. 1065) storage device in your shipment. AWS issues the job ID in
response to a CREATE JOB email command.
job prefix An optional string that you can add to the beginning of an AWS Import/
Export (p. 1065) log file name to prevent collisions with objects of the same
name.
See Also key prefix.
JSON JavaScript Object Notation. A lightweight data interchange format. For

information about JSON, see http://www.json.org/.
junk folder The location where email messages that various filters determine to be of lesser
value are collected so that they don't arrive in the recipient (p. 1097)'s inbox but
are still accessible to the recipient. This is also referred to as a spam (p. 1104) or
bulk folder.
Version 1.0
1086
K
Z (p. 1110)
key A credential that identifies an AWS account (p. 1053) or user (p. 1108) to AWS
(such as the AWS secret access key (p. 1101)).
Amazon Simple Storage Service (Amazon S3) (p. 1060), Amazon EMR (p. 1056):
The unique identifier for an object in a bucket (p. 1070). Every object in a bucket
has exactly one key. Because a bucket and key together uniquely identify each
object, you can think of Amazon S3 as a basic data map between the bucket + key,
and the object itself. You can uniquely address every object in Amazon S3 through
the combination of the web service endpoint, bucket name, and key, as in this
example: http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl,
where doc is the name of the bucket, and 2006-03-01/AmazonS3.wsdl is the
key.
AWS Import/Export (p. 1065): The name of an object in Amazon S3. It's a
sequence of Unicode characters whose UTF-8 encoding can't exceed 1024 bytes.
If a key (for example, logPrefix + import-log-JOBID) is longer than 1024 bytes,
AWS Elastic Beanstalk (p. 1064) returns an InvalidManifestField error.
IAM (p. 1065): In a policy (p. 1094), a specific characteristic that's the basis for
restricting access (such as the current time or the IP address of the requester).
Tagging resources: A general tag (p. 1106) label that acts like a category for more
specific tag values. For example, you might have EC2 instance (p. 1078) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 1099)
with up to 10 key–value pairs. Not all AWS resources can be tagged.
key pair A set of security credentials that you use to prove your identity electronically. A
key pair consists of a private key and a public key.
key prefix A string of characters that is a subset of an object key name, starting with the first
character. The prefix can be any length, up to the maximum length of the object
key name (1,024 bytes).
kibibyte (KiB) A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB)
is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB) (p. 1089).
KMS See AWS Key Management Service (AWS KMS).
KMS key The primary resource in AWS Key Management Service. In general, KMS keys
are created, used, and deleted entirely within KMS. KMS supports symmetric
and asymmetric KMS keys for encryption and signing. KMS keys can be either
customer managed, AWS managed, or AWS owned. For more information, see
AWS KMS keys in the AWS Key Management Service Developer Guide.
L
Z (p. 1110)
Version 1.0
1087
labeled data In machine learning, data for which you already know the target or “correct”
answer.
launch configuration A set of descriptive parameters used to create new EC2 instances (p. 1078) in an
Amazon EC2 Auto Scaling (p. 1056) activity.
A template that an Auto Scaling group (p. 1062) uses to launch new EC2
instances. The launch configuration contains information such as the Amazon
Machine Image (AMI) (p. 1058) ID, the instance type, key pairs, security
groups (p. 1101), and block device mappings, among other configuration
settings.
launch permission An Amazon Machine Image (AMI) (p. 1058) attribute that allows users to launch
an AMI.
lifecycle The lifecycle state of the EC2 instance (p. 1078) contained in an Auto Scaling
group (p. 1062). EC2 instances progress through several states over their lifespan;
these include Pending, InService, Terminating and Terminated.
lifecycle action An action that can be paused by Auto Scaling, such as launching or terminating
an EC2 instance.
lifecycle hook A feature for pausing Auto Scaling after it launches or terminates an EC2 instance
so that you can perform a custom action while the instance isn't in service.
load balancer A DNS name combined with a set of ports, which together provide a destination
for all requests intended for your application. A load balancer can distribute
traffic to multiple application instances across every Availability Zone (p. 1062)
within a Region (p. 1098). Load balancers can span multiple Availability Zones
within an AWS Region into which an Amazon EC2 (p. 1055) instance was
launched. But load balancers can't span multiple Regions.
local secondary index An index that has the same partition key as the table, but a different sort key. A
local secondary index is local in the sense that every partition of a local secondary
index is scoped to a table partition that has the same partition key value.
See Also local secondary index.
logical name A case-sensitive unique string within an AWS CloudFormation (p. 1063) template
that identifies a resource (p. 1099), mapping (p. 1089), parameter, or output. In
an AWS CloudFormation template, each parameter, resource (p. 1099), property,
mapping, and output must be declared with a unique logical name. You use the
logical name when dereferencing these items using the Ref function.
M
Z (p. 1110)
Mail Transfer Agent (MTA) Software that transports email messages from one computer to another by using
a client-server architecture.
mailbox provider An organization that provides email mailbox hosting services. Mailbox providers
are sometimes referred to as internet service providers (ISPs) (p. 1085), even if
they only provide mailbox services.
mailbox simulator A set of email addresses that you can use to test an Amazon SES (p. 1059)-based
email-sending application without sending messages to actual recipients. Each
Version 1.0
1088
email address represents a specific scenario (such as a bounce or complaint) and

generates a typical response that's specific to the scenario.
main route table The default route table (p. 1100) that any new VPC (p. 1110) subnet (p. 1105)
uses for routing. You can associate a subnet with a different route table of your
choice. You can also change which route table is the main route table.
managed policy A standalone IAM (p. 1065) policy (p. 1094) that you can attach to
multiple users (p. 1108), groups (p. 1083), and roles (p. 1099)s in your IAM
account (p. 1053). Managed policies can either be AWS managed policies (which
are created and managed by AWS) or customer managed policies (which you
create and manage in your AWS account).
manifest When sending a create job request for an import or export operation, you describe
your job in a text file called a manifest. The manifest file is a YAML-formatted
file that specifies how to transfer data between your storage device and the AWS
Cloud.
manifest file Amazon Machine Learning: The file used for describing batch predictions. The
manifest file relates each input data file with its associated batch prediction
results. It's stored in the Amazon S3 output location.
mapping A way to add conditional parameter values to an AWS CloudFormation (p. 1063)
template. You specify mappings in the template's optional Mappings section and
retrieve the desired value using the FN::FindInMap function.
marker See pagination token.
master node A process running on an Amazon Machine Image (AMI) (p. 1058) that keeps track
of the work its core and task nodes complete.
maximum price The maximum price you pay to launch one or more Spot Instances (p. 1104).
If your maximum price exceeds the current Spot price (p. 1104) and your
restrictions are met, Amazon EC2 (p. 1055) launches instances on your behalf.
maximum send rate The maximum number of email messages that you can send per second using
Amazon SES (p. 1059).
mean reciprocal rank at 25 Amazon Personalize (p. 1058): An evaluation metric that assesses the relevance
of a model’s highest ranked recommendation. Amazon Personalize calculates
this metric using the average accuracy of the model when ranking the most
relevant recommendation out of the top 25 recommendations over all requests
for recommendations.
See Also metrics, recommendations.
mebibyte (MiB) A contraction of mega binary byte. A mebibyte (MiB) is 2^20 or 1,048,576
bytes. A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte
(GiB) (p. 1082).
member resources See resource.
message ID Amazon Simple Email Service (Amazon SES) (p. 1059): A unique identifier that's
assigned to every email message that's sent.
Amazon Simple Queue Service (Amazon SQS) (p. 1060): The identifier returned
when you send a message to a queue.
metadata Information about other data or objects. In Amazon Simple Storage Service
(Amazon S3) (p. 1060) and Amazon EMR (p. 1056) metadata takes the form of
Version 1.0
1089
name–value pairs that describe the object. These include default metadata such
as the date last modified and standard HTTP metadata (for example, Content-
Type). Users can also specify custom metadata at the time they store an object. In
Amazon EC2 (p. 1055) metadata includes data about an EC2 instance (p. 1078)
that the instance can retrieve to determine things about itself, such as the
instance type or the IP address.
metric An element of time-series data defined by a unique combination of exactly

