AWS General Reference

Reference guide
Version 1.0
 AWS General Reference Reference guide

AWS General Reference: Reference guide

Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not
Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or
discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may
or may not be affiliated with, connected to, or sponsored by Amazon.
 AWS General Reference Reference guide

Table of Contents
AWS General Reference ...................................................................................................................... 1
AWS security credentials ..................................................................................................................... 2
AWS users ................................................................................................................................. 2
Tasks that require root user credentials ................................................................................. 3
AWS credentials ......................................................................................................................... 3
Console access ................................................................................................................... 4
Programmatic access .......................................................................................................... 5
Temporary access keys ........................................................................................................ 6
AWS account identifiers .............................................................................................................. 6
Finding your AWS account ID .............................................................................................. 7
Best practices for managing AWS access keys ................................................................................ 7
Protect or don't create your root user access key .................................................................... 8
Manage access keys for IAM users ........................................................................................ 8
Use IAM roles instead of long-term access keys ...................................................................... 8
Access the mobile app using AWS access keys ........................................................................ 9
Learn more ...................................................................................................................... 10
AWS security audit guidelines .................................................................................................... 10
When you should perform a security audit .......................................................................... 11
Guidelines for auditing ...................................................................................................... 11
Review your AWS account credentials ................................................................................. 11
Review your IAM users ...................................................................................................... 11
Review your IAM groups .................................................................................................... 12
Review your IAM roles ...................................................................................................... 12
Review your IAM providers for SAML and OpenID Connect (OIDC) ........................................... 12
Review Your mobile apps .................................................................................................. 12
Review your Amazon EC2 security configuration ................................................................... 13
Review AWS policies in other services ................................................................................. 13
Monitor activity in your AWS account ................................................................................. 13
Tips for reviewing IAM policies ........................................................................................... 14
Learn more ...................................................................................................................... 15
Service endpoints and quotas ............................................................................................................ 16
Alexa for Business .................................................................................................................... 21
Service endpoints ............................................................................................................. 21
Service quotas ................................................................................................................. 21
Amplify ................................................................................................................................... 22
Amplify endpoints ............................................................................................................ 22
Amplify Studio (backend) endpoints ................................................................................... 23
Amplify Studio (UI Builder) endpoints ................................................................................. 25
Amplify Service quotas ..................................................................................................... 25
Amplify Studio (UI Builder) Service quotas .......................................................................... 26
API Gateway ............................................................................................................................ 26
Service endpoints ............................................................................................................. 26
Service quotas ................................................................................................................. 30
AWS AppConfig ........................................................................................................................ 32
Service endpoints ............................................................................................................. 32
Service quotas ................................................................................................................. 35
App Mesh ................................................................................................................................ 36
Service endpoints ............................................................................................................. 36
Service quotas ................................................................................................................. 38
App Runner ............................................................................................................................. 38
Service endpoints ............................................................................................................. 39
Service quotas ................................................................................................................. 39
Amazon AppFlow ..................................................................................................................... 39
Service endpoints ............................................................................................................. 40

Version 1.0
iii
 AWS General Reference Reference guide

Service quotas ................................................................................................................. 41

Application Auto Scaling ........................................................................................................... 42
Service endpoints ............................................................................................................. 42
Service quotas ................................................................................................................. 44
Application Discovery Service ..................................................................................................... 45
Service endpoints ............................................................................................................. 45
Service quotas ................................................................................................................. 45
Application Migration Service ..................................................................................................... 46
Service endpoints ............................................................................................................. 46
Service quotas ................................................................................................................. 47
Amazon AppStream 2.0 ............................................................................................................ 48
Service endpoints ............................................................................................................. 48
Service quotas ................................................................................................................. 49
AWS AppSync .......................................................................................................................... 52
Service endpoints ............................................................................................................. 52
Service quotas ................................................................................................................. 55
Athena .................................................................................................................................... 56
Service endpoints ............................................................................................................. 56
Service quotas ................................................................................................................. 58
Audit Manager ......................................................................................................................... 59
Service endpoints ............................................................................................................. 59
Service quotas ................................................................................................................. 60
Amazon A2I ............................................................................................................................. 60
Service endpoints ............................................................................................................. 60
Service quotas ................................................................................................................. 61
Amazon Aurora ........................................................................................................................ 61
Service endpoints ............................................................................................................. 61
Service quotas ................................................................................................................. 65
AWS Auto Scaling .................................................................................................................... 66
Service endpoints ............................................................................................................. 66
Service quotas ................................................................................................................. 67
AWS Backup ............................................................................................................................ 68
Service endpoints ............................................................................................................. 68
Service quotas ................................................................................................................. 70
AWS Batch .............................................................................................................................. 71
Service endpoints ............................................................................................................. 71
Service quotas ................................................................................................................. 72
Billing and Cost Management .................................................................................................... 73
Service endpoints ............................................................................................................. 73
Service quotas ................................................................................................................. 76
Braket ..................................................................................................................................... 76
Service endpoints ............................................................................................................. 77
Service quotas ................................................................................................................. 77
AWS BugBust ........................................................................................................................... 78
Service endpoints ............................................................................................................. 78
Service quotas ................................................................................................................. 79
ACM ........................................................................................................................................ 79
Service endpoints ............................................................................................................. 79
Service quotas ................................................................................................................. 81
ACM Private CA ........................................................................................................................ 81
Service endpoints ............................................................................................................. 81
Service quotas ................................................................................................................. 83
AWS Chatbot ........................................................................................................................... 84
Service endpoints ............................................................................................................. 84
Service quotas ................................................................................................................. 86
Amazon Chime ......................................................................................................................... 86
Service endpoints ............................................................................................................. 86

Version 1.0
iv
 AWS General Reference Reference guide

Service quotas ................................................................................................................. 86

Cloud Control API .................................................................................................................... 87
Service endpoints ............................................................................................................. 88
AWS Cloud9 ............................................................................................................................ 89
Service endpoints ............................................................................................................. 90
Service quotas ................................................................................................................. 91
Cloud Directory ........................................................................................................................ 91
Service endpoints ............................................................................................................. 92
CloudFormation ....................................................................................................................... 92
Service endpoints ............................................................................................................. 92
StackSets regional support ................................................................................................ 94
Service quotas ................................................................................................................. 96
CloudFront .............................................................................................................................. 97
Service endpoints ............................................................................................................. 97
Service quotas ................................................................................................................. 97
AWS CloudHSM ...................................................................................................................... 101
Service endpoints ........................................................................................................... 101
Service quotas ................................................................................................................ 103
AWS Cloud Map ..................................................................................................................... 104
Service endpoints ........................................................................................................... 104
Service quotas ................................................................................................................ 106
Amazon CloudSearch .............................................................................................................. 106
Service endpoints ........................................................................................................... 106
Service quotas ................................................................................................................ 107
CloudShell ............................................................................................................................. 107
Service endpoints ........................................................................................................... 108
Service quotas ................................................................................................................ 108
CloudTrail .............................................................................................................................. 108
Service endpoints ........................................................................................................... 109
Service quotas ................................................................................................................ 110
CloudWatch ........................................................................................................................... 111
Service endpoints ........................................................................................................... 111
Service quotas ................................................................................................................ 113
CloudWatch Application Insights .............................................................................................. 115
Service endpoints ........................................................................................................... 116
Service quotas ................................................................................................................ 117
CloudWatch Events ................................................................................................................. 117
Service endpoints ........................................................................................................... 117
Service quotas ................................................................................................................ 119
CloudWatch Logs .................................................................................................................... 121
Service endpoints ........................................................................................................... 121
Service quotas ................................................................................................................ 123
CloudWatch Synthetics ............................................................................................................ 125
Service endpoints ........................................................................................................... 125
Service quotas ................................................................................................................ 127
CodeArtifact .......................................................................................................................... 127
Service endpoints ........................................................................................................... 127
Service quotas ................................................................................................................ 128
CodeBuild .............................................................................................................................. 129
Service endpoints ........................................................................................................... 129
Service quotas ................................................................................................................ 131
CodeCommit .......................................................................................................................... 131
Service endpoints ........................................................................................................... 131
Service quotas ................................................................................................................ 133
CodeDeploy ........................................................................................................................... 133
Service endpoints ........................................................................................................... 134
Service quotas ................................................................................................................ 135

Version 1.0
v
 AWS General Reference Reference guide

CodeGuru Profiler ................................................................................................................... 137

Service endpoints ........................................................................................................... 137
Service quotas ................................................................................................................ 138
CodeGuru Reviewer ................................................................................................................. 138
Service endpoints ........................................................................................................... 138
Service quotas ................................................................................................................ 139
CodePipeline .......................................................................................................................... 139
Service endpoints ........................................................................................................... 139
Service quotas ................................................................................................................ 140
AWS CodeStar ........................................................................................................................ 142
Service endpoints ........................................................................................................... 142
AWS CodeStar Notifications ..................................................................................................... 143
Amazon Cognito Identity ......................................................................................................... 144
Service endpoints ........................................................................................................... 144
Service quotas ................................................................................................................ 147
Amazon Cognito Sync ............................................................................................................. 149
Service endpoints ........................................................................................................... 149
Service quotas ................................................................................................................ 150
Amazon Comprehend .............................................................................................................. 150
Service endpoints ........................................................................................................... 151
Service quotas ................................................................................................................ 152
Amazon Comprehend Medical .................................................................................................. 154
Service endpoints ........................................................................................................... 154
Service quotas ................................................................................................................ 155
Compute Optimizer ................................................................................................................ 157
Service endpoints ........................................................................................................... 157
Service quotas ................................................................................................................ 158
AWS Config ........................................................................................................................... 158
Service endpoints ........................................................................................................... 159
Service quotas ................................................................................................................ 160
Amazon Connect .................................................................................................................... 160
Service endpoints ........................................................................................................... 160
Service quotas ................................................................................................................ 164
AWS Data Exchange ................................................................................................................ 168
Service endpoints ........................................................................................................... 169
Service quotas ................................................................................................................ 169
Amazon Data Lifecycle Manager ............................................................................................... 170
Service endpoints ........................................................................................................... 171
Service quotas ................................................................................................................ 172
AWS Data Pipeline .................................................................................................................. 172
Service endpoints ........................................................................................................... 173
Service quotas ................................................................................................................ 173
DataSync ............................................................................................................................... 174
Service endpoints ........................................................................................................... 174
Service quotas ................................................................................................................ 175
AWS DMS .............................................................................................................................. 176
Service endpoints ........................................................................................................... 176
Service quotas ................................................................................................................ 178
AWS DeepLens ....................................................................................................................... 178
Service endpoints ........................................................................................................... 178
Service quotas ................................................................................................................ 179
AWS DeepRacer ...................................................................................................................... 179
Service endpoints ........................................................................................................... 179
Service quotas ................................................................................................................ 179
Detective ............................................................................................................................... 179
Service endpoints ........................................................................................................... 180
DevOps  Guru .......................................................................................................................... 181

Version 1.0
vi
 AWS General Reference Reference guide

Service endpoints ........................................................................................................... 181

Service quotas ................................................................................................................ 182
Device Farm ........................................................................................................................... 182
Service endpoints ........................................................................................................... 182
Service quotas ................................................................................................................ 183
AWS Direct Connect ................................................................................................................ 183
Service endpoints ........................................................................................................... 183
Service quotas ................................................................................................................ 185
AWS Directory Service ............................................................................................................. 185
Service endpoints ........................................................................................................... 185
Service quotas ................................................................................................................ 187
Amazon DocumentDB ............................................................................................................. 188
Service endpoints ........................................................................................................... 188
Service quotas ................................................................................................................ 189
DynamoDB ............................................................................................................................. 189
Service endpoints ........................................................................................................... 190
Service quotas ................................................................................................................ 194
Elastic Beanstalk ..................................................................................................................... 195
Service endpoints ........................................................................................................... 195
Service quotas ................................................................................................................ 199
Amazon EBS .......................................................................................................................... 199
Service endpoints ........................................................................................................... 199
Service quotas ................................................................................................................ 203
Recycle Bin ............................................................................................................................ 206
Service endpoints ........................................................................................................... 206
Service quotas ................................................................................................................ 207
Amazon EC2 .......................................................................................................................... 207
Service endpoints ........................................................................................................... 208
Service quotas ................................................................................................................ 210
Auto Scaling .......................................................................................................................... 213
Service endpoints ........................................................................................................... 213
Service quotas ................................................................................................................ 215
EC2 Image Builder .................................................................................................................. 215
Service endpoints ........................................................................................................... 215
Service quotas ................................................................................................................ 217
EC2 Instance Connect ............................................................................................................. 218
Service endpoints ........................................................................................................... 218
Amazon ECR .......................................................................................................................... 219
Service endpoints ........................................................................................................... 219
Service quotas ................................................................................................................ 223
Amazon ECR Public ................................................................................................................. 227
Service endpoints ........................................................................................................... 227
Service quotas ................................................................................................................ 227
Amazon ECS .......................................................................................................................... 227
Service endpoints ........................................................................................................... 228
Service quotas ................................................................................................................ 229
AWS Fargate quotas ........................................................................................................ 231
Amazon EKS .......................................................................................................................... 232
Service endpoints ........................................................................................................... 232
Service quotas ................................................................................................................ 234
Amazon EFS ........................................................................................................................... 234
Service endpoints ........................................................................................................... 235
Service quotas ................................................................................................................ 237
Elastic Inference ..................................................................................................................... 238
Service endpoints ........................................................................................................... 238
Service quotas ................................................................................................................ 239
Elastic Load Balancing ............................................................................................................. 239

Version 1.0
vii
 AWS General Reference Reference guide

Service endpoints ........................................................................................................... 239

Service quotas ................................................................................................................ 241
Elastic Transcoder ................................................................................................................... 242
Service endpoints ........................................................................................................... 242
Service quotas ................................................................................................................ 243
Elastic Disaster Recovery ......................................................................................................... 244
Service endpoints ........................................................................................................... 244
Service quotas ................................................................................................................ 244
ElastiCache ............................................................................................................................ 245
Service endpoints ........................................................................................................... 245
Service quotas ................................................................................................................ 247
Amazon MemoryDB for Redis ................................................................................................... 247
Service endpoints ........................................................................................................... 247
Service quotas ................................................................................................................ 249
Amazon EMR ......................................................................................................................... 249
Service endpoints ........................................................................................................... 249
Service quotas ................................................................................................................ 251
EventBridge ........................................................................................................................... 254
Service endpoints ........................................................................................................... 254
Service quotas ................................................................................................................ 255
EventBridge Schemas .............................................................................................................. 256
Service endpoints ........................................................................................................... 256
Service quotas ................................................................................................................ 257
FinSpace ................................................................................................................................ 257
Service quotas ................................................................................................................ 257
AWS FIS ................................................................................................................................ 258
Service endpoints ........................................................................................................... 258
Service quotas ................................................................................................................ 259
Firewall Manager .................................................................................................................... 260
Service endpoints ........................................................................................................... 260
Service quotas ................................................................................................................ 262
Forecast ................................................................................................................................ 263
Service endpoints ........................................................................................................... 263
Service quotas ................................................................................................................ 265
Amazon Fraud Detector ........................................................................................................... 266
Service endpoints ........................................................................................................... 266
Service quotas ................................................................................................................ 267
FreeRTOS ............................................................................................................................... 268
Service endpoints ........................................................................................................... 268
Service quotas ................................................................................................................ 270
Amazon FSx ........................................................................................................................... 270
Service endpoints ........................................................................................................... 271
Service quotas ................................................................................................................ 273
GameLift ............................................................................................................................... 274
Service endpoints ........................................................................................................... 274
Service quotas ................................................................................................................ 275
S3 Glacier .............................................................................................................................. 275
Service endpoints ........................................................................................................... 276
Service quotas ................................................................................................................ 277
Global Accelerator .................................................................................................................. 278
Service endpoints ........................................................................................................... 278
Service quotas ................................................................................................................ 278
AWS Glue .............................................................................................................................. 279
Service endpoints ........................................................................................................... 279
Service quotas ................................................................................................................ 281
Amazon Managed Grafana ....................................................................................................... 282
Service endpoints ........................................................................................................... 282

Version 1.0
viii
 AWS General Reference Reference guide

Service quotas ................................................................................................................ 283

DataBrew ............................................................................................................................... 284
Service endpoints ........................................................................................................... 284
Service quotas ................................................................................................................ 285
AWS Ground Station ............................................................................................................... 286
Service endpoints ........................................................................................................... 286
Service quotas ................................................................................................................ 287
GuardDuty ............................................................................................................................. 287
Service endpoints ........................................................................................................... 287
Service quotas ................................................................................................................ 289
AWS Health ........................................................................................................................... 289
Service endpoints ........................................................................................................... 289
HealthLake ............................................................................................................................ 290
Regions and endpoints for Amazon HealthLake .................................................................. 290
Throttling and quotas for Amazon HealthLake ................................................................... 290
.................................................................................................................................... 291
Amazon Honeycode ................................................................................................................ 291
Service endpoints ........................................................................................................... 291
IAM ....................................................................................................................................... 291
Service endpoints ........................................................................................................... 292
Service quotas ................................................................................................................ 293
IAM Access Analyzer ............................................................................................................... 294
Service endpoints ........................................................................................................... 295
Service quotas ................................................................................................................ 296
AWS Import/Export ................................................................................................................ 297
Service endpoints ........................................................................................................... 297
Incident Manager .................................................................................................................... 297
Service endpoints ........................................................................................................... 297
Service quotas .............................................................................................................. 299
Amazon Inspector ................................................................................................................... 301
Service endpoints ........................................................................................................... 302
Service quotas ................................................................................................................ 303
AWS IoT 1-Click ..................................................................................................................... 303
Service endpoints ........................................................................................................... 303
Service quotas ................................................................................................................ 304
AWS IoT Analytics .................................................................................................................. 304
Service endpoints ........................................................................................................... 305
Service quotas ................................................................................................................ 305
AWS IoT Core ......................................................................................................................... 306
Service endpoints ........................................................................................................... 306
Service quotas ................................................................................................................ 315
AWS IoT Device Defender ........................................................................................................ 361
Service endpoints ........................................................................................................... 361
Service quotas ................................................................................................................ 362
AWS IoT Device Management ................................................................................................... 364
Service endpoints ........................................................................................................... 364
Service quotas ................................................................................................................ 373
AWS IoT Events ...................................................................................................................... 392
Service endpoints ........................................................................................................... 392
Service quotas ................................................................................................................ 394
AWS IoT Greengrass V1 ........................................................................................................... 395
Service endpoints ........................................................................................................... 395
Service quotas ................................................................................................................ 399
AWS IoT Greengrass V2 ........................................................................................................... 401
Service endpoints ........................................................................................................... 401
Service quotas ................................................................................................................ 405
AWS IoT RoboRunner .............................................................................................................. 407

Version 1.0
ix
 AWS General Reference Reference guide

Service endpoints ........................................................................................................... 407

Service quotas ................................................................................................................ 407
AWS IoT SiteWise ................................................................................................................... 409
Service endpoints ........................................................................................................... 409
Service quotas ................................................................................................................ 410
AWS IoT Things Graph ............................................................................................................ 412
Service endpoints ........................................................................................................... 412
Service quotas ................................................................................................................ 413
AWS IoT TwinMaker ................................................................................................................ 415
Service endpoints ........................................................................................................... 416
Service quotas ................................................................................................................ 416
Amazon IVS ........................................................................................................................... 417
Service endpoints ........................................................................................................... 417
Service quotas ................................................................................................................ 418
Amazon Kendra ...................................................................................................................... 418
Service endpoints ........................................................................................................... 418
Service quotas ................................................................................................................ 419
Amazon Keyspaces .................................................................................................................. 420
Service endpoints ........................................................................................................... 420
Service quotas ................................................................................................................ 422
AWS KMS .............................................................................................................................. 422
Service endpoints ........................................................................................................... 423
Service quotas ................................................................................................................ 425
Kinesis Data Analytics ............................................................................................................. 428
Service endpoints ........................................................................................................... 429
Service quotas ................................................................................................................ 430
Kinesis Data Firehose .............................................................................................................. 430
Service endpoints ........................................................................................................... 431
Service quotas ................................................................................................................ 432
Kinesis Data Streams .............................................................................................................. 433
Service endpoints ........................................................................................................... 434
Service quotas ................................................................................................................ 435
Kinesis Video Streams ............................................................................................................. 436
Service endpoints ........................................................................................................... 436
Service quotas ................................................................................................................ 437
Lake Formation ...................................................................................................................... 441
Service endpoints ........................................................................................................... 441
Service quotas ................................................................................................................ 443
Lambda ................................................................................................................................. 443
Service endpoints ........................................................................................................... 443
Service quotas ................................................................................................................ 445
AWS Launch Wizard ................................................................................................................ 447
Service endpoints ........................................................................................................... 215
Service quotas ................................................................................................................ 449
Amazon Lex ........................................................................................................................... 449
V2 service endpoints ....................................................................................................... 449
V1 service endpoints ....................................................................................................... 451
Service quotas ................................................................................................................ 452
License Manager ..................................................................................................................... 453
Service endpoints ........................................................................................................... 453
Service quotas ................................................................................................................ 454
Lightsail ................................................................................................................................ 455
Service endpoints ........................................................................................................... 455
Service quotas ................................................................................................................ 456
Amazon Location Service ......................................................................................................... 457
Service endpoints ........................................................................................................... 458
Service quotas ................................................................................................................ 458

Version 1.0
x
 AWS General Reference Reference guide

Lookout for Equipment ........................................................................................................... 460

Service endpoints ........................................................................................................... 461
Service quotas ................................................................................................................ 461
Lookout for Metrics ................................................................................................................ 462
Service endpoints ........................................................................................................... 462
Service quotas ................................................................................................................ 463
Lookout for Vision .................................................................................................................. 465
Service endpoints ........................................................................................................... 465
Service quotas ................................................................................................................ 466
Macie .................................................................................................................................... 467
Service endpoints ........................................................................................................... 467
Service quotas ................................................................................................................ 469
AWS Mainframe Migration ....................................................................................................... 469
Service endpoints ........................................................................................................... 469
Service quotas ................................................................................................................ 470
Amazon ML ........................................................................................................................... 470
Service endpoints ........................................................................................................... 471
Service quotas ................................................................................................................ 471
Managed Blockchain ............................................................................................................... 472
Service endpoints ........................................................................................................... 472
Service quotas ................................................................................................................ 472
AWS Management Console ...................................................................................................... 473
Service endpoints ........................................................................................................... 473
Amazon MWAA ...................................................................................................................... 474
Service endpoints ........................................................................................................... 475
Service quotas ................................................................................................................ 476
AWS Marketplace .................................................................................................................... 476
Service endpoints ........................................................................................................... 476
Mechanical Turk ..................................................................................................................... 478
Service endpoints ........................................................................................................... 478
Service quotas ................................................................................................................ 479
Amazon MSK ......................................................................................................................... 479
Service endpoints ........................................................................................................... 479
Service quotas ................................................................................................................ 481
Amazon MSK Connect ............................................................................................................. 481
Service endpoints ........................................................................................................... 481
Service quotas ................................................................................................................ 482
MediaConnect ........................................................................................................................ 482
Service endpoints ........................................................................................................... 483
Service quotas ................................................................................................................ 484
MediaConvert ......................................................................................................................... 484
Service endpoints ........................................................................................................... 484
Service quotas ................................................................................................................ 485
MediaLive .............................................................................................................................. 486
Service endpoints ........................................................................................................... 486
Service quotas ................................................................................................................ 487
MediaPackage ........................................................................................................................ 488
Service endpoints ........................................................................................................... 488
Service quotas ................................................................................................................ 490
MediaStore ............................................................................................................................ 491
Service endpoints ........................................................................................................... 491
Service quotas ................................................................................................................ 492
MediaTailor ............................................................................................................................ 492
Service endpoints ........................................................................................................... 493
Service quotas ................................................................................................................ 493
Migration Hub ........................................................................................................................ 494
Service endpoints ........................................................................................................... 494

Version 1.0
xi
 AWS General Reference Reference guide

Service quotas ................................................................................................................ 494

AWS Migration Hub Refactor Spaces ......................................................................................... 495
Service endpoints ........................................................................................................... 495
Service quotas ................................................................................................................ 495
Migration Hub Strategy Recommendations ................................................................................ 496
Service endpoints ........................................................................................................... 496
Service quotas ................................................................................................................ 496
Amazon Monitron ................................................................................................................... 497
Service endpoints ........................................................................................................... 497
Service quotas ................................................................................................................ 497
Amazon MQ ........................................................................................................................... 497
Service endpoints ........................................................................................................... 498
Service quotas ................................................................................................................ 499
Neptune ................................................................................................................................ 500
Service endpoints ........................................................................................................... 500
Service quotas ................................................................................................................ 502
Network Firewall .................................................................................................................... 502
Service endpoints ........................................................................................................... 502
Service quotas ................................................................................................................ 504
Network Manager ................................................................................................................... 505
Service endpoints ........................................................................................................... 505
Service quotas ................................................................................................................ 505
Nimble Studio ........................................................................................................................ 506
Service endpoints ........................................................................................................... 506
Service quotas ................................................................................................................ 506
OpenSearch Service ................................................................................................................ 507
Service endpoints ........................................................................................................... 507
Service quotas ................................................................................................................ 509
AWS OpsWorks ...................................................................................................................... 509
Service endpoints ........................................................................................................... 509
Service quotas ................................................................................................................ 511
Organizations ......................................................................................................................... 512
Service endpoints ........................................................................................................... 512
Service quotas ................................................................................................................ 514
AWS Outposts ........................................................................................................................ 515
Service endpoints ........................................................................................................... 515
Service quotas ................................................................................................................ 517
Amazon Personalize ................................................................................................................ 517
Service endpoints ........................................................................................................... 517
Service quotas ................................................................................................................ 520
Amazon Pinpoint .................................................................................................................... 522
Service endpoints ........................................................................................................... 522
Service quotas ................................................................................................................ 524
Amazon Polly ......................................................................................................................... 528
Service endpoints ........................................................................................................... 528
Service quotas ................................................................................................................ 530
Amazon Managed Service for Prometheus ................................................................................. 531
Service endpoints ........................................................................................................... 531
Service quotas ................................................................................................................ 532
Additional quotas for ingested data .................................................................................. 534
AWS Proton ........................................................................................................................... 534
Service endpoints ........................................................................................................... 534
Service quotas ................................................................................................................ 535
QLDB .................................................................................................................................... 535
Service endpoints ........................................................................................................... 535
Service quotas ................................................................................................................ 537
Amazon QuickSight ................................................................................................................ 537

Version 1.0
xii
 AWS General Reference Reference guide

Service endpoints ........................................................................................................... 538

Service quotas ................................................................................................................ 539
AWS RAM .............................................................................................................................. 540
Service endpoints ........................................................................................................... 540
Service quotas ................................................................................................................ 542
Amazon Redshift .................................................................................................................... 542
Service endpoints ........................................................................................................... 542
Service quotas ................................................................................................................ 545
Amazon Rekognition ............................................................................................................... 545
Service endpoints ........................................................................................................... 546
Service quotas ................................................................................................................ 548
Amazon RDS .......................................................................................................................... 550
Service endpoints ........................................................................................................... 551
Service quotas ................................................................................................................ 554
Resilience Hub ........................................................................................................................ 555
Service endpoints ........................................................................................................... 555
Service quotas ................................................................................................................ 556
Resource Groups and Tagging .................................................................................................. 557
AWS Resource Groups ..................................................................................................... 557
AWS Resource Groups Tagging API ................................................................................... 559
AWS RoboMaker ..................................................................................................................... 561
Service endpoints ........................................................................................................... 561
Service quotas ................................................................................................................ 561
Route  53 ................................................................................................................................ 563
Service endpoints ........................................................................................................... 563
Service quotas ................................................................................................................ 566
SageMaker ............................................................................................................................. 568
Service endpoints ........................................................................................................... 568
Service quotas ................................................................................................................ 572
Secrets Manager ..................................................................................................................... 588
Service endpoints ........................................................................................................... 588
Service quotas ................................................................................................................ 590
Security Hub .......................................................................................................................... 591
Service endpoints ........................................................................................................... 591
Service quotas ................................................................................................................ 593
AWS STS ............................................................................................................................... 593
Service endpoints ........................................................................................................... 593
AWS SMS .............................................................................................................................. 595
Service endpoints ........................................................................................................... 595
Service quotas ................................................................................................................ 597
Service Quotas ....................................................................................................................... 597
Service endpoints ........................................................................................................... 597
Service quotas ................................................................................................................ 599
AWS Serverless Application Repository ...................................................................................... 600
Service endpoints ........................................................................................................... 600
Service quotas ................................................................................................................ 601
AWS Service Catalog ............................................................................................................... 602
Service endpoints ........................................................................................................... 602
Service quotas ................................................................................................................ 603
Shield Advanced ..................................................................................................................... 604
Service endpoints ........................................................................................................... 604
Service quotas ................................................................................................................ 607
Amazon SES .......................................................................................................................... 607
Service endpoints ........................................................................................................... 607
Service quotas ................................................................................................................ 610
AWS Signer ............................................................................................................................ 611
Service endpoints with Lambda ........................................................................................ 611

Version 1.0
xiii
 AWS General Reference Reference guide

Service endpoints with IoT .............................................................................................. 612

Service quotas ................................................................................................................ 613
AWS Sign-In ........................................................................................................................... 614
Service endpoints ........................................................................................................... 614
Service quotas ................................................................................................................ 616
Amazon SNS .......................................................................................................................... 616
Service endpoints ........................................................................................................... 616
Service quotas ................................................................................................................ 618
Amazon SQS .......................................................................................................................... 622
Service endpoints ........................................................................................................... 622
Service quotas ................................................................................................................ 625
Amazon S3 ............................................................................................................................ 626
Service endpoints ........................................................................................................... 626
Service quotas ................................................................................................................ 645
Amazon SWF ......................................................................................................................... 646
Service endpoints ........................................................................................................... 647
Service quotas ................................................................................................................ 648
Amazon SimpleDB .................................................................................................................. 666
Service endpoints ........................................................................................................... 666
Service quotas ................................................................................................................ 667
AWS SSO ............................................................................................................................... 667
Service endpoints ........................................................................................................... 667
Service quotas ................................................................................................................ 670
Snow Family .......................................................................................................................... 670
Service endpoints ........................................................................................................... 670
Service quotas ................................................................................................................ 672
Step Functions ....................................................................................................................... 672
Service endpoints ........................................................................................................... 673
Service quotas ................................................................................................................ 675
Storage Gateway .................................................................................................................... 680
Service endpoints ........................................................................................................... 680
Service quotas ................................................................................................................ 682
Sumerian ............................................................................................................................... 683
Service endpoints ........................................................................................................... 684
Service quotas ................................................................................................................ 685
AWS Support ......................................................................................................................... 685
Service endpoints ........................................................................................................... 685
Service quotas ................................................................................................................ 687
AWS Systems Manager ............................................................................................................ 687
Service endpoints ........................................................................................................... 687
Service quotas ................................................................................................................ 689
Amazon Textract .................................................................................................................... 698
Service endpoints ........................................................................................................... 698
Service quotas ................................................................................................................ 699
Timestream ............................................................................................................................ 701
Service endpoints ........................................................................................................... 701
Service quotas ................................................................................................................ 702
Amazon Transcribe ................................................................................................................. 703
Service endpoints ........................................................................................................... 703
Service quotas ................................................................................................................ 707
Transfer Family ...................................................................................................................... 709
Service endpoints ........................................................................................................... 709
Service quotas ................................................................................................................ 710
Amazon Translate ................................................................................................................... 711
Service endpoints ........................................................................................................... 711
Service quotas ................................................................................................................ 712
Amazon VPC .......................................................................................................................... 713

Version 1.0
xiv
 AWS General Reference Reference guide

Service endpoints ........................................................................................................... 713

Service quotas ................................................................................................................ 714
AWS WAF .............................................................................................................................. 716
Service endpoints ........................................................................................................... 716
Service quotas ................................................................................................................ 718
AWS WAF Classic .................................................................................................................... 719
Service endpoints ........................................................................................................... 719
Service quotas ................................................................................................................ 722
AWS Well-Architected Tool ...................................................................................................... 723
Service endpoints ........................................................................................................... 723
Service quotas ................................................................................................................ 725
Amazon WorkDocs .................................................................................................................. 725
Service endpoints ........................................................................................................... 725
Amazon WorkLink ................................................................................................................... 726
Service endpoints ........................................................................................................... 726
Amazon WorkMail .................................................................................................................. 726
Service endpoints ........................................................................................................... 727
Service quotas ................................................................................................................ 728
WorkSpaces ........................................................................................................................... 728
Service endpoints ........................................................................................................... 728
Service quotas ................................................................................................................ 729
X-Ray .................................................................................................................................... 730
Service endpoints ........................................................................................................... 730
Service quotas ................................................................................................................ 732
AWS resources ............................................................................................................................... 733
AWS service endpoints ............................................................................................................ 733
Regional endpoints ......................................................................................................... 733
View the service endpoints .............................................................................................. 734
FIPS endpoints ............................................................................................................... 735
Learn more .................................................................................................................... 735
Managing AWS Regions ........................................................................................................... 735
Enabling a Region .......................................................................................................... 736
Disabling a Region .......................................................................................................... 736
Describing your Regions using the AWS CLI ....................................................................... 737
AWS service quotas ................................................................................................................ 737
Tagging AWS resources ........................................................................................................... 738
Best practices ................................................................................................................. 738
Tagging categories .......................................................................................................... 739
Tag naming limits and requirements ................................................................................. 739
Common tagging strategies ............................................................................................. 740
Tagging governance ........................................................................................................ 741
Learn more .................................................................................................................... 741
Amazon Resource Names (ARNs) .............................................................................................. 742
ARN format ................................................................................................................... 742
Paths in ARNs ................................................................................................................ 743
AWS IP address ranges .................................................................................................................... 744
Download .............................................................................................................................. 744
Syntax ................................................................................................................................... 744
Filtering the JSON file ............................................................................................................. 746
Windows ....................................................................................................................... 746
Linux ............................................................................................................................. 747
Implementing egress control .................................................................................................... 749
Windows PowerShell ....................................................................................................... 749
jq .................................................................................................................................. 749
Python .......................................................................................................................... 750
AWS IP address ranges notifications ......................................................................................... 750
Release notes ......................................................................................................................... 752

Version 1.0
xv
 AWS General Reference Reference guide

AWS APIs ....................................................................................................................................... 753

API retries ............................................................................................................................. 753
Signing AWS API requests ....................................................................................................... 754
When to sign requests .................................................................................................... 754
Why requests are signed ................................................................................................. 754
Signing requests ............................................................................................................. 755
Signature versions .......................................................................................................... 755
Signature Version 4 signing process .................................................................................. 755
Signature Version 2 signing process .................................................................................. 783
AWS SDK support for Amazon S3 client-side encryption .............................................................. 790
AWS SDK features for Amazon S3 client-side encryption ..................................................... 791
Amazon S3 encryption client cryptographic algorithms ....................................................... 791
Document conventions .................................................................................................................... 793
AWS glossary ................................................................................................................................. 795

Version 1.0
xvi
 AWS General Reference Reference guide

AWS General Reference

The AWS General Reference provides information that is useful across Amazon Web Services.

Contents

• AWS security credentials (p. 2)

• Service endpoints and quotas (p. 16)
• AWS resources (p. 733)
• AWS IP address ranges (p. 744)
• AWS APIs (p. 753)
• Document conventions (p. 793)
• AWS glossary (p. 795)

Version 1.0
1
 AWS General Reference Reference guide
AWS users

AWS security credentials

When you interact with AWS, you specify your AWS security credentials to verify who you are and
whether you have permission to access the resources that you are requesting. AWS uses the security
credentials to authenticate and authorize your requests.

For example, if you want to download a protected file from an Amazon Simple Storage Service (Amazon
S3) bucket, your credentials must allow that access. If your credentials aren't authorized to download the
file, AWS denies your request. However, your AWS security credentials are not required to download a file
in an Amazon S3 bucket that is publicly shared.

Contents
• AWS account root user credentials and IAM user credentials (p. 2)
• Understanding and getting your AWS credentials (p. 3)
• Your AWS account identifiers (p. 6)
• Best practices for managing AWS access keys (p. 7)
• AWS security audit guidelines (p. 10)

AWS account root user credentials and IAM user

credentials
There are two different types of users in AWS. You are either the account owner (root user) or you are
an AWS Identity and Access Management (IAM) user. The root user is created when the AWS account
is created and IAM users are created by the root user or an IAM administrator for the account. All AWS
users have security credentials.

Root user credentials

The credentials of the account owner allow full access to all resources in the account. You cannot use
IAM policies to explicitly deny the root user access to resources. You can only use an AWS Organizations
service control policy (SCP) to limit the permissions of the root user. Because of this, we recommend that
you create an IAM user with administrator permissions to use for everyday AWS tasks and lock away the
access keys for the root user.

There are specific tasks that are restricted to the AWS account root user. For example, only the root user
can close your account. If you need to perform a task that requires the root user, sign in to the AWS
Management Console using the email address and password of the root user. For more information, see
Tasks that require root user credentials (p. 3).

IAM credentials

With IAM, you can securely control access to AWS services and resources for users in your AWS account.
For example, if you require administrator-level permissions, you can create an IAM user, grant that user
full access, and then use those credentials to interact with AWS. If you need to modify or revoke your
permissions, you can delete or modify the policies that are associated with that IAM user.

If you have multiple users that require access to your AWS account, you can create unique credentials
for each user and define who has access to which resources. You don't need to share credentials. For

Version 1.0
2
 AWS General Reference Reference guide
Tasks that require root user credentials

example, you can create IAM users with read-only access to resources in your AWS account and distribute
those credentials to users.

Tasks that require root user credentials

We recommend that you use an IAM user with appropriate permissions to perform tasks and access AWS
resources. However, you can perform the tasks listed below only when you sign in as the root user of an
account.

Tasks

• Change your account settings. This includes the account name, email address, root user password,
and root user access keys. Other account settings, such as contact information, payment currency
preference, and Regions, do not require root user credentials.
• Restore IAM user permissions. If the only IAM administrator accidentally revokes their own
permissions, you can sign in as the root user to edit policies and restore those permissions.
• Activate IAM access to the Billing and Cost Management console.
• View certain tax invoices. An IAM user with the aws-portal:ViewBilling permission can view and
download VAT invoices from AWS Europe, but not AWS Inc or Amazon Internet Services Pvt. Ltd
(AISPL).
• Close your AWS account.
• Change your AWS Support plan or Cancel your AWS Support plan. For more information, see IAM for
AWS Support.
• Register as a seller in the Reserved Instance Marketplace.
• Configure MFA delete for your S3 bucket.
• Edit or delete an Amazon S3 bucket policy that includes an invalid VPC ID or VPC endpoint ID.
• Sign up for GovCloud.

Troubleshooting

If you cannot complete any of these tasks using your root user credentials, your account might be a
member of an organization in AWS Organizations. If your organizational administrator used a service
control policy (SCP) to limit the permissions of your account, your root user permissions might be
affected. For more information, see Service control policies in the AWS Organizations User Guide.

Understanding and getting your AWS credentials

AWS requires different types of security credentials depending on how you access AWS. For example,
you need a user name and password to sign in to the AWS Management Console and you need access
keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for
PowerShell.

Considerations

• Be sure to save the following in a secure location: the email address associated with your AWS account,
the AWS account ID, the root user password, and your account access keys. If you forget or lose your
root user password, you must have access to the email address associated with your account in order to
reset it. If you forget or lose your access keys, you must sign into your account to create new ones.
• We strongly recommend that you create an IAM user with administrator permissions to use for
everyday AWS tasks and lock away the password and access keys for the root user. Use the root user
only for the tasks that are restricted to the root user.

Version 1.0
3
 AWS General Reference Reference guide
Console access

• Security credentials are account-specific. If you have access to multiple AWS accounts, you have
separate credentials for each account.
• Do not provide your AWS credentials to a third party.

Credentials
• Console access (p. 4)
• Programmatic access (p. 5)
• Temporary access keys (p. 6)

Console access
There are two different types of users in AWS. You are either the account owner (root user) or you are
an AWS Identity and Access Management (IAM) user. How you sign in to the AWS Management Console
depends on whether you are the root user or an IAM user.

Contents
• Root user email address and password (p. 4)
• IAM user name and password (p. 4)
• Multi-factor authentication (MFA) (p. 4)

Root user email address and password

When you first create an AWS account, you specify an email address for the account and a password
for the root user. To sign in to your AWS account as the root user, you provide this email address and
password. The root user can sign in to the AWS Management Console and change the account name,
email address, and password using the Security Credentials page. If you forget the password for the root
user, open the console sign-in page and choose Forgot your password? to reset your password. This
process requires access to the email address for the account.

IAM user name and password

IAM users are created by the root user or an IAM administrator within the AWS account. The user who
created your IAM user should provide you with either the account alias or 12-digit AWS account ID, the
IAM user name, and the password for the IAM user. An IAM user can sign in using either the console sign-
in page or the following sign-in URL, replacing account_id_or_alias with either the account alias or
AWS account ID provided to you:

[Link]

If you forget the password for your IAM user, contact your IAM administrator or the account owner. If
your IAM administrator gave you permissions to manage your own AWS credentials, then you can change
your password periodically, which is a security best practice, using the Security Credentials page.

Multi-factor authentication (MFA)

Multi-factor authentication (MFA) provides an extra level of security that you can apply to your AWS
account. For additional security, we recommend that you require MFA on the AWS account root user
credentials and highly privileged IAM users. For more information, see Using Multi-Factor Authentication
(MFA) in AWS in the IAM User Guide.

Version 1.0
4
 AWS General Reference Reference guide
Programmatic access

With MFA enabled, when you sign in to your AWS account, you are prompted for your user name and
password, plus an authentication code from an MFA device. Adding MFA provides increased security for
your AWS account settings and resources.

By default, MFA (multi-factor authentication) is not enabled. You can enable and manage MFA devices
for the AWS account root user by going to the Security Credentials page or the IAM dashboard in the
AWS Management Console. For more information about enabling MFA for IAM users, see Enabling MFA
Devices in the IAM User Guide.

Programmatic access
You must provide your AWS access keys to make programmatic calls to AWS or to use the AWS
Command Line Interface or AWS Tools for PowerShell.

When you create your access keys, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE)
and secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set. The
secret access key is available for download only when you create it. If you don't download your secret
access key or if you lose it, you must create a new one.

You can assign up to two access keys per user (root user or IAM user). Having two access keys is useful
when you want to rotate them. When you disable an access key, you can't use it, but it counts toward
your limit of two access keys. After you delete an access key, it's gone forever and can't be restored, but it
can be replaced with a new access key.

To manage access keys when signed in as the root user

1. Sign in to the AWS Management Console as the root user. For more information, see Sign in as the
root user in the IAM User Guide.
2. In the navigation bar on the upper right, choose your account name or number and then choose My
Security Credentials.
3. Expand the Access keys (access key ID and secret access key) section.
4. Do one of the following:

• To create an access key, choose Create New Access Key. If you already have two access keys, this
button is disabled and you must delete an access key before you can create a new one. When
prompted, choose either Show Access Key or Download Key File. This is your only opportunity to
save your secret access key. After you've saved your secret access key in a secure location, chose
Close.
• To deactivate an access key, choose Make Inactive. When prompted for confirmation, choose
Deactivate. A deactivated access key still counts toward your limit of two access keys.
• To activate an access key, choose Make Active.
• To delete an access key when you no longer need it, copy the access key ID and then choose
Delete. Before you can delete the access key, you must choose Deactivate. We recommend that
you verify that the access key is no longer in use before you permanently delete it. To confirm
deletion, paste the access key ID in the text input field and then choose Delete.

To manage access keys when signed in as an IAM user

1. Sign in to the AWS Management Console as an IAM user. For more information, see Sign in as an IAM
user in the IAM User Guide.
2. In the navigation bar on the upper right, choose your user name and then choose My Security
Credentials.
Tip
If you do not see the My Security Credentials page, you might be signed in as a federated
user, not an IAM user. You can create and use temporary access keys (p. 6) instead.

Version 1.0
5
 AWS General Reference Reference guide
Temporary access keys

3. Do one of the following:

• To create an access key, choose Create access key. If you already have two access keys, this button
is disabled and you must delete an access key before you can create a new one. When prompted,
choose either Show secret access key or Download .csv file. This is your only opportunity to save
your secret access key. After you've saved your secret access key in a secure location, chose Close.
• To deactivate an access key, choose Make inactive. When prompted for confirmation, choose
Deactivate. A deactivated access key still counts toward your limit of two access keys.
• To activate an access key, choose Make active. When prompted for confirmation, choose Make
active.
• To delete an access key when you no longer need it, copy the access key ID and then choose
Delete. This deactivates the access key. We recommend that you verify that the access key is no
longer in use before you permanently delete it. To confirm deletion, paste the access key ID in the
text input field and then choose Delete.

Temporary access keys

You can also create and use temporary access keys, known as temporary security credentials. In addition
to the access key ID and secret access key, temporary security credentials include a security token that
you must send to AWS when you use temporary security credentials. The advantage of temporary
security credentials is that they are short term. After they expire, they're no longer valid. You can use
temporary access keys in less secure environments or distribute them to grant users temporary access
to resources in your AWS account. For example, you can grant entities from other AWS accounts access
to resources in your AWS account (cross-account access). You can also grant users who don't have AWS
security credentials access to resources in your AWS account (federation). For more information, see aws
sts assume-role.

Your AWS account identifiers

AWS assigns the following unique identifiers to each AWS account:

AWS account ID

A 12-digit number, such as 123456789012, that uniquely identifies an AWS account. Many AWS
resources include the account ID in their Amazon Resource Names (ARNs). The account ID portion
distinguishes resources in one account from the resources in another account. If you are an IAM user,
you can sign in to the AWS Management Console using either the account ID or account alias.
Canonical user ID

An alpha-numeric identifier, such as

79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be, that is an
obfuscated form of the AWS account ID. You can use this ID to identify an AWS account when
granting cross-account access to buckets and objects using Amazon S3. You can retrieve the
canonical user ID for your AWS account as either the root user or an IAM user.

For more information, see Finding the canonical user ID for your AWS account in the Amazon S3 User
Guide.

You must be authenticated with AWS to view these identifiers.

Warning
Do not provide your AWS credentials (p. 3) to a third party that needs your AWS account
identifiers to share AWS resources with you. Doing so would give them the same access to the
AWS account that you have.

Version 1.0
6
 AWS General Reference Reference guide
Finding your AWS account ID

Finding your AWS account ID

You can find the AWS account ID in the AWS Management Console. The location of the account ID in
the console depends on whether you are logged in as the root user or an IAM user. The account ID is the
same whether you are logged in as the root user or an IAM user.

Prerequisite

You must be signed in to the AWS Management Console. For more information, see Signing in to the
AWS Management Console in the IAM User Guide.

To find your AWS account ID when signed in as the root user

1. In the navigation bar on the upper right, choose your account name or number and then choose My
Security Credentials.
2. Expand the Account identifiers section. The account number appears next to the label AWS Account
ID.

To find your AWS account ID when signed in as an IAM user

1. In the navigation bar on the upper right, choose your user name and then choose My Security
Credentials.
Tip
If you do not see the My Security Credentials page, you might be signed in as a federated
user, not an IAM user.
2. At the top of the page, under Account details, the account number appears next to the label AWS
account ID.

To find your AWS account ID using the AWS CLI

Use the get-caller-identity command as follows:

aws sts get-caller-identity --query Account --output text

Best practices for managing AWS access keys

When you use AWS programmatically, you provide your AWS access keys so that AWS can verify
your identity in programmatic calls. Your access keys consist of an access key ID (for example,
AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/
bPxRfiCYEXAMPLEKEY).

Anyone who has your access keys has the same level of access to your AWS resources that you do.
Consequently, AWS goes to significant lengths to protect your access keys, and, in keeping with our
shared-responsibility model, you should as well.

The steps that follow can help you protect your access keys. For background information, see AWS
security credentials (p. 2).
Note
Your organization may have different security requirements and policies than those described in
this topic. The suggestions provided here are intended as general guidelines.

Version 1.0
7
 AWS General Reference Reference guide
Protect or don't create your root user access key

Protect or don't create your root user access key

You must use an access key (access key ID plus secret access key) to make programmatic requests to AWS.
For example, when using the AWS Command Line Interface, an AWS SDK, or direct API calls. Anyone who
has the access keys for your AWS account root user has unrestricted access to all resources in your AWS
account, including billing information. You can't reduce the permissions associated with the access key
for the AWS account root user.

For more information, see Lock away your AWS account root user access keys in the IAM User Guide.

Manage access keys for IAM users

Instead of sharing the credentials of the AWS account root user, create individual IAM users, granting
each user only the permissions they require. For more information, see Managing Access Keys for IAM
Users in the IAM User Guide.

Observe these precautions when using access keys:

• Don't embed access keys directly into code. The AWS SDKs and the AWS Command Line Tools enable
you to put access keys in known locations so that you do not have to keep them in code.

Put access keys in one of the following locations:

• The AWS credentials file. The AWS SDKs and AWS CLI automatically use the credentials that you
store in the AWS credentials file.

For information about using the AWS credentials file, see the documentation for your SDK. Examples
include Set up AWS Credentials and Region for Development in the AWS SDK for Java Developer
Guide and Configuration and Credential Files in the AWS Command Line Interface User Guide.

To store credentials for the AWS SDK for .NET and the AWS Tools for Windows PowerShell, we
recommend that you use the SDK Store. For more information, see Using the SDK Store in the AWS
SDK for .NET Developer Guide.
• Environment variables. On a multitenant system, choose user environment variables, not system
environment variables.

For more information about using environment variables to store credentials, see Environment
Variables in the AWS Command Line Interface User Guide.
• Rotate access keys periodically. Change access keys on a regular basis. For details, see Rotating Access
Keys (AWS CLI, Tools for Windows PowerShell, and AWS API) in the IAM User Guide and How to Rotate
Access Keys for IAM Users on the AWS Security Blog.
• Remove unused access keys. If a user leaves your organization, remove the corresponding IAM user
so that the user can no longer access your resources. To find out when an access key was last used, use
the GetAccessKeyLastUsed API (AWS CLI command: aws iam get-access-key-last-used).
• Configure multi-factor authentication for your most sensitive operations. For more information, see
Using Multi-Factor Authentication (MFA) in AWS in the IAM User Guide.

Use IAM roles instead of long-term access keys

In many scenarios, you don't need long-term access keys that never expire (as you have with an IAM
user). Instead, you can create IAM roles and generate temporary security credentials. Temporary security
credentials consist of an access key ID and a secret access key, but they also include a security token that
indicates when the credentials expire.

Long-term access keys, such as those associated with IAM users and AWS account root users, remain valid
until you manually revoke them. However, temporary security credentials obtained through IAM roles

Version 1.0
8
 AWS General Reference Reference guide
Access the mobile app using AWS access keys

and other features of the AWS Security Token Service expire after a short period of time. Use temporary
security credentials to help reduce your risk in case credentials are accidentally exposed.

Use an IAM role and temporary security credentials in these scenarios:

• You have an application or AWS CLI scripts running on an Amazon EC2 instance. Do not use
access keys directly in your application. Don't pass access keys to the application, embed them in the
application, or let the application read access keys from any source. Instead, define an IAM role that
has appropriate permissions for your application and launch the Amazon EC2 instance with roles for
EC2. Doing this associates an IAM role with the Amazon EC2 instance. This practice also enables the
application to get temporary security credentials that it can in turn use to make programatic calls to
AWS. The AWS SDKs and the AWS CLI can get temporary credentials from the role automatically.
• You need to grant cross-account access. Use an IAM role to establish trust between accounts,
and then grant users in one account limited permissions to access the trusted account. For more
information, see Tutorial: Delegate Access Across AWS Accounts Using IAM Roles in the IAM User Guide.
• You have a mobile app. Do not embed access keys with the app, even in encrypted storage. Instead,
use Amazon Cognito to manage user identities in your app. This service lets you authenticate users
using Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC)–compatible identity
provider. You can then use the Amazon Cognito credentials provider to manage credentials that your
app uses to make requests to AWS. For more information, see Using the Amazon Cognito Credentials
Provider on the AWS Mobile Blog.
• You want to federate into AWS and your organization supports SAML 2.0. If you work for an
organization that has an identity provider that supports SAML 2.0, configure the provider to use SAML.
You can use SAML to exchange authentication information with AWS and get back a set of temporary
security credentials. For more information, see About SAML 2.0-based Federation in the IAM User
Guide.
• You want to federate into AWS and your organization has an on-premises identity store. If users
can authenticate inside your organization, you can write an application that can issue them temporary
security credentials for access to AWS resources. For more information, see Creating a URL that
Enables Federated Users to Access the AWS Management Console (Custom Federation Broker) in the
IAM User Guide.

Access the mobile app using AWS access keys

You can access a limited set of AWS services and features using the AWS mobile app. The mobile app
helps you support incident response while on the go. For more information and to download the app,
see AWS Console Mobile Application.

You can sign in to the mobile app using your console password or your access keys. As a best practice, do
not use root user access keys. Instead, we strongly recommend that in addition to using a password or
biometric lock on your mobile device, you create an IAM user to manage AWS resources. If you lose your
mobile device, you can remove the IAM user's access. For more information about generating access keys
for an IAM user, see Managing Access Keys for IAM Users in the IAM User Guide.

To sign in using access keys (mobile app)

1. Open the app on your mobile device.

2. If this is the first time that you're adding an identity to the device, choose Add an identity and then
choose Access keys.

If you have already signed in using another identity, choose the menu icon and choose Switch
identity. Then choose Sign in as a different identity and then Access keys.
3. On the Access keys page, enter your information:

• Access key ID – Enter your access key ID.

Version 1.0
9
 AWS General Reference Reference guide
Learn more

• Secret access key – Enter your secret access key.

• Identity name – Enter the name of the identity that will appear in the mobile app. This does not
need to match your IAM user name.
• Identity PIN – Create a personal identification number (PIN) that you will use for future sign-ins.
Note
If you enable biometrics for the AWS mobile app, you will be prompted to use your
fingerprint or facial recognition for verification instead of the PIN. If the biometrics fail,
you might be prompted for the PIN instead.
4. Choose Verify and add keys.

You can now access a select set of your resources using the mobile app.

Learn more
For more information about best practices for keeping your AWS account secure, see the following
resources:

• IAM Best Practices. Contains suggestions for using the AWS Identity and Access Management (IAM)
service to help secure your AWS resources.
• The following pages provide guidance for setting up the AWS SDKs and the AWS CLI to use access
keys.
• Set up AWS Credentials and Region for Development in the AWS SDK for Java Developer Guide.
• Using the SDK Store in the AWS SDK for .NET Developer Guide.
• Providing Credentials to the SDK in the AWS SDK for PHP Developer Guide.
• Configuration in the Boto 3 (AWS SDK for Python) documentation.
• Using AWS Credentials in the AWS Tools for Windows PowerShell guide.
• Configuration and Credential Files in the AWS Command Line Interface User Guide.
• Granting Access Using an IAM Role. Discusses how programs written using the .NET SDK can
automatically get temporary security credentials when running on an Amazon EC2 instance. Similar
information is available for the AWS SDK for Java.

AWS security audit guidelines

You should periodically audit your security configuration to make sure it meets your current business
needs. An audit gives you an opportunity to remove unneeded IAM users, roles, groups, and policies, and
to make sure that your users and software have only the permissions that are required.

Following are guidelines for systematically reviewing and monitoring your AWS resources for security
best practices.

Contents
• When you should perform a security audit (p. 11)
• Guidelines for auditing (p. 11)
• Review your AWS account credentials (p. 11)
• Review your IAM users (p. 11)
• Review your IAM groups (p. 12)
• Review your IAM roles (p. 12)
• Review your IAM providers for SAML and OpenID Connect (OIDC) (p. 12)

Version 1.0
10
 AWS General Reference Reference guide
When you should perform a security audit

• Review Your mobile apps (p. 12)

• Review your Amazon EC2 security configuration (p. 13)
• Review AWS policies in other services (p. 13)
• Monitor activity in your AWS account (p. 13)
• Tips for reviewing IAM policies (p. 14)
• Learn more (p. 15)

When you should perform a security audit

You should audit your security configuration in the following situations:

• On a periodic basis. You should perform the steps described in this document at regular intervals as a
best practice for security.
• If there are changes in your organization, such as people leaving.
• If you have stopped using one or more individual AWS services. This is important for removing
permissions that users in your account no longer need.
• If you've added or removed software in your accounts, such as applications on Amazon EC2 instances,
AWS OpsWorks stacks, AWS CloudFormation templates, etc.
• If you ever suspect that an unauthorized person might have accessed your account.

Guidelines for auditing

As you review your account's security configuration, follow these guidelines:

• Be thorough. Look at all aspects of your security configuration, including those you might not use
regularly.
• Don't assume. If you are unfamiliar with some aspect of your security configuration (for example, the
reasoning behind a particular policy or the existence of a role), investigate the business need until you
are satisfied.
• Keep things simple. To make auditing (and management) easier, use IAM groups, consistent naming
schemes, and straightforward policies.

Review your AWS account credentials

Take these steps when you audit your AWS account credentials:

1. If you're not using the root access keys for your account, you can remove them. We strongly
recommend that you do not use root access keys for everyday work with AWS, and that instead you
create IAM users.
2. If you do need to keep the access keys for your account, rotate them regularly.

Review your IAM users

Take these steps when you audit your existing IAM users:

1. List your users and then delete users that are inactive.
2. Remove users from groups that they don't need to be a part of.
3. Review the policies attached to the groups the user is in. See Tips for reviewing IAM policies (p. 14).

Version 1.0
11
 AWS General Reference Reference guide
Review your IAM groups

4. Delete security credentials that the user doesn't need or that might have been exposed. For example,
an IAM user that is used for an application does not need a password (which is necessary only to sign
in to AWS websites). Similarly, if a user does not use access keys, there's no reason for the user to have
one. For more information, see Managing Passwords for IAM Users and Managing Access Keys for IAM
Users in the IAM User Guide.

You can generate and download a credential report that lists all IAM users in your account and the
status of their various credentials, including passwords, access keys, and MFA devices. For passwords
and access keys, the credential report shows how recently the password or access key has been
used. Credentials that have not been used recently might be good candidates for removal. For more
information, see Getting Credential Reports for your AWS Account in the IAM User Guide.
5. Rotate (change) user security credentials periodically, or immediately if you ever share them with an
unauthorized person. For more information, see Managing Passwords for IAM Users and Managing
Access Keys for IAM Users in the IAM User Guide.

Review your IAM groups

Take these steps when you audit your IAM groups:

1. List your groups and then delete groups that are unused.
2. Review users in each group and remove users that don't belong.
3. Review the policies attached to the group. See Tips for reviewing IAM policies (p. 14).

Review your IAM roles

Take these steps when you audit your IAM roles:

1. List your roles and then delete roles that are unused.
2. Review the role's trust policy. Make sure that you know who the principal is and that you understand
why that account or user needs to be able to assume the role.
3. Review the access policy for the role to be sure that it grants suitable permissions to whoever assumes
the role—see Tips for reviewing IAM policies (p. 14).

Review your IAM providers for SAML and OpenID

Connect (OIDC)
If you have created an IAM entity for establishing trust with a SAML or OIDC identity provider, take these
steps:

1. Delete unused providers.

2. Download and review the AWS metadata documents for each SAML provider and make sure the
documents reflect your current business needs. Alternatively, get the latest metadata documents from
the SAML IdPs that you want to establish trust with and update the provider in IAM.

Review Your mobile apps

If you have created a mobile app that makes requests to AWS, take these steps:

1. Make sure that the mobile app does not contain embedded access keys, even if they are in encrypted
storage.

Version 1.0
12
 AWS General Reference Reference guide
Review your Amazon EC2 security configuration

2. Get temporary credentials for the app by using APIs that are designed for that purpose. We
recommend that you use Amazon Cognito to manage user identity in your app. This service lets you
authenticate users using Login with Amazon, Facebook, Google, or any OpenID Connect (OIDC)–
compatible identity provider. You can then use the Amazon Cognito credentials provider to manage
credentials that your app uses to make requests to AWS.

If your mobile app doesn't support authentication using Login with Amazon, Facebook, Google, or any
other OIDC-compatible identity provider, you can create a proxy server that can dispense temporary
credentials to your app.

Review your Amazon EC2 security configuration

Take the following steps for each AWS Region:

1. Delete Amazon EC2 key pairs that are unused or that might be known to people outside your
organization.
2. Review your Amazon EC2 security groups:
• Remove security groups that no longer meet your needs.
• Remove rules from security groups that no longer meet your needs. Make sure you know why the
ports, protocols, and IP address ranges they permit have been allowed.
3. Terminate instances that aren't serving a business need or that might have been started by someone
outside your organization for unapproved purposes. Remember that if an instance is started with a
role, applications that run on that instance can access AWS resources using the permissions that are
granted by that role.
4. Cancel Spot Instance requests that aren't serving a business need or that might have been made by
someone outside your organization.
5. Review your Auto Scaling groups and configurations. Shut down any that no longer meet your needs
or that might have been configured by someone outside your organization.

Review AWS policies in other services

Review the permissions for services that use resource-based policies or that support other security
mechanisms. In each case, make sure that only users and roles with a current business need have access
to the service's resources, and that the permissions granted on the resources are the fewest necessary to
meet your business needs.

• Review your Amazon S3 bucket policies and ACLs.

• Review your Amazon SQS queue policies.
• Review your Amazon SNS topic policies.
• Review your AWS OpsWorks permissions.
• Review your AWS KMS key policies.

Monitor activity in your AWS account

Follow these guidelines for monitoring AWS activity:

• Turn on AWS CloudTrail in each account and use it in each supported Region.
• Periodically examine CloudTrail log files. (CloudTrail has a number of partners who provide tools for
reading and analyzing log files.)
• Enable Amazon S3 bucket logging to monitor requests made to each bucket.

Version 1.0
13
 AWS General Reference Reference guide
Tips for reviewing IAM policies

• If you believe there has been unauthorized use of your account, pay particular attention to temporary
credentials that have been issued. If temporary credentials have been issued that you don't recognize,
disable their permissions.
• Enable billing alerts in each account and set a cost threshold that lets you know if your charges exceed
your normal usage.

Tips for reviewing IAM policies

Policies are powerful and subtle, so it's important to study and understand the permissions that are
granted by each policy. Use the following guidelines when reviewing policies:

• As a best practice, attach policies to groups instead of to individual users. If an individual user has a
policy, make sure you understand why that user needs the policy.
• Make sure that IAM users, groups, and roles have only the permissions that they need.
• Use the IAM Policy Simulator to test policies that are attached to users or groups.
• Remember that a user's permissions are the result of all applicable policies—user policies, group
policies, and resource-based policies (on Amazon S3 buckets, Amazon SQS queues, Amazon SNS
topics, and AWS KMS keys). It's important to examine all the policies that apply to a user and to
understand the complete set of permissions granted to an individual user.
• Be aware that allowing a user to create an IAM user, group, role, or policy and attach a policy to the
principal entity is effectively granting that user all permissions to all resources in your account. That is,
users who are allowed to create policies and attach them to a user, group, or role can grant themselves
any permissions. In general, do not grant IAM permissions to users or roles whom you do not trust
with full access to the resources in your account. The following list contains IAM permissions that you
should review closely:
• iam:PutGroupPolicy
• iam:PutRolePolicy
• iam:PutUserPolicy
• iam:CreatePolicy
• iam:CreatePolicyVersion
• iam:AttachGroupPolicy
• iam:AttachRolePolicy
• iam:AttachUserPolicy
• Make sure policies don't grant permissions for services that you don't use. For example, if you use
AWS managed policies, make sure the AWS managed policies that are in use in your account are for
services that you actually use. To find out which AWS managed policies are in use in your account, use
the IAM GetAccountAuthorizationDetails API (AWS CLI command: aws iam get-account-
authorization-details).
• If the policy grants a user permission to launch an Amazon EC2 instance, it might also allow the
iam:PassRole action, but if so it should explicitly list the roles that the user is allowed to pass to the
Amazon EC2 instance.
• Closely examine any values for the Action or Resource element that include *. It's a best practice
to grant Allow access to only the individual actions and resources that users need. However, the
following are reasons that it might be suitable to use * in a policy:
• The policy is designed to grant administrative-level privileges.
• The wildcard character is used for a set of similar actions (for example, Describe*) as a
convenience, and you are comfortable with the complete list of actions that are referenced in this
way.
• The wildcard character is used to indicate a class of resources or a resource path (e.g.,
arn:aws:iam::account-id:users/division_abc/*), and you are comfortable granting access
to all of the resources in that class or path.

Version 1.0
14
 AWS General Reference Reference guide
Learn more

• A service action does not support resource-level permissions, and the only choice for a resource is *.
• Examine policy names to make sure they reflect the policy's function. For example, although a
policy might have a name that includes "read only," the policy might actually grant write or change
permissions.

Learn more
For information about managing IAM resources, see the following:

• IAM Users and Groups in the IAM User Guide.

• Permissions and Policies in the IAM User Guide.
• IAM Roles (Delegation and Federation) in the IAM User Guide.
• IAM Policy Simulator in the Using IAM Policy Simulator guide.

For more information about Amazon EC2 security, see the following:

• Network and Security in the Amazon EC2 User Guide for Linux Instances.
• Demystifying EC2 Resource-Level Permissions on the AWS Security Blog.

For more information about monitoring an AWS account, see the re:Invent 2013 video presentation
Intrusion Detection in the Cloud.

Version 1.0
15
 AWS General Reference Reference guide

Service endpoints and quotas

The following pages describe the service endpoints and service quotas for AWS services. To connect
programmatically to an AWS service, you use an endpoint. For more information, see AWS service
endpoints (p. 733). Service quotas, also referred to as limits, are the maximum number of service
resources or operations for your AWS account. For more information, see AWS service quotas (p. 737).

Click one of the following links to go to the page for that service. To view the service quotas for all AWS
services in the documentation without switching pages, view the information in the Service endpoints
and quotas page in the PDF instead.

Services
• Alexa for Business endpoints and quotas (p. 21)
• AWS Amplify endpoints and quotas (p. 22)
• Amazon API Gateway endpoints and quotas (p. 26)
• AWS AppConfig endpoints and quotas (p. 32)
• AWS App Mesh endpoints and quotas (p. 36)
• AWS App Runner endpoints and quotas (p. 38)
• Amazon AppFlow endpoints and quotas (p. 39)
• Application Auto Scaling endpoints and quotas (p. 42)
• AWS Application Discovery Service endpoints and quotas (p. 45)
• AWS Application Migration Service endpoints and quotas (p. 46)
• Amazon AppStream 2.0 endpoints and quotas (p. 48)
• AWS AppSync endpoints and quotas (p. 52)
• Amazon Athena endpoints and quotas (p. 56)
• AWS Audit Manager endpoints and quotas (p. 59)
• Amazon Augmented AI endpoints and quotas (p. 60)
• Amazon Aurora endpoints and quotas (p. 61)
• AWS Auto Scaling endpoints and quotas (p. 66)
• AWS Backup endpoints and quotas (p. 68)
• AWS Batch endpoints and quotas (p. 71)
• AWS Billing and Cost Management endpoints and quotas (p. 73)
• Amazon Braket endpoints and quotas (p. 76)
• AWS BugBust endpoints and quotas (p. 78)
• AWS Certificate Manager endpoints and quotas (p. 79)
• AWS Certificate Manager Private Certificate Authority endpoints and quotas (p. 81)
• AWS Chatbot endpoints and quotas (p. 84)
• Amazon Chime endpoints and quotas (p. 86)
• Cloud Control API endpoints and quotas (p. 87)
• AWS Cloud9 endpoints and quotas (p. 89)
• Amazon Cloud Directory endpoints and quotas (p. 91)
• AWS CloudFormation endpoints and quotas (p. 92)
• Amazon CloudFront endpoints and quotas (p. 97)
• AWS CloudHSM endpoints and quotas (p. 101)
• AWS Cloud Map endpoints and quotas (p. 104)

Version 1.0
16
 AWS General Reference Reference guide

• Amazon CloudSearch endpoints and quotas (p. 106)

• AWS CloudShell endpoints and quotas (p. 107)
• AWS CloudTrail endpoints and quotas (p. 108)
• Amazon CloudWatch endpoints and quotas (p. 111)
• Amazon CloudWatch Application Insights endpoints and quotas (p. 115)
• Amazon CloudWatch Events endpoints and quotas (p. 117)
• Amazon CloudWatch Logs endpoints and quotas (p. 121)
• Amazon CloudWatch Synthetics endpoints and quotas (p. 125)
• AWS CodeArtifact endpoints and quotas (p. 127)
• AWS CodeBuild endpoints and quotas (p. 129)
• AWS CodeCommit endpoints and quotas (p. 131)
• AWS CodeDeploy endpoints and quotas (p. 133)
• Amazon CodeGuru Profiler endpoints and quotas (p. 137)
• Amazon CodeGuru Reviewer endpoints and quotas (p. 138)
• AWS CodePipeline endpoints and quotas (p. 139)
• AWS CodeStar endpoints and quotas (p. 142)
• AWS CodeStar Notifications endpoints and quotas (p. 143)
• Amazon Cognito Identity endpoints and quotas (p. 144)
• Amazon Cognito Sync endpoints and quotas (p. 149)
• Amazon Comprehend endpoints and quotas (p. 150)
• Amazon Comprehend Medical endpoints and quotas (p. 154)
• AWS Compute Optimizer endpoints and quotas (p. 157)
• AWS Config endpoints and quotas (p. 158)
• Amazon Connect endpoints and quotas (p. 160)
• AWS Data Exchange endpoints and quotas (p. 168)
• Amazon Data Lifecycle Manager endpoints and quotas (p. 170)
• AWS Data Pipeline endpoints and quotas (p. 172)
• AWS DataSync endpoints and quotas (p. 174)
• AWS Database Migration Service endpoints and quotas (p. 176)
• AWS DeepLens endpoints and quotas (p. 178)
• AWS DeepRacer endpoints and quotas (p. 179)
• Amazon Detective endpoints and quotas (p. 179)
• Amazon DevOps Guru endpoints and quotas (p. 181)
• AWS Device Farm endpoints and quotas (p. 182)
• AWS Direct Connect endpoints and quotas (p. 183)
• AWS Directory Service endpoints and quotas (p. 185)
• Amazon DocumentDB endpoints and quotas (p. 188)
• Amazon DynamoDB endpoints and quotas (p. 189)
• AWS Elastic Beanstalk endpoints and quotas (p. 195)
• Amazon Elastic Block Store endpoints and quotas (p. 199)
• Recycle Bin endpoints and quotas (p. 206)
• Amazon EC2 endpoints and quotas (p. 207)
• Amazon EC2 Auto Scaling endpoints and quotas (p. 213)
• EC2 Image Builder endpoints and quotas (p. 215)
• Amazon EC2 Instance Connect endpoints and quotas (p. 218)

Version 1.0
17
 AWS General Reference Reference guide

• Amazon ECR endpoints and quotas (p. 219)

• Amazon ECR Public endpoints and quotas (p. 227)
• Amazon ECS endpoints and quotas (p. 227)
• Amazon Elastic Kubernetes Service endpoints and quotas (p. 232)
• Amazon Elastic File System endpoints and quotas (p. 234)
• Amazon Elastic Inference endpoints and quotas (p. 238)
• Elastic Load Balancing endpoints and quotas (p. 239)
• Amazon Elastic Transcoder endpoints and quotas (p. 242)
• AWS Elastic Disaster Recovery endpoints and quotas (p. 244)
• Amazon ElastiCache endpoints and quotas (p. 245)
• Amazon MemoryDB for Redis endpoints and quotas (p. 247)
• Amazon EMR endpoints and quotas (p. 249)
• Amazon EventBridge endpoints and quotas (p. 254)
• Amazon EventBridge Schemas endpoints and quotas (p. 256)
• Amazon FinSpace endpoints and quotas (p. 257)
• AWS Fault Injection Simulator endpoints and quotas (p. 258)
• AWS Firewall Manager endpoints and quotas (p. 260)
• Amazon Forecast endpoints and quotas (p. 263)
• Amazon Fraud Detector endpoints and quotas (p. 266)
• FreeRTOS endpoints and quotas (p. 268)
• Amazon FSx endpoints and quotas (p. 270)
• Amazon GameLift endpoints and quotas (p. 274)
• Amazon S3 Glacier endpoints and quotas (p. 275)
• AWS Global Accelerator endpoints and quotas (p. 278)
• AWS Glue endpoints and quotas (p. 279)
• Amazon Managed Grafana endpoints and quotas (p. 282)
• AWS Glue DataBrew endpoints and quotas (p. 284)
• AWS Ground Station endpoints and quotas (p. 286)
• Amazon GuardDuty endpoints and quotas (p. 287)
• AWS Health endpoints and quotas (p. 289)
• Amazon HealthLake endpoints and quotas (p. 290)
• Amazon Honeycode endpoints and quotas (p. 291)
• AWS Identity and Access Management endpoints and quotas (p. 291)
• IAM Access Analyzer endpoints and quotas (p. 294)
• AWS Import/Export endpoints and quotas (p. 297)
• AWS Systems Manager Incident Manager endpoints and quotas (p. 297)
• Amazon Inspector endpoints and quotas (p. 301)
• AWS IoT 1-Click endpoints and quotas (p. 303)
• AWS IoT Analytics endpoints and quotas (p. 304)
• AWS IoT Core endpoints and quotas (p. 306)
• AWS IoT Device Defender endpoints and quotas (p. 361)
• AWS IoT Device Management endpoints and quotas (p. 364)
• AWS IoT Events endpoints and quotas (p. 392)
• AWS IoT Greengrass V1 endpoints and quotas (p. 395)
• AWS IoT Greengrass V2 endpoints and quotas (p. 401)
• AWS IoT RoboRunner endpoints and quotas (p. 407)

Version 1.0
18
 AWS General Reference Reference guide

• AWS IoT SiteWise endpoints and quotas (p. 409)

• AWS IoT Things Graph endpoints and quotas (p. 412)
• AWS IoT TwinMaker endpoints and quotas (p. 415)
• Amazon Interactive Video Service endpoints and quotas (p. 417)
• Amazon Kendra endpoints and quotas (p. 418)
• Amazon Keyspaces (for Apache Cassandra) endpoints and quotas (p. 420)
• AWS Key Management Service endpoints and quotas (p. 422)
• Amazon Kinesis Data Analytics endpoints and quotas (p. 428)
• Amazon Kinesis Data Firehose endpoints and quotas (p. 430)
• Amazon Kinesis Data Streams endpoints and quotas (p. 433)
• Amazon Kinesis Video Streams endpoints and quotas (p. 436)
• AWS Lake Formation endpoints and quotas (p. 441)
• AWS Lambda endpoints and quotas (p. 443)
• AWS Launch Wizard endpoints and quotas (p. 447)
• Amazon Lex endpoints and quotas (p. 449)
• AWS License Manager endpoints and quotas (p. 453)
• Amazon Lightsail endpoints and quotas (p. 455)
• Amazon Location Service endpoints and quotas (p. 457)
• Amazon Lookout for Equipment endpoints and quotas (p. 460)
• Amazon Lookout for Metrics endpoints and quotas (p. 462)
• Amazon Lookout for Vision endpoints and quotas (p. 465)
• Amazon Macie endpoints and quotas (p. 467)
• AWS Mainframe Migration endpoints and quotas (p. 469)
• Amazon Machine Learning endpoints and quotas (p. 470)
• Amazon Managed Blockchain endpoints and quotas (p. 472)
• AWS Management Console service endpoints (p. 473)
• Amazon Managed Workflows for Apache Airflow endpoints and quotas (p. 474)
• AWS Marketplace endpoints and quotas (p. 476)
• Amazon Mechanical Turk endpoints and quotas (p. 478)
• Amazon Managed Streaming for Apache Kafka endpoints and quotas (p. 479)
• Amazon MSK Connect endpoints and quotas (p. 481)
• AWS Elemental MediaConnect endpoints and quotas (p. 482)
• AWS Elemental MediaConvert endpoints and quotas (p. 484)
• AWS Elemental MediaLive endpoints and quotas (p. 486)
• AWS Elemental MediaPackage endpoints and quotas (p. 488)
• AWS Elemental MediaStore endpoints and quotas (p. 491)
• AWS Elemental MediaTailor endpoints and quotas (p. 492)
• AWS Migration Hub endpoints and quotas (p. 494)
• AWS Migration Hub Refactor Spaces endpoints and quotas (p. 495)
• Migration Hub Strategy Recommendations endpoints and quotas (p. 496)
• Amazon Monitron endpoints and quotas (p. 497)
• Amazon MQ endpoints and quotas (p. 497)
• Amazon Neptune endpoints and quotas (p. 500)
• AWS Network Firewall endpoints and quotas (p. 502)
• Transit Gateway Network Manager endpoints and quotas (p. 505)

Version 1.0
19
 AWS General Reference Reference guide

• Amazon Nimble Studio endpoints and quotas (p. 506)

• Amazon OpenSearch Service endpoints and quotas (p. 507)
• AWS OpsWorks endpoints and quotas (p. 509)
• AWS Organizations endpoints and quotas (p. 512)
• AWS Outposts endpoints and quotas (p. 515)
• Amazon Personalize endpoints and quotas (p. 517)
• Amazon Pinpoint endpoints and quotas (p. 522)
• Amazon Polly endpoints and quotas (p. 528)
• Amazon Managed Service for Prometheus endpoints and quotas (p. 531)
• AWS Proton endpoints and quotas (p. 534)
• Amazon QLDB endpoints and quotas (p. 535)
• Amazon QuickSight endpoints and quotas (p. 537)
• AWS Resource Access Manager endpoints and quotas (p. 540)
• Amazon Redshift endpoints and quotas (p. 542)
• Amazon Rekognition endpoints and quotas (p. 545)
• Amazon Relational Database Service endpoints and quotas (p. 550)
• AWS Resilience Hub endpoints and quotas (p. 555)
• AWS Resource Groups and Tagging endpoints and quotas (p. 557)
• AWS RoboMaker endpoints and quotas (p. 561)
• Amazon Route 53 endpoints and quotas (p. 563)
• Amazon SageMaker endpoints and quotas (p. 568)
• AWS Secrets Manager endpoints and quotas (p. 588)
• AWS Security Hub endpoints and quotas (p. 591)
• AWS Security Token Service endpoints and quotas (p. 593)
• AWS Server Migration Service endpoints and quotas (p. 595)
• Service Quotas endpoints and quotas (p. 597)
• AWS Serverless Application Repository endpoints and quotas (p. 600)
• AWS Service Catalog endpoints and quotas (p. 602)
• AWS Shield Advanced endpoints and quotas (p. 604)
• Amazon Simple Email Service endpoints and quotas (p. 607)
• AWS Signer endpoints and quotas (p. 611)
• AWS Sign-In endpoints and quotas (p. 614)
• Amazon Simple Notification Service endpoints and quotas (p. 616)
• Amazon Simple Queue Service endpoints and quotas (p. 622)
• Amazon Simple Storage Service endpoints and quotas (p. 626)
• Amazon Simple Workflow Service endpoints and quotas (p. 646)
• Amazon SimpleDB endpoints and quotas (p. 666)
• AWS Single Sign-On endpoints and quotas (p. 667)
• AWS Snow Family endpoints and quotas (p. 670)
• AWS Step Functions endpoints and quotas (p. 672)
• AWS Storage Gateway endpoints and quotas (p. 680)
• Amazon Sumerian endpoints and quotas (p. 683)
• AWS Support endpoints and quotas (p. 685)
• AWS Systems Manager endpoints and quotas (p. 687)
• Amazon Textract endpoints and quotas (p. 698)
• Amazon Timestream endpoints and quotas (p. 701)

Version 1.0
20
 AWS General Reference Reference guide
Alexa for Business

• Amazon Transcribe endpoints and quotas (p. 703)

• AWS Transfer Family endpoints and quotas (p. 709)
• Amazon Translate endpoints and quotas (p. 711)
• Amazon Virtual Private Cloud endpoints and quotas (p. 713)
• AWS WAF endpoints and quotas (p. 716)
• AWS WAF Classic endpoints and quotas (p. 719)
• AWS Well-Architected Tool endpoints and quotas (p. 723)
• Amazon WorkDocs endpoints and quotas (p. 725)
• Amazon WorkLink endpoints and quotas (p. 726)
• Amazon WorkMail endpoints and quotas (p. 726)
• WorkSpaces endpoints and quotas (p. 728)
• AWS X-Ray endpoints and quotas (p. 730)

Alexa for Business endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Service quotas
Name Default Adjustable

Address books Each supported Region: 25 Yes

Contacts per account Each supported Region: Yes

10,000

Contacts per address book Each supported Region: 100 Yes

Number of conference appliances Each supported Region: Yes

10,000

Number of devices Each supported Region: Yes

100,000

Number of devices per room Each supported Region: 10 Yes

Number of gateways Each supported Region: 100 Yes

Version 1.0
21
 AWS General Reference Reference guide
Amplify

Name Default Adjustable

Number of profiles Each supported Region: 100 Yes

Number of rooms Each supported Region: Yes

10,000

Number of skill groups Each supported Region: Yes

1,000

Number of skills Each supported Region: 100 Yes

Number of skills per skill group Each supported Region: 25 Yes

Number of users Each supported Region: Yes

10,000

AWS Amplify endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Amplify endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
22
 AWS General Reference Reference guide
Amplify Studio (backend) endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Amplify Studio (backend) endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
23
 AWS General Reference Reference guide
Amplify Studio (backend) endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
24
 AWS General Reference Reference guide
Amplify Studio (UI Builder) endpoints

Amplify Studio (UI Builder) endpoints

Region Name Region Endpoint Protocol

Europe (Stockholm) eu-north-1 [Link]- HTTPS

[Link]

Middle East (Bahrain) me-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Europe (Paris) eu-west-3 [Link]- HTTPS

[Link]

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

South America (Sao sa-east-1 [Link]- HTTPS

Paulo) [Link]

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Amplify Service quotas

Name Default Adjustable

Apps Each supported Region: 25 Yes

Branches per app Each supported Region: 50 Yes

Build artifact size Each supported Region: 5 No

Gigabytes

Cache artifact size Each supported Region: 5 No

Gigabytes

Concurrent jobs Each supported Region: 5 Yes

Domains per app Each supported Region: 5 Yes

Environment cache artifact size Each supported Region: 5 No

Gigabytes

Manual deploy ZIP file size Each supported Region: 5 No

Gigabytes

Version 1.0
25
 AWS General Reference Reference guide
Amplify Studio (UI Builder) Service quotas

Name Default Adjustable

Maximum app creations per hour Each supported Region: 25 No

Subdomains per domain Each supported Region: 50 Yes

Webhooks per app Each supported Region: 50 Yes

Amplify Studio (UI Builder) Service quotas

Name Default Adjustable

Components per app All supported Regions: No

1000

Component size All supported Regions: No

350 Kilobytes

Themes per app All supported Regions: No

1000

Theme size All supported Regions: No

350 Kilobytes

Amazon API Gateway endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon API Gateway includes the API Gateway Control Plane (for creating and managing APIs) and the
API Gateway Data Plane (for calling deployed APIs).

