Amazon EC2 Auto Scaling Limits

Following are the limits for Amazon EC2 Auto Scaling. To request a limit increase, use
the Auto Scaling Limits form

Resource Default Limit

Maximum number of launch configurations per Region 200

Maximum number of Auto Scaling groups per Region 200

Maximum number of scaling policies per Auto Scaling group 50

Maximum number of scheduled actions per Auto Scaling group 125

Maximum number of lifecycle hooks per Auto Scaling group 50

Maximum number of SNS topics per Auto Scaling group 10

Maximum number of classic load balancers per Auto Scaling group 50

Maximum number of target groups per Auto Scaling group 50

Maximum number of step adjustments per scaling policy 20

AWS CloudFormation Limits

Resource Default Limit

Stacks 200

Stack sets 20

Stack instances per stack set 500

Amazon CloudFront Limits

General Limits
Resource Default Limit

Data transfer rate per distribution 40 Gbps

Requests per second per distribution 100,000

Web distributions per account 200

RTMP distributions per account 100

Alternate domain names (CNAMEs) per 100

distribution

Origins per distribution 25

Origin access identities per account 100

Cache behaviors per distribution 25

Whitelisted headers per cache behavior 10

Whitelisted cookies per cache behavior 10

SSL certificates per account when serving 2

HTTPS requests using dedicated IP
addresses (no limit when serving HTTPS
requests using SNI)

Custom headers that you can have Amazon 10 name–value pairs

CloudFront forward to the origin

Whitelisted query strings per cache For more information, see Configuring
behavior CloudFront to Cache Based on Query String
Parameters in the Amazon CloudFront
Developer Guide.

Response timeout per origin For more information, see Response

Timeout in the Amazon CloudFront
Developer Guide.
Lambda@Edge Limits

Resource Default Limit

Distributions per AWS account that you can create triggers for 25
Triggers per distribution
Requests per second
Concurrent executions
Amazon CloudWatch Limits
Resource
Actions
Alarms
API requests
Custom metrics
Dashboards
DescribeAlarms
DeleteAlarms request
DescribeAlarmHistory request
DescribeAlarmsForMetric request
DisableAlarmActions request
25
10,000
1,000
Default Limit
5/alarm. This limit cannot be changed.
10/month/customer for free. 5000 per Region per
account.
1,000,000/month/customer for free.
No limit.
Up to 100 metrics per dashboard widget.
Up to 500 metrics per dashboard, across all
widgets.
These limits cannot be changed.
9 transactions per second (TPS). The maximum
number of operation requests you can make per
second without being throttled.
You can request a limit increase.
3 transactions per second (TPS) for each of these
operations. The maximum number of operation
requests you can make per second without being
throttled.
These limits cannot be changed.
EnableAlarmActions request

SetAlarmState request

DeleteDashboards request 10 transactions per second (TPS) for each of these

operations. The maximum number of operation
GetDashboard request requests you can make per second without being
throttled.
ListDashboards request
These limits cannot be changed.
PutDashboard request

Dimensions 10/metric. This limit cannot be changed.

GetMetricData 50 transactions per second (TPS). The maximum

number of operation requests you can make per
second without being throttled. You can request a
limit increase.

180,000 Datapoints Per Second (DPS) if

the StartTime used in the API request is less than
or equal to three hours from current time. 90,000
DPS if the StartTime is more than three hours from
current time. This is the maximum number of
datapoints you can request per second using one
or more API calls without being throttled. This limit
cannot be changed.

GetMetricData A single GetMetricData call can include as many as

100 MetricDataQuery structures.

This limit cannot be changed.

GetMetricStatistics 400 transactions per second (TPS). The maximum

number of operation requests you can make per
second without being throttled.

You can request a limit increase.

ListMetrics 25 transactions per second (TPS). The maximum
number of operation requests you can make per
second without being throttled.

You can request a limit increase.

Metric data 15 months. This limit cannot be changed.

MetricDatum items 20/PutMetricData request. A MetricDatum object

can contain a single value or a StatisticSet object
representing many values. This limit cannot be
changed.

Metrics 10/month/customer for free.

Period Maximum value is one day (86,400 seconds). This

limit cannot be changed.

PutMetricAlarm request 3 transactions per second (TPS). The maximum

number of operation requests you can make per
second without being throttled.

You can request a limit increase.

PutMetricData request 40 KB for HTTP POST

requests. PutMetricData can handle 150
transactions per second (TPS), which is the
maximum number of operation requests you can
make per second without being throttled.

You can request a limit increase.

Amazon SNS email notifications 1,000/month/customer for free.