one namespace (p. 1091), exactly one metric name, and between zero and ten
dimensions. Metrics and the statistics derived from them are the basis of Amazon
CloudWatch (p. 1054).
metrics Amazon Personalize (p. 1058): Evaluation data that Amazon Personalize
generates when you train a model. You use metrics to evaluate the performance
of the model, view the effects of modifying a solution’s configuration, and
compare results between solutions that use the same training data but were
created with different recipes.
See Also solution, recipe.
metric name The primary identifier of a metric, used with a namespace (p. 1091) and optional
dimensions.
MFA See multi-factor authentication (MFA).
micro instance A type of EC2 instance (p. 1078) that's more economical to use if you have
occasional bursts of high CPU activity.
MIME See Multipurpose Internet Mail Extensions (MIME).
ML model In machine learning (ML), a mathematical model that generates predictions by

finding patterns in data. Amazon Machine Learning supports three types of ML
models: binary classification, multiclass classification, and regression. Also known
as a predictive model.
See Also binary classification model, multiclass classification model, regression
model.
MTA See Mail Transfer Agent (MTA).
Multi-AZ deployment A primary DB instance (p. 1076) that has a synchronous standby replica in a
different Availability Zone (p. 1062). The primary DB instance is synchronously
replicated across Availability Zones to the standby replica.
multiclass classification A machine learning model that predicts values that belong to a limited, pre-
model defined set of permissible values. For example, "Is this product a book, movie, or
clothing?"
multi-factor authentication An optional AWS account (p. 1053) security feature. After you enable AWS
(MFA) MFA, you must provide a six-digit, single-use code in addition to your sign-in
credentials whenever you access secure AWS webpages or the AWS Management
Console (p. 1066). You get this single-use code from an authentication device
that you keep in your physical possession.
See Also https://aws.amazon.com/mfa/.
multi-valued attribute An attribute with more than one value.
multipart upload A feature that you can use to upload a single object as a set of parts.
Multipurpose Internet Mail An internet standard that extends the email protocol to include non-ASCII text
Extensions (MIME) and nontext elements, such as attachments.
Version 1.0
1090
Multitool A cascading application that provides a simple command-line interface for

managing large datasets.
N
Z (p. 1110)
namespace An abstract container that provides context for the items (names, or technical
terms, or words) it holds, and allows disambiguation of homonym items residing
in different namespaces.
NAT Network address translation. A strategy of mapping one or more IP addresses

to another while data packets are in transit across a traffic routing device. This
is commonly used to restrict internet communication to private instances while
allowing outgoing traffic.
See Also Network Address Translation and Protocol Translation, NAT gateway,
NAT instance.
NAT gateway A NAT (p. 1091) device, managed by AWS, that performs network address
translation in a private subnet (p. 1105), to secure inbound internet traffic. A NAT
gateway uses both NAT and port address translation.
See Also NAT instance.
NAT instance A NAT (p. 1091) device, configured by a user, that performs network address
translation in a VPC (p. 1110) public subnet (p. 1105) to secure inbound internet
traffic.
See Also NAT gateway.
network ACL An optional layer of security that acts as a firewall for controlling traffic in and
out of a subnet (p. 1105). You can associate multiple subnets with a single
network ACL (p. 1052), but a subnet can be associated with only one network ACL
at a time.
Network Address Translation (NAT (p. 1091)-PT) An internet protocol standard defined in RFC 2766.
and Protocol Translation See Also NAT instance, NAT gateway.
n-gram processor A processor that performs n-gram transformations.

See Also n-gram transformation.
n-gram transformation Amazon Machine Learning: A transformation that aids in text string analysis.
An n-gram transformation takes a text variable as input and outputs strings by
sliding a window of size n words, where n is specified by the user, over the text,
and outputting every string of words of size n and all smaller sizes. For example,
specifying the n-gram transformation with window size =2 returns all the two-
word combinations and all of the single words.
NICE Desktop Cloud A remote visualization technology for securely connecting users to graphic-
Visualization intensive 3D applications hosted on a remote, high-performance server.
node Amazon OpenSearch Service (OpenSearch Service) (p. 1056): An OpenSearch

instance. A node can be either a data instance or a dedicated master instance.
See Also dedicated master node.
NoEcho A property of AWS CloudFormation (p. 1063) parameters that prevent the
otherwise default reporting of names and values of a template parameter.
Version 1.0
1091
Declaring the NoEcho property causes the parameter value to be masked with
asterisks in the report by the cfn-describe-stacks command.
normalized discounted Amazon Personalize (p. 1058): An evaluation metric that tells you about the
cumulative gain (NCDG) at K relevance of your model’s highly ranked recommendations, where K is a sample
(5/10/25) size of 5, 10, or 25 recommendations. Amazon Personalize calculates this by
assigning weight to recommendations based on their position in a ranked list,
where each recommendation is discounted (given a lower weight) by a factor
dependent on its position. The normalized discounted cumulative gain at K
assumes that recommendations that are lower on a list are less relevant than
recommendations higher on the list.
NoSQL Nonrelational database systems that are highly available, scalable, and optimized
for high performance. Instead of the relational model, NoSQL databases
(for example, Amazon DynamoDB (p. 1055)) use alternate models for data
management, such as key–value pairs or document storage.
null object A null object is one whose version ID is null. Amazon S3 (p. 1060) adds a null
object to a bucket (p. 1070) when versioning (p. 1109) for that bucket is
suspended. It's possible to have only one null object for each key in a bucket.
number of passes The number of times that you allow Amazon Machine Learning to use the same
data records to train a machine learning model.
O
Z (p. 1110)
object Amazon Simple Storage Service (Amazon S3) (p. 1060): The fundamental entity
type stored in Amazon S3. Objects consist of object data and metadata. The data
portion is opaque to Amazon S3.
Amazon CloudFront (p. 1054): Any entity that can be served either over HTTP or
a version of RTMP.
observation Amazon Machine Learning: A single instance of data that Amazon Machine
Learning (Amazon ML) uses to either train a machine learning model how to
predict or to generate a prediction. Each row in an Amazon ML input data file is
an observation.
On-Demand Instance An Amazon EC2 (p. 1055) pricing option that charges you for compute capacity
by the hour or second (minimum of 60 seconds) with no long-term commitment.
operation An API function. Also called an action.
optimistic locking A strategy to ensure that an item that you want to update has not been modified
by others before you perform the update. For Amazon DynamoDB (p. 1055),
optimistic locking support is provided by the AWS SDKs.
organization AWS Organizations (p. 1067): An entity that you create to consolidate and
manage your AWS accounts. An organization has one management account along
with zero or more member accounts.
organizational unit AWS Organizations (p. 1067): A container for accounts within a root (p. 1099) of
an organization. An organizational unit (OU) can contain other OUs.
Version 1.0
1092
origin access identity Also called OAI. When using Amazon CloudFront (p. 1054) to serve content with
an Amazon S3 (p. 1060) bucket (p. 1070) as the origin, a virtual identity that you
use to require users to access your content through CloudFront URLs instead of
Amazon S3 URLs. Usually used with CloudFront private content (p. 1095).
origin server The Amazon S3 (p. 1060) bucket (p. 1070) or custom origin containing
the definitive original version of the content you deliver through
CloudFront (p. 1054).
original environment The instances in a deployment group at the start of an CodeDeploy blue/green
deployment.
OSB transformation Orthogonal sparse bigram transformation. In machine learning, a transformation