The Route 53 Hosted Zone ID column shows the Route 53 Hosted Zone IDs for API Gateway Regional
endpoints. Route 53 Hosted Zone IDs are for use with the execute-api (API Gateway component
service for API execution) domain. For edge-optimized endpoints, the Route 53 Hosted Zone ID is
Z2FDTNDATAQYW2 for all Regions.

Amazon API Gateway control plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
apigateway-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
26
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
apigateway-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) apigateway-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
apigateway-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
apigateway-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
27
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) apigateway-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) apigateway-fi[Link] HTTPS

Amazon API Gateway data plane

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID

US East us-east-2 [Link] HTTPS ZOJJZC49E0EPZ

(Ohio)

US us-east-1 [Link] HTTPS Z1UJRXOUMOOFQ8

East (N.
Virginia)

US us- [Link] HTTPS Z2MUQ32089INYE

West (N. west-1
California)

US West us- [Link] HTTPS Z2OJLYMUO9EFXC

(Oregon) west-2

Africa af- [Link] HTTPS Z2DHW2332DAMTN

(Cape south-1
Town)

Asia ap-east-1 [Link] HTTPS Z3FD1VL90ND7K5

Pacific

Version 1.0
28
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID
(Hong
Kong)

Asia ap- [Link] HTTPS Z3VO1THU9YC4UR

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS Z20JF4UZKIW1U8

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS ZL327KTPIQFUL

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS Z2RPCDW04V8134

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS Z1YSHQZHG15GKL

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS Z19DQILCV0OWEC

(Central) central-1

Europe eu- [Link] HTTPS Z1U9ULNL0V5AJ3

(Frankfurt) central-1

Europe eu- [Link] HTTPS ZLY8HYME6SFDD

(Ireland) west-1

Europe eu- [Link] HTTPS ZJ5UAJN8Y3Z2Q

(London) west-2

Europe eu- [Link] HTTPS Z3BT4WSQ9TDYZV

(Milan) south-1

Europe eu- [Link] HTTPS Z3KY65QIEKYHQQ

(Paris) west-3

Europe eu- [Link] HTTPS Z3UWIKFBOOGXPP

(Stockholm)north-1

Middle me- [Link] HTTPS Z20ZBPC0SS8806

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS ZCMLWB8V5SYIT

America
(São
Paulo)

AWS us-gov- [Link] HTTPS Z3SE9ATJYCRCZJ

GovCloud east-1
(US-East)

Version 1.0
29
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID

AWS us-gov- [Link] HTTPS Z1K6XKP9SAGWDV

GovCloud west-1
(US-
West)

Service quotas
Name Default Adjustable

API Payload Size Each supported Region: 10 No

Megabytes

API Stage throttles in a usage plan Each supported Region: 100 No

API keys Each supported Region: Yes

10,000

AWS Lambda authorizer result size Each supported Region: 8 No

Kilobytes

Client certificates Each supported Region: 60 Yes

Connection duration for WebSocket API Each supported Region: No

7,200 Seconds

Custom Domain Names Each supported Region: 120 Yes

Edge API URL Length Each supported Region: No

8,192

Edge-optimized APIs Each supported Region: 120 No

Maximum API caching TTL Each supported Region: No

3,600 Seconds

Maximum Cached Response Size Each supported Region: No

1,048,576 Bytes

Maximum Combined Header Size Each supported Region: No

10,240 Bytes

Maximum Iterations In Mapping Template Each supported Region: No

1,000

Maximum integration timeout in milliseconds Each supported Region: No

29,000 Milliseconds

Maximum resource policy size in bytes Each supported Region: Yes

8,192

Method ARN Length Each supported Region: No

1,600 Bytes

Private APIs Each supported Region: 600 No

Version 1.0
30
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Regional API URL Length Each supported Region: No

10,240

Regional APIs Each supported Region: 600 No

Resources/Routes per REST/WebSocket API Each supported Region: 300 Yes

Routes per HTTP API Each supported Region: 300 Yes

Stage Variable Key Length Each supported Region: 64 No

Stage Variable Value Length Each supported Region: 512 No

Stage variables per stage Each supported Region: 100 No

Stages per API Each supported Region: 10 Yes

Subnets per VPC link(V2) Each supported Region: 10 Yes

Tags Per Stage Each supported Region: 50 No

Throttle burst rate af-south-1: 1,250 No

eu-south-1: 1,250

Each of the other supported

Regions: 5,000

Throttle rate af-south-1: 2,500 Yes

eu-south-1: 2,500

Each of the other supported

Regions: 10,000

Usage plans Each supported Region: 300 Yes

Usage plans per API key Each supported Region: 10 Yes

VPC links Each supported Region: 20 Yes

VPC links(V2) Each supported Region: 10 Yes

WebSocket Idle Connection Timeout Each supported Region: 600 No

Seconds

WebSocket frame size Each supported Region: 32 No

Kilobytes

WebSocket message payload size Each supported Region: 128 No

Kilobytes

WebSocket new connections burst rate Each supported Region: 500 No

WebSocket new connections rate Each supported Region: 500 Yes

For more information, see Quotas in Amazon API Gateway in the API Gateway Developer Guide.

Version 1.0
31
 AWS General Reference Reference guide
AWS AppConfig

AWS AppConfig endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

AWS AppConfig is a capability of AWS Systems Manager. To view endpoints and quotas of other Systems
Manager capabilities, see AWS Systems Manager endpoints and quotas (p. 687).

Service endpoints
The following sections describe the service endpoints for AWS AppConfig. AWS AppConfig uses control
plane APIs for setting up and configuring AWS AppConfig applications, environments, configuration
profiles, and deployment strategies. AWS AppConfig uses the AWS AppConfig Data service to call data
plane APIs for retrieving stored configurations.

Topics
• Control plane endpoints (p. 32)
• Data plane endpoints (p. 34)

Control plane endpoints

The following table contains AWS Region-specific endpoints that AWS AppConfig supports for control
plane operations. Control plane operations are used for creating, updating, and managing configuration
data. For more information, see AWS AppConfig operations in the AWS AppConfig API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 appconfi[Link] HTTPS

(Ohio)

US East (N. us-east-1 appconfi[Link] HTTPS

Virginia)

US us-west-1 appconfi[Link] HTTPS

West (N.
California)

US West us-west-2 appconfi[Link] HTTPS

(Oregon)

Africa af-south-1 appconfi[Link] HTTPS

(Cape
Town)

Asia ap-east-1 appconfi[Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
32
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- appconfi[Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- appconfi[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- appconfi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- appconfi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- appconfi[Link] HTTPS

(Central) central-1

Europe eu- appconfi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 appconfi[Link] HTTPS

(Ireland)

Europe eu-west-2 appconfi[Link] HTTPS

(London)

Europe eu- appconfi[Link] HTTPS

(Milan) south-1

Europe eu-west-3 appconfi[Link] HTTPS

(Paris)

Europe eu-north-1 appconfi[Link] HTTPS

(Stockholm)

Middle me- appconfi[Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 appconfi[Link] HTTPS

America
(São
Paulo)

Version 1.0
33
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

AWS us-gov- appconfi[Link] HTTPS

GovCloud east-1
(US-East) appconfi[Link] HTTPS

AWS us-gov- appconfi[Link] HTTPS

GovCloud west-1
(US-West) appconfi[Link] HTTPS

Data plane endpoints

The following table contains AWS Region-specific endpoints that AWS AppConfig Data supports for data
plane operations. Data plane operations are used for retrieving configuration data. For more information,
see AWS AppConfig Data operations in the AWS AppConfig API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 appconfi[Link] HTTPS

(Ohio)

US East (N. us-east-1 appconfi[Link] HTTPS

Virginia)

US us-west-1 appconfi[Link] HTTPS

West (N.
California)

US West us-west-2 appconfi[Link] HTTPS

(Oregon)

Africa af-south-1 appconfi[Link] HTTPS

(Cape
Town)

Asia ap-east-1 appconfi[Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- appconfi[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- appconfi[Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
34
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- appconfi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- appconfi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- appconfi[Link] HTTPS

(Central) central-1

Europe eu- appconfi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 appconfi[Link] HTTPS

(Ireland)

Europe eu-west-2 appconfi[Link] HTTPS

(London)

Europe eu- appconfi[Link] HTTPS

(Milan) south-1

Europe eu-west-3 appconfi[Link] HTTPS

(Paris)

Europe eu-north-1 appconfi[Link] HTTPS

(Stockholm)

Middle me- appconfi[Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 appconfi[Link] HTTPS

America
(São
Paulo)

AWS us-gov- appconfi[Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- appconfi[Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Configuration size limit in AWS AppConfig hosted Each supported Region: Yes
configuration store 1,024 Kilobytes

Version 1.0
35
 AWS General Reference Reference guide
App Mesh

Name Default Adjustable

Deployment size limit Each supported Region: Yes

1,024 Kilobytes

Maximum number of applications Each supported Region: 100 Yes

Maximum number of configuration profiles per application Each supported Region: 100 Yes

Maximum number of deployment strategies Each supported Region: 20 Yes

Maximum number of environments per application Each supported Region: 20 Yes

AWS App Mesh endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]- HTTPS
[Link]

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]- HTTPS
[Link]

US us-west-1 [Link] HTTPS

West (N.
California) [Link]- HTTPS
[Link]

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]- HTTPS
[Link]

Africa af-south-1 [Link] HTTPS

(Cape
Town) [Link]- HTTPS
[Link]

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong [Link]- HTTPS
Kong) [Link]

Version 1.0
36
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) [Link]- HTTPS
[Link]

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) [Link]- HTTPS
[Link]

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link]- HTTPS
[Link]

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link]- HTTPS
[Link]

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link]- HTTPS
[Link]

Canada ca- [Link] HTTPS

(Central) central-1
[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link]- HTTPS
[Link]

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link]- HTTPS
[Link]

Europe eu-west-2 [Link] HTTPS

(London)
[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Milan) south-1
[Link]- HTTPS
[Link]

Europe eu-west-3 [Link] HTTPS

(Paris)
[Link]- HTTPS
[Link]

Version 1.0
37
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link]- HTTPS
[Link]

Middle me- [Link] HTTPS

East south-1
(Bahrain) [Link]- HTTPS
[Link]

South sa-east-1 [Link] HTTPS

America
(São [Link]- HTTPS
Paulo) [Link]

Service quotas

Name Default Adjustable

Backends per virtual node Each supported Region: 50 Yes

Connected Envoy processes per virtual gateway Each supported Region: 50 Yes

Connected Envoy processes per virtual node Each supported Region: 50 Yes

Gateway routes per virtual gateway Each supported Region: 10 Yes

Listeners per virtual gateway Each supported Region: 1 No

Listeners per virtual node Each supported Region: 1 No

Listeners per virtual router Each supported Region: 1 No

Meshes per account Each supported Region: 15 Yes

Routes per virtual router Each supported Region: 50 Yes

Virtual gateways per mesh Each supported Region: 3 Yes

Virtual nodes per mesh Each supported Region: 200 Yes

Virtual routers per mesh Each supported Region: 200 Yes

Virtual services per mesh Each supported Region: 200 Yes

Weighted targets per route Each supported Region: 10 No

AWS App Runner endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).

Version 1.0
38
 AWS General Reference Reference guide
Service endpoints

Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Auto scaling configurations Each supported Region: 10 Yes

Connections Each supported Region: 10 Yes

Services Each supported Region: 10 Yes

VPC connectors Each supported Region: 10 Yes

Amazon AppFlow endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

You can't use IP allow listing in your Amazon S3 bucket policy to deny access to any other IP addresses
besides Amazon AppFlow IP addresses. This is because Amazon AppFlow uses a VPC endpoint when
placing data in your Amazon S3 buckets.

For more information about the IP addresses used by Amazon AppFlow, see AWS IP address ranges in the
Amazon Web Services General Reference.

Version 1.0
39
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 appfl[Link] HTTPS

(Ohio)

US East (N. us-east-1 appfl[Link] HTTPS

Virginia)

US us-west-1 appfl[Link] HTTPS

West (N.
California)

US West us-west-2 appfl[Link] HTTPS

(Oregon)

Africa af-south-1 appfl[Link] HTTPS

(Cape
Town)

Asia ap- appfl[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- appfl[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- appfl[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- appfl[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- appfl[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- appfl[Link] HTTPS

(Central) central-1

Europe eu- appfl[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 appfl[Link] HTTPS

(Ireland)

Europe eu-west-2 appfl[Link] HTTPS

(London)

Europe eu-west-3 appfl[Link] HTTPS

(Paris)

South sa-east-1 appfl[Link] HTTPS

America

Version 1.0
40
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name
(São
Paulo)

Service quotas

Name Default Adjustable

Amazon AppFlow flow run size Each supported Region: 100 No

Gigabytes

Amazon EventBridge event size Each supported Region: 256 No

Kilobytes

Amplitude flow run size Each supported Region: 25 No

Megabytes

Concurrent flow runs Each supported Region: Yes

1,000

Connector profiles Each supported Region: 100 Yes

Google Analytics dimensions Each supported Region: 9 No

Google Analytics metrics Each supported Region: 10 No

Marketo flow run size Each supported Region: 20 No

Megabytes

Monthly flow runs Each supported Region: Yes

10,000,000

Rate of Amazon AppFlow flow runs Each supported Region: 1 No

Rate of Amazon S3 flow runs Each supported Region: 1 No

Rate of Amplitude flow runs Each supported Region: 1 No

Rate of Datadog flow runs Each supported Region: 1 No

Rate of Dynatrace flow runs Each supported Region: 1 No

Rate of Google Analytics flow runs Each supported Region: 1 No

Rate of Infor Nexus flow runs Each supported Region: 1 No

Rate of Marketo flow runs Each supported Region: 1 No

Rate of Salesforce Pardot flow runs Each supported Region: 1 No

Rate of Salesforce flow runs Each supported Region: 1 No

Rate of ServiceNow flow runs Each supported Region: 1 No

Rate of Singular flow runs Each supported Region: 1 No

Rate of Slack flow runs Each supported Region: 1 No

Version 1.0
41
 AWS General Reference Reference guide
Application Auto Scaling

Name Default Adjustable

Rate of TrendMicro flow runs Each supported Region: 1 No

Rate of Veeva flow runs Each supported Region: 1 No

Rate of Zendesk flow runs Each supported Region: 1 No

Salesforce event size Each supported Region: 1 No

Megabytes

Salesforce flow run data export size Each supported Region: 500 No
Megabytes

Salesforce flow run data import size Each supported Region: 15 No

Gigabytes

ServiceNow records Each supported Region: No

100,000

Total flows Each supported Region: Yes

1,000

For more information, see Quotas for Amazon AppFlow in the Amazon AppFlow User Guide.

Application Auto Scaling endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link]- HTTP and

West (N. [Link] HTTPS
California)

US West us-west-2 [Link]- HTTP and

(Oregon) [Link] HTTPS

Africa af-south-1 [Link]- HTTP and

(Cape [Link] HTTPS
Town)

Version 1.0
42
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link]- HTTP and

Pacific [Link] HTTPS
(Hong
Kong)

Asia ap- [Link]- HTTP and

Pacific southeast-3 [Link] HTTPS
(Jakarta)

Asia ap- [Link]- HTTP and

Pacific south-1 [Link] HTTPS
(Mumbai)

Asia ap- [Link]- HTTP and

Pacific northeast-3 [Link] HTTPS
(Osaka)

Asia ap- [Link]- HTTP and

Pacific northeast-2 [Link] HTTPS
(Seoul)

Asia ap- [Link]- HTTP and

Pacific southeast-1 [Link] HTTPS
(Singapore)

Asia ap- [Link]- HTTP and

Pacific southeast-2 [Link] HTTPS
(Sydney)

Asia ap- [Link]- HTTP and

Pacific northeast-1 [Link] HTTPS
(Tokyo)

Canada ca- [Link]- HTTP and

(Central) central-1 [Link] HTTPS

Europe eu- [Link]- HTTP and

(Frankfurt) central-1 [Link] HTTPS

Europe eu-west-1 [Link]- HTTP and

(Ireland) [Link] HTTPS

Europe eu-west-2 [Link]- HTTP and

(London) [Link] HTTPS

Europe eu- [Link]- HTTP and

(Milan) south-1 [Link] HTTPS

Europe eu-west-3 [Link]- HTTP and

(Paris) [Link] HTTPS

Europe eu-north-1 [Link]- HTTP and

(Stockholm) [Link] HTTPS

Middle me- [Link]- HTTP and

East south-1 [Link] HTTPS
(Bahrain)

Version 1.0
43
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link]-gov- HTTP and

GovCloud east-1 [Link] HTTPS
(US-East)

AWS us-gov- [Link]-gov- HTTP and

GovCloud west-1 [Link] HTTPS
(US-West)

Service quotas

Name Default Adjustable

Scalable targets for Amazon Keyspaces Each supported Region: 500 Yes

Scalable targets for Amazon MSK Each supported Region: 500 Yes

Scalable targets for DynamoDB Each supported Region: Yes

5,000

Scalable targets for EC2 Each supported Region: 500 Yes

Scalable targets for ECS Each supported Region: Yes

3,000

Scalable targets for EMR Each supported Region: 500 Yes

Scalable targets for Lambda Each supported Region: 500 Yes

Scalable targets for RDS Each supported Region: 500 Yes

Scalable targets for SageMaker Each supported Region: 500 Yes

Scalable targets for custom resources Each supported Region: 500 Yes

Scaling policies per scalable target Each supported Region: 50 No

Scheduled actions per scalable target Each supported Region: 200 No

Step adjustments per step scaling policy Each supported Region: 20 No

For more information, see Application Auto Scaling Service Quotas in the Application Auto Scaling User
Guide.

Version 1.0
44
 AWS General Reference Reference guide
Application Discovery Service

AWS Application Discovery Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Active agents sending data to the service Each supported Region: No

1,000

Applications per account Each supported Region: No

1,000

Deletions of import records per day Each supported Region: No

25,000

Imported server records per account Each supported Region: No

25,000

Version 1.0
45
 AWS General Reference Reference guide
Application Migration Service

Name Default Adjustable

Imported servers per account Each supported Region: Yes

10,000

Inactive agents heartbeating but not collecting data Each supported Region: No
10,000

Servers per application Each supported Region: 400 No

Tags per server Each supported Region: 30 No

AWS Application Migration Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Version 1.0
46
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

Concurrent jobs in progress Each supported Region: 20 No

Max Active Source Servers Each supported Region: 20 Yes

Version 1.0
47
 AWS General Reference Reference guide
Amazon AppStream 2.0

Name Default Adjustable

Max Non-Archived Source Servers Each supported Region: No

4,000

Max Source Servers in a single Job Each supported Region: 200 No

Max Source Servers in all Jobs Each supported Region: 200 No

Max Total Source Servers Per AWS Account Each supported Region: No
50,000

Max concurrent Jobs per Source Server Each supported Region: 1 No

The following table lists additional information.

Resource Retention

Launch history Saved for 10 years

Individual Job log Saved for 185 days

Amazon AppStream 2.0 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
appstream2-fi[Link] HTTPS

appstream2-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
appstream2-fi[Link] HTTPS

appstream2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
48
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) appstream2-fi[Link] HTTPS

appstream2-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Active fleets Each supported Region: 10 Yes

Compute-optimized 2xlarge streaming instances for fleets Each supported Region: 0 Yes

Compute-optimized 2xlarge streaming instances for image Each supported Region: 0 Yes
builders

Compute-optimized 4xlarge streaming instances for fleets Each supported Region: 0 Yes

Compute-optimized 4xlarge streaming instances for image Each supported Region: 0 Yes
builders

Compute-optimized 8xlarge streaming instances for fleets Each supported Region: 0 Yes

Compute-optimized 8xlarge streaming instances for image Each supported Region: 0 Yes
builders

Compute-optimized large streaming instances for fleets Each supported Region: 10 Yes

Compute-optimized large streaming instances for image Each supported Region: 3 Yes
builders

Compute-optimized xlarge streaming instances for fleets Each supported Region: 10 Yes

Version 1.0
49
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Compute-optimized xlarge streaming instances for image Each supported Region: 3 Yes
builders

Concurrent image copies per destination Region Each supported Region: 2 Yes

Concurrent image updates Each supported Region: 5 Yes

Fleets Each supported Region: 10 Yes

Graphics G4DN 12xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN 12xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics G4DN 16xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN 16xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics G4DN 2xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN 2xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics G4DN 4xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN 4xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics G4DN 8xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN 8xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics G4DN xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics G4DN xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics design 2xlarge streaming instances for fleets Each supported Region: 10 Yes

Graphics design 2xlarge streaming instances for image Each supported Region: 3 Yes
builders

Graphics design 4xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics design 4xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics design large streaming instances for fleets Each supported Region: 10 Yes

Graphics design large streaming instances for image builders Each supported Region: 3 Yes

Graphics design xlarge streaming instances for fleets Each supported Region: 10 Yes

Graphics design xlarge streaming instances for image Each supported Region: 3 Yes
builders

Graphics pro 16xlarge streaming instances for fleets Each supported Region: 0 Yes

Version 1.0
50
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Graphics pro 16xlarge streaming instances for image Each supported Region: 0 Yes
builders

Graphics pro 4xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics pro 4xlarge streaming instances for image builders Each supported Region: 0 Yes

Graphics pro 8xlarge streaming instances for fleets Each supported Region: 0 Yes

Graphics pro 8xlarge streaming instances for image builders Each supported Region: 0 Yes

Image builders Each supported Region: 10 Yes

Image sharing limit Each supported Region: 100 Yes

Memory-optimized large streaming instances for fleets Each supported Region: 10 Yes

Memory-optimized large streaming instances for image Each supported Region: 3 Yes
builders

Memory-optimized xlarge streaming instances for fleets Each supported Region: 10 Yes

Memory-optimized xlarge streaming instances for image Each supported Region: 3 Yes
builders

Memory-optimized z1d 12xlarge streaming instances for Each supported Region: 0 Yes
fleets

Memory-optimized z1d 12xlarge streaming instances for Each supported Region: 0 Yes
image builders

Memory-optimized z1d 2xlarge streaming instances for Each supported Region: 0 Yes
fleets

Memory-optimized z1d 2xlarge streaming instances for Each supported Region: 0 Yes
image builders

Memory-optimized z1d 3xlarge streaming instances for Each supported Region: 0 Yes
fleets

Memory-optimized z1d 3xlarge streaming instances for Each supported Region: 0 Yes
image builders

Memory-optimized z1d 6xlarge streaming instances for Each supported Region: 0 Yes
fleets

Memory-optimized z1d 6xlarge streaming instances for Each supported Region: 0 Yes
image builders

Memory-optimized z1d large streaming instances for fleets Each supported Region: 10 Yes

Memory-optimized z1d large streaming instances for image Each supported Region: 3 Yes
builders

Memory-optimized z1d xlarge streaming instances for fleets Each supported Region: 10 Yes

Memory-optimized z1d xlarge streaming instances for image Each supported Region: 3 Yes
builders

Private images Each supported Region: 10 Yes

Version 1.0
51
 AWS General Reference Reference guide
AWS AppSync

Name Default Adjustable

Stacks Each supported Region: 10 Yes

Standard large streaming instances for fleets Each supported Region: 50 Yes

Standard large streaming instances for image builders Each supported Region: 5 Yes

Standard medium streaming instances for fleets Each supported Region: 50 Yes

Standard medium streaming instances for image builders Each supported Region: 5 Yes

Standard small streaming instances for fleets Each supported Region: 50 Yes

Standard small streaming instances for image builders Each supported Region: 5 Yes

Users in the user pool Each supported Region: 50 Yes

*For fleets that have Default Internet Access enabled, the quota is 100 fleet instances. If your
deployment must support more than 100 concurrent users, use a NAT gateway configuration instead.

AWS AppSync endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS AppSync control plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
52
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
53
 AWS General Reference Reference guide
Service endpoints

AWS AppSync data plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
54
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

API keys per API Each supported Region: 50 No

APIs per region Each supported Region: 25 Yes

Authentication providers per API Each supported Region: 50 No

Evaluated resolver template size Each supported Region: 5 No

Megabytes

Functions per pipeline resolver Each supported Region: 10 No

Iterations in a foreach loop in mapping templates Each supported Region: No

1,000

Max Batch Size Each supported Region: No

2,000

Number of caching keys Each supported Region: 25 No

Number of custom domain names Each supported Region: 25 Yes

Rate of request tokens Each supported Region: Yes

2,000 per second

Request execution time for mutations, queries, and Each supported Region: 30 No
subscriptions Seconds

Request mapping template size Each supported Region: 64 No

Kilobytes

Resolvers executed in a single request Each supported Region: No

10,000

Version 1.0
55
 AWS General Reference Reference guide
Athena

Name Default Adjustable

Response mapping template size Each supported Region: 64 No

Kilobytes

Schema document size Each supported Region: 1 No

Megabytes

Subscription payload size with MQTT over WebSockets Each supported Region: 128 No
Kilobytes

Subscription payload size with pure WebSockets Each supported Region: 240 No
Kilobytes

Rate of request tokens is the maximum number of request tokens per second in this account in the
current Region. AWS AppSync allocates tokens to mutation and query requests based on the amount of
resources (processing time and memory) that they consume. For more details on tokens, see Using token
counts to optimize your requests in the AWS AppSync developer guide.

Amazon Athena endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
athena-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
athena-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) athena-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
athena-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific

Version 1.0
56
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
57
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) athena-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) athena-fi[Link] HTTPS

To download the latest version of the JDBC driver and its documentation, see Using Athena with the
JDBC Driver.

For more information about the previous versions of the JDBC driver and their documentation, see Using
the Previous Version of the JDBC Driver.

To download the latest and previous versions of the ODBC driver and their documentation, see
Connecting to Athena with ODBC.

Service quotas

Name Default Adjustable

Active DDL queries Each supported Region: 20 Yes

Active DML queries us-east-1: 200 Yes

us-east-2: 150

us-west-2: 150

ap-northeast-1: 150

ap-northeast-2: 100

ap-south-1: 100

ap-southeast-1: 100

ap-southeast-2: 100

eu-central-1: 150

eu-west-1: 150

eu-west-2: 100

Each of the other supported

Regions: 20

DDL query timeout Each supported Region: 600 Yes

DML query timeout Each supported Region: 30 Yes

For more information, see Service quotas in the Amazon Athena User Guide.

Version 1.0
58
 AWS General Reference Reference guide
Audit Manager

AWS Audit Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
59
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Custom controls Each supported Region: 500 Yes

Custom frameworks Each supported Region: 100 Yes

Running assessments Each supported Region: 100 Yes

Amazon Augmented AI endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Version 1.0
60
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Service quotas

Resource Default

Flow definitions 100

Worker task templates (HumanTaskUi's) 100

In-flight human loops per flow definition (private 5,000

or vendor work team)
Human loops are considered in-flight when their
status is InProgress or Stopping.

In-flight human loops per flow definition (Amazon 1,000

Mechanical Turk work team)
Human loops are considered in-flight when their
status is InProgress or Stopping.

Amazon Aurora endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Aurora MySQL-Compatible Edition

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
61
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
62
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Amazon Aurora PostgreSQL-Compatible Edition

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
63
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
64
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Authorizations per DB security group Each supported Region: 20 No

DB instances Each supported Region: 40 Yes

DB subnet groups Each supported Region: 50 Yes

Event subscriptions Each supported Region: 20 Yes

IAM roles per DB cluster Each supported Region: 5 Yes

IAM roles per DB instance Each supported Region: 5 Yes

Manual DB cluster snapshots Each supported Region: 100 Yes

Manual DB instance snapshots Each supported Region: 100 Yes

Option groups Each supported Region: 20 Yes

Parameter groups Each supported Region: 50 Yes

Proxies Each supported Region: 20 Yes

Read replicas per master Each supported Region: 5 Yes

Reserved DB instances Each supported Region: 40 Yes

Rules per security group Each supported Region: 20 No

Security groups Each supported Region: 25 Yes

Security groups (VPC) Each supported Region: 5 No

Subnets per DB subnet group Each supported Region: 20 No

Tags per resource Each supported Region: 50 No

Total storage for all DB instances Each supported Region: Yes

100,000 Gigabytes

Version 1.0
65
 AWS General Reference Reference guide
AWS Auto Scaling

AWS Auto Scaling endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Version 1.0
66
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East)

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

Service quotas

Name Default Adjustable

Scaling instructions per scaling plan Each supported Region: 500 No

Scaling plans Each supported Region: 100 Yes

Version 1.0
67
 AWS General Reference Reference guide
AWS Backup

Name Default Adjustable

Target tracking configurations per scaling instruction Each supported Region: 10 No

For more information, see AWS Auto Scaling Service Quotas in the AWS Auto Scaling User Guide.

AWS Backup endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
backup-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
backup-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) backup-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
backup-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
68
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) backup-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) backup-fi[Link] HTTPS

Version 1.0
69
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Backup plans per Region per account Each supported Region: 100 Yes

Backup vaults per Region per account Each supported Region: 100 Yes

Concurrent backup copies per supported service per account Each supported Region: 5 No

Concurrent backup jobs per resource Each supported Region: 1 No

Framework controls per Region per account Each supported Region: 50 Yes

Frameworks per Region per account Each supported Region: 10 Yes

Frameworks per report plan Each supported Region: No

1,000

Metadata tags per backup Each supported Region: 50 No

Recovery points per backup vault Each supported Region: Yes

1,000,000

Report plans per Region per account Each supported Region: 20 Yes

Versions per backup plan Each supported Region: Yes

2,000

If you regularly receive throttling exceptions, consider using a rate limiter.

API name Default calls/sec

CreateBackupPlan | CreateBackupSelection | DeleteBackupPlan 5

| DeleteBackupSelection | DeleteBackupVault |
DeleteBackupVaultAccessPolicy | DeleteBackupVaultNotifications
| DescribeBackupVault | ExportBackupPlanTemplate |
GetBackupPlanFromJSON | GetBackupPlanFromTemplate |
PutBackupVaultNotifications | StartBackupJob | StartRestoreJob |
StopBackupJob | TagResource | UntagResource | UpdateBackupPlan |
UpdateRecoveryPointLifecycle

DeleteRecoveryPoint | DescribeProtectedResource 10

DescribeBackupJob | DescribeRecoveryPoint | DescribeRestoreJob | 15

GetBackupPlan | GetBackupSelection | GetBackupVaultAccessPolicy
| GetBackupVaultNotifications | GetRecoveryPointRestoreMetadata |
GetSupportedResourceTypes

ListBackupJobs | ListBackupPlans | ListBackupPlanTemplates | 20

ListBackupPlanVersions | ListBackupSelections | ListBackupVaults
| ListProtectedResources | ListRecoveryPointByResource |
ListRecoveryPointsByBackupVault | ListRecoveryPointsByResource |
ListRestoreJobs | ListTags

Sum of All API Calls 50

Version 1.0
70
 AWS General Reference Reference guide
AWS Batch

For additional information, see Quotas in the AWS Backup Developer Guide.

AWS Batch endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
71
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Compute environment limit Each supported Region: 50 No

Compute environments per job queue limit. Each supported Region: 3 No

Version 1.0
72
 AWS General Reference Reference guide
Billing and Cost Management

Name Default Adjustable

Job dependencies limit Each supported Region: 20 No

Job payload size limit Each supported Region: 30 No

Job queue limit Each supported Region: 50 No

Maximum array size limit Each supported Region: No

10,000

Share identifiers per job queue limit. Each supported Region: 500 No

Submitted state jobs limit Each supported Region: No

1,000,000

For more information, see Service Quotas in the AWS Batch User Guide.

AWS Billing and Cost Management endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

AWS Billing and Cost Management includes the AWS Cost Explorer API, the AWS Cost and Usage Reports
API, the AWS Budgets API, and the AWS Price List API.

Service endpoints
AWS Cost Explorer

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

AWS Cost and Usage Reports

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
73
 AWS General Reference Reference guide
Service endpoints

AWS Budgets

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
74
 AWS General Reference Reference guide
Service endpoints

AWS Price List Service

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Savings Plans

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
75
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Billing and Cost Management has no increasable quotas. For more information, see Quotas in AWS
Billing and Cost Management.

Amazon Braket endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
76
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Burst rate of API requests Each supported Region: 600 No

Burst rate of CancelJob requests Each supported Region: 5 No

Burst rate of CancelQuantumTask requests Each supported Region: 20 No

Burst rate of CreateJob requests Each supported Region: 5 No

Burst rate of CreateQuantumTask requests Each supported Region: 40 No

Burst rate of GetDevice requests Each supported Region: 50 No

Burst rate of GetJob requests Each supported Region: 25 No

Burst rate of GetQuantumTask requests Each supported Region: 500 No

Burst rate of SearchDevices requests Each supported Region: 50 No

Burst rate of SearchJobs requests Each supported Region: 50 No

Burst rate of SearchQuantumTasks requests Each supported Region: 50 No

Number of concurrent DM1 tasks eu-west-2: 50 No

Each of the other supported

Regions: 100

Number of concurrent SV1 tasks eu-west-2: 50 No

Each of the other supported

Regions: 100

Number of concurrent TN1 tasks eu-west-2: 5 Yes

Version 1.0
77
 AWS General Reference Reference guide
AWS BugBust

Name Default Adjustable

Each of the other supported
Regions: 10

Number of concurrent jobs Each supported Region: 5 Yes

Rate of API requests Each supported Region: 140 Yes

Rate of CancelJob requests Each supported Region: 2 per Yes

second

Rate of CancelQuantumTask requests Each supported Region: 2 per Yes

second

Rate of CreateJob requests Each supported Region: 1 per Yes

second

Rate of CreateQuantumTask requests Each supported Region: 20 Yes

per second

Rate of GetDevice requests Each supported Region: 5 per Yes

second

Rate of GetJob requests Each supported Region: 5 per Yes

second

Rate of GetQuantumTask requests Each supported Region: 100 Yes

per second

Rate of SearchDevices requests Each supported Region: 5 per Yes

second

Rate of SearchJobs requests Each supported Region: 5 per Yes

second

Rate of SearchQuantumTasks requests Each supported Region: 5 per Yes

second

AWS BugBust endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

Version 1.0
78
 AWS General Reference Reference guide
Service quotas

Service quotas

Resource Default

Associated repositories 5 per BugBust event

Profiling groups 25 per BugBust event

Participants 50 per BugBust event

Regions 50 BugBust events per Region

AWS Certificate Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
acm-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
acm-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) acm-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
acm-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Version 1.0
79
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
acm-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
80
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

ACM certificates Each supported Region: Yes

2,500

ACM certificates created in last 365 days Each supported Region: Yes
5,000

Domain names per ACM certificate Each supported Region: 10 Yes

Imported certificates Each supported Region: Yes

2,500

Imported certificates in last 365 days Each supported Region: Yes

5,000

For more information, see Quotas in the AWS Certificate Manager User Guide.

AWS Certificate Manager Private Certificate

Authority endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
acm-pca-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
81
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
acm-pca-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) acm-pca-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
acm-pca-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
acm-pca-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
82
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

Number of private certificate authorities (CAs) Each supported Region: 200 Yes

Number of private certificates per CA Each supported Region: Yes

1,000,000

Number of revoked private certificates per CA Each supported Region: No

1,000,000

Rate of CreateCertificateAuthority requests Each supported Region: 1 No

Rate of CreateCertificateAuthorityAuditReport requests Each supported Region: 1 No

Rate of CreatePermission requests Each supported Region: 1 No

Rate of DeleteCertificateAuthority requests Each supported Region: 10 No

Rate of DeletePermission requests Each supported Region: 1 No

Rate of DeletePolicy requests Each supported Region: 5 No

Rate of DescribeCertificateAuthority requests Each supported Region: 20 No

Rate of DescribeCertificateAuthorityAuditReport requests Each supported Region: 20 No

Rate of GetCertificate requests Each supported Region: 75 Yes

Version 1.0
83
 AWS General Reference Reference guide
AWS Chatbot

Name Default Adjustable

Rate of GetCertificateAuthorityCertificate requests Each supported Region: 20 No

Rate of GetCertificateAuthorityCsr requests Each supported Region: 10 No

Rate of GetPolicy requests Each supported Region: 5 No

Rate of ImportCertificateAuthorityCertificate requests Each supported Region: 10 No

Rate of IssueCertificate requests Each supported Region: 25 Yes

Rate of ListCertificateAuthorities requests Each supported Region: 20 No

Rate of ListPermissions requests Each supported Region: 5 No

Rate of ListTags requests Each supported Region: 20 No

Rate of PutPolicy requests Each supported Region: 5 No

Rate of RestoreCertificateAuthority requests Each supported Region: 20 No

Rate of RevokeCertificate requests Each supported Region: 20 No

Rate of TagCertificateAuthority requests Each supported Region: 10 No

Rate of UntagCertificateAuthority requests Each supported Region: 10 No

Rate of UpdateCertificateAuthority requests Each supported Region: 10 No

AWS Chatbot endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
84
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
85
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

Maximum number of Chime webhook configurations per Each supported Region: 500 No
AWS account

Maximum number of Slack channel configurations per AWS Each supported Region: 500 No
account

Amazon Chime endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Chime has a single endpoint that supports HTTPS: [Link]

Service quotas
Name Default Adjustable

Chime SDK Meetings - BatchCreateAttendees burst limit Each supported Region: 20 No

Chime SDK Meetings - BatchCreateAttendees rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - CreateAttendee burst limit Each supported Region: 20 No

Chime SDK Meetings - CreateAttendee rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - CreateMeeting burst limit Each supported Region: 20 No

Chime SDK Meetings - CreateMeeting rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - CreateMeetingWithAttendees burst Each supported Region: 20 No

limit

Version 1.0
86
 AWS General Reference Reference guide
Cloud Control API

Name Default Adjustable

Chime SDK Meetings - CreateMeetingWithAttendees rate Each supported Region: 10 No

limit in transactions per second

Chime SDK Meetings - DeleteAttendee burst limit Each supported Region: 20 No

Chime SDK Meetings - DeleteAttendee rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - DeleteMeeting burst limit Each supported Region: 20 No

Chime SDK Meetings - DeleteMeeting rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - GetMeeting burst limit Each supported Region: 20 No

Chime SDK Meetings - GetMeeting rate limit in transactions Each supported Region: 10 No
per second

Chime SDK Meetings - ListAttendees burst limit Each supported Region: 20 No

Chime SDK Meetings - ListAttendees rate limit in Each supported Region: 10 No

transactions per second

Chime SDK Meetings - ListMeetings burst limit Each supported Region: 20 No

Chime SDK Meetings - ListMeetings rate limit in transactions Each supported Region: 10 No
per second

Chime SDK Meetings - all meeting management API requests Each supported Region: 20 No
burst limit

Chime SDK Meetings - all meeting management API requests Each supported Region: 10 No
rate limit in transactions per second

Chime SDK Meetings - attendees per meeting Each supported Region: 250 No

Chime SDK Meetings - replica meetings per primary meeting Each supported Region: 4 Yes

Chime SDK Meetings - video tiles per meeting Each supported Region: 25 Yes

The following table lists additional quotas for Amazon Chime rooms and memberships.

Resource Default

Rooms per account 1,500

Rooms per profile 1,500

Memberships per room 1,000

Memberships per profile 1,000

Cloud Control API endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
87
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
cloudcontrolapi-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
cloudcontrolapi-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) cloudcontrolapi-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
cloudcontrolapi-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
88
 AWS General Reference Reference guide
AWS Cloud9

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
cloudcontrolapi-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) cloudcontrolapi-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) cloudcontrolapi-fi[Link]-gov- HTTPS
[Link]

AWS Cloud9 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
89
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
90
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

EC2 development environments Each supported Region: 100 Yes

EC2 development environments Each supported Region: 200 Yes

Members per development environment Each supported Region: 8 No

SSH development environments Each supported Region: 200 Yes

SSH development environments Each supported Region: 100 Yes

For more information, see Quotas in the AWS Cloud9 User Guide.

Amazon Cloud Directory endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
91
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

AWS CloudFormation endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
cloudformation-fi[Link] HTTPS

Version 1.0
92
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
cloudformation-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) cloudformation-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
cloudformation-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
93
 AWS General Reference Reference guide
StackSets regional support

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

StackSets regional support

StackSets is supported in the following Regions:

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific

Version 1.0
94
 AWS General Reference Reference guide
StackSets regional support

Region Region Endpoint Protocol

Name
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
95
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

For more information, see AWS CloudFormation StackSets in the AWS CloudFormation User Guide.

Service quotas

Name Default Adjustable

Attributes per mapping in CloudFormation template Each supported Region: 200 No

Data in custom resource provider Each supported Region: No

4,096 Bytes

Declared mappings in CloudFormation template. Each supported Region: 200 No

Maximum size of a template description in a cloud formation Each supported Region: No

template 1,024 Bytes

Module limit per account Each supported Region: 100 Yes

Nested modules Each supported Region: 3 No

Output count in CloudFormation template Each supported Region: 200 No

Parameters declared in CloudFormation template. Each supported Region: 200 No

Resource limit per account Each supported Region: 50 Yes

Resources declared in a CloudFormation template Each supported Region: 500 No

Size of Mapping attribute name Each supported Region: 255 No

Size of a parameter value in cloud formation template Each supported Region: No

4,096

Size of a resource name in cloud formation template Each supported Region: 255 No

Size of a template body in S3 object for a ValidateStack Each supported Region: 1 No

request Megabytes

Size of output name in CloudFormation template Each supported Region: 255 No

Size of parameter name in CloudFormation template Each supported Region: 255 No

Size of template body in CreateStack request Each supported Region: No

51,200 Bytes

Stack count Each supported Region: Yes

2,000

Version 1.0
96
 AWS General Reference Reference guide
CloudFront

Name Default Adjustable

Stack instance operations per administrator account Each supported Region: Yes
3,500

Stack instances per stack set Each supported Region: Yes

2,000

Stack sets per administrator account Each supported Region: 100 Yes

Version limit per module Each supported Region: 100 Yes

Version limit per resource Each supported Region: 50 Yes

cfn-signal wait condition data Each supported Region: No

4,096 Bytes

For more information, see AWS CloudFormation Quotas in the AWS CloudFormation User Guide.

Amazon CloudFront endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol Amazon
Name Route 53
Hosted
Zone ID*

US East (N. us-east-1 [Link] HTTPS Z2FDTNDATAQYW2

Virginia)
Region cloudfront-fi[Link] HTTPS

Service quotas
Name Default Adjustable

Alternate domain names (CNAMEs) per distribution Each supported Region: 100 Yes

Cache behaviors per distribution Each supported Region: 25 Yes

Cache policies per AWS account Each supported Region: 20 No

CloudFront Functions: Maximum number of distributions Each supported Region: 100 Yes
associated with a single function

Concurrent executions Each supported Region: Yes

1,000

Version 1.0
97
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Connection attempts per origin Each supported Region: 3 No

Connection timeout per origin Each supported Region: 10 No

Seconds

Cookies per cache policy Each supported Region: 10 Yes

Cookies per origin request policy Each supported Region: 10 Yes

Custom headers: maximum length of a header name Each supported Region: 256 No

Custom headers: maximum length of a header value Each supported Region: No

1,783

Custom headers: maximum length of all header values and Each supported Region: No
names combined 10,240

Custom headers: maximum number of custom headers that Each supported Region: 10 Yes
you can configure CloudFront to add to origin requests

Data transfer rate per distribution Each supported Region: 150 Yes

Distributions associated with a single key group Each supported Region: 100 Yes

Distributions associated with the same cache policy Each supported Region: 100 No

Distributions associated with the same origin request policy Each supported Region: 100 No

Distributions per AWS account that you can create triggers Each supported Region: 25 Yes
for

File invalidation: maximum number of active wildcard Each supported Region: 15 No

invalidations allowed

File invalidation: maximum number of files allowed in active Each supported Region: No
invalidation requests, excluding wildcard invalidations 3,000

Function memory size (Viewer request and response event) Each supported Region: 128 No
Megabytes

Function timeout (Origin request and response event) Each supported Region: 30 No
Seconds

Function timeout for a viewer request and response event Each supported Region: 5 No
Seconds

Headers per cache policy Each supported Region: 10 Yes

Headers per origin request policy Each supported Region: 10 Yes

Key groups associated with a single distribution Each supported Region: 4 Yes

Key groups per AWS account Each supported Region: 10 Yes

Maximum compressed size of a Lambda function and any Each supported Region: 50 No
included libraries. (Origin request and response event) Megabytes

Maximum compressed size of a Lambda function and any Each supported Region: 1 No
included libraries. (Viewer request and response event) Megabytes

Version 1.0
98
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Maximum file size for HTTP GET, POST, and PUT requests Each supported Region: 20 No
Gigabytes

Maximum length of a URL Each supported Region: No

8,192 Bytes

Maximum length of a field to encrypt Each supported Region: 16 No

Kilobytes

Maximum length of a request body when field-level Each supported Region: 1 No

encryption is configured Megabytes

Maximum length of a request, including headers and query Each supported Region: No
strings, but not including the body content 20,480 Bytes

Maximum number of CloudFront distributions that can be Each supported Region: 20 No

associated with a field-level encryption configuration

Maximum number of characters in a whitelisted query string Each supported Region: 128 No

Maximum number of characters total for all whitelisted Each supported Region: 512 No
query strings in the same parameter

Maximum number of field-level encryption configurations Each supported Region: 10 No

that can be associated with one AWS account

Maximum number of field-level encryption profiles that can Each supported Region: 10 No
be associated with one AWS account

Maximum number of fields in a request body when field- Each supported Region: 10 No
level encryption is configured

Maximum number of fields to encrypt that can be specified Each supported Region: 10 No
in one profile

Maximum number of public keys that can be added to one Each supported Region: 10 No
AWS account

Maximum number of query argument profile mappings that Each supported Region: 5 No
can be included in a field-level encryption configuration

Origin access identities per account Each supported Region: 100 Yes

Origin groups per distribution Each supported Region: 10 Yes

Origin request policies per AWS account Each supported Region: 20 No

Origin response timeout (idle timeout) Each supported Region: 10 No

Origins per distribution Each supported Region: 25 Yes

Public keys in a single key group Each supported Region: 5 Yes

Query strings per cache policy Each supported Region: 10 Yes

Query strings per origin request policy Each supported Region: 10 Yes

RTMP distributions per AWS account Each supported Region: 100 Yes

Version 1.0
99
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Range of file sizes that CloudFront compresses Each supported Region: No

10,000,000 Bytes

Request body size for origin requests exposed to a Each supported Region: 1 No
Lambda@Edge function. Megabytes

Request body size for origin requests when returning from a Each supported Region: 1.33 No
Lambda function (base64 encoding) Megabytes

Request body size for origin requests when returning from a Each supported Region: 1 No
Lambda function (text encoding) Megabytes

Request body size for viewer requests exposed to a Each supported Region: 40 No
Lambda@Edge function. Kilobytes

Request body size for viewer requests when returning from a Each supported Region: 53.2 No
Lambda function (base64 encoding) Kilobytes

Request body size for viewer requests when returning from a Each supported Region: 40 No
Lambda function (text encoding) Kilobytes

Request timeout Each supported Region: 30 Yes

Seconds

Requests per second Each supported Region: Yes

10,000

Requests per second per distribution Each supported Region: Yes

250,000

Response timeout per origin Each supported Region: 60 Yes

Seconds

SSL certificates per AWS account when serving HTTPS Each supported Region: 2 Yes
requests using dedicated IP addresses

SSL certificates that can be associated with a CloudFront Each supported Region: 1 No
web distribution

Size of a response that is generated by a Lambda function, Each supported Region: 1 No

including headers and body (Origin request and response Megabytes
event)

Size of a response that is generated by a Lambda function, Each supported Region: 40 No

including headers and body (Viewer request and response Kilobytes
event)

Tags that can be added to a distribution Each supported Region: 50 No

Total length of the URI including query string in a Each supported Region: No
Lambda@Edge function 8,192

Total number of bytes in whitelisted cookie names (doesn’t Each supported Region: 512 No
apply if you configure CloudFront to forward all cookies to Bytes
the origin)

Triggers per distribution Each supported Region: 100 Yes

Web distributions per AWS account Each supported Region: 200 Yes

Version 1.0
100
 AWS General Reference Reference guide
AWS CloudHSM

Name Default Adjustable

Whitelisted cookies per cache behavior Each supported Region: 10 Yes

Whitelisted headers per cache behavior Each supported Region: 10 Yes

Whitelisted query strings per cache behavior Each supported Region: 10 Yes

For more information, see Quotas in the Amazon CloudFront Developer Guide.

AWS CloudHSM endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS CloudHSM

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Version 1.0
101
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
102
 AWS General Reference Reference guide
Service quotas

AWS CloudHSM Classic

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Europe eu-west-1 [Link] HTTPS

(Ireland)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
AWS CloudHSM

Name Default Adjustable

Clusters per AWS Region and AWS account Each supported Region: 4 Yes

HSMs per AWS Region and AWS account Each supported Region: 6 Yes

HSMs per CloudHSM cluster Each supported Region: 28 No

Keys per CloudHSM cluster Each supported Region: No

3,300

Length of a Username Each supported Region: 31 No

Length of a password Each supported Region: 32 No

Minimum length of a password Each supported Region: 7 No

Number of concurrent clients Each supported Region: 900 No

Users per CloudHSM cluster Each supported Region: No

1,024

For more information, see Quotas in the AWS CloudHSM User Guide.

AWS CloudHSM Classic

Resource Default

HSM appliances 3

High-availability partition groups 20

For more information, see Quotas in the AWS CloudHSM Classic User Guide.

Version 1.0
103
 AWS General Reference Reference guide
AWS Cloud Map

AWS Cloud Map endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
servicediscovery-fi[Link] HTTPS

servicediscovery-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
servicediscovery-fi[Link] HTTPS

servicediscovery-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) servicediscovery-fi[Link] HTTPS

servicediscovery-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
servicediscovery-fi[Link] HTTPS

servicediscovery-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
104
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
servicediscovery-fi[Link] HTTPS

servicediscovery-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) servicediscovery-fi[Link]-gov- HTTPS
[Link]
HTTPS
servicediscovery-fi[Link]-gov-
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) servicediscovery-fi[Link]-gov- HTTPS
[Link]
HTTPS
servicediscovery-fi[Link]-gov-
[Link]

Version 1.0
105
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Custom attributes per instance Each supported Region: 30 No

DiscoverInstances operation per account burst rate Each supported Region: Yes
2,000

DiscoverInstances operation per account steady rate Each supported Region: Yes
1,000

Instances per namespace Each supported Region: Yes

2,000

Instances per service Each supported Region: No

1,000

Namespaces per Region Each supported Region: 50 Yes

For more information, see AWS Cloud Map Quotas in the AWS Cloud Map Developer Guide.

Amazon CloudSearch endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
106
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

Document batch size Each supported Region: 5 No

Megabytes

Document size Each supported Region: 1 No

Megabytes

Domains per account Each supported Region: 100 No

Index fields Each supported Region: 200 Yes

Partition count Each supported Region: 10 Yes

Replication count Each supported Region: 5 Yes

Search document fields Each supported Region: 200 No

For more information, see Understanding Amazon CloudSearch Quotas in the Amazon CloudSearch
Developer Guide.

AWS CloudShell endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
107
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Data retention Each supported Region: 120 No

Home directory size Each supported Region: 1 No

Gigabytes

AWS CloudTrail endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
108
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
cloudtrail-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
cloudtrail-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) cloudtrail-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
cloudtrail-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
109
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Conditions across all advanced event selectors Each supported Region: 500 No

Data resources across all event selectors in a trail Each supported Region: 250 No

Event data stores per region Each supported Region: 5 No

Event selectors Each supported Region: 5 No

Event size Each supported Region: 256 No

Kilobytes

Trails per region Each supported Region: 5 No

Version 1.0
110
 AWS General Reference Reference guide
CloudWatch

Name Default Adjustable

Transactions per second (TPS) for all other APIs Each supported Region: 1 No

Transactions per second (TPS) for the LookupEvents API Each supported Region: 2 No

Transactions per second (TPS) for the get, describe, and list Each supported Region: 10 No
APIs

For more information, see Quotas in AWS CloudTrail.

Amazon CloudWatch endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS
monitoring-fi[Link]
HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS
monitoring-fi[Link]
HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California) monitoring-fi[Link]
HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS
monitoring-fi[Link]
HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Version 1.0
111
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

Version 1.0
112
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East) [Link]
HTTPS

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West) [Link]
HTTPS

Service quotas

Name Default Adjustable

Actions per CloudWatch alarm, per state Each supported Region: 5 No

Canary limit us-east-1: 300 Yes

us-east-2: 300

us-west-2: 300

ap-northeast-1: 300

eu-west-1: 300

Each of the other supported

Regions: 200

Data retention Each supported Region: 15 No

Dimensions per metric Each supported Region: 10 No

Metric data queries per GetMetricData request Each supported Region: 500 No

MetricDatum items per PutMetricData request Each supported Region: 20 No

Metrics per dashboard Each supported Region: No

2,500

Metrics per dashboard widget Each supported Region: 500 No

Minimum frequency Each supported Region: No

60,000 Milliseconds

Number of Contributor Insights rules Each supported Region: 100 Yes

per 5 minutes

Payload size for PutMetricData requests Each supported Region: 40 No

Rate of DeleteAlarms requests Each supported Region: 3 per No

second

Rate of DeleteDashboards requests Each supported Region: 10 Yes

per second

Version 1.0
113
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of DeleteInsightRules requests Each supported Region: 1 per No

second

Rate of DeleteMetricStream requests Each supported Region: 10 Yes

per second

Rate of DescribeAlarmHistory requests Each supported Region: 3 per No

second

Rate of DescribeAlarms requests Each supported Region: 9 per Yes

second

Rate of DescribeAlarmsForMetric requests Each supported Region: 3 per No

second

Rate of DescribeInsightRules requests Each supported Region: 1 per No

second

Rate of DisableAlarmActions requests Each supported Region: 3 per No

second

Rate of DisableInsightRules requests Each supported Region: 1 per No

second

Rate of EnableAlarmActions requests Each supported Region: 3 per No

second

Rate of EnableInsightRules requests Each supported Region: 1 per No

second

Rate of GetDashboard requests Each supported Region: 10 Yes

per second

Rate of GetInsightRuleReport requests Each supported Region: 20 Yes

per second

Rate of GetMetricData datapoints for metrics older than Each supported Region: No
three hours 396,000

Rate of GetMetricData datapoints for the last three hours of Each supported Region: No
metrics 180,000

Rate of GetMetricData requests Each supported Region: 50 Yes

per second

Rate of GetMetricStatistics requests Each supported Region: 400 Yes

per second

Rate of GetMetricStream requests Each supported Region: 10 Yes

per second

Rate of GetMetricWidgetImage requests Each supported Region: 20 Yes

per second

Rate of ListDashboards requests Each supported Region: 10 Yes

per second

Rate of ListMetricStreams requests Each supported Region: 10 Yes

per second

Version 1.0
114
 AWS General Reference Reference guide
CloudWatch Application Insights

Name Default Adjustable

Rate of ListMetrics requests Each supported Region: 25 Yes

per second

Rate of ListTagsForResource requests Each supported Region: 10 No

per second

Rate of PutDashboard requests Each supported Region: 10 Yes

per second

Rate of PutInsightRule requests Each supported Region: 1 per No

second

Rate of PutMetricAlarm requests Each supported Region: 3 per Yes

second

Rate of PutMetricData requests Each supported Region: 150 Yes

per second

Rate of PutMetricStream requests Each supported Region: 10 Yes

per second

Rate of SetAlarmState requests Each supported Region: 3 per No

second

Rate of StartMetricStreams requests Each supported Region: 10 Yes

per second

Rate of StopMetricStreams requests Each supported Region: 10 Yes

per second

Rate of TagResource requests Each supported Region: 1 per No

second

Rate of UntagResource requests Each supported Region: 1 per No

second

For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.

Amazon CloudWatch Application Insights

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
115
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-3 [Link]
(Osaka)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
116
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West) HTTPS
[Link]-gov-
[Link]

Service quotas
Resource Default quota

API requests All API actions are throttled to 5 TPS

Applications 100 per account

Log Streams 5 per resource

Observations per problem 20 per dashboard

40 per DescribeProblemObservations action

Metrics 60 per resource

Resources 30 per application

Amazon CloudWatch Events endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
117
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
events-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
events-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) events-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
events-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
118
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

Api destinations Each supported Region: Yes

3,000

Connections Each supported Region: Yes

3,000

Invocations throttle limit in transactions per second us-east-1: 18,750 Yes

us-east-2: 4,500

Version 1.0
119
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

us-west-1: 2,250

us-west-2: 18,750

af-south-1: 750

ap-northeast-1: 2,250

ap-northeast-3: 750

ap-southeast-1: 2,250

ap-southeast-2: 2,250

eu-central-1: 4,500

eu-south-1: 750

eu-west-1: 18,750

eu-west-2: 2,250

Each of the other supported

Regions: 1,100

Number of rules af-south-1: 100 Yes

eu-south-1: 100

Each of the other supported

Regions: 300

PutEvents throttle limit in transactions per second us-east-1: 10,000 Yes

us-east-2: 2,400

us-west-1: 1,200

us-west-2: 10,000

af-south-1: 400

ap-northeast-1: 1,200

ap-northeast-3: 400

ap-southeast-1: 1,200

ap-southeast-2: 1,200

eu-central-1: 2,400

eu-south-1: 400

eu-west-1: 10,000

eu-west-2: 1,200

Each of the other supported

Regions: 600

Version 1.0
120
 AWS General Reference Reference guide
CloudWatch Logs

Name Default Adjustable

Rate of invocations per API destination Each supported Region: 300 Yes

Targets per rule Each supported Region: 5 No

Throttle limit in transactions per second Each supported Region: 50 Yes

For more information, see CloudWatch Events quotas in the Amazon CloudWatch Events User Guide.

Amazon CloudWatch Logs endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
logs-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
logs-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) logs-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
logs-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
121
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Version 1.0
122
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Active export task Each supported Region: 1 No

AssociateKmsKey throttle limit in transactions per second Each supported Region: 5 per No
second

Batch size Each supported Region: 1 No

Megabytes

CancelExportTask throttle limit in transactions per second Each supported Region: 5 per No
second

CreateExportTask throttle limit in transactions per second Each supported Region: 5 per No
second

CreateLogGroup throttle limit in transactions per second Each supported Region: 5 per Yes
second

CreateLogStream throttle limit in transactions per second Each supported Region: 50 Yes
per second

Data archiving Each supported Region: 5 No

Gigabytes

DeleteDestination throttle limit in transactions per second Each supported Region: 5 per No
second

DeleteLogGroup throttle limit in transactions per second Each supported Region: 5 per Yes
second

DeleteLogStream throttle limit in transactions per second Each supported Region: 5 per No
second

DeleteMetricFilter throttle limit in transactions per second Each supported Region: 5 per No
second

DeleteRetentionPolicy throttle limit in transactions per Each supported Region: 5 per No

second second

DeleteSubscriptionFilter throttle limit in transactions per Each supported Region: 5 per No

second second

DescribeDestinations throttle limit in transactions per Each supported Region: 5 per No

second second

DescribeExportTasks throttle limit in transactions per second Each supported Region: 5 per No
second

DescribeLogGroups throttle limit in transactions per second Each supported Region: 5 per Yes
second

DescribeLogStreams throttle limit in transactions per second Each supported Region: 5 per Yes
second

DescribeMetricFilters throttle limit in transactions per Each supported Region: 5 per No

second second

Version 1.0
123
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DescribeSubscriptionFilters throttle limit in transactions per Each supported Region: 5 per No

second second

Event size Each supported Region: 256 No

Kilobytes

FilterLogEvents throttle limit in transactions per second Each supported Region: 5 per No
second

GetLogEvents throttle limit in transactions per second Each supported Region: 10 No

per second

GetQueryResults throttle limit in transactions per second Each supported Region: 5 No

ListTagsLogGroup throttle limit in transactions per second Each supported Region: 5 per No
second

Log groups Each supported Region: Yes

1,000,000

Metrics filters per log group Each supported Region: 100 No

PutDestination throttle limit in transactions per second Each supported Region: 5 per No
second

PutDestinationPolicy throttle limit in transactions per Each supported Region: 5 per No

second second

PutLogEvents throttle limit in transactions per second us-east-1: 1,500 per second Yes

us-west-2: 1,500 per second

eu-north-1: 1,500 per second

eu-south-1: 1,500 per second

eu-west-1: 1,500 per second

eu-west-3: 1,500 per second

Each of the other supported

Regions: 800 per second

PutMetricFilter throttle limit in transactions per second Each supported Region: 5 per No
second

PutRetentionPolicy throttle limit in transactions per second Each supported Region: 5 per No
second

PutSubscriptionFilter throttle limit in transactions per Each supported Region: 5 per No

second second

StartQuery throttle limit in transactions per second Each supported Region: 5 No

Subscription filters per log group Each supported Region: 2 No

TagLogGroup throttle limit in transactions per second Each supported Region: 5 per No
second

Version 1.0
124
 AWS General Reference Reference guide
CloudWatch Synthetics

Name Default Adjustable

TestMetricFilter throttle limit in transactions per second Each supported Region: 5 per No
second

UntagLogGroup throttle limit in transactions per second Each supported Region: 5 per No
second

For more information, see CloudWatch Logs quotas in the Amazon CloudWatch Logs User Guide.

Amazon CloudWatch Synthetics endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
125
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
126
 AWS General Reference Reference guide
Service quotas

Service quotas
Resource Default

Canaries 100 per Region per account in the following Regions: US

East (N. Virginia), US East (Ohio), US West (Oregon), Europe
(Ireland), and Asia Pacific (Tokyo). 20 per Region per account
in all other Regions.

You can request a quota increase.

For more information, see CloudWatch Quotas in the Amazon CloudWatch User Guide.

AWS CodeArtifact endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Version 1.0
127
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Service quotas

Name Default Adjustable

Asset file size maximum Each supported Region: 1 Yes

Gigabytes

Assets per package version maximum Each supported Region: 100 No

CopyPackageVersions maximum requests per second Each supported Region: 5 Yes

Direct upstream repository maximum Each supported Region: 10 No

Domains per AWS account maximum Each supported Region: 10 Yes

GetAuthorizationToken maximum requests per second Each supported Region: 40 Yes

GetPackageVersionAsset maximum requests per second Each supported Region: 50 Yes

ListPackageVersionAssets maximum requests per second Each supported Region: 20 Yes

ListPackageVersions maximum requests per second Each supported Region: 200 Yes

ListPackages maximum requests per second Each supported Region: 200 Yes

Maximum read requests per second from a single AWS Each supported Region: 800 Yes
account

Maximum requests per second using a single authentication Each supported Region: 800 No
token.

Maximum write requests per second from a single AWS Each supported Region: 100 Yes
account

Repositories per domain maximum Each supported Region: Yes

1,000

Requests without authentication token per IP address Each supported Region: 600 No
maximum

Version 1.0
128
 AWS General Reference Reference guide
CodeBuild

Name Default Adjustable

Upstream repository search maximum Each supported Region: 25 No

AWS CodeBuild endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
codebuild-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
codebuild-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) codebuild-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
codebuild-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
129
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) codebuild-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) codebuild-fi[Link] HTTPS

Version 1.0
130
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Associated tags per project Each supported Region: 50 No

Build projects Each supported Region: Yes

5,000

Build timeout in minutes Each supported Region: 480 No

Concurrent request for information about builds Each supported Region: 100 No

Concurrent requests for information on build projects Each supported Region: 100 No

Concurrently running builds Each supported Region: 60 Yes

Minimum period for build timeout in minutes Each supported Region: 5 No

Security groups under VPC configuration Each supported Region: 5 No

Subnets under VPC configuration Each supported Region: 16 No

For more information, see Quotas for CodeBuild in the AWS CodeBuild User Guide.

AWS CodeCommit endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

Version 1.0
131
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)
codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Version 1.0
132
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) codecommit-fi[Link] HTTPS

codecommit-fi[Link] HTTPS

For information about Git connection endpoints, including SSH and HTTPS information, see Regions and
Git Connection Endpoints for CodeCommit.

Service quotas

Name Default Adjustable

Allowed repositories Each supported Region: Yes

1,000

For more information, see Quotas in CodeCommit in the AWS CodeCommit User Guide.

AWS CodeDeploy endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
133
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
codedeploy-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
codedeploy-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) codedeploy-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
codedeploy-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
134
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) codedeploy-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) codedeploy-fi[Link] HTTPS

Service quotas
Name Default Adjustable

AWS Lambda deployment run in hours Each supported Region: 50 No

Applications associated per account per region Each supported Region: Yes
1,000

Auto Scaling groups in a deployment group Each supported Region: 10 No

Concurrent deployments per account Each supported Region: Yes

1,000

Concurrent deployments per deployment group Each supported Region: 1 No

Custom deployment configurations per account Each supported Region: 50 No

Version 1.0
135
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Deployment groups associated with a single application Each supported Region: Yes
1,000

EC2/On-Premises blue/green deployment run in hours Each supported Region: 109 No

EC2/On-Premises in-place deployment run in hours Each supported Region: 8 No

Event notification triggers in a deployment group Each supported Region: 10 Yes

GitHub connection tokens per account Each supported Region: 25 No

Hours between the completion of a deployment and the Each supported Region: 48 No
termination of the original instances during an EC2/On-
Premises blue/green deployment

Hours between the deployment of a revision and when Each supported Region: 48 No
traffic shifts to the replacement instances during an EC2/On-
Premises blue/green deployment

Instances count per deployment us-east-1: 2,000 Yes

Each of the other supported

Regions: 1,000

Minutes a blue/green deployment can wait after a successful Each supported Region: No
deployment before terminating instances from the original 2,800
deployment

Minutes between the first and last traffic shift during an Each supported Region: No
AWS Lambda canary or linear deployment 2,880

Minutes until a deployment fails if a lifecycle event doesnt Each supported Region: 5 No
start

Number of deployment groups that can be associated with Each supported Region: 1 No
an Amazon ECS service

Number of instances that can be passed to the Each supported Region: 100 No
BatchGetOnPremisesInstances API action

Number of instances used by concurrent deployments that us-east-1: 3,000 Yes

are in progress per account
Each of the other supported
Regions: 1,000

Number of listeners for a traffic route during an Amazon ECS Each supported Region: 1 No
deployment

Seconds until a deployment lifecycle event fails if not Each supported Region: No
completed 3,600 Seconds

Size of deployment group name Each supported Region: 100 No

Size of tag key Each supported Region: 128 No

Size of tag value Each supported Region: 256 No

Tags in a deployment group Each supported Region: 10 No

Version 1.0
136
 AWS General Reference Reference guide
CodeGuru Profiler

Name Default Adjustable

Traffic that can be shifted in one increment during an AWS Each supported Region: 99 No
Lambda deployment

For more information, see Quotas in CodeDeploy in the AWS CodeDeploy User Guide.