AWS Config Limits

Resource Default Notes

Limit
Number of AWS Config rules per Region in 150 You can request a limit
your account
increase.
Maximum Number of Configuration 50 You can request a limit
Aggregators
increase.

AWS Database Migration Service Limits

Resource Default Limit

Replication instances 20

Total amount of storage 6 TB

Replication subnet groups 20

Subnets per replication subnet group 20

Endpoints 100

Tasks 200

Endpoints per instance 20

Amazon DynamoDB Limits

Resource Default Limit

US East (N. Virginia), US East (Ohio), US West (N. California), US 40,000 read
West (Oregon), South America (São Paulo), EU (Frankfurt), EU capacity units and
(Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific 40,000 write
(Singapore), Asia Pacific (Sydney), China (Beijing) Regions: capacity units

Maximum capacity units per table or global secondary index

US East (N. Virginia), US East (Ohio), US West (N. California), US 80,000 read
West (Oregon), South America (São Paulo), EU (Frankfurt), EU capacity units and
(Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific 80,000 write
(Singapore), Asia Pacific (Sydney), China (Beijing) Regions: capacity units
Maximum capacity units per account
All other Regions: 10,000 read
Maximum capacity units per table or global secondary index capacity units and
10,000 write
capacity units
All other Regions: 20,000 read
Maximum capacity units per account capacity units and
20,000 write
capacity units
Maximum number of tables 256

AWS Elastic Beanstalk Limits

Resource Default Limit

Applications 75

Application Versions 1000

Configuration Templates 2000

Environments 200

Amazon Elastic Block Store (Amazon EBS) Limits

Resource Default Limit

Number of EBS snapshots 100,000

Concurrent snapshots allowed for a single volume 5 for io1, gp2, magnetic; 1
for st1, sc1

Concurrent snapshot copy requests to a single 5

destination Region
Total volume storage of General Purpose SSD (gp2) AWS China Regions – 20 TiB
volumes
All other AWS Regions – 300
TiB
Total volume storage of Provisioned IOPS SSD (io1) AWS China Regions – 20 TiB
volumes
All other AWS Regions – 300
TiB
Total volume storage of Throughput Optimized HDD AWS China Regions – 20 TiB
(st1)
All other AWS Regions – 300
TiB
Total volume storage of Cold HDD (sc1) AWS China Regions – 20 TiB

All other AWS Regions – 300

TiB
Total volume storage of Magnetic volumes (standard) AWS China Regions – 20 TiB

All other AWS Regions – 300

TiB
Total provisioned IOPS 300,000

Amazon Elastic Compute Cloud (Amazon EC2) Limits

Resource Default Limit

Instances Limits vary depending on instance type and purchasing

option. For more information, see How many instances can
I run in Amazon EC2.

Elastic IP addresses for EC2- 5

Classic

Security groups for EC2-Classic 500

per instance

Rules per security group for EC2- 100

Classic

Key pairs 5,000

Launch Templates Up to 5,000 launch templates per Region and 10,000
versions per launch template.

Dedicated Hosts Up to two Dedicated Hosts per instance family, per Region.

Placement groups 500

Concurrent AMI copies Destination Regions are limited to 50 concurrent AMI

copies.

Throttle on the emails that can be Throttle applied

sent from your Amazon EC2
account

Amazon Elastic Container Service (Amazon ECS) Limits

Resource Default Limit

Number of clusters per Region per account 2000

Number of container instances per cluster 2000

Number of services per cluster 1000

Number of tasks using the EC2 launch type per service (the desired count) 1000

Number of tasks using the Fargate launch type, per Region, per account 50

Number of public IP addresses for tasks using the Fargate launch type 50

Amazon Elastic File System Limits

Following are the limits for Amazon EFS that can be increased by contacting AWS
Support.

Resource Default Limit

Number of file systems for each customer account in an 1,000

AWS Region
Total bursting throughput for all connected clients US East (Ohio) Region – 3 GB/s

US East (N. Virginia) Region – 3

GB/s

US West (N. California) Region –

1 GB/s

US West (Oregon) Region – 3

GB/s

Asia Pacific (Mumbai) – 1 GB/s

Asia Pacific (Seoul) – 1 GB/s

Asia Pacific (Singapore) – 1 GB/s

Asia Pacific (Tokyo) – 1 GB/s

Canada (Central) – 1 GB/s

EU (Frankfurt) Region – 1 GB/s

EU (Ireland) Region – 3 GB/s

EU (London) Region – 1 GB/s

EU (Paris) Region – 1 GB/s

Asia Pacific (Sydney) Region – 3

GB/s

AWS GovCloud (US-West) – 1

GB/s
Total provisioned throughput for all connected clients All AWS Regions – 1 GB/s

Elastic Load Balancing Limits

Elastic Load Balancing supports three types of load balancers: Application Load
Balancers, Network Load Balancers, and Classic Load Balancers.