that aids in text string analysis and that's an alternative to the n-gram
transformation. OSB transformations are generated by sliding the window of size
n words over the text, and outputting every pair of words that includes the first
word in the window.
See Also n-gram transformation.
OU See organizational unit.
output location Amazon Machine Learning: An Amazon S3 location where the results of a batch
prediction are stored.
P
Z (p. 1110)
pagination The process of responding to an API request by returning a large list of records in
small separate parts. Pagination can occur in the following situations:
• The client sets the maximum number of returned records to a value below the
total number of records.
• The service has a default maximum number of returned records that's lower
than the total number of records.
When an API response is paginated, the service sends a subset of the large list
of records and a pagination token that indicates that more records are available.
The client includes this pagination token in a subsequent API request, and the
service responds with the next subset of records. This continues until the service
responds with a subset of records and no pagination token, indicating that all
records have been sent.
pagination token A marker that indicates that an API response contains a subset of a larger list of
records. The client can return this marker in a subsequent API request to retrieve
the next subset of records until the service responds with a subset of records and
no pagination token, indicating that all records have been sent.
See Also pagination.
paid AMI An Amazon Machine Image (AMI) (p. 1058) that you sell to other Amazon
EC2 (p. 1055) users on AWS Marketplace (p. 1066).
paravirtual virtualization See PV virtualization.
part A contiguous portion of the object's data in a multipart upload request.
Version 1.0
1093
partition key A simple primary key, composed of one attribute (also known as a hash attribute).
See Also partition key, sort key.
PAT Port address translation.
pebibyte (PiB) A contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624

bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an
exbibyte (EiB) (p. 1080).
period See sampling period.
permission A statement within a policy (p. 1094) that allows or denies access to a particular
resource (p. 1099). You can state any permission in the following way: "A has
permission to do B to C." For example, Jane (A) has permission to read messages
(B) from John's Amazon SQS (p. 1060) queue (C). Whenever Jane sends a
request to Amazon SQS to use John's queue, the service checks to see if she has
permission. It further checks to see if the request satisfies the conditions John set
forth in the permission.
persistent storage A data storage solution where the data remains intact until it's deleted. Options
within AWS (p. 1060) include: Amazon S3 (p. 1060), Amazon RDS (p. 1059),
Amazon DynamoDB (p. 1055), and other services.
PERSONALIZED_RANKING Amazon Personalize (p. 1058): Recipes that provide item recommendations in
recipes ranked order based on the predicted interest for a user.
See Also recipe, recommendations, personalized-ranking recipe, popularity-count
recipe.
personalized-ranking recipe Amazon Personalize (p. 1058): A PERSONALIZED_RANKING recipe that ranks a
collection of items that you provide based on the predicted interest level for a
specific user. Use the personalized-ranking recipe to create curated lists of items
or ordered search results that are personalized for a specific user.
See Also recipe, PERSONALIZED_RANKING recipes.
physical name A unique label that AWS CloudFormation (p. 1063) assigns to each
resource (p. 1099) when creating a stack (p. 1104). Some AWS CloudFormation
commands accept the physical name as a value with the --physical-name
parameter.
pipeline AWS CodePipeline (p. 1063): A workflow construct that defines the way software
changes go through a release process.
plaintext Information that has not been encrypted (p. 1079), as opposed to
ciphertext (p. 1072).
policy IAM (p. 1065): A document defining permissions that apply to a user, group,
or role; the permissions in turn determine what users can do in AWS. A policy
typically allows (p. 1054) access to specific actions, and can optionally grant
that the actions are allowed for specific resources (p. 1099), such as EC2
instances (p. 1078) or Amazon S3 (p. 1060) buckets (p. 1070). Policies can also
explicitly deny (p. 1077) access.
Amazon EC2 Auto Scaling (p. 1056): An object that stores the information that's
needed to launch or terminate instances for an Auto Scaling group. Running
the policy causes instances to be launched or terminated. You can configure an
alarm (p. 1053) to invoke an Auto Scaling policy.
policy generator A tool in the IAM (p. 1065) AWS Management Console (p. 1066) that helps you
build a policy (p. 1094) by selecting elements from lists of available options.
Version 1.0
1094
policy simulator A tool in the IAM (p. 1065) AWS Management Console (p. 1066) that helps you
test and troubleshoot policies (p. 1094) so you can see their effects in real-world
scenarios.
policy validator A tool in the IAM (p. 1065) AWS Management Console (p. 1066) that examines
your existing IAM access control policies (p. 1094) to ensure that they comply
with the IAM policy grammar.
popularity-count recipe Amazon Personalize (p. 1058): A USER_PERSONALIZATION recipe that

recommends the items that have had the most interactions with unique users.
See Also recipe, USER_PERSONALIZATION recipes.
precision at K (5/10/25) Amazon Personalize (p. 1058): An evaluation metric that tells you how relevant
your model’s recommendations are based on a sample size of K (5, 10, or 25)
recommendations. Amazon Personalize calculates this metric based on the
number of relevant recommendations out of the top K recommendations, divided
by K, where K is 5, 10, or 25.
prefix See job prefix.
Premium Support A one-on-one, fast-response support channel that AWS customers can subscribe
to for support for AWS infrastructure services.
See Also https://aws.amazon.com/premiumsupport/.
presigned URL A web address that uses query string authentication (p. 1096).
primary key One or two attributes that uniquely identify each item in a Amazon
DynamoDB (p. 1055) table, so that no two items can have the same key.
See Also partition key, sort key.
primary shard See shard.
principal The user (p. 1108), service, or account (p. 1053) that receives permissions that
are defined in a policy (p. 1094). The principal is A in the statement "A has
permission to do B to C."
private content When using Amazon CloudFront (p. 1054) to serve content with an Amazon
S3 (p. 1060) bucket (p. 1070) as the origin, a method of controlling access to
your content by requiring users to use signed URLs. Signed URLs can restrict user
access based on the current date and time, the IP addresses that the requests
originate from, or both.
private IP address A private numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
mapped to each other through network address translation (NAT (p. 1091)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 1060) are assigned only a private IP address.
private subnet A VPC (p. 1110) subnet (p. 1105) whose instances can't be reached from the
internet.
product code An identifier provided by AWS when you submit a product to AWS
Marketplace (p. 1066).
properties See resource property.
property rule A JSON (p. 1086)-compliant markup standard for declaring properties, mappings,
and output values in an AWS CloudFormation (p. 1063) template.
Version 1.0
1095
Provisioned IOPS A storage option that delivers fast, predictable, and consistent I/O performance.
When you specify an IOPS rate while creating a DB instance, Amazon
RDS (p. 1059) provisions that IOPS rate for the lifetime of the DB instance.
pseudo parameter A predefined setting (for example, AWS:StackName) that can be used in AWS
CloudFormation (p. 1063) templates without having to declare them. You can use
pseudo parameters anywhere you can use a regular parameter.
public AMI An Amazon Machine Image (AMI) (p. 1058) that all AWS accounts (p. 1053) have
permission to launch.
public dataset A large collection of public information that can be seamlessly integrated into
applications that are based in the AWS Cloud. Amazon stores public datasets
at no charge to the community and, similar to other AWS services, users pay
only for the compute and storage they use for their own applications. These
datasets currently include data from the Human Genome Project, the US Census,
Wikipedia, and other sources.
See Also https://aws.amazon.com/publicdatasets.
public IP address A public numerical address (for example, 192.0.2.44) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
mapped to each other through Network Address Translation (NAT (p. 1091)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 1060) are assigned only a private IP address.
public subnet A subnet (p. 1105) whose instances can be reached from the internet.
PV virtualization Paravirtual virtualization. Allows guest VMs to run on host systems that don't
have special support extensions for full hardware and CPU virtualization. Because
PV guests run a modified operating system that doesn't use hardware emulation,
they can't provide hardware-related features, such as enhanced networking or
GPU support.
See Also HVM virtualization.
Q
Z (p. 1110)
quartile binning Amazon Machine Learning: A process that takes two inputs, a numerical variable
transformation and a parameter called a bin number, and outputs a categorical variable. Quartile
binning transformations discover non-linearity in a variable's distribution by
enabling the machine learning model to learn separate importance values for
parts of the numeric variable’s distribution.
Query A type of web service that generally uses only the GET or POST HTTP method and
a query string with parameters in the URL.
See Also REST.
query string authentication An AWS feature that you can use to place the authentication information in the
HTTP request query string instead of in the Authorization header, which
provides URL-based access to objects in a bucket (p. 1070).
queue A sequence of messages or jobs that are held in temporary storage awaiting
transmission or processing.
Version 1.0
1096
queue URL A web address that uniquely identifies a queue.
quota The maximum value for your resources, actions, and items in your AWS account
R
Z (p. 1110)
range GET A request that specifies a byte range of data to get for a download. If an object is
large, you can break up a download into smaller units by sending multiple range
GET requests that each specify a different byte range to GET.
raw email A type of sendmail request with which you can specify the email headers and
MIME types.
RDS See Amazon Relational Database Service (Amazon RDS).
read replica Amazon RDS (p. 1059): An active copy of another DB instance. Any updates to
the data on the source DB instance are replicated to the read replica DB instance
using the built-in replication feature of MySQL 5.1.
real-time predictions Amazon Machine Learning: Synchronously generated predictions for individual
data observations.
See Also batch prediction.
recipe Amazon Personalize (p. 1058): An Amazon Personalize algorithm