Amazon CodeGuru Profiler endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 codeguru-profi[Link] HTTPS

(Ohio)

US East (N. us-east-1 codeguru-profi[Link] HTTPS

Virginia)

US West us-west-2 codeguru-profi[Link] HTTPS

(Oregon)

Asia ap- codeguru-profi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- codeguru-profi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- codeguru-profi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- codeguru-profi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 codeguru-profi[Link] HTTPS

(Ireland)

Europe eu-west-2 codeguru-profi[Link] HTTPS

(London)

Europe eu-north-1 codeguru-profi[Link] HTTPS

(Stockholm)

Version 1.0
137
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Number of profiling groups per account and region. Each supported Region: 50 No

Amazon CodeGuru Reviewer endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
138
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Allowed Code Reviews Each supported Region: Yes

5,000

AWS CodePipeline endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
codepipeline-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
codepipeline-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) codepipeline-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
codepipeline-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
139
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
codepipeline-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) codepipeline-fi[Link] HTTPS

Service quotas

Name Default Adjustable

AWS CloudFormation action timeout Each supported Region: 3 Yes

AWS CodeBuild action timeout Each supported Region: 8 Yes

AWS CodeDeploy ECS (Blue/Green) action timeout Each supported Region: 5 Yes

AWS CodeDeploy action timeout Each supported Region: 5 Yes

AWS Lambda action timeout Each supported Region: 1 Yes

Action configuration key length Each supported Region: 50 No

Version 1.0
140
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Action configuration value length Each supported Region: No

1,000

Action timeout Each supported Region: 1 Yes

Amazon S3 deployment action timeout Each supported Region: 20 Yes

Approval action timeout Each supported Region: 7 No

Minimum actions Each supported Region: 1 No

Minimum stages per pipeline Each supported Region: 2 No

Total AWS CodeCommit or GitHub source artifact size Each supported Region: 1 No
Gigabytes

Total Amazon S3 source artifact size Each supported Region: 3 No

Gigabytes

Total JSON object size for Parameter Overrides Each supported Region: 1 No
Kilobytes

Total actions per pipeline Each supported Region: 500 No

Total actions per stage Each supported Region: 50 No

Total custom actions Each supported Region: 50 Yes

Total image definitions JSON file size Each supported Region: 100 No
Kilobytes

Total input artifact size for AWS CloudFormation Each supported Region: 256 No
deployments Megabytes

Total parallel actions per stage Each supported Region: 50 No

Total period for execution history Each supported Region: 12 No

Total pipelines Each supported Region: Yes

1,000

Total pipelines with change detection set to periodically Each supported Region: 300 No
checking for source changes

Total sequential actions per stage Each supported Region: 50 No

Total source artifact size for Amazon EBS deployments Each supported Region: 512 No
Megabytes

Total stages per pipeline Each supported Region: 50 No

Total webhooks Each supported Region: 300 Yes

For more information, see Quotas in CodePipeline in the AWS CodePipeline User Guide.

Version 1.0
141
 AWS General Reference Reference guide
AWS CodeStar

AWS CodeStar endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS CodeStar

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
142
 AWS General Reference Reference guide
AWS CodeStar Notifications

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)

AWS CodeStar Notifications endpoints and quotas

Region Region Endpoint Protocol
Name

US East us-east-2 codestar-notifi[Link] HTTPS

(Ohio)

US East (N. us-east-1 codestar-notifi[Link] HTTPS

Virginia)

US us-west-1 codestar-notifi[Link] HTTPS

West (N.
California)

US West us-west-2 codestar-notifi[Link] HTTPS

(Oregon)

Asia ap-east-1 codestar-notifi[Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- codestar-notifi[Link]- HTTPS

Pacific south-1 [Link]
(Mumbai)

Asia ap- codestar-notifi[Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- codestar-notifi[Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- codestar-notifi[Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- codestar-notifi[Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- codestar-notifi[Link]- HTTPS

(Central) central-1 [Link]

Europe eu- codestar-notifi[Link]- HTTPS

(Frankfurt) central-1 [Link]

Europe eu-west-1 codestar-notifi[Link] HTTPS

(Ireland)

Version 1.0
143
 AWS General Reference Reference guide
Amazon Cognito Identity

Region Region Endpoint Protocol

Name

Europe eu-west-2 codestar-notifi[Link] HTTPS

(London)

Europe eu-west-3 codestar-notifi[Link] HTTPS

(Paris)

Europe eu-north-1 codestar-notifi[Link] HTTPS

(Stockholm)

Middle me- codestar-notifi[Link]- HTTPS

East south-1 [Link]
(Bahrain)

South sa-east-1 codestar-notifi[Link] HTTPS

America
(São
Paulo)

Amazon Cognito Identity endpoints and quotas

Amazon Cognito Identity includes Amazon Cognito user pools and Amazon Cognito identity pools
(federated identities).

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Cognito User Pools

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
cognito-idp-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
cognito-idp-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) cognito-idp-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
cognito-idp-fi[Link] HTTPS

Version 1.0
144
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) cognito-idp-fi[Link] HTTPS

Version 1.0
145
 AWS General Reference Reference guide
Service endpoints

Amazon Cognito Identity Pools

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
cognito-identity-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
cognito-identity-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)
cognito-identity-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
146
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) cognito-identity-fi[Link]-gov- HTTPS
[Link]

Service quotas
Amazon Cognito User Pools

Name Default Adjustable

Apps per user pool Each supported Region: Yes

1,000

Custom domains per account Each supported Region: 4 No

Groups per user Each supported Region: 100 No

Groups per user pool Each supported Region: No

10,000

Identity providers per user pool Each supported Region: 300 Yes

Rate of ClientAuthentication requests per account Each supported Region: 150 No

per second

Rate of UserAccountRecovery requests Each supported Region: 30 No

per second

Rate of UserAuthentication requests Each supported Region: 120 Yes

per second

Rate of UserCreation requests Each supported Region: 50 Yes

per second

Rate of UserFederation requests Each supported Region: 25 Yes

per second

Rate of UserList requests Each supported Region: 30 No

per second

Rate of UserPoolClientRead requests per account Each supported Region: 15 No

per second

Version 1.0
147
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of UserPoolClientRead requests per user pool Each supported Region: 5 per No
second

Rate of UserPoolClientUpdate requests per account Each supported Region: 15 No

per second

Rate of UserPoolClientUpdate requests per user pool Each supported Region: 5 per No
second

Rate of UserPoolRead requests Each supported Region: 15 No

per second

Rate of UserPoolResourceRead requests per account Each supported Region: 20 No

per second

Rate of UserPoolResourceRead requests per user pool Each supported Region: 5 per No
second

Rate of UserPoolResourceUpdate requests per account Each supported Region: 15 No

per second

Rate of UserPoolResourceUpdate requests per user pool Each supported Region: 5 per No
second

Rate of UserPoolUpdate requests Each supported Region: 15 No

per second

Rate of UserRead requests Each supported Region: 120 Yes

per second

Rate of UserResourceRead requests Each supported Region: 50 Yes

per second

Rate of UserResourceUpdate requests Each supported Region: 25 No

per second

Rate of UserToken requests Each supported Region: 120 Yes

per second

Rate of UserUpdate requests Each supported Region: 25 No

per second

Resource servers per user pool Each supported Region: 25 Yes

Scopes per resource server Each supported Region: 100 No

User import jobs per user pool Each supported Region: Yes
1,000

User pools per account Each supported Region: Yes

1,000

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Version 1.0
148
 AWS General Reference Reference guide
Amazon Cognito Sync

Amazon Cognito Federated Identities

Name Default Adjustable

Identity pool name size Each supported Region: 128 No

Bytes

Identity pools per account Each supported Region: Yes

1,000

List API call results Each supported Region: 60 No

Login provider name size Each supported Region: No

2,048 Bytes

Role-based access control rules Each supported Region: 25 No

User pool providers per identity pool Each supported Region: 50 Yes

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Cognito Sync endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
149
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Bulk publish wait time Each supported Region: 24 No

Dataset name size Each supported Region: 128 No

Bytes

Dataset size Each supported Region: 1 Yes

Megabytes

Datasets per identity Each supported Region: 20 Yes

Records per dataset Each supported Region: Yes

1,024

For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.

Amazon Comprehend endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
150
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
comprehend-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
comprehend-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
comprehend-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) comprehend-fi[Link] HTTPS

Version 1.0
151
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

BatchDetectDominantLanguage throttle limit in transaction Each supported Region: 10 Yes

per second

BatchDetectEntities throttle limit in transaction per second Each supported Region: 10 Yes

BatchDetectKeyPhrases throttle limit in transaction per Each supported Region: 10 Yes

second

BatchDetectSentiment throttle limit in transaction per Each supported Region: 10 Yes

second

BatchDetectSyntax throttle limit in transaction per second Each supported Region: 10 Yes

CreateDocumentClassifier throttle limit in transaction per Each supported Region: 1 No

second

CreateEntityRecognizer throttle limit in transaction per Each supported Region: 1 No

second

DeleteDocumentClassifier throttle limit in transaction per Each supported Region: 1 No

second

DeleteEntityRecognizer throttle limit in transaction per Each supported Region: 1 No

second

DescribeDocumentClassificationJob throttle limit in Each supported Region: 10 No

transaction per second

DescribeDocumentClassifier throttle limit in transaction per Each supported Region: 10 No

second

DescribeDominantLanguageDetectionJob throttle limit in Each supported Region: 10 No

transaction per second

DescribeEntitiesDetectionJob throttle limit in transaction per Each supported Region: 10 No

second

DescribeEntityRecognizer throttle limit in transaction per Each supported Region: 10 No

second

DescribeKeyPhrasesDetectionJob throttle limit in transaction Each supported Region: 10 No

per second

DescribeSentimentDetectionJob throttle limit in transaction Each supported Region: 10 No

per second

DescribeTopicsDetectionJob throttle limit in transaction per Each supported Region: 10 No

second

DetectDominantLanguage max active jobs Each supported Region: 10 No

DetectDominantLanguage throttle limit in transaction per Each supported Region: 40 Yes

second

DetectEntities max active jobs Each supported Region: 10 No

Version 1.0
152
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DetectEntities throttle limit in transaction per second Each supported Region: 20 Yes

DetectKeyPhrases max active jobs Each supported Region: 10 No

DetectKeyPhrases throttle limit in transaction per second Each supported Region: 20 Yes

DetectSentiment max active jobs Each supported Region: 10 No

DetectSentiment throttle limit in transaction per second Each supported Region: 25 Yes

DetectSyntax throttle limit in transaction per second Each supported Region: 20 Yes

DocumentClassification max active jobs Each supported Region: 10 No

DocumentClassifier max active jobs Each supported Region: 10 No

Endpoints max active endpoints Each supported Region: 10 Yes

Endpoints max inference units per account Each supported Region: 100 Yes

Endpoints max inference units per endpoint Each supported Region: 10 Yes

EntityRecognizer max active jobs Each supported Region: 10 No

ListDocumentClassificationJobs throttle limit in transaction Each supported Region: 10 No

per second

ListDocumentClassifiers throttle limit in transaction per Each supported Region: 10 No

second

ListDominantLanguageDetectionJobs throttle limit in Each supported Region: 10 No

transaction per second

ListEntitiesDetectionJobs throttle limit in transaction per Each supported Region: 10 No

second

ListEntityRecognizers throttle limit in transaction per second Each supported Region: 10 No

ListKeyPhrasesDetectionJobs throttle limit in transaction per Each supported Region: 10 No

second

ListSentimentDetectionJobs throttle limit in transaction per Each supported Region: 10 No

second

ListTagsForResource throttle limit in transaction per second Each supported Region: 10 No

ListTopicsDetectionJobs throttle limit in transaction per Each supported Region: 10 No

second

StartDocumentClassificationJob throttle limit in transaction Each supported Region: 1 No

per second

StartDominantLanguageDetectionJob throttle limit in Each supported Region: 1 No

transaction per second

StartEntitiesDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StartKeyPhrasesDetectionJob throttle limit in transaction Each supported Region: 1 No

per second

Version 1.0
153
 AWS General Reference Reference guide
Amazon Comprehend Medical

Name Default Adjustable

StartSentimentDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StartTopicsDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StopDominantLanguageDetectionJob throttle limit in Each supported Region: 1 No

transaction per second

StopEntitiesDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StopKeyPhrasesDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StopSentimentDetectionJob throttle limit in transaction per Each supported Region: 1 No

second

StopTrainingDocumentClassifier throttle limit in transaction Each supported Region: 1 No

per second

StopTrainingEntityRecognizer throttle limit in transaction Each supported Region: 1 No

per second

TagResource throttle limit in transaction per second Each supported Region: 1 No

TopicsDetection max active jobs Each supported Region: 10 No

UntagResource throttle limit in transaction per second Each supported Region: 1 No

For more information, see Guidelines and Quotas in the Amazon Comprehend Developer Guide.

Amazon Comprehend Medical endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
comprehendmedical-fi[Link]- HTTPS
[Link]

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
154
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name
comprehendmedical-fi[Link]- HTTPS
[Link]

US West us-west-2 [Link] HTTPS

(Oregon)
comprehendmedical-fi[Link]- HTTPS
[Link]

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West) HTTPS
comprehendmedical-fi[Link]-gov-
[Link]

Service quotas

Name Default Adjustable

Characters per second (CPS) for the DetectEntities operation Each supported Region: Yes
40,000

Characters per second (CPS) for the DetectEntities-v2 Each supported Region: Yes
operation 40,000

Characters per second (CPS) for the DetectPHI operation Each supported Region: Yes
40,000

Characters per second (CPS) for the InferICD10CM operation Each supported Region: Yes
40,000

Characters per second (CPS) for the InferRxNorm operation Each supported Region: Yes
40,000

Maximum document size (UTF-8 characters) for the Each supported Region: No
DetectEntities operation 20,000 Bytes

Maximum document size (UTF-8 characters) for the Each supported Region: No
DetectEntities-v2 operation 20,000 Bytes

Maximum document size (UTF-8 characters) for the Each supported Region: No
DetectPHI operation 20,000 Bytes

Version 1.0
155
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Maximum document size (UTF-8 characters) for the Each supported Region: No
InferICD10CM operation 10,000 Bytes

Maximum document size (UTF-8 characters) for the Each supported Region: No
InferRxNorm operation 10,000 Bytes

Maximum individual file size for batch jobs Each supported Region: 40 No
Kilobytes

Maximum number of files for batch jobs Each supported Region: No

5,000,000

Maximum size (in GB) of text analysis batch jobs (all files) Each supported Region: 10 No
Gigabytes

Maximum size of ontology linking batch analysis jobs (all Each supported Region: 5 No
files) Gigabytes

Minimum size of batch jobs (all files) Each supported Region: 1 No

Bytes

Transactions per second (TPS) for the Each supported Region: 10 Yes
DescribeEntitiesDetectionV2Job operation

Transactions per second (TPS) for the Each supported Region: 10 Yes
DescribeICD10CMInferenceJob operation

Transactions per second (TPS) for the Each supported Region: 10 Yes
DescribePHIDetectionJob operation

Transactions per second (TPS) for the Each supported Region: 10 Yes
DescribeRxNormInferenceJob operation

Transactions per second (TPS) for the DetectEntities Each supported Region: 100 No
operation

Transactions per second (TPS) for the DetectEntities-v2 Each supported Region: 100 No
operation

Transactions per second (TPS) for the DetectPHI operation Each supported Region: 100 No

Transactions per second (TPS) for the InferICD10CM Each supported Region: 100 No
operation

Transactions per second (TPS) for the InferRxNorm operation Each supported Region: 100 No

Transactions per second (TPS) for the Each supported Region: 10 Yes
ListEntitiesDetectionV2Jobs operation

Transactions per second (TPS) for the Each supported Region: 10 Yes
ListICD10CMInferenceJobs operation

Transactions per second (TPS) for the ListPHIDetectionJobs Each supported Region: 10 Yes
operation

Transactions per second (TPS) for the Each supported Region: 10 Yes
ListRxNormInferenceJobs operation

Version 1.0
156
 AWS General Reference Reference guide
Compute Optimizer

Name Default Adjustable

Transactions per second (TPS) for the Each supported Region: 5 Yes
StartEntitiesDetectionV2Job operation

Transactions per second (TPS) for the Each supported Region: 5 Yes
StartICD10CMInferenceJob operation

Transactions per second (TPS) for the StartPHIDetectionJob Each supported Region: 5 Yes
operation

Transactions per second (TPS) for the Each supported Region: 5 Yes
StartRxNormInferenceJob operation

Transactions per second (TPS) for the Each supported Region: 5 Yes
StopEntitiesDetectionV2Job operation

Transactions per second (TPS) for the Each supported Region: 5 Yes
StopICD10CMInferenceJob operation

Transactions per second (TPS) for the StopPHIDetectionJob Each supported Region: 5 Yes
operation

Transactions per second (TPS) for the Each supported Region: 5 Yes
StopRxNormInferenceJob operation

AWS Compute Optimizer endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
157
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

The number of API calls per second per account Each supported Region: 5 No

AWS Config endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
158
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 confi[Link] HTTPS

(Ohio)
config-fi[Link] HTTPS

US East (N. us-east-1 confi[Link] HTTPS

Virginia)
config-fi[Link] HTTPS

US us-west-1 confi[Link] HTTPS

West (N.
California) config-fi[Link] HTTPS

US West us-west-2 confi[Link] HTTPS

(Oregon)
config-fi[Link] HTTPS

Africa af-south-1 confi[Link] HTTPS

(Cape
Town)

Asia ap-east-1 confi[Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- confi[Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- confi[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- confi[Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- confi[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- confi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- confi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- confi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
159
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- confi[Link] HTTPS

(Central) central-1

Europe eu- confi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 confi[Link] HTTPS

(Ireland)

Europe eu-west-2 confi[Link] HTTPS

(London)

Europe eu- confi[Link] HTTPS

(Milan) south-1

Europe eu-west-3 confi[Link] HTTPS

(Paris)

Europe eu-north-1 confi[Link] HTTPS

(Stockholm)

Middle me- confi[Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 confi[Link] HTTPS

America
(São
Paulo)

AWS us-gov- confi[Link] HTTPS

GovCloud east-1
(US-East) confi[Link] HTTPS

AWS us-gov- confi[Link] HTTPS

GovCloud west-1
(US-West) confi[Link] HTTPS

Service quotas
Resource Default Notes

Number of AWS Config rules per Region 400 You can request a
in your account quota increase.

Maximum Number of Configuration 50 You can request a

Aggregators quota increase.

Amazon Connect endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
160
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
connect-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
connect-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Amazon Connect Contact Lens endpoints

The Amazon Connect Contact Lens Service has the following endpoints.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
161
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-2 [Link] HTTPS

(London)

Amazon Connect Participant Service endpoints

The Amazon Connect Participant Service has the following endpoints.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia Pacific ap- [Link] HTTPS

(Seoul) northeast-2

Asia Pacific ap- [Link] HTTPS

(Singapore) southeast-1

Asia Pacific ap- [Link] HTTPS

(Sydney) southeast-2

Asia Pacific ap- [Link] HTTPS

(Tokyo) northeast-1

Canada ca-central-1 [Link] HTTPS

(Central)

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Version 1.0
162
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Amazon Connect Customer Profiles endpoints

The Amazon Connect Customer Profiles Service has the following endpoints.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 profi[Link] HTTPS

Virginia)

US West us-west-2 profi[Link] HTTPS

(Oregon)

Asia ap- profi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- profi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- profi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- profi[Link] HTTPS

(Central) central-1

Europe eu- profi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-2 profi[Link] HTTPS

(London)

AppIntegrations Service endpoints

The AppIntegrations Service has the following endpoints.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
163
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

AWS Lambda functions per instance Each supported Region: 35 Yes

Agent status per instance Each supported Region: 50 No

Amazon Connect instance count Each supported Region: 2 Yes

Amazon Lex V2 bot aliases per instance Each supported Region: 100 Yes

Amazon Lex bots per instance Each supported Region: 50 Yes

Concurrent active calls per instance Each supported Region: 10 Yes

Concurrent active chats per instance Each supported Region: 100 Yes

Concurrent active tasks per instance Each supported Region: Yes

2,500

Contact flows per instance Each supported Region: 100 Yes

Hours of operation per instance Each supported Region: 100 Yes

Phone numbers per instance Each supported Region: 5 Yes

Prompts per instance Each supported Region: 500 Yes

Queues per instance Each supported Region: 50 Yes

Version 1.0
164
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Queues per routing profile per instance Each supported Region: 50 Yes

Quick connects per instance Each supported Region: 100 Yes

Rate of AssociateQueueQuickConnects API requests Each supported Region: 2 per Yes

second

Rate of AssociateRoutingProfileQueues API requests Each supported Region: 2 per Yes

second

Rate of CreateQueue API requests Each supported Region: 2 per Yes

second

Rate of CreateQuickConnect API requests Each supported Region: 2 per Yes

second

Rate of CreateRoutingProfile API requests Each supported Region: 2 per Yes

second

Rate of CreateUser API requests Each supported Region: 2 per Yes

second

Rate of CreateUserHierarchyGroup API requests Each supported Region: 2 per Yes

second

Rate of DeleteQuickConnect API requests Each supported Region: 2 per Yes

second

Rate of DeleteUser API requests Each supported Region: 2 per Yes

second

Rate of DeleteUserHierarchyGroup API requests Each supported Region: 2 per Yes

second

Rate of DescribeHoursOfOperation API requests Each supported Region: 2 per Yes

second

Rate of DescribeQueue API requests Each supported Region: 2 per Yes

second

Rate of DescribeQuickConnect API requests Each supported Region: 2 per Yes

second

Rate of DescribeRoutingProfile API requests Each supported Region: 2 per Yes

second

Rate of DescribeUser API requests Each supported Region: 2 per Yes

second

Rate of DescribeUserHierarchyGroup API requests Each supported Region: 2 per Yes

second

Rate of DescribeUserHierarchyStructure API requests Each supported Region: 2 per Yes

second

Rate of DisassociateQueueQuickConnects API requests Each supported Region: 2 per Yes

second

Version 1.0
165
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of DisassociateRoutingProfileQueues API requests Each supported Region: 2 per Yes

second

Rate of GetContactAttributes API requests Each supported Region: 2 per Yes

second

Rate of GetCurrentMetricData API requests Each supported Region: 5 per Yes

second

Rate of GetFederationToken API requests Each supported Region: 2 per Yes

second

Rate of GetMetricData API requests Each supported Region: 5 per Yes

second

Rate of ListContactFlows API requests Each supported Region: 2 per Yes

second

Rate of ListHoursOfOperations API requests Each supported Region: 2 per Yes

second

Rate of ListPhoneNumbers API requests Each supported Region: 2 per Yes

second

Rate of ListQueueQuickConnects API requests Each supported Region: 2 per Yes

second

Rate of ListQueues API requests Each supported Region: 2 per Yes

second

Rate of ListQuickConnects API requests Each supported Region: 2 per Yes

second

Rate of ListRoutingProfileQueues API requests Each supported Region: 2 per Yes

second

Rate of ListRoutingProfiles API requests Each supported Region: 2 per Yes

second

Rate of ListSecurityProfiles API requests Each supported Region: 2 per Yes

second

Rate of ListTagsForResource API requests Each supported Region: 2 per Yes

second

Rate of ListUserHierarchyGroups API requests Each supported Region: 2 per Yes

second

Rate of ListUsers API requests Each supported Region: 2 per Yes

second

Rate of StartOutboundVoiceContact API requests Each supported Region: 2 per Yes

second

Rate of StopContact API requests Each supported Region: 2 per Yes

second

Rate of TagResource API requests Each supported Region: 2 per Yes

second

Version 1.0
166
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of UntagResource API requests Each supported Region: 2 per Yes

second

Rate of UpdateContactAttributes API requests Each supported Region: 2 per Yes

second

Rate of UpdateQueueHoursOfOperation API requests Each supported Region: 2 per Yes

second

Rate of UpdateQueueMaxContacts API requests Each supported Region: 2 per Yes

second

Rate of UpdateQueueName API requests Each supported Region: 2 per Yes

second

Rate of UpdateQueueOutboundCallerConfig API requests Each supported Region: 2 per Yes

second

Rate of UpdateQueueStatus API requests Each supported Region: 2 per Yes

second

Rate of UpdateQuickConnectConfig API requests Each supported Region: 2 per Yes

second

Rate of UpdateQuickConnectName API requests Each supported Region: 2 per Yes

second

Rate of UpdateRoutingProfileConcurrency API requests Each supported Region: 2 per Yes

second

Rate of UpdateRoutingProfileDefaultOutboundQueue API Each supported Region: 2 per Yes

requests second

Rate of UpdateRoutingProfileName API requests Each supported Region: 2 per Yes

second

Rate of UpdateRoutingProfileQueues API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserHierarchy API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserHierarchyGroupName API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserIdentityInfo API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserPhoneConfig API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserRoutingProfile API requests Each supported Region: 2 per Yes

second

Rate of UpdateUserSecurityProfiles API requests Each supported Region: 2 per Yes

second

Reports per instance Each supported Region: 500 Yes

Version 1.0
167
 AWS General Reference Reference guide
AWS Data Exchange

Name Default Adjustable

Routing profiles per instance Each supported Region: 100 Yes

Scheduled reports per instance Each supported Region: 50 Yes

Security profiles per instance Each supported Region: 100 Yes

User hierarchy groups per instance Each supported Region: 500 Yes

Users per instance Each supported Region: 500 Yes

Amazon Connect Customer Profiles service quotas

The Amazon Connect Customer Profiles Service has the following quotas.

Name Default Adjustable

Amazon Connect Customer Profiles domain count Each supported Region: 100 Yes

Keys per object type Each supported Region: 10 Yes

Maximum expiration in days Each supported Region: Yes

1,096

Maximum number of integrations Each supported Region: 50 Yes

Maximum size of all objects for a profile Each supported Region: Yes
51,200 Kilobytes

Object and profile maximum size Each supported Region: 250 No

Kilobytes

Object types per domain Each supported Region: 100 Yes

Objects per profile Each supported Region: Yes

1,000

For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.

AWS Data Exchange endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
168
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Amazon API Gateway API assets per revision Each supported Region: 20 Yes

Amazon Redshift datashare assets per import job from Each supported Region: 10 No
Redshift

Amazon Redshift datashare assets per revision Each supported Region: 20 Yes

Asset per export job from Amazon S3 Each supported Region: 100 No

Version 1.0
169
 AWS General Reference Reference guide
Amazon Data Lifecycle Manager

Name Default Adjustable

Asset size in GB Each supported Region: 10 No

Gigabytes

Assets per import job from Amazon S3 Each supported Region: 100 No

Assets per revision Each supported Region: Yes

10,000

Auto export event actions per data set Each supported Region: 5 Yes

Concurrent in progress jobs to export assets to Amazon S3 Each supported Region: 10 No

Concurrent in progress jobs to export assets to a signed URL Each supported Region: 10 No

Concurrent in progress jobs to export revisions to Amazon Each supported Region: 5 No

S3

Concurrent in progress jobs to import assets from Amazon Each supported Region: 10 No
API Gateway

Concurrent in progress jobs to import assets from Amazon Each supported Region: 10 No
Redshift datashares

Concurrent in progress jobs to import assets from Amazon Each supported Region: 10 No
S3

Concurrent in progress jobs to import assets from a signed Each supported Region: 10 No
URL

Data sets per account Each supported Region: Yes

3,000

Event actions per account Each supported Region: 50 Yes

Products per data set Each supported Region: 100 Yes

Revisions per Amazon API Gateway API data set Each supported Region: 20 Yes

Revisions per Amazon Redshift datashare data set Each supported Region: 20 Yes

Revisions per addRevisions change set Each supported Region: 5 No

Revisions per data set Each supported Region: Yes

10,000

For more information, see AWS Data Exchange quotas in the AWS Data Exchange User Guide.

Amazon Data Lifecycle Manager endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
170
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
171
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Policies per Region Each supported Region: 100 Yes

Target accounts per sharing rule Each supported Region: 50 Yes

AWS Data Pipeline endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
172
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
Name Default Adjustable

Minimum delay between retry attempts in minutes Each supported Region: 2 No

Minimum scheduling interval in minutes Each supported Region: 15 No

Number of EC2 instances per Ec2Resource object Each supported Region: 1 No

Number of UTF8 bytes per field Each supported Region: No

10,240

Number of UTF8 bytes per field name or identifier Each supported Region: 256 No

Number of UTF8 bytes per object Each supported Region: No

15,360

Number of active instances per object Each supported Region: 5 Yes

Number of fields per object Each supported Region: 50 No

Number of objects per pipeline Each supported Region: 100 Yes

Number of pipelines you can create Each supported Region: 100 Yes

Number of roll-ups into a single object Each supported Region: 32 No

Rate of creation of an instance from an object Each supported Region: 1 per No

5 minutes

Retries of a pipeline activity per task Each supported Region: 5 No

For more information, see AWS Data Pipeline Quotas in the AWS Data Pipeline Developer Guide.

Version 1.0
173
 AWS General Reference Reference guide
DataSync

AWS DataSync endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
datasync-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
datasync-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) datasync-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
datasync-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
174
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
datasync-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) datasync-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) datasync-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Files per task Each supported Region: Yes

25,000,000

Tasks Each supported Region: 100 Yes

Throughput per task Each supported Region: 10 Yes

Gigabits per second

Version 1.0
175
 AWS General Reference Reference guide
AWS DMS

AWS Database Migration Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
dms-fi[Link] HTTPS

dms-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
dms-fi[Link] HTTPS

dms-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) dms-fi[Link] HTTPS

dms-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
dms-fi[Link] HTTPS

dms-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
176
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

[Link] HTTPS

Version 1.0
177
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] HTTPS

Service quotas

Name Default Adjustable

Certificate count Each supported Region: 100 Yes

Endpoint count Each supported Region: Yes

1,000

Endpoints per instance Each supported Region: 100 Yes

Event subscriptions Each supported Region: 60 Yes

Replication instances Each supported Region: 60 Yes

Subnet groups Each supported Region: 60 Yes

Subnets per subnet group Each supported Region: 60 Yes

Task count Each supported Region: 600 Yes

Total storage Each supported Region: Yes

30,000 Gigabytes

AWS DeepLens endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
178
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Service quotas
Name Default Adjustable

Devices per account Each supported Region: 200 Yes

Models per account Each supported Region: 200 Yes

Projects per account Each supported Region: 200 Yes

Versions per project Each supported Region: 100 No

AWS DeepRacer endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link]

Virginia)

Service quotas
Name Default Adjustable

Cars Each supported Region: 20 Yes

Evaluation jobs Each supported Region: 3 Yes

Training jobs Each supported Region: 4 Yes

Amazon Detective endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
179
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Version 1.0
180
 AWS General Reference Reference guide
DevOps Guru

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link]-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link] HTTPS

Amazon DevOps Guru endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
181
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Service quotas
Resource Quota

Maximum number of Amazon Simple Notification 2

Service topics you can specify at once

Maximum number of AWS CloudFormation stacks 1000

you can specify

For more information, see Quotas in the Amazon DevOps Guru User Guide.

AWS Device Farm endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
182
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Concurrency for automation tests on metered devices Each supported Region: 5 Yes

Concurrency for remote access on metered devices Each supported Region: 2 Yes

Remote access session length in minutes Each supported Region: 150 No

Test run timeout per device in minutes Each supported Region: 150 No

Uploaded file size Each supported Region: 4 No

Gigabytes

AWS Direct Connect endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
directconnect-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
directconnect-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) directconnect-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
directconnect-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
183
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
184
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Active AWS Direct Connect dedicated connections per Each supported Region: 10 No
location

Dedicated connections, or interconnects per link aggregation Each supported Region: 4 No

group (LAG)

Global maximum number of AWS Direct Connect gateways Each supported Region: 200 Yes

Link aggregation groups (LAGs) per AWS Region Each supported Region: 10 No

Number of prefixes per AWS transit Gateway from AWS to Each supported Region: 20 No
on-premises on a transit virtual interface

Private or public virtual interfaces per AWS Direct Connect Each supported Region: 50 No
dedicated connection

Transit gateways per AWS Direct Connect gateway Each supported Region: 3 No

Virtual interfaces per AWS Direct Connect gateway Each supported Region: 30 Yes

Virtual private gateways per AWS Direct Connect gateway Each supported Region: 10 No

For more information, see AWS Direct Connect Quotas in the AWS Direct Connect User Guide.

AWS Directory Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
185
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
ds-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
ds-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) ds-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ds-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
ds-fi[Link] HTTPS

Version 1.0
186
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) ds-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) ds-fi[Link] HTTPS

For a list of supported endpoints by directory type, see Region availability for AWS Directory Service.

Service quotas

Name Default Adjustable

AD Connector directories Each supported Region: 10 Yes

AWS Managed Microsoft AD directories Each supported Region: 20 Yes

AWS Managed Microsoft AD domain controllers Each supported Region: 20 Yes

AWS Managed Microsoft AD manual snapshots Each supported Region: 5 No

For more information, see the following:

• AD Connector quotas
• AWS Managed Microsoft AD quotas

Version 1.0
187
 AWS General Reference Reference guide
Amazon DocumentDB

• Simple AD quotas

Amazon DocumentDB endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Version 1.0
188
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

For information on finding and connecting to your cluster or instance endpoints, see Working with
Amazon DocumentDB Endpoints in the Amazon DocumentDB Developer Guide.

Service quotas
Name Default Adjustable

Cluster parameter groups Each supported Region: 50 No

Clusters Each supported Region: 40 Yes

Event subscriptions Each supported Region: 20 Yes

Instances Each supported Region: 40 Yes

Manual cluster snapshots Each supported Region: 100 Yes

Read replicas per cluster Each supported Region: 15 Yes

Subnet groups Each supported Region: 50 Yes

Subnets per subnet group Each supported Region: 20 No

Tags per resource Each supported Region: 50 No

VPC security groups per instance Each supported Region: 5 No

For more information, see Amazon DocumentDB Service Quotas in the Amazon DocumentDB Developer
Guide.

Amazon DynamoDB endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

For more information about this topic specific to DynamoDB, see Quotas in Amazon DynamoDB.

Version 1.0
189
 AWS General Reference Reference guide
Service endpoints

Service endpoints
DynamoDB

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS
dynamodb-fi[Link]
HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS
dynamodb-fi[Link]
HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California) dynamodb-fi[Link]
HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS
dynamodb-fi[Link]
HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Version 1.0
190
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS
dynamodb-fi[Link]
HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East) [Link]
HTTPS

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West) [Link]
HTTPS

Version 1.0
191
 AWS General Reference Reference guide
Service endpoints

DynamoDB Accelerator (DAX)

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

Version 1.0
192
 AWS General Reference Reference guide
Service endpoints

Amazon DynamoDB Streams

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link]- HTTP and

Pacific southeast-3 [Link] HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link]- HTTP and

Pacific northeast-3 [Link] HTTPS
(Osaka)

Asia ap- [Link]- HTTP and

Pacific northeast-2 [Link] HTTPS
(Seoul)

Asia ap- [Link]- HTTP and

Pacific southeast-1 [Link] HTTPS
(Singapore)

Asia ap- [Link]- HTTP and

Pacific southeast-2 [Link] HTTPS
(Sydney)

Asia ap- [Link]- HTTP and

Pacific northeast-1 [Link] HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Version 1.0
193
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link]-gov- HTTP and

GovCloud east-1 [Link] HTTPS
(US-East)
[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link]-gov- HTTP and

GovCloud west-1 [Link] HTTPS
(US-West)
[Link]-gov- HTTPS
[Link]

Service quotas

Name Default Adjustable

Account-level read throughput limit (Provisioned mode) Each supported Region: Yes
80,000

Account-level write throughput limit (Provisioned mode) Each supported Region: Yes
80,000

Concurrent control plane operations Each supported Region: 50 Yes

Global Secondary Indexes per table Each supported Region: 20 Yes

Provisioned capacity decreases per day Each supported Region: 27 Yes

Version 1.0
194
 AWS General Reference Reference guide
Elastic Beanstalk

Name Default Adjustable

Table-level read throughput limit Each supported Region: Yes

40,000

Table-level write throughput limit Each supported Region: Yes

40,000

Tables per region Each supported Region: 256 Yes

Write throughput limit for DynamoDB Streams (Provisioned Each supported Region: Yes
mode) 40,000

DAX has the following quotas.

Name Default Adjustable

Nodes per cluster Each supported Region: 11 No

Parameter groups Each supported Region: 20 No

Subnet groups Each supported Region: 50 No

Subnets per subnet group Each supported Region: 20 No

Total number of nodes Each supported Region: 50 Yes

AWS Elastic Beanstalk endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Elastic Beanstalk

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID

US East us-east-2 [Link] HTTPS Z14LCN19Q5QHIC

(Ohio)
elasticbeanstalk-fi[Link]- HTTPS  
[Link]

US us-east-1 [Link] HTTPS Z117KPS5GTRQ2G

East (N.
Virginia) elasticbeanstalk-fi[Link]- HTTPS  
[Link]

Version 1.0
195
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID

US us- [Link] HTTPS Z1LQECGX5PH1X

West (N. west-1
California) elasticbeanstalk-fi[Link]- HTTPS  
[Link]

US West us- [Link] HTTPS Z38NKT9BP95V3O

(Oregon) west-2
elasticbeanstalk-fi[Link]- HTTPS  
[Link]

Africa af- [Link] HTTPS Z1EI3BVKMKK4AM

(Cape south-1
Town)

Asia ap-east-1 [Link] HTTPS ZPWYUBWRU171A

Pacific
(Hong
Kong)

Asia ap- [Link]- HTTPS Z18NTBI3Y7N9TZ

Pacific south-1 [Link]
(Mumbai)

Asia ap- [Link]- HTTPS ZNE5GEY1TIAGY

Pacific [Link]
(Osaka)

Asia ap- [Link]- HTTPS Z3JE5OI70TWKCP

Pacific [Link]
(Seoul)

Asia ap- [Link]- HTTPS Z16FZ9L249IFLT

Pacific [Link]
(Singapore)

Asia ap- [Link]- HTTPS Z2PCDNR3VC2G1N

Pacific [Link]
(Sydney)

Asia ap- [Link]- HTTPS Z1R25G3KIG2GBW

Pacific [Link]
(Tokyo)

Canada ca- [Link]- HTTPS ZJFCZL7SSZB5I

(Central) central-1 [Link]

Europe eu- [Link]- HTTPS Z1FRNW7UH4DEZJ

(Frankfurt) central-1 [Link]

Europe eu- [Link] HTTPS Z2NYPWQ7DFZAZH

(Ireland) west-1

Europe eu- [Link] HTTPS Z1GKAAAUGATPF1

(London) west-2

Version 1.0
196
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol Route 53

Name Hosted
Zone ID

Europe eu- [Link]- HTTPS Z10VDYYOA2JFKM

(Milan) south-1 [Link]

Europe eu- [Link] HTTPS Z5WN6GAYWG5OB

(Paris) west-3

Europe eu- [Link] HTTPS Z23GO28BZ5AETM

(Stockholm)north-1

Middle me- [Link]- HTTPS Z2BBTEKR2I36N2

East south-1 [Link]
(Bahrain)

South sa-east-1 [Link] HTTPS Z10X7K2B4QSOFV

America
(São
Paulo)

AWS us-gov- [Link]-gov- HTTPS Z35TSARG0EJ4VU

GovCloud east-1 [Link]
(US-East) HTTPS  
[Link]-gov-
[Link]

AWS us-gov- [Link]-gov- HTTPS Z4KAURWC4UUUG

GovCloud west-1 [Link]
(US- HTTPS  
West) [Link]-gov-
[Link]

Elastic Beanstalk Health Service

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link]- HTTPS

West (N. [Link]
California)

US West us-west-2 [Link]- HTTPS

(Oregon) [Link]

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
197
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link]- HTTPS

Pacific south-1 [Link]
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-3 [Link]
(Osaka)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link]- HTTPS

(Central) central-1 [Link]

Europe eu- [Link]- HTTPS

(Frankfurt) central-1 [Link]

Europe eu-west-1 [Link]- HTTPS

(Ireland) [Link]

Europe eu-west-2 [Link]- HTTPS

(London) [Link]

Europe eu-west-3 [Link]- HTTPS

(Paris) [Link]

Europe eu-north-1 [Link]- HTTPS

(Stockholm) [Link]

Middle me- [Link]- HTTPS

East south-1 [Link]
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link]-gov- HTTPS

GovCloud east-1 [Link]
(US-East)

Version 1.0
198
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West)

Service quotas
Name Default Adjustable

Application versions Each supported Region: Yes

1,000

Applications Each supported Region: 75 Yes

Configuration templates Each supported Region: Yes

2,000

Custom platform versions Each supported Region: 50 Yes

Environments Each supported Region: 200 Yes

Amazon Elastic Block Store endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Topics
• Endpoints for Amazon EBS in Amazon EC2 (p. 199)
• Endpoints for the EBS direct APIs (p. 201)

Endpoints for Amazon EBS in Amazon EC2

Use the Amazon EBS endpoints in Amazon Elastic Compute Cloud (Amazon EC2) to manage EBS
volumes, snapshots, and encryption. For more information, see Amazon EBS actions in the Amazon EC2
API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
199
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
200
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Endpoints for the EBS direct APIs

Use the EBS direct APIs endpoints to directly read the data on your Amazon EBS snapshots, and identify
the difference between two snapshots. For more information, see Use EBS direct APIs to access the
contents of an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
ebs-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
ebs-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) ebs-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ebs-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Version 1.0
201
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
ebs-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
202
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

CompleteSnapshot requests per account Each supported Region: 10 No

per second

Concurrent snapshot copies per destination Region Each supported Region: 20 No

Concurrent snapshots per Cold HDD (sc1) volume Each supported Region: 1 No

Concurrent snapshots per General Purpose SSD (gp2) Each supported Region: 5 No
volume

Concurrent snapshots per General Purpose SSD (gp3) Each supported Region: 5 No
volume

Concurrent snapshots per Magnetic (standard) volume Each supported Region: 5 No

Concurrent snapshots per Provisioned IOPS SSD (io1) Each supported Region: 5 No
volume

Concurrent snapshots per Throughput Optimized HDD (st1) Each supported Region: 1 No
volume

Fast snapshot restore Each supported Region: 50 Yes

GetSnapshotBlock requests per account Each supported Region: Yes

1,000 per second

GetSnapshotBlock requests per snapshot Each supported Region: No

1,000 per second

IOPS for Provisioned IOPS SSD (io1) volumes Each supported Region: Yes
300,000

IOPS modifications for Provisioned IOPS SSD (io1) volumes Each supported Region: Yes
500,000

ListChangedBlocks requests per account Each supported Region: 50 No

per second

Version 1.0
203
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

ListSnapshotBlocks requests per account Each supported Region: 50 No

per second

Pending snapshots per account Each supported Region: 100 No

PutSnapshotBlock requests per account Each supported Region: Yes

1,000 per second

PutSnapshotBlock requests per snapshot Each supported Region: No

1,000 per second

Snapshots per Region Each supported Region: Yes

100,000

StartSnapshot requests per account Each supported Region: 10 No

per second

Storage for Cold HDD (sc1) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Storage for General Purpose SSD (gp2) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Storage for General Purpose SSD (gp3) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Version 1.0
204
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Storage for Magnetic (standard) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Storage for Provisioned IOPS SSD (io1) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Storage for Throughput Optimized HDD (st1) volumes, in TiB af-south-1: 300 Yes

ap-east-1: 300

eu-south-1: 300

me-south-1: 300

Each of the other supported

Regions: 50

Storage modifications for Cold HDD (sc1) volumes, in TiB Each supported Region: 500 Yes

Storage modifications for General Purpose SSD (gp2) Each supported Region: 500 Yes
volumes, in TiB

Storage modifications for General Purpose SSD (gp3) Each supported Region: 500 Yes
volumes, in TiB

Storage modifications for Magnetic (standard) volumes, in Each supported Region: 500 Yes
TiB

Storage modifications for Provisioned IOPS SSD (io1) Each supported Region: 500 Yes
volumes, in TiB

Storage modifications for Throughput Optimized HDD (st1) Each supported Region: 500 Yes
volumes, in TiB

The quota for concurrent snapshot copies per destination Region is not adjustable using Service Quotas.
However, you can request an increase for this quota by contacting AWS Support.

Version 1.0
205
 AWS General Reference Reference guide
Recycle Bin

Recycle Bin endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Topics
• Service endpoints (p. 206)
• Service quotas (p. 207)

Service endpoints

Region name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US East (N. us-east-1 [Link]- HTTPS

Virginia) [Link]

US West (N. us-west-1 [Link]- HTTPS

California) [Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Africa (Cape Town) af-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Hong ap-east-1 [Link]- HTTPS

Kong) [Link]

Asia Pacific ap-south-1 [Link]- HTTPS

(Mumbai) [Link]

Asia Pacific ap-northeast-3 [Link]- HTTPS

(Osaka) [Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific ap-southeast-1 [Link]- HTTPS

(Singapore) [Link]

Asia Pacific ap-southeast-2 [Link]- HTTPS

(Sydney) [Link]

Asia Pacific ap-northeast-1 [Link]- HTTPS

(Tokyo) [Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

Version 1.0
206
 AWS General Reference Reference guide
Service quotas

Region name Region Endpoint Protocol

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (London) eu-west-2 [Link]- HTTPS

[Link]

Europe (Milan) eu-south-1 [Link]- HTTPS

[Link]

Europe (Paris) eu-west-3 [Link]- HTTPS

[Link]

Europe eu-north-1 [Link]- HTTPS

(Stockholm) [Link]

Middle East me-south-1 [Link]- HTTPS

(Bahrain) [Link]

South America sa-east-1 [Link]- HTTPS

(São Paulo) [Link]

Service quotas

Quota Default quota Adjustable

Retention rules per 250 No

Region

Tag key and value pairs 50 No

per retention rule

Amazon EC2 endpoints and quotas

Important
AWS Regions launched after October 30, 2021 will no longer support Amazon EC2 API requests
over connections that are established using TLSv1, TLSv1.1, or unencrypted HTTP.

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
207
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS
ec2-fi[Link]
HTTPS
[Link]
HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS
ec2-fi[Link]
HTTPS
[Link]
HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California) ec2-fi[Link]
HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS
ec2-fi[Link]
HTTPS
[Link]
HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai) [Link]
HTTPS

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Version 1.0
208
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS
ec2-fi[Link]
HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS
[Link]
HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São [Link]
Paulo) HTTPS

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
209
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

All DL Spot Instance Requests Each supported Region: 0 Yes

All F Spot Instance Requests Each supported Region: 0 Yes

All G and VT Spot Instance Requests Each supported Region: 0 Yes

All Inf Spot Instance Requests Each supported Region: 0 Yes

All P Spot Instance Requests Each supported Region: 0 Yes

All Standard (A, C, D, H, I, M, R, T, Z) Spot Instance Requests Each supported Region: 5 Yes

All X Spot Instance Requests Each supported Region: 0 Yes

Attachments per VPC Each supported Region: 5 No

Attachments per transit gateway Each supported Region: Yes

5,000

Authorization rules per Client VPN endpoint Each supported Region: 50 Yes

Client VPN endpoints per Region Each supported Region: 5 Yes

Concurrent client connections per Client VPN endpoint Each supported Region: Yes
20,000

Concurrent operations per Client VPN endpoint Each supported Region: 10 No

Customer gateways per region Each supported Region: 50 Yes

Direct Connect gateways per transit gateway Each supported Region: 20 No

Dynamic routes advertised from CGW to VPN connection Each supported Region: 100 No

EC2-Classic Elastic IPs Each supported Region: 5 Yes

EC2-VPC Elastic IPs Each supported Region: 5 Yes

Entries in a client certificate revocation list for Client VPN Each supported Region: No
endpoints 20,000

Members per transit gateway multicast group Each supported Region: 100 Yes

Multicast Network Interfaces per transit gateway Each supported Region: Yes
1,000

Multicast domain associations per VPC Each supported Region: 20 Yes

Multicast domains per transit gateway Each supported Region: 20 Yes

Peering attachments per transit gateway Each supported Region: 50 Yes

Pending peering attachments per transit gateway Each supported Region: 10 Yes

Route Tables per transit gateway Each supported Region: 20 Yes

Version 1.0
210
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Routes advertised from VPN connection to CGW Each supported Region: No

1,000

Routes per Client VPN endpoint Each supported Region: 10 Yes

Routes per transit gateway Each supported Region: Yes

10,000

Running Dedicated c3 Hosts Each supported Region: 0 Yes

Running Dedicated c4 Hosts Each supported Region: 0 Yes

Running Dedicated c5 Hosts Each supported Region: 0 Yes

Running Dedicated c5a Hosts Each supported Region: 0 Yes

Running Dedicated c5d Hosts Each supported Region: 0 Yes

Running Dedicated c5n Hosts Each supported Region: 0 Yes

Running Dedicated c6g Hosts Each supported Region: 0 Yes

Running Dedicated c6i Hosts Each supported Region: 0 Yes

Running Dedicated g4dn Hosts Each supported Region: 0 Yes

Running Dedicated i3 Hosts Each supported Region: 0 Yes

Running Dedicated i3en Hosts Each supported Region: 0 Yes

Running Dedicated inf Hosts Each supported Region: 0 Yes

Running Dedicated m3 Hosts Each supported Region: 0 Yes

Running Dedicated m4 Hosts Each supported Region: 0 Yes

Running Dedicated m5 Hosts Each supported Region: 0 Yes

Running Dedicated m5a Hosts Each supported Region: 0 Yes

Running Dedicated m5ad Hosts Each supported Region: 0 Yes

Running Dedicated m5d Hosts Each supported Region: 0 Yes

Running Dedicated m5zn Hosts Each supported Region: 0 Yes

Running Dedicated m6g Hosts Each supported Region: 0 Yes

Running Dedicated m6i Hosts Each supported Region: 0 Yes

Running Dedicated r3 Hosts Each supported Region: 0 Yes

Running Dedicated r4 Hosts Each supported Region: 0 Yes

Running Dedicated r5 Hosts Each supported Region: 0 Yes

Running Dedicated r5a Hosts Each supported Region: 0 Yes

Running Dedicated r5ad Hosts Each supported Region: 0 Yes

Running Dedicated r5d Hosts Each supported Region: 0 Yes

Version 1.0
211
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Running Dedicated r5n Hosts Each supported Region: 0 Yes

Running Dedicated r6g Hosts Each supported Region: 0 Yes

Running Dedicated r6i Hosts Each supported Region: 0 Yes

Running Dedicated t3 Hosts Each supported Region: 0 Yes

Running Dedicated x1 Hosts Each supported Region: 0 Yes

Running Dedicated x1e Hosts Each supported Region: 0 Yes

Running On-Demand DL instances Each supported Region: 0 Yes

Running On-Demand F instances Each supported Region: 0 Yes

Running On-Demand G and VT instances Each supported Region: 0 Yes

Running On-Demand High Memory instances Each supported Region: 0 Yes

Running On-Demand Inf instances Each supported Region: 0 Yes

Running On-Demand P instances Each supported Region: 0 Yes

Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) Each supported Region: 5 Yes

instances

Running On-Demand X instances Each supported Region: 0 Yes

Sources per transit gateway multicast group Each supported Region: 1 Yes

Transit gateways per Direct Connect Gateway Each supported Region: 3 No

Transit gateways per account Each supported Region: 5 Yes

VPC Attachment Bandwidth Each supported Region: 50 No

Gigabits per second

VPN connections per VGW Each supported Region: 10 Yes

VPN connections per region Each supported Region: 50 Yes

Virtual private gateways per region Each supported Region: 5 Yes

The following quotas are for VM Import/Export.

Name Default Adjustable

Concurrent task limit for ImportImage, ImportSnapshot, and Each supported Region: 20 Yes
ExportImage

Concurrent task limit for ImportInstance, ImportVolume, and Each supported Region: 5 Yes
CreateInstanceExportTask

For more information, see the following:

• On-Demand Instance quotas

Version 1.0
212
 AWS General Reference Reference guide
Auto Scaling

• Spot Instance quotas

• Reserved Instance quotas

Amazon EC2 Auto Scaling endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Version 1.0
213
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East)

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

If you specify the general endpoint ([Link]), Amazon EC2 Auto Scaling directs your
request to the endpoint for us-east-1.

Version 1.0
214
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Auto Scaling groups per region Each supported Region: 200 Yes

Classic Load Balancers per Auto Scaling group Each supported Region: 50 No

Launch configurations per region Each supported Region: 200 Yes

Lifecycle hooks per Auto Scaling group Each supported Region: 50 No

SNS topics per Auto Scaling group Each supported Region: 10 No

Scaling policies per Auto Scaling group Each supported Region: 50 No

Scheduled actions per Auto Scaling group Each supported Region: 125 No

Step adjustments per step scaling policy Each supported Region: 20 No

Target groups per Auto Scaling group Each supported Region: 50 No

For more information, see Amazon EC2 Auto Scaling Service Quotas in the Amazon EC2 Auto Scaling User
Guide.

EC2 Image Builder endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Version 1.0
215
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
216
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Component parameter length Each supported Region: Yes

1,024

Component size Each supported Region: 64 Yes

Kilobytes

Components Each supported Region: Yes

1,000

Components per image recipe Each supported Region: 20 No

Concurrent AMI copies per distribution configuration Each supported Region: 50 Yes

Concurrent builds Each supported Region: 100 Yes

Container recipes Each supported Region: Yes

1,000

Distribution configurations Each supported Region: Yes

1,000

Docker template size Each supported Region: 64 Yes

Kilobytes

Image pipelines Each supported Region: 75 Yes

Image recipes Each supported Region: Yes

1,000

Infrastructure configurations Each supported Region: Yes

1,000

Launch templates modified per distribution configuration Each supported Region: 5 Yes

Parameters per component Each supported Region: 25 Yes

Version 1.0
217
 AWS General Reference Reference guide
EC2 Instance Connect

Amazon EC2 Instance Connect endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link]- HTTPS

(Central) central-1 [Link]

Europe eu- [Link]- HTTPS

(Frankfurt) central-1 [Link]

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
218
 AWS General Reference Reference guide
Amazon ECR

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link]-gov- HTTPS

GovCloud east-1 [Link]
(US-East)

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West)

Amazon ECR endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The ecr and [Link] endpoints are used for calls to the Amazon ECR API. API actions such as
DescribeImages and CreateRepository go to this endpoint. While the two endpoints function
the same, the [Link] endpoint is recommended and the default when using the AWS CLI or AWS
SDKs. When connecting to Amazon ECR through an AWS PrivateLink VPC endpoint, you must use the
[Link] endpoint to make API calls. For more information, see Amazon ECR Interface VPC Endpoints
(AWS PrivateLink) in the Amazon Elastic Container Registry User Guide.

For more information about FIPS endpoints, see FIPS endpoints (p. 735).

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
ecr-fi[Link] HTTPS

[Link] HTTPS

[Link]-fi[Link] HTTPS

Version 1.0
219
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

[Link] HTTPS

ecr-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

[Link] HTTPS

ecr-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ecr-fi[Link] HTTPS

[Link] HTTPS

[Link]-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) [Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong [Link] HTTPS
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link] HTTPS

Version 1.0
220
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) [Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São [Link] HTTPS
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) ecr-fi[Link] HTTPS

[Link] HTTPS

[Link]-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link] HTTPS

ecr-fi[Link] HTTPS

[Link] HTTPS

Version 1.0
221
 AWS General Reference Reference guide
Service endpoints

Docker and OCI client endpoints

The Docker and OCI client endpoints are used for the Docker Registry APIs. Docker client commands such
as push and pull use this endpoint.

For more information about FIPS endpoints, see FIPS endpoints (p. 735).

Region Region Endpoint Protocol

Name

US East us-east-2 <registry-id>.[Link] HTTPS

(Ohio)
<registry-id>.[Link]-fi[Link]

US East (N. us-east-1 <registry-id>.[Link] HTTPS

Virginia)
<registry-id>.[Link]-fi[Link]

US West (N. us-west-1 <registry-id>.[Link] HTTPS

California)
<registry-id>.[Link]-fi[Link]

US West us-west-2 <registry-id>.[Link] HTTPS

(Oregon)
<registry-id>.[Link]-fi[Link]

Asia Pacific ap-east-1 <registry-id>.[Link] HTTPS

(Hong Kong)

Asia Pacific ap-south-1 <registry-id>.[Link] HTTPS

(Mumbai)

Asia Pacific ap- <registry-id>.[Link] HTTPS

(Seoul) northeast-2

Asia Pacific ap- <registry-id>.[Link] HTTPS

(Singapore) southeast-1

Asia Pacific ap- <registry-id>.[Link] HTTPS

(Sydney) southeast-2

Asia Pacific ap- <registry-id>.[Link] HTTPS

(Tokyo) northeast-1

Canada ca-central-1 <registry-id>.[Link] HTTPS

(Central)

China cn-north-1 <registry-id>.[Link] HTTPS

(Beijing)

China cn- <registry-id>.[Link]- HTTPS

(Ningxia) northwest-1 [Link]

Europe eu-central-1 <registry-id>.[Link] HTTPS

(Frankfurt)

Europe eu-west-1 <registry-id>.[Link] HTTPS

(Ireland)

Version 1.0
222
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 <registry-id>.[Link] HTTPS

(London)

Europe eu-west-3 <registry-id>.[Link] HTTPS

(Paris)

Europe eu-north-1 <registry-id>.[Link] HTTPS

(Stockholm)

Middle East me-south-1 <registry-id>.[Link] HTTPS

(Bahrain)

South sa-east-1 <registry-id>.[Link] HTTPS

America
(São Paulo)

AWS us-gov- <registry-id>.[Link] HTTPS

GovCloud east-1
(US-East) <registry-id>.[Link]-fi[Link]-gov-
[Link]

AWS us-gov- <registry-id>.[Link] HTTPS

GovCloud west-1
(US-West) <registry-id>.[Link]-fi[Link]-gov-
[Link]

Service quotas
The following table provides the default limits for Amazon Elastic Container Registry (Amazon ECR).

Service quota Description Default quota value

Registered repositories The maximum number of 10,000

repositories that you can create
per Region.

Image per repository The maximum number of 10,000

images per repository.

The following table provides the default rate quotas for each of the Amazon ECR API actions involved
with the image push and image pull actions.

Amazon ECR action API operation Description Default quota value

Authentication Rate of The rate of 500

GetAuthorizationToken GetAuthorizationToken
requests API requests that you
can make per second,
per Region.

Image push Rate of The rate of 1000

BatchCheckLayerAvailability
BatchCheckLayerAvailability
requests API requests that you

Version 1.0
223
 AWS General Reference Reference guide
Service quotas

Amazon ECR action API operation Description Default quota value

can make per second,
per Region.

When an image is
pushed to a repository,
each image layer is
checked to verify if
it has been uploaded
before. If it has been
uploaded, then the
image layer is skipped.

Rate of The rate of 100

InitiateLayerUpload InitiateLayerUpload API
requests requests that you can
make per second, per
Region.

When an image
is pushed, the
InitiateLayerUpload
API is called once
per image layer that
has not already been
uploaded. Whether
or not an image layer
has been uploaded
is determined by the
BatchCheckLayerAvailability
API action.

Rate of The rate of 100

CompleteLayerUpload CompleteLayerUpload
requests API requests that you
can make per second,
per Region.

When an image
is pushed, the
CompleteLayerUpload
API is called once
per each new image
layer to verify that the
upload has completed.

Version 1.0
224
 AWS General Reference Reference guide
Service quotas

Amazon ECR action API operation Description Default quota value

Rate of The rate of 500

UploadLayerPart UploadLayerPart API
requests requests that you can
make per second, per
Region.

When an image is
pushed, each new
image layer is uploaded
in parts. The maximum
size of each image layer
part can be 20,971,520
bytes (or about 20MB).
The UploadLayerPart
API is called once per
each new image layer
part.

Rate of PutImage The rate of PutImage 10

requests API requests that you
can make per second,
per Region.

When an image is
pushed and all new
image layers have been
uploaded, the PutImage
API is called once to
create or update the
image manifest and the
tags associated with the
image.

Image pull Rate of BatchGetImage The rate of 2,000

requests BatchGetImage API
requests that you can
make per second, per
Region.

When an image
is pulled, the
BatchGetImage API is
called once to retrieve
the image manifest.

Version 1.0
225
 AWS General Reference Reference guide
Service quotas

Amazon ECR action API operation Description Default quota value

Rate of The rate of 3,000

GetDownloadUrlForLayer GetDownloadUrlForLayer
requests API requests that you
can make per second,
per Region.

When an image
is pulled, the
GetDownloadUrlForLayer
API is called once per
image layer that is not
already cached.

The following table provides other quotas for Amazon ECR and Docker images that cannot be changed.
Note
The layer part information mentioned in the following table is only applicable if you are calling
the Amazon ECR API actions directly to initiate multipart uploads for image push operations.
This is a rare action. We recommend that you use the Docker CLI to pull, tag, and push images.

Service quota Description Quota value

Layer parts The maximum number of layer 4,200

parts. This is only applicable
if you are using Amazon ECR
API actions directly to initiate
multipart uploads for image
push operations.

Maximum layer size The maximum size (MiB) of a 42,000

layer. **

Minimum layer part size The minimum size (MiB) of a 5

layer part. This is only applicable
if you are using Amazon ECR
API actions directly to initiate
multipart uploads for image
push operations.

Maximum layer part size The maximum size (MiB) of a 10

layer part. This is only applicable
if you are using Amazon ECR
API actions directly to initiate
multipart uploads for image
push operations.

Tags per image The maximum number of tags 1,000

per image.

Lifecycle policy length The maximum number of 30,720

characters in a lifecycle policy.

Rules per lifecycle policy The maximum number of rules 50

in a lifecycle policy.

Version 1.0
226
 AWS General Reference Reference guide
Amazon ECR Public

Service quota Description Quota value

Rate of image scans The maximum number of image 1

scans per image, per 24 hours.

** The maximum layer size listed here is calculated by multiplying the maximum layer part size (10 MiB)
by the maximum number of layer parts (4,200).

For more information, see Amazon ECR Service Quotas in the Amazon Elastic Container Registry User
Guide.

Amazon ECR Public endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The ecr-public and [Link]-public endpoints are used for calls to the Amazon ECR Public API.
API actions such as DescribeImages and CreateRepository go to this endpoint. While the two
endpoints function the same, the [Link]-public endpoint is recommended and the default when
using the AWS CLI or AWS SDKs.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link] HTTPS

Service quotas
For more information, see Amazon ECR Public service quotas in the Amazon ECR Public user guide.

Amazon ECS endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
227
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
ecs-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
ecs-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) ecs-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ecs-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
228
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) ecs-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) ecs-fi[Link] HTTPS

Service quotas
The following are Amazon ECS service quotas.

Most of these service quotas, but not all, are listed under the Amazon Elastic Container Service (Amazon
ECS) namespace in the Service Quotas console. To request a quota increase, see Requesting a quota
increase in the Service Quotas User Guide.

Service quota Description Default quota value Adjustable

Clusters The maximum number 10,000 Yes

of clusters in this
account in the current
Region.

Version 1.0
229
 AWS General Reference Reference guide
Service quotas

Service quota Description Default quota value Adjustable

Container instances per The maximum number 2,000 Yes

cluster of container instances
per cluster.

Services per cluster The maximum number 5,000 Yes

of services per cluster.

Tasks per service The maximum number 5,000 Yes

of tasks per service (the
desired count).
Note
Services
configured to
use Amazon
ECS service
discovery
have a limit of
1,000 tasks per
service. This is
due to the AWS
Cloud Map
service quota
for the number
of instances
per service.
For more
information,
see AWS Cloud
Map service
quotas.

Tasks launched (count) The maximum number 10 No

per run-task of tasks that can be
launched per RunTask
API action.

Container instances per The maximum 10 No

start-task number of container
instances specified in a
StartTask API action.

Revisions per task The maximum number 1,000,000 No

definition family of revisions per task
definition family.
Deregistering a task
definition revision does
not exclude it from
being included in this
limit.

Task definition size limit The maximum size, in 32 No

KiB, of a task definition.

Version 1.0
230
 AWS General Reference Reference guide
AWS Fargate quotas

Service quota Description Default quota value Adjustable

Task definition max The maximum 10 No

containers number of containers
definitions within a task
definition.

Subnets specified in an The maximum 16 No

awsvpcConfiguration number of subnets
specified within an
awsvpcConfiguration.

Security groups The maximum number 5 No

specified in an of security groups
awsvpcConfiguration specified within an
awsvpcConfiguration.

Target groups per The maximum number 5 No

service of target groups per
service, if using an
Application Load
Balancer or a Network
Load Balancer.

Classic Load Balancers The maximum number 1 No

per service of Classic Load
Balancers per service.

Tags per resource The maximum number 50 No

of tags per resource.
This applies to task
definitions, clusters,
tasks, and services.

Tasks in the The maximum number 300 No

PROVISIONING state of tasks waiting in
per cluster the PROVISIONING
state per cluster. This
quota only applies to
tasks launched using
an Amazon EC2 Auto
Scaling group capacity
provider.

For more information, see Amazon ECS service quotas in the Amazon Elastic Container Service Developer
Guide.

AWS Fargate quotas

The following are Amazon ECS on AWS Fargate service quotas.

These service quotas are listed under the AWS Fargate namespace in the Service Quotas console. To
request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Version 1.0
231
 AWS General Reference Reference guide
Amazon EKS

Service quota Description Default quota value Adjustable

Fargate On-Demand The maximum number 1,000 Yes

resource count of Amazon ECS tasks
and Amazon EKS pods
running concurrently on
Fargate in this account
in the current Region.

Fargate Spot resource The maximum number 1,000 Yes

count of Amazon ECS tasks
running concurrently
on Fargate Spot in this
account in the current
Region.

Amazon Elastic Kubernetes Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
232
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

Version 1.0
233
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

Clusters Each supported Region: 100 Yes

Control plane security groups per cluster Each supported Region: 4 No

Fargate profiles per cluster Each supported Region: 10 Yes

Label pairs per Fargate profile selector Each supported Region: 5 Yes

Managed node groups per cluster Each supported Region: 30 Yes

Nodes per managed node group Each supported Region: 450 Yes

Public endpoint access CIDR ranges per cluster Each supported Region: 40 No

Registered clusters Each supported Region: 10 Yes

Selectors per Fargate profile Each supported Region: 5 Yes

AWS Fargate service quotas

The following are Amazon EKS on AWS Fargate service quotas.

These service quotas are listed under the AWS Fargate namespace in the Service Quotas console. To
request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Service quota Description Default quota value Adjustable

Fargate On-Demand The maximum number 1,000 Yes

resource count of Amazon ECS tasks
and Amazon EKS pods
running concurrently on
Fargate in this account
in the current Region.

Amazon Elastic File System endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
234
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 elasticfi[Link] HTTPS

(Ohio)
elasticfilesystem-fi[Link] HTTPS

US East (N. us-east-1 elasticfi[Link] HTTPS

Virginia)
elasticfilesystem-fi[Link] HTTPS

US us-west-1 elasticfi[Link] HTTPS

West (N.
California) elasticfilesystem-fi[Link] HTTPS

US West us-west-2 elasticfi[Link] HTTPS

(Oregon)
elasticfilesystem-fi[Link] HTTPS

Africa af-south-1 elasticfi[Link] HTTPS

(Cape
Town) elasticfilesystem-fi[Link] HTTPS

Asia ap-east-1 elasticfi[Link] HTTPS

Pacific
(Hong elasticfilesystem-fi[Link] HTTPS
Kong)

Asia ap- elasticfi[Link] HTTPS

Pacific southeast-3
(Jakarta) elasticfilesystem-fi[Link]- HTTPS
[Link]

Asia ap- elasticfi[Link] HTTPS

Pacific south-1
(Mumbai) elasticfilesystem-fi[Link] HTTPS

Asia ap- elasticfi[Link] HTTPS

Pacific northeast-3
(Osaka) elasticfilesystem-fi[Link]- HTTPS
[Link]

Asia ap- elasticfi[Link] HTTPS

Pacific northeast-2
(Seoul) elasticfilesystem-fi[Link]- HTTPS
[Link]

Asia ap- elasticfi[Link] HTTPS

Pacific southeast-1
(Singapore) elasticfilesystem-fi[Link]- HTTPS
[Link]

Asia ap- elasticfi[Link] HTTPS

Pacific southeast-2
(Sydney) elasticfilesystem-fi[Link]- HTTPS
[Link]

Version 1.0
235
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- elasticfi[Link] HTTPS

Pacific northeast-1
(Tokyo) elasticfilesystem-fi[Link]- HTTPS
[Link]

Canada ca- elasticfi[Link] HTTPS

(Central) central-1
elasticfilesystem-fi[Link]- HTTPS
[Link]

Europe eu- elasticfi[Link] HTTPS

(Frankfurt) central-1
elasticfilesystem-fi[Link]- HTTPS
[Link]

Europe eu-west-1 elasticfi[Link] HTTPS

(Ireland)
elasticfilesystem-fi[Link] HTTPS

Europe eu-west-2 elasticfi[Link] HTTPS

(London)
elasticfilesystem-fi[Link] HTTPS

Europe eu- elasticfi[Link] HTTPS

(Milan) south-1
elasticfilesystem-fi[Link] HTTPS

Europe eu-west-3 elasticfi[Link] HTTPS

(Paris)
elasticfilesystem-fi[Link] HTTPS

Europe eu-north-1 elasticfi[Link] HTTPS

(Stockholm)
elasticfilesystem-fi[Link] HTTPS

Middle me- elasticfi[Link] HTTPS

East south-1
(Bahrain) elasticfilesystem-fi[Link] HTTPS

South sa-east-1 elasticfi[Link] HTTPS

America
(São elasticfilesystem-fi[Link] HTTPS
Paulo)

AWS us-gov- elasticfi[Link] HTTPS

GovCloud east-1
(US-East) elasticfilesystem-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- elasticfi[Link] HTTPS

GovCloud west-1
(US-West) elasticfilesystem-fi[Link]-gov- HTTPS
[Link]

Version 1.0
236
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Active users per NFS client Each supported Region: 128 No

Bursting throughput us-east-1: 3,072 Megabytes No

per second

us-east-2: 3,072 Megabytes

per second

us-west-2: 3,072 Megabytes

per second

ap-southeast-2: 3,072
Megabytes per second

eu-west-1: 3,072 Megabytes

per second

Each of the other supported

Regions: 1,024 Megabytes
per second

Directory depth Each supported Region: No

1,000

EFS file locks Each supported Region: 512 No

File hard links Each supported Region: 177 No

File size Each supported Region: No

52,673,613,135,872 Bytes

File system name length Each supported Region: 255 No

Bytes

File system symbolic link (symlink) length Each supported Region: No

4,080 Bytes

File systems per account Each supported Region: Yes

1,000

Locks across unique file/process pairs Each supported Region: No

8,192

Minimum wait time between Provisioned Throughput Each supported Region: No

decreases 86,400 Seconds

Minimum wait time between Throughput mode changes Each supported Region: No
86,400 Seconds

Mount targets per Availability Zone Each supported Region: 1 No

Mount targets per VPC Each supported Region: 400 No

Open files per NFS client Each supported Region: No

32,768

Version 1.0
237
 AWS General Reference Reference guide
Elastic Inference

Name Default Adjustable

Provisioned throughput Each supported Region: No

1,024 Megabytes per second

Rate of file system operations Each supported Region: No

7,000

Security groups per mount target Each supported Region: 5 No

Tags Each supported Region: 50 No

Throughput per NFS client Each supported Region: 250 No

Megabytes per second

Unique file/process pairs Each supported Region: 256 No

VPCs per file system Each supported Region: 1 No

For more information, see Amazon EFS quotas in the Amazon Elastic File System User Guide.

Amazon Elastic Inference endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
238
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Number of Elastic Inference accelerators Each supported Region: 5 Yes

Elastic Load Balancing endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Route 53 Route 53 Hosted

Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)

US East us-east-2 [Link]- Z3AADJGX6KTTL2 ZLMOA37VPKANP

(Ohio) [Link]

elasticloadbalancing-
fi[Link]-
[Link]

US East (N. us-east-1 [Link]- Z35SXDOTRQ7X7K Z26RNL4JYFTOTI

Virginia) [Link]

elasticloadbalancing-
fi[Link]-
[Link]

US West (N. us-west-1 [Link]- Z368ELLRRE2KJ0 Z24FKFUX50B4VW

California) [Link]

elasticloadbalancing-
fi[Link]-
[Link]

US West us-west-2 [Link]- Z1H1FL5HABSF5 Z18D5FSROUN65G

(Oregon) [Link]

elasticloadbalancing-
fi[Link]-
[Link]

Africa (Cape af-south-1 [Link]- Z268VQBMOI5EKX Z203XCE67M25HM

Town) [Link]

Version 1.0
239
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Route 53 Route 53 Hosted

Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)

Asia Pacific ap-east-1 [Link]- Z3DQVH9N71FHZ0 Z12Y7K3UBGUAD1

(Hong Kong) [Link]

Asia Pacific ap- [Link]- Z08888821HLRG5A9ZRTER

Z01971771FYVNCOVWJU1G
(Jakarta) southeast-3 [Link]

Asia Pacific ap-south-1 [Link]- ZP97RAFLXTNZK ZVDDRBQ08TROA

(Mumbai) [Link]

Asia Pacific ap- [Link]- Z5LXEXXYW11ES Z1GWIQ4HH19I5X

(Osaka) northeast-3 [Link]

Asia Pacific ap- [Link]- ZWKZPGTI48KDX ZIBE1TIR4HY56

(Seoul) northeast-2 [Link]

Asia Pacific ap- [Link]- Z1LMS91P8CMLE5 ZKVM4W9LS7TM

(Singapore) southeast-1 [Link]

Asia Pacific ap- [Link]- Z1GM3OXH4ZPM65 ZCT6FZBF4DROD

(Sydney) southeast-2 [Link]

Asia Pacific ap- [Link]- Z14GRHDCWA56QT Z31USIVHYNEOWT

(Tokyo) northeast-1 [Link]

Canada ca-central-1 [Link]- ZQSVJUPU6J1EY Z2EPGBW3API2WT

(Central) [Link]

China cn-north-1 [Link]- Z1GDH35T77C1KE Z3QFB96KMJ7ED6

(Beijing) [Link]

China cn- [Link]- ZM7IZAIOVVDZF ZQEIKTCZ8352D

(Ningxia) northwest-1 [Link]

Europe eu-central-1 [Link]- Z215JYRZR1TBD5 Z3F0SRJ5LGBH90

(Frankfurt) [Link]

Europe eu-west-1 [Link]- Z32O12XQLNTSW2 Z2IFOLAFXWLO4F

(Ireland) [Link]

Europe eu-west-2 [Link]- ZHURV8PSTC4K8 ZD4D7Y8KGAS4G

(London) [Link]

Europe eu-south-1 [Link]- Z3ULH7SSC9OV64 Z23146JA1KNAFP

(Milan) [Link]

Europe eu-west-3 [Link]- Z3Q77PNBQS71R4 Z1CMS0P5QUZ6D5

(Paris) [Link]

Europe eu-north-1 [Link]- Z23TAZ6LKFMNIO Z1UDT6IFJ4EJM

(Stockholm) [Link]

Middle East me-south-1 [Link]- ZS929ML54UICD Z3QSRYVP46NYYV

(Bahrain) [Link]

Version 1.0
240
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Route 53 Route 53 Hosted

Name Hosted Zone ID Zone ID (Network
(Application Load Load Balancers)
Balancers, Classic
Load Balancers)

South sa-east-1 [Link]- Z2P70J7HTTTPLU ZTK26PT1VY4CU

America [Link]
(São Paulo)

AWS us-gov- [Link]- Z166TLBEWOO7G0 Z1ZSMQQ6Q24QQ8

GovCloud east-1 [Link]
(US-East)

AWS us-gov- [Link]- Z33AYJ8TM3BH4J ZMG1MZ2THAWF1

GovCloud west-1 gov-
(US-West) [Link]

Service quotas
The following quotas are for Application Load Balancers.

Name Default Adjustable

Application Load Balancers per Region 20 Yes

Certificates per Application Load Balancer 25 Yes

Condition Values per Rule 5 No

Condition Wildcards per Rule 5 No

Listeners per Application Load Balancer 50 Yes

Number of times a target can be registered per 100 Yes

Application Load Balancer

Rules per Application Load Balancer 100 Yes

Target Groups per Action per Application Load Balancer 5 No

Target Groups per Application Load Balancer 100 No

Targets per Application Load Balancer 1,000 Yes

The following quotas are for Network Load Balancers.