Application Load Balancers

Resource Default Limit

Load balancers per Region 20

Target groups per Region 3000 *

Listeners per load balancer 50

Targets per load balancer 1000

Subnets per Availability Zone per load balancer 1

Security groups per load balancer 5

Rules per load balancer (not counting default rules) 100

Certificates per load balancer (not counting default certificates) 25

Number of times a target can be registered per load balancer 100

Load balancers per target group 1

Targets per target group (instances or IP addresses) 1000

Targets per target group (Lambda functions) 1

Network Load Balancers

Resource Default Limit

Network Load Balancers per Region 20

Target groups per Region 3000 *

Listeners per load balancer 50

Subnets per Availability Zone per load balancer 1

Targets per load balancer per Availability Zone 500

Targets per load balancer 500

Load balancers per target group 1

* This limit is shared by target groups for your Application Load Balancers and Network
Load Balancers.

Classic Load Balancers

Resource Default Limit

Load balancers per Region 20

Listeners per load balancer 100

Security groups per load balancer 5

Registered instances per load balancer 1,000

Subnets per Availability Zone per load balancer 1

Amazon ElastiCache Limits

For information on ElastiCache terminology, see ElastiCache Components and

Features.

Resource Default Description

Limit

Nodes per Region 300 The maximum number of nodes across all
clusters in a Region. This limit applies to both
your reserved and non-reserved nodes within
the given Region. You can have up to 300
reserved nodes and 300 non-reserved nodes in
the same Region.
Nodes per cluster (Memcached) 40 The maximum number of nodes in an
individual Memcached cluster.

Nodes per cluster per instance type 90 The maximum number of nodes in an
(Redis cluster mode enabled) individual Redis cluster. You must also
specify the instance type with your request.

Nodes per shard (Redis) 6 The maximum number of nodes in an

individual Redis shard (node group). One
node is the read/write Primary. All other
nodes are read-only Replicas. This limit
cannot be increased.

Shards per Cluster 1 The maximum number of shards (node

(Redis cluster mode disabled) groups) in a Redis (cluster mode disabled)
cluster.

Parameter groups per Region 150 The maximum number of parameters groups
you can create in a Region.

Security groups per Region 50 The maximum number of security groups you
can create in a Region.

Subnet groups per Region 150 The maximum number of subnet groups you
can create in a Region.

Subnets per subnet group 20 The maximum number of subnets you can
define for a subnet group.

These limits are global limits per customer account. To exceed these limits, make your
request using the ElastiCache Node request form.

AWS Identity and Access Management (IAM) Limits

Default limits for IAM entities:

Resource Default Limit

Customer managed policies in an AWS account 1500

Groups in an AWS account 300

Roles in an AWS account 1000

Managed policies attached to an IAM role 10

Managed policies attached to an IAM user 10

Virtual MFA devices (assigned or unassigned) in an AWS Equal to the user quota for the
account account

Instance profiles in an AWS account 1000

Server certificates stored in an AWS account 20

AWS Key Management Service (AWS KMS) Limits

Resource Default Limit

Customer Master Keys 10,000

(CMKs)

Aliases 10,000

Grants per CMK 10,000

Grants for a given principal 500

per CMK

Key policy document size 32 KB (32,768 bytes)

Requests per second Varies by API operation; see Limits in the AWS Key
Management Service Developer Guide.

All limits in the preceding table are calculated separately for each AWS Region in each
AWS account.

For more information about these limits, see Limits in the AWS Key Management
Service Developer Guide.

Amazon Kinesis Data Firehose Limits

Resource Default Limit

Delivery streams per Region 50

Delivery stream capacity for US East (N. Virginia), US West 2,000

(Oregon), and EU (Ireland) †
transactions/second

5,000 records/second

5 MB/second
Delivery stream capacity for other Regions where Kinesis Data 1,000
Firehose is available †
transactions/second

1,000 records/second

1 MB/second

† The three capacity limits scale proportionally. For example, if you increase the
throughput limit to 2 MB/second in Asia Pacific (Singapore), the other limits increase to
2,000 transactions/second and 2,000 records/second.

For more information about these limits, see Amazon Kinesis Data Firehose Limits in
the Amazon Kinesis Data Firehose Developer Guide.