that's preconfigured to predict the items that a user interacts with (for
USER_PERSONALIZATION recipes), or calculate items that are similar to specific
items that a user has shown interest in (for RELATED_ITEMS recipes), or rank a
collection of items that you provide based on the predicted interest for a specific
user (for PERSONALIZED_RANKING recipes).
See Also USER_PERSONALIZATION recipes, RELATED_ITEMS recipes,
PERSONALIZED_RANKING recipes.
recommendations Amazon Personalize (p. 1058): A list of items that Amazon Personalize predicts
that a user interacts with. Depending on the Amazon Personalize recipe used,
recommendations can be either a list of items (with USER_PERSONALIZATION
recipes and RELATED_ITEMS recipes), or a ranking of a collection of items you
provided (with PERSONALIZED_RANKING recipes).
See Also recipe, campaign, solution version, USER_PERSONALIZATION recipes,
RELATED_ITEMS recipes, PERSONALIZED_RANKING recipes.
receipt handle Amazon SQS (p. 1060): An identifier that you get when you receive a message
from the queue. This identifier is required to delete a message from the queue or
when changing a message's visibility timeout.
receiver The entity that consists of the network systems, software, and policies that
manage email delivery for a recipient (p. 1097).
recipient Amazon Simple Email Service (Amazon SES) (p. 1059): The person or entity
receiving an email message. For example, a person named in the "To" field of a
message.
Redis A fast, open-source, in-memory key-value data structure store. Redis comes with
a set of versatile in-memory data structures with which you can easily create a
variety of custom applications.
Version 1.0
1097
reference A means of inserting a property from one AWS resource (p. 1099) into another.
For example, you could insert an Amazon EC2 (p. 1055) security group (p. 1101)
property into an Amazon RDS (p. 1059) resource.
Region A named set of AWS resources (p. 1099) that's in the same geographical area. A
Region comprises at least two Availability Zones (p. 1062).
regression model Amazon Machine Learning: Preformatted instructions for common data
transformations that fine-tune machine learning model performance.
regression model A type of machine learning model that predicts a numeric value, such as the exact
purchase price of a house.
regularization A machine learning (ML) parameter that you can tune to obtain higher-quality
ML models. Regularization helps prevent ML models from memorizing training
data examples instead of learning how to generalize the patterns it sees (called
overfitting). When training data is overfitted, the ML model performs well on the
training data, but doesn't perform well on the evaluation data or on new data.
RELATED_ITEMS recipes Amazon Personalize (p. 1058)Recipes that recommend items that are similar to a
specified item, such as the item-to-item (SIMS) recipe.
See Also recipe, item-to-item similarities (SIMS) recipe.
replacement environment The instances in a deployment group after the CodeDeploy blue/green
deployment.
replica shard See shard.
reply path The email address that an email reply is sent to. This is different from the return
path (p. 1099).
representational state See REST.

transfer
reputation 1. An Amazon SES (p. 1059) metric, based on factors that might include
bounces (p. 1070), complaints (p. 1072), and other metrics, regarding whether a
customer is sending high-quality email.
2. A measure of confidence, as judged by an internet service provider