Name Default Adjustable

Certificates per Network Load Balancer 25 Yes

Listeners per Network Load Balancer 50 No

Network Load Balancer ENIs per VPC 1,200 Yes

Network Load Balancers per Region 50 Yes

Version 1.0
241
 AWS General Reference Reference guide
Elastic Transcoder

Name Default Adjustable

Target Groups per Action per Network Load Balancer 1 No

Targets per Availability Zone per Network Load Balancer 500 Yes

Targets per Network Load Balancer 3,000 Yes

The following quotas are for target groups.

Name Default Adjustable

Target Groups per Region 3,000 Yes

Targets per Target Group per Region 1,000 Yes

The following quotas are for Classic Load Balancers.

Name Default Adjustable

Classic Load Balancers per Region 20 Yes

Listeners per Classic Load Balancer 100 Yes

Registered Instances per Classic Load Balancer 1,000 Yes

For more information, see the following:

• Quotas for your Application Load Balancers

• Quotas for your Network Load Balancers
• Quotas for your Classic Load Balancers
• Quotas for your Gateway Load Balancers

Amazon Elastic Transcoder endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
242
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Burst size of Create Job requests Each supported Region: 100 Yes

Burst size of Read Job requests Each supported Region: 50 Yes

Concurrent jobs per pipeline us-east-1: 20 Yes

us-west-2: 20

eu-west-1: 20

Each of the other supported

Regions: 12

Pipelines Each supported Region: 4 Yes

Queued jobs per pipeline Each supported Region: No

1,000,000

Rate of Create Job requests Each supported Region: 2 Yes

Rate of Read Job requests Each supported Region: 4 Yes

User-defined presets Each supported Region: 50 Yes

Version 1.0
243
 AWS General Reference Reference guide
Elastic Disaster Recovery

For more information, see Amazon Elastic Transcoder quotas in the Amazon Elastic Transcoder Developer
Guide.

AWS Elastic Disaster Recovery endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas
Name Default Adjustable

Concurrent jobs in progress Each supported Region: 20 No

Version 1.0
244
 AWS General Reference Reference guide
ElastiCache

Name Default Adjustable

Max Total source servers Per AWS Account Each supported Region: 300 Yes

Max concurrent Jobs per source server Each supported Region: 1 No

Max source servers in a single Job Each supported Region: 200 No

Max source servers in all Jobs Each supported Region: 200 No

Amazon ElastiCache endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
elasticache-fi[Link] HTTPS

elasticache-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
elasticache-fi[Link] HTTPS

elasticache-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) elasticache-fi[Link] HTTPS

elasticache-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
elasticache-fi[Link] HTTPS

elasticache-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
245
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
246
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] HTTPS

Service quotas
Name Default Adjustable

Nodes per Region Each supported Region: 300 Yes

Nodes per cluster (Memcached) Each supported Region: 40 Yes

Nodes per cluster per instance type (Redis cluster mode Each supported Region: 90 Yes
enabled)

Nodes per shard (Redis) Each supported Region: 6 No

Parameter groups per Region Each supported Region: 150 Yes

Security groups per Region Each supported Region: 50 Yes

Shards per cluster (Redis cluster mode disabled) Each supported Region: 1 No

Subnet groups per Region Each supported Region: 150 Yes

Subnets per subnet group Each supported Region: 20 Yes

Amazon MemoryDB for Redis endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
memory-db-fi[Link] HTTPS

Version 1.0
247
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California) memory-db-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
memory-db-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
248
 AWS General Reference Reference guide
Service quotas

Service quotas

Resource Default

Nodes per Region 300

Nodes per cluster per instance type 90

Nodes per shard 6

Parameter groups per Region 150

Subnet groups per Region 150

Subnets per subnet group 20

Amazon EMR endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
elasticmapreduce-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
elasticmapreduce-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) elasticmapreduce-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
elasticmapreduce-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
249
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
elasticmapreduce-fi[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
250
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

If you specify the general endpoint ([Link]), Amazon EMR directs your
request to an endpoint in the default Region. For accounts created on or after March 8, 2013, the default
Region is us-west-2; for older accounts, the default Region is us-east-1.

Service quotas
Name Default Adjustable

Replenishment rate of AddInstanceFleet calls Each supported Region: 0.5 Yes

Replenishment rate of AddInstanceGroups calls Each supported Region: 0.2 Yes

Replenishment rate of AddJobFlowSteps calls Each supported Region: 0.5 Yes

Replenishment rate of AddTags calls Each supported Region: 0.5 Yes

Replenishment rate of CancelSteps calls Each supported Region: 0.5 Yes

Replenishment rate of CreateSecurityConfiguration calls Each supported Region: 0.5 Yes

Replenishment rate of DeleteSecurityConfiguration calls Each supported Region: 0.5 Yes

Replenishment rate of DescribeCluster calls Each supported Region: 1 Yes

Replenishment rate of DescribeJobFlows calls Each supported Region: 0.2 Yes

Replenishment rate of DescribeSecurityConfiguration calls Each supported Region: 0.5 Yes

Replenishment rate of DescribeStep calls Each supported Region: 0.5 Yes

Replenishment rate of ListBootstrapActions calls Each supported Region: 1 Yes

Replenishment rate of ListClusters calls Each supported Region: 0.5 Yes

Replenishment rate of ListInstanceFleets calls Each supported Region: 0.5 Yes

Replenishment rate of ListInstanceGroups calls Each supported Region: 1 Yes

Replenishment rate of ListInstances calls Each supported Region: 0.5 Yes

Replenishment rate of ListSecurityConfigurations calls Each supported Region: 0.5 Yes

Replenishment rate of ListSteps calls Each supported Region: 0.5 Yes

Version 1.0
251
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Replenishment rate of ModifyCluster calls Each supported Region: 0.5 Yes

Replenishment rate of ModifyInstanceFleet calls Each supported Region: 0.5 Yes

Replenishment rate of ModifyInstanceGroups calls Each supported Region: 0.5 Yes

Replenishment rate of PutAutoScalingPolicy calls Each supported Region: 0.5 Yes

Replenishment rate of RemoveAutoScalingPolicy calls Each supported Region: 0.5 Yes

Replenishment rate of RemoveTags calls Each supported Region: 0.5 Yes

Replenishment rate of RunJobFlow calls Each supported Region: 0.5 Yes

Replenishment rate of SetTerminationProtection calls Each supported Region: 0.2 Yes

Replenishment rate of SetVisibleToAllUsers calls Each supported Region: 0.2 Yes

Replenishment rate of TerminateJobFlows calls Each supported Region: 0.5 Yes

The maximum number of API requests that you can make Each supported Region: 25 Yes
per second. per second

The maximum number of AddInstanceFleet API requests that Each supported Region: 5 per Yes
you can make per second. second

The maximum number of AddInstanceGroups API requests Each supported Region: 5 per Yes
that you can make per second. second

The maximum number of AddJobFlowSteps API requests Each supported Region: 10 Yes
that you can make per second. per second

The maximum number of AddTags API requests that you can Each supported Region: 5 per Yes
make per second. second

The maximum number of CancelSteps API requests that you Each supported Region: 10 Yes
can make per second. per second

The maximum number of CreateSecurityConfiguration API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of DeleteSecurityConfiguration API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of DescribeCluster API requests that Each supported Region: 10 Yes
you can make per second. per second

The maximum number of DescribeJobFlows API requests Each supported Region: 20 Yes
that you can make per second. per second

The maximum number of DescribeSecurityConfiguration API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of DescribeStep API requests that you Each supported Region: 10 Yes
can make per second. per second

The maximum number of ListBootstrapActions API requests Each supported Region: 10 Yes
that you can make per second. per second

Version 1.0
252
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

The maximum number of ListClusters API requests that you Each supported Region: 20 Yes
can make per second. per second

The maximum number of ListInstanceFleets API requests Each supported Region: 5 per Yes
that you can make per second. second

The maximum number of ListInstanceGroups API requests Each supported Region: 10 Yes
that you can make per second. per second

The maximum number of ListInstances API requests that you Each supported Region: 10 Yes
can make per second. per second

The maximum number of ListSecurityConfigurations API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of ListSteps API requests that you can Each supported Region: 10 Yes
make per second. per second

The maximum number of ModifyCluster API requests that Each supported Region: 10 Yes
you can make per second. per second

The maximum number of ModifyInstanceFleet API requests Each supported Region: 5 per Yes
that you can make per second. second

The maximum number of ModifyInstanceGroups API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of PutAutoScalingPolicy API requests Each supported Region: 5 per Yes
that you can make per second. second

The maximum number of RemoveAutoScalingPolicy API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of RemoveTags API requests that you Each supported Region: 5 per Yes
can make per second. second

The maximum number of RunJobFlow API requests that you Each supported Region: 10 Yes
can make per second. per second

The maximum number of SetTerminationProtection API Each supported Region: 5 per Yes
requests that you can make per second. second

The maximum number of SetVisibileToAllUsers API requests Each supported Region: 5 per Yes
that you can make per second. second

The maximum number of TerminateJobFlows API requests Each supported Region: 10 Yes
that you can make per second. per second

The maximum number of active clusters can be run at the Each supported Region: 500 Yes
same time

The maximum number of active instances per instance group Each supported Region: Yes
2,000

The maximum rate at which your bucket replenishes for all Each supported Region: 5 Yes
EMR operations.

Version 1.0
253
 AWS General Reference Reference guide
EventBridge

Amazon EMR throttles the following API requests for each AWS account on a per-Region basis. For more
information about how throttling is applied, see API Request Throttling in the Amazon EC2 API Reference.

Amazon EventBridge endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
events-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
events-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) events-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
events-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
254
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
For more information, see EventBridge Quotas in the Amazon EventBridge User Guide.

Version 1.0
255
 AWS General Reference Reference guide
EventBridge Schemas

Amazon EventBridge Schemas endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Version 1.0
256
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

DiscoveredSchemas Each supported Region: 200 Yes

Discoverers Each supported Region: 10 Yes

Registries Each supported Region: 10 Yes

SchemaVersions Each supported Region: 100 Yes

Schemas Each supported Region: 100 Yes

Amazon FinSpace endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service quotas
Name Default Adjustable

Attribute Sets Each supported Region: 100 Yes

Clusters per user Each supported Region: 1 No

Concurrent Changesets processing Each supported Region: 10 Yes

Version 1.0
257
 AWS General Reference Reference guide
AWS FIS

Name Default Adjustable

Concurrent data views processing Each supported Region: 10 Yes

Controlled Vocabularies and Categories Each supported Region: 100 Yes

Data views per dataset Each supported Region: 3 Yes

Datasets Each supported Region: Yes

1,500

Datasets per User Group Each supported Region: Yes

1,500

Environments Each supported Region: 2 Yes

Files per Changeset Each supported Region: No

100,000

Maximum file size per Changeset Each supported Region: 50 No

Gigabytes

Notebook storage Each supported Region: 10 No

Gigabytes

User Groups Each supported Region: 20 Yes

Users Each supported Region: 5 Yes

AWS Fault Injection Simulator endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 fi[Link] HTTPS

(Ohio)

US East (N. us-east-1 fi[Link] HTTPS

Virginia)

US West (N. us-west-1 fi[Link] HTTPS

California)

US West us-west-2 fi[Link] HTTPS

(Oregon)

Version 1.0
258
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Africa (Cape af-south-1 fi[Link] HTTPS

Town)

Asia Pacific ap-east-1 fi[Link] HTTPS

(Hong Kong)

Asia Pacific ap-south-1 fi[Link] HTTPS

(Mumbai)

Asia Pacific ap- fi[Link] HTTPS

(Seoul) northeast-2

Asia Pacific ap- fi[Link] HTTPS

(Singapore) southeast-1

Asia Pacific ap- fi[Link] HTTPS

(Sydney) southeast-2

Asia Pacific ap- fi[Link] HTTPS

(Tokyo) northeast-1

Canada ca-central-1 fi[Link] HTTPS

(Central)

Europe eu-central-1 fi[Link] HTTPS

(Frankfurt)

Europe eu-west-1 fi[Link] HTTPS

(Ireland)

Europe eu-west-2 fi[Link] HTTPS

(London)

Europe eu-south-1 fi[Link] HTTPS

(Milan)

Europe eu-west-3 fi[Link] HTTPS

(Paris)

Europe eu-north-1 fi[Link] HTTPS

(Stockholm)

Middle East me-south-1 fi[Link] HTTPS

(Bahrain)

South sa-east-1 fi[Link] HTTPS

America
(São Paulo)

Service quotas

Name Default Adjustable

Action duration Each supported Region: 12 No

Version 1.0
259
 AWS General Reference Reference guide
Firewall Manager

Name Default Adjustable

Actions per experiment template Each supported Region: 20 No

Active experiments Each supported Region: 5 No

Completed experiment data retention Each supported Region: 120 No

Experiment duration Each supported Region: 12 No

Experiment templates Each supported Region: 500 No

Parallel actions per experiment Each supported Region: 10 No

Resources per experiment target Each supported Region: 5 No

Stop conditions per experiment template Each supported Region: 5 No

AWS Firewall Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
fms-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
fms-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) fms-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
fms-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) fms-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong fms-fi[Link] HTTPS
Kong)

Version 1.0
260
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) fms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) fms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) fms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) fms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) fms-fi[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
fms-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
fms-fi[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
fms-fi[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
fms-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
fms-fi[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
fms-fi[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain) fms-fi[Link] HTTPS

Version 1.0
261
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São fms-fi[Link] HTTPS
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) fms-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) fms-fi[Link] HTTPS

Service quotas

Name Default Adjustable

AWS WAF Classic rule groups per AWS WAF Classic policy Each supported Region: 2 No

Amazon VPC instances in scope of a common security group Each supported Region: 100 Yes
policy

Applications per application list Each supported Region: 50 Yes

Audit security groups per security group content audit policy Each supported Region: 1 Yes

Custom managed application lists in any content audit Each supported Region: 1 Yes
security group policy setting

Custom managed application lists per account Each supported Region: 10 Yes

Custom managed protocol lists in any content audit security Each supported Region: 1 Yes
group policy setting

Custom managed protocol lists per account Each supported Region: 10 Yes

Explicitly included or excluded accounts per policy per Each supported Region: 200 Yes
Region

Firewall Manager policies per organization per Region Each supported Region: 20 Yes

IPV4 CIDRs for a Network Firewall policy Each supported Region: 50 No

Organizational units in scope per policy per Region Each supported Region: 20 Yes

Primary security groups per common security group policy Each supported Region: 1 Yes

Protocols per protocol list Each supported Region: 5 Yes

Route 53 Resolver DNS Firewall rule groups per DNS Firewall Each supported Region: 2 Yes
policy

Rule groups per AWS WAF policy Each supported Region: 50 Yes

Tags to include or exclude resources per policy Each supported Region: 8 Yes

Version 1.0
262
 AWS General Reference Reference guide
Forecast

Name Default Adjustable

VPCs that a single Network Firewall policy can automatically Each supported Region: No
remediate 1,000

Web ACL capacity units (WCU) used in an AWS WAF policy Each supported Region: Yes
1,500

For more information, see AWS Firewall Manager quotas in the AWS Firewall Manager Developer Guide.

Amazon Forecast endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Forecast

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
forecast-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
forecast-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
forecast-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
263
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Amazon Forecast Query

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
forecastquery-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
forecastquery-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
forecastquery-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
264
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Maximum cumulative size of all files in your Amazon S3 Each supported Region: 30 Yes
bucket Gigabytes

Maximum forecast horizon Each supported Region: 500 No

Maximum number of Explainabilities Each supported Region: No

1,000

Maximum number of Explainability exports Each supported Region: No

1,000

Maximum number of backtest windows Each supported Region: 5 No

Maximum number of columns in a related time series Each supported Region: 25 No

dataset

Maximum number of columns in a target time series dataset Each supported Region: 13 No

Maximum number of columns in an item metadata dataset Each supported Region: 10 No

Maximum number of dataset groups Each supported Region: 500 Yes

Maximum number of dataset import jobs Each supported Region: Yes

1,000

Maximum number of datasets Each supported Region: Yes

1,500

Maximum number of datasets in a dataset group Each supported Region: 3 No

Maximum number of files in your Amazon S3 bucket Each supported Region: No

10,000

Maximum number of forecast export jobs Each supported Region: Yes

1,000

Maximum number of forecasts Each supported Region: 10 Yes

Maximum number of predictor backtest export jobs Each supported Region: Yes
1,000

Maximum number of predictors Each supported Region: 500 Yes

Maximum number of rows in a dataset ap-south-1: 1,000,000,000 Yes

Each of the other supported

Regions: 3,000,000,000

Maximum number of tags you can add to a resource Each supported Region: 50 No

Maximum number of time series per predictor ap-south-1: 1,000,000 Yes

Each of the other supported

Regions: 5,000,000

Maximum parallel running CreateAutoPredictor tasks Each supported Region: 3 No

Version 1.0
265
 AWS General Reference Reference guide
Amazon Fraud Detector

Name Default Adjustable

Maximum parallel running CreateDatasetImportJob tasks Each supported Region: 3 Yes

Maximum parallel running CreateExplainability tasks Each supported Region: 3 No

Maximum parallel running CreateExplainabilityExport tasks Each supported Region: 3 No

Maximum parallel running CreateForecast tasks Each supported Region: 3 Yes

Maximum parallel running CreateForecastExportJob tasks Each supported Region: 3 Yes

Maximum parallel running CreatePredictor tasks Each supported Region: 3 Yes

Maximum parallel running CreatePredictor tasks using Each supported Region: 3 Yes
AutoML

Maximum parallel running Each supported Region: 3 Yes

CreatePredictorBacktestExportJob tasks

Maximum parallel running QueryForecast API tasks Each supported Region: 10 No

Maximum parallel running Stop jobs per resource type Each supported Region: 3 No

Maximum time for which a forecast can be queried on Each supported Region: 30 No
console or QueryForecast API

The maximum number of AutoPredictors Each supported Region: 500 No

Amazon Fraud Detector endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
266
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Concurrent training jobs per model Each supported Region: 1 No

Deployed model versions Each supported Region: 5 No

Detectors per account Each supported Region: 100 No

EntityType per account Each supported Region: 100 No

EventType per account Each supported Region: 100 No

Labels per account Each supported Region: 100 No

Models including external models per detector version Each supported Region: 10 No

Models per account Each supported Region: 50 No

Outcomes per account Each supported Region: No

5,000

Rate of GetPrediction requests Each supported Region: 200 Yes

Rules per account Each supported Region: No

5,000

Size of GetPrediction requests Each supported Region: 256 No

Kilobytes

Total concurrent Event Type statistics update operations Each supported Region: 1 Yes

Total concurrent training jobs Each supported Region: 3 No

Training data size Each supported Region: 5 No

Gigabytes

Variables per account Each supported Region: No

5,000

Versions per detector Each supported Region: 100 No

Versions per model Each supported Region: 200 No

For more information, see Quotas in the Amazon Fraud Detector User Guide.

Version 1.0
267
 AWS General Reference Reference guide
FreeRTOS

FreeRTOS endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The following tables provide a list of Region-specific endpoints that FreeRTOS supports for Over-the-Air
functionality. The FreeRTOS console is also supported in these Regions.

FreeRTOS OTA Control Plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
268
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

FreeRTOS OTA Data Plane

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefi[Link] MQTT

US East (N. us-east-1 prefi[Link] MQTT

Virginia)

US West (N. us-west-1 prefi[Link] MQTT

California)

US West us-west-2 prefi[Link] MQTT

(Oregon)

Asia Pacific ap-east-1 prefi[Link] MQTT

(Hong Kong)

Asia Pacific ap-south-1 prefi[Link] MQTT

(Mumbai)

Asia Pacific ap-northeast-2 prefi[Link] MQTT

(Seoul)

Asia Pacific ap-southeast-1 prefi[Link] MQTT

(Singapore)

Version 1.0
269
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

Asia Pacific ap-southeast-2 prefi[Link] MQTT

(Sydney)

Asia Pacific ap-northeast-1 prefi[Link] MQTT

(Tokyo)

Canada ca-central-1 prefi[Link] MQTT

(Central)

Europe eu-central-1 prefi[Link] MQTT

(Frankfurt)

Europe eu-west-1 prefi[Link] MQTT

(Ireland)

Europe eu-west-2 prefi[Link] MQTT

(London)

Europe (Paris) eu-west-3 prefi[Link] MQTT

Europe eu-north-1 prefi[Link] MQTT

(Stockholm)

Middle East me-south-1 prefi[Link] MQTT

(Bahrain)

South America sa-east-1 prefi[Link] MQTT

(São Paulo)

Service quotas
FreeRTOS OTA Resource Quotas

Resource Default

File size 16MB

FreeRTOS OTA Throttling

API Transactions Per Second

CreateOTAUpdate 10 TPS

DeleteOTAUpdate 5 TPS

GetOTAUpdate 15 TPS

ListOTAUpdates 15 TPS

Amazon FSx endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
270
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
271
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) fsx-fi[Link] HTTPS

fsx-fi[Link] HTTPS

Version 1.0
272
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Lustre Persistent HDD storage capacity (per file system) Each supported Region: Yes
102,000

Lustre Persistent_1 file systems Each supported Region: 100 Yes

Lustre Persistent_1 storage capacity Each supported Region: Yes

100,800

Lustre Scratch file systems Each supported Region: 100 Yes

Lustre Scratch storage capacity Each supported Region: Yes

100,800

Lustre backups Each supported Region: 500 Yes

ONTAP SSD IOPS Each supported Region: Yes

1,000,000

ONTAP SSD storage capacity Each supported Region: Yes

524,288

ONTAP backups Each supported Region: Yes

10,000

ONTAP file systems Each supported Region: 100 Yes

ONTAP throughput capacity Each supported Region: Yes

10,240

Windows HDD storage capacity Each supported Region: Yes

524,288

Windows SSD storage capacity Each supported Region: Yes

524,288

Windows backups Each supported Region: 500 Yes

Windows file systems Each supported Region: 100 Yes

Windows throughput capacity Each supported Region: Yes

10,240

For more information, see the following:

• FSx for Lustre quotas in the Amazon FSx for Lustre User Guide
• FSx for ONTAP quotas in the FSx for ONTAP User Guide
• FSx for OpenZFS quotas in the FSx for OpenZFS User Guide
• FSx for Windows quotas in the Amazon FSx for Windows File Server User Guide

Version 1.0
273
 AWS General Reference Reference guide
GameLift

Amazon GameLift endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
274
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

Aliases per region Each supported Region: 100 Yes

Build capacity Each supported Region: 100 No

Gigabytes

Builds per region Each supported Region: Yes

1,000

Fleets per region Each supported Region: 20 Yes

Game server groups per region Each supported Region: 20 Yes

Game servers per game server group Each supported Region: Yes
1,000

Game session log file size Each supported Region: 200 No

Megabytes

Game session queues per region Each supported Region: 20 Yes

Instances per region Each supported Region: 20 Yes

Player sessions per game session Each supported Region: 200 No

Queue destinations per game session queue Each supported Region: 10 Yes

Scripts per region Each supported Region: Yes

1,000

Server processes per instance (GameLift SDK v2) Each supported Region: 1 No

Server processes per instance (GameLift SDK v3 and up) Each supported Region: 50 No

Amazon S3 Glacier endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
275
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS
glacier-fi[Link]
HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS
glacier-fi[Link]
HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California) glacier-fi[Link]
HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS
glacier-fi[Link]
HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Version 1.0
276
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS
glacier-fi[Link]
HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East) [Link]
HTTPS

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West) [Link]
HTTPS

Service quotas

Name Default Adjustable

Archive size in GB. Each supported Region: No

40,000 Gigabytes

Version 1.0
277
 AWS General Reference Reference guide
Global Accelerator

Name Default Adjustable

Archive size. Each supported Region: 4 No

Megabytes

Multipart parts size. Each supported Region: 4 No

Gigabytes

Number of multipart parts. Each supported Region: No

10,000

Number of random restore requests. Each supported Region: 35 No

Number of vault tags. Each supported Region: 50 No

Provisioned capacity units Each supported Region: 2 No

Vaults per account Each supported Region: No

1,000

AWS Global Accelerator endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol Amazon
Name Route 53
Hosted
Zone ID*

US West us-west-2 [Link] HTTPS Z2BJ6XQ5FK7U4H

(Oregon)
Region

Service quotas
Name Default Adjustable

Accelerators per AWS account Each supported Region: 20 Yes

Endpoint groups per accelerator Each supported Region: 42 No

Endpoints per endpoint group - Application Load Balancers Each supported Region: 10 No

Endpoints per endpoint group - EC2 instances Each supported Region: 10 Yes

Endpoints per endpoint group - Elastic IP addresses Each supported Region: 10 Yes

Endpoints per endpoint group - Network Load Balancers Each supported Region: 10 No

Version 1.0
278
 AWS General Reference Reference guide
AWS Glue

Name Default Adjustable

Endpoints per endpoint group - VPC subnets Each supported Region: 10 Yes

Endpoints per endpoint group - more than one endpoint Each supported Region: 10 No
type

Listeners per accelerator Each supported Region: 10 Yes

Port overrides per endpoint group Each supported Region: 10 Yes

Port ranges per listener Each supported Region: 10 No

Tags per accelerator Each supported Region: 50 No

AWS Glue endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
glue-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
glue-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) glue-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
glue-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
279
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) glue-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) glue-fi[Link] HTTPS

Version 1.0
280
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Concurrent machine learning task runs per transform Each supported Region: 3 Yes

Label file size Each supported Region: 10 Yes

Megabytes

Max concurrent job runs per account Each supported Region: 200 Yes

Max concurrent job runs per job Each supported Region: Yes
1,000

Max connection per account Each supported Region: Yes

1,000

Max databases per account Each supported Region: Yes

10,000

Max databases per catalog Each supported Region: Yes

10,000

Max development endpoint per account Each supported Region: 25 Yes

Max dpus per dev endpoint Each supported Region: 50 Yes

Max functions per account Each supported Region: 100 Yes

Max functions per database Each supported Region: 100 Yes

Max jobs per account Each supported Region: Yes

1,000

Max jobs per trigger Each supported Region: 50 Yes

Max partitions per account Each supported Region: Yes

20,000,000

Max partitions per table Each supported Region: Yes

10,000,000

Max security configurations per account Each supported Region: 250 Yes

Max table versions per account Each supported Region: Yes

1,000,000

Max table versions per table Each supported Region: Yes

100,000

Max tables per account Each supported Region: Yes

1,000,000

Max tables per database Each supported Region: Yes

200,000

Max task dpus per account us-east-1: 1,000 Yes

us-east-2: 1,000

us-west-2: 1,000

Version 1.0
281
 AWS General Reference Reference guide
Amazon Managed Grafana

Name Default Adjustable

ap-northeast-1: 1,000

ap-southeast-2: 1,000

eu-west-1: 1,000

Each of the other supported

Regions: 500

Max triggers per account Each supported Region: Yes

1,000

Number of Schema Registries. Each supported Region: 10 Yes

Number of Schema Versions. Each supported Region: Yes

1,000

Number of crawlers per account Each supported Region: Yes

1,000

Number of crawlers running concurrently per account Each supported Region: 150 Yes

Number of machine learning transforms Each supported Region: 100 Yes

Number of metadata key value pairs per Schema Version. Each supported Region: 10 No

Number of workflows Each supported Region: 250 Yes

Total concurrent machine learning task runs for transforms Each supported Region: 30 Yes
per account

For more information, see AWS Glue in the AWS GovCloud (US) User Guide.

Amazon Managed Grafana endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
282
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Resource Default Quota

Alerts 100 per workspace.

API operations. The APIs are not yet CreateWorkspace and DeleteWorkspace: 1 transaction per
available publicly, but the following second (TPS), with a burst limit of 5 TPS.
quotas apply to API operations that
result from your actions in the Amazon DescribeWorkspace and ListWorkspaces: 5 transaction per
Managed Grafana console. second (TPS), with a burst limit of 10 TPS.

UpdateWorkspace, ListPermissions, and UpdatePermissions:

10 transaction per second (TPS), with a burst limit of 25 TPS.

AssociateLicense and DisassociateLicense: 1 transaction per

second (TPS), with a burst limit of 5 TPS.

DescribeWorkspaceAuthentication and
UpdateWorkspaceAuthentication: 1 transaction per second
(TPS), with a burst limit of 5 TPS.

Dashboards 100 per workspace.

Data sources 100 per workspace.

Users 500 per workspace.

Workspaces per Region per account 5

Version 1.0
283
 AWS General Reference Reference guide
DataBrew

AWS Glue DataBrew endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Version 1.0
284
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Concurrent jobs per AWS account Each supported Region: 10 Yes

Datasets per AWS account Each supported Region: 100 Yes

Jobs per AWS account Each supported Region: 100 Yes

Node capacity per AWS account Each supported Region: 300 Yes

Open projects per AWS account Each supported Region: 10 Yes

Projects per AWS account Each supported Region: 100 Yes

Recipes per AWS account Each supported Region: 100 Yes

Rules per ruleset Each supported Region: 100 Yes

Rulesets per AWS account Each supported Region: 100 Yes

Rulesets per dataset Each supported Region: 10 Yes

Schedules per AWS account Each supported Region: 10 Yes

Versions per recipe Each supported Region: 100 Yes

Version 1.0
285
 AWS General Reference Reference guide
AWS Ground Station

AWS Ground Station endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
groundstation-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
groundstation-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
groundstation-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
286
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Config limit Each supported Region: 100 Yes

Contact Lead Time Maximum Each supported Region: 7 Yes

Dataflow endpoint group limit Each supported Region: 100 Yes

Dataflow endpoints per group limit Each supported Region: 20 Yes

Maximum Contact Duration Each supported Region: 20 Yes

Mission profile limit Each supported Region: 100 Yes

Scheduled Contacts Limit Each supported Region: 100 Yes

Scheduled Minutes Limit Each supported Region: Yes

1,000

Amazon GuardDuty endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
guardduty-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
guardduty-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) guardduty-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
guardduty-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific

Version 1.0
287
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
288
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

Detectors Each supported Region: 1 No

Filters Each supported Region: 100 Yes

Finding retention period Each supported Region: 90 No

Member accounts Each supported Region: No

5,000

Threat intel sets Each supported Region: 6 Yes

Trusted IP sets Each supported Region: 1 No

AWS Health endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
health-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
289
 AWS General Reference Reference guide
HealthLake

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) health-fi[Link] HTTPS

For more information, see Accessing the AWS Health API in the AWS Health User Guide.

Amazon HealthLake endpoints and quotas

Regions and endpoints for Amazon HealthLake
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Throttling and quotas for Amazon HealthLake

The following table describes throttling limits for resource management within Amazon HealthLake for
each customer account. For information about limits that can be changed, see AWS Service Limits. For all
operations, users will receive a ThrottlingException error message if throttling limits are exceeded.

A maxmimum quota of ten Data Stores are allowed per an account. For information about requesting a
quota increase, see the console support center to create a case.

Description Limit in Transactions per second(TPS) or

requests per minute

CreateFHIRDatastore and DeleteFHIRDatastore 1 request per minute

DescribeFHIRDatastore 10 TPS

ListFHIRDatastores 10 TPS

CreateResource, ReadResource, DeleteResource 20 TPS

UpdateResource 100 TPS

GetCapabilities 10 TPS

SearchWithGet and SearchWithPost 100 TPS

StartFHIRImportJob and StartFHIRExportJob 1 request per minute, only 1 job permitted at a

time

Version 1.0
290
 AWS General Reference Reference guide
Amazon Honeycode

Description Limit in Transactions per second(TPS) or

requests per minute

DescribeFHIRImportJob, DescribeFHIRExportJob, 10 TPS

ListFHIRImportJob, ListFHIRExportJob

ListFHIRImportJobs, ListFHIRExportJobs 10 TPS

TagResource, UntagResource, ListTagsforResource 10 TPS

Maximum characters for a medical note 40,000 characters

within the DocumentReference ResourceType
(CreateResource/UpdateResource)

The following table lists the quotas for Import jobs.

Description Limit

Maximum import job size 50 GB

Maximum import file size 50 MB

Maximum number of files 10,000

Supported file extension '.ndjson'

Amazon Honeycode endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Honeycode has a single endpoint: [Link] (HTTPS).

AWS Identity and Access Management endpoints

and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
291
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)
iam-fi[Link] HTTPS

iam-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
292
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] HTTPS

Service quotas

Name Default Adjustable

Access keys per user Each supported Region: 2 No

Customer managed policies per account Each supported Region: Yes

1,500

Groups per account Each supported Region: 300 Yes

IAM groups per user Each supported Region: 10 No

Identity providers per IAM SAML provider object Each supported Region: 10 No

Version 1.0
293
 AWS General Reference Reference guide
IAM Access Analyzer

Name Default Adjustable

Instance profiles per account Each supported Region: Yes

1,000

Keys per SAML provider Each supported Region: 10 No

MFA devices per user Each supported Region: 1 No

Managed policies per group Each supported Region: 10 No

Managed policies per role Each supported Region: 10 Yes

Managed policies per user Each supported Region: 10 Yes

Managed policy length Each supported Region: No

6,144

OpenId connect providers per account Each supported Region: 100 No

Role trust policy length Each supported Region: Yes

2,048

Roles per account Each supported Region: Yes

1,000

SAML providers per account Each supported Region: 100 No

SSH Public keys per user Each supported Region: 5 No

Server certificates per account Each supported Region: 20 Yes

Signing certificates per user Each supported Region: 2 No

Tags per role Each supported Region: 50 No

Tags per user Each supported Region: 50 No

Users per account Each supported Region: No

5,000

Versions per managed policy Each supported Region: 5 No

For more information about IAM quotas, see IAM and AWS STS quotas in the IAM User Guide.

IAM Access Analyzer endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
294
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
access-analyzer-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
access-analyzer-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) access-analyzer-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
access-analyzer-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
295
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1
access-analyzer-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Access previews per analyzer per hour Each supported Region: Yes
1,000

Analyzers with an account zone of trust Each supported Region: 1 No

Analyzers with an organization zone of trust Each supported Region: 5 Yes

Archive rules per analyzer Each supported Region: 100 Yes

CloudTrail log files processed per policy generation Each supported Region: No
100,000

Version 1.0
296
 AWS General Reference Reference guide
AWS Import/Export

Name Default Adjustable

Concurrent policy generations Each supported Region: 1 No

Policy generation CloudTrail data size Each supported Region: 25 No

Gigabytes

Policy generation CloudTrail time range Each supported Region: 90 No

Policy generations per day af-south-1: 5 No

ap-east-1: 5

eu-south-1: 5

me-south-1: 5

Each of the other supported

Regions: 50

AWS Import/Export endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Endpoint Protocol

[Link] HTTPS

AWS Systems Manager Incident Manager

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Incident Manager, a feature of AWS Systems Manager, isn't supported in all Systems Manager Regions.
The following shows the Regions supported by Incident Manager.

Version 1.0
297
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
298
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US West (N. California) us-west-1 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (London) eu-west-2 [Link]- HTTPS

[Link]

Europe (Paris) eu-west-3 [Link]- HTTPS

[Link]

Europe (Stockholm) eu-north-1 [Link]- HTTPS

[Link]

South America (São sa-east-1 [Link]- HTTPS

Paulo) [Link]

Service quotas
Incident Manager incidents

Name Default Adjustable

All other operations requests per second Each supported Region: 10 Yes

Version 1.0
299
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

CreateReplicationSet requests per second Each supported Region: 1 Yes

CreateResponsePlan requests per second Each supported Region: 5 Yes

CreateTimelineEvent requests per second Each supported Region: 5 Yes

DeleteIncidentRecord requests per second Each supported Region: 5 Yes

DeleteReplicationSet requests per second Each supported Region: 1 Yes

DeleteResourcePolicy requests per second Each supported Region: 5 Yes

DeleteResponsePlan requests per second Each supported Region: 5 Yes

DeleteTimelineEvent requests per second Each supported Region: 5 Yes

Incidents per response plan per month Each supported Region: 200 Yes

PutResourcePolicy requests per second Each supported Region: 5 Yes

Regions per replication set Each supported Region: 3 No

Related items per incident Each supported Region: 50 Yes

Replication sets per account Each supported Region: 1 No

StartIncident requests per second Each supported Region: 5 Yes

TagResource requests per second Each supported Region: 5 Yes

Timeline events per incident Each supported Region: Yes

1,000

UntagResource requests per second Each supported Region: 5 Yes

UpdateDeleteProtection requests per second Each supported Region: 1 Yes

UpdateIncidentRecord requests per second Each supported Region: 5 Yes

UpdateRelatedItems requests per second Each supported Region: 5 Yes

UpdateReplicationSet requests per second Each supported Region: 1 Yes

UpdateResponsePlan requests per second Each supported Region: 5 Yes

UpdateTimelineEvent requests per second Each supported Region: 5 Yes

Incident Manager contacts

Resource Default

Contact per account 1000

Stages per plan 5

Contact channels per stage 10

Version 1.0
300
 AWS General Reference Reference guide
Amazon Inspector

Resource Default

Email engagements per .05

contact per second

SMS engagements per .05

contact per second

SNS engagements per .05

contact per second

Voice engagements per .01

contact per second

Push notification .05

engagements per contact
per second

StartEngagement requests 2
per second

DescribeEngagement 1
requests per second

DescribePage requests per 1

second

ListEngagements requests 1
per second

ListPageReceipts requests 1
per second

ListPagesByContact requests 1
per second

ListPagesByEngagement 1
requests per second

StopEngagement requests 10
per second

All other API requests per 1

second

Amazon Inspector endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
301
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
inspector-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
inspector-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) inspector-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
inspector-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) inspector-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) inspector-fi[Link] HTTPS

Version 1.0
302
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Assessment Targets Each supported Region: 50 Yes

Assessment Templates Each supported Region: 500 Yes

Assessment runs Each supported Region: Yes

50,000

Instances in running assessments Each supported Region: 500 Yes

For more information, see the Amazon Inspector quotas in the Amazon Inspector User Guide.

AWS IoT 1-Click endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS IoT 1-Click Projects API

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
303
 AWS General Reference Reference guide
Service quotas

For more information, see the AWS IoT 1-Click Projects API Reference.

AWS IoT 1-Click Devices API

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)

For more information, see the AWS IoT 1-Click Devices API Reference.

Service quotas
Name Default Adjustable

AssociateDeviceWithPlacement API TPS Each supported Region: 10 No

CreatePlacement API TPS Each supported Region: 10 No

CreateProject API TPS Each supported Region: 10 No

DeletePlacement API TPS Each supported Region: 10 No

DeleteProject API TPS Each supported Region: 10 No

DescribePlacement API TPS Each supported Region: 10 No

DescribeProject API TPS Each supported Region: 10 No

DisassociateDeviceFromPlacement API TPS Each supported Region: 10 No

GetDevicesInPlacement API TPS Each supported Region: 10 No

ListPlacements API TPS Each supported Region: 10 No

ListProjects API TPS Each supported Region: 10 No

ListTagsForResource API TPS Each supported Region: 10 No

TagResource API TPS Each supported Region: 10 No

UntagResource API TPS Each supported Region: 10 No

UpdatePlacement API TPS Each supported Region: 10 No

UpdateProject API TPS Each supported Region: 10 No

AWS IoT Analytics endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
304
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
Name Default Adjustable

Activities per pipeline Each supported Region: 25 No

Batch size of BatchPutMessage messages Each supported Region: 100 No

Channels per account Each supported Region: 50 Yes

Concurrent container dataset runs Each supported Region: 20 No

Concurrent data set content generation Each supported Region: 2 No

Container datasets triggered per SQL data set Each supported Region: 10 No

Data sets per account Each supported Region: 100 Yes

Data stores per account Each supported Region: 25 Yes

Depth of Parquet SchemaDefinition column Each supported Region: 100 Yes

Minimum data set refresh interval Each supported Region: 15 Yes

Number of Parquet SchemaDefinition columns Each supported Region: 100 Yes

Version 1.0
305
 AWS General Reference Reference guide
AWS IoT Core

Name Default Adjustable

Number of StartPipelineReprocessing requests Each supported Region: Yes

1,000

Number of partitions in a data store Each supported Region: Yes

100,000

Pipelines per account Each supported Region: 100 Yes

Rate of BatchPutMessage messages Each supported Region: Yes

100,000

Rate of CreateDatasetContent requests Each supported Region: 1 Yes

Rate of RunPipelineActivity requests Each supported Region: 1 Yes

Rate of SampleChannelData requests Each supported Region: 1 Yes

Size of BatchPutMessage messages Each supported Region: 128 No

Kilobytes

For more information, see AWS IoT Analytics quotas in the AWS IoT Analytics User Guide.

AWS IoT Core endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The following sections describe the service endpoints for AWS IoT Core.
Note
You can use these endpoints to perform the operations in the AWS IoT API Reference. The
endpoints in the following sections are different from the device endpoints, which provide
devices an MQTT publish/subscribe interface and a subset of the API operations. For more
information about the data, credential access, and job management endpoints used by devices,
see AWS IoT device endpoints.
For information about connecting to and using the AWS IoT endpoints, see Connecting devices
to AWS IoT in the AWS IoT Developer Guide.

Topics
• AWS IoT Core - control plane endpoints (p. 307)
• AWS IoT Core - data plane endpoints (p. 308)
• AWS IoT Device Management - jobs data endpoints (p. 310)
• AWS IoT Device Management - secure tunneling endpoints (p. 312)
• AWS IoT Core for LoRaWAN API endpoints (p. 313)
• AWS IoT FIPS endpoints (p. 315)

Version 1.0
306
 AWS General Reference Reference guide
Service endpoints

AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations.
For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS
IoT operations in the AWS IoT API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
iot-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
iot-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) iot-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
iot-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
iot-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
307
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) iot-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) iot-fi[Link] HTTPS

AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the
AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint
CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Data-ATS

This command returns your data plane API endpoint in the following format:

[Link]

For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT
data plane operations in the AWS IoT API Reference.

The following table contains generic representations of the AWS account-specific endpoints for each
AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces data shown in the generic endpoint representation.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

Version 1.0
308
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
[Link]-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
309
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link]-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link] HTTPS

AWS IoT Device Management - jobs data endpoints

The AWS IoT Device Management - jobs data endpoints are specific to each AWS account and AWS
Region. To find the AWS IoT Device Management - jobs data endpoint for your AWS account and AWS
Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Jobs

This command returns your Jobs data plane API endpoint in the following format:

[Link].

For information about the actions supported by the AWS IoT Device Management - jobs dat endpoints,
see AWS IoT jobs data plane operations in the AWS IoT API Reference.

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data
operations. In the Endpoint column, the account-specific-prefix from your Account-specific
endpoint replaces prefix shown in the generic endpoint representation.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
310
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

China cn-north-1 [Link] HTTPS

(Beijing)

China cn- [Link]- HTTPS

(Ningxia) northwest-1 [Link]

Europe eu- [Link] HTTPS

(Frankfurt)) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
311
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

AWS IoT Device Management - secure tunneling endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for secure
tunneling operations. For more information, see AWS IoT secure tunneling operations in the AWS IoT API
Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
312
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1
[Link]-fi[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link]-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link]-gov- HTTPS
[Link]

AWS IoT Core for LoRaWAN API endpoints

AWS IoT Core for LoRaWAN provides control plane and data plane endpoints for its API.

AWS IoT Core for LoRaWAN control plane API endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Core for LoRaWAN supports
for operations to manage LoRaWAN gateways and devices.

Region Name Region Endpoint Protocol

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
313
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Europe eu-west-1 [Link] HTTPS

(Ireland)

Asia Pacific ap-northeast-1 [Link] HTTPS

(Tokyo)

Asia Pacific ap-southeast-2 [Link] HTTPS

(Sydney)

AWS IoT Core for LoRaWAN data plane API endpoints

The data plane API endpoints are specific to each AWS Account and Region. To find the data plane API
endpoint for your AWS Account and Region, use the get-service-endpoint CLI command shown here, or
the GetServiceEndpoint REST API.

aws iotwireless get-service-endpoint

This command returns information about:

• The service type for which you want to get endpoint information about, which can be CUPS or LNS.
• The CUPS or LNS server trust certificate depending on the endpoint specified.
• Your data plane API endpoint in the following format:

[Link]

where service can be cups or lns.

The following table contains generic representations of the AWS Account-specific LNS endpoints for each
Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix from
your Account-specific endpoint replaces prefix shown in the generic endpoint representation.

LNS endpoints

Region Name Region Endpoint Protocol

US East (N. us-east-1 [Link] WSS

Virginia)

US West us-west-2 [Link] WSS

(Oregon)

Europe eu-west-1 [Link] WSS

(Ireland)

Asia Pacific ap-northeast-1 [Link]- WSS

(Tokyo) [Link]

Asia Pacific ap-southeast-2 [Link]- WSS

(Sydney) [Link]

The following table contains generic representations of the AWS Account-specific CUPS endpoints for
each Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces prefix shown in the generic endpoint representation.

Version 1.0
314
 AWS General Reference Reference guide
Service quotas

CUPS endpoints

Region Name Region Endpoint Protocol

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Asia Pacific ap-northeast-1 [Link]- HTTPS

(Tokyo) [Link]

Asia Pacific ap-southeast-2 [Link]- HTTPS

(Sydney) [Link]

AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2.
Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from
FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see
Connecting to AWS IoT FIPS endpoints.

Service quotas
Contents
• AWS IoT Core rules engine limits and quotas (p. 315)
• AWS IoT Core API throttling limits (p. 318)
• AWS IoT Core for LoRaWAN limits and quotas (p. 334)
• AWS IoT Core Device Shadow service limits and quotas (p. 343)
• AWS IoT Core Fleet Provisioning limits and quotas (p. 345)
• AWS IoT Core message broker and protocol limits and quotas (p. 346)
• AWS IoT Core protocol-related limits and quotas (p. 354)
• AWS IoT Core credential provider limits and quotas (p. 354)
• AWS IoT Core security and identity limits and quotas (p. 355)
• MQTT-based File Delivery (p. 358)
• AWS IoT Core Device Advisor limits and quotas (p. 359)

AWS IoT Core rules engine limits and quotas

This section describes the limits and quotas of the AWS IoT Core rules engine.

AWS IoT Core rules engine

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 No
number of entries

Version 1.0
315
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions
Maximum number in the rule's
of actions per actions property.
rule

The maximum 1000 1000 Yes

number of rules
Maximum number that can be
of rules per defined in a single
AWS account AWS account.

The maximum 20000 2000 Yes

number of rules
Rule that can be
evaluations evaluated per
per second per second per AWS
AWS account account. This
quota includes
rule evaluations
that result from
inbound Basic
Ingest messages.

The maximum 256 Kilobytes 256 Kilobytes No

size that a
Rule size rule document
definition can
contain, measured
by number of
UTF-8 encoded
characters,
including white
spaces.

*
Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong
Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central),
China (Ningxia)

AWS IoT Core rules engine HTTP actions limits and quotas
AWS IoT Core HTTP action

Limit display name Description Default value Adjustable

Maximum length of an 2 Kilobytes No

endpoint URL for topic
HTTP Action: rule HTTP Action.
Maximum length of
an endpoint URL

Maximum number 100 No

of headers per HTTP
HTTP Action: action. When specifying
Maximum number of the list of headers to
headers per action
Version 1.0
316
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

include in the HTTP
request, it must contain
a header key and a
header value. To learn
more, see https://
[Link]/
iot/latest/
developerguide/https-
[Link].

Maximum size of a 256 Bytes No

header key for topic
HTTP Action: rule HTTP action.
Maximum size of a The header file for a
header key HTTP request includes
this header key and a
header value.

Maximum number of 1000 No

topic rule destinations
HTTP Action: per AWS account
Maximum topic rule for topic rule HTTPS
destinations per action. You must
AWS account confirm and enable
HTTPS endpoints
before the rules engine
can use them. For
more information,
see https://
[Link]/
iot/latest/
developerguide/rule-
[Link].

Request timeout for 3000 Milliseconds No

topic rule HTTP action.
HTTP Action: The AWS IoT rules
Request timeout engine retries the
HTTPS action until the
total time to complete
a request exceeds the
timeout quota.

Resource Value Adjustable

TCP ports used for HTTP actions 443, 8443 No

AWS IoT Core rules engine Apache Kafka actions limits and quotas

Resource Limits

Bootstrap server ports 9000-9100

Version 1.0
317
 AWS General Reference Reference guide
Service quotas

Resource Limits

Kerberos key distribution center (KDC) 88

AWS IoT Core rules engine VPC actions limits and quotas

Resource Quota

Maximum number of VPC destinations 5 per account per Region

AWS IoT Core API throttling limits

This table describes the maximum number of transactions per second (TPS) that can be made to each of
these AWS IoT Core API actions.

AWS IoT Core API rate limits

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
AcceptCertificateTransfer
transactions per
API TPS second (TPS)
that can be
made for the
AcceptCertificateTransfer
API.

The maximum 15 15 Yes

number of
AttachPolicy transactions per
API TPS second (TPS) that
can be made for
the AttachPolicy
API.

The maximum 15 15 Yes

number of
AttachPrincipalPolicy
transactions per
API TPS second (TPS)
that can be
made for the
AttachPrincipalPolicy
API.

The maximum 10 10 Yes

number of
CancelCertificateTransfer
transactions per
API TPS second (TPS)
that can be
made for the
CancelCertificateTransfer
API.

Version 1.0
318
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
ClearDefaultAuthorizer
transactions per
API TPS second (TPS)
that can be
made for the
ClearDefaultAuthorizer
API.

The maximum 10 10 No
number of
CreateAuthorizertransactions per
API TPS second (TPS)
that can be
made for the
CreateAuthorizer
API.

The maximum 15 15 Yes

number of
CreateCertificateFromCsr
transactions per
API TPS second (TPS)
that can be
made for the
CreateCertificateFromCsr
API.

The maximum 1 1 No
number of
CreateDomainConfiguration
transactions per
API TPS second (TPS)
that can be
made for the
CreateDomainConfiguration
API.

The maximum 10 10 Yes

number of
CreateKeysAndCertificate
transactions per
API TPS second (TPS)
that can be
made for the
CreateKeysAndCertificate
API.

The maximum 10 10 Yes

number of
CreatePolicy transactions per
API TPS second (TPS) that
can be made for
the CreatePolicy
API.

Version 1.0
319
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
CreatePolicyVersion
transactions per
API TPS second (TPS)
that can be
made for the
CreatePolicyVersion
API.

The maximum 10 10 Yes

number of
CreateProvisioningClaim
transactions per
API TPS second (TPS)
that can be
made for the
CreateProvisioningClaim
API.

The maximum 10 10 No
number of
CreateProvisioningTemplate
transactions per
API TPS second (TPS)
that can be
made for the
CreateProvisioningTemplate
API.

The maximum 10 10 No
number of
CreateProvisioningTemplateVersion
transactions per
API TPS second (TPS)
that can be
made for the
CreateProvisioningTemplateVersion
API.

The maximum 10 10 No
number of
CreateRoleAlias transactions per
API TPS second (TPS)
that can be
made for the
CreateRoleAlias
API.

The maximum 5 5 No
number of
CreateTopicRule transactions per
API TPS second (TPS)
that can be
made for the
CreateTopicRule
API.

Version 1.0
320
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 5 5 No
number of
CreateTopicRuleDestination
transactions per
API TPS second (TPS)
that can be
made for the
CreateTopicRuleDestination
API.

The maximum 10 10 No
number of
DeleteAuthorizertransactions per
API TPS second (TPS)
that can be
made for the
DeleteAuthorizer
API.

The maximum 10 10 Yes

number of
DeleteCACertificate
transactions per
API TPS second (TPS)
that can be
made for the
DeleteCACertificate
API.

The maximum 10 10 Yes

number of
DeleteCertificate
transactions per
API TPS second (TPS)
that can be
made for the
DeleteCertificate
API.

The maximum 10 10 No
number of
DeleteDomainConfiguration
transactions per
API TPS second (TPS)
that can be
made for the
DeleteDomainConfiguration
API.

The maximum 10 10 Yes

number of
DeletePolicy transactions per
API TPS second (TPS) that
can be made for
the DeletePolicy
API.

Version 1.0
321
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
DeletePolicyVersion
transactions per
API TPS second (TPS)
that can be
made for the
DeletePolicyVersion
API.

The maximum 10 10 Yes

number of
DeleteProvisioningTemplate
transactions per
API TPS second (TPS)
that can be
made for the
DeleteProvisioningTemplate
API.

The maximum 10 10 No
number of
DeleteProvisioningTemplateVersion
transactions per
API TPS second (TPS)
that can be
made for the
DeleteProvisioningTemplateVersion
API.

The maximum 10 10 Yes

number of
DeleteRegistrationCode
transactions per
API TPS second (TPS)
that can be
made for the
DeleteRegistrationCode
API.

The maximum 10 10 No
number of
DeleteRoleAlias transactions per
API TPS second (TPS)
that can be
made for the
DeleteRoleAlias
API.

The maximum 20 5 No
number of
DeleteTopicRule transactions per
API TPS second (TPS)
that can be
made for the
DeleteTopicRule
API.

Version 1.0
322
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 5 5 No
number of
DeleteTopicRuleDestination
transactions per
API TPS second (TPS)
that can be
made for the
DeleteTopicRuleDestination
API.

The maximum 2 2 No
number of
DeleteV2LoggingLevel
transactions per
API TPS second (TPS)
that can be
made for the
DeleteV2LoggingLevel
API.

The maximum 10 10 Yes

number of
DescribeAuthorizer
transactions per
API TPS second (TPS)
that can be
made for the
DescribeAuthorizer
API.

The maximum 10 10 Yes

number of
DescribeCACertificate
transactions per
API TPS second (TPS)
that can be
made for the
DescribeCACertificate
API.

The maximum 10 10 Yes

number of
DescribeCertificate
transactions per
API TPS second (TPS)
that can be
made for the
DescribeCertificate
API.

The maximum 10 10 Yes

number of
DescribeCertificateTag
transactions per
API TPS second (TPS)
that can be
made for the
DescribeCertificateTag
API.

Version 1.0
323
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
DescribeDefaultAuthorizer
transactions per
API TPS second (TPS)
that can be
made for the
DescribeDefaultAuthorizer
API.

The maximum 10 10 Yes

number of
DescribeDomainConfiguration
transactions per
API TPS second (TPS)
that can be
made for the
DescribeDomainConfiguration
API.

The maximum 10 10 No
number of
DescribeEndpointtransactions per
API TPS second (TPS)
that can be
made for the
DescribeEndpoint
API.

The maximum 10 10 Yes

number of
DescribeProvisioningTemplate
transactions per
API TPS second (TPS)
that can be
made for the
DescribeProvisioningTemplate
API.

The maximum 10 10 Yes

number of
DescribeProvisioningTemplateVersion
transactions per
API TPS second (TPS)
that can be
made for the
DescribeProvisioningTemplateVersion
API.

The maximum 10 10 Yes

number of
DescribeRoleAlias
transactions per
API TPS second (TPS)
that can be
made for the
DescribeRoleAlias
API.

Version 1.0
324
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 15 15 Yes

number of
DetachPolicy transactions per
API TPS second (TPS) that
can be made for
the DetachPolicy
API.

The maximum 15 15 Yes

number of
DetachPrincipalPolicy
transactions per
API TPS second (TPS)
that can be
made for the
DetachPrincipalPolicy
API.

The maximum 5 5 No
number of
DisableTopicRuletransactions per
API TPS second (TPS)
that can be
made for the
DisableTopicRule
API.

The maximum 5 5 No
number of
EnableTopicRule transactions per
API TPS second (TPS)
that can be
made for the
EnableTopicRule
API.

The maximum 50 50 No
number of
GetEffectivePolicies
transactions per
API TPS second (TPS)
that can be
made for the
GetEffectivePolicies
API.

The maximum 2 2 No
number of
GetLoggingOptions
transactions per
API TPS second (TPS)
that can be
made for the
GetLoggingOptions
API.

Version 1.0
325
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
GetPolicy API transactions per
TPS second (TPS) that
can be made for
the GetPolicy API.

The maximum 15 15 Yes

number of
GetPolicyVersiontransactions per
API TPS second (TPS)
that can be
made for the
GetPolicyVersion
API.

The maximum 10 10 Yes

number of
GetRegistrationCode
transactions per
API TPS second (TPS)
that can be
made for the
GetRegistrationCode
API.

The maximum 500 50 Yes

number of
GetRetainedMessage
transactions per
API TPS second that can
be made for the
GetRetainedMessage
API.

The maximum 200 20 No

number of
GetTopicRule transactions per
API TPS second (TPS) that
can be made for
the GetTopicRule
API.

The maximum 50 5 No
number of
GetTopicRuleDestination
transactions per
API TPS second (TPS)
that can be
made for the
GetTopicRuleDestination
API.

Version 1.0
326
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 2 2 No
number of
GetV2LoggingOptions
transactions per
API TPS second (TPS)
that can be
made for the
GetV2LoggingOptions
API.

The maximum 15 15 Yes

number of
ListAttachedPolicies
transactions per
API TPS second (TPS)
that can be
made for the
ListAttachedPolicies
API.

The maximum 10 10 Yes

number of
ListAuthorizers transactions per
API TPS second (TPS) that
can be made for
the ListAuthorizers
API.

The maximum 10 10 Yes

number of
ListCACertificates
transactions per
API TPS second (TPS)
that can be
made for the
ListCACertificates
API.

The maximum 10 10 Yes

number of
ListCertificatestransactions per
API TPS second (TPS) that
can be made for
the ListCertificates
API.

The maximum 10 10 Yes

number of
ListCertificatesByCA
transactions per
API TPS second (TPS)
that can be
made for the
ListCertificatesByCA
API.

Version 1.0
327
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
ListDomainConfigurations
transactions per
API TPS second (TPS)
that can be
made for the
ListDomainConfigurations
API.

The maximum 10 10 Yes

number of
ListOutgoingCertificates
transactions per
API TPS second (TPS)
that can be
made for the
ListOutgoingCertificates
API.

The maximum 10 10 Yes

number of
ListPolicies transactions per
API TPS second (TPS) that
can be made for
the ListPolicies
API.

The maximum 10 10 Yes

number of
ListPolicyPrincipals
transactions per
API TPS second (TPS)
that can be
made for the
ListPolicyPrincipals
API.

The maximum 10 10 Yes

number of
ListPolicyVersions
transactions per
API TPS second (TPS)
that can be
made for the
ListPolicyVersions
API.

The maximum 15 15 Yes

number of
ListPrincipalPolicies
transactions per
API TPS second (TPS)
that can be
made for the
ListPrincipalPolicies
API.

Version 1.0
328
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
ListProvisioningTemplateVersions
transactions per
API TPS second (TPS)
that can be
made for the
ListProvisioningTemplateVersions
API.

The maximum 10 10 Yes

number of
ListProvisioningTemplates
transactions per
API TPS second (TPS)
that can be
made for the
ListProvisioningTemplates
API.

The maximum 10 10 Yes

number of
ListRetainedMessages
transactions per
API TPS second that can
be made for the
ListRetainedMessages
API.

The maximum 10 10 Yes

number of
ListRoleAliases transactions per
API TPS second (TPS) that
can be made for
the ListRoleAliases
API.

The maximum 10 10 Yes

number of
ListTargetsForPolicy
transactions per
API TPS second (TPS)
that can be
made for the
ListTargetsForPolicy
API.

The maximum 1 1 No
number of
ListTopicRuleDestinations
transactions per
API TPS second (TPS)
that can be
made for the
ListTopicRuleDestinations
API.

Version 1.0
329
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 1 1 No
number of
ListTopicRules transactions per
API TPS second (TPS) that
can be made for
the ListTopicRules
API.

The maximum 2 2 No
number of
ListV2LoggingLevels
transactions per
API TPS second (TPS)
that can be
made for the
ListV2LoggingLevels
API.

The maximum 10 10 Yes

number of
RegisterCACertificate
transactions per
API TPS second (TPS)
that can be
made for the
RegisterCACertificate
API.

The maximum 10 10 Yes

number of
RegisterCertificate
transactions per
API TPS second (TPS)
that can be
made for the
RegisterCertificate
API.

The maximum 10 10 Yes

number of
RegisterCertificateWithoutCA
transactions per
API TPS second (TPS)
that can be
made for the
RegisterCertificateWithoutCA
API.

The maximum 10 10 Yes

number of
RejectCertificateTransfer
transactions per
API TPS second (TPS)
that can be
made for the
RejectCertificateTransfer
API.

Version 1.0
330
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 5 5 No
number of
ReplaceTopicRuletransactions per
API TPS second (TPS)
that can be
made for the
ReplaceTopicRule
API.

The maximum 10 10 Yes

number of
SetDefaultAuthorizer
transactions per
API TPS second (TPS)
that can be
made for the
SetDefaultAuthorizer
API.

The maximum 10 10 Yes

number of
SetDefaultPolicyVersion
transactions per
API TPS second (TPS)
that can be
made for the
SetDefaultPolicyVersion
API.

The maximum 2 2 No
number of
SetLoggingOptions
transactions per
API TPS second (TPS)
that can be
made for the
SetLoggingOptions
API.

The maximum 2 2 No
number of
SetV2LoggingLevel
transactions per
API TPS second (TPS)
that can be
made for the
SetV2LoggingLevel
API.

The maximum 2 2 No
number of
SetV2LoggingOptions
transactions per
API TPS second (TPS)
that can be
made for the
SetV2LoggingOptions
API.

Version 1.0
331
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 No
number of
TestAuthorization
transactions per
API TPS second (TPS)
that can be
made for the
TestAuthorization
API.

The maximum 10 10 No
number of
TestInvokeAuthorizer
transactions per
API TPS second (TPS)
that can be
made for the
TestInvokeAuthorizer
API.

The maximum 10 10 Yes

number of
TransferCertificate
transactions per
API TPS second (TPS)
that can be
made for the
TransferCertificate
API.

The maximum 10 10 Yes

number of
UpdateAuthorizertransactions per
API TPS second (TPS)
that can be
made for the
UpdateAuthorizer
API.

The maximum 10 10 Yes

number of
UpdateCACertificate
transactions per
API TPS second (TPS)
that can be
made for the
UpdateCACertificate
API.

The maximum 10 10 Yes

number of
UpdateCertificate
transactions per
API TPS second (TPS)
that can be
made for the
UpdateCertificate
API.

Version 1.0
332
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
UpdateCertificateMode
transactions per
API TPS second (TPS)
that can be
made for the
UpdateCertificateMode
API.

The maximum 10 10 Yes

number of
UpdateCertificateTag
transactions per
API TPS second (TPS)
that can be
made for the
UpdateCertificateTag
API.

The maximum 10 10 Yes

number of
UpdateDomainConfiguration
transactions per
API TPS second (TPS)
that can be
made for the
UpdateDomainConfiguration
API.

The maximum 10 10 Yes

number of
UpdateProvisioningTemplate
transactions per
API TPS second (TPS)
that can be
made for the
UpdateProvisioningTemplate
API.

The maximum 10 10 Yes

number of
UpdateRoleAlias transactions per
API TPS second (TPS)
that can be
made for the
UpdateRoleAlias
API.

The maximum 5 5 No
number of
UpdateTopicRuleDestination
transactions per
API TPS second (TPS)
that can be
made for the
UpdateTopicRuleDestination
API.

Version 1.0
333
 AWS General Reference Reference guide
Service quotas

*
Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong
Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central),
China (Ningxia)

AWS IoT Core for LoRaWAN limits and quotas

Device data quotas
The following service quotas apply to AWS IoT Core for LoRaWAN device data, which are transmitted
between LoRaWAN devices, gateways, and AWS IoT Core for LoRaWAN.

AWS IoT Wireless devices API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

AssociateWirelessDeviceWithThing
TPS limit for
AssociateWirelessDeviceWithThing

TPS limit for 10 Yes

CreateWirelessDevice
TPS limit for
CreateWirelessDevice

TPS limit for 10 Yes

DeleteWirelessDevice
TPS limit for
DeleteWirelessDevice

TPS limit for 10 Yes

DisassociateWirelessDeviceFromThing
TPS limit for
DisassociateWirelessDeviceFromThing

TPS limit for 10 Yes

GetWirelessDevice
TPS limit for
GetWirelessDevice

TPS limit for 10 No

GetWirelessDeviceStatistics
TPS limit for
GetWirelessDeviceStatistics

TPS limit for 10 Yes

ListWirelessDevices
TPS limit for
ListWirelessDevices

TPS limit for 10 Yes

SendDataToWirelessDevice
TPS limit for
SendDataToWirelessDevice

TPS limit for 10 Yes

TestWirelessDevice
TPS limit for
TestWirelessDevice

Version 1.0
334
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

UpdateWirelessDevice
TPS limit for
UpdateWirelessDevice

AWS IoT Core for LoRaWAN API throttling

The following tables describes the maximum number of transactions per second (TPS) that can be made
to each action in the AWS IoT Wireless API, which includes AWS IoT Core for LoRaWAN and Amazon
Sidewalk Integration.

AWS IoT Wireless gateway API throttling

This table describes the maximum TPS for APIs used with LoRaWAN gateways. The gateways route
messages between LoRaWAN devices and AWS IoT Core for LoRaWAN.

AWS IoT Wireless gateway API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 No

AssociateWirelessGatewayWithCertificate
TPS limit for
AssociateWirelessGatewayWithCertificate

TPS limit for 10 Yes

AssociateWirelessGatewayWithThing
TPS limit for
AssociateWirelessGatewayWithThing

TPS limit for 10 Yes

CreateWirelessGateway
TPS limit for
CreateWirelessGateway

TPS limit for 10 No

CreateWirelessGatewayTask
TPS limit for
CreateWirelessGatewayTask

TPS limit for 10 No

CreateWirelessGatewayTaskDefinition
TPS limit for
CreateWirelessGatewayTaskDefinition

TPS limit for 10 Yes

DeleteWirelessGateway
TPS limit for
DeleteWirelessGateway

TPS limit for 10 No

DeleteWirelessGatewayTask
TPS limit for
DeleteWirelessGatewayTask

TPS limit for 10 No

DeleteWirelessGatewayTaskDefinition

Version 1.0
335
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for
DeleteWirelessGatewayTaskDefinition

TPS limit for 10 No

DisassociateWirelessGatewayFromCertificate
TPS limit for
DisassociateWirelessGatewayFromCertificate

TPS limit for 10 Yes

DisassociateWirelessGatewayFromThing
TPS limit for
DisassociateWirelessGatewayFromThing

TPS limit for 10 Yes

GetWirelessGateway
TPS limit for
GetWirelessGateway

TPS limit for 10 No

GetWirelessGatewayCertificate
TPS limit for
GetWirelessGatewayCertificate

TPS limit for 10 No

GetWirelessGatewayFirmwareInformation
TPS limit for
GetWirelessGatewayFirmwareInformation

TPS limit for 10 No

GetWirelessGatewayStatistics
TPS limit for
GetWirelessGatewayStatistics

TPS limit for 10 No

GetWirelessGatewayTask
TPS limit for
GetWirelessGatewayTask

TPS limit for 10 No

GetWirelessGatewayTaskDefinition
TPS limit for
GetWirelessGatewayTaskDefinition

TPS limit for 10 No

ListWirelessGatewayTaskDefinitions
TPS limit for
ListWirelessGatewayTaskDefinitions

TPS limit for 10 Yes

ListWirelessGateways
TPS limit for
ListWirelessGateways

TPS limit for 10 Yes

UpdateWirelessGateway
TPS limit for
UpdateWirelessGateway

Version 1.0
336
 AWS General Reference Reference guide
Service quotas

LoRaWAN devices API throttling

This table describes the maximum TPS for APIs used with LoRaWAN devices.

AWS IoT Wireless devices API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

AssociateWirelessDeviceWithThing
TPS limit for
AssociateWirelessDeviceWithThing

TPS limit for 10 Yes

CreateWirelessDevice
TPS limit for
CreateWirelessDevice

TPS limit for 10 Yes

DeleteWirelessDevice
TPS limit for
DeleteWirelessDevice

TPS limit for 10 Yes

DisassociateWirelessDeviceFromThing
TPS limit for
DisassociateWirelessDeviceFromThing

TPS limit for 10 Yes

GetWirelessDevice
TPS limit for
GetWirelessDevice

TPS limit for 10 No

GetWirelessDeviceStatistics
TPS limit for
GetWirelessDeviceStatistics

TPS limit for 10 Yes

ListWirelessDevices
TPS limit for
ListWirelessDevices

TPS limit for 10 Yes

SendDataToWirelessDevice
TPS limit for
SendDataToWirelessDevice

TPS limit for 10 Yes

TestWirelessDevice
TPS limit for
TestWirelessDevice

TPS limit for 10 Yes

UpdateWirelessDevice
TPS limit for
UpdateWirelessDevice

Device Profiles and destination API throttling

Version 1.0
337
 AWS General Reference Reference guide
Service quotas

This table describes device profiles and service profiles and destinations that can route messages to
other AWS services.

AWS IoT Wireless device profiles and destination API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

CreateDestination
TPS limit for
CreateDestination

TPS limit for 10 Yes

CreateDeviceProfile
TPS limit for
CreateDeviceProfile

TPS limit for 10 Yes

CreateServiceProfile
TPS limit for
CreateServiceProfile

TPS limit for 10 Yes

DeleteDestination
TPS limit for
DeleteDestination

TPS limit for 10 Yes

DeleteDeviceProfile
TPS limit for
DeleteDeviceProfile

TPS limit for 10 Yes

DeleteServiceProfile
TPS limit for
DeleteServiceProfile

TPS limit for 10 Yes

GetDestination
TPS limit for
GetDestination

TPS limit for 10 Yes

GetDeviceProfile
TPS limit for
GetDeviceProfile

TPS limit for 10 Yes

GetServiceProfile
TPS limit for
GetServiceProfile

TPS limit for 10 Yes

ListDestinations
TPS limit for
ListDestinations

TPS limit for 10 Yes

ListDeviceProfiles
TPS limit for
ListDeviceProfiles

Version 1.0
338
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

ListServiceProfiles
TPS limit for
ListServiceProfiles

TPS limit for 10 Yes

UpdateDestination
TPS limit for
UpdateDestination

Sidewalk and logging API throttling

This table describes the maximum TPS for Amazon Sidewalk APIs and APIs that are used for log levels
based on resource types.

AWS IoT Wireless Sidewalk and logging API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

AssociateAwsAccountWithPartnerAccount
TPS limit for
AssociateAwsAccountWithPartnerAccount

TPS limit for 10 Yes

GetLogLevelsByResourceTypes
TPS limit for
GetLogLevelsByResourceTypes

TPS limit for 10 Yes

GetPartnerAccount
TPS limit for
GetPartnerAccount

TPS limit for 10 Yes

GetResourceLogLevel
TPS limit for
GetResourceLogLevel

TPS limit for 10 Yes

ListPartnerAccounts
TPS limit for
ListPartnerAccounts

TPS limit for 10 Yes

PutResourceLogLevel
TPS limit for
PutResourceLogLevel

TPS limit for 10 Yes

ResetAllResourceLogLevels
TPS limit for
ResetAllResourceLogLevels

TPS limit for 10 Yes

ResetResourceLogLevel
TPS limit for
ResetResourceLogLevel

Version 1.0
339
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

UpdateLogLevelsByResourceTypes
TPS limit for
UpdateLogLevelsByResourceTypes

TPS limit for 10 Yes

UpdatePartnerAccount
TPS limit for
UpdatePartnerAccount

Tagging and GetServiceEndpoint API throttling

This table describes the maximum TPS for the GetServiceEndpoint API and APIs used for tagging
resources.

AWS IoT Wireless tagging and GetServiceEndpoint API throttling

Limit display name Description Default value Adjustable

TPS limit for 10 No

GetServiceEndpoint
TPS limit for
GetServiceEndpoint

TPS limit for 10 Yes

ListTagsForResource
TPS limit for
ListTagsForResource

TPS limit for 10 Yes

TagResource
TPS limit for
TagResource

TPS limit for 10 Yes

UntagResource
TPS limit for
UntagResource

Additional AWS IoT Wireless API limits

AWS IoT Wireless limits and quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

AssociateMulticastGroupWithFuotaTask
TPS limit for
AssociateMulticastGroupWithFuotaTask

TPS limit for 10 Yes

AssociateWirelessDeviceWithFuotaTask
TPS limit for
AssociateWirelessDeviceWithFuotaTask

TPS limit for 10 Yes

AssociateWirelessDeviceWithMulticastGroup

Version 1.0
340
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for
AssociateWirelessDeviceWithMulticastGroup

TPS limit for 10 Yes

CancelMulticastGroupSession
TPS limit for
CancelMulticastGroupSession

TPS limit for 10 Yes

CreateFuotaTask
TPS limit for
CreateFuotaTask

TPS limit for 10 Yes

CreateMulticastGroup
TPS limit for
CreateMulticastGroup

TPS limit for 10 Yes

DeleteFuotaTask
TPS limit for
DeleteFuotaTask

TPS limit for 10 Yes

DeleteMulticastGroup
TPS limit for
DeleteMulticastGroup

TPS limit for 10 Yes

DeleteQueuedMessages
TPS limit for
DeleteQueuedMessages

TPS limit for 10 Yes

DisassociateAwsAccountFromPartnerAccount
TPS limit for
DisassociateAwsAccountFromPartnerAccount

TPS limit for 10 Yes

DisassociateMulticastGroupFromFuotaTask
TPS limit for
DisassociateMulticastGroupFromFuotaTask

TPS limit for 10 Yes

DisassociateWirelessDeviceFromFuotaTask
TPS limit for
DisassociateWirelessDeviceFromFuotaTask

TPS limit for 10 Yes

DisassociateWirelessDeviceFromMulticastGroup
TPS limit for
DisassociateWirelessDeviceFromMulticastGroup

TPS limit for 10 Yes

GetFuotaTask
TPS limit for
GetFuotaTask

Version 1.0
341
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

GetMulticastGroup
TPS limit for
GetMulticastGroup

TPS limit for 10 Yes

GetMulticastGroupSession
TPS limit for
GetMulticastGroupSession

TPS limit for 10 Yes

GetNetworkAnalyzerConfiguration
TPS limit for
GetNetworkAnalyzerConfiguration

TPS limit for 10 Yes

GetResourceEventConfiguration
TPS limit for
GetResourceEventConfiguration

TPS limit for 10 Yes

ListFuotaTasks
TPS limit for
ListFuotaTasks

TPS limit for 10 Yes

ListMulticastGroups
TPS limit for
ListMulticastGroups

TPS limit for 10 Yes

ListMulticastGroupsByFuotaTask
TPS limit for
ListMulticastGroupsByFuotaTask

TPS limit for 10 Yes

ListQueuedMessages
TPS limit for
ListQueuedMessages

TPS limit for 10 Yes

SendDataToMulticastGroup
TPS limit for
SendDataToMulticastGroup

TPS limit for 10 Yes

StartBulkAssociateWirelessDeviceWithMulticastGroup
TPS limit for
StartBulkAssociateWirelessDeviceWithMulticastGroup

TPS limit for 10 Yes

StartBulkDisassociateWirelessDeviceFromMulticastGroup
TPS limit for
StartBulkDisassociateWirelessDeviceFromMulticastGroup

TPS limit for 10 Yes

StartFuotaTask
TPS limit for
StartFuotaTask

Version 1.0
342
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

TPS limit for 10 Yes

StartMulticastGroupSession
TPS limit for
StartMulticastGroupSession

TPS limit for 10 Yes

StartNetworkAnalyzerStream
TPS limit for
StartNetworkAnalyzerStream

TPS limit for 10 Yes

UpdateFuotaTask
TPS limit for
UpdateFuotaTask

TPS limit for 10 Yes

UpdateMulticastGroup
TPS limit for
UpdateMulticastGroup

TPS limit for 10 Yes

UpdateNetworkAnalyzerConfiguration
TPS limit for
UpdateNetworkAnalyzerConfiguration

TPS limit for 10 Yes

UpdateResourceEventConfiguration
TPS limit for
UpdateResourceEventConfiguration

AWS IoT Core Device Shadow service limits and quotas

AWS IoT Core Device Shadow actions

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

Number of 4000 400 Yes

device shadow
Device Shadow API requests
API requests/ per second per
second per account. This value
account is adjustable and
subject to per-
account quotas,
depending on the
region.