Amazon Kinesis Data Streams Limits

Resource Default Limit

Shards per Region US East (N. Virginia) Region – 500

US West (Oregon) Region – 500

EU (Ireland) Region – 500

All other supported Regions – 200

For more information about these limits, see Amazon Kinesis Data Streams Limits in
the Amazon Kinesis Data Streams Developer Guide.

Amazon Kinesis Data Analytics Limits

Kinesis Data Analytics for SQL Applications Limits

Resource Default Limit

Kinesis Processing Units (KPUs) 8

Input Parallelism for SQL applications 64 input streams

Applications 50

AWS Lake Formation Limits

The following limits apply per catalog.

Resource Default Limit

Number of subfolders in Amazon S3 path 20

Length of path which can be registered 700

Number of admins 10

Number of registered paths per catalog 10,000

Number of permissions per catalog 10,000,000

AWS Lambda Limits

AWS Lambda limits the amount of compute and storage resources that you can use to
run and store functions. The following limits apply per Region and can be increased. To
request an increase, use the Support Center console.

Resource Default Limit

Concurrent executions 1,000

Function and layer storage 75 GB

Amazon Redshift Limits

Resource Default Limit

Nodes per cluster 101

Nodes 200

Reserved Nodes 200

Snapshots 20

Parameter Groups 20

Security Groups 20

Subnet Groups 20

Subnets per Subnet Group 20

Event Subscriptions 20

Amazon Relational Database Service (Amazon RDS) Limits

Resource Default Limit

Clusters 40

Cluster parameter groups 50

DB Instances 40

Event subscriptions 20

Manual snapshots 100

Option groups 20

Parameter groups 50

Read replicas per master 5

Reserved instances 40
Rules per security group 20

Security groups 25

Security groups (VPC) 5

Subnet groups 50

Subnets per subnet group 20

Tags per resource 50

Total storage for all DB instances 100 TB

Amazon Route 53 Limits

DNS and Domain Registration

Resource Default Limit

Hosted zones 500

Domains 50

Resource record sets per hosted zone 10,000

Reusable delegation sets 100

Hosted zones that can use the same reusable delegation set 100

Amazon VPCs that you can associate with a private hosted zone 100

Health checks 200

Traffic policies 50

Traffic policy records 5

Route 53 Resolver
Resource Default Limit

Endpoints per AWS Region 4 per AWS account

Rules per AWS Region 1,000 per AWS account

Associations between rules and VPCs per AWS Region 2,000 per AWS account

Amazon Simple Notification Service (Amazon SNS) Limits

The following limits determine how many Amazon SNS resources you can create in
your AWS account, and they determine the rate at which you can issue Amazon SNS
API requests.

Amazon SNS Resource Limits

To increase any of the following limits, submit an SNS Limit Increase case.

Resource Default Limit

Topics 100,000 per account

Subscriptions 12,500,000 per topic

Pending subscriptions 5,000 per account

Account spend threshold for SMS 1.00 USD per account

Delivery rate for email messages 10 messages per second

Delivery rate for promotional SMS messages 20 messages per second

Delivery rate for transactional SMS messages 20 messages per second

Subscription filter policies 200 per account

Amazon Simple Storage Service (Amazon S3) Limits

Resource Default Notes
Limit

Buckets 100 per The maximum limit of buckets per AWS account is 1,000. To request
account a limit increase, see AWS Service Limits.

Amazon Simple Workflow Service (Amazon SWF) Limits

For more information about these limits, see Amazon SWF Limits in the Amazon Simple
Workflow Service Developer Guide.

Amazon SimpleDB Limits

Resource Default Limit

Domains 250

For more information about these limits, see Amazon SimpleDB Limits in the Amazon
SimpleDB Developer Guide.

AWS Step Functions Limits

For more information about these limits, see AWS Step Functions Limits in the AWS
Step Functions Developer Guide.

AWS Storage Gateway Limits

For more information about these limits, see AWS Storage Gateway Limits in the AWS
Storage Gateway User Guide.

Amazon Virtual Private Cloud (Amazon VPC) Limits

Unless otherwise noted, submit a request to increase these limits.

Resource Default Comments

limit

VPCs and Subnets

VPCs per Region 5 Increasing this limit increases the limit on Internet
gateways per Region by the same amount.

Subnets per VPC 200 -

IPv4 CIDR blocks 5 This limit is made up of the primary CIDR block plus 4
per VPC secondary CIDR blocks.