(ISP) (p. 1085) or other entity that an IP address that they are receiving email
from isn't the source of spam (p. 1104).
requester The person (or application) that sends a request to AWS to perform a specific
action. When AWS receives a request, it first evaluates the requester's permissions
to determine whether the requester is allowed to perform the request action (if
applicable, for the requested resource (p. 1099)).
Requester Pays An Amazon S3 (p. 1060) feature that allows a bucket owner (p. 1070) to specify
that anyone who requests access to objects in a particular bucket (p. 1070) must
pay the data transfer and request costs.
reservation A collection of EC2 instances (p. 1078) started as part of the same launch
request. This is not to be confused with a Reserved Instance (p. 1098).
Reserved Instance A pricing option for EC2 instances (p. 1078) that discounts the on-
demand (p. 1092) usage charge for instances that meet the specified parameters.
Customers pay for the entire term of the instance, regardless of how they use it.
Reserved Instance An online exchange that matches sellers who have reserved capacity that they
Marketplace no longer need with buyers who are looking to purchase additional capacity.
Version 1.0
1098
reserved instances (p. 1098) that you purchase from third-party sellers have less
than a full standard term remaining and can be sold at different upfront prices.
The usage or reoccurring fees remain the same as the fees set when the Reserved
Instances were originally purchased. Full standard terms for Reserved Instances
available from AWS run for one year or three years.
resource An entity that users can work with in AWS, such as an EC2 instance (p. 1078), an
Amazon DynamoDB (p. 1055) table, an Amazon S3 (p. 1060) bucket (p. 1070), an
IAM (p. 1065) user, or an AWS OpsWorks (p. 1067) stack (p. 1104).
resource property A value required when including an AWS resource (p. 1099) in an AWS
CloudFormation (p. 1063) stack (p. 1104). Each resource can have one or more
properties associated with it. For example, an AWS::EC2::Instance resource
might have a UserData property. In an AWS CloudFormation template, resources
must declare a properties section, even if the resource has no properties.
resource record Also called resource record set. The fundamental information elements in the
Domain Name System (DNS).
See Also Domain Name System on Wikipedia.
REST Representational state transfer. A simple stateless architecture that generally runs
over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical
identifiers (URIs), are represented by common media types (such as HTML, XML,
or JSON (p. 1086)), and that operations on the resources are either predefined or
discoverable within the media type. In practice, this generally results in a limited
number of operations.
See Also Query, WSDL, SOAP.
RESTful web service Also known as RESTful API. A web service that follows REST (p. 1099)
architectural constraints. The API operations must use HTTP methods explicitly,
expose hierarchical URIs, and transfer either XML, JSON (p. 1086), or both.
return enabled Amazon CloudSearch (p. 1054): An index field option that enables the field's
values to be returned in the search results.
return path The email address that bounced email is returned to. The return path is specified
in the header of the original email. This is different from the reply path (p. 1098).
revision AWS CodePipeline (p. 1063): A change that's made to a source that's configured
in a source action, such as a pushed commit to a GitHub (p. 1082) repository or
an update to a file in a versioned Amazon S3 (p. 1060) bucket (p. 1070).
role A tool for giving temporary access to AWS resources (p. 1099) in your AWS
account (p. 1053).
rollback A return to a previous state that follows the failure to create an object, such
as AWS CloudFormation (p. 1063) stack (p. 1104). All resources (p. 1099)
that are associated with the failure are deleted during the rollback. For AWS
CloudFormation, you can override this behavior using the --disable-rollback
option on the command line.
root AWS Organizations (p. 1067): A parent container for the accounts in your
organization. If you apply a service control policy (p. 1102) to the root, it applies
to every organizational unit (p. 1092) and account in the organization.
root credentials Authentication information associated with the AWS account (p. 1053) owner.
root device volume A volume (p. 1110) that contains the image used to boot the instance (p. 1085)
(also known as a root device). If you launched the instance from an AMI (p. 1058)
Version 1.0
1099
backed by instance store (p. 1085), this is an instance store volume (p. 1110)
created from a template stored in Amazon S3 (p. 1060). If you launched the
instance from an AMI backed by Amazon EBS (p. 1056), this is an Amazon EBS
volume created from an Amazon EBS snapshot.
route table A set of routing rules that controls the traffic leaving any subnet (p. 1105) that's
associated with the route table. You can associate multiple subnets with a single
route table, but a subnet can be associated with only one route table at a time.
row identifier Amazon Machine Learning: An attribute in the input data that you can include
in the evaluation or prediction output to make it easier to associate a prediction
with an observation.
rule AWS WAF (p. 1069): A set of conditions that AWS WAF searches for in web
requests to AWS resources (p. 1099) such as Amazon CloudFront (p. 1054)
distributions. You add rules to a web ACL (p. 1110), and then specify whether you
want to allow or block web requests based on each rule.
S
Z (p. 1110)
S3 See Amazon Simple Storage Service (Amazon S3).
sampling period A defined duration of time, such as one minute, which Amazon
CloudWatch (p. 1054) computes a statistic (p. 1104) over.
sandbox A testing location where you can test the functionality of your application without
affecting production, incurring charges, or purchasing products.
Amazon SES (p. 1059): An environment that developers can use to test and
evaluate the service. In the sandbox, you have full access to the Amazon SES
API, but you can only send messages to verified email addresses and the mailbox
simulator. To get out of the sandbox, you must apply for production access.
Accounts in the sandbox also have lower sending limits (p. 1102) than production
accounts.
scale in To remove EC2 instances from an Auto Scaling group (p. 1062).
scale out To add EC2 instances to an Auto Scaling group (p. 1062).
scaling policy A description of how Auto Scaling automatically scales an Auto Scaling
group (p. 1062) in response to changing demand.
See Also scale in, scale out.
scaling activity A process that changes the size, configuration, or makeup of an Auto Scaling
group (p. 1062) by launching or terminating instances.
scheduler The method used for placing tasks (p. 1106) on container instances (p. 1073).
schema Amazon Machine Learning: The information that's needed to interpret the input
data for a machine learning model, including attribute names and their assigned
data types, and the names of special attributes.
score cut-off value Amazon Machine Learning: A binary classification model outputs a score that
ranges from 0 to 1. To decide whether an observation is classified as 1 or 0, you
Version 1.0
1100
pick a classification threshold, or cut-off, and Amazon ML compares the score

against it. Observations with scores higher than the cut-off are predicted as target
equals 1, and scores lower than the cut-off are predicted as target equals 0.
SCP See service control policy.
search API Amazon CloudSearch (p. 1054): The API that you use to submit search requests to
a search domain (p. 1101).
search domain Amazon CloudSearch (p. 1054): Encapsulates your searchable data and the
search instances that handle your search requests. You typically set up a separate
Amazon CloudSearch domain for each different collection of data that you want
to search.
search domain configuration Amazon CloudSearch (p. 1054): A domain's indexing options, analysis
schemes (p. 1061), expressions (p. 1081), suggesters (p. 1105), access policies,
and scaling and availability options.
search enabled Amazon CloudSearch (p. 1054): An index field option that enables the field data
to be searched.
search endpoint Amazon CloudSearch (p. 1054): The URL that you connect to when sending
search requests to a search domain. Each Amazon CloudSearch domain has a
unique search endpoint that remains the same for the life of the domain.
search index Amazon CloudSearch (p. 1054): A representation of your searchable data that
facilitates fast and accurate data retrieval.
search instance Amazon CloudSearch (p. 1054): A compute resource (p. 1099) that indexes
your data and processes search requests. An Amazon CloudSearch domain
has one or more search instances, each with a finite amount of RAM and CPU
resources. As your data volume grows, more search instances or larger search
instances are deployed to contain your indexed data. When necessary, your index
is automatically partitioned across multiple search instances. As your request
volume or complexity increases, each search partition is automatically replicated
to provide additional processing capacity.
search request Amazon CloudSearch (p. 1054): A request that's sent to an Amazon CloudSearch
domain's search endpoint to retrieve documents from the index that match
particular search criteria.
search result Amazon CloudSearch (p. 1054): A document that matches a search request. Also
referred to as a search hit.
secret access key A key that's used with the access key ID (p. 1052) to cryptographically sign
programmatic AWS requests. Signing a request identifies the sender and prevents
the request from being altered. You can generate secret access keys for your AWS
account (p. 1053), individual IAM users (p. 1108)and temporary sessions.
security group A named set of allowed inbound network connections for an instance. (Security
groups in Amazon VPC (p. 1060) also include support for outbound connections.)
Each security group consists of a list of protocols, ports, and IP address ranges. A
security group can apply to multiple instances, and multiple groups can regulate a
single instance.
sender The person or entity sending an email message.
Sender ID A Microsoft controlled version of SPF (p. 1104). An email authentication and
anti-spoofing system. For more information about Sender ID, see Sender ID in
Wikipedia.
Version 1.0
1101
sending limits The sending quota (p. 1102) and maximum send rate (p. 1089) that are
associated with every Amazon SES (p. 1059) account.
sending quota The maximum number of email messages that you can send using Amazon
SES (p. 1059) in a 24-hour period.
server-side encryption (SSE) The encrypting (p. 1079) of data at the server level. Amazon S3 (p. 1060)
supports three modes of server-side encryption: SSE-S3, where Amazon S3
manages the keys; SSE-C, where the customer manages the keys; and SSE-KMS,
where AWS Key Management Service (AWS KMS) (p. 1066) manages keys.
service control policy AWS Organizations (p. 1067): A policy-based control that specifies the services
and actions that users and roles can use in the accounts that the service control
policy (SCP) affects.
service endpoint See endpoint.
service health dashboard A webpage showing up-to-the-minute information about AWS service availability.
The dashboard is located at http://status.aws.amazon.com/.
Service Quotas A service for viewing and managing your quotas easily and at scale as your AWS
workloads grow. Quotas, also referred to as limits, are the maximum number of
resources that you can create in an AWS account.
service role An IAM (p. 1065) role (p. 1099) that grants permissions to an AWS service so it
can access AWS resources (p. 1099). The policies that you attach to the service
role determine which AWS resources the service can access and what it can do
with those resources.
SES See Amazon Simple Email Service (Amazon SES).
session The period when the temporary security credentials that are provided by AWS
Security Token Service (AWS STS) (p. 1068) allow access to your AWS account.
SHA Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS
has replaced with SHA256.
shard Amazon OpenSearch Service (OpenSearch Service) (p. 1056): A partition of data
in an index. You can split an index into multiple shards, which can include primary
shards (original shards) and replica shards (copies of the primary shards). Replica
shards provide failover. This means that, if a cluster node that contains a primary
shard fails, a replica shard is promoted to a primary shard. Replica shards also can
handle requests.
shared AMI An Amazon Machine Image (AMI) (p. 1058) that a developer builds and makes
available for others to use.
shutdown action Amazon EMR (p. 1056): A predefined bootstrap action that launches a script that
runs a series of commands in parallel before terminating the job flow.
signature Refers to a digital signature, which is a mathematical way to confirm the