The maximum 5 5 No
number of levels
Maximum depth in the desired or
of JSON reported section
device state of the JSON device
documents state document is
5.

Version 1.0
343
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The Device 10 10 No
Shadow service
Maximum number supports up
of in-flight, to 10 in-flight
unacknowledged unacknowledged
messages per messages per
thing thing on a single
connection. When
this quota is
reached, all new
shadow requests
are rejected
with a 429 error
code until the
number of in-
flight requests
drop below the
limit.

Maximum size of 64 Bytes 64 Bytes No

a thing shadow
Maximum shadow name, which
name size is 64 bytes of
UTF-8 encoded
characters.

Each individual 8 Kilobytes 8 Kilobytes Yes

shadow document
Maximum size must be 8KB
of a JSON or less in size.
state document Metadata doesn't
contribute to the
document size for
service quotas or
pricing.

Maximum size of a 128 Bytes 128 Bytes No

thing name, which
Maximum thing is 128 bytes of
name size UTF-8 encoded
characters.

The Device 20 20 No
Shadow service
Requests per supports up to
second per 20 requests per
thing second per thing.
This quota is per
thing, not per API.

*
Select AWS Regions: Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), South America (São
Paulo), Canada (Central), Middle East (Bahrain), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud
(US-West)

Version 1.0
344
 AWS General Reference Reference guide
Service quotas

The levels in the desired and reported sections of the Device Shadow's JSON state document are
counted as shown here for the desired object.

"desired": {
"one": {
"two": {
"three": {
"four": {
"five":{
}
}
}
}
}
}

Note
AWS IoT Core deletes a Device Shadow document after the creating account is deleted or upon
customer request. For operational purposes, AWS IoT service backups are retained for 6 months.

AWS IoT Core Fleet Provisioning limits and quotas

Following are throttling limits for some fleet provisioning APIs per AWS account.

AWS IoT Core fleet provisioning limits and quotas

Limit display name Description Default value Adjustable

The maximum number 100 Yes

of transactions per
Fleet Provisioning second (TPS) that
CreateCertificateFromCsr
can be made for the
MQTT API TPS Fleet Provisioning
CreateCertificateFromCsr
MQTT API.

The maximum number 10 Yes

of transactions per
Fleet Provisioning second (TPS) that
CreateKeysAndCertificate
can be made for the
MQTT API TPS Fleet Provisioning
CreateKeysAndCertificate
MQTT API.

The maximum number 10 Yes

of transactions per
Fleet Provisioning second (TPS) that
RegisterThing MQTT can be made for the
API TPS Fleet Provisioning
RegisterThing MQTT
API.

Fleet provisioning also has these limits, which can't be changed.

Resource Description Limit

Versions per fleet The maximum number 5

provisioning template of versions that a

Version 1.0
345
 AWS General Reference Reference guide
Service quotas

Resource Description Limit

fleet provisioning
template can have.
Each template version
has a version ID and
a creation date for
devices that connect
to AWS IoT using fleet
previsioning.

Fleet provisioning The maximum number 256

templates per customer of fleet provisioning
templates per
customer. Use fleet
provisioning templates
to generate certificates
and private keys for
your devices to securely
connect to AWS IoT.

Fleet provisioning The maximum size of 10 Kilobytes

template size a fleet provisioning
template in Kilobytes.
Fleet provisioning
templates allow you to
generate certificates
and private keys for
your devices to securely
connect to AWS IoT.

AWS IoT Core message broker and protocol limits and quotas
AWS IoT Core message broker limits and quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

Size of the client 128 Bytes 128 Bytes No

ID, which is
Client ID size 128 bytes of
UTF-8 encoded
characters.

The maximum 500 100 Yes

number of
Connect MQTT CONNECT
requests per requests per
second per second per
account account.

AWS IoT Core 1 1 No

restricts MQTT
Connect CONNECT
requests per requests from the
same accountId

Version 1.0
346
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions
second per and clientId to 1
client ID MQTT CONNECT
operation per
second.

The default keep- 1200 Seconds 1200 Seconds No

alive interval is
Connection 1200 seconds. It
inactivity is used when a
(keep-alive client requests
interval) a keep-alive
interval of zero. If
a client requests
an interval >
1200 seconds, the
default interval
is used. If a client
requests a keep-
alive interval
< 30 seconds
but > zero, the
server treats the
client as though it
requested a keep-
alive interval of 30
seconds.

Inbound publish 20000 2000 Yes

requests counts
Inbound all messages that
publish IoT Core processes
requests per before routing
second per them to the clients
account or rules engine. Ex:
A single message
published on
reserved topic
can result in
publishing
3 additional
messages for
shadow update,
documents and
delta, hence
counted as 4
requests; whereas
on an unreserved
topic like a/b
is counted as 1
request.

Version 1.0
347
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 500000 100000 Yes

number of
Maximum concurrent
concurrent connections
client allowed per
connections account.
per account

AWS IoT Core 100 100 No

restricts the
Maximum number of
inbound unacknowledged
unacknowledged inbound publish
QoS 1 publish requests per
requests client. When this
quota is reached,
no new publish
requests are
accepted from
this client until a
PUBACK message
is returned by the
server.

The number of 5000 500 Yes

stored retained
Maximum number messages per
of retained [Link] this
messages per limit is reached,
account no new retained
messages are
stored for this
account and
all retained
publishes with
payloads greater
than 0 bytes are
throttled.

A topic in a 7 7 No
publish or
Maximum number subscribe request
of slashes can have no more
in topic and than 7 forward
topic filter slashes (/). This
excludes the
first 3 slashes in
the mandatory
segments for
Basic Ingest topics
($AWS/rules/rule-
name/).

Version 1.0
348
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

AWS IoT Core 100 100 No

restricts the
Maximum number of
outbound unacknowledged
unacknowledged outbound publish
QoS 1 publish requests per
requests client. When this
quota is reached,
no new publish
requests are
sent to the client
until the client
acknowledges the
publish requests.

AWS IoT Core 3600 Seconds 3600 Seconds No

retries delivery of
Maximum retry unacknowledged
interval for quality of service
delivering QoS 1 (QoS 1) publish
1 messages requests to a
client for up to
one hour. If AWS
IoT Core does not
receive a PUBACK
message from the
client after one
hour, it drops the
publish requests.

A single 8 8 No
SUBSCRIBE
Maximum request has
subscriptions a quota of 8
per subscribe subscriptions.
request

The payload for 128 Kilobytes 128 Kilobytes No

every publish
Message size request can be no
larger than 128
KB. AWS IoT Core
rejects publish and
connect requests
larger than this
size.

Version 1.0
349
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

Outbound publish 20000 2000 Yes

requests count
Outbound for every message
publish that resulted in
requests per matching a client's
second per subscription. For
account example, 2 clients
are subscribed
to topic filter a/
b. An inbound
publish request on
topic a/b results
in a total of 2
outbound publish
requests.

The duration 3600 Seconds 3600 Seconds Yes

for which the
Persistent message broker
session expiry stores an MQTT
period persistent session.
The expiry period
begins when the
message broker
detects the session
has become
disconnected.
After the expiry
period has
elapsed, the
message broker
terminates the
session and
discards any
associated queued
messages. You can
adjust this to a
value from 1 hour
to 7 days.

Version 1.0
350
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

AWS IoT Core 100 100 No

restricts each
Publish client connection
requests per to a maximum
second per number of
connection inbound and
outbound publish
requests per
second. This
limit includes
messages sent to
offline persistent
session. Publish
requests that
exceed that quota
are discarded.

AWS IoT Core 500 500 Yes

restricts an
Queued account to
messages per a maximum
second per number of queued
account messages per
second per
account. This limit
applies when AWS
IoT Core stores the
messages send to
offline persistent
sessions.

The maximum 500 50 Yes

rate that AWS
Retained IoT Core can
message accept inbound
inbound publish requests
publish of MQTT messages
requests per with the RETAIN
second per flag [Link]
account rate includes all
inbound publish
requests whether
invoked by the
HTTP or MQTT
protocol.

Version 1.0
351
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

MQTT/HTTP 1 1 No
publish requests
Retained with RETAIN flag
message set made to the
inbound same topic per
publish second.
requests per
second per
topic

AWS IoT Core 500000 100000 Yes

restricts an
Subscriptions account to a
per account maximum number
of subscriptions
across all active
connections.

AWS IoT Core 50 50 No

supports 50
Subscriptions subscriptions per
per connection connection. AWS
IoT Core might
reject subscription
requests on the
same connection
in excess of this
amount and the
connection is
closed. Clients
should validate
the SUBACK
message to
ensure that their
subscription
requests have
been successfully
processed.

Version 1.0
352
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

AWS IoT Core 500 200 Yes

restricts an
Subscriptions account to a
per second per maximum number
account of subscriptions
per second.
For example,
if there are 2
MQTT SUBSCRIBE
requests sent
within a second,
each with 3
subscriptions
(topic filters),
AWS IoT Core
counts those as 6
subscriptions.

Data received 512 Kilobytes 512 Kilobytes No

or sent over a
Throughput client connection
per second per is processed
connection at a maximum
throughput rate.
Data that exceeds
the maximum
throughput
is delayed in
processing.

The topic passed 256 Bytes 256 Bytes No

to AWS IoT Core
Topic size when sending a
publish request
can be no larger
than 256 bytes of
UTF-8 encoded
characters. This
excludes the first
3 mandatory
segments for
Basic Ingest topics
($AWS/rules/rule-
name/).

Version 1.0
353
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The WebSocket 86400 Seconds 86400 Seconds No

connection
WebSocket lifetime is 24
connection hours. If the
duration lifetime is
exceeded, The
WebSocket
connection will be
closed.

*
Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong
Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central),
China (Ningxia)

AWS IoT Core protocol-related limits and quotas

These limits are now found in the section called “AWS IoT Core message broker and protocol limits and
quotas” (p. 346).

AWS IoT Core credential provider limits and quotas

AWS IoT Core credential limits and quotas

Limit display name Description Default value Adjustable

The maximum number 100 Yes

of transactions per
AssumeRoleWithCertificate
second (TPS) that
API TPS can be made for the
AssumeRoleWithCertificate
API.

The maximum number 50 Yes

of transactions per
AssumeRoleWithCertificate
second (TPS) that
API TPS can be made for the
AssumeRoleWithCertificate
API.

Maximum number 100 No

of AWS IoT Core role
Maximum number of aliases registered in
AWS IoT Core role your AWS account.
aliases AWS IoT role alias
allows connected
devices to authenticate
to AWS IoT using
X.509 certificates and
obtain short-lived AWS
credentials from an IAM
role that is associated
with the role alias.

Version 1.0
354
 AWS General Reference Reference guide
Service quotas

Note
Large Region limits apply to AWS Regions: US East (N. Virginia), US West (Oregon), and Europe
(Ireland)

AWS IoT Core security and identity limits and quotas

AWS IoT Core security and identity limits and quotas

Limit display name Description Default value Adjustable

Configurable endpoints: 10 Yes

maximum number of
Configurable domain configurations
endpoints: maximum per account
number of domain
configurations per
account

Custom authentication: 10 No
maximum number
Custom of authorizers that
authentication: can be registered to
maximum number of your AWS account.
authorizers per Authorizers have a
account lambda function that
implements custom
authentication and
authorization.

The maximum number 10 No

of CA certificates
Maximum number of with the same subject
CA certificates field allowed per AWS
with the same account per region. If
subject field you have more than
allowed per AWS one CA certificate with
account per Region the same subject field,
you must specify the
CA certificate that
was used to sign the
device certificate being
registered.

The maximum number 15 Yes

of device certificates
Maximum number that can be registered
of device per second. You can
certificates that select up to 15 files to
can be registered register.
per second

Maximum number of 10 Yes

domain configurations
Maximum number per AWS account per
of domain AWS Region.
configurations per
account per region

Version 1.0
355
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

Maximum number 5 No
of fleet provisioning
Maximum number of template versions
fleet provisioning per template. Each
template versions template version
per template has a version ID and
a creation date for
devices connecting to
AWS IoT using fleet
previsioning.

Maximum number 256 No

of fleet provisioning
Maximum number of templates per
fleet provisioning customer. Use fleet
templates per provisioning templates
customer to generate certificates
and private keys for
your devices to securely
connect to AWS IoT.

The maximum number 5 No

of named policy
Maximum number versions. A managed
of named policy AWS IoT policy can
versions have up to five versions.
To update a policy,
create a new policy
version. If the policy
has five versions, you
must delete an existing
version before creating
a new one.

The maximum number 10 No

of policies that can
Maximum number be attached to a
of policies that client certificate or
can be attached an Amazon Cognito
to a certificate identity, which is
or Amazon Cognito 10. Amazon Cognito
identity identity enables you
to create temporary,
limited-privilege AWS
credentials for use
in mobile and web
applications.

Version 1.0
356
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 10 No

of provisioning claims
Maximum number that can be generated
of provisioning per second by a trusted
claims that can user. A trusted user
be generated per can be an end user or
second by trusted installation technician
user who uses a mobile app
or web application to
configure the device in
its deployed location.

The maximum 2048 No

size of the policy
Maximum policy document, which
document size is 2048 characters
excluding white spaces.

Maximum size of fleet 10 Kilobytes No

provisioning templates
Maximum size of in Kilobytes. Fleet
fleet provisioning provisioning templates
template allow you to generate
certificates and private
keys for your devices
to securely connect to
AWS IoT.

Additional AWS IoT Core security limits

Resource Description Default Adjustable

Maximum number of When you're providing the server 4 No

domain names per certificates for AWS IoT custom domain
server certificate configuration, certificates can have a
maximum of four domain names.

Custom authentication: The Lambda function of a custom 300 No

minimum connection authorizer uses a DisconnectAfterInSeconds
duration (value of parameter to indicate the maximum
DisconnectAfterInSecs) duration (in seconds) of the connection to
the AWS IoT Core gateway. The connection
is terminated if it exceeds this value.

Custom authentication: The maximum duration (in seconds) 86,400 No

maximum connection of the connection to the AWS IoT
duration (value of Core gateway, defined by the value of
DisconnectAfterInSecs) DisconnectAfterInSecs.

Custom authentication: The Lambda function of a 300 No

minimum policy custom authorizer uses a
refresh rate (value of RefreshAfterInSeconds parameter to
RefreshAfterInSecs) indicate the interval (in seconds) between
policy refreshes when connected to the
AWS IoT Core gateway. When this interval

Version 1.0
357
 AWS General Reference Reference guide
Service quotas

Resource Description Default Adjustable

passes, AWS IoT Core invokes the Lambda
function to allow for policy refreshes.

Custom authentication: The maximum time interval between policy 86,400 No

maximum policy refreshes when connected to the AWS
refresh rate (value of IoT Core gateway, defined by the value of
RefreshAfterInSecs) RefreshAfterInSeconds.

MQTT-based File Delivery

MQTT-based File Delivery Resource Quotas

Resource Description Default Adjustable

Streams per account The maximum number of streams per 10,000* No

account.

Files per stream The maximum number of files per stream. 10 No

File size The maximum file size (in MB). 24 MB No

Maximum data block The maximum data block size. 128 KB No

size

Minimum data block size The minimum data block size. 256 bytes No

Maximum block offset The maximum block offset specified in a 98,304 No

specified in a stream file stream file request.
request

Maximum blocks that The maximum number of blocks that can be 98,304 No
can be requested per requested per stream file request.
stream file request

Maximum block bitmap The maximum block bitmap size. 12,288 No

size bytes

* For additional information, see Using AWS IoT MQTT-based file delivery in devices in the AWS IoT
Developer Guide.

MQTT-based File Delivery Throttling

API Transactions Per Second

CreateStream 15 TPS

DeleteStream 15 TPS

DescribeStream 15 TPS

ListStreams 15 TPS

UpdateStream 15 TPS

Version 1.0
358
 AWS General Reference Reference guide
Service quotas

AWS IoT Core Device Advisor limits and quotas

AWS IoT Core Device Advisor limits and quotas

Limit display name Description Default value Adjustable

The maximum number 1 No

of test devices that
Concurrently can be concurrently
connected devices connected per test suite
run.

The maximum number 1 No

of suites an AWS
Concurrently account can run
running test concurrently.
suites

The maximum number 5 No

of connections to an
Connections per account-specific test
test endpoint endpoint.

The maximum number 5 No

of MQTT Connect
MQTT CONNECT requests sent from a
requests per test device per second
account per account.

The maximum number 1 No

of MQTT Connect
MQTT CONNECT requests sent from a
requests per test device per second
client ID per client ID.

The maximum number 1 No

of CreateSuiteDefinition
Rate of API requests you can
CreateSuiteDefinition
make per second.
API requests

The maximum number 10 No

of DeleteSuiteDefinition
Rate of API requests you can
DeleteSuiteDefinition
make per second.
API requests

The maximum number 10 No

of GetSuiteDefinition
Rate of API requests you can
GetSuiteDefinition make per second.
API requests

The maximum number 10 No

of GetSuiteRun API
Rate of requests you can make
GetSuiteRun API per second.
requests

Version 1.0
359
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 10 No

of GetSuiteRunReport
Rate of API requests you can
GetSuiteRunReport make per second.
API requests

The maximum number 10 No

of ListSuiteDefinitions
Rate of API requests you can
ListSuiteDefinitionsmake per second.
API requests

The maximum number 10 No

of ListSuiteRuns API
Rate of requests you can make
ListSuiteRuns API per second.
requests

The maximum number 10 No

of ListTagsForResource
Rate of API requests you can
ListTagsForResource make per second.
API requests

The maximum number 10 No

of ListTestCases API
Rate of requests you can make
ListTestCases API per second.
requests

The maximum number 1 No

of StartSuiteRun API
Rate of requests you can make
StartSuiteRun API per second.
requests

The maximum number 10 No

of TagResource API
Rate of requests you can make
TagResource API per second.
requests

The maximum number 10 No

of UntagResource API
Rate of requests you can make
UntagResource API per second.
requests

The maximum 10 No
number of
Rate of UpdateSuiteDefinition
UpdateSuiteDefinition
API requests you can
API requests make per second.

The maximum time 10800 Seconds No

until a test case fails if
Test case not completed.
execution time

Version 1.0
360
 AWS General Reference Reference guide
AWS IoT Device Defender

Limit display name Description Default value Adjustable

The maximum number 50 No

of test cases in one test
Test cases per suite.
test suite

AWS IoT Device Defender endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
361
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
AWS IoT Device Defender audits limits and quotas

Limit display name Description Default value Adjustable

The maximum number 5 No

of scheduled audits.
Scheduled audits

The maximum number 10 No

of simultaneous in
Simultaneous in progress on-demand
progress on-demand audits.
audits

The maximum time, in 90 No

days, that audit findings
Storage duration are stored after being
for audit findings reported.

Version 1.0
362
 AWS General Reference Reference guide
Service quotas

The following service quotas apply to mitigation actions and audit mitigation action tasks:

AWS IoT Device Defender mitigation limits and quotas

Limit display name Description Default value Adjustable

The maximum number 100 No

of mitigation actions.
Mitigation actions

Audit mitigation action limits

Resource Limit

Number of audit mitigation action tasks running 10 tasks

at the same time

Retention period for audit mitigation action tasks 90 days

AWS IoT Device Defender detect limits and quotas

Limit display name Description Default value Adjustable

The maximum number 1000 No

of behavior metric
Behavior metric value elements (counts,
value elements IP addresses, ports) for
for each security each security profile.
profile

The maximum number 100 No

of behaviors for each
Behaviors for each security profile
security profile

The maximum number 100 Yes

of detect custom
Custom metrics metrics.

The minimum time, in 300 Seconds Yes

seconds, that a device
Device metric must wait between
minimum delay sending metric reports.

The maximum number 3500 Yes

of device-side metric
Device metric peak reports that can be
reporting rate for sent, per second,
an account from all devices in an
account.

The maximum number 10 No

of detect metric
Metric dimensions dimensions.

The maximum number 5 No

of security profiles
Security profiles
for each target

Version 1.0
363
 AWS General Reference Reference guide
AWS IoT Device Management

Limit display name Description Default value Adjustable

for each target (thing
group or user account).

The maximum time, 14 No

in days, that detect
Storage duration metrics are stored after
for detect metrics being ingested.

The maximum time, 30 No

in days, that detect
Storage duration violations are stored
for detect after being generated.
violations

ML Detect limits

Resource Quota Adjustable

Number of Detect mitigation 5 maximum Yes

action tasks that can be running
at the same time

Retention period for Detect 90 days maximum Yes

mitigation action tasks

Retention period for models 30 days maximum No

(time after which models are
expired)

AWS IoT Device Management endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Topics
• AWS IoT Core - control plane endpoints (p. 365)
• AWS IoT Core - data plane endpoints (p. 366)
• AWS IoT Device Management - jobs data endpoints (p. 368)
• AWS IoT Device Management - secure tunneling endpoints (p. 370)
• AWS IoT FIPS endpoints (p. 373)

Version 1.0
364
 AWS General Reference Reference guide
Service endpoints

AWS IoT Core - control plane endpoints

The following table contains AWS Region-specific endpoints for AWS IoT Core - control plane operations.
For information about the operations supported by the AWS IoT Core - control plane endpoints, see AWS
IoT operations in the AWS IoT API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
iot-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
iot-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) iot-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
iot-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
iot-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
365
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) iot-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) iot-fi[Link] HTTPS

AWS IoT Core - data plane endpoints

The AWS IoT Core - data plane endpoints are specific to each AWS account and AWS Region. To find the
AWS IoT Core - data plane endpoint for your AWS account and AWS Region, use the describe-endpoint
CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Data-ATS

This command returns your Data Plane API endpoint in the following format:

[Link]

For information about the actions supported by the AWS IoT Core - data plane endpoints, see AWS IoT
data plane operations in the AWS IoT API Reference.

The following table contains generic representations of the AWS account-specific endpoints for each
AWS Region that AWS IoT Core supports. In the Endpoint column, the account-specific-prefix
from your Account-specific endpoint replaces data shown in the generic endpoint representation.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

Version 1.0
366
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
[Link]-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
367
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link]-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link] HTTPS

AWS IoT Device Management - jobs data endpoints

The AWS IoT Device Management - jobs data endpoints are specific to each AWS account and AWS
Region. To find the AWS IoT Device Management - jobs data endpoint for your AWS account and AWS
Region, use the describe-endpoint CLI command shown here, or the DescribeEndpoint REST API.

aws iot describe-endpoint --endpoint-type iot:Jobs

This command returns your Jobs data plane API endpoint in the following format:

[Link].

For information about the actions supported by the AWS IoT Device Management - jobs dat endpoints,
see AWS IoT jobs data plane operations in the AWS IoT API Reference.

The following table contains AWS Region-specific endpoints that AWS IoT Core supports for job data
operations. In the Endpoint column, the account-specific-prefix from your Account-specific
endpoint replaces prefix shown in the generic endpoint representation.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
368
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

China cn-north-1 [Link] HTTPS

(Beijing)

China cn- [Link]- HTTPS

(Ningxia) northwest-1 [Link]

Europe eu- [Link] HTTPS

(Frankfurt)) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
369
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

AWS IoT Device Management - secure tunneling endpoints

AWS IoT supports additional endpoints for secure tunneling.

Secure Tunneling Management APIs Endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
370
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1
[Link]-fi[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link]-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link]-fi[Link]-gov- HTTPS
[Link]

Secure Tunneling Device Connection Endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link] HTTPS

[Link]

US East (N. us-east-1 [Link] HTTPS

Virginia) [Link]

US West (N. us-west-1 [Link] HTTPS

California) [Link]

US West us-west-2 [Link] HTTPS

(Oregon) [Link]

Version 1.0
371
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-south-1 [Link] HTTPS

(Mumbai) [Link]

Asia Pacific ap-northeast-2 [Link] HTTPS

(Seoul) [Link]

Asia Pacific ap-southeast-1 [Link] HTTPS

(Singapore) [Link]

Asia Pacific ap-southeast-2 [Link] HTTPS

(Sydney) [Link]

Asia Pacific ap-northeast-1 [Link] HTTPS

(Tokyo) [Link]

Asia Pacific ap-east-1 [Link] HTTPS

(Hong Kong) [Link]

Canada ca-central-1 [Link] HTTPS

(Central) [Link]

China (Beijing) cn-north-1 [Link] HTTPS

[Link]

China (Ningxia) cn- [Link] HTTPS

northwest-1 [Link]

Europe eu-central-1 [Link] HTTPS

(Frankfurt) [Link]

Europe eu-west-1 [Link] HTTPS

(Ireland) [Link]

Europe eu-west-2 [Link] HTTPS

(London) [Link]

Europe (Paris) eu-west-3 [Link] HTTPS

[Link]

Europe eu-north-1 [Link] HTTPS

(Stockholm) [Link]

South America sa-east-1 [Link] HTTPS

(São Paulo) [Link]

Middle East me-south-1 [Link] HTTPS

(Bahrain) [Link]

AWS GovCloud us-gov-east-1 [Link] HTTPS

(US-East) [Link]

AWS GovCloud us-gov-west-1 [Link] HTTPS

(US-West) [Link]

Version 1.0
372
 AWS General Reference Reference guide
Service quotas

AWS IoT FIPS endpoints

AWS IoT provides endpoints that support the Federal Information Processing Standard (FIPS) 140-2.
Choose the appropriate FIPS compliant endpoint to access AWS IoT features in your AWS Region from
FIPS Endpoints by Service. For more information about the FIPs endpoints provided by AWS IoT, see
Connecting to AWS IoT FIPS endpoints.

Service quotas
Contents
• AWS IoT Core thing resource limits and quotas (p. 373)
• AWS IoT Core thing group resource limits and quotas (p. 374)
• AWS IoT Core bulk thing registration limits and quotas (p. 375)
• AWS IoT Core billing group restrictions (p. 376)
• AWS IoT Device Management API action limits (p. 376)
• AWS IoT Fleet Indexing (p. 383)
• AWS IoT Jobs (p. 385)
• AWS IoT Secure Tunneling (p. 389)
• Fleet Hub for AWS IoT Device Management (p. 391)

AWS IoT Core thing resource limits and quotas

AWS IoT Core thing limits and quotas

Limit display name Description Default value Adjustable

Maximum number of 50 Yes

thing attributes for
Maximum number of a thing with a thing
thing attributes type. Thing types are
for a thing with a optional and make
thing type it easier to discover
things. Things with a
thing type can have up
to 50 attributes.

Maximum number of 3 No
thing attributes for a
Maximum number of thing without a thing
thing attributes type. Things without a
for a thing thing type can have up
without a thing to three attributes.
type

Maximum size of a 128 Bytes No

thing name, which is
Maximum thing name 128 bytes of UTF-8
size encoded characters.

Number of thing types 1 No

that can be associated
Number of thing with a thing, which can
types that can be

Version 1.0
373
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

associated with a be zero or one. Thing
thing types are optional and
their use makes it easier
to discover things.

The size of thing 47 Kilobytes Yes

attributes per thing,
Size of thing which is 47 kilobytes.
attributes per Thing attributes
thing are optional name-
value pairs that store
information about the
thing, which makes
their use easier to
discover things.

Note

Thing types

The number of thing types that can be defined in an AWS account is not [Link] types
allow you to store description and configuration information that is common to all things
associated with the same thing type.

AWS IoT Core thing group resource limits and quotas

AWS IoT Core thing group limits and quotas

Limit display name Description Default value Adjustable

The maximum depth 7 No

of a hierarchy of thing
Maximum depth groups. When you build
of a thing group a hierarchy of groups,
hierarchy the policy attached
to the parent group is
inherited by its child
group, and by all the
things in the group
and its child groups.
This makes it easier to
manage permissions for
large number of things.

Maximum number of 50 No
attributes associated
Maximum number with a thing group.
of attributes Attributes are name-
associated with a value pairs you can use
thing group to store information
about a group. You can
add, delete, or update
the attributes of a
group.

Version 1.0
374
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 100 No

of direct child groups
Maximum number that a thing group can
of direct child have in a thing group
groups hierarchy.

Maximum number of 100 No

dynamic groups.
Maximum number of
dynamic groups

A thing can be added 10 No

to a maximum of 10
Maximum number of thing groups. But you
thing groups a cannot add a thing to
thing can belong more than one group
to in the same hierarchy.
This means that a thing
cannot be added to
two groups that share a
common parent.

Maximum size of a 128 No

thing group attribute
Maximum size of name, in chars.
a thing group
attribute name, in
chars

Maximum size of a 800 No

thing group attribute
Maximum size of value, in chars.
a thing group
attribute value,
in chars

Maximum thing group 128 Bytes No

name size.
Maximum thing
group name size

Note
Thing group assignment

The maximum number of things that can be assigned to a thing group is not limited.

AWS IoT Core bulk thing registration limits and quotas

AWS IoT Core bulk thing registration
Limit display name Description Default value Adjustable

For any given AWS 1 No

account, only one bulk
Allowed
registration tasks

Version 1.0
375
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

registration task can
run at a time.

After the bulk 2592000 Seconds No

registration task
Data retention (which can be long
policy lived) is complete,
data related to bulk
thing registration is
permanently deleted
after 30 days.

Each line in an Amazon 256000 No

S3 input JSON file can't
Maximum line exceed 256K in length.
length

Any pending or 2592000 Seconds No

incomplete bulk
Registration task registration tasks are
termination terminated after 30
days.

For more information about the JSON file used for bulk registration, see Amazon S3 input JSON file.

AWS IoT Core billing group restrictions

• A thing can belong to exactly one billing group.
• Unlike thing groups, billing groups cannot be organized into hierarchies.
• For its usage to be registered for tagging or billing purposes, a device must:
• Be registered as a thing in AWS IoT Core.
• Communicate with AWS IoT Core using MQTT only.
• Authenticate with AWS IoT Core using only its thing name as the client ID.
• Use an X.509 certificate or Amazon Cognito Identity to authenticate.

For more information, see Managing Devices with AWS IoT, Authentication, and Device Provisioning.
You can use the AttachThingPrincipal API operation to attach a certificate or other credential to a
thing.
• The maximum number of billing groups per AWS account is 20,000.

AWS IoT Device Management API action limits

AWS IoT Device Management API action limits
Limit display Description Default value Default value Adjustable
name in select AWS
*
Regions

The maximum 60 60 Yes

number of
AddThingToBillingGroup
transactions per
API TPS second (TPS)
that can be

Version 1.0
376
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions
made for the
AddThingToBillingGroup
API.

The maximum 60 60 Yes

number of
AddThingToThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
AddThingToThingGroup
API.

The maximum 50 15 No
number of
AttachThingPrincipal
transactions per
API TPS second (TPS)
that can be
made for the
AttachThingPrincipal
API.

The maximum 25 25 Yes

number of
CreateBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
CreateBillingGroup
API.

The maximum 5 5 Yes

number of
CreateDynamicThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
CreateDynamicThingGroup
API.

The maximum 50 15 Yes

number of
CreateThing transactions per
API TPS second (TPS) that
can be made for
the CreateThing
API.

Version 1.0
377
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 25 25 Yes

number of
CreateThingGrouptransactions per
API TPS second (TPS)
that can be
made for the
CreateThingGroup
API.

The maximum 15 15 Yes

number of
CreateThingType transactions per
API TPS second (TPS)
that can be
made for the
CreateThingType
API.

The maximum 15 15 Yes

number of
DeleteBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
DeleteBillingGroup
API.

The maximum 5 5 Yes

number of
DeleteDynamicThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
DeleteDynamicThingGroup
API.

The maximum 50 15 Yes

number of
DeleteThing transactions per
API TPS second (TPS) that
can be made for
the DeleteThing
API.

The maximum 15 15 Yes

number of
DeleteThingGrouptransactions per
API TPS second (TPS)
that can be
made for the
DeleteThingGroup
API.

Version 1.0
378
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 15 15 Yes

number of
DeleteThingType transactions per
API TPS second (TPS)
that can be
made for the
DeleteThingType
API.

The maximum 15 15 Yes

number of
DeprecateThingType
transactions per
API TPS second (TPS)
that can be
made for the
DeprecateThingType
API.

The maximum 100 15 Yes

number of
DescribeBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
DescribeBillingGroup
API.

The maximum 350 50 Yes

number of
DescribeThing transactions per
API TPS second (TPS) that
can be made for
the DescribeThing
API.

The maximum 100 100 Yes

number of
DescribeThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
DescribeThingGroup
API.

The maximum 10 10 Yes

number of
DescribeThingType
transactions per
API TPS second (TPS)
that can be
made for the
DescribeThingType
API.

Version 1.0
379
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 50 15 Yes

number of
DetachThingPrincipal
transactions per
API TPS second (TPS)
that can be
made for the
DetachThingPrincipal
API.

The maximum 10 10 Yes

number of
ListBillingGroups
transactions per
API TPS second (TPS)
that can be
made for the
ListBillingGroups
API.

The maximum 10 10 Yes

number of
ListPrincipalThings
transactions per
API TPS second (TPS)
that can be
made for the
ListPrincipalThings
API.

The maximum 10 10 Yes

number of
ListTagsForResource
transactions per
API TPS second (TPS)
that can be
made for the
ListTagsForResource
API.

The maximum 10 10 Yes

number of
ListThingGroups transactions per
API TPS second (TPS)
that can be
made for the
ListThingGroups
API.

The maximum 50 10 Yes

number of
ListThingGroupsForThing
transactions per
API TPS second (TPS)
that can be
made for the
ListThingGroupsForThing
API.

Version 1.0
380
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 10 10 Yes

number of
ListThingPrincipals
transactions per
API TPS second (TPS)
that can be
made for the
ListThingPrincipals
API.

The maximum 10 10 Yes

number of
ListThingTypes transactions per
API TPS second (TPS) that
can be made for
the ListThingTypes
API.

The maximum 10 10 Yes

number of
ListThings API transactions per
TPS second (TPS) that
can be made for
the ListThings API.

The maximum 25 25 Yes

number of
ListThingsInBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
ListThingsInBillingGroup
API.

The maximum 25 25 Yes

number of
ListThingsInThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
ListThingsInThingGroup
API.

The maximum 10 10 Yes

number of
RegisterThing transactions per
API TPS second (TPS) that
can be made for
the RegisterThing
API.

Version 1.0
381
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 15 15 Yes

number of
RemoveThingFromBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
RemoveThingFromBillingGroup
API.

The maximum 15 15 Yes

number of
RemoveThingFromThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
RemoveThingFromThingGroup
API.

The maximum 10 10 Yes

number of
TagResource transactions per
API TPS second (TPS) that
can be made for
the TagResource
API.

The maximum 10 10 Yes

number of
UntagResource transactions per
API TPS second (TPS)
that can be
made for the
UntagResource
API.

The maximum 15 15 Yes

number of
UpdateBillingGroup
transactions per
API TPS second (TPS)
that can be
made for the
UpdateBillingGroup
API.

The maximum 5 5 Yes

number of
UpdateDynamicThingGroup
transactions per
API TPS second (TPS)
that can be
made for the
UpdateDynamicThingGroup
API.

Version 1.0
382
 AWS General Reference Reference guide
Service quotas

Limit display Description Default value Default value Adjustable

name in select AWS
*
Regions

The maximum 50 10 Yes

number of
UpdateThing transactions per
API TPS second (TPS) that
can be made for
the UpdateThing
API.

The maximum 15 15 Yes

number of
UpdateThingGrouptransactions per
API TPS second (TPS)
that can be
made for the
UpdateThingGroup
API.

*
Select AWS Regions: Europe (Stockholm), Middle East (Bahrain), Europe (Paris), Asia Pacific (Hong
Kong), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (N. California), Canada (Central),
China (Ningxia)

AWS IoT Fleet Indexing

AWS IoT Device Management fleet indexing limits and quotas

Limit display name Description Default value Adjustable

The maximum length of 1024 Yes

a custom field name.
Maximum length of
a custom field
name

The maximum length 1000 Yes

of a query in UTF-8
Maximum length of encoded characters.
a query

The maximum number 2 No

of * wildcard operators
Maximum number per query term.
of * wildcard
operators per
query term

The maximum number 5 No

of ? wildcard operators
Maximum number per query term.
of ? wildcard
operators per
query term

Version 1.0
383
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 5 Yes

of custom fields in AWS
Maximum number of thing groups index.
custom fields in
AWS thing groups
index

The maximum number 5 Yes

of custom fields in AWS
Maximum number of things index.
custom fields in
AWS things index

The maximum number 100 Yes

of dynamic groups per
Maximum number of customer.
dynamic groups

The maximum number 100 Yes

of fleet metrics per
Maximum number of customer.
fleet metrics

The maximum number 5 No

of values for percentile
Maximum number of aggregation type per
percentile values fleet metric.
per fleet metric

The maximum number 3 Yes

of query terms per fleet
Maximum number of metric.
query terms per
fleet metric

The maximum number 5 Yes

of query terms per
Maximum number of query.
query terms per
query

The maximum number 500 No

of results per search
Maximum number of query.
results per search
query

The maximum number Unlimited No

of things in the fleet
Maximum number index.
of things in the
fleet index

The maximum period 86400 Seconds No

of a fleet metric in
Maximum period of seconds.
a fleet metric

Version 1.0
384
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The minimum period 60 Seconds No

of a fleet metric in
Minimum period of seconds.
a fleet metric

AWS IoT Device Management fleet indexing API limits

Limit display name Description Default value Adjustable

The maximum number 10 Yes

of DescribeIndex calls
DescribeIndex rate per second.

The maximum number 15 Yes

of GetCardinality calls
GetCardinality per second.
rate

The maximum 20 Yes

number of
GetIndexingConfiguration
GetIndexingConfiguration
rate calls per second.

The maximum number 15 Yes

of GetPercentiles calls
GetPercentiles per second.
rate

The maximum number 15 Yes

of GetStatistics calls per
GetStatistics rate second.

The maximum number 5 Yes

of ListIndices calls per
ListIndices rate second.

The maximum number 15 Yes

of SearchIndex calls per
SearchIndex rate second.

The maximum 1 Yes

number of
UpdateIndexingConfiguration
UpdateIndexingConfiguration
rate calls per second.

AWS IoT Jobs

AWS IoT Device Management jobs limits and quotas

Limit display name Description Default value Adjustable

The maximum number 1000 Yes

of active continuous
jobs.

Version 1.0
385
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

Active continuous
jobs

The maximum number 1000 Yes

of active snapshot jobs.
Active snapshot
jobs

The maximum 2028 No

comment length (in
Comment length characters).

The throttle limit for 10 Yes

CreateJobTemplate.
CreateJobTemplate
throttle limit

The maximum number 730 No

of days that job data
Data retention and job execution data
will be retained for
inactive jobs (jobs that
aren't IN_PROGRESS).

The throttle limit for 10 Yes

DeleteJobTemplate.
DeleteJobTemplate
throttle limit

The maximum 200 No

number of total read
DescribeJobExecution/
transactions per second
GetPendingJobExectuions
per account which can
throttle limit be caused by invoking
DescribeJobExecution
and/or
GetPendingJobExecutions.
In the control plane,
DescribeJobExecution
is limited to 10 TPS per
invocation.

The throttle limit for 10 Yes

DescribeJobTemplate.
DescribeJobTemplate
throttle limit

The maximum number 1350 No

of characters in a job
DocumentSource document source.
length

The maximum job 10080 No

execution InProgress
In Progress timeout value (in
timeout minutes).

Version 1.0
386
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 100 No

of targets you can
Job Targets assign to a job.

The maximum number 2028 No

of characters in a job
Job Template template description.
description length

The maximum number 2028 No

of characters in a job
Job description description.
length

The maximum number 1000 Yes

of job executions that
Job execution roll you can roll out per
out rate minute.

The maximum number 64 No

of characters in a Job
JobId Length id.

The maximum number 64 No

of characters in a job
JobTemplateId template id.
Length

The maximum number 250 No

of list results per page.
List results per
page

The throttle limit for 10 Yes

ListJobTemplates.
ListJobTemplates
throttle limit

The maximum number 100 Yes

of job templates you
Maximum number of can own.
job templates

The minimum number 1 No

of job executions that
Minimum job you can roll out per
execution roll out minute.
rate

The minimum lifetime 60 Seconds No

(in seconds) of a pre-
Minimum pre-signed signed URL.
URL lifetime

The maximum lifetime 3600 Seconds No

(in seconds) of a pre-
Pre-signed URL signed URL.
lifetime

Version 1.0
387
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum length 32768 Bytes Yes

of an S3 job document
S3 job document that can be sent to
length an AWS IoT device (in
Bytes).

The maximum 200 No

number of total write
StartNextPendingJobExecution/
transactions per second
UpdateJobExecution per account which can
throttle limit be caused by invoking
StartNextPendingJobExecution
and/or
UpdatePendingJobExecution.

The maximum length of 128 No

a StatusDetail map key
StatusDetail map (in characters).
key length

The maximum number 10 No

of key-value pairs
StatusDetail map you can have in a
key-value pairs StatusDetail map.

The maximum length 1024 No

of a StatusDetail map
StatusDetail map value (in characters).
value length

The maximum job 10080 No

execution step timeout
Step Timer value (in minutes).

AWS IoT Device Management jobs API action limits

Limit display name Description Default value Adjustable

The throttle limit for 10 Yes

AssociateTargetsWithJob.
AssociateTargetsWithJob
throttle limit

The throttle limit for 10 Yes

CancelJob.
CancelJob throttle
limit

The throttle limit for 10 Yes

CancelJobExecution.
CancelJobExecution
throttle limit

The throttle limit for 10 No

CreateJob.
CreateJob throttle
limit

Version 1.0
388
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The throttle limit for 10 Yes

DeleteJob.
DeleteJob throttle
limit

The throttle limit for 10 Yes

DeleteJobExecution.
DeleteJobExecution
throttle limit

The throttle limit for 10 Yes

DescribeJob.
DescribeJob
throttle limit

The throttle limit for 10 Yes

DescribeJobExecution.
DescribeJobExecution
throttle limit

The throttle limit for 10 Yes

GetJobDocument.
GetJobDocument
throttle limit

The throttle limit for 10 Yes

ListJobExecutionsForJob.
ListJobExecutionsForJob
throttle limit

The throttle limit for 10 Yes

ListJobExecutionsForThing.
ListJobExecutionsForThing
throttle limit

The throttle limit for 10 Yes

ListJobs.
ListJobs throttle
limit

The throttle limit for 10 Yes

UpdateJob.
UpdateJob throttle
limit

†
For definitions of data plane and control plane, see What are the ways for accessing AWS IoT Core? in
the AWS IoT Core FAQs

AWS IoT Secure Tunneling

AWS IoT Device Management secure tunneling limits and quotas
Limit display name Description Default value Adjustable

The maximum number 1 Yes

of transactions per
CloseTunnel API second per account
throttle limit

Version 1.0
389
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

which can be caused by
invoking CloseTunnel.

The maximum number 10 Yes

of transactions
DescribeTunnel API per second per
throttle limit account which can be
caused by invoking
DescribeTunnel.

The maximum number 10 Yes

of transactions
ListTagsForResource per second per
API throttle limit account which can be
caused by invoking
ListTagsForResource.

The maximum number 10 Yes

of transactions per
ListTunnels API second per account
throttle limit which can be caused by
invoking ListTunnels.

The maximum 800 No

bandwidth per tunnel
Maximum bandwidth (in kbps).
per tunnel

The maximum number 10 Yes

of transactions for
Maximum connection connecting to a tunnel
rate per second.

The maximum number 50 No

of tags that can be used
Maximum number of per resource.
tags per resource

The maximum number 128 No

of Unicode characters in
Maximum tag key a tag key. Each resource
length and tag key must be
unique.

The maximum number 256 No

of Unicode characters
Maximum tag value in a tag value. Each tag
length key can have one value.

The maximum tunnel 12 No

lifetime (in hours), after
Maximum tunnel which a tunnel will be
lifetime closed after reaching.

Version 1.0
390
 AWS General Reference Reference guide
Service quotas

Limit display name Description Default value Adjustable

The maximum number 1 Yes

of transactions per
OpenTunnel API second per account
throttle limit which can be caused by
invoking OpenTunnel.

The maximum number 10 Yes

of transactions per
TagResource API second per account
throttle limit which can be caused by
invoking TagResource.

The maximum number 10 Yes

of transactions
UntagResource API per second per
trottle limit account which can be
caused by invoking
UntagResource.

Fleet Hub for AWS IoT Device Management

Fleet Hub limits and quotas

Limit display name Description Default value Adjustable

The maximum number 10 Yes

of applications per
Number of Region per AWS
applications per account.
Region per AWS
account

Fleet Hub API throttling limits

Resource Quota Adjustable

Alarms 100 per Region per account Yes

CreateApplication 10 TPS Yes

DeleteApplication 10 TPS Yes

DescribeApplication 10 TPS Yes

ListApplications 10 TPS Yes

ListTagsForResource 10 TPS Yes

TagResource 10 TPS Yes

UntagResource 10 TPS Yes

UpdateApplication 10 TPS Yes

Version 1.0
391
 AWS General Reference Reference guide
AWS IoT Events

AWS IoT Events endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Control plane endpoints
The following table contains AWS Region-specific endpoints that AWS IoT Events supports for control
plane operations. For more information, see AWS IoT Events operations in the AWS IoT Events API
Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
392
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Data plane endpoints

The following table contains AWS Region-specific endpoints that AWS IoT Events supports for data
plane operations. For more information, see AWS IoT Events data operations in the AWS IoT Events API
Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
393
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Detector model definition size Each supported Region: 512 No

Kilobytes

Detector model versions Each supported Region: 500 Yes

Detector models Each supported Region: 50 Yes

Detector models per input Each supported Region: 10 No

Detectors per detector model Each supported Region: Yes

100,000

Inputs Each supported Region: 50 Yes

Maximum actions per alarm model Each supported Region: 10 Yes

Maximum actions per event Each supported Region: 10 Yes

Maximum alarm model versions per alarm model Each supported Region: 500 Yes

Maximum alarm models per account Each supported Region: 200 Yes

Maximum alarm models per input Each supported Region: 10 No

Maximum alarms per alarm model Each supported Region: Yes

100,000

Maximum events per state Each supported Region: 20 Yes

Maximum messages per alarm per second Each supported Region: 10 No

Maximum number of alarm models per property in an AWS Each supported Region: 10 Yes
IoT SiteWise asset model

Maximum number of recipients per notification action in an Each supported Region: 10 Yes
alarm model

Maximum total messages evaluated per second Each supported Region: Yes
1,000

Maximum transition events per state Each supported Region: 20 Yes

Message size Each supported Region: 1 Yes

Kilobytes

Messages per detector per second Each supported Region: 10 No

Minimum timer duration Each supported Region: 60 Yes

Seconds

Number of detector model analyses in RUNNING status Each supported Region: 10 Yes

State variables per detector model definition Each supported Region: 50 Yes

States per detector model Each supported Region: 20 Yes

Timers scheduled per detector Each supported Region: 5 Yes

Version 1.0
394
 AWS General Reference Reference guide
AWS IoT Greengrass V1

Name Default Adjustable

Trigger expressions Each supported Region: 20 Yes

For more information, see AWS IoT Events quotas in the AWS IoT Events User Guide.

AWS IoT Greengrass V1 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass supports for group
management operations.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
395
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

[Link] MQTT and

HTTPS
greengrass-fi[Link]
HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] MQTT and
HTTPS
[Link]
HTTPS

AWS IoT Device Operations

The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.

To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefi[Link] HTTPS, MQTT

US East (N. us-east-1 prefi[Link] HTTPS, MQTT

Virginia)

US West us-west-2 prefi[Link] HTTPS, MQTT

(Oregon)

Asia Pacific ap-south-1 prefi[Link] HTTPS, MQTT

(Mumbai)

Asia Pacific ap-northeast-2 prefi[Link] HTTPS, MQTT

(Seoul)

Asia Pacific ap-southeast-1 prefi[Link] HTTPS, MQTT

(Singapore)

Version 1.0
396
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-southeast-2 prefi[Link] HTTPS, MQTT

(Sydney)

Asia Pacific ap-northeast-1 prefi[Link] HTTPS, MQTT

(Tokyo)

China (Beijing) cn-north-1 prefi[Link] HTTPS, MQTT

Europe eu-central-1 prefi[Link] HTTPS, MQTT

(Frankfurt)

Europe eu-west-1 prefi[Link] HTTPS, MQTT

(Ireland)

Europe eu-west-2 prefi[Link] HTTPS, MQTT

(London)

AWS GovCloud us-gov-west-1 prefi[Link] HTTPS, MQTT

(US-West)

AWS GovCloud us-gov-east-1 prefi[Link] HTTPS, MQTT

(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 398), but we
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.

Discovery Operations
The following table contains AWS Region-specific ATS endpoints for device discovery operations using
the AWS IoT Greengrass Discovery API. This is a data plane API.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia Pacific ap-south-1 [Link] HTTPS

(Mumbai)

Asia Pacific ap-northeast-2 [Link]- HTTPS

(Seoul) [Link]

Asia Pacific ap-southeast-1 [Link]- HTTPS

(Singapore) [Link]

Asia Pacific ap-southeast-2 [Link]- HTTPS

(Sydney) [Link]

Version 1.0
397
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 [Link]- HTTPS

(Tokyo) [Link]

China (Beijing) cn-north-1 [Link] HTTPS

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS GovCloud us-gov-west-1 [Link] HTTPS

(US-West)

AWS GovCloud us-gov-east-1 [Link] HTTPS

(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 398), but we
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.

Supported Legacy Endpoints

We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.

When using legacy Verisign endpoints, you must use Verisign root CA certificates.

AWS IoT Device Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 prefi[Link] HTTPS, MQTT

Virginia)

US West us-west-2 prefi[Link] HTTPS, MQTT

(Oregon)

Asia Pacific ap- prefi[Link] HTTPS, MQTT

(Sydney) southeast-2

Asia Pacific ap- prefi[Link] HTTPS, MQTT

(Tokyo) northeast-1

Europe eu-central-1 prefi[Link] HTTPS, MQTT

(Frankfurt)

Europe eu-west-1 prefi[Link] HTTPS, MQTT

(Ireland)

Version 1.0
398
 AWS General Reference Reference guide
Service quotas

To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.
Discovery Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia Pacific ap- [Link] HTTPS

(Sydney) southeast-2

Asia Pacific ap- [Link] HTTPS

(Tokyo) northeast-1

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
AWS IoT Greengrass Cloud API

Description Default

Maximum number of AWS IoT devices per AWS 2500

IoT Greengrass group.

Maximum number of Lambda functions per group. 200

Maximum number of resources per Lambda 20

function.

Maximum number of resources per group. 200

Maximum number of transactions per second See the section called “TPS” (p. 399).
(TPS) on the AWS IoT Greengrass APIs.

Maximum number of subscriptions per group. 10000

Maximum number of subscriptions that specify 50

Cloud as the source per group.

Maximum length of a core thing name. 124 bytes of UTF-8 encoded characters.

TPS
The default quota for the maximum number of transactions per second on the AWS IoT Greengrass APIs
depends on the API and the AWS Region where AWS IoT Greengrass is used.

Version 1.0
399
 AWS General Reference Reference guide
Service quotas

For most APIs and supported AWS Regions (p. 395), the default quota is 30. Exceptions are noted in the
following tables.

API exceptions

API Default

CreateDeployment 20

AWS Region exceptions

AWS Region Default

China (Beijing) 10

AWS GovCloud (US-West) 10

AWS GovCloud (US-East) 10

This quota applies per account and per API. For example, in the US East (N. Virginia) Region, each account
has a default quota of 30 TPS, which is the aggregate of all API operation requests. Each API (such as
CreateGroupVersion or ListFunctionDefinitions) has a quota of 30 TPS. This includes control
plane and data plane operations. Requests that exceed the account or API quotas are throttled. To
request account and API quota increases, including quotas for specific APIs, contact your AWS Enterprise
Support representative.

AWS IoT Greengrass Core

Description Default

Maximum number of routing table entries that 50 (matches AWS IoT subscription quota)
specify Cloud as the source.

Maximum size of messages sent by an AWS IoT 128 KB (matches AWS IoT message size quota)
device.

Minimum message queue size in the Greengrass 256 KB

core router.

Maximum length of a topic string. 256 bytes of UTF-8 encoded characters.

Maximum number of forward slashes (/) in a topic 7

or topic filter.

Minimum disk space needed to run the Greengrass 128 MB

Core software.
400 MB when using OTA updates

Minimum RAM to run the Greengrass Core 128 MB

software.
198 MB when using stream manager

The Greengrass Core software provides a service to detect the IP addresses of your Greengrass core
devices. It sends this information to the AWS IoT Greengrass cloud service and allows AWS IoT devices to
download the IP address of the Greengrass core they need to connect to.

Do not use this feature if any of the following is true:

Version 1.0
400
 AWS General Reference Reference guide
AWS IoT Greengrass V2

• The IP address of a Greengrass core device changes frequently.

• The Greengrass core device is not always available to AWS IoT devices in its group.
• The Greengrass core has multiple IP addresses and an AWS IoT device is unable to reliably determine
which address to use.
• Your organization's security policies don't allow you to send devices' IP addresses to the AWS Cloud.

AWS IoT Greengrass V2 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Control Plane Operations
The following table contains AWS Region-specific endpoints that AWS IoT Greengrass V2 supports for
operations to manage components, devices, and deployments.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Version 1.0
401
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

China cn-north-1 [Link] HTTPS

(Beijing)

Europe eu- [Link] HTTPS

(Frankfurt)) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] MQTT and

HTTPS

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

[Link] MQTT and

HTTPS

AWS IoT Device Operations

The following table contains AWS Region-specific Amazon Trust Services (ATS) endpoints for AWS IoT
device management operations, such as shadow sync. This is a data plane API.

To look up your account-specific endpoint, use the aws iot describe-endpoint --endpoint-type iot:Data-
ATS command.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 prefi[Link] HTTPS, MQTT

US East (N. us-east-1 prefi[Link] HTTPS, MQTT

Virginia)

US West us-west-2 prefi[Link] HTTPS, MQTT

(Oregon)

Asia Pacific ap-south-1 prefi[Link] HTTPS, MQTT

(Mumbai)

Asia Pacific ap-northeast-2 prefi[Link] HTTPS, MQTT

(Seoul)

Asia Pacific ap-southeast-1 prefi[Link] HTTPS, MQTT

(Singapore)

Asia Pacific ap-southeast-2 prefi[Link] HTTPS, MQTT

(Sydney)

Version 1.0
402
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 prefi[Link] HTTPS, MQTT

(Tokyo)

Canada ca-central-1 prefi[Link] HTTPS, MQTT

(Central)

China (Beijing) cn-north-1 prefi[Link] HTTPS, MQTT

Europe eu-central-1 prefi[Link] HTTPS, MQTT

(Frankfurt)

Europe eu-west-1 prefi[Link] HTTPS, MQTT

(Ireland)

Europe eu-west-2 prefi[Link] HTTPS, MQTT

(London)

AWS GovCloud us-gov-west-1 prefi[Link] HTTPS, MQTT

(US-West)

AWS GovCloud us-gov-east-1 prefi[Link] HTTPS, MQTT

(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 404), but we
recommend that you use ATS endpoints with ATS root certificate authority (CA) certificates. For
more information, see Server Authentication in the AWS IoT Developer Guide.

Date Plane Operations

The following table contains AWS Region-specific ATS endpoints for data plane API operations, such as
ResolveComponentCandidates.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia Pacific ap-south-1 [Link] HTTPS

(Mumbai)

Asia Pacific ap-northeast-2 [Link]- HTTPS

(Seoul) [Link]

Asia Pacific ap-southeast-1 [Link]- HTTPS

(Singapore) [Link]

Asia Pacific ap-southeast-2 [Link]- HTTPS

(Sydney) [Link]

Version 1.0
403
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific ap-northeast-1 [Link]- HTTPS

(Tokyo) [Link]

Canada ca-central-1 [Link]- HTTPS

(Central) [Link]

China (Beijing) cn-north-1 [Link] HTTPS

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS GovCloud us-gov-west-1 [Link] HTTPS

(US-West)

AWS GovCloud us-gov-east-1 [Link] HTTPS

(US-East)

Note
Legacy Verisign endpoints are currently supported for some Regions (p. 404), but we
recommend that you use ATS endpoints with ATS root CA certificates. For more information, see
Server authentication in the AWS IoT Developer Guide.

Supported Legacy Endpoints

We recommend that you use the ATS endpoints in the preceding tables with ATS root CA certificates.
For backward compatibility, AWS IoT Greengrass V2 currently supports legacy Verisign endpoints in the
following AWS Regions. This support is expected to end in the future. For more information, see Server
authentication in the AWS IoT Developer Guide.

When using legacy Verisign endpoints, you must use Verisign root CA certificates.

AWS IoT Device Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 prefi[Link] HTTPS, MQTT

Virginia)

US West us-west-2 prefi[Link] HTTPS, MQTT

(Oregon)

Asia Pacific ap- prefi[Link] HTTPS, MQTT

(Sydney) southeast-2

Asia Pacific ap- prefi[Link] HTTPS, MQTT

(Tokyo) northeast-1

Europe eu-central-1 prefi[Link] HTTPS, MQTT

(Frankfurt)

Version 1.0
404
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

Europe eu-west-1 prefi[Link] HTTPS, MQTT

(Ireland)

To look up your account-specific legacy endpoint, use the aws iot describe-endpoint --endpoint-type
iot:Data command.
Data Plane Operations (Legacy Endpoints)

Region Name Region Endpoint Protocol

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia Pacific ap- [Link] HTTPS

(Sydney) southeast-2

Asia Pacific ap- [Link] HTTPS

(Tokyo) northeast-1

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
The following tables describe quotas in AWS IoT Greengrass V2. For more information about quotas and
how to request quota increases, see AWS service quotas (p. 737).

Quotas for core devices

Resource Quota Adjustable

Maximum length of a core 124 bytes of UTF-8 encoded No

device thing name characters

Quotas for components

Resource Quota Adjustable Notes

Maximum number of 5,000 components per Yes  

components Region

Maximum number of 5,000 versions per Yes  

component versions component per Region

Maximum size of 8 KB No  
component recipe

Version 1.0
405
 AWS General Reference Reference guide
Service quotas

Resource Quota Adjustable Notes

Maximum total size of 2 GB No This quota applies to

component artifacts the sum of all artifacts
for a component.

Request rate for 1 request per second No  

CreateComponentVersion per Region

Request rate for other 30 requests per second No This quota applies per
API operations per Region API operation.

Exceptions

• China (Beijing) – 10
requests per second
per Region
• AWS GovCloud (US-
West) – 10 requests
per second per
Region
• AWS GovCloud (US-
East) – 10 requests
per second per
Region

Quotas for deployments

Resource Quota Adjustable Notes

Maximum size of 7 KB No The deployment

deployment document document includes
for a thing deployment the component
(without large configurations,
configuration support) deployment
configurations, and
payload overhead.

Maximum size of 31 KB No The deployment

deployment document document includes
for a thing group the component
deployment (without configurations,
large configuration deployment
support) configurations, and
payload overhead.

Maximum size of 10 MB No The deployment

deployment document document includes
with large configuration the component
support configurations,
deployment
configurations, and
payload overhead.

Version 1.0
406
 AWS General Reference Reference guide
AWS IoT RoboRunner

AWS IoT RoboRunner endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Service quotas
Name Default Adjustable

Action templates Each supported Region: 150 Yes

Actions Each supported Region: 150 Yes

Activities Each supported Region: 30 Yes

Destination relationships Each supported Region: 30 Yes

Destinations Each supported Region: 15 Yes

Rate of CreateAction requests Each supported Region: 10 No

Rate of CreateActionTemplate requests Each supported Region: 10 No

Rate of CreateActionTemplateDependency requests Each supported Region: 10 No

Rate of CreateActivity requests Each supported Region: 10 No

Rate of CreateActivityDependency requests Each supported Region: 10 No

Rate of CreateDestination requests Each supported Region: 5 No

Rate of CreateDestinationRelationship requests Each supported Region: 5 No

Rate of CreateSite requests Each supported Region: 5 No

Rate of CreateTask requests Each supported Region: 10 No

Rate of CreateTaskDependency requests Each supported Region: 10 No

Rate of CreateWorker requests Each supported Region: 5 No

Rate of CreateWorkerFleet requests Each supported Region: 5 No

Version 1.0
407
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of DeleteAction requests Each supported Region: 3 No

Rate of DeleteActionTemplate requests Each supported Region: 3 No

Rate of DeleteActionTemplateDependency requests Each supported Region: 3 No

Rate of DeleteActivity requests Each supported Region: 3 No

Rate of DeleteActivityDependency requests Each supported Region: 3 No

Rate of DeleteDestination requests Each supported Region: 3 No

Rate of DeleteDestinationRelationship requests Each supported Region: 3 No

Rate of DeleteSite requests Each supported Region: 3 No

Rate of DeleteTask requests Each supported Region: 3 No

Rate of DeleteTaskDependency requests Each supported Region: 3 No

Rate of DeleteWorker requests Each supported Region: 3 No

Rate of DeleteWorkerFleet requests Each supported Region: 3 No

Rate of GetAction requests Each supported Region: 20 No

Rate of GetActionTemplate requests Each supported Region: 20 No

Rate of GetActivity requests Each supported Region: 20 No

Rate of GetDestination requests Each supported Region: 20 No

Rate of GetDestinationRelationship requests Each supported Region: 20 No

Rate of GetSite requests Each supported Region: 20 No

Rate of GetTask requests Each supported Region: 20 No

Rate of GetWorker requests Each supported Region: 20 No

Rate of GetWorkerFleet requests Each supported Region: 20 No

Rate of ListActionTemplates requests Each supported Region: 30 No

Rate of ListActions requests Each supported Region: 30 No

Rate of ListActivities requests Each supported Region: 30 No

Rate of ListDestinationRelationships requests Each supported Region: 30 No

Rate of ListDestinations requests Each supported Region: 30 No

Rate of ListSites requests Each supported Region: 30 No

Rate of ListTasks requests Each supported Region: 30 No

Rate of ListWorkerFleets requests Each supported Region: 30 No

Rate of ListWorkers requests Each supported Region: 30 No

Rate of UpdateActionState requests Each supported Region: 10 No

Version 1.0
408
 AWS General Reference Reference guide
AWS IoT SiteWise

Name Default Adjustable

Rate of UpdateActivity requests Each supported Region: 10 No

Rate of UpdateDestination requests Each supported Region: 5 No

Rate of UpdateSite requests Each supported Region: 5 No

Rate of UpdateTask requests Each supported Region: 10 No

Rate of UpdateWorker requests Each supported Region: 5 No

Rate of UpdateWorkerFleet requests Each supported Region: 5 No

Sites Each supported Region: 3 Yes

Tasks Each supported Region: 30 Yes

Worker fleets Each supported Region: 9 Yes

Workers Each supported Region: 60 Yes

AWS IoT SiteWise endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
409
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

For more information, see AWS IoT SiteWise endpoints in the AWS IoT SiteWise User Guide.

Service quotas
Name Default Adjustable

Depth of asset hierarchy tree Each supported Region: 10 Yes

Number of OPC UA sources per gateway Each supported Region: 100 No

Number of asset hierarchy definitions per asset model Each supported Region: 20 Yes

Number of asset models per Region per AWS account Each supported Region: 100 Yes

Number of asset models per hierarchy tree Each supported Region: 50 Yes

Number of assets per asset model Each supported Region: Yes

10,000

Number of child assets per parent asset Each supported Region: 100 Yes

Number of dashboards per project Each supported Region: 100 Yes

Number of data points per second per data quality per asset Each supported Region: 10 No
property

Number of days between the start date in the past and Each supported Region: 28 Yes
today for GetInterpolatedAssetPropertyValues

Number of functions per property formula expression Each supported Region: 10 No

Number of gateways per Region per AWS account Each supported Region: 100 Yes

Number of metrics per dashboard visualization Each supported Region: 5 Yes

Number of parent asset models per child asset model Each supported Region: 10 Yes

Number of portals per Region per AWS account Each supported Region: 100 Yes

Number of projects per portal Each supported Region: 100 Yes

Number of properties per asset model Each supported Region: 200 Yes

Version 1.0
410
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Number of properties that depend on a single property Each supported Region: 30 No

Number of properties that directly depend on a single Each supported Region: 20 Yes
property

Number of property variables per property formula Each supported Region: 10 No

expression

Number of results per GetInterpolatedAssetPropertyValues Each supported Region: 10 Yes

request

Number of root assets per project Each supported Region: 1 No

Number of visualizations per dashboard Each supported Region: 10 Yes

Rate of BatchPutAssetPropertyValue entries ingested per Each supported Region: 10 No

asset property

Rate of GetInterpolatedAssetPropertyValues requests Each supported Region: 500 Yes

Rate of data points ingested Each supported Region: Yes

1,000

Request rate for AssociateAssets Each supported Region: 30 Yes

Request rate for AssociateTimeSeriesToAssetProperty Each supported Region: 30 Yes

Request rate for BatchPutAssetPropertyValue Each supported Region: Yes

1,000

Request rate for CreateAsset Each supported Region: 30 Yes

Request rate for CreateAssetModel Each supported Region: 10 Yes

Request rate for DeleteAsset Each supported Region: 30 Yes

Request rate for DeleteAssetModel Each supported Region: 10 Yes

Request rate for DeleteTimeSeries Each supported Region: 30 Yes

Request rate for DescribeAsset Each supported Region: 30 Yes

Request rate for DescribeAssetModel Each supported Region: 10 Yes

Request rate for DescribeAssetProperty Each supported Region: 30 Yes

Request rate for DescribeDefaultEncryptionConfiguration Each supported Region: 10 Yes

Request rate for DescribeLoggingOptions Each supported Region: 30 Yes

Request rate for DescribeStorageConfiguration Each supported Region: 10 Yes

Request rate for DescribeTimeSeries Each supported Region: 30 Yes

Request rate for DisassociateAssets Each supported Region: 30 Yes

Request rate for DisassociateTimeSeriesFromAssetProperty Each supported Region: 30 Yes

Request rate for GetAssetPropertyAggregates Each supported Region: Yes

1,000

Version 1.0
411
 AWS General Reference Reference guide
AWS IoT Things Graph

Name Default Adjustable

Request rate for GetAssetPropertyValue Each supported Region: Yes

1,000

Request rate for GetAssetPropertyValueHistory Each supported Region: Yes

1,000

Request rate for ListAssetModels Each supported Region: 10 Yes

Request rate for ListAssetRelationships Each supported Region: 30 Yes

Request rate for ListAssets Each supported Region: 30 Yes

Request rate for ListAssociatedAssets Each supported Region: 30 Yes

Request rate for ListTagsForResource Each supported Region: 10 Yes

Request rate for ListTimeSeries Each supported Region: 30 Yes

Request rate for PutDefaultEncryptionConfiguration Each supported Region: 10 Yes

Request rate for PutLoggingOptions Each supported Region: 30 Yes

Request rate for PutStorageConfiguration Each supported Region: 10 Yes

Request rate for TagResource Each supported Region: 10 Yes

Request rate for UntagResource Each supported Region: 10 Yes

Request rate for UpdateAsset Each supported Region: 30 Yes

Request rate for UpdateAssetModel Each supported Region: 10 Yes

Request rate for UpdateAssetProperty Each supported Region: 30 Yes

For more information, see AWS IoT SiteWise quotas in the AWS IoT SiteWise User Guide.

AWS IoT Things Graph endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
412
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Flow definition size Each supported Region: 10 Yes

Kilobytes

Maximum number of flows triggered Each supported Region: 5 Yes

Count/Second

Maximum number of steps executed per deployment Each supported Region: 50 Yes
Count/Second

TPS limit for AssociateEntityToThing Each supported Region: 10 Yes

Count/Second

TPS limit for CreateDeploymentConfiguration Each supported Region: 10 Yes

Count/Second

TPS limit for CreateFlowTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for CreateSystemInstance Each supported Region: 10 Yes

Count/Second

TPS limit for CreateSystemTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for DeleteDeploymentConfiguration Each supported Region: 10 Yes

Count/Second

TPS limit for DeleteFlowTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for DeleteNamespace Each supported Region: 10 Yes

Count/Second

TPS limit for DeleteSystemInstance Each supported Region: 10 Yes

Count/Second

Version 1.0
413
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

TPS limit for DeleteSystemTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for DeployConfigurationToTarget Each supported Region: 10 Yes

Count/Second

TPS limit for DeploySystemInstance Each supported Region: 10 Yes

Count/Second

TPS limit for DeprecateDeploymentConfiguration Each supported Region: 10 Yes

Count/Second

TPS limit for DeprecateFlowTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for DeprecateSystemTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for DescribeNamespace Each supported Region: 10 Yes

Count/Second

TPS limit for DissociateEntityFromThing Each supported Region: 10 Yes

Count/Second

TPS limit for GetDeploymentConfiguration Each supported Region: 10 Yes

Count/Second

TPS limit for GetEntities Each supported Region: 10 Yes

Count/Second

TPS limit for GetFlowTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for GetFlowTemplateRevisions Each supported Region: 10 Yes

Count/Second

TPS limit for GetNamespaceDeletionStatus Each supported Region: 10 Yes

Count/Second

TPS limit for GetRecentUploads Each supported Region: 10 Yes

Count/Second

TPS limit for GetSystemInstance Each supported Region: 10 Yes

Count/Second

TPS limit for GetSystemTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for GetSystemTemplateRevisions Each supported Region: 10 Yes

Count/Second

TPS limit for GetUploadStatus Each supported Region: 10 Yes

Count/Second

TPS limit for ListFlowExecutionMessages Each supported Region: 10 Yes

Count/Second

TPS limit for ListMappingPaths Each supported Region: 10 Yes

Count/Second

Version 1.0
414
 AWS General Reference Reference guide
AWS IoT TwinMaker

Name Default Adjustable

TPS limit for SearchDeploymentConfigurations Each supported Region: 10 Yes

Count/Second

TPS limit for SearchEntities Each supported Region: 10 Yes

Count/Second

TPS limit for SearchFlowExecutions Each supported Region: 10 Yes

Count/Second

TPS limit for SearchFlowTemplates Each supported Region: 10 Yes

Count/Second

TPS limit for SearchSystemInstance Each supported Region: 10 Yes

Count/Second

TPS limit for SearchSystemTemplates Each supported Region: 10 Yes

Count/Second

TPS limit for SearchThings Each supported Region: 10 Yes

Count/Second

TPS limit for UndeploySystemInstance Each supported Region: 10 Yes

Count/Second

TPS limit for UpdateFlowTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for UpdateSystemTemplate Each supported Region: 10 Yes

Count/Second

TPS limit for UploadEntityDefinitions Each supported Region: 10 Yes

Count/Second

TPS limit for ValidateEntityDefinitions Each supported Region: 10 Yes

Count/Second

Total deployment configurations in a namespace Each supported Region: 100 Yes

Count

Total entities in a namespace Each supported Region: 500 Yes

Count

Total flow definitions in a namespace Each supported Region: 100 Yes

Count

Upload request size Each supported Region: 1 No

Megabytes

AWS IoT TwinMaker endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
415
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Service quotas

Resource Description Quota Adjustable

Workspaces in this The maximum number 15 Yes

account in the current of workspaces in this
Region account in the current
Region.

Component types per The maximum number 150 Yes

workspace of unique component
types per workspace.

Depth of component The maximum depth 10 Yes

type hierarchy of the component type
hierarchy tree.

Parent component The maximum number 10 No

types per child of multi-inheritance
component type parent component
types or extendsFrom
relationships one
component type can
have.

Properties per The maximum number 200 Yes

component type or of properties that
component can be defined on a
component type or
added to any given
component instance.

Entities per workspace The maximum number 1000 Yes

of entities allowed per
workspace.

Components per entity The maximum number 10 Yes

of components that

Version 1.0
416
 AWS General Reference Reference guide
Amazon IVS

Resource Description Quota Adjustable

can be defined on one
entity.

Depth of entity The maximum depth 10 Yes

hierarchy of the entity hierarchy
tree.

Child entities per parent The maximum number 100 Yes

entity of direct children for
one entity in the entity
hierarchy tree.

Scenes per workspace The maximum number 100 Yes

of scenes within a
workspace.

Tags per resource The maximum number 50 No

of tags that can be
placed on any resource
with an ARN (such
as workspace, entity,
component type, etc.).

Amazon Interactive Video Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
417
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Channels Each supported Region: Yes

5,000

Concurrent streams Each supported Region: 100 Yes

Concurrent views Each supported Region: Yes

15,000

Ingest bitrate (channel type BASIC) Each supported Region: 1.5 No

Megabits per second

Ingest bitrate (channel type STANDARD) Each supported Region: 8.5 No

Megabits per second

Metadata payload Each supported Region: 1 No

Kilobytes

Playback authorization key pairs Each supported Region: 3 No

Playback token size Each supported Region: 2 No

Kilobytes

PutMetadata rate per channel Each supported Region: 5 per No

second

Recording configurations Each supported Region: 20 Yes

Stream Key Each supported Region: 1 No

For more information, see Service Quotas in the Amazon IVS User Guide.

Amazon Kendra endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
kendra-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
kendra-fi[Link] HTTPS

Version 1.0
418
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)
kendra-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) kendra-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Data sources (developer edition) Each supported Region: 5 No

Data sources (enterprise edition) Each supported Region: 50 Yes

Developer edition indexes Each supported Region: 5 Yes

Enterprise edition indexes Each supported Region: 5 Yes

Extracted text size Each supported Region: 5 Yes

Megabytes

FAQs Each supported Region: 30 Yes

File size Each supported Region: 50 Yes

Megabytes

Ingestion attributes string list size Each supported Region: 10 Yes

Items in a query suggestions block list Each supported Region: Yes

20,000

Query attributes user group list size Each supported Region: 10 Yes

Query capacity units Each supported Region: 100 Yes

Query suggestions block list file size Each supported Region: 2 Yes
Megabytes

Query suggestions block lists Each supported Region: 1 No

Version 1.0
419
 AWS General Reference Reference guide
Amazon Keyspaces

Name Default Adjustable

Query suggestions returned in API Each supported Region: 10 Yes

Storage capacity units Each supported Region: 100 Yes

Synonym rules per thesaurus Each supported Region: Yes

10,000

Synonyms per term Each supported Region: 10 No

Thesauri Each supported Region: 1 No

Thesaurus file size Each supported Region: 5 Yes

Megabytes

Amazon Keyspaces (for Apache Cassandra)

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] TLS

(Ohio)

US East (N. us-east-1 [Link] TLS

Virginia)

US us-west-1 [Link] TLS

West (N.
California)

US West us-west-2 [Link] TLS

(Oregon)

Asia ap-east-1 [Link] TLS

Pacific
(Hong
Kong)

Asia ap- [Link] TLS

Pacific south-1
(Mumbai)

Asia ap- [Link] TLS

Pacific northeast-2
(Seoul)

Version 1.0
420
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] TLS

Pacific southeast-1
(Singapore)

Asia ap- [Link] TLS

Pacific southeast-2
(Sydney)

Asia ap- [Link] TLS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] TLS

(Central) central-1

Europe eu- [Link] TLS

(Frankfurt) central-1

Europe eu-west-1 [Link] TLS

(Ireland)

Europe eu-west-2 [Link] TLS

(London)

Europe eu-west-3 [Link] TLS

(Paris)

Europe eu-north-1 [Link] TLS

(Stockholm)

Middle me- [Link] TLS

East south-1
(Bahrain)

South sa-east-1 [Link] TLS

America
(São
Paulo)

For the following AWS Regions, FIPS endpoints are available.