IPv6 CIDR blocks 1 This limit cannot be increased.

per VPC
Elastic IP Addresses

Elastic IP 5 This is the limit for the number of Elastic IP addresses

addresses per for use in EC2-VPC. For Elastic IP addresses for EC2-
Region for EC2- Classic, see Amazon Elastic Compute Cloud (Amazon
VPC EC2) Limits.
Gateways

Customer 50 To increase this limit, contact AWS Support.

gateways per
Region
Egress-only Internet 5 This limit is directly correlated with the limit on VPCs per
gateways per Region Region. To increase this limit, increase the limit on VPCs
per Region. Only one egress-only Internet gateway can be
attached to a VPC at a time.

Internet gateways 5 This limit is directly correlated with the limit on VPCs
per Region per Region. To increase this limit, increase the limit on
VPCs per Region. Only one Internet gateway can be
attached to a VPC at a time.
NAT gateways per 5 A NAT gateway in the pending, active, or deleting state
Availability Zone counts against your limit.

Virtual private 5 Only one virtual private gateway can be attached to a

gateways per VPC at a time.
Region
Network ACLs
Network ACLs per 200 You can associate one network ACL to one or more
VPC subnets in a VPC. This limit is not the same as the
number of rules per network ACL.

Rules per network 20 This is the one-way limit for a single network ACL,
ACL where the limit for ingress rules is 20, and the limit for
egress rules is 20. This limit includes both IPv4 and
IPv6 rules, and includes the default deny rules (rule
number 32767 for IPv4 and 32768 for IPv6, or an
asterisk * in the Amazon VPC console).

This limit can be increased up to a maximum if 40;

however, network performance may be impacted.
Network Interfaces

Network interfaces - This limit varies by instance type. For more

per instance information, see IP Addresses Per ENI Per Instance
Type.

Network interfaces 350 This limit is the greater of either the default limit (350)
per Region or your On-Demand Instance limit multiplied by 5. The
default limit for On-Demand Instances is 20. If your
On-Demand Instance limit is below 70, the default limit
of 350 applies. To increase this limit, submit a request
or increase your On-Demand Instance limit.
Route Tables

Route tables per 200 This limit includes the main route table.
VPC

Routes per route 50 You can increase this limit up to a maximum of 1000;
table (non- however, network performance might be impacted.
propagated routes) This limit is enforced separately for IPv4 routes and
IPv6 routes.

If you have more than 125 routes, we recommend that

you paginate calls to describe your route tables for
better performance.
BGP advertised 100 This limit cannot be increased. If you require more than
routes per route 100 prefixes, advertise a default route.
table (propagated
routes)
Security Groups

VPC security 2500 The maximum is 10000. If you have more than 5000
groups per Region security groups in a Region, we recommend that you
paginate calls to describe your security groups for
better performance.

Inbound or 60 You can have 60 inbound and 60 outbound rules per

outbound rules per security group (making a total of 120 rules). This limit is
security group enforced separately for IPv4 rules and IPv6 rules; for
example, a security group can have 60 inbound rules
for IPv4 traffic and 60 inbound rules for IPv6 traffic. A
rule that references a security group or prefix list ID
counts as one rule for IPv4 and one rule for IPv6.

A limit change applies to both inbound and outbound

rules. This limit multiplied by the limit for security
groups per network interface cannot exceed 1000. For
example, if you increase this limit to 100, we decrease
the limit for your number of security groups per
network interface to 10.

Security groups per 5 To increase or decrease this limit, contact AWS

network interface Support. The maximum is 16. The limit for security
groups per network interface multiplied by the limit for
rules per security group cannot exceed 1000. For
example, if you increase this limit to 10, we decrease
the limit for your number of rules per security group to
100.
Transit Gateways
Number of transit 5 -
gateways per
Region per account

Number of transit 5 -
gateway
attachments per
VPC

Number of transit 20 -
gateway route
tables per transit
gateway

Number of routes 10,000 -

per transit gateway
route table

Total number of 5,000 -

transit gateway
attachments per
Region per account
VPC Endpoints

Gateway VPC 20 You cannot have more than 255 gateway endpoints
endpoints per per VPC.
Region

Interface VPC 20 The maximum limit for interface endpoints per Region
endpoints per VPC is this limit multiplied by the number of VPCs in the
Region.
VPC Peering Connections

Active VPC peering 50 The maximum limit is 125 peering connections per
connections per VPC. The number of entries per route table should be
VPC increased accordingly; however, network performance
may be impacted.
Outstanding VPC 25 This is the limit for the number of outstanding VPC
peering connection peering connection requests that you've requested
requests from your account.

Expiry time for an 1 week -

unaccepted VPC (168
peering connection hours)
request

AWS Well-Architected Tool Limits

Resource Default Limit

Workloads per AWS account 1000

Milestones per workload 100