authenticity of a digital message. AWS uses signatures to authenticate the
requests you send to our web services. For more information, to https://
aws.amazon.com/security.
SIGNATURE file AWS Import/Export (p. 1065): A file that you copy to the root directory of your
storage device. The file contains a job ID, manifest file, and a signature.
Signature Version 4 Protocol for authenticating inbound API requests to AWS services in all AWS
Regions.
Version 1.0
1102
Simple Mail Transfer Protocol See SMTP.
Simple Object Access Protocol See SOAP.
Simple Storage Service See Amazon Simple Storage Service (Amazon S3).
SIMS recipe See item-to-item similarities (SIMS) recipe.
single sign-on An authentication scheme that allows users to sign in one time to access multiple
applications and websites. The service name AWS Single Sign-On is now AWS IAM
Identity Center (successor to AWS Single Sign-On).
See Also AWS IAM Identity Center (successor to AWS Single Sign-On).
Single-AZ DB instance A standard (non-Multi-AZ) DB instance (p. 1076) that's deployed in one
Availability Zone (p. 1062), without a standby replica in another Availability Zone.
See Also Multi-AZ deployment.
sloppy phrase search A search for a phrase that specifies how close the terms must be to one another
to be considered a match.
SMTP Simple Mail Transfer Protocol. The standard that's used to exchange email
messages between internet hosts for the purpose of routing and delivery.
snapshot Amazon Elastic Block Store (Amazon EBS) (p. 1056): A backup of your
volumes (p. 1110) that's stored in Amazon S3 (p. 1060). You can use these
snapshots as the starting point for new Amazon EBS volumes or to protect your
data for long-term durability.
See Also DB snapshot.
SNS See Amazon Simple Notification Service (Amazon SNS).
SOAP Simple Object Access Protocol. An XML-based protocol that you can use to
exchange information over a particular protocol (for example, HTTP or SMTP)
between applications.
See Also REST, WSDL.
soft bounce A temporary email delivery failure such as one resulting from a full mailbox.
software VPN A software appliance-based VPN connection over the internet.
solution Amazon Personalize (p. 1058): The recipe, customized parameters, and trained
models (solution versions) that can be used to generate recommendations.
See Also recipe, solution version, recommendations.
solution version Amazon Personalize (p. 1058): A trained model that you create as part of a
solution in Amazon Personalize. You deploy a solution version in a campaign to
generate recommendations.
See Also solution, campaign, recommendations.
sort enabled Amazon CloudSearch (p. 1054): An index field option that enables a field to be
used to sort the search results.
sort key An attribute used to sort the order of partition keys in a composite primary key
(also known as a range attribute).
See Also partition key, primary key.
source/destination checking A security measure to verify that an EC2 instance (p. 1078) is the origin of all
traffic that it sends and the ultimate destination of all traffic that it receives.
In other words, this measure verifies that the instance isn't relaying traffic. By
Version 1.0
1103
default, source/destination checking is turned on. For instances that function

as gateways, such as VPC (p. 1110) NAT (p. 1091) instances, source/destination
checking must be disabled.
spam Unsolicited bulk emails.
spamtrap An email address that's set up by an anti-spam (p. 1104) entity. This email
address isn't for correspondence but rather for monitoring unsolicited emails. This
is also called a honeypot.
SPF Sender Policy Framework. A standard for authenticating email.
Spot Instance A type of EC2 instance (p. 1078) that you can bid on to use unused Amazon
EC2 (p. 1055) capacity.
Spot price The price for a Spot Instance (p. 1104) at any given time. If your maximum price
exceeds the current price and your restrictions are met, Amazon EC2 (p. 1055)
launches instances on your behalf.
SQL injection match condition AWS WAF (p. 1069): An attribute that specifies the part of web requests (such as
a header or a query string) that AWS WAF inspects for malicious SQL code. Based
on the specified conditions, you can configure AWS WAF to allow or block web
requests to an AWS resource (p. 1099), such as an Amazon CloudFront (p. 1054)
distribution.
SQS See Amazon Simple Queue Service (Amazon SQS).
SSE See server-side encryption (SSE).
SSL Secure Sockets Layer

See Also Transport Layer Security (TLS).
stack AWS CloudFormation (p. 1063): A collection of AWS resources that you create and
delete as a single unit.
AWS OpsWorks (p. 1067): A set of instances that you manage collectively,
typically because they have a common purpose such as serving PHP applications.
A stack serves as a container and handles tasks that apply to the group of
instances as a whole, such as managing applications and cookbooks.
station AWS CodePipeline (p. 1063): A portion of a pipeline workflow where one or more
actions are performed.
station A place at an AWS facility where your AWS Import/Export data is transferred on
to, or off of, your storage device.
statistic One of five functions of the values submitted for a given sampling
period (p. 1100). These functions are Maximum, Minimum, Sum, Average, and
SampleCount.
stem The common root or substring shared by a set of related words.
stemming The process of mapping related words to a common stem. This enables matching
on variants of a word. For example, a search for "horse" could return matches for
horses, horseback, and horsing, as well as horse. Amazon CloudSearch (p. 1054)
supports both dictionary based and algorithmic stemming.
step Amazon EMR (p. 1056): A single function applied to the data in a job
flow (p. 1086). The sum of all steps comprises a job flow.
Version 1.0
1104
step type Amazon EMR (p. 1056): The type of work done in a step. There are a limited
number of step types, such as moving data from Amazon S3 (p. 1060) to Amazon
EC2 (p. 1055) or from Amazon EC2 to Amazon S3.
sticky session A feature of the Elastic Load Balancing (p. 1079) load balancer that binds
a user's session to a specific application instance. This is so that all requests
that are coming from the user during the session are sent to the same
application instance. By contrast, a load balancer defaults to route each request
independently to the application instance with the smallest load.
stopping The process of filtering stop words from an index or search request.
stopword A word that isn't indexed and is automatically filtered out of search requests
because it's either insignificant or so common that including it results in too many
matches to be useful. Stopwords are language specific.
streaming Amazon EMR (p. 1056): A utility that comes with Hadoop (p. 1083) that you can
use to develop MapReduce executables in languages other than Java.
Amazon CloudFront (p. 1054): The ability to use a media file in real time—as it's
transmitted in a steady stream from a server.
streaming distribution A special kind of distribution (p. 1077) that serves streamed media files using a
Real Time Messaging Protocol (RTMP) connection.
Streams See Amazon Kinesis Data Streams.
string-to-sign Before you calculate an HMAC (p. 1083) signature, you first assemble the required
components in a canonical order. The preencrypted string is the string-to-sign.
string match condition AWS WAF (p. 1069): An attribute that specifies the strings that AWS WAF
searches for in a web request, such as a value in a header or a query string.
Based on the specified strings, you can configure AWS WAF to allow or block
web requests to an AWS resource (p. 1099), such as a CloudFront (p. 1054)
distribution.
strongly consistent read A read process that returns a response with the most up-to-date data. This data
reflects the updates from all previous write operations that were successful—
regardless of the Region.
See Also data consistency, eventual consistency, eventually consistent read.
structured query Search criteria that are specified using the Amazon CloudSearch (p. 1054)
structured query language. You use the structured query language to construct
compound queries that use advanced search options and combine multiple search
criteria using Boolean operators.
STS See AWS Security Token Service (AWS STS).
subnet A segment of the IP address range of a VPC (p. 1110) that an EC2
instance (p. 1078) can be attached to. You can create subnets to group instances
according to security and operational needs.
Subscription button An HTML-coded button that provides a simple way to charge customers a
recurring fee.
suggester Amazon CloudSearch (p. 1054): Specifies an index field for getting autocomplete
suggestions and options that can enable fuzzy matches and control how
suggestions are sorted.
suggestions Documents that contain a match for the partial search string in the field
that's designated by the suggester (p. 1105). Amazon CloudSearch (p. 1054)
Version 1.0
1105
suggestions include the document IDs and field values for each matching
document. To be a match, the string must match the contents of the field starting
from the beginning of the field.
supported AMI An Amazon Machine Image (AMI) (p. 1058) similar to a paid AMI (p. 1093), except
that the owner charges for additional software or a service that customers use
with their own AMIs.
SWF See Amazon Simple Workflow Service (Amazon SWF).
symmetric encryption Encryption (p. 1079) that uses a private key only.
See Also asymmetric encryption.
synchronous bounce A type of bounce (p. 1070) that occurs while the email servers of the
sender (p. 1101) and receiver (p. 1097) are actively communicating.
synonym A word that's the same or nearly the same as an indexed word and that likely
produces the same results when specified in a search request. For example, a
search for "Rocky Four" or "Rocky 4" likely returns the fourth Rocky movie. You
can do this by designating that four and 4 are synonyms for IV. Synonyms are
language specific.
T
Z (p. 1110)
table A collection of data. Similar to other database systems, DynamoDB stores data in
tables.
tag Metadata that you can define and assign to AWS resources (p. 1099), such as an
EC2 instance (p. 1078). Not all AWS resources can be tagged.
tagging Tagging resources: Applying a tag (p. 1106) to an AWS resource (p. 1099).
Amazon SES (p. 1059): Also called labeling. A way to format return path (p. 1099)
email addresses so that you can specify a different return path for each
recipient of a message. You can use tagging to support VERP (p. 1109). For
example, if Andrew manages a mailing list, he can use the return paths andrew
[email protected] and [email protected] so that
he can determine which email bounced.
target attribute Amazon Machine Learning (Amazon ML ): The attribute in the input data that
contains the “correct” answers. Amazon ML uses the target attribute to learn how
to make predictions on new data. For example, if you were building a model for
predicting the sale price of a house, the target attribute would be “target sale
price in USD.”
target revision AWS CodeDeploy (p. 1063): The most recent version of the application revision
that has been uploaded to the repository and will be deployed to the instances in
a deployment group. In other words, the application revision currently targeted
for deployment. This is also the revision that will be pulled for automatic
deployments.
task An instantiation of a task definition (p. 1107) that's running on a container