Region Region FIPS Endpoint Protocol

Name

US East (N. us-east-1 cassandra-fi[Link] TLS

Virginia)

US West us-west-2 cassandra-fi[Link] TLS

(Oregon)

Version 1.0
421
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Account-level read throughput quota (Provisioned mode) Each supported Region: Yes
80,000

Account-level write throughput quota (Provisioned mode) Each supported Region: Yes
80,000

Concurrent DDL operations Each supported Region: 50 No

Keyspaces per region Each supported Region: 256 Yes

Max Schema size Each supported Region: No

358,400 Bytes

Max amount of data restored using Point-in-time Recovery Each supported Region: 5 Yes
(PITR) Terabytes

Max clustering key size Each supported Region: 850 No

Bytes

Max concurrent table restores using Point-in-time Recovery Each supported Region: 4 Yes
(PITR)

Max partition key size Each supported Region: No

2,048 Bytes

Max row size Each supported Region: 1 No

Megabytes

Max static data per logical partition Each supported Region: 1 No

Megabytes

Table-level read throughput quota Each supported Region: Yes

40,000

Table-level write throughput quota Each supported Region: Yes

40,000

Tables per region Each supported Region: 256 Yes

For more information, see Quotas for Amazon Keyspaces (for Apache Cassandra) in the Amazon
Keyspaces (for Apache Cassandra) Developer Guide.

AWS Key Management Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
422
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong kms-fi[Link] HTTPS
Kong)
kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Version 1.0
423
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Version 1.0
424
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)
kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São kms-fi[Link] HTTPS
Paulo)
kms-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) kms-fi[Link] HTTPS

kms-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Aliases per CMK Each supported Region: 50 Yes

CancelKeyDeletion request rate Each supported Region: 5 per Yes

second

ConnectCustomKeyStore request rate Each supported Region: 5 per Yes

second

CreateAlias request rate Each supported Region: 5 per Yes

second

CreateCustomKeyStore request rate Each supported Region: 5 per Yes

second

CreateGrant request rate Each supported Region: 50 Yes

per second

CreateKey request rate Each supported Region: 5 per Yes

second

Version 1.0
425
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Cryptographic operations (ECC) request rate Each supported Region: 300 Yes
per second

Cryptographic operations (RSA) request rate Each supported Region: 500 Yes
per second

Cryptographic operations (symmetric) request rate us-east-1: 50,000 per second Yes

us-east-2: 10,000 per second

us-west-2: 50,000 per second

ap-northeast-1: 10,000 per

second

ap-southeast-1: 10,000 per

second

ap-southeast-2: 10,000 per

second

eu-central-1: 10,000 per

second

eu-west-1: 50,000 per

second

eu-west-2: 10,000 per

second

Each of the other supported

Regions: 5,500 per second

Customer Master Keys (CMKs) Each supported Region: Yes

10,000

DeleteAlias request rate Each supported Region: 15 Yes

per second

DeleteCustomKeyStore request rate Each supported Region: 5 per Yes

second

DeleteImportedKeyMaterial request rate Each supported Region: 5 per Yes

second

DescribeCustomKeyStores request rate Each supported Region: 5 per Yes

second

DescribeKey request rate Each supported Region: Yes

2,000 per second

DisableKey request rate Each supported Region: 5 per Yes

second

DisableKeyRotation request rate Each supported Region: 5 per Yes

second

Version 1.0
426
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DisconnectCustomKeyStore request rate Each supported Region: 5 per Yes

second

EnableKey request rate Each supported Region: 5 per Yes

second

EnableKeyRotation request rate Each supported Region: 15 Yes

per second

GenerateDataKeyPair (ECC_NIST_P256) request rate Each supported Region: 25 Yes

per second

GenerateDataKeyPair (ECC_NIST_P384) request rate Each supported Region: 10 Yes

per second

GenerateDataKeyPair (ECC_NIST_P521) request rate Each supported Region: 5 per Yes

second

GenerateDataKeyPair (ECC_SECG_P256K1) request rate Each supported Region: 25 Yes

per second

GenerateDataKeyPair (RSA_2048) request rate Each supported Region: 1 per Yes

second

GenerateDataKeyPair (RSA_3072) request rate Each supported Region: 0.5 Yes

per second

GenerateDataKeyPair (RSA_4096) request rate Each supported Region: 0.1 Yes

per second

GetKeyPolicy request rate Each supported Region: Yes

1,000 per second

GetKeyRotationStatus request rate Each supported Region: Yes

1,000 per second

GetParametersForImport request rate Each supported Region: 0.25 Yes

per second

GetPublicKey request rate Each supported Region: Yes

2,000 per second

Grants per CMK Each supported Region: Yes

50,000

ImportKeyMaterial request rate Each supported Region: 5 per Yes

second

Key policy document size Each supported Region: Yes

32,768 Bytes

ListAliases request rate Each supported Region: 500 Yes

per second

ListGrants request rate Each supported Region: 100 Yes

per second

ListKeyPolicies request rate Each supported Region: 100 Yes

per second

Version 1.0
427
 AWS General Reference Reference guide
Kinesis Data Analytics

Name Default Adjustable

ListKeys request rate Each supported Region: 500 Yes

per second

ListResourceTags request rate Each supported Region: Yes

2,000 per second

ListRetirableGrants request rate Each supported Region: 100 Yes

per second

PutKeyPolicy request rate Each supported Region: 15 Yes

per second

ReplicateKey request rate Each supported Region: 5 per Yes

second

RetireGrant request rate Each supported Region: 30 Yes

per second

RevokeGrant request rate Each supported Region: 30 Yes

per second

ScheduleKeyDeletion request rate Each supported Region: 15 Yes

per second

TagResource request rate Each supported Region: 10 Yes

per second

UntagResource request rate Each supported Region: 5 per Yes

second

UpdateAlias request rate Each supported Region: 5 per Yes

second

UpdateCustomKeyStore request rate Each supported Region: 5 per Yes

second

UpdateKeyDescription request rate Each supported Region: 5 per Yes

second

UpdatePrimaryRegion request rate Each supported Region: 5 per Yes

second

Amazon Kinesis Data Analytics endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
428
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
429
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
Name Default Adjustable

Apache Flink Kinesis Processing Units (KPUs) Each supported Region: 32 Yes

Application count Each supported Region: 50 Yes

Input Parallelism in input streams for SQL applications Each supported Region: 64 No

Kinesis Processing Units (KPUs) Each supported Region: 8 Yes

SQL Kinesis Processing Units (KPUs) Each supported Region: 8 Yes

For more information, see Quotas in the Amazon Kinesis Data Analytics for Apache Flink Developer Guide.

Amazon Kinesis Data Firehose endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
430
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 fi[Link] HTTPS

(Ohio)
firehose-fi[Link] HTTPS

US East (N. us-east-1 fi[Link] HTTPS

Virginia)
firehose-fi[Link] HTTPS

US us-west-1 fi[Link] HTTPS

West (N.
California) firehose-fi[Link] HTTPS

US West us-west-2 fi[Link] HTTPS

(Oregon)
firehose-fi[Link] HTTPS

Africa af-south-1 fi[Link] HTTPS

(Cape
Town)

Asia ap-east-1 fi[Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- fi[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- fi[Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- fi[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- fi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- fi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- fi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
431
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- fi[Link] HTTPS

(Central) central-1

Europe eu- fi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 fi[Link] HTTPS

(Ireland)

Europe eu-west-2 fi[Link] HTTPS

(London)

Europe eu- fi[Link] HTTPS

(Milan) south-1

Europe eu-west-3 fi[Link] HTTPS

(Paris)

Europe eu-north-1 fi[Link] HTTPS

(Stockholm)

Middle me- fi[Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 fi[Link] HTTPS

America
(São
Paulo)

AWS us-gov- fi[Link] HTTPS

GovCloud east-1
(US-East) firehose-fi[Link] HTTPS

AWS us-gov- fi[Link] HTTPS

GovCloud west-1
(US-West) firehose-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Delivery streams Each supported Region: 50 Yes

Rate of CreateDeliveryStream requests Each supported Region: 5 No

Rate of DeleteDeliveryStream requests Each supported Region: 5 No

Rate of DescribeDeliveryStream requests Each supported Region: 5 No

Rate of ListDeliveryStream requests Each supported Region: 5 No

Rate of ListTagsForDeliveryStream requests Each supported Region: 5 No

Rate of Put requests us-east-1: 2,000 No

Version 1.0
432
 AWS General Reference Reference guide
Kinesis Data Streams

Name Default Adjustable

us-west-2: 2,000

eu-west-1: 2,000

Each of the other supported

Regions: 1,000

Rate of StartDeliveryStreamEncryption requests Each supported Region: 5 No

Rate of StopDeliveryStreamEncryption requests Each supported Region: 5 No

Rate of TagDeliveryStream requests Each supported Region: 5 No

Rate of UntagDeliveryStream requests Each supported Region: 5 No

Rate of UpdateDestination requests Each supported Region: 5 No

Rate of data us-east-1: 5 No

us-west-2: 5

eu-west-1: 5

Each of the other supported

Regions: 1

Rate of records us-east-1: 500,000 No

us-west-2: 500,000

eu-west-1: 500,000

Each of the other supported

Regions: 100,000

For more information, see Amazon Kinesis Data Firehose Quotas in the Amazon Kinesis Data Firehose
Developer Guide.

Amazon Kinesis Data Streams endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
433
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
kinesis-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
kinesis-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) kinesis-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
kinesis-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
434
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Shards per Region us-east-1: 500 Yes

us-west-2: 500

eu-west-1: 500

Each of the other supported

Regions: 200

For more information, see Amazon Kinesis Data Streams Quotas in the Amazon Kinesis Data Streams
Developer Guide.

Version 1.0
435
 AWS General Reference Reference guide
Kinesis Video Streams

Amazon Kinesis Video Streams endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
436
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

ConnectAsMaster GO_AWAY message grace period Each supported Region: 60 No

Seconds

ConnectAsMaster connection duration Each supported Region: No

3,600 Seconds

ConnectAsMaster connections per signaling channel Each supported Region: 1 No

ConnectAsMaster idle connection timeout Each supported Region: 600 No

Seconds

ConnectAsViewer GO_AWAY message grace period Each supported Region: 60 No

Seconds

ConnectAsViewer connection duration Each supported Region: No

3,600 Seconds

ConnectAsViewer connections per signaling channel Each supported Region: 10 Yes

ConnectAsViewer idle connection timeout Each supported Region: 600 No

Seconds

GetClip file size Each supported Region: 100 No

Megabytes

GetClip fragments Each supported Region: 200 No

GetDASHManifestPlaylist fragments Each supported Region: No

5,000

GetHLSMediaPlaylist fragments Each supported Region: No

5,000

GetMedia bandwidth Each supported Region: 200 Yes

Megabits per second

GetMedia concurrent connections per stream Each supported Region: 3 Yes

GetMediaForFragmentList bandwidth Each supported Region: 200 Yes

Megabits per second

Version 1.0
437
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

GetMediaForFragmentList connections per stream Each supported Region: 5 No

GetMediaForFragmentList fragments Each supported Region: No

1,000

Number of signaling channels us-east-1: 10,000 Yes

us-west-2: 10,000

Each of the other supported

Regions: 5,000

Number of video streams us-east-1: 10,000 Yes

us-west-2: 10,000

Each of the other supported

Regions: 5,000

PutMedia bandwidth Each supported Region: 100 Yes

Megabits per second

PutMedia concurrent connections per stream Each supported Region: 1 No

PutMedia fragment duration Each supported Region: 10 Yes

Seconds

PutMedia fragment size Each supported Region: 50 No

Megabytes

PutMedia minimum fragment duration Each supported Region: 1 No

Seconds

PutMedia tracks Each supported Region: 3 No

Rate of ConnectAsMasterAPI requests per signaling channel Each supported Region: 3 per No
second

Rate of ConnectAsViewerAPI requests per signaling channel Each supported Region: 3 per No
second

Rate of CreateSignalingChannelAPI requests Each supported Region: 50 Yes

per second

Rate of CreateStreamAPI requests Each supported Region: 50 Yes

per second

Rate of DeleteSignalingChannelAPI requests Each supported Region: 50 Yes

per second

Rate of DeleteSignalingChannelAPI requests per signaling Each supported Region: 5 per Yes
channel second

Rate of DeleteStreamAPI requests Each supported Region: 50 Yes

per second

Rate of DeleteStreamAPI requests per stream Each supported Region: 5 per Yes
second

Version 1.0
438
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of DescribeSignalingChannelAPI requests Each supported Region: 300 Yes

per second

Rate of DescribeSignalingChannelAPI requests per signaling Each supported Region: 5 per Yes
channel second

Rate of DescribeStreamAPI requests Each supported Region: 300 Yes

per second

Rate of DescribeStreamAPI requests per stream Each supported Region: 5 per Yes
second

Rate of GetDASHManifestPlaylistAPI requests per session Each supported Region: 5 per Yes
second

Rate of GetDASHStreamingSessionURLAPI requests per Each supported Region: 25 Yes

stream per second

Rate of GetDataEndpointAPI requests Each supported Region: 300 Yes

per second

Rate of GetDataEndpointAPI requests per stream Each supported Region: 5 per Yes
second

Rate of GetHLSMasterPlaylistAPI requests per session Each supported Region: 5 per Yes
second

Rate of GetHLSMediaPlaylistAPI requests per session Each supported Region: 5 per Yes
second

Rate of GetHLSStreamingSessionURLAPI requests per stream Each supported Region: 25 Yes

per second

Rate of GetICEServerConfigAPI requests per signaling Each supported Region: 5 per No

channel second

Rate of GetMP4InitFragmentAPI requests per session Each supported Region: 5 per Yes
second

Rate of GetMP4MediaFragmentAPI requests per session Each supported Region: 20 Yes

per second

Rate of GetMediaAPI requests per stream Each supported Region: 5 per Yes
second

Rate of GetSignalingChannelEndpointAPI requests Each supported Region: 300 Yes

per second

Rate of GetSignalingChannelEndpointAPI requests per Each supported Region: 5 per Yes

signaling channel second

Rate of GetTSFragmentAPI requests per session Each supported Region: 20 Yes

per second

Rate of ListSignalingChannelsAPI requests Each supported Region: 50 Yes

per second

Rate of ListStreamsAPI requests Each supported Region: 50 Yes

per second

Version 1.0
439
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Rate of ListTagsForResourceAPI requests Each supported Region: 50 Yes

per second

Rate of ListTagsForResourceAPI requests per resource Each supported Region: 5 per Yes
second

Rate of ListTagsForStreamAPI requests Each supported Region: 50 Yes

per second

Rate of ListTagsForStreamAPI requests per stream Each supported Region: 5 per Yes
second

Rate of PutMediaAPI requests per stream Each supported Region: 5 per Yes
second

Rate of SendAlexaOfferToMasterAPI requests per signaling Each supported Region: 5 per No

channel second

Rate of SendICECandidateAPI requests per websocket Each supported Region: 20 No

connection per second

Rate of SendSDPAnswerAPI requests per websocket Each supported Region: 5 per No

connection second

Rate of SendSDPOfferAPI requests per websocket Each supported Region: 5 per No

connection second

Rate of TagResourceAPI requests Each supported Region: 50 Yes

per second

Rate of TagResourceAPI requests per resource Each supported Region: 5 per Yes
second

Rate of TagStreamAPI requests Each supported Region: 50 Yes

per second

Rate of TagStreamAPI requests per stream Each supported Region: 5 per Yes
second

Rate of UntagResourceAPI requests Each supported Region: 50 Yes

per second

Rate of UntagResourceAPI requests per resource Each supported Region: 5 per Yes
second

Rate of UntagStreamAPI requests Each supported Region: 50 Yes

per second

Rate of UntagStreamAPI requests per stream Each supported Region: 5 per Yes
second

Rate of UpdateDataRetentionAPI requests Each supported Region: 50 Yes

per second

Rate of UpdateDataRetentionAPI requests per stream Each supported Region: 5 per Yes
second

Rate of UpdateSignalingChannelAPI requests Each supported Region: 50 Yes

per second

Version 1.0
440
 AWS General Reference Reference guide
Lake Formation

Name Default Adjustable

Rate of UpdateSignalingChannelAPI requests per signaling Each supported Region: 5 per Yes
channel second

Rate of UpdateStreamAPI requests Each supported Region: 50 Yes

per second

Rate of UpdateStreamAPI requests per stream Each supported Region: 5 per Yes
second

Rate of archived fragment media per stream Each supported Region: 500 Yes
per second

Rate of archived fragment metadata per stream Each supported Region: Yes
10,000 per second

SendICECandidate message payload size Each supported Region: 10 No

Kilobytes

SendSDPAnswer message payload size Each supported Region: 10 No

Kilobytes

SendSDPOffer message payload size Each supported Region: 10 No

Kilobytes

TURN session bandwidth Each supported Region: 5 No

Megabits per second

TURN session concurrent allocations per signaling channel Each supported Region: 50 No

TURN session expiration Each supported Region: 300 No

Seconds

For more information, see Kinesis Video Streams quotas in the Amazon Kinesis Video Streams Developer
Guide.

AWS Lake Formation endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
lakeformation-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
441
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
lakeformation-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) lakeformation-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
lakeformation-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Version 1.0
442
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) lakeformation-fi[Link]-gov- HTTPS
[Link]

Service quotas
Name Default Adjustable

Length of a path that can be registered Each supported Region: 700 Yes

Number of cross-account grants Each supported Region: Yes

1,600

Number of data lake administrators Each supported Region: 10 Yes

Number of registered paths Each supported Region: Yes

10,000

Number of subfolders in an Amazon S3 path Each supported Region: 20 Yes

AWS Lambda endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

Version 1.0
443
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
lambda-fi[Link] HTTPS

[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
lambda-fi[Link] HTTPS

[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) lambda-fi[Link] HTTPS

[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
lambda-fi[Link] HTTPS

[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) [Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong [Link] HTTPS
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link] HTTPS

Version 1.0
444
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1
[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) [Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São [Link] HTTPS
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) lambda-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) lambda-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Asynchronous payload Each supported Region: 256 No

Kilobytes

Burst concurrency us-east-1: 3,000 No

us-east-2: 1,000

Version 1.0
445
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

us-west-2: 3,000

ap-northeast-1: 1,000

eu-central-1: 1,000

eu-west-1: 3,000

Each of the other supported

Regions: 500

Concurrent executions Each supported Region: Yes

1,000

Deployment package size (console editor) Each supported Region: 3 No

Megabytes

Deployment package size (direct upload) Each supported Region: 50 No

Megabytes

Deployment package size (unzipped) Each supported Region: 250 No

Megabytes

Elastic network interfaces per VPC Each supported Region: 250 Yes

Environment variable size Each supported Region: 4 No

Kilobytes

File descriptors Each supported Region: No

1,024

Function and layer storage Each supported Region: 75 Yes

Gigabytes

Function layers Each supported Region: 5 No

Function memory maximum Each supported Region: No

10,240 Megabytes

Function memory minimum Each supported Region: 128 No

Megabytes

Function resource-based policy Each supported Region: 20 No

Kilobytes

Function timeout Each supported Region: 900 No

Processes and threads Each supported Region: No

1,024

Rate of GetFunction API requests Each supported Region: 100 No

Rate of GetPolicy API requests Each supported Region: 15 No

Rate of control plane API requests (excludes invocation, Each supported Region: 15 No
GetFunction, and GetPolicy requests)

Synchronous payload Each supported Region: 6 No

Megabytes

Version 1.0
446
 AWS General Reference Reference guide
AWS Launch Wizard

Name Default Adjustable

Temporary storage Each supported Region: 512 No

Megabytes

Test events (console editor) Each supported Region: 10 No

For more information, see Lambda quotas in the AWS Lambda Developer Guide.

AWS Launch Wizard endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Version 1.0
447
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East)

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

Version 1.0
448
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Active applications Each supported Region: 25 Yes

Application name length Each supported Region: 10 No

Applications Each supported Region: 150 Yes

Parallel deployments Each supported Region: 3 No

Amazon Lex endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

V2 service endpoints
Model building endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
449
 AWS General Reference Reference guide
V2 service endpoints

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Runtime endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
450
 AWS General Reference Reference guide
V1 service endpoints

V1 service endpoints
Model building endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
models-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
models-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) models-fi[Link] HTTPS

Runtime endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
runtime-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
runtime-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
451
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) runtime-fi[Link] HTTPS

Service quotas
Name Default Adjustable

Bot channel associations per bot alias (V2) Each supported Region: 10 No

Bots per account (V2) Each supported Region: 100 Yes

Characters per custom slot type value (V2) Each supported Region: 500 No

Characters per sample utterance (V2) Each supported Region: 500 No

Custom slot type values and synonyms per bot locale (V2) Each supported Region: No
50,000

Custom slot types per bot locale (V2) Each supported Region: 100 No

Sample utterances per intent (V2) Each supported Region: Yes

1,500

Sample utterances per slot (V2) Each supported Region: 10 Yes

Slots per bot locale (V2) Each supported Region: No

2,000

Slots per intent (V2) Each supported Region: 100 No

Total characters in sample utterances per bot locale (V2) Each supported Region: No
200,000

Values and synonyms per custom slot type (V2) Each supported Region: No
10,000

Versions per bot (V2) Each supported Region: 100 No

Version 1.0
452
 AWS General Reference Reference guide
License Manager

AWS License Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
license-manager-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
license-manager-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) license-manager-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
license-manager-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
453
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) license-manager-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) license-manager-fi[Link]-gov- HTTPS
[Link]

Service quotas
Name Default Adjustable

Extend license consumption per consumption token Each supported Region: 1 No

GetAccessTokens calls Each supported Region: 10 No

License configuration associations per resource Each supported Region: 10 Yes

License configurations Each supported Region: 25 Yes

Version 1.0
454
 AWS General Reference Reference guide
Lightsail

Name Default Adjustable

License conversion tasks per resource per day Each supported Region: 5 Yes

Maximum number of concurrent organization grant activities Each supported Region: 10 No

Number of Report generators Each supported Region: 25 No

Number of account discovery mode updates per day Each supported Region: 1 No

Number of grants per license Each supported Region: No

2,000

Number of licenses you can create Each supported Region: No

2,000

Number of received licenses per product Each supported Region: 10 No

Number of tokens per account and license Each supported Region: 10 No

Number of updates for a report generator per day Each supported Region: 25 No

Total number counted entitlements per checkout Each supported Region: 5 No

Total number counted entitlements per license Each supported Region: 25 No

Total number uncounted entitlements per license Each supported Region: 25 No

Amazon Lightsail endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
455
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Service quotas
New AWS accounts might start with quotas that are lower than those described here.

Name Default Adjustable

Allowed cookies per cache behavior for a distribution Each supported Region: 10 No

Allowed headers per cache behavior for a distribution Each supported Region: 10 No

Allowed query strings per cache behavior for a distribution Each supported Region: 10 No

Block storage disks per instance Each supported Region: 15 No

Container service certificates Each supported Region: 4 No

Container service custom domains Each supported Region: 4 No

Container service deployment containers Each supported Region: 10 No

Container service deployment versions Each supported Region: 50 No

Container service logs storage days Each supported Region: 4 No

Container service nodes Each supported Region: 20 No

Version 1.0
456
 AWS General Reference Reference guide
Amazon Location Service

Name Default Adjustable

Container service stored container images Each supported Region: 150 No

Container services Each supported Region: 100 No

Custom domain names per distribution Each supported Region: 10 No

DNS zones (or domains) Each supported Region: 3 No

Data transfer rate per distribution Each supported Region: 150 No

Databases Each supported Region: 40 No

Default behaviors (default cache behavior) per distribution Each supported Region: 1 No

Directory and file overrides per distribution Each supported Region: 25 No

Distributions Each supported Region: 20 No

Instances Each supported Region: 20 Yes

Load balancers Each supported Region: 5 No

Maximum active certificates Each supported Region: 10 No

Maximum block storage disk space Each supported Region: No

16,000 Gigabytes

Maximum certificates Each supported Region: 20 No

Minimum block storage disk space Each supported Region: 8 No

Gigabytes

Origins per distribution Each supported Region: 1 No

Parallel RDP connections using the browser-based RDP client Each supported Region: 1 No

Parallel SSH connections using the browser-based SSH client Each supported Region: 5 No

Response timeout per origin for a distribution Each supported Region: 60 No

Seconds

Static IP addresses Each supported Region: 5 Yes

Tags Each supported Region: 50 No

Total attached block storage disk space Each supported Region: No

20,000 Gigabytes

Amazon Location Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
457
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Amazon Location is available in the following AWS Regions:

Region name Region code

Asia Pacific (Tokyo) ap-northeast-1

Asia Pacific (Singapore) ap-southeast-1

Asia Pacific (Sydney) ap-southeast-2

Europe (Frankfurt) eu-central-1

Europe (Ireland) eu-west-1

Europe (Stockholm) eu-north-1

US East (N. Virginia) us-east-1

US East (Ohio) us-east-2

US West (Oregon) us-west-2

The general syntax for an Amazon Location regional endpoint is as follows:

protocol://[Link]

Within this syntax, Amazon Location uses the following service codes:

Service Service code

Amazon Location Maps maps

Amazon Location Places places

Amazon Location Routes routes

Amazon Location Geofences geofencing

Amazon Location Trackers tracking

For example, the regional endpoint for Amazon Location Maps for US East (N. Virginia) is:
[Link]

Service quotas
Name Default Adjustable

Geofence Collection resources per account Each supported Region: Yes

1,000

Geofences per Geofence Collection Each supported Region: Yes

50,000

Version 1.0
458
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Map resources per account Each supported Region: 20 Yes

Place Index resources per account Each supported Region: 20 Yes

Rate of AssociateTrackerConsumer API requests Each supported Region: 10 Yes

Rate of BatchDeleteDevicePositionHistory API requests Each supported Region: 50 Yes

Rate of BatchDeleteGeofence API requests Each supported Region: 50 Yes

Rate of BatchEvaluateGeofences API requests Each supported Region: 50 Yes

Rate of BatchGetDevicePosition API requests Each supported Region: 50 Yes

Rate of BatchPutGeofence API requests Each supported Region: 50 Yes

Rate of BatchUpdateDevicePosition API requests Each supported Region: 50 Yes

Rate of CalculateRoute API requests Each supported Region: 10 Yes

Rate of CalculateRouteMatrix API requests Each supported Region: 5 Yes

Rate of CreateGeofenceCollection API requests Each supported Region: 10 Yes

Rate of CreateMap API requests Each supported Region: 10 Yes

Rate of CreatePlaceIndex API requests Each supported Region: 10 Yes

Rate of CreateRouteCalculator API requests Each supported Region: 10 Yes

Rate of CreateTracker API requests Each supported Region: 10 Yes

Rate of DeleteGeofenceCollection API requests Each supported Region: 10 Yes

Rate of DeleteMap API requests Each supported Region: 10 Yes

Rate of DeletePlaceIndex API requests Each supported Region: 10 Yes

Rate of DeleteRouteCalculator API requests Each supported Region: 10 Yes

Rate of DeleteTracker API requests Each supported Region: 10 Yes

Rate of DescribeGeofenceCollection API requests Each supported Region: 10 Yes

Rate of DescribeMap API requests Each supported Region: 10 Yes

Rate of DescribePlaceIndex API requests Each supported Region: 10 Yes

Rate of DescribeRouteCalculator API requests Each supported Region: 10 Yes

Rate of DescribeTracker API requests Each supported Region: 10 Yes

Rate of DisassociateTrackerConsumer API requests Each supported Region: 10 Yes

Rate of GetDevicePosition API requests Each supported Region: 50 Yes

Rate of GetDevicePositionHistory API requests Each supported Region: 50 Yes

Rate of GetGeofence API requests Each supported Region: 50 Yes

Rate of GetMapGlyphs API requests Each supported Region: 50 Yes

Version 1.0
459
 AWS General Reference Reference guide
Lookout for Equipment

Name Default Adjustable

Rate of GetMapSprites API requests Each supported Region: 50 Yes

Rate of GetMapStyleDescriptor API requests Each supported Region: 50 Yes

Rate of GetMapTile API requests Each supported Region: 500 Yes

Rate of ListDevicePositions API requests Each supported Region: 50 Yes

Rate of ListGeofenceCollections API requests Each supported Region: 10 Yes

Rate of ListGeofences API requests Each supported Region: 50 Yes

Rate of ListMaps API requests Each supported Region: 10 Yes

Rate of ListPlaceIndexes API requests Each supported Region: 10 Yes

Rate of ListRouteCalculators API requests Each supported Region: 10 Yes

Rate of ListTagsForResource API requests Each supported Region: 10 Yes

Rate of ListTrackerConsumers API requests Each supported Region: 10 Yes

Rate of ListTrackers API requests Each supported Region: 10 Yes

Rate of PutGeofence API requests Each supported Region: 50 Yes

Rate of SearchPlaceIndexForPosition API requests Each supported Region: 50 Yes

Rate of SearchPlaceIndexForText API requests Each supported Region: 50 Yes

Rate of TagResource API requests Each supported Region: 10 Yes

Rate of UntagResource API requests Each supported Region: 10 Yes

Route Calculator resources per account Each supported Region: 20 Yes

Tracker consumers per tracker Each supported Region: 5 Yes

Tracker resources per account Each supported Region: 100 Yes

For more information, see Amazon Location Service Quotas in the Amazon Location Service Developer
Guide.

Amazon Lookout for Equipment endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
460
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
Name Default Adjustable

Components per dataset Each supported Region: No

3,000

Datasets Each supported Region: 15 Yes

Inference schedulers per model Each supported Region: 1 No

Length of component name Each supported Region: 200 No

Models Each supported Region: 15 Yes

Number of columns across components in training data Each supported Region: 300 No
(excluding timestamp)

Number of columns across components per dataset Each supported Region: No

(excluding timestamp) 3,000

Number of components in training data Each supported Region: 300 No

Number of files per component (per dataset) Each supported Region: No

1,000

Number of files per component (per inference execution) Each supported Region: 60 No

Number of rows in evaluation data (after resampling) Each supported Region: No

1,500,000

Number of rows in inference input data, after resampling (1- Each supported Region: No
hour scheduling frequency) 3,600

Number of rows in inference input data, after resampling Each supported Region: 600 No
(10-min scheduling frequency)

Number of rows in inference input data, after resampling Each supported Region: 900 No
(15-min scheduling frequency)

Number of rows in inference input data, after resampling Each supported Region: No
(30-min scheduling frequency) 1,800

Version 1.0
461
 AWS General Reference Reference guide
Lookout for Metrics

Name Default Adjustable

Number of rows in inference input data, after resampling (5- Each supported Region: 300 No
min scheduling frequency)

Number of rows in training data (after resampling) Each supported Region: No

1,500,000

Pending data ingestion jobs Each supported Region: 5 Yes

Pending models Each supported Region: 5 Yes

Size of raw data in inference input data (1-hour scheduling Each supported Region: 60 No
frequency) Megabytes

Size of raw data in inference input data (10-min scheduling Each supported Region: 10 No
frequency) Megabytes

Size of raw data in inference input data (15-min scheduling Each supported Region: 15 No
frequency) Megabytes

Size of raw data in inference input data (30-min scheduling Each supported Region: 30 No
frequency) Megabytes

Size of raw data in inference input data (5-min scheduling Each supported Region: 5 No
frequency) Megabytes

Size per dataset Each supported Region: 50 No

Gigabytes

Size per file Each supported Region: 5 No

Gigabytes

Timespan of training data Each supported Region: 180 No

per day

Amazon Lookout for Metrics endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
462
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Service quotas
Name Default Adjustable

Alerts Each supported Region: 10 Yes

Data size for historical data (backtest mode) Each supported Region: No
102,400

Data size for historical data (continuous mode) Each supported Region: No
102,400

Data size per interval (10m) Each supported Region: 200 No

Megabytes

Data size per interval (1d) Each supported Region: 200 No

Megabytes

Data size per interval (1h) Each supported Region: 200 No

Megabytes

Data size per interval (5m) Each supported Region: 200 No

Megabytes

Datasets per detector Each supported Region: 1 No

Datasources per dataset Each supported Region: 1 No

Detectors Each supported Region: 10 Yes

Dimensions per dataset Each supported Region: 5 No

Files in historical data Each supported Region: No

3,000

Version 1.0
463
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Files per interval (10m) Each supported Region: 5 Yes

Files per interval (1d) Each supported Region: 10 Yes

Files per interval (1h) Each supported Region: 10 Yes

Files per interval (5m) Each supported Region: 5 Yes

Intervals in historical data (backtest mode) Each supported Region: No

3,000

Intervals in historical data (continuous mode) Each supported Region: No

2,500

Measures per dataset Each supported Region: 5 No

Records per interval (10m) Each supported Region: Yes

24,000

Records per interval (1d) Each supported Region: Yes

150,000

Records per interval (1h) Each supported Region: Yes

150,000

Records per interval (5m) Each supported Region: Yes

15,000

Throttle rate Each supported Region: 10 Yes

Throttle rate (ActivateAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (BackTestAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (CreateAlert) Each supported Region: 1 Yes

Throttle rate (CreateAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (CreateMetricSet) Each supported Region: 1 Yes

Throttle rate (DeactivateAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (DeleteAlert) Each supported Region: 1 Yes

Throttle rate (DeleteAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (DescribeAlert) Each supported Region: 2 Yes

Throttle rate (DescribeAnomalyDetectionExecutions) Each supported Region: 2 Yes

Throttle rate (DescribeAnomalyDetector) Each supported Region: 2 Yes

Throttle rate (DescribeMetricSet) Each supported Region: 2 Yes

Throttle rate (GetAnomalyGroup) Each supported Region: 2 Yes

Throttle rate (GetDataQualityMetrics) Each supported Region: 2 Yes

Throttle rate (GetFeedback) Each supported Region: 2 Yes

Throttle rate (GetSampleData) Each supported Region: 2 Yes

Version 1.0
464
 AWS General Reference Reference guide
Lookout for Vision

Name Default Adjustable

Throttle rate (ListAlerts) Each supported Region: 2 Yes

Throttle rate (ListAnomalyDetectors) Each supported Region: 2 Yes

Throttle rate (ListAnomalyGroupRelatedMetrics) Each supported Region: 2 Yes

Throttle rate (ListAnomalyGroupSummaries) Each supported Region: 2 Yes

Throttle rate (ListAnomalyGroupTimeSeries) Each supported Region: 2 Yes

Throttle rate (ListMetricSets) Each supported Region: 2 Yes

Throttle rate (ListTagsForResource) Each supported Region: 1 Yes

Throttle rate (PutFeedback) Each supported Region: 1 Yes

Throttle rate (TagResource) Each supported Region: 1 Yes

Throttle rate (UntagResource) Each supported Region: 1 Yes

Throttle rate (UpdateAnomalyDetector) Each supported Region: 1 Yes

Throttle rate (UpdateMetricSet) Each supported Region: 1 Yes

Time series per interval (10m) Each supported Region: No

10,000

Time series per interval (1d) Each supported Region: No

50,000

Time series per interval (1h) Each supported Region: No

50,000

Time series per interval (5m) Each supported Region: No

5,000

Value length Each supported Region: 40 Yes

Bytes

Amazon Lookout for Vision endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

Version 1.0
465
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Resource Default

Transactions per second per account for individual data plane • Each supported Regions: 10
operations:

• DetectAnomalies

Transactions per second per account for individual control plane Each supported Region: 5
operations:

• CreateDataset
• CreateModel
• CreateProject
• DeleteDataset
• DeleteModel
• DeleteProject
• DescribeDataset
• DescribeModel
• DescribeProject
• ListDatasetEntries
• ListModels
• ListProjects
• StartModel
• StopModel
• UpdateDatasetEntries

Maximum number of projects per account. 100

Version 1.0
466
 AWS General Reference Reference guide
Macie

Resource Default

Maximum number of models per project. 100

Maximum number of concurrent training jobs per account. 2

Maximum number of concurrently running models per account. 2

Maximum number of concurrently running trial detections per 2

account.

Maximum inference units per started model. 5

For more information, see Quotas in Amazon Lookout for Vision.

Amazon Macie endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Macie

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
macie2-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
macie2-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) macie2-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
macie2-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
467
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
468
 AWS General Reference Reference guide
Service quotas

Amazon Macie Classic

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
macie-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
macie-fi[Link] HTTPS

Service quotas
Amazon Macie

Name Default Adjustable

Data classification per month per account Each supported Region: 5 Yes
Terabytes

For information about Amazon Macie quotas, see Amazon Macie Quotas in the Amazon Macie User Guide.

Amazon Macie Classic

Name Default Adjustable

Macie member accounts Each supported Region: 10 Yes

Macie-integrated S3 buckets/prefixes Each supported Region: 250 No

Rate of data classification Each supported Region: 3 Yes

Terabytes

AWS Mainframe Migration endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

Version 1.0
469
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

South America (São sa-east-1 [Link]- HTTPS

Paulo) [Link]

Service quotas

Name Default Adjustable

Number of runtime 2 No
environments

Number of Amazon EC2 2 No

instances per high availability
cluster

Number of applications per 5 No

environment

Number of workloads for Micro 1 No

Focus Enterprise Analyzer

Number of workloads for Micro 1 No

Focus Enterprise Developer

Number of Amazon EFS 1 No

file systems per runtime
environment

Number of Amazon FSx 1 No

file systems per runtime
environment

Instance sizes for runtime [Link], M2,[Link] No

environments

Amazon Machine Learning endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
470
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas

Name Default Adjustable

Batch prediction input records Each supported Region: Yes

100,000,000

Batch prediction input size Each supported Region: 1 Yes

Terabytes

Classes for multiclass ML models Each supported Region: 100 Yes

Job runtime Each supported Region: 7 No

ML model size Each supported Region: 2 No

Gigabytes

Observation size Each supported Region: 100 Yes

Kilobytes

Rate of real-time prediction requests per endpoint Each supported Region: 200 Yes

Recipe complexity Each supported Region: Yes

10,000

Simultaneous jobs Each supported Region: 25 Yes

Tags per object Each supported Region: 50 No

Total RAM for all real-time prediction endpoints Each supported Region: 10 Yes
Gigabytes

Total rate of all real-time prediction requests Each supported Region: Yes
10,000

Training data size Each supported Region: 100 Yes

Gigabytes

Variables per data file Each supported Region: Yes

1,000

For more information, see Amazon ML Quotas in the Amazon Machine Learning Developer Guide.

Version 1.0
471
 AWS General Reference Reference guide
Managed Blockchain

Amazon Managed Blockchain endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Number of Hyperledger Fabric channels per Standard Edition Each supported Region: 8 Yes
network

Number of Hyperledger Fabric channels per Starter Edition Each supported Region: 8 Yes
network

Number of Standard Edition networks in which an AWS Each supported Region: 6 Yes
account can have a member

Number of starter Edition networks in which an AWS Each supported Region: 6 Yes
account can have a member

Version 1.0
472
 AWS General Reference Reference guide
AWS Management Console

For information about attributes of Starter Edition and Standard Edition networks, such as the number
of members per network, peer nodes per member, available instance types, and more, see Amazon
Managed Blockchain Pricing.

AWS Management Console service endpoints

AWS Management Console has Regional endpoints that allow you to directly access the console in a
given AWS Region. The general syntax of a Regional endpoint is as follows:

[Link]

For example, [Link] is the endpoint for the AWS

Management Console service in the US West (Oregon) Region.

The table below lists the name, code, and endpoint of each AWS Region.

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West (N. us-west-1 [Link] HTTPS

California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa (Cape af-south-1 [Link] HTTPS

Town)

Asia Pacific ap-east-1 [Link] HTTPS

(Hong Kong)

Asia Pacific ap- [Link] HTTPS

(Jakarta) southeast-3

Asia Pacific ap-south-1 [Link] HTTPS

(Mumbai)

Asia Pacific ap- [Link] HTTPS

(Osaka) northeast-3

Asia Pacific ap- [Link] HTTPS

(Seoul) northeast-2

Asia Pacific ap- [Link] HTTPS

(Singapore) southeast-1

Asia Pacific ap- [Link] HTTPS

(Sydney) southeast-2

Version 1.0
473
 AWS General Reference Reference guide
Amazon MWAA

Region Region Endpoint Protocol

Name

Asia Pacific ap- [Link] HTTPS

(Tokyo) northeast-1

Canada ca-central-1 [Link] HTTPS

(Central)

Europe eu-central-1 [Link] HTTPS

(Frankfurt)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-south-1 [Link] HTTPS

(Milan)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle East me-south-1 [Link] HTTPS

(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Amazon Managed Workflows for Apache Airflow

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
474
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 airfl[Link] HTTPS

(Ohio)

US East (N. us-east-1 airfl[Link] HTTPS

Virginia)

US West us-west-2 airfl[Link] HTTPS

(Oregon)

Asia ap- airfl[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- airfl[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- airfl[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- airfl[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- airfl[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- airfl[Link] HTTPS

(Central) central-1

Europe eu- airfl[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 airfl[Link] HTTPS

(Ireland)

Europe eu-west-2 airfl[Link] HTTPS

(London)

Europe eu-west-3 airfl[Link] HTTPS

(Paris)

Europe eu-north-1 airfl[Link] HTTPS

(Stockholm)

South sa-east-1 airfl[Link] HTTPS

America
(São
Paulo)

Version 1.0
475
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Environments per account per Region Each supported Region: 10 Yes

Workers per environment Each supported Region: 25 Yes

AWS Marketplace endpoints and quotas

AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy,
and manage third-party software and services that customers need to build solutions and run their
businesses.

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The AWS Marketplace website is available globally. The AWS Marketplace console is available in the
US East (N. Virginia) Region. The product vendor determines the Regions in which their products are
available.

AWS Marketplace Commerce Analytics

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link]- HTTPS

Virginia) [Link]

AWS Marketplace Entitlement Service

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link]- HTTPS

Virginia) [Link]

AWS Marketplace Metering Service

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

Version 1.0
476
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link]- HTTPS

Pacific southeast-3 [Link]
(Jakarta)

Asia ap- [Link]- HTTPS

Pacific south-1 [Link]
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-3 [Link]
(Osaka)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link]- HTTPS

(Central) central-1 [Link]

Europe eu- [Link]- HTTPS

(Frankfurt) central-1 [Link]

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
477
 AWS General Reference Reference guide
Mechanical Turk

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link]- HTTPS

(Milan) south-1 [Link]

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link]- HTTPS

(Stockholm) [Link]

Middle me- [Link]- HTTPS

East south-1 [Link]
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link]-gov- HTTPS

GovCloud east-1 [Link]
(US-East)

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West)

Amazon Mechanical Turk endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Endpoint Protocol

Sandbox endpoint [Link] HTTPS

for Amazon
Mechanical Turk
actions.

Production [Link] HTTPS

endpoint for
Amazon Mechanical
Turk actions.

Version 1.0
478
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Monthly Usage Each supported Region: Yes

1,000

Amazon Managed Streaming for Apache Kafka

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Version 1.0
479
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
480
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Number of brokers per account Each supported Region: 90 Yes

Number of brokers per cluster Each supported Region: 30 Yes

Number of configurations per account Each supported Region: 100 Yes

Number of revisions per configuration Each supported Region: 50 Yes

Amazon MSK Connect endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
481
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Dimension Quota

Maximum custom plugins 100

Maximum worker configurations 100

Maximum connect workers Up to 60 connect workers. If a connector is set

up to have auto scaled capacity, MSK Connect
uses the maximum number of workers configured
for that connector to calculate the quota for the
account.

AWS Elemental MediaConnect endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
482
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
483
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

Entitlements Each supported Region: 50 No

Flows Each supported Region: 20 Yes

Outputs Each supported Region: 50 No

For more information, see Quotas in the AWS Elemental MediaConnect User Guide.

AWS Elemental MediaConvert endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Use these endpoints only to request an account-specific endpoint, using the DescribeEndpoints
operation. Send all your transcoding requests to the account-specific endpoint that the service returns.
For more information, see Getting Started with the API in the MediaConvert API Reference.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Version 1.0
484
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas

Name Default Adjustable

Concurrent jobs across all on-demand queues, baseline us-east-1: 40 Yes

us-west-2: 40

Version 1.0
485
 AWS General Reference Reference guide
MediaLive

Name Default Adjustable

eu-west-1: 40

Each of the other supported

Regions: 20

Concurrent jobs per on-demand queue, peak us-east-1: 200 Yes

us-west-2: 200

eu-west-1: 200

Each of the other supported

Regions: 100

Custom job templates Each supported Region: 100 Yes

Custom output presets Each supported Region: 100 Yes

Queues (on-demand) per Region, per account Each supported Region: 10 Yes

Queues (reserved) per Region, per account Each supported Region: 30 Yes

Request rate for API calls in aggregate Each supported Region: 2 Yes

Request rate for API calls in aggregate, in a burst Each supported Region: 100 Yes

Request rate for DescribeEndpoints Each supported Region: Yes

0.01667

Request rate for DescribeEndpoints, in a burst Each supported Region: 0 Yes

AWS Elemental MediaLive endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
When you submit requests using the AWS CLI or SDKs, either leave the Region and endpoint unspecified,
or specify us-east-1 as the Region. When you submit requests using the MediaLive API, use the us-east-1
Region to sign requests. For more information about signing MediaLive API requests, see Signature
Version 4 signing process (p. 755).

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
medialive-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
486
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name
medialive-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
medialive-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

CDI Channels Each supported Region: 2 Yes

Channels Each supported Region: 5 Yes

Device Inputs Each supported Region: 100 Yes

Version 1.0
487
 AWS General Reference Reference guide
MediaPackage

Name Default Adjustable

HEVC Channels Each supported Region: 5 Yes

Input Security Groups Each supported Region: 5 Yes

Multiplexes Each supported Region: 2 Yes

Pull Inputs Each supported Region: 100 Yes

Push Inputs Each supported Region: 5 Yes

Reservations Each supported Region: 50 Yes

UHD Channels Each supported Region: 1 Yes

VPC Inputs Each supported Region: 50 Yes

AWS Elemental MediaPackage endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
These are the endpoints for live content workflows.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
488
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

These are the endpoints for video on demand (VOD) content workflows.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
489
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default Adjustable

Assets per packaging group Each supported Region: Yes

10,000

Burst rate of REST API requests (Live) Each supported Region: 50 No

Burst rate of REST API requests (VOD) Each supported Region: 50 No

Channels Each supported Region: 30 Yes

Concurrent harvest jobs Each supported Region: 10 Yes

Content retention Each supported Region: 336 No

Endpoints per channel Each supported Region: 10 Yes

Version 1.0
490
 AWS General Reference Reference guide
MediaStore

Name Default Adjustable

Ingest streams per asset Each supported Region: 20 No

Ingest streams per channel Each supported Region: 20 No

Live manifest length Each supported Region: 5 Yes

Packaging configurations per packaging group Each supported Region: 10 Yes

Packaging groups Each supported Region: 10 Yes

Rate of REST API requests (Live) Each supported Region: 5 No

Rate of REST API requests (VOD) Each supported Region: 5 No

Rate of egress requests per asset Each supported Region: 200 No

Rate of egress requests per channel Each supported Region: 200 No

Rate of ingest requests per channel Each supported Region: 50 No

Time-shifted manifest length Each supported Region: 24 No

Tracks per ingest stream (Live) Each supported Region: 10 No

Tracks per ingest stream (VOD) Each supported Region: 10 No

For more information, see Quotas in the AWS Elemental MediaPackage User Guide.

AWS Elemental MediaStore endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
491
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Service quotas
Name Default Adjustable

Containers Each supported Region: 100 No

Folder levels Each supported Region: 10 No

Object size Each supported Region: 25 No

Megabytes

Rate of DeleteObject API requests Each supported Region: 100 Yes

Rate of DescribeObject API requests Each supported Region: Yes

1,000

Rate of GetObject API requests for standard upload Each supported Region: Yes
availability 1,000

Rate of GetObject API requests for streaming upload Each supported Region: 25 Yes
availability

Rate of ListItems API requests Each supported Region: 5 Yes

Rate of PutObject API requests for chunked transfer Each supported Region: 10 Yes
encoding (also known as streaming upload availability)

Rate of PutObject API requests for standard upload Each supported Region: 100 Yes
availability

For more information, see Quotas in the AWS Elemental MediaStore User Guide.

AWS Elemental MediaTailor endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
492
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Service quotas

Name Default Adjustable

Ad decision server (ADS) length Each supported Region: No

25,000

Ad decision server (ADS) redirects Each supported Region: 5 No

Ad decision server (ADS) timeout Each supported Region: 3 No

Seconds

Configurations Each supported Region: No

1,000

Content origin length Each supported Region: 512 No

Content origin server timeout Each supported Region: 2 No

Seconds

Manifest size Each supported Region: 2 No

Megabytes

Version 1.0
493
 AWS General Reference Reference guide
Migration Hub

Name Default Adjustable

Session expiration Each supported Region: 10 No

Megabytes

For more information, see Quotas in the AWS Elemental MediaTailor User Guide.

AWS Migration Hub endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The migration tools that integrate with AWS Migration Hub send migration status to the Migration Hub
in the home Region you choose. For information about choosing a home Region, see The AWS Migration
Hub Home Region in the AWS Migration Hub User Guide.

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas
The quotas associated with AWS Migration Hub are the AWS Application Discovery Service quotas. For
more information, see AWS Application Discovery Service Quotas (p. 45).

Version 1.0
494
 AWS General Reference Reference guide
AWS Migration Hub Refactor Spaces

AWS Migration Hub Refactor Spaces endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (London) eu-west-2 [Link]- HTTPS

[Link]

Europe (Stockholm) eu-north-1 [Link]- HTTPS

[Link]

Service quotas

Name Default Adjustable

Maximum number of 50 Yes

environments per AWS Region

Maximum number of 600 Yes

applications per AWS Region

Version 1.0
495
 AWS General Reference Reference guide
Migration Hub Strategy Recommendations

Name Default Adjustable

Maximum number of services 500 Yes

per AWS Region

Maximum number of routes 1000 Yes

AWS Region

Migration Hub Strategy Recommendations

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Europe eu- [Link]- HTTPS

(Frankfurt) central-1 [Link]

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Active Assessment Maximum Each supported Region: 1 Yes

Version 1.0
496
 AWS General Reference Reference guide
Amazon Monitron

Name Default Adjustable

Active Import Maximum Each supported Region: 5 Yes

Assessment Maximum Each supported Region: 50 Yes

Maximum Server per Assessment Each supported Region: 300 Yes

Amazon Monitron endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Monitron is currently supported in the following Regions:

• US East (N. Virginia): us-east-1

• Europe (Ireland): eu-west-1

Service quotas

Name Default Adjustable

Assets per site Each supported Region: 100 Yes

Gateways per site Each supported Region: 200 Yes

Positions per asset Each supported Region: 20 Yes

Projects per account Each supported Region: 10 Yes

Sites per project Each supported Region: 50 Yes

Users per site Each supported Region: 20 Yes

Amazon MQ endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
497
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
mq-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
mq-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) mq-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
mq-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Version 1.0
498
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) mq-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) mq-fi[Link] HTTPS

Service quotas

Name Default Adjustable

API burst limit Each supported Region: 100 No

API rate limit Each supported Region: 15 No

Destinations monitored in CloudWatch (ActiveMQ) Each supported Region: 200 No

Destinations monitored in CloudWatch (RabbitMQ) Each supported Region: 500 No

Groups per user (simple auth) Each supported Region: 20 No

Job scheduler usage limit per broker backed by Amazon EBS Each supported Region: 50 No
Gigabytes

Number of brokers, per region Each supported Region: 20 Yes

Revisions per configuration Each supported Region: 300 No

Security groups per broker Each supported Region: 5 No

Version 1.0
499
 AWS General Reference Reference guide
Neptune

Name Default Adjustable

Storage capacity per larger broker Each supported Region: 200 No

Gigabytes

Storage capacity per smaller broker Each supported Region: 20 No

Gigabytes

Tags per broker Each supported Region: 50 No

Temporary storage capacity per larger broker Each supported Region: 50 No

Gigabytes

Temporary storage capacity per smaller broker Each supported Region: 5 No

Gigabytes

Users per broker (simple auth) Each supported Region: 250 No

Wire-level connections per larger broker Each supported Region: Yes

1,000

Wire-level connections per smaller broker Each supported Region: 100 Yes

For more information, see Quotas in Amazon MQ in the Amazon MQ Developer Guide.

Amazon Neptune endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Version 1.0
500
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East)

Version 1.0
501
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

Service quotas
Name Default Adjustable

Cluster endpoints per DB cluster Each supported Region: 5 Yes

Cross-region snapshot copy requests Each supported Region: 5 Yes

DB cluster Roles Each supported Region: 5 Yes

DB cluster manuals snapshots Each supported Region: 100 Yes

DB cluster parameter groups Each supported Region: 50 Yes

DB clusters Each supported Region: 40 Yes

DB instance parameter groups Each supported Region: 50 Yes

DB instances Each supported Region: 40 Yes

DB subnet groups Each supported Region: 50 Yes

Event subscriptions Each supported Region: 20 Yes

Read replicas per cluster Each supported Region: 15 No

Reserved DB instances Each supported Region: 40 Yes

Tags per resource Each supported Region: 50 Yes

For more information, see Amazon Neptune quotas in the Amazon Neptune User Guide.

AWS Network Firewall endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 network-fi[Link] HTTPS

(Ohio)

Version 1.0
502
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
network-firewall-fi[Link] HTTPS

US East (N. us-east-1 network-fi[Link] HTTPS

Virginia)
network-firewall-fi[Link] HTTPS

US us-west-1 network-fi[Link] HTTPS

West (N.
California) network-firewall-fi[Link] HTTPS

US West us-west-2 network-fi[Link] HTTPS

(Oregon)
network-firewall-fi[Link] HTTPS

Africa af-south-1 network-fi[Link] HTTPS

(Cape
Town)

Asia ap-east-1 network-fi[Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- network-fi[Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- network-fi[Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- network-fi[Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- network-fi[Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- network-fi[Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- network-fi[Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- network-fi[Link] HTTPS

(Central) central-1
network-firewall-fi[Link]- HTTPS
[Link]

Europe eu- network-fi[Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 network-fi[Link] HTTPS

(Ireland)

Version 1.0
503
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 network-fi[Link] HTTPS

(London)

Europe eu- network-fi[Link] HTTPS

(Milan) south-1

Europe eu-west-3 network-fi[Link] HTTPS

(Paris)

Europe eu-north-1 network-fi[Link] HTTPS

(Stockholm)

Middle me- network-fi[Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 network-fi[Link] HTTPS

America
(São
Paulo)

AWS us-gov- network-firewall-fi[Link]-gov- HTTPS

GovCloud east-1 [Link]
(US-East) HTTPS
network-firewall-fi[Link]-gov-
[Link]

AWS us-gov- network-firewall-fi[Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West) HTTPS
network-firewall-fi[Link]-gov-
[Link]

Service quotas

Name Default Adjustable

Firewall policies Each supported Region: 20 Yes

Firewalls Each supported Region: 5 Yes

Stateful rulegroups Each supported Region: 50 Yes

Stateless rulegroups Each supported Region: 50 Yes

For more information, see AWS Network Firewall quotas in the Network Firewall Developer Guide.

Version 1.0
504
 AWS General Reference Reference guide
Network Manager

Transit Gateway Network Manager endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US West us-west-2 [Link] HTTPS

(Oregon)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
Name Default Adjustable

Attachments per core network Each supported Region: Yes

5,000

Connect peers per connect attachment Each supported Region: 4 No

Connections per global network Each supported Region: 500 Yes

Core network attachments per VPC Each supported Region: 5 No

Core network policy size in KB Each supported Region: 100 No

Kilobytes

Core networks per global network Each supported Region: 1 No

Devices per global network Each supported Region: 200 Yes

Edges per region per core network Each supported Region: 1 No

Global networks per account Each supported Region: 5 Yes

Links per global network Each supported Region: 200 Yes

Policy versions per core network Each supported Region: Yes

10,000

Retention duration in seconds for core network policies with Each supported Region: Yes
out of date change sets 7,776,000 Seconds

Segments per core network Each supported Region: 20 Yes

Version 1.0
505
 AWS General Reference Reference guide
Nimble Studio

Name Default Adjustable

Sites per global network Each supported Region: 200 Yes

For more information, see Network Manager quotas.

Amazon Nimble Studio endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas
Name Default Adjustable

Active Directory studio components per studio Each supported Region: 1 No

Custom streaming images per studio Each supported Region: 10 Yes

Launch profiles per studio Each supported Region: 50 Yes

Shared file system studio components per studio Each supported Region: 10 Yes

Streaming sessions per studio Each supported Region: 2 Yes

Studio components per studio Each supported Region: 50 Yes

Studio creation per account Each supported Region: 1 No

Version 1.0
506
 AWS General Reference Reference guide
OpenSearch Service

Amazon OpenSearch Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
es-fi[Link] HTTPS

es-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
es-fi[Link] HTTPS

es-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) es-fi[Link] HTTPS

es-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
es-fi[Link] HTTPS

es-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Version 1.0
507
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) es-fi[Link] HTTPS

es-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) es-fi[Link] HTTPS

es-fi[Link] HTTPS

Version 1.0
508
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Dedicated master instances per domain Each supported Region: 5 No

Domains per region Each supported Region: 100 Yes

Instances per domain Each supported Region: 40 Yes

Instances per domain (T2 instance type) Each supported Region: 10 No

Warm nodes per cluster Each supported Region: 150 No

For more information, see Amazon OpenSearch Service limits.

AWS OpsWorks endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS OpsWorks CM
You can create and manage AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet
Enterprise servers in the following Regions. Resources can be managed only in the Region in which
they are created. Resources that are created in one Regional endpoint are not available, nor can they be
cloned to, another Regional endpoint.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
509
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

AWS OpsWorks Stacks

You can create and manage AWS OpsWorks resources in all of the following Regions. The Canada
(Central) Region Region is API-only; you cannot create stacks in Canada (Central) Region by using the
AWS Management Console. Resources can be managed only in the Region in which they are created.
Resources that are created in one Regional endpoint are not available—nor can they be cloned to—
another Regional endpoint.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
510
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
The following quotas are for AWS OpsWorks CM.

Name Default Adjustable

Automated (scheduled) backup generations per server Each supported Region: 10 Yes

Chef Automate or Puppet Enterprise servers Each supported Region: 5 Yes

Manual backups per server Each supported Region: 10 Yes

The following quotas are for AWS OpsWorks stacks.

Name Default Adjustable

Apps per stack Each supported Region: 40 Yes

Instances per stack Each supported Region: 40 Yes

Layers per stack Each supported Region: 40 Yes

Stacks Each supported Region: 40 Yes

Version 1.0
511
 AWS General Reference Reference guide
Organizations

AWS Organizations endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Because AWS Organizations is a global service, there is a single global endpoint for all of the AWS
Regions in each partition.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
organizations-fi[Link] HTTPS

[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
organizations-fi[Link] HTTPS

[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) organizations-fi[Link] HTTPS

[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
organizations-fi[Link] HTTPS

[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong organizations-fi[Link] HTTPS
Kong)
[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta) organizations-fi[Link] HTTPS

[Link] HTTPS

Version 1.0
512
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) organizations-fi[Link] HTTPS

[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) organizations-fi[Link] HTTPS

[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
organizations-fi[Link] HTTPS

[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
organizations-fi[Link] HTTPS

[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
organizations-fi[Link] HTTPS

[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
organizations-fi[Link] HTTPS

[Link] HTTPS

Version 1.0
513
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1
organizations-fi[Link] HTTPS

[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
organizations-fi[Link] HTTPS

[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
organizations-fi[Link] HTTPS

[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) organizations-fi[Link] HTTPS

[Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São organizations-fi[Link] HTTPS
Paulo)
[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] HTTPS

Service quotas

Name Default Adjustable

Default maximum number of accounts Each supported Region: 10 Yes

Enable all features request expiration Each supported Region: 90 No

Handshake expiration Each supported Region: 30 No

Invitation acceptance expiration Each supported Region: 15 No

Member accounts you can concurrently create Each supported Region: 5 No

Version 1.0
514
 AWS General Reference Reference guide
AWS Outposts

Name Default Adjustable

Minimum age for removal of created accounts Each supported Region: 7 No

Number of invitation attempts you can perform in a 24-hour Each supported Region: 20 No
period

OU maximum nesting in a root Each supported Region: 5 No

OUs in an organization Each supported Region: No

1,000

Policies in an organization Each supported Region: No

1,000

Roots in an organization Each supported Region: 1 No

Service control policies per OU Each supported Region: 5 No

Service control policies per account Each supported Region: 5 No

Service control policies per root Each supported Region: 5 No

Service control policy (SCP) document size Each supported Region: No

5,120 Bytes

For more information, see Quotas for AWS Organizations in the AWS Organizations User Guide.

AWS Outposts endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
outposts-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
outposts-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) outposts-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
outposts-fi[Link] HTTPS

Version 1.0
515
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
outposts-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
516
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Outpost sites per account Each supported Region: 100 Yes

Outposts per site Each supported Region: 10 Yes

Amazon Personalize endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Personalize

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Version 1.0
517
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

China (Beijing) cn-north-1 [Link]- HTTPS

[Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Amazon Personalize Events

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

Version 1.0
518
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

China (Beijing) cn-north-1 [Link]- HTTPS

[Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Amazon Personalize Runtime

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

China (Beijing) cn-north-1 [Link]- HTTPS

[Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Version 1.0
519
 AWS General Reference Reference guide
Service quotas

Service quotas

Name Default Adjustable

Active campaigns Each supported Region: 5 Yes

Active dataset groups Each supported Region: 500 No

Active datasets Each supported Region: 500 No

Active event trackers Each supported Region: 500 No

Active filters Each supported Region: 10 Yes

Active recommenders Each supported Region: 5 Yes

Active solutions Each supported Region: 500 No

Amount of data for HRNN recipe Each supported Region: 100 No

Gigabytes

Amount of data for Personalized-Ranking recipe Each supported Region: 100 No

Gigabytes

Amount of data for Popularity-Count recipe Each supported Region: 100 No

Gigabytes

Amount of data for SIMS recipe Each supported Region: 100 No

Gigabytes

Amount of interactions data for HRNN-coldstart recipe Each supported Region: 100 No
Gigabytes

Amount of interactions data for HRNN-metadata recipe Each supported Region: 100 No
Gigabytes

Amount of users and items data combined for HRNN- Each supported Region: 5 No
coldstart recipe Gigabytes

Amount of users and items data combined for HRNN- Each supported Region: 5 No
metadata recipe Gigabytes

Event size Each supported Region: 10 No

Kilobytes

Minimum data points for model training Each supported Region: No

1,000

Minimum unique users for model training Each supported Region: 25 No

Number of events in PutEvents call Each supported Region: 10 No

Number of interactions for model training Each supported Region: No

500,000,000

Number of items used in model training Each supported Region: No

750,000

Number of schemas Each supported Region: 500 No

Version 1.0
520
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Pending or In Progress batch inference jobs Each supported Region: 5 Yes

Pending or In Progress solution versions Each supported Region: 20 Yes

Rate of CreateCampaign requests Each supported Region: 1 No

Rate of CreateDataset requests Each supported Region: 1 No

Rate of CreateDatasetGroup requests Each supported Region: 1 No

Rate of CreateDatasetImportJob requests Each supported Region: 1 No

Rate of CreateEventTracker requests Each supported Region: 1 No

Rate of CreateSchema requests Each supported Region: 1 No

Rate of CreateSolution requests Each supported Region: 1 No

Rate of CreateSolutionVersion requests Each supported Region: 1 No

Rate of DeleteCampaign requests Each supported Region: 1 No

Rate of DeleteDataset requests Each supported Region: 1 No

Rate of DeleteDatasetGroup requests Each supported Region: 1 No

Rate of DeleteDatasetImportJob requests Each supported Region: 1 No

Rate of DeleteEventTracker requests Each supported Region: 1 No

Rate of DeleteSchema requests Each supported Region: 1 No

Rate of DeleteSolution requests Each supported Region: 1 No

Rate of DescribeAlgorithm requests Each supported Region: 1 No

Rate of DescribeCampaign requests Each supported Region: 1 No

Rate of DescribeDataset requests Each supported Region: 1 No

Rate of DescribeDatasetGroup requests Each supported Region: 1 No

Rate of DescribeDatasetImportJob requests Each supported Region: 1 No

Rate of DescribeEventTracker requests Each supported Region: 1 No

Rate of DescribeFeatureTransformation requests Each supported Region: 1 No

Rate of DescribeRecipe requests Each supported Region: 1 No

Rate of DescribeSchema requests Each supported Region: 1 No

Rate of DescribeSolution requests Each supported Region: 1 No

Rate of GetPersonalizedRanking requests per campaign Each supported Region: 500 No

Rate of GetRecommendations requests per campaign Each supported Region: 500 No

Rate of GetSolutionMetrics requests Each supported Region: 1 No

Rate of ListCampaigns requests Each supported Region: 1 No

Version 1.0
521
 AWS General Reference Reference guide
Amazon Pinpoint

Name Default Adjustable

Rate of ListDatasetGroups requests Each supported Region: 1 No

Rate of ListDatasetImportJobRuns requests Each supported Region: 1 No

Rate of ListDatasetImportJobs requests Each supported Region: 1 No

Rate of ListDatasets requests Each supported Region: 1 No

Rate of ListEventTrackers requests Each supported Region: 1 No

Rate of ListRecipes requests Each supported Region: 1 No

Rate of ListSchemas requests Each supported Region: 1 No

Rate of ListSolutionVersions requests Each supported Region: 1 No

Rate of ListSolutions requests Each supported Region: 1 No

Rate of PutEvents requests Each supported Region: Yes

1,000

Rate of UpdateCampaign requests Each supported Region: 1 No

Rate of UpdateDataset requests Each supported Region: 1 No

Rate of transactions per account Each supported Region: No

2,500

Amazon Pinpoint endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Amazon Pinpoint includes the Amazon Pinpoint API and the Amazon Pinpoint SMS and Voice API.

Service endpoints
Amazon Pinpoint API

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
522
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Note
You can't use the Amazon Pinpoint API to send SMS messages in the Asia Pacific (Seoul) Region.

Amazon Pinpoint SMS and Voice API

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Version 1.0
523
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Note
The Amazon Pinpoint SMS and Voice API is not available in the following Regions:

• Asia Pacific (Seoul) Region

• Asia Pacific (Singapore) Region
• Asia Pacific (Tokyo) Region
• Canada (Central) Region
• Europe (London) Region

Service quotas

Name Default Adjustable

APNs sandbox message payload size per message Each supported Region: 4 No
Kilobytes

Active campaigns per account Each supported Region: 200 Yes

All other operations burst quota Each supported Region: 300 No

All other operations rate quota Each supported Region: 300 No

Amazon Device Messaging (ADM) message payload size per Each supported Region: 6 No
message Kilobytes

Apple Push Notification service (APNs) message payload size Each supported Region: 4 No
per message Kilobytes

Attribute name length Each supported Region: 50 No

Attribute value length Each supported Region: 100 No

Baidu Cloud Push message payload size per message Each supported Region: 4 No
Kilobytes

CreateCampaign operation burst quota Each supported Region: 25 No

CreateCampaign operation rate quota Each supported Region: 25 No

CreateSegment operation burst quota Each supported Region: 25 No

CreateSegment operation rate quota Each supported Region: 25 No

DeleteCampaign operation burst quota Each supported Region: 25 No

DeleteCampaign operation rate quota Each supported Region: 25 No

Version 1.0
524
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DeleteEndpoint operation burst quota Each supported Region: No

1,000

DeleteEndpoint operation rate quota Each supported Region: No

1,000

DeleteSegment operation burst quota Each supported Region: 25 No

DeleteSegment operation rate quota Each supported Region: 25 No

Firebase Cloud Messaging (FCM) message payload size per Each supported Region: 4 No
message Kilobytes

GetEndpoint operation burst quota Each supported Region: No

7,000

GetEndpoint operation rate quota Each supported Region: No

7,000

Import size per import job Each supported Region: 1 Yes

Invocation payload size Each supported Region: 7 No

Megabytes

Maximum amount of time to wait for a Lambda function to Each supported Region: 15 No
process data Seconds

Maximum message size, including attachments Each supported Region: 10 No

Megabytes

Maximum number of active journeys per account Each supported Region: 50 Yes

Maximum number of attempts to invoke a Lambda function Each supported Region: 3 No

Seconds

Maximum number of attribute keys and metric keys for each Each supported Region: 40 No
event per request

Maximum number of characters in ADM-specific template Each supported Region: No

parts of a push notification template 4,000

Maximum number of characters in APN-specific template Each supported Region: No

parts of a push notification template 2,000

Maximum number of characters in Baidu-specific template Each supported Region: No

parts of a push notification template 4,000

Maximum number of characters in FCM-specific template Each supported Region: No

parts of a push notification template 4,000

Maximum number of characters in an SMS template Each supported Region: No

1,600

Maximum number of characters in an email template Each supported Region: No

500,000

Maximum number of characters in the default template Each supported Region: No

parts of a push notification template 2,000

Version 1.0
525
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Maximum number of characters per attribute key Each supported Region: 50 No

Maximum number of characters per attribute value Each supported Region: 200 No

Maximum number of custom attribute keys per app Each supported Region: 500 No

Maximum number of custom attribute values per attribute Each supported Region: No
key 100,000

Maximum number of custom event types per app Each supported Region: No
1,500

Maximum number of custom metric keys per app Each supported Region: 500 No

Maximum number of dimensions that can be used to create Each supported Region: 100 No
a segment

Maximum number of events in a request Each supported Region: 100 No

Maximum number of journey activities per journey Each supported Region: 40 Yes

Maximum number of message templates per account Each supported Region: Yes
10,000

Maximum number of model configurations per account Each supported Region: 100 No

Maximum number of model configurations per message Each supported Region: 1 No

template

Maximum number of push notifications that can be sent per Each supported Region: Yes
second in a campaign 25,000

Maximum number of versions per template Each supported Region: No

5,000

Maximum segment size per campaign Each supported Region: No

100,000,000

Maximum segment size per journey Each supported Region: No

100,000,000

Maximum size of a request Each supported Region: 4 No

Megabytes

Maximum size of an individual event Each supported Region: No

1,000 Kilobytes

Maximum size of an invocation payload (request and Each supported Region: 6 No

response) for a Lambda function Megabytes

Maximum size per endpoint Each supported Region: 15 Yes

Kilobytes

Number of Amazon Pinpoint projects Each supported Region: 100 No

Number of Amazon SNS topics for two-way SMS per account Each supported Region: Yes
100,000

Version 1.0
526
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Number of EndpointBatchItem objects in an Each supported Region: 100 No

EndpointBatchRequest payload

Number of SMS messages that can be sent each second Each supported Region: 20 Yes
(sending rate)

Number of SMS messages that can be sent to a single Each supported Region: 1 No
recipient each second

Number of attributes assigned to the Attributes parameter Each supported Region: 250 Yes

Number of attributes assigned to the Attributes, Metrics, and Each supported Region: 250 Yes
UserAttributes parameters collectively

Number of attributes assigned to the Metrics parameter Each supported Region: 250 Yes

Number of attributes assigned to the UserAttributes Each supported Region: 250 Yes
parameter

Number of concurrent import jobs Each supported Region: 10 Yes

Number of emails that can be sent each second (sending Each supported Region: 1 Yes
rate)

Number of emails that can be sent per 24-hour period Each supported Region: 200 Yes
(sending quota)

Number of endpoints with the same user ID Each supported Region: 10 No

Number of event-based campaigns Each supported Region: 25 Yes

Number of identities that you can verify Each supported Region: No

10,000

Number of recipients per message Each supported Region: 50 No

Number of values assigned to the Attributes parameter Each supported Region: 50 No

attributes per attribute

Number of values assigned to the UserAttributes parameter Each supported Region: 50 No

attributes per attribute

Number of verified identities Each supported Region: No

10,000

PhoneNumberValidate operation burst quota Each supported Region: 20 No

PhoneNumberValidate operation rate quota Each supported Region: 20 No

PutEvents operation burst quota Each supported Region: No

7,000

PutEvents operation rate quota Each supported Region: No

7,000

SMS spending threshold Each supported Region: 1 Yes

SendMessages operation burst quota Each supported Region: No

4,000

Version 1.0
527
 AWS General Reference Reference guide
Amazon Polly

Name Default Adjustable

SendMessages operation rate quota Each supported Region: No

4,000

SendUsersMessages operation burst quota Each supported Region: No

6,000

SendUsersMessages operation rate quota Each supported Region: No

6,000

UpdateCampaign operation burst quota Each supported Region: 25 No

UpdateCampaign operation rate quota Each supported Region: 25 No

UpdateEndpoint operation burst quota Each supported Region: No

5,000

UpdateEndpoint operation rate quota Each supported Region: No

5,000

UpdateEndpointsBatch operation burst quota Each supported Region: No

5,000

UpdateEndpointsBatch operation rate quota Each supported Region: No

5,000

UpdateSegment operation burst quota Each supported Region: 25 No

UpdateSegment operation rate quota Each supported Region: 25 No

For more information, see Amazon Pinpoint quotas in the Amazon Pinpoint Developer Guide.

Amazon Polly endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
polly-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
polly-fi[Link] HTTPS

Version 1.0
528
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California) polly-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
polly-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
529
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) polly-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Burst size of API requests Each supported Region: 120 Yes

Burst size of lexicon management requests Each supported Region: 4 Yes

Burst size of speech requests Each supported Region: 100 Yes

Concurrent connections Each supported Region: 90 Yes

Lexicon size Each supported Region: No

4,000

Number of lexicons Each supported Region: 100 No

Rate of API requests Each supported Region: 100 Yes

Rate of StartSpeechSynthesisTask requests Each supported Region: 10 Yes

Rate of lexicon management requests Each supported Region: 2 Yes

Rate of speech requests Each supported Region: 80 Yes

Rate of speech synthesis task requests Each supported Region: 10 Yes

StartSpeechSynthesisTask billed characters limit Each supported Region: Yes

100,000

StartSpeechSynthesisTask lexicons count Each supported Region: 5 No

StartSpeechSynthesisTask total characters limit Each supported Region: Yes

200,000

SynthesizeSpeech billed characters limit Each supported Region: Yes

3,000

SynthesizeSpeech lexicons count Each supported Region: 5 No

SynthesizeSpeech total characters limit Each supported Region: Yes

6,000

Version 1.0
530
 AWS General Reference Reference guide
Amazon Managed Service for Prometheus

For more information, see Quotas in the Amazon Polly Developer Guide.

Amazon Managed Service for Prometheus

endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link] HTTPS

Version 1.0
531
 AWS General Reference Reference guide
Service quotas

Service quotas
Amazon Managed Service for Prometheus has the following quotas for series, labels, and API requests.
The Possible error message column shows what error message you might see if your Prometheus
data exceeds a limit. If you see one of these error messages, you should request an increase to the
corresponding limit.

Resource Default quota Possible error

message

Active series (metrics that have 1,000,000. You can request a quota increase. per-user
reported data in the past 5 series limit
minutes) per workspace of 1000000
exceeded,
please contact
administrator
to raise it

Active series per metric name 200,000. You can request a quota increase. per-metric
series limit
of 200000
exceeded,
please contact
administrator
to raise it

Ingestion rate 70,000 samples per second. You can request a ingestion
quota increase. rate limit (...)
exceeded

Ingestion burst size 1,000,000 samples. You can request a quota ingestion
increase. rate limit (...)
exceeded

Labels per metric series. 70. You can request a quota increase. series has too
many labels
(...) series: '%s'

Query bytes for instant queries 750MB that can be scanned by a single instant the query hit
query. This quota can't be changed. the aggregated
chunks size
limit

(A chunk stores
raw samples
of series for a
certain time
span.)

Query bytes for range queries 750MB that can be scanned per 24-hour interval the query hit
in a single range query. This quota can't be the aggregated
changed. chunks size
limit

(A chunk stores
raw samples
of series for a

Version 1.0
532
 AWS General Reference Reference guide
Service quotas

Resource Default quota Possible error

message
certain time
span.)

Query time range 32 days between the start time and the end the query time
time of a PromQL query. This quota cannot be range exceeds
changed. the limit (query
length: xxx,
limit: yyy)

Query samples 12,000,000 samples that can be scanned during a query

single query. This quota can't be changed. processing
would load too
many samples
into memory
in query
execution

Retention time for ingested data 150 days. Data older than this is deleted from the
workspace.

Workspaces per Region per 10. You can request a quota increase. Limit
account exceeded.
Maximum
workspaces per
account.

Workspace management 10 transactions per second (TPS), with a burst  

API operations, including limit of 10 TPS. You can request a quota increase.
CreateWorkspace,
DeleteWorkspace,
DescribeWorkspaces,
ListWorkspaces, and
UpdateWorkspaceAlias

Rules and alert manager quotas

Resource Default quota

Active alerts 1000. You can request a quota increase.

Alert aggregation group size 1K. You can request a quota increase.

Alert manager API operations, including 100 transactions per second (TPS).
CreateAlertManagerDefinition,
DeleteAlertManagerDefinition,
DescribeAlertManagerDefinition, and
PutAlertManagerDefinition

Alert manager definition file size 1 MB. This quota can't be changed.

Alerts per workspace, in size 20 MB. You can request a quota increase.

Inhibition rules 100. You can request a quota increase.

Nodes in the alert manager routing tree 100. You can request a quota increase.

Version 1.0
533
 AWS General Reference Reference guide
Additional quotas for ingested data

Resource Default quota

Rule evaluation interval Rules are evaluated every 60 seconds. This can't be changed.

Rule groups in a workspace 100. You can request a quota increase.

Rule groups namespaces in a workspace 10. You can request a quota increase.

Rules in a rule group 20. You can request a quota increase.

Rules definition file size 1 MB. This quota can't be changed.

Templates in the alert manager 100. You can request a quota increase.
definition file

Additional quotas for ingested data

Amazon Managed Service for Prometheus has additional quotas for data that's ingested into Amazon
Managed Service for Prometheus workspaces.

• Metric samples older than 1 hour are refused from being ingested.
• Every sample and metadata must have a metric name.
• Maximum length accepted for label names: 1024 bytes
• Maximum length accepted for label value: 2048 bytes
• Maximum number of metadata per metric: 10
• Maximum size of ingestion or query request: 1 MB
• Maximum length accepted for metric metadata, which includes metric name, HELP, and UNIT: 1024
bytes
• Maximum number of active metrics with metadata per workspace: 20,000
• Maximum retention time for ingested metrics: 150 days. Data older than this is deleted from the
workspace.

AWS Proton endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
534
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
Name Default Adjustable

Environment account connections per environment account Each supported Region: 5 Yes

Environments per account Each supported Region: 100 Yes

Service instances per service Each supported Region: 20 Yes

Services per account Each supported Region: Yes

1,000

Template versions per template Each supported Region: 500 Yes

Templates per account Each supported Region: 100 Yes

For more information, see AWS Proton quotas in the AWS Proton Administrator Guide.

Amazon QLDB endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
QLDB control plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
qldb-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
535
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
qldb-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
qldb-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

QLDB transactional data plane

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
536
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Service quotas

Name Default Adjustable

Ledgers Each supported Region: 5 Yes

QLDB exports per ledger Each supported Region: 2 Yes

QLDB streams per ledger Each supported Region: 5 Yes

For more information, see Quotas in Amazon QLDB in the Amazon QLDB Developer Guide.

Amazon QuickSight endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
537
 AWS General Reference Reference guide
Service endpoints

Service endpoints
QuickSight

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
538
 AWS General Reference Reference guide
Service quotas

QuickSight Websites

Region Name Region Endpoint

US East (Ohio) us-east-2 [Link]

US East (N. Virginia) us-east-1 [Link]

US West (Oregon) us-west-2 [Link]

Asia Pacific ap-southeast-1 [Link]

(Singapore)

Asia Pacific (Sydney) ap-southeast-2 [Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]

Europe (Frankfurt) eu-central-1 [Link]

Europe (Ireland) eu-west-1 [Link]

Europe (London) eu-west-2 [Link]

Service quotas
Name Default Adjustable

API_CREATE-INGESTION: Calls per 24 hour period from Each supported Region: 32 No

Enterprise edition

API_CREATE-INGESTION: Calls per 24 hour period from Each supported Region: 8 No

Standard edition

Calculated field expression length Each supported Region: No

250,000

Custom action name length Each supported Region: 256 No

Custom actions per visual Each supported Region: 10 No

Data Prep: Fields per dataset Each supported Region: No

2,000

Display items per sheet control Each supported Region: No

10,000

Email aliases per group for email reports Each supported Region: No
5,000

Maximum number of characters per specified Control values Each supported Region: No
200,000

Query timeout for visuals Each supported Region: 120 No

Seconds

The maximum amount of time to wait for a dataset preview Each supported Region: 45 No
Seconds

Version 1.0
539
 AWS General Reference Reference guide
AWS RAM

Name Default Adjustable

URL action hyperlink length Each supported Region: No

2,048

AWS Resource Access Manager endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
ram-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
ram-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) ram-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ram-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Version 1.0
540
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
ram-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Version 1.0
541
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Number of pending invitations Each supported Region: 20 Yes

Number of resource shares Each supported Region: Yes

5,000

Number of shared resources Each supported Region: Yes

5,000

Amazon Redshift endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Redshift API

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
redshift-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
redshift-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) redshift-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
redshift-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Version 1.0
542
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
redshift-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
543
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Redshift Data API

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
544
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
For information, see Quotas and limits in Amazon Redshift in the Amazon Redshift Cluster Management
Guide.

Amazon Rekognition endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).

Version 1.0
545
 AWS General Reference Reference guide
Service endpoints

Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Version 1.0
546
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) rekognition-fi[Link] HTTPS

rekognition-fi[Link] HTTPS

The following are differences for certain Amazon Rekognition features and AWS Regions.

Amazon Rekognition Video streaming API

The Amazon Rekognition Video streaming API is available in the following Regions only.

• US East (N. Virginia)

• US West (Oregon)
• Asia Pacific (Tokyo)
• Europe (Frankfurt)
• Europe (Ireland)

Amazon Rekognition Custom Labels

Amazon Rekognition Custom Labels is available in the following Regions only.

• US East (N. Virginia)

• US East (Ohio)
• US West (Oregon)
• Europe (Ireland)
• Europe (London)
• Europe (Frankfurt)
• Asia Pacific (Mumbai)
• Asia Pacific (Singapore)
• Asia Pacific (Sydney)
• Asia Pacific (Tokyo)
• Asia Pacific (Seoul)

Canada (Central) Region

The Canada (Central) Region supports the following operations only.

• CompareFaces
• CreateCollection
• DeleteCollection
• DeleteFaces

Version 1.0
547
 AWS General Reference Reference guide
Service quotas

• DescribeCollection
• DetectFaces
• IndexFaces
• ListCollections
• ListFaces
• SearchFaces
• SearchFacesByImage

Note
These operations are only available through use of the AWS CLI or SDK, as the Canada (Central)
Region doesn't currently provide a console experience for these operations.

Service quotas
The quotas listed on this page are defaults. You can request a quota increase for Amazon Rekognition
using the AWS Support Center. To request a quota increase for a Amazon Rekognition Transactions Per
Second (TPS) limit, follow the instructions at Default Quotas in Amazon Rekognition.
Note
These limits may be different in different Regions. Making a case to change a limit affects the
API operation you request, in the Region you request it. Other API operations and Regions are
not affected.

Resource Default

Transactions per second per account for individual Amazon • US East (Ohio) Region – 5
Rekognition Image data plane operations: • US East (N. Virginia) Region –
50
• CompareFaces
• US West (N. California) Region
• DetectFaces –5
• DetectLabels
• US West (Oregon) Region – 50
• DetectModerationLabels • Asia Pacific (Mumbai) Region –
• DetectText 5
• GetCelebrityInfo • Asia Pacific (Seoul) Region – 5
• IndexFaces • Asia Pacific (Singapore) Region
• ListFaces –5
• RecognizeCelebrities • Asia Pacific (Sydney) Region –
• SearchFaces 5
• SearchFacesByImage • Asia Pacific (Tokyo) Region – 5
• Canada (Central) – 5 (For
supported operations, see
Service endpoints (p. 546)).
• Europe (Frankfurt) Region – 5
• Europe (Ireland) Region – 50
• Europe (London) Region – 5
• AWS GovCloud (US-West) – 5

Transactions per second per account for the personal protective In each Region that Amazon
equipment data plane operation: Rekognition Image supports – 5

• DetectProtectiveEquipment

Version 1.0
548
 AWS General Reference Reference guide
Service quotas

Resource Default

Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Image control plane operations: Rekognition Image supports – 5

• CreateCollection
• DeleteCollection
• DeleteFaces
• DescribeCollection
• ListCollections

Transactions per second per account for individual stored video In each Region that Amazon
start operations: Rekognition Video supports – 5

• StartCelebrityRecognition Note that

• StartContentModeration StartCelebrityRecognition is not
available in AWS GovCloud.
• StartFaceDetection
• StartFaceSearch
• StartLabelDetection
• StartPersonTracking
• StartTextDetection
• StartSegmentDetection

Transactions per second per account for individual Amazon • US East (Ohio) Region – 5
Rekognition Video stored video get operations: • US East (N. Virginia) Region –
20
• GetCelebrityRecognition
• US West (N. California) Region
• GetContentModeration –5
• GetFaceDetection
• US West (Oregon) Region – 20
• GetFaceSearch • Asia Pacific (Mumbai) Region –
• GetLabelDetection 5
• GetPersonTracking • Asia Pacific (Seoul) Region – 5
• GetTextDetection • Asia Pacific (Singapore) Region
• GetSegmentDetection –5
• Asia Pacific (Sydney) Region –
5
• Asia Pacific (Tokyo) Region – 5
• Europe (Frankfurt) Region – 5
• Europe (Ireland) Region – 20
• Europe (London) Region – 5
• AWS GovCloud (US-
West) –20 (Note that
GetCelebrityRecognition is not
available in this Region.)

Maximum number of concurrent stored video jobs per account 20

Maximum number of streaming video stream processors per In each Region that Amazon
account that can simultaneously exist Rekognition Video supports – 10

Version 1.0
549
 AWS General Reference Reference guide
Amazon RDS

Resource Default

Transactions per second per account for individual streaming video In each Region that Amazon
operations: Rekognition Video supports – 1

• CreateStreamProcessor
• DeleteStreamProcessor
• DescribeStreamProcessor
• ListStreamProcessors
• StartStreamProcessor
• StopStreamProcessor

Transactions per second per account for individual Amazon In each Region that Amazon
Rekognition Custom Labels control plane operations: Rekognition Custom Labels
supports – 5
• CreateProject
• CreateProjectVersion
• DeleteProject
• DeleteProjectVersion
• DescribeProjects
• DescribeProjectVersions
• StartProjectVersion
• StopProjectVersion

Maximum number of Amazon Rekognition Custom Labels projects 100

per account.

Maximum number of Amazon Rekognition Custom Labels models 100

per project.

Maximum number of concurrent Amazon Rekognition Custom • All Regions except Asia Pacific
Labels training jobs per account. (Sydney) – 2
• Asia Pacific (Sydney) – 1

Maximum number of concurrently running Amazon Rekognition 2

Custom Labels models per account.

Maximum inference units per started model. 5

Maximum number of images per dataset. 250,000

For more information, see Amazon Rekognition Quotas.

Amazon Relational Database Service endpoints

and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
550
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Amazon RDS

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
rds-fi[Link] HTTPS

rds-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
rds-fi[Link] HTTPS

rds-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) rds-fi[Link] HTTPS

rds-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
rds-fi[Link] HTTPS

rds-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
551
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
rds-fi[Link] HTTPS

rds-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Version 1.0
552
 AWS General Reference Reference guide
Service endpoints

Amazon RDS Performance Insights

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
553
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

Authorizations per DB security group Each supported Region: 20 No

DB instances Each supported Region: 40 Yes

DB subnet groups Each supported Region: 50 Yes

Event subscriptions Each supported Region: 20 Yes

IAM roles per DB cluster Each supported Region: 5 Yes

IAM roles per DB instance Each supported Region: 5 Yes

Manual DB cluster snapshots Each supported Region: 100 Yes

Manual DB instance snapshots Each supported Region: 100 Yes

Option groups Each supported Region: 20 Yes

Parameter groups Each supported Region: 50 Yes

Proxies Each supported Region: 20 Yes

Read replicas per master Each supported Region: 5 Yes

Reserved DB instances Each supported Region: 40 Yes

Rules per security group Each supported Region: 20 No

Security groups Each supported Region: 25 Yes

Security groups (VPC) Each supported Region: 5 No

Version 1.0
554
 AWS General Reference Reference guide
Resilience Hub

Name Default Adjustable

Subnets per DB subnet group Each supported Region: 20 No

Tags per resource Each supported Region: 50 No

Total storage for all DB instances Each supported Region: Yes

100,000 Gigabytes

AWS Resilience Hub endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
555
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

Number of Resiliency Policies Each supported Region: 10 Yes

Number of application components per resource Each supported Region: 5 No

Number of application components per template Each supported Region: 25 No

Number of applications Each supported Region: 10 Yes

Number of assessments per application per month Each supported Region: 20 Yes

Number of concurrent assessments per account Each supported Region: 20 No

Number of concurrent assessments per application Each supported Region: 1 No

Version 1.0
556
 AWS General Reference Reference guide
Resource Groups and Tagging

Name Default Adjustable

Number of concurrent recommendation templates per Each supported Region: 100 No

account

Number of concurrent recommendation templates per Each supported Region: 1 No

application

Number of recommendation templates per application per Each supported Region: 100 Yes
month

Number of resources per template Each supported Region: 50 No

Number of stacks to import Each supported Region: 5 No

Retention period of past assessments/recommendations in Each supported Region: 365 No

days

Retention period of past recommendation templates in days Each supported Region: 365 No

Template size in bytes Each supported Region: No

51,200

AWS Resource Groups and Tagging endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

AWS Resource Groups

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
resource-groups-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
resource-groups-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) resource-groups-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
resource-groups-fi[Link] HTTPS

Version 1.0
557
 AWS General Reference Reference guide
AWS Resource Groups

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Version 1.0
558
 AWS General Reference Reference guide
AWS Resource Groups Tagging API

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Resource groups per account Each supported Region: 100 Yes

AWS Resource Groups Tagging API

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
559
 AWS General Reference Reference guide
AWS Resource Groups Tagging API

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
560
 AWS General Reference Reference guide
AWS RoboMaker

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

AWS RoboMaker endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Service quotas
Name Default Adjustable

Batch timeout Each supported Region: 14 No

Version 1.0
561
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Concurrent GPU simulation jobs Each supported Region: 1 Yes

Concurrent World Export Jobs Each supported Region: 3 Yes

Concurrent World Generation Jobs Each supported Region: 3 Yes

Concurrent deployment jobs Each supported Region: 20 Yes

Concurrent simulation job batches Each supported Region: 5 Yes

Concurrent simulation jobs us-east-1: 10 Yes

us-west-2: 10

Each of the other supported

Regions: 5

Fleets Each supported Region: 20 Yes

GPU Simulation Job Creation Rate Per Minute Each supported Region: 2 No

Minimum batch timeout Each supported Region: 5 No

Minimum simulation duration Each supported Region: 5 No

Robot applications Each supported Region: 40 Yes

Robots Each supported Region: 100 Yes

Robots per fleet Each supported Region: 100 Yes

Simulation Job Creation Rate Per Minute us-east-1: 10 No

us-west-2: 10

Each of the other supported

Regions: 5

Simulation applications Each supported Region: 40 Yes

Simulation duration Each supported Region: 14 No

Simulation job requests per batch Each supported Region: 20 Yes

Source size Each supported Region: 5 No

Gigabytes

Versions per robot application Each supported Region: 40 Yes

Versions per simulation application Each supported Region: 40 Yes

World Templates Per Account Each supported Region: 40 Yes

Worlds Per Export Job Each supported Region: 1 No

Worlds Per Generation Job Each supported Region: 50 No

Version 1.0
562
 AWS General Reference Reference guide
Route 53

Amazon Route 53 endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Hosted zones, records, health checks, DNS query logs, reusable
delegation sets, traffic policies, and cost allocation tags
When you use the AWS CLI or SDKs to submit requests, you can either leave the Region and endpoint
unspecified, or specify the applicable Region:

• Route 53 in AWS Regions other than the Beijing and Ningxia Regions: specify us-east-1 as the Region.
• Route 53 in the Beijing and Ningxia Regions: specify cn-northwest-1.

When you use the Route 53 API to submit requests, use the same Regions as above to sign requests.
For more information about signing Route 53 API requests, see Signature Version 4 signing
process (p. 755).

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
563
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
564
 AWS General Reference Reference guide
Service endpoints

Requests for domain registration

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

Requests for Route 53 Resolver

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
565
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Requests for Route 53 auto naming

Amazon Route 53 auto naming has been released as a separate service, AWS Cloud Map. For a list of
service endpoints, see Service endpoints (p. 104). For AWS Cloud Map documentation, see AWS Cloud
Map Documentation.

Service quotas
Name Default Adjustable

Amazon VPCs that you can associate with a private hosted Each supported Region: 300 Yes
zone

Version 1.0
566
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Authorizations that let you associate VPCs with a hosted Each supported Region: 100 No
zone that was created by another account

Child health checks that a calculated health check can Each supported Region: 255 No
monitor

Geolocation records that have the same name and type Each supported Region: 100 No

Geoproximity records that have the same name and type Each supported Region: 30 No

Health checks Each supported Region: 200 Yes

Hosted zones Each supported Region: 500 Yes

Hosted zones that can use the same reusable delegation set Each supported Region: 100 Yes

Key signing keys per hosted zone Each supported Region: 2 No

Multivalue answer records that have the same name and Each supported Region: 100 No
type

Query log configurations per hosted zone Each supported Region: 1 No

Records per hosted zone Each supported Region: Yes

10,000

Reusable delegation sets Each supported Region: 100 Yes

Traffic flow policies Each supported Region: 50 Yes

Traffic flow policy records Each supported Region: 5 Yes

Traffic flow policy versions per traffic flow policy Each supported Region: No
1,000

Values in a record Each supported Region: 400 No

Weighted records that have the same name and type Each supported Region: 100 No

The following quotas are for Route 53 Resolver.

Name Default Adjustable

Associations between resolver rules and VPCs per AWS Each supported Region: Yes
Region 2,000

DNS Firewall rule group associations per VPC Each supported Region: 5 No

DNS Firewall rules groups per Region Each supported Region: Yes
1,000

Domain lists per account Each supported Region: Yes

1,000

Domains in a file imported from S3 Each supported Region: Yes

250,000

Version 1.0
567
 AWS General Reference Reference guide
SageMaker

Name Default Adjustable

Domains per account Each supported Region: Yes

100,000

IP addresses per resolver endpoint Each supported Region: 6 Yes

Maximum number of resolver endpoints per AWS Region Each supported Region: 4 Yes

Resolver rules per AWS Region Each supported Region: Yes

1,000

Rules in a DNS Firewall rule group Each supported Region: 100 Yes

Target IP addresses per resolver rule Each supported Region: 6 No

For more information, see Route 53 quotas in the Amazon Route 53 Developer Guide.

Amazon SageMaker endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
The following table provides a list of Region-specific endpoints that SageMaker supports for training
and deploying models. This include creating and managing notebook instances, training jobs, model,
endpoint configurations, and endpoints.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
api-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
api-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) api-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
api-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Version 1.0
568
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
569
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) api-fi[Link]-gov- HTTPS
[Link]

The following table provides a list of Region-specific endpoints that Amazon SageMaker supports for
making inference requests against models hosted in SageMaker.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
runtime-fi[Link]- HTTPS
[Link]

US East (N. us-east-1 [Link] HTTPS

Virginia)
runtime-fi[Link]- HTTPS
[Link]

US us-west-1 [Link] HTTPS

West (N.
California) runtime-fi[Link]- HTTPS
[Link]

US West us-west-2 [Link] HTTPS

(Oregon)
runtime-fi[Link]- HTTPS
[Link]

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-3 [Link]
(Osaka)

Version 1.0
570
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link]-gov- HTTPS

GovCloud west-1 [Link]
(US-West) HTTPS
[Link]-gov-
[Link]

Version 1.0
571
 AWS General Reference Reference guide
Service quotas

Service quotas
Depending on your activities and resource usage over time, your SageMaker quotas might be different
from the default SageMaker quotas listed in the following tables. The default quotas in this page are
based on new accounts. If you encounter error messages that you've exceeded your quota, use AWS
Support to request a service limit increase for SageMaker resources you want to scale up. For instructions
on how to request a service limit increase, see Supported Regions and Quotas in the Amazon SageMaker
Developer Guide. For information on Amazon EC2 instance types, see Amazon EC2 Instance Types.

SageMaker Studio

Resource Default

Total Studio Domains per AWS account 1

[Link] 0

[Link] 0

KernelGateway-ml.c5.2xlarge 0

KernelGateway-ml.c5.4xlarge 0

KernelGateway-ml.c5.9xlarge 0

KernelGateway-ml.c5.12xlarge 0

KernelGateway-ml.c5.18xlarge 0

KernelGateway-ml.c5.24xlarge 0

[Link] 0

KernelGateway-ml.g4dn.2xlarge 0

KernelGateway-ml.g4dn.4xlarge 0

KernelGateway-ml.g4dn.8xlarge 0

KernelGateway-ml.g4dn.12xlarge 0

KernelGateway-ml.g4dn.16xlarge 0

[Link] 0

[Link] 0

KernelGateway-ml.m5.2xlarge 0

KernelGateway-ml.m5.4xlarge 1

KernelGateway-ml.m5.8xlarge 0

KernelGateway-ml.m5.12xlarge 0

KernelGateway-ml.m5.16xlarge 0

KernelGateway-ml.m5.24xlarge 0

KernelGateway-ml.p3.2xlarge 0

KernelGateway-ml.p3.8xlarge 0

Version 1.0
572
 AWS General Reference Reference guide
Service quotas

Resource Default

KernelGateway-ml.p3.16xlarge 0

[Link] 2

[Link] 0

[Link] 0

KernelGateway-ml.t3.2xlarge 0

Maximum number of UserProfiles per Domain 2

Maximum number of Running Apps per Domain 20

Maximum number of custom images per Domain 30

Maximum number of custom images per UserProfile 5

SageMaker Images

Resource Default

Number of SageMaker Images 250

Number of image versions per SageMaker image 1,000

SageMaker Notebooks

Resource Default

[Link] instances 2

[Link] instances 0

[Link] instances 0

ml.t2.2xlarge instances 0

[Link] instances 2

[Link] instances 0

[Link] instances 0

ml.t3.2xlarge instances 0

[Link] instances 0

ml.m4.2xlarge instances 0

ml.m4.4xlarge instances 0

ml.m4.10xlarge instances 0

ml.m4.16xlarge instances 0

[Link] instances 0

Version 1.0
573
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.m5.2xlarge instances 0

ml.m5.4xlarge instances 0

ml.m5.12xlarge instances 0

ml.m5.24xlarge instances 0

[Link] instances 0

ml.c4.2xlarge instances 0

ml.c4.4xlarge instances 0

ml.c4.8xlarge instances 0

[Link] instances 0

ml.c5.2xlarge instances 0

ml.c5.4xlarge instances 0

ml.c5.9xlarge instances 0

ml.c5.18xlarge instances 0

[Link] instances 0

ml.c5d.2xlarge instances 0

ml.c5d.4xlarge instances 0

ml.c5d.9xlarge instances 0

ml.c5d.18xlarge instances 0

[Link] instances 0

ml.p2.8xlarge instances 0

ml.p2.16xlarge instances 0

ml.p3.2xlarge instances 0

ml.p3.8xlarge instances 0

ml.p3.16xlarge instances 0

[Link] instances 2

ml.g4dn.2xlarge instances 2

ml.g4dn.4xlarge instances 2

ml.g4dn.8xlarge instances 2

ml.g4dn.12xlarge instances 2

ml.g4dn.16xlarge instances 2

[Link] instances 0

Version 1.0
574
 AWS General Reference Reference guide
Service quotas

Resource Default

[Link] instances 0

[Link] instances 0

[Link] instances 0

[Link] instances 0

[Link] instances 0

Number of accelerators 0

Number of notebook instances 4

EBS volume size in GB for an instance 102400

SageMaker Ground Truth

Resource Default

Total labeling jobs 1

Total streaming labeling jobs 0

Max dataset objects per labeling job 10,000

Number of workteams 25

SageMaker Projects

Resource Default

Number of projects 500

SageMaker Pipelines

Resource Default

Number of pipelines 5,000

SageMaker Pipeline Executions

Resource Default

Maximum execution time 28 days

Concurrent pipeline executions per account 200

Concurrent pipeline executions per pipeline 200

Version 1.0
575
 AWS General Reference Reference guide
Service quotas

Parameters
Resource Default

Parameters per pipeline 50

Parameter name length 64 characters

Parameters name regular expression pattern ([A-Za-z0-9\\-_])*

Parameter description length 4,096 characters

Parameter enum values 16 distinct values

SageMaker Condition Steps

Resource Default

Conditions per ConditionStep 200

Steps in If-List 20

Steps in Else-List 20

Conditions in Or-List 200

Property Files
Resource Default

PropertyFiles in a pipeline 10

JsonGet functions in a pipeline 200

Size of the property file 2 MB

SageMaker Metadata
Resource Default

Maximum number of metadata 20 key-value pairs

Metadata key size 128 characters

Metadata key regular expression pattern ([A-Za-z0-9\\-_])*

Maximum metadata value size 1024 characters

Metadata value regular expression pattern [\\p{M}\\p{L}\\p{S}\\p{S}\

\p{N}\\p{P}\\s

SageMaker Feature Store

Resource Default

Number of feature groups 10

Concurrent feature group creation workflows 4

Version 1.0
576
 AWS General Reference Reference guide
Service quotas

SageMaker Processing

Resource Default

[Link] 4

ml.c4.2xlarge 4

ml.c4.4xlarge 4

ml.c4.8xlarge 4

[Link] 4

ml.c5.2xlarge 4

ml.c5.4xlarge 1

ml.c5.9xlarge 1

ml.c5.18xlarge 1

[Link] 0

ml.g4dn.2xlarge 0

ml.g4dn.4xlarge 0

ml.g4dn.8xlarge 0

ml.g4dn.12xlarge 0

ml.g4dn.16xlarge 0

[Link] 4

ml.m4.2xlarge 4

ml.m4.4xlarge 2

ml.m4.10xlarge 1

ml.m4.16xlarge 1

[Link] 4

[Link] 4

ml.m5.2xlarge 4

ml.m5.4xlarge 2

ml.m5.12xlarge 0

ml.m5.24xlarge 0

[Link] 0

ml.p2.8xlarge 0

ml.p2.16xlarge 0

ml.p3.2xlarge 0

Version 1.0
577
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.p3.8xlarge 0

ml.p3.16xlarge 0

[Link] 4

[Link] 4

ml.r5.2xlarge 4

ml.r5.4xlarge 1

ml.r5.8xlarge 1

ml.r5.12xlarge 1

ml.r5.16xlarge 1

ml.r5.24xlarge 0

[Link] 4

[Link] 4

[Link] 2

ml.t3.2xlarge 0

Longest run time for a processing job 5 days

Number of instances across a single processing job 4

Total number of instances across all processing jobs 20

Size of EBS volume for an instance 1 TB

Note
In case of SageMaker training, on-demand and spot instance quotas are tracked and modified
separately. For example, with the default quotas, you can run up to 20 training jobs with
[Link] on-demand instances and up to 20 training jobs with [Link] spot instances
simultaneously.

SageMaker Training

Resource Default

[Link] instances 4

ml.c4.2xlarge instances 4

ml.c4.4xlarge instances 4

ml.c4.8xlarge instances 4

[Link] instances 4

ml.c5.2xlarge instances 4

ml.c5.4xlarge instances 1

Version 1.0
578
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.c5.9xlarge instances 1

ml.c5.18xlarge instances 0

[Link] instances 0

ml.c5n.2xlarge instances 0

ml.c5n.4xlarge instances 0

ml.c5n.9xlarge instances 0

ml.c5n.18xlarge instances 0

[Link] instances 0

ml.g4dn.2xlarge instances 0

ml.g4dn.4xlarge instances 0

ml.g4dn.8xlarge instances 0

ml.g4dn.12xlarge instances 0

ml.g4dn.16xlarge instances 0

[Link] instances 0

ml.g5.2xlarge instances 0

ml.g5.4xlarge instances 0

ml.g5.8xlarge instances 0

ml.g5.12xlarge instances 0

ml.g5.16xlarge instances 0

ml.g5.24xlarge instances 0

ml.g5.48xlarge instances 0

[Link] instances 4

ml.m4.2xlarge instances 4

ml.m4.4xlarge instances 2

ml.m4.10xlarge instances 0

ml.m4.16xlarge instances 0

[Link] instances 4

[Link] instances 4

ml.m5.2xlarge instances 4

ml.m5.4xlarge instances 20

ml.m5.12xlarge instances 0

Version 1.0
579
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.m5.24xlarge instances 0

[Link] instances 0

ml.p2.8xlarge instances 0

ml.p2.16xlarge instances 0

ml.p3.2xlarge instances 0

ml.p3.8xlarge instances 0

ml.p3.16xlarge instances 0

ml.p3dn.24xlarge instances 0

ml.p4d.24xlarge instances 0

The longest run time for a training job 5 days

Number of instances per single training job 4

Total number of instances across training jobs 20

Size of EBS volume for an instance 1 TB

SageMaker Managed Spot Training

Resource Default

[Link] instances 4

ml.c4.2xlarge instances 4

ml.c4.4xlarge instances 4

ml.c4.8xlarge instances 4

[Link] instances 4

ml.c5.2xlarge instances 4

ml.c5.4xlarge instances 1

ml.c5.9xlarge instances 1

ml.c5.18xlarge instances 0

[Link] instances 0

ml.c5n.2xlarge instances 0

ml.c5n.4xlarge instances 0

ml.c5n.9xlarge instances 0

ml.c5n.18xlarge instances 0

[Link] instances 0

Version 1.0
580
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.g4dn.2xlarge instances 0

ml.g4dn.4xlarge instances 0

ml.g4dn.8xlarge instances 0

ml.g4dn.12xlarge instances 0

ml.g4dn.16xlarge instances 0

[Link] instances 4

ml.m4.2xlarge instances 4

ml.m4.4xlarge instances 2

ml.m4.10xlarge instances 0

ml.m4.16xlarge instances 0

[Link] instances 4

[Link] instances 4

ml.m5.2xlarge instances 4

ml.m5.4xlarge instances 2

ml.m5.12xlarge instances 0

ml.m5.24xlarge instances 0

[Link] instances 0

ml.p2.8xlarge instances 0

ml.p2.16xlarge instances 0

ml.p3.2xlarge instances 0

ml.p3.8xlarge instances 0

ml.p3.16xlarge instances 0

ml.p3dn.24xlarge instances 0

ml.p4d.24xlarge instances 0

Number of instances across training jobs 4

Number of instances per training job 20

SageMaker Autopilot

Resource Regions Default limits Can be increased up to

Size of input dataset All 100 GB Hundreds of GBs

Size of a single Parquet All 2 GB Tens of GBs

file*

Version 1.0
581
 AWS General Reference Reference guide
Service quotas

Resource Regions Default limits Can be increased up to

Target dataset size for All 5 GB Hundreds of GBs

subsampling**

Number of concurrent us-east-1, us-east-2,us- 4 Hundreds

SageMaker Autopilot west-2, ap-northeast-1,
jobs eu-west-1, eu-central-1

ap-northeast-2, ap- 2 Hundreds

southeast-2, eu-west-2,
ap-southeast-1

All other regions 1 Tens

Note
*This 2 GB size limit is for a single compressed Parquet file. You can provide a Parquet dataset
that includes multiple compressed Parquet files. After the files are decompressed, they may
each expand to a larger size.
**SageMaker Autopilot automatically subsamples input datasets that are larger than the target
dataset size while accounting for class imbalance and preserving rare class labels.
The resource quotas documented in the following sections are valid for versions of Amazon
SageMaker Studio 3.22.2 and higher. For information on updating your version of SageMaker
Studio, see Update SageMaker Studio and Studio Apps
You can increase these limits by contacting AWS Support [Link] instructions on how to
request increases, see Update SageMaker Studio and Studio Apps.

SageMaker Automatic Model Hyperparameter Tuning

Resource Default

Number of concurrent hyperparameter tuning jobs 100

Number of parallel training jobs per hyperparameter tuning job 10

Number of training jobs per hyperparameter tuning job 500

SageMaker Experiments (Lineage Tracking / Experiment Tracking)

Resource Default

Experiments 5,000

Trial components 20,000

Trial components in a single trial 50

Trials in a single experiment 300

Trials a single trial component can be associated with 500

Number of actions 3,000

Number of artifacts 6,000

Number of associations 6,000

Number of contexts 500

Version 1.0
582
 AWS General Reference Reference guide
Service quotas

Note
Use AWS Support to request a service limit increase in order to use an instance with a default
quota of 0.

SageMaker Hosting

Resource Default

[Link] instances 0

[Link] instances 0

ml.c4.2xlarge instances 0

ml.c4.4xlarge instances 0

ml.c4.8xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.c5.2xlarge instances 0

ml.c5.4xlarge instances 0

ml.c5.9xlarge instances 0

ml.c5.12xlarge instances 0

ml.c5.18xlarge instances 0

ml.c5.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.c5d.2xlarge instances 0

ml.c5d.4xlarge instances 0

ml.c5d.9xlarge instances 0

ml.c5d.18xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.c5n.2xlarge instances 0

ml.c5n.4xlarge instances 0

ml.c5n.9xlarge instances 0

ml.c5n.18xlarge instances 0

[Link] instances 0

ml.g4dn.2xlarge instances 0

ml.g4dn.4xlarge instances 0

Version 1.0
583
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.g4dn.8xlarge instances 0

ml.g4dn.12xlarge instances 0

ml.g4dn.16xlarge instances 0

[Link] instances 2

ml.m4.2xlarge instances 0

ml.m4.4xlarge instances 0

ml.m4.10xlarge instances 0

ml.m4.16xlarge instances 0

[Link] instances 2

[Link] instances 0

ml.m5.2xlarge instances 0

ml.m5.4xlarge instances 0

ml.m5.8xlarge instances 0

ml.m5.12xlarge instances 0

ml.m5.16xlarge instances 0

ml.m5.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.m5d.2xlarge instances 0

ml.m5d.4xlarge instances 0

ml.m5d.8xlarge instances 0

ml.m5d.12xlarge instances 0

ml.m5d.16xlarge instances 0

ml.m5d.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.m5dn.2xlarge instances 0

ml.m5dn.4xlarge instances 0

ml.m5dn.8xlarge instances 0

ml.m5dn.12xlarge instances 0

ml.m5dn.16xlarge instances 0

Version 1.0
584
 AWS General Reference Reference guide
Service quotas

Resource Default

ml.m5dn.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.m5n.2xlarge instances 0

ml.m5n.4xlarge instances 0

ml.m5n.8xlarge instances 0

ml.m5n.12xlarge instances 0

ml.m5n.16xlarge instances 0

ml.m5n.24xlarge instances 0

[Link] instances 0

ml.p2.8xlarge instances 0

ml.p2.16xlarge instances 0

ml.p3.2xlarge instances 0

ml.p3.8xlarge instances 0

ml.p3.16xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.r5.2xlarge instances 0

ml.r5.4xlarge instances 0

ml.r5.8xlarge instances 0

ml.r5.12xlarge instances 0

ml.r5.16xlarge instances 0

ml.r5.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.r5d.2xlarge instances 0

ml.r5d.4xlarge instances 0

ml.r5d.8xlarge instances 0

ml.r5d.12xlarge instances 0

ml.r5d.16xlarge instances 0

ml.r5d.24xlarge instances 0

Version 1.0
585
 AWS General Reference Reference guide
Service quotas

Resource Default

[Link] instances 0

[Link] instances 0

ml.r5dn.2xlarge instances 0

ml.r5dn.4xlarge instances 0

ml.r5dn.8xlarge instances 0

ml.r5dn.12xlarge instances 0

ml.r5dn.16xlarge instances 0

ml.r5dn.24xlarge instances 0

[Link] instances 0

[Link] instances 0

ml.r5n.2xlarge instances 0

ml.r5n.4xlarge instances 0

ml.r5n.8xlarge instances 0

ml.r5n.12xlarge instances 0

ml.r5n.16xlarge instances 0

ml.r5n.24xlarge instances 0

[Link] instances 2

[Link] instances 0

[Link] instances 0

ml.t2.2xlarge instances 0

[Link] instances 2

[Link] instances 0

[Link] instances 0

ml.t3.2xlarge instances 0

Number of instances across endpoints 2

Number of instances per endpoint 0

Number of accelerators per endpoint 4

Total TPS for all endpoints 10,000

Maximum payload size for endpoint invocation 6 MB

Inference timeout for endpoint invocation 60 seconds

Version 1.0
586
 AWS General Reference Reference guide
Service quotas

SageMaker Batch Transform

Resource Default

[Link] instances 4

ml.c4.2xlarge instances 4

ml.c4.4xlarge instances 4

ml.c4.8xlarge instances 4

[Link] instances 4

ml.c5.2xlarge instances 4

ml.c5.4xlarge instances 1

ml.c5.9xlarge instances 1

ml.c5.18xlarge instances 1

[Link] 0

ml.g4dn.2xlarge 0

ml.g4dn.4xlarge 0

ml.g4dn.8xlarge 0

ml.g4dn.12xlarge 0

ml.g4dn.16xlarge 0

[Link] instances 4

ml.m4.2xlarge instances 4

ml.m4.4xlarge instances 2

ml.m4.10xlarge instances 1

ml.m4.16xlarge instances 1

[Link] instances 4

[Link] instances 4

ml.m5.2xlarge instances 4

ml.m5.4xlarge instances 2

ml.m5.12xlarge instances 0

ml.m5.24xlarge instances 0

[Link] instances 0

ml.p2.8xlarge instances 0

ml.p2.16xlarge instances 0

ml.p3.2xlarge instances 0

Version 1.0
587
 AWS General Reference Reference guide
Secrets Manager

Resource Default

ml.p3.8xlarge instances 0

ml.p3.16xlarge instances 0

Number of instances per transform job 4

SageMaker Human Task UI

Resource Default

Number of human task UIs 100

SageMaker Serverless Inference

Resource Default

Maximum concurrent invocations per endpoint variant 50

Maximum number of serverless endpoint variants per Region in an 50

account

Maximum concurrent invocations per Region in an account 200

Maximum memory size per endpoint variant 6144 MB

AWS Secrets Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
secretsmanager-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
secretsmanager-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) secretsmanager-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
secretsmanager-fi[Link] HTTPS

Version 1.0
588
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
secretsmanager-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Version 1.0
589
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) secretsmanager-fi[Link]-gov- HTTPS
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) secretsmanager-fi[Link]-gov- HTTPS
[Link]

Service quotas

Name Default Adjustable

Combined rate of DeleteResourcePolicy, GetResourcePolicy, Each supported Region: 50 No

PutResourcePolicy, and ValidateResourcePolicy API requests per second

Combined rate of DescribeSecret and GetSecretValue API Each supported Region: No

requests 5,000 per second

Combined rate of ListSecrets and ListSecretVersionIds API Each supported Region: 50 No

requests per second

Combined rate of PutSecretValue, Each supported Region: 50 No

RemoveRegionsFromReplication, ReplicateSecretToRegion, per second
StopReplicationToReplica, UpdateSecret, and
UpdateSecretVersionStage API requests

Combined rate of RestoreSecret API requests Each supported Region: 50 No

per second

Combined rate of RotateSecret and CancelRotateSecret API Each supported Region: 50 No

requests per second

Combined rate of TagResource and UntagResource API Each supported Region: 50 No

requests per second

Rate of CreateSecret API requests Each supported Region: 50 No

per second

Rate of DeleteSecret API requests Each supported Region: 50 No

per second

Version 1.0
590
 AWS General Reference Reference guide
Security Hub

Name Default Adjustable

Rate of GetRandomPassword API requests Each supported Region: 50 No

per second

Resource-based policy length Each supported Region: No

20,480

Secret value size Each supported Region: No

65,536 Bytes

Secrets Each supported Region: No

500,000

Staging labels attached across all versions of a secret Each supported Region: 20 No

Versions per secret Each supported Region: 100 No

AWS Security Hub endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
securityhub-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
securityhub-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) securityhub-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
securityhub-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
591
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) securityhub-fi[Link] HTTPS

Version 1.0
592
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) securityhub-fi[Link] HTTPS

Service quotas
Name Default Adjustable

Number of Security Hub member accounts Each supported Region: No

5,000

Number of Security Hub outstanding invitations Each supported Region: No

1,000

Number of custom actions Each supported Region: 50 No

Number of custom insights Each supported Region: 100 No

Number of insight results Each supported Region: 100 No

Security Hub finding retention time Each supported Region: 90 No

AWS Security Token Service endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
By default, the AWS Security Token Service (AWS STS) is available as a global service, and all STS
requests go to a single endpoint at [Link] AWS recommends using Regional
STS endpoints to reduce latency, build in redundancy, and increase session token validity. Most Regional
endpoints are active by default, but you must manually enable endpoints for some Regions, such as Asia
Pacific (Hong Kong). You can deactivate STS endpoints for any Regions that are enabled by default if you
do not intend to use those Regions.

For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
sts-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
sts-fi[Link] HTTPS

Version 1.0
593
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California) sts-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
sts-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
594
 AWS General Reference Reference guide
AWS SMS

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

AWS Server Migration Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
sms-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
sms-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) sms-fi[Link] HTTPS

Version 1.0
595
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)
sms-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
596
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) sms-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) sms-fi[Link] HTTPS

Service quotas
Name Default Adjustable

Concurrent VM migrations Each supported Region: 50 Yes

Duration of service usage per VM in days Each supported Region: 90 Yes

Service Quotas endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Version 1.0
597
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
598
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Active requests per account per Region Each supported Region: 2 No

Active requests per quota Each supported Region: 1 No

Throttle rate for GetAWSDefaultServiceQuota Each supported Region: 5 per No

second

Throttle rate for GetRequestedServiceQuotaChange Each supported Region: 5 per No

second

Throttle rate for GetServiceQuota Each supported Region: 5 per No

second

Throttle rate for ListAWSDefaultServiceQuotas Each supported Region: 10 No

per second

Throttle rate for ListRequestedServiceQuotaChangeHistory Each supported Region: 5 per No

second

Throttle rate for Each supported Region: 5 per No

ListRequestedServiceQuotaChangeHistoryByQuota second

Throttle rate for ListServiceQuotas Each supported Region: 10 No

per second

Throttle rate for ListServices Each supported Region: 10 No

per second

Throttle rate for ListTagsForResource Each supported Region: 10 No

per second

Throttle rate for RequestServiceQuotaIncrease Each supported Region: 3 per No

second

Throttle rate for TagResource Each supported Region: 10 No

per second

Version 1.0
599
 AWS General Reference Reference guide
AWS Serverless Application Repository

Name Default Adjustable

Throttle rate for UntagResource Each supported Region: 10 No

per second

AWS Serverless Application Repository endpoints

and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
600
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

Application policy length Each supported Region: No

6,144

Free Amazon S3 storage for code packages Each supported Region: 5 No

Gigabytes

Public applications Each supported Region: 100 Yes

For more information, see AWS Serverless Application Repository Quotas in the AWS Serverless
Application Repository Developer Guide.

Version 1.0
601
 AWS General Reference Reference guide
AWS Service Catalog

AWS Service Catalog endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see Amazon service endpoints. Service
quotas, also referred to as limits, are the maximum number of service resources or operations for your
AWS account. For more information, see Amazon service quotas.

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
servicecatalog-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
servicecatalog-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) servicecatalog-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
servicecatalog-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
602
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) servicecatalog-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) servicecatalog-fi[Link]-gov- HTTPS
[Link]

Service quotas

Name Default Adjustable

Applications per region Each supported Region: 100 Yes

Attribute groups per application Each supported Region: 100 Yes

Attribute groups per region Each supported Region: 100 Yes

Delegated administrators per organization Each supported Region: 50 No

Version 1.0
603
 AWS General Reference Reference guide
Shield Advanced

Name Default Adjustable

Portfolios per region Each supported Region: 100 Yes

Product versions per product Each supported Region: 100 Yes

Products per portfolio Each supported Region: 150 Yes

Products per region Each supported Region: 350 Yes

Resources per application Each supported Region: 200 Yes

Service action associations per provisioning artifact Each supported Region: 25 No

Service actions per region Each supported Region: 200 No

Shared accounts per portfolio Each supported Region: No

5,000

TagOptions per resource Each supported Region: 25 No

Tags per portfolio Each supported Region: 20 No

Tags per product Each supported Region: 20 No

Tags per provisioned product Each supported Region: 50 No

Users, groups, and roles per portfolio Each supported Region: 100 Yes

Users, groups, and roles per product Each supported Region: 200 Yes

Values per TagOption Each supported Region: 25 No

For more information, see AWS Service Catalog default service quotas in the AWS Service Catalog
Administrator Guide.

AWS Shield Advanced endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link] HTTPS

shield-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
604
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name
[Link] HTTPS

shield-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) [Link] HTTPS

shield-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link] HTTPS

shield-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) [Link] HTTPS

shield-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong [Link] HTTPS
Kong)
shield-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) [Link] HTTPS

shield-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) [Link] HTTPS

shield-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) [Link] HTTPS

shield-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link] HTTPS

shield-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link] HTTPS

shield-fi[Link] HTTPS

Version 1.0
605
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link] HTTPS

shield-fi[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
[Link] HTTPS

shield-fi[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link] HTTPS

shield-fi[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) [Link] HTTPS

shield-fi[Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São [Link] HTTPS
Paulo)
shield-fi[Link] HTTPS

Version 1.0
606
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

Elastic IP address protections Each supported Region: Yes

1,000

Elastic Load Balancing load balancer protections Each supported Region: Yes
1,000

Amazon Simple Email Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
API Endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)
email-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)
email-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Version 1.0
607
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) email-fi[Link] HTTPS

SMTP Endpoints
Note
SMTP endpoints are not currently available in Africa (Cape Town), Europe (Milan), Middle East
(Bahrain).

Version 1.0
608
 AWS General Reference Reference guide
Service endpoints

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link]- SMTP

[Link]

US East (N. us-east-1 [Link]- SMTP

Virginia) [Link]

email-smtp-
fi[Link]-
[Link]

US West (N. us-west-1 [Link]- SMTP

California) [Link]

US West (Oregon) us-west-2 [Link]- SMTP

[Link]

email-smtp-
fi[Link]-
[Link]

Asia Pacific ap-south-1 [Link]- SMTP

(Mumbai) [Link]

Asia Pacific ap-northeast-3 [Link]- SMTP

(Osaka) [Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- SMTP

[Link]

Asia Pacific ap-southeast-1 [Link]- SMTP

(Singapore) [Link]

Asia Pacific ap-southeast-2 [Link]- SMTP

(Sydney) [Link]

Asia Pacific ap-northeast-1 [Link]- SMTP

(Tokyo) [Link]

Canada (Central) ca-central-1 [Link]- SMTP

[Link]

Europe (Frankfurt) eu-central-1 [Link]- SMTP

[Link]

Europe (Ireland) eu-west-1 [Link]- SMTP

[Link]

Europe (London) eu-west-2 [Link]- SMTP

[Link]

Europe (Paris) eu-west-3 [Link]- SMTP

[Link]

Europe eu-north-1 [Link]- SMTP

(Stockholm) [Link]

South America sa-east-1 [Link]- SMTP

(São Paulo) [Link]

Version 1.0
609
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

AWS GovCloud us-gov-west-1 email- SMTP

(US) [Link]-gov-
[Link]

email-smtp-
fi[Link]-gov-
[Link]

DKIM Domains

Region Name Region AWS DKIM

domain

Africa (Cape Town) af-south-1 [Link]-

[Link]

Asia Pacific ap-northeast-3 [Link]-

(Osaka) [Link]

Europe (Milan) eu-south-1 [Link]-

[Link]

All other regions [Link]

Email Receiving Endpoints

Amazon SES doesn't support email receiving in the following Regions: US East (Ohio), US West (N.
California) Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (London), Europe
(Paris), Europe (Stockholm), Middle East (Bahrain), South America (São Paulo), and AWS GovCloud (US).

Region Name Region Receiving

Endpoint

US East (N. us-east-1 [Link]-

Virginia) [Link]

US West (Oregon) us-west-2 [Link]-

[Link]

Europe (Ireland) eu-west-1 [Link]-

[Link]

Service quotas

Name Default Adjustable

Sending quota Each supported Region: 200 Yes

Sending rate Each supported Region: 1 Yes

Version 1.0
610
 AWS General Reference Reference guide
AWS Signer

For more information, see Service quotas in Amazon SES in the Amazon Simple Email Service Developer
Guide.

AWS Signer endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints with Lambda

Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
signer-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
signer-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) signer-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
signer-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
611
 AWS General Reference Reference guide
Service endpoints with IoT

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service endpoints with IoT

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US West (N. California) us-west-1 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Africa (Cape Town) af-south-1 [Link]- HTTPS

[Link]

Version 1.0
612
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

Asia Pacific (Hong ap-east-1 [Link]- HTTPS

Kong) [Link]

Asia Pacific (Mumbai) ap-south-1 [Link]- HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 [Link]- HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 [Link]- HTTPS

[Link]

Asia Pacific (Tokyo) ap-northeast-1 [Link]- HTTPS

[Link]

Canada (Central) ca-central-1 [Link]- HTTPS

[Link]

China (Beijing) cn-north-1 [Link]- HTTPS

[Link]

China (Ningxia) cn-northwest-1 [Link]- HTTPS

[Link]

Europe (Frankfurt) eu-central-1 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Europe (London) eu-west-2 [Link]- HTTPS

[Link]

Europe (Milan) eu-south-1 [Link]- HTTPS

[Link]

Europe (Paris) eu-west-3 [Link]- HTTPS

[Link]

Europe (Stockholm) eu-north-1 [Link]- HTTPS

[Link]

Middle East (Bahrain) me-south-1 [Link]- HTTPS

[Link]

South America (São sa-east-1 [Link]- HTTPS

Paulo) [Link]

Service quotas
Name Default Adjustable

API calls per second Each supported Region: 25 No

Version 1.0
613
 AWS General Reference Reference guide
AWS Sign-In

Name Default Adjustable

Rate of AddProfilePermission requests Each supported Region: 3 Yes

Rate of CancelSigningProfile requests Each supported Region: 3 Yes

Rate of DescribeSigningJob requests Each supported Region: 6 Yes

Rate of GetSigningPlatform requests Each supported Region: 3 Yes

Rate of GetSigningProfile requests Each supported Region: 3 Yes

Rate of ListProfilePermissions requests Each supported Region: 6 Yes

Rate of ListSigningJobs requests Each supported Region: 6 Yes

Rate of ListSigningPlatforms requests Each supported Region: 6 Yes

Rate of ListSigningProfiles requests Each supported Region: 6 Yes

Rate of ListTagsForResource requests Each supported Region: 6 Yes

Rate of PutSigningProfile requests Each supported Region: 3 Yes

Rate of RemoveProfilePermission requests Each supported Region: 3 Yes

Rate of RevokeSignature requests Each supported Region: 3 Yes

Rate of RevokeSigningProfile requests Each supported Region: 3 Yes

Rate of StartSigningJob requests Each supported Region: 3 Yes

Rate of TagResource requests Each supported Region: 3 Yes

Rate of UntagResource requests Each supported Region: 3 Yes

AWS Sign-In endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

Version 1.0
614
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Version 1.0
615
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

Service quotas
AWS Sign-In has no increasable quotas.

Amazon Simple Notification Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Version 1.0
616
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Version 1.0
617
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East)

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West)

FIFO topics

FIFO topics are supported in all Regions except the following:

• AWS GovCloud (US-East)

• AWS GovCloud (US-West)

Service quotas
The following quotas determine how many Amazon SNS resources you can create in your AWS account,
and they determine the rate at which you can issue Amazon SNS API requests.

Amazon SNS resource

To request an increase, submit an SNS Quota Increase case.

Resource Default

Topics • Standard: 100,000 per

account
• FIFO: 1,000 per account

Subscriptions • Standard: 12,500,000 per

topic

For Kinesis Data Firehose

delivery streams, 5 per topic,
per subscription owner
• FIFO: 100 per topic

Pending subscriptions 5,000 per account

Account spend threshold for SMS 1.00 USD per account

Delivery rate for promotional SMS messages 20 messages per second

Version 1.0
618
 AWS General Reference Reference guide
Service quotas

Resource Default

Delivery rate for transactional SMS messages 20 messages per second

Delivery rate for email messages 10 messages per second

Maximum number of messages in PublishBatchRequest 10 PublishBatchRequestEntries

Subscription filter policies 200 per account

Amazon SNS API throttling

The following quotas throttle the rate at which you can issue Amazon SNS API requests.

Hard
The following quotas cannot be increased.

API Transactions per second

CheckIfPhoneNumberIsOptedOut 50

CreateSMSSandboxPhoneNumber 1

DeleteSMSSandboxPhoneNumber 1

GetSMSAttributes 20

GetSMSSandboxAccountStatus 10

ListEndpointsByPlatformApplication 30

ListOriginationNumbers 1

ListPhoneNumbersOptedOut 10

ListSMSSandboxPhoneNumbers 1

ListTopics 30

ListPlatformApplications 15

ListSubscriptions 30

ListSubscriptionsByTopic 30

OptInPhoneNumber 20

SetSMSAttributes 1

Subscribe 100

Unsubscribe 100

VerifySMSSandboxPhoneNumber 1

Version 1.0
619
 AWS General Reference Reference guide
Service quotas

Soft
The following quotas vary by AWS Region. The messages per second quota is based on the number of
messages published to an Amazon SNS region, combining Publish and PublishBatch API requests.

For example, if your regional quota is 30,000 messages per second, there are a few ways this quota can
be reached:

• Using the Publish action at a rate of 30,000 API requests per second to publish 30,000 messages
(one message per API request).
• Using the PublishBatch action at a rate of 3,000 API requests per second to publish 30,000
messages (10 messages per batch API request).
• Using the Publish action at a rate of 10,000 API requests per second to publish 10,000 messages
(one message per API request) and the PublishBatch action at a rate of 2,000 API requests per
second to publish 20,000 messages (10 messages per batch API request) for a total of 30,000
messages published per second.

Publish API throttling

API AWS Regions Standard topics FIFO topics

Publish and US East (N. Virginia) 30,000 messages per 300 messages per
PublishBatch Region second second or 10 MB per
second, per topic,
US West (Oregon) 9,000 messages per whichever comes first
Region second
For cross region
Europe (Ireland) Region delivery cases, FIFO
topics support 100
US East (Ohio) Region 1,500 messages per
messages per second
second
US West (N. California) or 3 MB per second,
Region whichever comes first

Asia Pacific (Mumbai)

Region

Asia Pacific (Seoul)

Region

Asia Pacific (Singapore)

Region

Asia Pacific (Sydney)

Region

Asia Pacific (Tokyo)

Region

Europe (Frankfurt)
Region

Africa (Cape Town) 300 messages per

Region second

Asia Pacific (Hong

Kong) Region

Version 1.0
620
 AWS General Reference Reference guide
Service quotas

API AWS Regions Standard topics FIFO topics

Asia Pacific (Osaka)
Region

Canada (Central) Region

China (Beijing) Region

China (Ningxia) Region

Europe (London) Region

Europe (Milan) Region

Europe (Paris) Region

Europe (Stockholm)
Region

Middle East (Bahrain)

Region

South America (São

Paulo) Region

Other API throttling

APIs AWS Regions Transactions per second

ConfirmSubscription US East (N. Virginia) Region 3,000

CreatePlatformApplication US West (Oregon) Region 900

CreatePlatformEndpoint Europe (Ireland) Region

CreateTopic US East (Ohio) Region 150

DeleteEndpoint US West (N. California) Region

DeletePlatformApplication Asia Pacific (Mumbai) Region

DeleteTopic Asia Pacific (Seoul) Region

GetEndpointAttributes Asia Pacific (Singapore) Region

GetPlatformApplicationAttributes Asia Pacific (Sydney) Region

GetSubscriptionAttributes Asia Pacific (Tokyo) Region

GetTopicAttributes Europe (Frankfurt) Region

SetEndpointAttributes Africa (Cape Town) Region 30

SetPlatformApplicationAttributes Asia Pacific (Hong Kong) Region

SetSubscriptionAttributes Asia Pacific (Osaka) Region

SetTopicAttributes Canada (Central) Region

China (Beijing) Region

Version 1.0
621
 AWS General Reference Reference guide
Amazon SQS

APIs AWS Regions Transactions per second

China (Ningxia) Region

Europe (London) Region

Europe (Milan) Region

Europe (Paris) Region

Europe (Stockholm) Region

Middle East (Bahrain) Region

South America (São Paulo)

Region

Amazon Simple Queue Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon SQS

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTP and

(Ohio) HTTPS
sqs-fi[Link]
HTTPS

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS
sqs-fi[Link]
HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California) sqs-fi[Link]
HTTPS

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS
sqs-fi[Link]
HTTPS

Version 1.0
622
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTP and

(Cape HTTPS
Town)

Asia ap-east-1 [Link] HTTP and

Pacific HTTPS
(Hong
Kong)

Asia ap- [Link] HTTP and

Pacific southeast-3 HTTPS
(Jakarta)

Asia ap- [Link] HTTP and

Pacific south-1 HTTPS
(Mumbai)

Asia ap- [Link] HTTP and

Pacific northeast-3 HTTPS
(Osaka)

Asia ap- [Link] HTTP and

Pacific northeast-2 HTTPS
(Seoul)

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Canada ca- [Link] HTTP and

(Central) central-1 HTTPS

Europe eu- [Link] HTTP and

(Frankfurt) central-1 HTTPS

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

Europe eu-west-2 [Link] HTTP and

(London) HTTPS

Europe eu- [Link] HTTP and

(Milan) south-1 HTTPS

Europe eu-west-3 [Link] HTTP and

(Paris) HTTPS

Europe eu-north-1 [Link] HTTP and

(Stockholm) HTTPS

Version 1.0
623
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTP and

East south-1 HTTPS
(Bahrain)

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

AWS us-gov- [Link] HTTP and

GovCloud east-1 HTTPS
(US-East) [Link]
HTTPS

AWS us-gov- [Link] HTTP and

GovCloud west-1 HTTPS
(US-West) [Link]
HTTPS

Legacy endpoints
If you use the AWS CLI or SDK for Python, you can use the following legacy endpoints.

Region Name Region Endpoint Protocol

US East (Ohio) us-east-2 us- HTTP and HTTPS

[Link]

US East (N. Virginia) us-east-1 [Link] HTTP and HTTPS

US West (N. California) us-west-1 us- HTTP and HTTPS

[Link]

US West (Oregon) us-west-2 us- HTTP and HTTPS

[Link]

Africa (Cape Town) af-south-1 af- HTTP

[Link]

Asia Pacific (Mumbai) ap-south-1 ap- HTTP and HTTPS

[Link]

Asia Pacific (Osaka) ap-northeast-3 ap- HTTP and HTTPS

[Link]

Asia Pacific (Seoul) ap-northeast-2 ap- HTTP and HTTPS

[Link]

Asia Pacific (Singapore) ap-southeast-1 ap- HTTP and HTTPS

[Link]

Asia Pacific (Sydney) ap-southeast-2 ap- HTTP and HTTPS

[Link]

Version 1.0
624
 AWS General Reference Reference guide
Service quotas

Region Name Region Endpoint Protocol

Asia Pacific (Tokyo) ap-northeast-1 ap- HTTP and HTTPS

[Link]

Canada (Central) ca-central-1 ca- HTTP and HTTPS

[Link]

China (Beijing) cn-north-1 cn- HTTP and HTTPS

[Link]

China (Ningxia) cn-northwest-1 cn- HTTP and HTTPS

[Link]

Europe (Frankfurt) eu-central-1 eu- HTTP and HTTPS

[Link]

Europe (Ireland) eu-west-1 eu- HTTP and HTTPS

[Link]

Europe (London) eu-west-2 eu- HTTP and HTTPS

[Link]

Europe (Paris) eu-west-3 eu- HTTP and HTTPS

[Link]

Europe (Stockholm) eu-north-1 eu- HTTP and HTTPS

[Link]

South America (São sa-east-1 sa- HTTP and HTTPS

Paulo) [Link]

Service quotas
Name Default Adjustable

Actions per Queue Policy Each supported Region: 7 No

Attributes per Message Each supported Region: 10 No

Batched Message ID Length Each supported Region: 80 No

Conditions per Queue Policy Each supported Region: 10 No

In-Flight Messages per Standard Queue Each supported Region: No

120,000

Message Invisibility Period Each supported Region: 0 No

Seconds

Message Retention Time Each supported Region: No

345,600 Seconds

Message Size Each supported Region: 256 No

Kilobytes

Message Size in S3 Bucket Each supported Region: 2 No

Gigabytes

Version 1.0
625
 AWS General Reference Reference guide
Amazon S3

Name Default Adjustable

Messages per Batch Each supported Region: 10 No

Principals per Queue Policy Each supported Region: 50 No

Queue Delivery Delay Each supported Region: 15 No

Queue Name Length Each supported Region: 80 No

Queue Policy Size Each supported Region: No

8,192 Bytes

Statements per Queue Policy Each supported Region: 20 No

Tags per Queue Each supported Region: 50 No

UTF-8 Queue Tag Key Length Each supported Region: 128 No

UTF-8 Queue Tag Value Length Each supported Region: 256 No

For more information, see Amazon SQS quotas in the Amazon Simple Queue Service Developer Guide and
the "Limits and Restrictions" section of the Amazon SQS FAQs.

Amazon Simple Storage Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon S3 endpoints
When you use the REST API to send requests to the endpoints shown in the table below, you can use the
virtual-hosted style and path-style methods. For more information, see Virtual Hosting of Buckets.

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

US East us-east-2 Standard endpoints: us-east-2 HTTP and Versions 4

(Ohio) HTTPS only
• [Link]
• s3-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-fi[Link]-
[Link]**

Version 1.0
626
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support
• [Link]-
[Link]
• account-id.s3-control-
fi[Link]
• account-id.s3-
[Link]-
[Link]**
• account-id.s3-control-
fi[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• s3-accesspoint-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-
[Link]**

Version 1.0
627
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

US East (N. us-east-1 Standard endpoints: us-east-1 HTTP and Versions 2

Virginia) HTTPS and 4
• [Link]
• s3-fi[Link]-
[Link]
• [Link]
• [Link]-
[Link]**
• s3-fi[Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-control-
fi[Link]
• account-id.s3-
[Link]-
[Link]**
• account-id.s3-control-
fi[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• s3-accesspoint-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-
[Link]**

Version 1.0
628
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

US West (N. us-west-1 Standard endpoints: us-west-1 HTTP and Versions 2

California) HTTPS and 4
• [Link]
• s3-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-fi[Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
control-fi[Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**
• account-id.s3-control-
fi[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• s3-accesspoint-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-
[Link]**

Version 1.0
629
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

US West us-west-2 Standard endpoints: us-west-2 HTTP and Versions 2

(Oregon) HTTPS and 4
• [Link]
• s3-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-fi[Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
control-fi[Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**
• account-id.s3-control-
fi[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• s3-accesspoint-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-
[Link]**

Version 1.0
630
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Africa af-south-1 Standard endpoints: af-south-1 HTTP and Version 4

(Cape HTTPS only
Town) • [Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Asia Pacific ap-east-1 Standard endpoints: ap-east-1 HTTP and Version 4

(Hong HTTPS only
Kong)*** • [Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
631
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4

(Jakarta) southeast-3 southeast-3 HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Asia Pacific ap-south-1 Standard endpoints: ap-south-1 HTTP and Version 4

(Mumbai) HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
632
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4

(Osaka) northeast-3 northeast-3 HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Asia Pacific ap- Standard endpoints: ap- HTTP and Version 4

(Seoul) northeast-2 northeast-2 HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
633
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2

(Singapore) southeast-1 southeast-1 HTTPS and 4
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2

(Sydney) southeast-2 southeast-2 HTTPS and 4
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
634
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Asia Pacific ap- Standard endpoints: ap- HTTP and Versions 2

(Tokyo) northeast-1 northeast-1 HTTPS and 4
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
635
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Canada ca- Standard endpoints: ca- HTTP and Version 4

(Central) central-1 central-1 HTTPS only
• [Link]-
[Link]
• s3-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-fi[Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
control-fi[Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**
• account-id.s3-control-
fi[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• s3-accesspoint-fi[Link]-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-
[Link]**

Version 1.0
636
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

China cn-north-1 Valid endpoint name for this cn-north-1 HTTP and Version 4
(Beijing) Region: HTTPS only

• [Link]-
[Link]
• [Link]-
[Link]
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]

China cn- Valid endpoint name for this cn- HTTP and Version 4
(Ningxia) northwest-1 Region: northwest-1 HTTPS only

• [Link]-
[Link]
• [Link]-
[Link]
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]

Version 1.0
637
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Europe eu- Standard endpoints: eu- HTTP and Version 4

(Frankfurt) central-1 central-1 HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Europe eu-west-1 Standard endpoints: EU or eu- HTTP and Versions 2

(Ireland) west-1 HTTPS and 4
• [Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
638
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Europe eu-west-2 Standard endpoints: eu-west-2 HTTP and Version 4

(London) HTTPS only
• [Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Europe eu-south-1 Standard endpoints: eu-south-1 HTTP and Version 4

(Milan) HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
639
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

Europe eu-west-3 Standard endpoints: eu-west-3 HTTP and Version 4

(Paris) HTTPS only
• [Link]
• [Link]-
[Link]
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Europe eu-north-1 Standard endpoints: eu-north-1 HTTP and Version 4

(Stockholm) HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
640
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

South sa-east-1 Standard endpoints: sa-east-1 HTTP and Versions 2

America HTTPS and 4
(São Paulo) • [Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Middle East me-south-1 Standard endpoints: me-south-1 HTTP and Versions 4

(Bahrain) HTTPS only
• [Link]-
[Link]
• [Link]-
[Link]**
• [Link]-
[Link]
• account-id.s3-
[Link]-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-
[Link]
• [Link]-
[Link]**

Version 1.0
641
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

AWS us-gov- Standard endpoints: us-gov- HTTP and  

GovCloud east-1 east-1 HTTPS
(US-East) • [Link]-gov-
[Link]
• s3-fi[Link]-gov-
[Link]
• [Link]-gov-
[Link]**
• s3-fi[Link]-gov-
[Link]**
• [Link]-
[Link]
• account-id.s3-
control-fi[Link]-gov-
[Link]
• account-id.s3-
[Link]-gov-
[Link]**
• account-id.s3-control-
fi[Link]-gov-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-gov-
[Link]
• s3-accesspoint-fi[Link]-gov-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-gov-
[Link]**

Version 1.0
642
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Location Protocol Signature

Name Constraint Version(s)
Support

AWS us-gov- Standard endpoints: us-gov- HTTP and  

GovCloud west-1 west-1 HTTPS
(US-West) • [Link]-gov-
[Link]
• s3-fi[Link]-gov-
[Link]
• [Link]-gov-
[Link]**
• s3-fi[Link]-gov-
[Link]**
• [Link]-
[Link]
• account-id.s3-
control-fi[Link]-gov-
[Link]
• account-id.s3-
[Link]-gov-
[Link]**
• account-id.s3-control-
fi[Link]-gov-
[Link]**

Amazon S3 Access Points

endpoints (HTTPS only):

• [Link]-gov-
[Link]
• s3-accesspoint-fi[Link]-gov-
[Link]
• [Link]-
[Link]**
• s3-accesspoint-
fi[Link]-gov-
[Link]**

**Amazon S3 dual-stack endpoints support requests to S3 buckets over IPv6 and IPv4. For more
information, see Using Dual-Stack Endpoints.

***You must enable this Region before you can use it.

When using the preceding endpoints the following additional considerations apply:

• The s3-control endpoints are used with Amazon S3 account-level operations

• The s3-accesspoint endpoints are used only to make requests through Amazon S3 Access Points. For
more information, see Working with Amazon S3 Access Points.
• Amazon S3 renamed the US Standard Region to the US East (N. Virginia) Region to be consistent with
AWS Regional naming conventions. There is no change to the endpoint, and you do not need to make
any changes to your application.

Version 1.0
643
 AWS General Reference Reference guide
Service endpoints

• If you use a Region other than the US East (N. Virginia) endpoint to create a bucket, you must set the
LocationConstraint bucket parameter to the same Region. Both the AWS SDK for Java and AWS SDK
for .NET use an enumeration for setting location constraints (Region for Java, S3Region for .NET). For
more information, see PUT Bucket in the Amazon Simple Storage Service API Reference.

Amazon S3 website endpoints

When you configure your bucket as a website, the website is available using the following Region-specific
website endpoints. Note that the website endpoints are different than the REST API endpoints listed in
the preceding table. For more information about hosting websites on Amazon S3, see Hosting Websites
on Amazon S3 in the Amazon Simple Storage Service User Guide. You need the hosted zone IDs when
using the Amazon Route 53 API to add an alias record to your hosted zone.
Note
Amazon S3 website endpoints do not support HTTPS or Amazon S3 Access Points. If you want
to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3.
For more information, see Configuring a static website using a custom domain registered with
Route 53 and Improving the performance of your website using CloudFront in the Amazon S3
User Guide.