instance (p. 1073).
Version 1.0
1106
task definition The blueprint for your task. Specifies the name of the task (p. 1106), revisions,
container definitions (p. 1073), and volume (p. 1110) information.
task node An EC2 instance (p. 1078) that runs Hadoop (p. 1083) map and reduce tasks,
but doesn't store data. Task nodes are managed by the master node (p. 1089),
which assigns Hadoop tasks to nodes and monitors their status. While a job flow
is running, you can increase and decrease the number of task nodes. Because they
don't store data and can be added and removed from a job flow, you can use task
nodes to manage the EC2 instance capacity your job flow uses, increasing capacity
to handle peak loads and decreasing it later.
Task nodes only run a TaskTracker Hadoop daemon.
tebibyte (TiB) A contraction of tera binary byte. A tebibyte (TiB) is 2^40 or 1,099,511,627,776
bytes. A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a
pebibyte (PiB) (p. 1094).
template format version The version of an AWS CloudFormation (p. 1063) template design that
determines the available features. If you omit the AWSTemplateFormatVersion
section from your template, AWS CloudFormation assumes the most recent
format version.
template validation The process of confirming the use of JSON (p. 1086) code in an AWS
CloudFormation (p. 1063) template. You can validate any AWS CloudFormation
template using the cfn-validate-template command.
temporary security Authentication information that's provided by AWS STS (p. 1068) when you
credentials call an STS API action. Includes an access key ID (p. 1052), a secret access
key (p. 1101), a session (p. 1102) token, and an expiration time.
throttling The automatic restricting or slowing down of a process based on one or more
limits. For example, Amazon Kinesis Data Streams (p. 1057) throttles operations
if an application (or group of applications operating on the same stream)
attempts to get data from a shard at a rate faster than the shard limit. Amazon
API Gateway (p. 1054) uses throttling to limit the steady-state request rates for a
single account. Amazon SES (p. 1059) uses throttling to reject attempts to send
email that exceeds the sending limits (p. 1102).
time-series data Data that's provided as part of a metric. The time value is assumed to be
when the value occurred. A metric is the fundamental concept for Amazon
CloudWatch (p. 1054) and represents a time-ordered set of data points. You
publish metric data points into CloudWatch and later retrieve statistics about
those data points as a time-series ordered dataset.
timestamp A date/time string in the ISO 8601 format (more specifically, in the YYYY-MM-DD
format).
TLS See Transport Layer Security (TLS).
tokenization The process of splitting a stream of text into separate tokens on detectable
boundaries such as white space and hyphens.
topic A communication channel to send messages and subscribe to notifications. It

provides an access point for publishers and subscribers to communicate with each
other.
Traffic Mirroring An Amazon VPC feature that you can use to copy network traffic from an elastic
network interface of Amazon EC2 instances. You can then send this network
traffic to out-of-band security and monitoring appliances for content inspection,
threat monitoring, and troubleshooting.
Version 1.0
1107
See Also https://aws.amazon.com/vpc/.
training datasource A datasource that contains the data that Amazon Machine Learning uses to train
the machine learning model to make predictions.
transition AWS CodePipeline (p. 1063): The act of a revision in a pipeline continuing from
one stage to the next in a workflow.
Transport Layer Security (TLS) A cryptographic protocol that provides security for communication over the
internet. Its predecessor is Secure Sockets Layer (SSL).
trust policy An IAM (p. 1065) policy (p. 1094) that's an inherent part of an IAM role (p. 1099).
The trust policy specifies which principals are allowed to use the role.
trusted key groups Amazon CloudFront key groups whose public keys CloudFront can use to verify
the signatures of CloudFront signed URLs and signed cookies.
trusted signers See trusted key groups (p. 1108).
tuning Selecting the number and type of AMIs (p. 1058) to run a Hadoop (p. 1083) job
flow most efficiently.
tunnel A route for transmission of private network traffic that uses the internet to
connect nodes in the private network. The tunnel uses encryption and secure
protocols such as PPTP to prevent the traffic from being intercepted as it passes
through public routing nodes.
U
Z (p. 1110)
unbounded The number of potential occurrences isn't limited by a set number. This
value is often used when defining a data type that's a list (for example,
maxOccurs="unbounded"), in WSDL (p. 1110).
unit Standard measurement for the values submitted to Amazon

CloudWatch (p. 1054) as metric data. Units include seconds, percent, bytes, bits,
count, bytes/second, bits/second, count/second, and none.
usage report An AWS record that details your usage of a particular AWS service. You can
generate and download usage reports from https://aws.amazon.com/usage-
reports/.
user A person or application under an account (p. 1053) that makes API calls to
AWS products. Each user has a unique name within the AWS account, and a set
of security credentials that aren't shared with other users. These credentials
are separate from the security credentials for the AWS account. Each user is
associated with one and only one AWS account.
Users dataset Amazon Personalize (p. 1058): A container for metadata about your users, such as
age, gender, or loyalty membership.
See Also dataset.
user-personalization recipe Amazon Personalize (p. 1058): An HRNN-based USER_PERSONALIZATION recipe

that predicts the items that a user interacts with. The user-personalization recipe
Version 1.0
1108
can use item exploration and impressions data to generate recommendations for
new items.
See Also HRNN, recipe, USER_PERSONALIZATION recipes, item exploration,
impressions data, recommendations.
USER_PERSONALIZATION Amazon Personalize (p. 1058): Recipes that are used to build a recommendation
recipes system that predicts the items that a user interacts with based on data provided
in Interactions, Items, and Users datasets.
See Also recipe, user-personalization recipe, popularity-count recipe, HRNN.
V
Z (p. 1110)
validation See template validation.
value Instances of attributes (p. 1062) for an item, such as cells in a spreadsheet. An
attribute might have multiple values.
Tagging resources: A specific tag (p. 1106) label that acts as a descriptor within a
tag category (key). For example, you might have EC2 instance (p. 1078) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 1099)
with up to 10 key–value pairs. Not all AWS resources can be tagged.
Variable Envelope Return See VERP.

Path
verification The process of confirming that you own an email address or a domain so that you
can send email from or to it.
VERP Variable Envelope Return Path. A way that email-sending applications can match
bounced (p. 1070) email with the undeliverable address that caused the bounce
by using a different return path (p. 1099) for each recipient. VERP is typically
used for mailing lists. With VERP, the recipient's email address is embedded in the
address of the return path, which is where bounced email is returned. This makes
it possible to automate the processing of bounced email without having to open
the bounce messages, which might vary in content.
versioning Every object in Amazon S3 (p. 1060) has a key and a version ID. Objects with the
same key, but different version IDs can be stored in the same bucket (p. 1070).
Versioning is enabled at the bucket layer using PUT Bucket versioning.
VGW See virtual private gateway (VGW).
virtualization Allows multiple guest virtual machines (VM) to run on a host operating system.
Guest VMs can run on one or more levels above the host hardware, depending on
the type of virtualization.
See Also PV virtualization, HVM virtualization.
virtual private cloud See VPC.
virtual private gateway (VGW) The Amazon side of a VPN connection (p. 1110) that maintains connectivity. The
internal interfaces of the virtual private gateway connect to your VPC (p. 1110)
through the VPN attachment. The external interfaces connect to the VPN
connection, which leads to the customer gateway (p. 1075).
Version 1.0
1109
visibility timeout The period of time that a message is invisible to the rest of your application after
an application component gets it from the queue. During the visibility timeout,
the component that received the message usually processes it, and then deletes
it from the queue. This prevents multiple components from processing the same
message.
VM Import/Export A service for importing virtual machine (VM) images from your existing
virtualization environment to Amazon EC2 and then exporting them back.
See Also https://aws.amazon.com/ec2/vm-import.
volume A fixed amount of storage on an instance (p. 1085). You can share volume data
between more than one container (p. 1073) and persist the data on the container
instance (p. 1073) when the containers are no longer running.
VPC Virtual private cloud. An elastic network that's populated by infrastructure,

platform, and application services that share common security and
interconnection.
VPC endpoint A feature that you can use to create a private connection between your
VPC (p. 1110) and another AWS service without requiring access over the
internet, through a NAT (p. 1091) instance, a VPN connection (p. 1110), or AWS
Direct Connect (p. 1064).
VPG See virtual private gateway (VGW).
VPN CloudHub See AWS VPN CloudHub.
VPN connection Amazon Web Services (AWS) (p. 1060): The IPsec connection that's between a
VPC (p. 1110) and some other network, such as a corporate data center, home
network, or colocation facility.
W
Z (p. 1110)
WAM See Amazon WorkSpaces Application Manager (Amazon WAM).
web access control list (web AWS WAF (p. 1069): A set of rules that defines the conditions that AWS WAF
ACL) searches for in web requests to an AWS resource (p. 1099), such as a Amazon
CloudFront (p. 1054) distribution. A web access control list (web ACL) specifies if
to allow, block, or count the requests.
Web Services Description See WSDL.

Language
WSDL Web Services Description Language. A language that's used to describe the
actions that a web service can perform, along with the syntax of action requests
and responses.
See Also REST, SOAP.
X, Y, Z
X.509 certificate A digital document that uses the X.509 public key infrastructure (PKI) standard
to verify that a public key belongs to the entity that's described in the
certificate (p. 1071).
Version 1.0
1110
yobibyte (YiB) A contraction of yotta binary byte. A yobibyte (YiB) is 2^80 or

1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or
1,000,000,000,000,000,000,000,000 bytes.
zebibyte (ZiB) A contraction of zetta binary byte. A zebibyte (ZiB) is 2^70 or

1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or
1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB) (p. 1111).
zone awareness Amazon OpenSearch Service (OpenSearch Service) (p. 1056): A configuration
that distributes nodes in a cluster across two Availability Zones (p. 1062) in the
same Region. Zone awareness helps to prevent data loss and minimizes downtime
if a node and data center fails. If you enable zone awareness, you must have an
even number of data instances in the instance count, and you also must use the
Amazon OpenSearch Service Configuration API to replicate your data for your
OpenSearch cluster.
Version 1.0
1111

Aws General

Uploaded by

Copyright:

Available Formats

Aws General

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aws General

Uploaded by

Copyright:

Available Formats

AWS General Reference

AWS General Reference: Reference guide

Application Auto Scaling ........................................................................................................... 54

Amazon Chime SDK ................................................................................................................ 121

CodeDeploy ........................................................................................................................... 186

AWS DeepRacer ...................................................................................................................... 261

Service quotas ................................................................................................................ 335

Service quotas ................................................................................................................ 397

Service quotas ................................................................................................................ 455

Service endpoints ........................................................................................................... 618

Service quotas ................................................................................................................ 678

Service quotas ................................................................................................................ 721

SageMaker ............................................................................................................................. 803

Step Functions ....................................................................................................................... 909

AWS resources ............................................................................................................................... 987

AWS General Reference

• AWS security credentials (p. 2)

AWS security credentials

AWS account root user credentials and IAM user

Root user credentials

Tasks that require root user credentials

Understanding and getting your AWS credentials

Accessing your AWS account

You can access AWS using the following methods:

• AWS Management Console sign-in page

AWS Management Console

• Root users sign in with:

AWS access portal

IAM Identity Center users sign in with:

• Corporate user name

Administrators must create a custom URL that includes https://signin.aws.amazon.com/

AWS Command Line Interface

Multi-factor authentication (MFA)

About access keys

Considerations and alternatives for long-term access keys

Temporary access keys

Long-term access keys

Your AWS account identiﬁers

An alpha-numeric identiﬁer, such as

You must be authenticated with AWS to view these identiﬁers.

Finding your AWS account ID

To ﬁnd your AWS account ID when signed in as the root user

To ﬁnd your AWS account ID when signed in as an IAM user

To ﬁnd your AWS account ID using the AWS CLI

Use the get-caller-identity command as follows:

aws sts get-caller-identity --query Account --output text

Best practices for managing AWS access keys

Don't create access keys for the root user

By default, AWS doesn't generate access keys for new accounts.

Use temporary security credentials (IAM roles)

Manage IAM user access keys properly

When you use access keys, observe these precautions:

Put access keys in one of the following locations:

Access the mobile app using AWS access keys

To sign in using access keys (mobile app)

1. Open the app on your mobile device.

• Access key ID – Enter your access key ID.

AWS security audit guidelines

• Guidelines for auditing (p. 13)

When you should perform a security audit