Region Name Website Endpoint Route 53 Hosted

Zone ID

US East (Ohio) [Link] Z2O1EMRO9K5GLX

US East (N. [Link] Z3AQBSTGFYJSTF 

Virginia)

US West (N. [Link] Z2F56UZL2M1ACD 

California)

US West [Link] Z3BJ6K6RIION7M

(Oregon)

Africa (Cape [Link] Z83WF9RJE8B12

Town)

Asia Pacific [Link] ZNB98KWMFR0R6

(Hong Kong)

Asia Pacific [Link] Z11RGJOFQNVJUP

(Mumbai)

Asia Pacific [Link] Z2YQB5RD63NC85

(Osaka)

Asia Pacific [Link] Z3W03O7B5YMIYP

(Seoul)

Asia Pacific [Link] Z3O0J2DXBE1FTB

(Singapore)

Asia Pacific [Link] Z1WCIGYICN2BYD

(Sydney)

Asia Pacific [Link] Z2M4EHUR26P7ZW

(Tokyo)

Canada (Central) [Link] Z1QDHH18159H29

Version 1.0
644
 AWS General Reference Reference guide
Service quotas

Region Name Website Endpoint Route 53 Hosted

Zone ID

China (Ningxia) [Link] Z282HJ1KT0DH03

Europe [Link] Z21DNDUVLTQW6Q

(Frankfurt)

Europe (Ireland) [Link] Z1BKCTXD74EZPE

Europe (London) [Link] Z3GKZC51ZF0DB4

Europe (Milan) [Link] Z30OZKI7KPW7MI

Europe (Paris) [Link] Z3R1K369G5AVDG

Europe [Link] Z3BAZG2TWCNX0D

(Stockholm)

Asia Pacific [Link] Z01613992JD795ZI93075

(Jakarta)

Middle [Link] Z1MPMWCPA7YB62

East(Bahrain)

South America [Link] Z7KQH4QJS55SO

(São Paulo)

AWS GovCloud [Link] Z2NIFVYYW2VKV1

(US-East)

AWS GovCloud [Link] Z31GFT0UA1I2HV

(US-West)

Service quotas
Amazon S3

Name Default Adjustable

Access Points Each supported Region: Yes

1,000

Bucket policy Each supported Region: 20 No

Kilobytes

Bucket tags Each supported Region: 50 No

Buckets Each supported Region: 100 Yes

CRR rules Each supported Region: No

1,000

Event notifications Each supported Region: 100 No

Lifecycle rules Each supported Region: No

1,000

Version 1.0
645
 AWS General Reference Reference guide
Amazon SWF

Name Default Adjustable

Maximum part size Each supported Region: 5 No

Gigabytes

Minimum part size Each supported Region: 5 No

Megabytes

Multi-Region Access Point Regions Each supported Region: 20 No

Multi-Region Access Points Each supported Region: 100 No

Object size Each supported Region: 5 No

Terabytes

Object size (Console upload) Each supported Region: 160 No

Gigabytes

Object tags Each supported Region: 10 No

Parts Each supported Region: No

10,000

Replication transfer rate Each supported Region: 1 Yes

Gigabits per second

S3 Glacier: Number of random restore requests. Each supported Region: 35 No

S3 Glacier: Provisioned capacity units Each supported Region: 2 No

Amazon S3 on Outposts

Name Default Adjustable

Access Points Each supported Region: 10 No

Buckets Each supported Region: 100 No

Amazon Simple Workflow Service endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
646
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
swf-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
swf-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) swf-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
swf-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Version 1.0
647
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas

Name Default Adjustable

CountClosedWorkflowExecutions throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

Version 1.0
648
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

CountClosedWorkflowExecutions throttle limit in transaction Each supported Region: 1 Yes

per second

CountOpenWorkflowExecutions throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

CountOpenWorkflowExecutions throttle limit in transaction us-west-1: 2 Yes

per second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

CountPendingActivityTasks throttle burst limit in transaction us-west-1: 200 Yes

per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

CountPendingActivityTasks throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
649
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

CountPendingDecisionTasks throttle burst limit in us-west-1: 200 Yes

transaction per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

CountPendingDecisionTasks throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

DeprecateActivityType throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

DeprecateActivityType throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
650
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DeprecateDomain throttle burst limit in transaction per us-west-1: 100 Yes

second
ap-northeast-1: 100

ap-southeast-1: 100

ap-southeast-2: 100

sa-east-1: 100

Each of the other supported

Regions: 50

DeprecateDomain throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

DeprecateWorkflowType throttle burst limit in transaction us-west-1: 200 Yes

per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

DeprecateWorkflowType throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
651
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DescribeActivityType throttle burst limit in transaction per us-west-1: 2,000 Yes

second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

DescribeActivityType throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

DescribeDomain throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

DescribeDomain throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
652
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

DescribeWorkflowExecution throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

DescribeWorkflowExecution throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

DescribeWorkflowType throttle burst limit in transaction per us-west-1: 2,000 Yes

second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

DescribeWorkflowType throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Events in Workflow execution history Each supported Region: No

25,000

Version 1.0
653
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

GetWorkflowExecutionHistory throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

GetWorkflowExecutionHistory throttle limit in transaction us-west-1: 10 Yes

per second
ap-northeast-1: 10

ap-southeast-1: 10

ap-southeast-2: 10

sa-east-1: 10

Each of the other supported

Regions: 5

Input / result data size Each supported Region: No

32,768

ListActivityTypes throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

ListActivityTypes throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
654
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

ListClosedWorkflowExecutions throttle burst limit in us-west-1: 200 Yes

transaction per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

ListClosedWorkflowExecutions throttle limit in transaction us-west-1: 2 Yes

per second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

ListDomains throttle burst limit in transaction per second us-west-1: 100 Yes

ap-northeast-1: 100

ap-southeast-1: 100

ap-southeast-2: 100

sa-east-1: 100

Each of the other supported

Regions: 50

ListDomains throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Version 1.0
655
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

ListOpenWorkflowExecutions throttle burst limit in us-west-1: 200 Yes

transaction per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

ListOpenWorkflowExecutions throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

ListWorkflowTypes throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

ListWorkflowTypes throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Maximum workflow and activity types per domain Each supported Region: Yes
10,000

Open activity tasks per workflow execution Each supported Region: No

1,000

Version 1.0
656
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Open child workflow executions Each supported Region: No

1,000

Open timers per workflow execution Each supported Region: No

1,000

Open workflow executions per domain Each supported Region: Yes

100,000

PollForActivityTask throttle burst limit in transaction per us-west-1: 2,000 Yes

second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

PollForActivityTask throttle limit in transaction per second us-east-1: 100 Yes

us-west-1: 20

ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

PollForDecisionTask throttle burst limit in transaction per us-west-1: 2,000 Yes

second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

Version 1.0
657
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

PollForDecisionTask throttle limit in transaction per second us-east-1: 142 Yes

us-west-1: 24

ap-northeast-1: 24

ap-southeast-1: 24

ap-southeast-2: 24

sa-east-1: 24

Each of the other supported

Regions: 12

Pollers per task list Each supported Region: No

1,000

RecordActivityTaskHeartbeat throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

RecordActivityTaskHeartbeat throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

RegisterActivityType throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

Version 1.0
658
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

RegisterActivityType throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

RegisterDomain throttle burst limit in transaction per second us-west-1: 100 Yes

ap-northeast-1: 100

ap-southeast-1: 100

ap-southeast-2: 100

sa-east-1: 100

Each of the other supported

Regions: 50

RegisterDomain throttle limit in transaction per second us-west-1: 2 Yes

ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

RegisterWorkflowType throttle burst limit in transaction per us-west-1: 200 Yes

second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

Version 1.0
659
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

RegisterWorkflowType throttle limit in transaction per us-west-1: 2 Yes

second
ap-northeast-1: 2

ap-southeast-1: 2

ap-southeast-2: 2

sa-east-1: 2

Each of the other supported

Regions: 1

Registered domains Each supported Region: 100 Yes

Request size Each supported Region: 1 No

Megabytes

RequestCancelExternalWorkflowExecution throttle burst us-west-1: 200 Yes

limit in transaction per second
ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

RequestCancelExternalWorkflowExecution throttle limit in us-west-1: 20 Yes

transaction per second
ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

RequestCancelWorkflowExecution throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

Version 1.0
660
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

RequestCancelWorkflowExecution throttle limit in us-west-1: 10 Yes

transaction per second
ap-northeast-1: 10

ap-southeast-1: 10

ap-southeast-2: 10

sa-east-1: 10

Each of the other supported

Regions: 5

RespondActivityTaskCanceled throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

RespondActivityTaskCanceled throttle limit in transaction us-east-1: 100 Yes

per second
us-west-1: 20

ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

RespondActivityTaskCompleted throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

Version 1.0
661
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

RespondActivityTaskCompleted throttle limit in transaction us-east-1: 100 Yes

per second
us-west-1: 20

ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

RespondActivityTaskFailed throttle burst limit in transaction Each supported Region: Yes

per second 1,000

RespondActivityTaskFailed throttle limit in transaction per Each supported Region: 10 Yes

second

RespondDecisionTaskCompleted throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

RespondDecisionTaskCompleted throttle limit in transaction us-east-1: 142 Yes

per second
us-west-1: 24

ap-northeast-1: 24

ap-southeast-1: 24

ap-southeast-2: 24

sa-east-1: 24

Each of the other supported

Regions: 12

SWF task in queue in year Each supported Region: 1 No

Version 1.0
662
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

ScheduleActivityTask throttle burst limit in transaction per us-east-1: 500 Yes

second
us-west-1: 200

ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

ScheduleActivityTask throttle limit in transaction per second us-east-1: 100 Yes

us-west-1: 20

ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

SignalExternalWorkflowExecution throttle burst limit in us-east-1: 500 Yes

transaction per second
us-west-1: 200

ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

SignalExternalWorkflowExecution throttle limit in us-west-1: 20 Yes

transaction per second
ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

Version 1.0
663
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

SignalWorkflowExecution throttle burst limit in transaction us-west-1: 2,000 Yes

per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

SignalWorkflowExecution throttle limit in transaction per us-west-1: 10 Yes

second
ap-northeast-1: 10

ap-southeast-1: 10

ap-southeast-2: 10

sa-east-1: 10

Each of the other supported

Regions: 5

StartChildWorkflowExecution throttle burst limit in us-east-1: 500 Yes

transaction per second
us-west-1: 200

ap-northeast-1: 200

ap-southeast-1: 200

ap-southeast-2: 200

sa-east-1: 200

Each of the other supported

Regions: 100

StartChildWorkflowExecution throttle limit in transaction us-west-1: 4 Yes

per second
ap-northeast-1: 4

ap-southeast-1: 4

ap-southeast-2: 4

sa-east-1: 4

Each of the other supported

Regions: 2

Version 1.0
664
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

StartTimer throttle burst limit in transaction per second us-east-1: 1,000 Yes

us-west-1: 1,000

ap-northeast-1: 1,000

ap-southeast-1: 1,000

ap-southeast-2: 1,000

sa-east-1: 1,000

Each of the other supported

Regions: 500

StartTimer throttle limit in transaction per second us-east-1: 142 Yes

us-west-1: 50

ap-northeast-1: 50

ap-southeast-1: 50

ap-southeast-2: 50

sa-east-1: 50

Each of the other supported

Regions: 25

StartWorkflowExecution throttle burst limit in transaction us-west-1: 2,000 Yes

per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

StartWorkflowExecution throttle limit in transaction per us-east-1: 25 Yes

second
us-west-1: 4

ap-northeast-1: 4

ap-southeast-1: 4

ap-southeast-2: 4

sa-east-1: 4

Each of the other supported

Regions: 2

Task execution time in year Each supported Region: 1 No

Version 1.0
665
 AWS General Reference Reference guide
Amazon SimpleDB

Name Default Adjustable

TerminateWorkflowExecution throttle burst limit in us-west-1: 2,000 Yes

transaction per second
ap-northeast-1: 2,000

ap-southeast-1: 2,000

ap-southeast-2: 2,000

sa-east-1: 2,000

Each of the other supported

Regions: 1,000

TerminateWorkflowExecution throttle limit in transaction us-west-1: 20 Yes

per second
ap-northeast-1: 20

ap-southeast-1: 20

ap-southeast-2: 20

sa-east-1: 20

Each of the other supported

Regions: 10

Workflow execution idle time limit in years Each supported Region: 1 Yes

Workflow execution time in years Each supported Region: 1 No

Workflow retention time in days Each supported Region: 90 Yes

For more information, see Amazon SWF Quotas in the Amazon Simple Workflow Service Developer Guide.

Amazon SimpleDB endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTP and

Virginia) HTTPS

US us-west-1 [Link] HTTP and

West (N. HTTPS
California)

Version 1.0
666
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTP and

(Oregon) HTTPS

Asia ap- [Link] HTTP and

Pacific southeast-1 HTTPS
(Singapore)

Asia ap- [Link] HTTP and

Pacific southeast-2 HTTPS
(Sydney)

Asia ap- [Link] HTTP and

Pacific northeast-1 HTTPS
(Tokyo)

Europe eu-west-1 [Link] HTTP and

(Ireland) HTTPS

South sa-east-1 [Link] HTTP and

America HTTPS
(São
Paulo)

Service quotas
Resource Default

Domains 250

For more information, see Amazon SimpleDB Quotas in the Amazon SimpleDB Developer Guide.

AWS Single Sign-On endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
AWS SSO

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

Version 1.0
667
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Version 1.0
668
 AWS General Reference Reference guide
Service endpoints

Identity Store

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Version 1.0
669
 AWS General Reference Reference guide
Service quotas

Service quotas
Name Default Adjustable

File size of service provider SAML certificates (in PEM format) Each supported Region: 2 No
Kilobytes

Number of groups supported in AWS SSO Each supported Region: No

10,000

Number of permission sets allowed in AWS SSO Each supported Region: 500 Yes

Number of permission sets allowed per AWS account Each supported Region: 50 Yes

Number of unique directory groups that can be assigned Each supported Region: Yes
2,500

Number of unique groups that can be used to evaluate the Each supported Region: 500 No
permissions for a user

Number of users supported in AWS SSO Each supported Region: No

50,000

Total number of AWS accounts or applications that can be Each supported Region: 500 Yes
configured

For more information, see AWS Single Sign-On quotas in the AWS Single Sign-On User Guide.

AWS Snow Family endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Snow Family devices are available in the following AWS Regions.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link]

(Ohio) HTTPS
snowball-fi[Link]

US East (N. us-east-1 [Link]

Virginia) HTTPS
snowball-fi[Link]

US us-west-1 [Link]
West (N. HTTPS
California) snowball-fi[Link]

Version 1.0
670
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US West us-west-2 [Link]

(Oregon) HTTPS
snowball-fi[Link]

Africa af-south-1 [Link]

(Cape
Town)

Asia ap-east-1 [Link]

Pacific
(Hong
Kong)

Asia ap- [Link]

Pacific south-1 HTTPS
(Mumbai) snowball-fi[Link]

Asia ap- [Link]

Pacific northeast-3 HTTPS
(Osaka) snowball-fi[Link]

Asia ap- [Link]

Pacific northeast-2 HTTPS
(Seoul) snowball-fi[Link]

Asia ap- [Link]

Pacific southeast-1 HTTPS
(Singapore) snowball-fi[Link]

Asia ap- [Link]

Pacific southeast-2 HTTPS
(Sydney) snowball-fi[Link]

Asia ap- [Link]

Pacific northeast-1 HTTPS
(Tokyo) snowball-fi[Link]

Canada ca- [Link]

(Central) central-1 HTTPS
snowball-fi[Link]

Europe eu- [Link]

(Frankfurt) central-1 HTTPS
snowball-fi[Link]

Europe eu-west-1 [Link]

(Ireland) HTTPS
snowball-fi[Link]

Europe eu-west-2 [Link]

(London) HTTPS
snowball-fi[Link]

Europe eu- [Link]

(Milan) south-1

Version 1.0
671
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-3 [Link]

(Paris) HTTPS
snowball-fi[Link]

Europe eu-north-1 [Link]

(Stockholm)

South sa-east-1 [Link]

America HTTPS
(São snowball-fi[Link]
Paulo)

AWS us-gov- [Link]

GovCloud east-1 HTTPS
(US-East) snowball-fi[Link]

AWS us-gov- [Link]

GovCloud west-1 HTTPS
(US-West) snowball-fi[Link]

AWS Snowcone is available only in the following AWS Regions:

• US East (N. Virginia)

• US East (Ohio)
• US West (N. California)
• US West (Oregon)
• Canada (Central)
• South America (São Paulo)
• Europe (Ireland)
• Europe (Frankfurt)
• Europe (London)
• Asia Pacific (Mumbai)
• Asia Pacific (Sydney)
• Asia Pacific (Singapore)
• Asia Pacific (Tokyo)

Service quotas
Name Default Adjustable

Snowball Edge devices Each supported Region: 1 Yes

AWS Step Functions endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services

Version 1.0
672
 AWS General Reference Reference guide
Service endpoints

offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
sync-states-fi[Link] HTTPS

states-fi[Link] HTTPS

[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
sync-states-fi[Link] HTTPS

states-fi[Link] HTTPS

[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) sync-states-fi[Link] HTTPS

states-fi[Link] HTTPS

[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
sync-states-fi[Link] HTTPS

states-fi[Link] HTTPS

[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) [Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong [Link] HTTPS
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) [Link] HTTPS

Version 1.0
673
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) [Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) [Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) [Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São [Link] HTTPS
Paulo)

Version 1.0
674
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) sync-states-fi[Link] HTTPS

states-fi[Link] HTTPS

[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

[Link] HTTPS

[Link] HTTPS

Service quotas

Name Default Adjustable

Activity pollers per ARN Each supported Region: No

1,000

CreateActivity throttle token bucket size Each supported Region: 100 Yes

CreateActivity throttle token refill rate per second Each supported Region: 1 Yes

CreateStateMachine throttle token bucket size Each supported Region: 100 Yes

CreateStateMachine throttle token refill rate per second Each supported Region: 1 Yes

DeleteActivity throttle token bucket size Each supported Region: 100 Yes

DeleteActivity throttle token refill rate per second Each supported Region: 1 Yes

DeleteStateMachine throttle token bucket size Each supported Region: 100 Yes

DeleteStateMachine throttle token refill rate per second Each supported Region: 1 Yes

DescribeActivity throttle token bucket size Each supported Region: 200 Yes

DescribeActivity throttle token refill rate per second Each supported Region: 1 Yes

DescribeExecution throttle token bucket size us-east-1: 300 Yes

us-west-2: 300

eu-west-1: 300

Each of the other supported

Regions: 250

DescribeExecution throttle token refill rate per second us-east-1: 15 Yes

us-west-2: 15

Version 1.0
675
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

eu-west-1: 15

Each of the other supported

Regions: 10

DescribeStateMachine throttle token bucket size Each supported Region: 200 Yes

DescribeStateMachine throttle token refill rate per second Each supported Region: 20 Yes

DescribeStateMachineForExecution throttle token bucket Each supported Region: 200 Yes

size

DescribeStateMachineForExecution throttle token refill rate Each supported Region: 1 Yes

per second

Events in execution history size Each supported Region: No

25,000

Execution history retention time in days Each supported Region: 90 No

Execution idle time in years Each supported Region: 1 No

Execution time in years Each supported Region: 1 No

Executions displayed in Step Functions console Each supported Region: No

1,000

GetActivityTask throttle token bucket size us-east-1: 3,000 Yes

us-west-2: 3,000

eu-west-1: 3,000

Each of the other supported

Regions: 1,500

GetActivityTask throttle token refill rate per second us-east-1: 500 Yes

us-west-2: 500

eu-west-1: 500

Each of the other supported

Regions: 300

GetExecutionHistory throttle token bucket size Each supported Region: 400 Yes

GetExecutionHistory throttle token refill rate per second Each supported Region: 20 Yes

Input or result data size in task state or execution Each supported Region: No
262,144 Bytes

ListActivities throttle token bucket size Each supported Region: 100 Yes

Version 1.0
676
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

ListActivities throttle token refill rate per second us-east-1: 10 Yes

us-west-2: 10

eu-west-1: 10

Each of the other supported

Regions: 5

ListExecutions throttle token bucket size us-east-1: 200 Yes

us-west-2: 200

eu-west-1: 200

Each of the other supported

Regions: 100

ListExecutions throttle token refill rate per second us-east-1: 5 Yes

us-west-2: 5

eu-west-1: 5

Each of the other supported

Regions: 2

ListStateMachines throttle token bucket size Each supported Region: 100 Yes

ListStateMachines throttle token refill rate per second Each supported Region: 5 Yes

ListTagsForResource throttle token bucket size Each supported Region: 100 Yes

ListTagsForResource throttle token refill rate per second Each supported Region: 1 Yes

Open executions Each supported Region: Yes

1,000,000

Registered activities Each supported Region: Yes

10,000

Registered state machines Each supported Region: Yes

10,000

Resource name length Each supported Region: 80 No

SendTaskFailure throttle token bucket size us-east-1: 3,000 Yes

us-west-2: 3,000

eu-west-1: 3,000

Each of the other supported

Regions: 1,500

Version 1.0
677
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

SendTaskFailure throttle token refill rate per second us-east-1: 500 Yes

us-west-2: 500

eu-west-1: 500

Each of the other supported

Regions: 300

SendTaskHeartbeat throttle token bucket size us-east-1: 3,000 Yes

us-west-2: 3,000

eu-west-1: 3,000

Each of the other supported

Regions: 1,500

SendTaskHeartbeat throttle token refill rate per second us-east-1: 500 Yes

us-west-2: 500

eu-west-1: 500

Each of the other supported

Regions: 300

SendTaskSuccess throttle token bucket size us-east-1: 3,000 Yes

us-west-2: 3,000

eu-west-1: 3,000

Each of the other supported

Regions: 1,500

SendTaskSuccess throttle token refill rate per second us-east-1: 500 Yes

us-west-2: 500

eu-west-1: 500

Each of the other supported

Regions: 300

Size per API request Each supported Region: 1 No

Megabytes

StartExecution throttle token bucket size us-east-1: 1,300 Yes

us-west-2: 1,300

eu-west-1: 1,300

Each of the other supported

Regions: 800

Version 1.0
678
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

StartExecution throttle token refill rate per second us-east-1: 300 Yes

us-west-2: 300

eu-west-1: 300

Each of the other supported

Regions: 150

StateTransition throttle token bucket size us-east-1: 5,000 Yes

us-west-2: 5,000

eu-west-1: 5,000

Each of the other supported

Regions: 800

StateTransition throttle token refill rate per second us-east-1: 1,500 Yes

us-west-2: 1,500

eu-west-1: 1,500

Each of the other supported

Regions: 500

Step Functions task in queue in year Each supported Region: 1 No

StopExecution throttle token bucket size us-east-1: 1,000 Yes

us-west-2: 1,000

eu-west-1: 1,000

Each of the other supported

Regions: 500

StopExecution throttle token refill rate per second us-east-1: 200 Yes

us-west-2: 200

eu-west-1: 200

Each of the other supported

Regions: 25

TagResource throttle token bucket size Each supported Region: 200 Yes

TagResource throttle token refill rate per second Each supported Region: 1 Yes

Task execution time in year Each supported Region: 1 No

UntagResource throttle token bucket size Each supported Region: 200 Yes

UntagResource throttle token refill rate per second Each supported Region: 1 Yes

UpdateStateMachine throttle token bucket size Each supported Region: 100 Yes

UpdateStateMachine throttle token refill rate per second Each supported Region: 1 No

Version 1.0
679
 AWS General Reference Reference guide
Storage Gateway

For more information, see Quotas in the AWS Step Functions Developer Guide.

AWS Storage Gateway endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect to an AWS service,
you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints
in selected Regions. For more information, see AWS service endpoints (p. 733). Service quotas, also
referred to as limits, are the maximum number of service resources or operations for your AWS account.
For more information, see AWS service quotas (p. 737).

Service endpoints
Storage Gateway

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
storagegateway-fi[Link] HTTPS

storagegateway-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
storagegateway-fi[Link] HTTPS

storagegateway-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) storagegateway-fi[Link] HTTPS

storagegateway-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
storagegateway-fi[Link] HTTPS

storagegateway-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Version 1.0
680
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
storagegateway-fi[Link] HTTPS

storagegateway-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
681
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) storagegateway-fi[Link]-gov- HTTPS
[Link]
HTTPS
storagegateway-fi[Link]-gov-
[Link]

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) storagegateway-fi[Link]-gov- HTTPS
[Link]
HTTPS
storagegateway-fi[Link]-gov-
[Link]

For AWS Regions that the hardware appliance is supported in, see Storage Gateway hardware appliance
regions (p. 682).

Storage Gateway hardware appliance regions

The Storage Gateway hardware appliance is available for shipping worldwide where it is legally allowed
and permitted for exporting by the US government.

Storage Gateway hardware appliance is supported in the following AWS Regions.

• US East (Ohio)
• US East (N. Virginia)
• US West (N. California)
• US West (Oregon)
• Asia Pacific (Mumbai)
• Asia Pacific (Seoul)
• Asia Pacific (Singapore)
• Asia Pacific (Sydney)
• Asia Pacific (Tokyo)
• Canada (Central)
• Europe (Frankfurt)
• Europe (Ireland)
• Europe (London)
• Europe (Paris)
• Europe (Stockholm)
• South America (São Paulo)

Service quotas
Name Default Adjustable

Cached volume gateway Cache Maximum in TiB Each supported Region: 16 No

Version 1.0
682
 AWS General Reference Reference guide
Sumerian

Name Default Adjustable

Cached volume gateway Cache Minimum in GiB Each supported Region: 150 No

Cached volume gateway Upload Buffer Maximum in TiB Each supported Region: 2 No

Cached volume gateway Upload Buffer Minimum in GiB Each supported Region: 150 No

Cached volume size in TiB Each supported Region: 32 No

Cached volumes per gateway Each supported Region: 32 No

File gateway Cache Maximum in TiB Each supported Region: 16 No

File gateway Cache Minimum in GiB Each supported Region: 150 No

File shares per S3 bucket Each supported Region: 1 No

File shares per gateway Each supported Region: 10 No

File size Each supported Region: 5 No

Terabytes

Max size of a virtual tape in TiB Each supported Region: 2.5 No

Max virtual tapes in a VTL Each supported Region: No

1,500

Minimum size of a virtual tape in GiB Each supported Region: 100 No

Path length Each supported Region: No

1,024 Bytes

Size of all cached volumes per gateway in TiB Each supported Region: No
1,024

Size of all stored volumes per gateway in TiB Each supported Region: 512 No

Stored volume gateway Upload Buffer Maximum in TiB Each supported Region: 2 No

Stored volume gateway Upload Buffer Minimum in GiB Each supported Region: 150 No

Stored volume size in TiB Each supported Region: 16 No

Stored volumes per gateway Each supported Region: 32 No

Total size of tapes in a virtual tape library in PiB Each supported Region: 1 No

For more information, see Storage Gateway quotas in the AWS Storage Gateway User Guide.

Amazon Sumerian endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
683
 AWS General Reference Reference guide
Service endpoints

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

South sa-east-1 [Link] HTTPS

America

Version 1.0
684
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name
(São
Paulo)

Service quotas
Name Default Adjustable

Model file size Each supported Region: 50 No

Megabytes

Projects Each supported Region: No

1,000

Scenes Each supported Region: No

10,000

Script file size Each supported Region: 1 No

Megabytes

Sound file size Each supported Region: 10 No

Megabytes

Texture file size Each supported Region: 20 No

Megabytes

ZIP file size Each supported Region: 200 No

Megabytes

AWS Support endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

Version 1.0
685
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Version 1.0
686
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

Service quotas
Name Default Adjustable

AWS Support API operations Each supported Region: 5 No

AWS Trusted Advisor API operations Each supported Region: 100 No

Number of AWS Support cases that you can create Each supported Region: 10 No

For more information, see the AWS Support User Guide.

AWS Systems Manager endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
ssm-fi[Link] HTTPS

Version 1.0
687
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
ssm-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) ssm-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
ssm-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
ssm-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Version 1.0
688
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) [Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) [Link] HTTPS

AWS Systems Manager Distributor is available in all commercial Regions except the China (Beijing)
Region and the China (Ningxia) Region. Distributor is not available in the AWS GovCloud (US-West)
Endpoints.

In addition to the ssm.* endpoints, your managed instances must also allow HTTPS (port 443)
outbound traffic to the following endpoints. For more information, see Reference: ec2messages,
ssmmessages, and Other API Calls in the AWS Systems Manager User Guide.

• ec2messages.*
• ssmmessages.*

For information about AWS AppConfig endpoints and quotas, see AWS AppConfig endpoints and
quotas (p. 32).

Service quotas

Capability Resource Default

Application Manager Maximum number of applications in 100

Application Manager

Version 1.0
689
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

When you add an
application in Application
Manager, Systems Manager
automatically creates a
resource group to organize
all of the resources for that
application. The maximum
number of applications is
based on the underlying
quota for AWS Resource
Groups.

Application Manager Maximum number of AWS resources you For applications based on
can assign to an application AWS CloudFormation stacks:
200

For applications based on

AWS Resource Groups:
Unlimited

Automation Concurrently running automations 100

Each AWS account can

run 100 automations
simultaneously. This
includes child automations
(automations that are
started by another
automation), and rate
control automations. If
you attempt to run more
automations than this,
Systems Manager adds the
additional automations to a
queue and displays a status
of Pending.

Automation Automation queue 1000

If you attempt to run more

automations than the
concurrent automation limit,
subsequent automations
are added to a queue. Each
AWS account can queue
1,000 automations. When
an automation completes
(or reaches a terminal state),
the first automation in the
queue is started.

Version 1.0
690
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Automation Concurrently running rate control 25

automations
Each AWS account can run
25 rate control automations
simultaneously. If you
attempt to run more
rate control automations
than the concurrent rate
control automation limit,
Systems Manager adds the
subsequent rate control
automations to a queue
and displays a status of
Pending.

Automation Rate control automation queue 1000

If you attempt to run

more automations than
the concurrent rate
control automation limit,
subsequent automations are
added to a queue. Each AWS
account can queue 1,000
rate control automations.
When an automation
completes (or reaches a
terminal state), the first
automation in the queue is
started.

Automation Number of levels of nested automation 5

A parent-level Automation
runbook can start a child-
level Automation runbook.
This represents one level
of nested automation. The
child-level Automation
runbook can start another
Automation runbook,
resulting in two levels of
nested automation. This can
continue up to a maximum
of five (5) levels below the
top-level parent Automation
runbook.

Automation Number of days an automation 30

execution history is stored in the system

Automation Additional automation executions that 1,000

can be queued

Version 1.0
691
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Automation Maximum duration an automation 12 hours

execution can run when running in the
context of a user If you expect an automation
to run longer than 12 hours,
then you must run the
automation by using a
service role (or assume role).

Automation executeScript action run time 10 minutes

Each executeScript
action can run up to a
maximum duration of 10
minutes.

Automation executeScript action maximum Up to 100KB.

output

Automation invokeLambdaFunction action run 5 minutes

time
Each
invokeLambdaFunction
action can run up to a
maximum duration of five
(5) minutes.

Automation invokeLambdaFunction action Up to 200KB.

maximum output

Automation Number of Automation runbook 5

attachments
Each runbook can have up
to five (5) attachments.

Automation Automation runbook attachment size 256 MB

Each attachment can be up

to 256 MB.

Compliance Maximum size of any single 800 KB

AWS:ComplianceItem object

Distributor Maximum number of attachments in a 20

Distributor package

Distributor Maximum size per attachment in a 1 GB

Distributor package

Distributor Maximum number of files in a Distributor 1000

package

Distributor Maximum number of Distributor 500

packages per AWS account, per Region

Distributor Maximum number of package versions 25

per Distributor package

Distributor Maximum package size in Distributor 20 GB

Version 1.0
692
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Distributor Maximum package manifest size in 64 KB

Distributor

Explorer Maximum number of resource data syncs 5

(per AWS account per Region)

Fleet Manager Maximum number of Remote Desktop 5

sessions (per AWS account per Region)

Inventory Maximum number of resource data syncs 5

(per AWS account per Region)

Inventory Inventory data collected per instance per 1 MB

call
This maximum adequately
supports most inventory
collection scenarios. When
this quota is reached, no
new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.

Inventory Inventory data collected per instance per 5 MB

day
When this quota is reached,
no new inventory data is
collected for the instance.
Inventory data previously
collected is stored until the
expiration.

Inventory Custom inventory types 20

You can add up to 20

custom inventory types.

Inventory Custom inventory type size 200 KB

This is the maximum size of

the type, not the inventory
collected.

Inventory Custom inventory type attributes 50

This is the maximum

number of attributes within
the custom inventory type.

Version 1.0
693
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Inventory Inventory data expiration 30 days

If you terminate an
instance, inventory data
for that instance is deleted
immediately. For running
instances, inventory data
older than 30 days is
deleted. If you need to store
inventory data longer than
30 days, you can use AWS
Config to record history
or periodically query and
upload the data to an
Amazon S3 bucket. For more
information, see, Recording
Amazon EC2 managed
instance inventory in the
AWS Config Developer Guide.

Maintenance Windows Maintenance windows per AWS account 50

Maintenance Windows Tasks per maintenance window 20

Maintenance Windows Targets per maintenance window 100

Maintenance Windows Instance IDs per target 50

Maintenance Windows Targets per task 10

Maintenance Windows Concurrent executions of a single 1

maintenance window

Maintenance Windows Concurrent executions of maintenance 5

windows

Maintenance Windows Execution history retention 30 days

Version 1.0
694
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Managed Instances - Hybrid Total number of registered on-premises Standard instances: 1,000
Environment servers and virtual machines (VMs) in a (per account per Region)
hybrid environment
Advanced instances:
Advanced instances are
available on a pay-per-use
basis. Advanced instances
also enable you to connect
to your hybrid machines
by using AWS Systems
Manager Session Manager.
For more information about
activating on-premises
instances for use in your
hybrid environment, see
Create a Managed-Instance
Activation in the AWS
Systems Manager User
Guide. For more information
about enabling advanced
instances, see Using the
Advanced-Instances Tier.

OpsCenter Total number of OpsItems allowed per 500,000

AWS account per Region (including Open
and Resolved OpsItems)

OpsCenter Maximum number of OpsItems per AWS 10,000

account per month

OpsCenter Maximum operational data value size 20 KB

OpsCenter Maximum number of associated 10

Automation runbooks per OpsItem

OpsCenter Maximum number of Automation 10

runbook executions stored in operational
data under a single associated runbook

OpsCenter Maximum number of related resources 100

you can specify per OpsItem

OpsCenter Maximum number of related OpsItems 10

you can specify per OpsItem

OpsCenter Maximum length of a deduplication 64 characters

string

OpsCenter Duration before an OpsItem is 36 months

automatically archived by the system
(regardless of status)

Version 1.0
695
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Parameter Store Total number of parameters allowed Standard parameters:

10,000
(per AWS account and Region)
Advanced parameters:
100,000

For more information about

advanced parameters, see
About Systems Manager
Advanced Parameters in the
AWS Systems Manager User
Guide.

Parameter Store Max size for parameter value Standard parameter: 4 KB

Advanced parameter: 8 KB

Parameter Store Max number of parameter policies per 10

advanced parameter

Parameter Store Max throughput (transactions per Default throughput: 40

second) (Shared by the following API
actions: GetParameter,
GetParameters,
GetParametersByPath)

Higher throughput: 100

(GetParametersByPath)

Higher throughput: 3000

(Shared by the following API
actions: GetParameter and
GetParameters)

For more information

about Parameter Store
throughput, see Increasing
Parameter Store Throughput
in the AWS Systems Manager
User Guide.

Parameter Store Max history for a parameter 100 past values

Patch Manager Patch baselines per AWS account 50

Patch Manager Patch groups per patch baseline 25

Patch Manager Operation history retention Most recent 150 operations

Version 1.0
696
 AWS General Reference Reference guide
Service quotas

Capability Resource Default

Run Command Execution history retention 30 days

The history of each

command is available for
up to 30 days. In addition,
you can store a copy of all
log files in Amazon Simple
Storage Service or have an
audit trail of all API calls in
AWS CloudTrail.

Session Manager Maximum idle time before session Default: 20 minutes

termination
Configurable to between 1
and 60 minutes.

SSM Documents Total documents 500

Each AWS account can

create a maximum of 500
documents per Region.

SSM Documents Document versions 1000

A single SSM document can

have a maximum of 1,000
versions.

SSM Documents Privately shared Systems Manager 1000

document
A single Systems Manager
document can be shared
with a maximum of 1000
AWS accounts.

SSM Documents Publicly shared Systems Manager 5

document
Each AWS account can
publicly share a maximum of
five documents.

State Manager Concurrent State Manager associations 2,000

Each AWS account Account

can have 2,000 associations
per Region at one time.

State Manager State Manager association versions 1,000

You can create a maximum

of 1,000 versions of a State
Manager association.

Version 1.0
697
 AWS General Reference Reference guide
Amazon Textract

Amazon Textract endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
textract-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
textract-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) textract-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
textract-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Canada ca- [Link] HTTPS

(Central) central-1
textract-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
698
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-3 [Link] HTTPS

(Paris)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) textract-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) textract-fi[Link] HTTPS

Service quotas
Resource Default

Transactions per second per account for synchronous operations: For AnalyzeDocument:

• AnalyzeDocument US East (N. Virginia) Region – 10

• DetectDocumentText
US West (Oregon) Region – 10
• AnalyzeExpense
• AnalyzeID All other Regions that Amazon
Textract supports – 1

For DetectDocumentText:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

All other Regions that Amazon

Textract supports – 1

For AnalyzeExpense:

US East ([Link]) Region – 5

US West (Oregon) Region – 5

All other Regions that Amazon

Textract supports – 1

For AnalyzeID:

US East ([Link]) Region – 5

US West (Oregon) Region – 5

All other Regions that Amazon

Textract supports – 1

Transactions per second per account for all start (asynchronous) For StartDocumentAnalysis Text:
operations:
US East (N. Virginia) Region – 10
• StartDocumentAnalysis

Version 1.0
699
 AWS General Reference Reference guide
Service quotas

Resource Default
• StartDocumentTextDetection US West (Oregon) Region – 10
• StartExpenseAnalysis
All other Regions Amazon
Textract supports – 2

For
StartDocumentTextDetection:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

All other Regions that Amazon

Textract supports – 1

For StartExpenseAnalysis:

US East (N. Virginia) Region – 5

US West (Oregon) Region – 5

All other Regions Amazon

Textract supports – 1

Transactions per second per account for all get (asynchronous) For GetDocumentAnalysis:
operations:
US East (N. Virginia) Region – 10
• GetDocumentAnalysis
US West (Oregon) Region - 10
• GetDocumentTextDetection
• GetExpenseAnalysis All other Regions that Amazon
Textract supports – 5

For GetDocumentTextDetection:

US East (N. Virginia) Region – 10

US West (Oregon) Region - 10

All other Regions that Amazon

Textract supports – 5

For GetExpenseAnalysis:

All Regions Amazon Textract

supports – 5

Maximum number of asynchronous jobs per account that can US East (N. Virginia) Region –
simultaneously exist 600

US West (Oregon) Region - 600

All other Regions that Amazon

Textract supports – 100

For more information, see Amazon Textract Quotas in the Amazon Textract Developer Guide.

Version 1.0
700
 AWS General Reference Reference guide
Timestream

Amazon Timestream endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Use the following endpoints to acquire the endpoints for the write API.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Use the following endpoints to acquire the endpoints for the query API.

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
[Link]-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
[Link]-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
[Link]-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Version 1.0
701
 AWS General Reference Reference guide
Service quotas

For more information, see Using the API in the Amazon Timestream Developer Guide.

Service quotas

Name Default Adjustable

Data size for query result Each supported Region: 5 No

Gigabytes

Database name length Each supported Region: 256 No

Bytes

Databases per account Each supported Region: 500 No

Dimension name dimension value pair size per series Each supported Region: 2 No
Kilobytes

Dimension name length Each supported Region: 60 No

Bytes

Dimensions per table Each supported Region: 128 No

Execution duration for queries in hours Each supported Region: 1 No

Future ingestion period in minutes Each supported Region: 15 No

Maximum count of active magnetic store partitions per Each supported Region: 250 No
database

Maximum retention period for magnetic store in days Each supported Region: No
73,000

Maximum retention period for memory store in hours Each supported Region: No
8,766

Measure name length Each supported Region: 256 No

Bytes

Measure value size per multi-measure record Each supported Region: No

2,048 Bytes

Measures per multi-measure record Each supported Region: 256 No

Measures per table Each supported Region: No

8,192

Metadata size for query result Each supported Region: 100 No

Kilobytes

Minimum retention period for magnetic store in days Each supported Region: 1 No

Minimum retention period for memory store in hours Each supported Region: 1 No

QueryString length in KiB Each supported Region: 256 No

Records per WriteRecords API request Each supported Region: 100 No

Scheduled queries per account Each supported Region: No

10,000

Version 1.0
702
 AWS General Reference Reference guide
Amazon Transcribe

Name Default Adjustable

Table name length Each supported Region: 256 No

Bytes

Tables per account Each supported Region: No

50,000

Throttle rate for CRUD APIs Each supported Region: 1 No

Unique measures across multi-measure records per table Each supported Region: No
1,024

For more information, see Quotas in the Amazon Timestream Developer Guide.

Amazon Transcribe endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Amazon Transcribe

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
703
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) fi[Link] HTTPS

Version 1.0
704
 AWS General Reference Reference guide
Service endpoints

Amazon Transcribe Streaming

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
transcribestreaming-fi[Link]- HTTPS
[Link]

US East (N. us-east-1 [Link] HTTPS

Virginia)
transcribestreaming-fi[Link]- HTTPS
[Link]

US West us-west-2 [Link] HTTPS

(Oregon)
transcribestreaming-fi[Link]- HTTPS
[Link]

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
transcribestreaming-fi[Link]- HTTPS
[Link]

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Version 1.0
705
 AWS General Reference Reference guide
Service endpoints

Amazon Transcribe Medical

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link]- HTTPS

Pacific northeast-2 [Link]
(Seoul)

Asia ap- [Link]- HTTPS

Pacific southeast-1 [Link]
(Singapore)

Asia ap- [Link]- HTTPS

Pacific southeast-2 [Link]
(Sydney)

Asia ap- [Link]- HTTPS

Pacific northeast-1 [Link]
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Version 1.0
706
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas
Name Default Adjustable

Job queue bandwidth ratio Each supported Region: 0.9 Yes

Maximum audio file length Each supported Region: No

14,400 Seconds

Maximum audio file length (Medical) Each supported Region: No

14,400 Seconds

Maximum audio file size Each supported Region: 2 No

Gigabytes

Maximum audio file size (Medical) Each supported Region: 2 No

Gigabytes

Maximum length of a custom vocabulary phrase Each supported Region: 256 No

Maximum number of vocabulary filters Each supported Region: 100 No

Maximum size of a custom vocabulary Each supported Region: 50 No

Kilobytes

Maximum size of a vocabulary filter Each supported Region: 50 No

Kilobytes

Minimum audio file duration Each supported Region: 500 No

Milliseconds

Minimum audio file duration (Medical) Each supported Region: 500 No

Milliseconds

Number of StartMedicalStreamTranscription Websocket Each supported Region: 25 Yes

requests

Number of channels for channel identification Each supported Region: 2 Yes

Number of channels for channel identification (Medical) Each supported Region: 2 No

Number of concurrent batch transcription jobs Each supported Region: 250 Yes

Number of concurrent medical batch transcription jobs Each supported Region: 250 Yes

Number of concurrently training custom language models Each supported Region: 3 Yes

Version 1.0
707
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Number of days that job records are retained Each supported Region: 90 No

Number of days that job records are retained (Medical) Each supported Region: 90 No

Number of pending medical vocabularies Each supported Region: 10 Yes

Number of pending vocabularies Each supported Region: 10 Yes

Total number of custom language models per account Each supported Region: 10 Yes

Total number of medical vocabularies per account Each supported Region: 100 Yes

Total number of vocabularies per account Each supported Region: 100 Yes

Transactions per second, CreateVocabulary operation Each supported Region: 10 Yes

Transactions per second, DeleteMedicalTranscriptionJob Each supported Region: 5 Yes

operation

Transactions per second, DeleteMedicalVocabulary operation Each supported Region: 5 Yes

Transactions per second, DeleteTranscriptionJob operation Each supported Region: 5 Yes

Transactions per second, DeleteVocabulary operation Each supported Region: 5 Yes

Transactions per second, GetMedicalTranscriptionJob Each supported Region: 30 Yes

operation

Transactions per second, GetMedicalVocabulary operation Each supported Region: 20 Yes

Transactions per second, GetTranscriptionJob operation Each supported Region: 30 Yes

Transactions per second, GetVocabulary operation Each supported Region: 20 Yes

Transactions per second, ListMedicalTranscriptionJobs Each supported Region: 5 Yes

operation

Transactions per second, ListMedicalVocabularies operation Each supported Region: 5 Yes

Transactions per second, ListTranscriptionJobs operation Each supported Region: 5 Yes

Transactions per second, ListVocabularies operation Each supported Region: 5 Yes

Transactions per second, StartMedicalStreamTranscription Each supported Region: 25 Yes

operation

Transactions per second, StartMedicalTranscriptionJob Each supported Region: 25 Yes

operation

Transactions per second, StartTranscriptionJob operation Each supported Region: 25 Yes

Transactions per second, UpdateMedicalVocabulary Each supported Region: 10 Yes

operation

Transactions per second, UpdateVocabulary operation Each supported Region: 10 Yes

For more information, see Guidelines and quotas in the Amazon Transcribe Developer Guide.

Version 1.0
708
 AWS General Reference Reference guide
Transfer Family

AWS Transfer Family endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
transfer-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
transfer-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) transfer-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
transfer-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Version 1.0
709
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1
transfer-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) transfer-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) transfer-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Concurrent sessions per server Each supported Region: No

10,000

File size Each supported Region: 5 No

Terabytes

Version 1.0
710
 AWS General Reference Reference guide
Amazon Translate

Name Default Adjustable

Idle connection timeout Each supported Region: No

1,800 Seconds

Maximum number of AD Groups for access Each supported Region: 20 Yes

Maximum number of new executions per workflow Each supported Region: 100 No

New executions refill rate per workflow per second Each supported Region: 1 No

Number of Service Managed users Each supported Region: Yes

10,000

Number of authentication requests per user per second Each supported Region: 2 No

SSH keys per Service Managed user Each supported Region: 50 Yes

Servers per account Each supported Region: 50 Yes

VPC_ENDPOINT servers per account Each supported Region: 10 No

Workflows per account Each supported Region: 10 Yes

Amazon Translate endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
translate-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
translate-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)
translate-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
711
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) translate-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Concurrent batch translation jobs Each supported Region: 10 Yes

Custom terminology files Each supported Region: 100 Yes

For more information, see Guidelines and Quotas in the Amazon Translate Developer Guide.

Version 1.0
712
 AWS General Reference Reference guide
Amazon VPC

Amazon Virtual Private Cloud endpoints and

quotas
The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific southeast-3
(Jakarta)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Version 1.0
713
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West)

If you specify the general endpoint ([Link]), Amazon VPC directs your request to the us-
east-1 endpoint.

Service quotas
Name Default Adjustable

Active VPC peering connections per VPC Each supported Region: 50 Yes

Version 1.0
714
 AWS General Reference Reference guide
Service quotas

Name Default Adjustable

Characters per VPC endpoint policy Each supported Region: No

20,480

Egress-only internet gateways per Region Each supported Region: 5 Yes

Gateway VPC endpoints per Region Each supported Region: 20 Yes

IPv4 CIDR blocks per VPC Each supported Region: 5 Yes

IPv6 CIDR blocks per VPC Each supported Region: 1 No

Inbound or outbound rules per security group Each supported Region: 60 Yes

Interface VPC endpoints per VPC Each supported Region: 50 Yes

Internet gateways per Region Each supported Region: 5 Yes

NAT gateways per Availability Zone Each supported Region: 5 Yes

Network ACLs per VPC Each supported Region: 200 Yes

Network interfaces per Region Each supported Region: Yes

5,000

Outstanding VPC peering connection requests Each supported Region: 25 Yes

Participant accounts per VPC Each supported Region: 100 Yes

Route tables per VPC Each supported Region: 200 Yes

Routes per route table Each supported Region: 50 Yes

Rules per network ACL Each supported Region: 20 Yes

Security groups per network interface Each supported Region: 5 Yes

Subnets per VPC Each supported Region: 200 Yes

Subnets that can be shared with an account Each supported Region: 100 Yes

VPC peering connection request expiry hours Each supported Region: 168 No

VPC security groups per Region Each supported Region: Yes

2,500

VPCs per Region Each supported Region: 5 Yes

The following quotas are for VPC Reachability Analyzer.

Name Default Adjustable

Network Access Analyzer Access Scope Analyses Each supported Region: Yes
10,000

Network Access Analyzer Access Scopes Each supported Region: Yes

1,000

Network Access Analyzer Concurrent Access Scope Analyses Each supported Region: 25 Yes

Version 1.0
715
 AWS General Reference Reference guide
AWS WAF

Name Default Adjustable

Reachability Analyzer Analyses Each supported Region: Yes

1,000

Reachability Analyzer Paths Each supported Region: 100 Yes

Reachability Analyzer concurrent Analyses Each supported Region: 6 Yes

For more information, see the following:

• Amazon VPC quotas

• Transit gateway quotas
• Transit Gateway Network manager quotas
• Traffic Mirroring quotas
• VPC Reachability Analyzer quotas
• AWS Client VPN quotas
• Site-to-Site VPN quotas

AWS WAF endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).
Note
This page provides information related the latest version of AWS WAF, released in November
2019. The names of the entities that you use to access AWS WAF, like endpoints and
namespaces, all have the versioning information added, like V2 or v2, to distinguish from the
prior version.

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
wafv2-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
wafv2-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) wafv2-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
wafv2-fi[Link] HTTPS

Version 1.0
716
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Africa af-south-1 [Link] HTTPS

(Cape
Town) wafv2-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong wafv2-fi[Link] HTTPS
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) wafv2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) wafv2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) wafv2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) wafv2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) wafv2-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) wafv2-fi[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
wafv2-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
wafv2-fi[Link] HTTPS

Europe eu-west-1 [Link] HTTPS

(Ireland)
wafv2-fi[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
wafv2-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
wafv2-fi[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
wafv2-fi[Link] HTTPS

Version 1.0
717
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-north-1 [Link] HTTPS

(Stockholm)
wafv2-fi[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) wafv2-fi[Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São wafv2-fi[Link] HTTPS
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) wafv2-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) wafv2-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Maximum IP sets per account in WAF for regional Each supported Region: 100 No

Maximum number of IP addresses in an IP set in WAF for Each supported Region: No

regional 10,000

Maximum number of bytes in a string match (byte match) Each supported Region: 200 No
string in WAF for regional

Maximum number of characters allowed in a regex pattern Each supported Region: 200 No
per account in WAF for regional

Maximum number of log destination configs per web ACL in Each supported Region: 1 No
WAF for regional

Maximum number of patterns in a regex pattern set per Each supported Region: 10 No
account in WAF for regional

Maximum number of rate-based statements per web ACL in Each supported Region: 10 Yes
WAF for Cloudfront

Maximum number of referenced statements per rule group Each supported Region: 50 No
or web ACL in WAF for regional

Maximum number of web ACL capacity units in a rule group Each supported Region: Yes
in WAF for regional 1,500

Maximum number of web ACL capacity units in a web ACL in Each supported Region: Yes
WAF for regional 1,500

Version 1.0
718
 AWS General Reference Reference guide
AWS WAF Classic

Name Default Adjustable

Maximum regex pattern sets per account in WAF for regional Each supported Region: 10 No

Maximum rule groups per account in WAF for regional Each supported Region: 100 Yes

Maximum web ACLs per account in WAF for regional Each supported Region: 100 Yes

For more information, see AWS WAF quotas in the AWS WAF Developer Guide.

AWS WAF Classic endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).
Note
This page provides information related to AWS WAF Classic. If you created AWS WAF resources,
like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated your
web ACLs over yet, you must use AWS WAF Classic to access those resources. Otherwise, do not
use this version.
For information related to the latest version of AWS WAF, see AWS WAF endpoints and
quotas (p. 716).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)
waf-fi[Link] HTTPS

waf-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Version 1.0
719
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS WAF Classic for Application Load Balancers and API Gateway APIs has the following endpoints:

Version 1.0
720
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East us-east-2 [Link] HTTPS

(Ohio)
waf-regional-fi[Link] HTTPS

US East (N. us-east-1 [Link] HTTPS

Virginia)
waf-regional-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) waf-regional-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
waf-regional-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town) waf-regional-fi[Link] HTTPS

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong waf-regional-fi[Link] HTTPS
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai) waf-regional-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka) waf-regional-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul) waf-regional-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore) waf-regional-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney) waf-regional-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo) waf-regional-fi[Link] HTTPS

Canada ca- [Link] HTTPS

(Central) central-1
waf-regional-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Frankfurt) central-1
waf-regional-fi[Link] HTTPS

Version 1.0
721
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu-west-1 [Link] HTTPS

(Ireland)
waf-regional-fi[Link] HTTPS

Europe eu-west-2 [Link] HTTPS

(London)
waf-regional-fi[Link] HTTPS

Europe eu- [Link] HTTPS

(Milan) south-1
waf-regional-fi[Link] HTTPS

Europe eu-west-3 [Link] HTTPS

(Paris)
waf-regional-fi[Link] HTTPS

Europe eu-north-1 [Link] HTTPS

(Stockholm)
waf-regional-fi[Link] HTTPS

Middle me- [Link] HTTPS

East south-1
(Bahrain) waf-regional-fi[Link] HTTPS

South sa-east-1 [Link] HTTPS

America
(São waf-regional-fi[Link] HTTPS
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) waf-regional-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) waf-regional-fi[Link] HTTPS

Service quotas

Name Default Adjustable

Conditions per rule Each supported Region: 10 No

Filters per SQL injection match condition Each supported Region: 10 No

Filters per cross-site scripting match condition Each supported Region: 10 No

Filters per size constraint condition Each supported Region: 10 No

Filters per string match condition Each supported Region: 10 No

GeoMatchSets Each supported Region: 50 No

HTTP header name length Each supported Region: 40 No

Version 1.0
722
 AWS General Reference Reference guide
AWS Well-Architected Tool

Name Default Adjustable

IP address ranges per IP set match condition Each supported Region: No

10,000

IP addresses blocked per rate-based rule Each supported Region: No

10,000

Locations per GeoMatchSet Each supported Region: 50 No

Logging destination configurations per web ACL Each supported Region: 1 No

Pattern sets per regex match condition Each supported Region: 1 No

Patterns per pattern set Each supported Region: 10 No

Rate of requests Each supported Region: Yes

10,000

Rate-based rule rate Each supported Region: No

2,000

Rate-based rules Each supported Region: 5 Yes

Regex pattern length Each supported Region: 70 No

Regex pattern sets Each supported Region: 5 No

Rules Each supported Region: 100 Yes

Rules per web ACL Each supported Region: 10 No

Search length Each supported Region: 50 No

Web ACLs Each supported Region: 50 Yes

For more information, see AWS WAF Classic quotas in the AWS WAF Developer Guide.

AWS Well-Architected Tool endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)

US East (N. us-east-1 [Link] HTTPS

Virginia)

Version 1.0
723
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US us-west-1 [Link] HTTPS

West (N.
California)

US West us-west-2 [Link] HTTPS

(Oregon)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

Version 1.0
724
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

Service quotas

Name Default

AWS accounts and IAM users that a workload can 20

be shared with

AWS accounts and IAM users that a custom lens 300

can be shared with

Pillars per custom lens 10

Questions per pillar 20

Choices per question 15

Lenses created in an AWS account 15

Lenses added to a workload 20

Versions of a lens 100

Lens size limit (JSON file) 500 KB

Amazon WorkDocs endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
workdocs-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
workdocs-fi[Link] HTTPS

Version 1.0
725
 AWS General Reference Reference guide
Amazon WorkLink

Region Region Endpoint Protocol

Name

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Europe eu-west-1 [Link] HTTPS

(Ireland)

Amazon WorkLink endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints

Region Name Region Endpoint Protocol

US East (N. Virginia) us-east-1 [Link]- HTTPS

[Link]

US East (Ohio) us-east-2 [Link]- HTTPS

[Link]

US West (Oregon) us-west-2 [Link]- HTTPS

[Link]

Europe (Ireland) eu-west-1 [Link]- HTTPS

[Link]

Amazon WorkMail endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Version 1.0
726
 AWS General Reference Reference guide
Service endpoints

Service endpoints
Region Name Region Service Endpoint

US East (N. Virginia) us-east-1 Amazon WorkMail [Link]

SDK [Link]

US East (N. Virginia) us-east-1 Autodiscover [Link]-

[Link]

US East (N. Virginia) us-east-1 Exchange Web [Link]

Service

US East (N. Virginia) us-east-1 Exchange Active [Link]

Sync

US East (N. Virginia) us-east-1 MAPI Proxy [Link]

US East (N. Virginia) us-east-1 IMAPS [Link]

US East (N. Virginia) us-east-1 SMTP via TLS (port [Link]

465)

US West (Oregon) us-west-2 Amazon WorkMail [Link]

SDK [Link]

US West (Oregon) us-west-2 Autodiscover [Link]-

[Link]

US West (Oregon) us-west-2 Exchange Web [Link]

Service

US West (Oregon) us-west-2 Exchange Active [Link]

Sync

US West (Oregon) us-west-2 MAPI Proxy [Link]

US West (Oregon) us-west-2 IMAPS [Link]

US West (Oregon) us-west-2 SMTP via TLS (port [Link]

465)

Europe (Ireland) eu-west-1 Amazon WorkMail [Link]

SDK [Link]

Europe (Ireland) eu-west-1 Autodiscover [Link]-

[Link]

Europe (Ireland) eu-west-1 Exchange Web [Link]

Service

Europe (Ireland) eu-west-1 Exchange Active [Link]

Sync

Europe (Ireland) eu-west-1 MAPI Proxy [Link]

Europe (Ireland) eu-west-1 IMAPS [Link]

Europe (Ireland) eu-west-1 SMTP via TLS (port [Link]

465)

Version 1.0
727
 AWS General Reference Reference guide
Service quotas

Service quotas
For more information, see Amazon WorkMail Quotas.

WorkSpaces endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
workspaces-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
workspaces-fi[Link] HTTPS

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
728
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) workspaces-fi[Link] HTTPS

Service quotas

Resource Default Description Adjustable

WorkSpaces 1 The maximum number Yes

of WorkSpaces in this
account in the current
Region.

Graphics WorkSpaces 0 The maximum number Yes

of Graphics WorkSpaces
in this account in the
current Region.

GraphicsPro 0 The maximum number Yes

WorkSpaces of GraphicsPro
WorkSpaces in this
account in the current
Region.

Images 40 The maximum number Yes

of images in this
account in the current
Region.

Bundles 50 The maximum number No

of bundles in this
account in the current
Region. This quota
applies only to custom
bundles, not to public
bundles.

Connection aliases 20 The maximum number No

of connection aliases
in this account in the
current Region.

Directories 50 The maximum number No

of directories that
can be registered
for use with Amazon
WorkSpaces in this

Version 1.0
729
 AWS General Reference Reference guide
X-Ray

Resource Default Description Adjustable

account in the current
Region.

IP access control groups 100 The maximum number No

of IP access control
groups in this account
in the current Region.

Rules per IP access 10 The maximum number No

control group of rules per IP access
control group in this
account in the current
Region.

IP access control groups 25 The maximum number No

per directory of IP access control
groups per directory
in this account in the
current Region.

The following quotas are for Amazon WorkSpaces Application Manager. For more information, see
Amazon WorkSpaces Application Manager quotas in the Amazon WAM Administration Guide.

Name Default Adjustable

Application assignments per user Each supported Region: 50 Yes

Application size Each supported Region: 5 No

Gigabytes

Total package size without storage fees Each supported Region: 100 No
Gigabytes

User/WorkSpace or group assignments per application Each supported Region: 200 Yes

AWS X-Ray endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically
to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services
offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints (p. 733).
Service quotas, also referred to as limits, are the maximum number of service resources or operations for
your AWS account. For more information, see AWS service quotas (p. 737).

Service endpoints
Region Region Endpoint Protocol
Name

US East us-east-2 [Link] HTTPS

(Ohio)
xray-fi[Link] HTTPS

Version 1.0
730
 AWS General Reference Reference guide
Service endpoints

Region Region Endpoint Protocol

Name

US East (N. us-east-1 [Link] HTTPS

Virginia)
xray-fi[Link] HTTPS

US us-west-1 [Link] HTTPS

West (N.
California) xray-fi[Link] HTTPS

US West us-west-2 [Link] HTTPS

(Oregon)
xray-fi[Link] HTTPS

Africa af-south-1 [Link] HTTPS

(Cape
Town)

Asia ap-east-1 [Link] HTTPS

Pacific
(Hong
Kong)

Asia ap- [Link] HTTPS

Pacific south-1
(Mumbai)

Asia ap- [Link] HTTPS

Pacific northeast-3
(Osaka)

Asia ap- [Link] HTTPS

Pacific northeast-2
(Seoul)

Asia ap- [Link] HTTPS

Pacific southeast-1
(Singapore)

Asia ap- [Link] HTTPS

Pacific southeast-2
(Sydney)

Asia ap- [Link] HTTPS

Pacific northeast-1
(Tokyo)

Canada ca- [Link] HTTPS

(Central) central-1

Europe eu- [Link] HTTPS

(Frankfurt) central-1

Europe eu-west-1 [Link] HTTPS

(Ireland)

Europe eu-west-2 [Link] HTTPS

(London)

Version 1.0
731
 AWS General Reference Reference guide
Service quotas

Region Region Endpoint Protocol

Name

Europe eu- [Link] HTTPS

(Milan) south-1

Europe eu-west-3 [Link] HTTPS

(Paris)

Europe eu-north-1 [Link] HTTPS

(Stockholm)

Middle me- [Link] HTTPS

East south-1
(Bahrain)

South sa-east-1 [Link] HTTPS

America
(São
Paulo)

AWS us-gov- [Link] HTTPS

GovCloud east-1
(US-East) xray-fi[Link] HTTPS

AWS us-gov- [Link] HTTPS

GovCloud west-1
(US-West) xray-fi[Link] HTTPS

Service quotas
Name Default Adjustable

Custom sampling rules per region Each supported Region: 25 No

Groups in an account Each supported Region: 25 No

Indexed annotations per trace Each supported Region: 50 No

Segment document size Each supported Region: 64 No

Kilobytes

Tags per custom sampling rule Each supported Region: 50 Yes

Tags per group Each supported Region: 50 Yes

Trace and service graph retention in days Each supported Region: 30 No

Trace data modification period in days Each supported Region: 7 No

Trace document size (dynamic upper limit) Each supported Region: 500 No
Kilobytes

Trace document size (lower limit) Each supported Region: 100 No

Kilobytes

Version 1.0
732
 AWS General Reference Reference guide
AWS service endpoints

AWS resources
The following pages provide information that helps you work with AWS resources.

Contents
• AWS service endpoints (p. 733)
• Managing AWS Regions (p. 735)
• AWS service quotas (p. 737)
• Tagging AWS resources (p. 738)
• Amazon Resource Names (ARNs) (p. 742)

AWS service endpoints

To connect programmatically to an AWS service, you use an endpoint. An endpoint is the URL of the
entry point for an AWS web service. The AWS SDKs and the AWS Command Line Interface (AWS CLI)
automatically use the default endpoint for each service in an AWS Region. But you can specify an
alternate endpoint for your API requests.

If a service supports Regions, the resources in each Region are independent of similar resources in other
Regions. For example, you can create an Amazon EC2 instance or an Amazon SQS queue in one Region.
When you do, the instance or queue is independent of instances or queues in all other Regions.

Contents
• Regional endpoints (p. 733)
• View the service endpoints (p. 734)
• FIPS endpoints (p. 735)
• Learn more (p. 735)

Regional endpoints
Most Amazon Web Services offer a Regional endpoint that you can use to make your requests. The
general syntax of a Regional endpoint is as follows.

protocol://[Link]

For example, [Link] is the endpoint for the Amazon

DynamoDB service in the US West (Oregon) Region.

The following table lists the name and code of each Region.

Region Name Code

US East (Ohio) us-east-2

US East (N. Virginia) us-east-1

US West (N. California) us-west-1

Version 1.0
733
 AWS General Reference Reference guide
View the service endpoints

Region Name Code

US West (Oregon) us-west-2

Africa (Cape Town) af-south-1

Asia Pacific (Hong Kong) ap-east-1

Asia Pacific (Jakarta) ap-southeast-3

Asia Pacific (Mumbai) ap-south-1

Asia Pacific (Osaka) ap-northeast-3

Asia Pacific (Seoul) ap-northeast-2

Asia Pacific (Singapore) ap-southeast-1

Asia Pacific (Sydney) ap-southeast-2

Asia Pacific (Tokyo) ap-northeast-1

Canada (Central) ca-central-1

China (Beijing) cn-north-1

China (Ningxia) cn-northwest-1

Europe (Frankfurt) eu-central-1

Europe (Ireland) eu-west-1

Europe (London) eu-west-2

Europe (Milan) eu-south-1

Europe (Paris) eu-west-3

Europe (Stockholm) eu-north-1

Middle East (Bahrain) me-south-1

South America (São Paulo) sa-east-1

Some services, such as IAM, do not support Regions. The endpoints for these services do not include
a Region. Other services, such as Amazon EC2, support Regions but let you specify an endpoint that
does not include a Region, such as [Link] When you use an endpoint with
no Region, AWS routes the Amazon EC2 request to US East (N. Virginia) (us-east-1), which is the default
Region for API calls.

View the service endpoints

You can view the AWS service endpoints using the following options:

• Open Service endpoints and quotas (p. 16), search for the service name, and click the link to open
the page for that service. To view the supported endpoints for all AWS services in the documentation
without switching pages, view the information in the Service Endpoints and Quotas page in the PDF
instead.
• To programmatically check for service availability using the SDK for Java, see Checking for Service
Availability in an AWS Region in the AWS SDK for Java Developer Guide.

Version 1.0
734
 AWS General Reference Reference guide
FIPS endpoints

• To programmatically view Region and service information using Systems Manager, see Calling AWS
Service, Region, and Endpoint Public Parameters in the AWS Systems Manager User Guide. For
information about how to use public parameters, see Query for AWS Regions, Endpoints, and More
Using AWS Systems Manager Parameter Store.
• To see the supported AWS services in each Region (without endpoints), see the Region Table.

FIPS endpoints
Some AWS services offer FIPS endpoints in selected Regions. Unlike standard AWS endpoints, FIPS
endpoints use a TLS software library that complies with Federal Information Processing Standard
(FIPS) 140-2. These endpoints might be required by enterprises that interact with the United States
government. For more information, see Federal Information Processing Standard (FIPS) 140-2 on the
AWS Compliance site.

To use a FIPS endpoint with an AWS operation, use the mechanism provided by the AWS SDK or tool to
specify a custom endpoint. For example, the AWS Command Line Interface provides the --endpoint-
url option. The following example uses the FIPS endpoint for the US West (Oregon) Region with an
operation for AWS Key Management Service (AWS KMS).

aws kms create-key --endpoint-url [Link]

Minimum TLS version for FIPS endpoints

With FIPS endpoints, the minimum requirement is TLS 1.2. AWS revoked the ability to use TLS 1.0
and TLS 1.1 on all FIPS endpoints in all Regions as of March 31, 2021. For information about how to
determine whether your applications were impacted by this change, see this AWS Security Blog post
from May 3, 2021.

Learn more
You can find endpoint information from the following sources:

• To learn about enabling Regions that are disabled by default, see Managing AWS Regions (p. 735).
• For information about the AWS services and endpoints available in the China Regions, see China
(Beijing) Region Endpoints and China (Ningxia) Region Endpoints.
• For information about the AWS services and endpoints available in AWS GovCloud (US), see Service
Endpoints in the AWS GovCloud (US) User Guide.

Managing AWS Regions

An AWS Region is a collection of AWS resources in a geographic area. Each AWS Region is isolated and
independent of the other Regions. Regions provide fault tolerance, stability, and resilience, and can also
reduce latency. They enable you to create redundant resources that remain available and unaffected by a
Regional outage. For a list of Region names and codes, see this table (p. 733).

The resources that you create in one Region do not exist in any other Region unless you explicitly use a
replication feature offered by an AWS service. For example, Amazon S3 and Amazon EC2 support cross-
Region replication. Some services, such as AWS Identity and Access Management (IAM), do not have
Regional resources.

You can use policy conditions to control access to AWS services in an AWS Region. For a table of AWS
services supported in each Region (without endpoints), see the Region Table.

Version 1.0
735
 AWS General Reference Reference guide
Enabling a Region

Regions introduced before March 20, 2019 are enabled by default. You can begin creating and managing
resources in these Regions immediately. You cannot enable or disable a Region that is enabled by
default.

Enabling a Region
If a Region is disabled by default, you must enable it before you can create and manage resources. The
following Regions are disabled by default:

• Africa (Cape Town)

• Asia Pacific (Hong Kong)
• Asia Pacific (Jakarta)
• Europe (Milan)
• Middle East (Bahrain)

When you enable a Region, AWS performs actions to prepare your account in that Region, such as
distributing your IAM resources to the Region. This process takes a few minutes for most accounts, but
this can take several hours. You cannot use the Region until this process is complete.

Requirements

To enable a Region that is disabled by default, you must have permission to enable Regions. To view an
example IAM policy, see Allow enabling and disabling AWS Regions in the IAM User Guide.

To enable a Region

1. Sign in to the AWS Management Console.

2. In the upper right corner of the console, choose your account name or number and then choose
Account.
3. In the AWS Regions section, next to the name of the Region that you want to enable, choose
Enable.
4. In the dialog box, review the informational text and choose Enable Region.
5. Wait until the Region is ready to use.

Disabling a Region
You cannot disable a Region that is enabled by default. If you enabled one of the following Regions, then
you can disable it as needed:

• Africa (Cape Town)

• Asia Pacific (Hong Kong)
• Asia Pacific (Jakarta)
• Europe (Milan)
• Middle East (Bahrain)

After you disable a Region, the resources in this Region become unavailable based on eventual
consistency. However, they are not deleted.

Requirements

• To disable a Region, you must have permission to disable Regions. To view an example IAM policy, see
Allow enabling and disabling AWS Regions in the IAM User Guide.

Version 1.0
736
 AWS General Reference Reference guide
Describing your Regions using the AWS CLI

• Before you disable a Region, we recommend that you remove all resources from that Region. After you
disable a Region, you can no longer view or manage resources in the Region from that account through
the AWS Management console or AWS APIs with IAM principals. However, resources in that Region can
continue to incur charges. For more information, see Enabling and disabling Regions in the AWS Billing
and Cost Management User Guide.

To disable a Region

1. Sign in to the AWS Management Console.

2. In the upper right corner of the console, choose your account name or number and then choose My
Account.
3. In the AWS Regions section, next to the name of the Region that you want to disable, choose
Disable.
4. In the dialog box, review the informational text and choose Disable Region.

Describing your Regions using the AWS CLI

Use the describe-regions command to describe the Regions available for your account, whether they are
enabled or disabled.

aws ec2 describe-regions --all-regions

If the Region is enabled by default, the output includes the following:

"OptInStatus": "opt-in-not-required"

If the Region is not enabled, the output includes the following:

"OptInStatus": "not-opted-in"

After an opt-in Region is enabled, the output includes the following:

"OptInStatus": "opted-in"

AWS service quotas

Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless
otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other
quotas cannot be increased.

Service Quotas is an AWS service that helps you manage your quotas for many AWS services, from one
location. Along with looking up the quota values, you can also request a quota increase from the Service
Quotas console.

AWS Support might approve, deny, or partially approve your requests.

To view service quotas

You can view service quotas using the following options:

• Open the Service endpoints and quotas (p. 16) page in the documentation, search for the service
name, and click the link to go to the page for that service. To view the service quotas for all AWS

Version 1.0
737
 AWS General Reference Reference guide
Tagging AWS resources

services in the documentation without switching pages, view the information in the Service Endpoints
and Quotas page in the PDF instead.
• Open the Service Quotas console. In the navigation pane, choose AWS services and select a service.
• Use the list-service-quotas and list-aws-default-service-quotas AWS CLI commands.

To request a quota increase

You can request a quota increase using Service Quotas and AWS Support Center. If a service is not yet
available in Service Quotas, use AWS Support Center instead. Increases are not granted immediately. It
might take a couple of days for your increase to become effective.

• (Recommended) Open the Service Quotas console. In the navigation pane, choose AWS services.
Select a service, select a quota, and follow the directions to request a quota increase. For more
information, see Requesting a Quota Increase in the Service Quotas User Guide.
• Use the request-service-quota-increase AWS CLI command.
• Open the AWS Support Center page, sign in if necessary, and choose Create case. Choose Service limit
increase. Complete and submit the form.

Tagging AWS resources

You can assign metadata to your AWS resources in the form of tags. Each tag is a label consisting of a
user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
You can create tags to categorize resources by purpose, owner, environment, or other criteria.

Each tag has two parts:

• A tag key (for example, CostCenter, Environment, or Project). Tag keys are case sensitive.
• A tag value (for example, 111122223333 or Production). Like tag keys, tag values are case sensitive.

You can use tags to categorize resources by purpose, owner, environment, or other criteria.
Important
Do not add personally identifiable information (PII) or other confidential or sensitive
information in tags. Tags are accessible to many AWS services, including billing. Tags are not
intended to be used for private or sensitive data.

Best practices
As you create a tagging strategy for AWS resources, follow best practices:

• Do not store personally identifiable information (PII) or other confidential or sensitive information in
tags.
• Use a standardized, case-sensitive format for tags, and apply it consistently across all resource types.
• Consider tag guidelines that support multiple purposes, like managing resource access control, cost
tracking, automation, and organization.
• Use automated tools to help manage resource tags. AWS Resource Groups and the Resource Groups
Tagging API enable programmatic control of tags, making it easier to automatically manage, search,
and filter tags and resources.
• Use too many tags rather than too few tags.
• Remember that it is easy to change tags to accommodate changing business requirements, but
consider the consequences of future changes. For example, changing access control tags means you
must also update the policies that reference those tags and control access to your resources.

Version 1.0
738
 AWS General Reference Reference guide
Tagging categories

• You can automatically enforce the tagging standards that your organization chooses to adopt by
creating and deploying tag policies using AWS Organizations. Tag policies let you specify tagging
rules that define valid key names and the values that are valid for each key. You can choose to only
monitor, giving you an opportunity to evaluate and clean up your existing tags. Once your tags are
in compliance with your chosen standards, you can then turn on enforcement in the tag policies to
prevent non-compliant tags from being created. For more information, see Tag policies in the AWS
Organizations User Guide.

Tagging categories
Companies that are most effective in their use of tags typically create business-relevant tag groupings
to organize their resources along technical, business, and security dimensions. Companies that use
automated processes to manage their infrastructure also include additional, automation-specific tags.

Technical tags Tags for automation Business tags Security tags

• Name – Identify • Date/Time – Identify • Project – Identify • Confidentiality –

individual resources the date or time a projects that the An identifier for
• Application ID – resource should be resource supports the specific data
Identify resources started, stopped, • Owner – Identify who confidentiality level a
that are related to a deleted, or rotated is responsible for the resource supports
specific application • Opt in/Opt out – resource • Compliance –
• Application Role – Indicate whether • Cost Center/Business An identifier for
Describe the function a resource should Unit – Identify workloads that
of a particular be included in an the cost center must adhere to
resource (such as automated activity or business unit specific compliance
web server, message such as starting, associated with a requirements
broker, database) stopping, or resizing resource, typically for
instances cost allocation and
• Cluster – Identify
resource farms that • Security – Determine tracking
share a common requirements, such • Customer – Identify
configuration and as encryption or a specific client that
perform a specific enabling of Amazon a particular group of
function for an VPC flow logs; resources serves
application identify route tables
or security groups
• Environment –
that need extra
Distinguish between
scrutiny
development, test,
and production
resources
• Version – Help
distinguish between
versions of resources
or applications

Tag naming limits and requirements

The following basic naming and usage requirements apply to tags:

• Each resource can have a maximum of 50 user created tags.

• System created tags that begin with aws: are reserved for AWS use, and do not count against this
limit. You can't edit or delete a tag that begins with the aws: prefix.

Version 1.0
739
 AWS General Reference Reference guide
Common tagging strategies

• For each resource, each tag key must be unique, and each tag key can have only one value.
• The tag key must be a minimum of 1 and a maximum of 128 Unicode characters in UTF-8.
• The tag value must be a minimum of 0 and a maximum of 256 Unicode characters in UTF-8.
• Allowed characters can vary by AWS service. For information about what characters you can use to tag
resources in a particular AWS service, see its documentation. In general, the allowed characters are
letters, numbers, spaces representable in UTF-8, and the following characters: _ . : / = + - @.
• Tag keys and values are case sensitive. As a best practice, decide on a strategy for capitalizing tags,
and consistently implement that strategy across all resource types. For example, decide whether to use
Costcenter, costcenter, or CostCenter, and use the same convention for all tags. Avoid using
similar tags with inconsistent case treatment.

Common tagging strategies

Use the following tagging strategies to help identify and manage AWS resources.

Contents
• Tags for resource organization (p. 740)
• Tags for cost allocation (p. 740)
• Tags for automation (p. 741)
• Tags for access control (p. 741)

Tags for resource organization

Tags are a good way to organize AWS resources in the AWS Management Console. You can configure tags
to be displayed with resources, and can search and filter by tag. With the AWS Resource Groups service,
you can create groups of AWS resources based on one or more tags or portions of tags. You can also
create groups based on their occurrence in an AWS CloudFormation stack. Using Resource Groups and
Tag Editor, you can consolidate and view data for applications that consist of multiple services, resources,
and Regions in one place.

Tags for cost allocation

AWS Cost Explorer and detailed billing reports let you break down AWS costs by tag. Typically, you
use business tags such as cost center/business unit, customer, or project to associate AWS costs with
traditional cost-allocation dimensions. But a cost allocation report can include any tag. This lets you
associate costs with technical or security dimensions, such as specific applications, environments, or
compliance programs. The following is an example of a partial cost allocation report.

Version 1.0
740
 AWS General Reference Reference guide
Tagging governance

For some services, you can use an AWS-generated createdBy tag for cost allocation purposes, to help
account for resources that might otherwise go uncategorized. The createdBy tag is available only for
supported AWS services and resources. Its value contains data associated with specific API or console
events. For more information, see AWS-Generated Cost Allocation Tags in the AWS Billing and Cost
Management User Guide.

Tags for automation

Resource or service-specific tags are often used to filter resources during automation activities.
Automation tags are used to opt in or opt out of automated tasks or to identify specific versions of
resources to archive, update, or delete. For example, you can run automated start or stop scripts that
turn off development environments during nonbusiness hours to reduce costs. In this scenario, Amazon
Elastic Compute Cloud (Amazon EC2) instance tags are a simple way to identify instances to opt out of
this action. For scripts that find and delete stale, out-of-date, or rolling Amazon EBS snapshots, snapshot
tags can add an extra dimension of search criteria.

Tags for access control

IAM policies support tag-based conditions, letting you constrain IAM permissions based on specific tags
or tag values. For example, IAM user or role permissions can include conditions to limit EC2 API calls to
specific environments (such as development, test, or production) based on their tags. The same strategy
can be used to limit API calls to specific Amazon Virtual Private Cloud (Amazon VPC) networks. Support
for tag-based, resource-level IAM permissions is service specific. When you use tag-based conditions for
access control, be sure to define and restrict who can modify the tags. For more information about using
tags to control API access to AWS resources, see AWS services that work with IAM in the IAM User Guide.

Tagging governance
An effective tagging strategy uses standardized tags and applies them consistently and
programmatically across AWS resources. You can use both reactive and proactive approaches for
governing tags in your AWS environment.

• Reactive governance is for finding resources that are not properly tagged using tools such as the
Resource Groups Tagging API, AWS Config Rules, and custom scripts. To find resources manually, you
can use Tag Editor and detailed billing reports.
• Proactive governance uses tools such as AWS CloudFormation, AWS Service Catalog, tag policies in
AWS Organizations, or IAM resource-level permissions to ensure standardized tags are consistently
applied at resource creation.

For example, you can use the AWS CloudFormation Resource Tags property to apply tags to
resource types. In AWS Service Catalog, you can add portfolio and product tags that are combined and
applied to a product automatically when it is launched. More rigorous forms of proactive governance
include automated tasks. For example, you can use the Resource Groups Tagging API to search an AWS
environment’s tags, or run scripts to quarantine or delete improperly tagged resources.

Learn more
This page provides general information on tagging AWS resources. For more information about tagging
resources in a particular AWS service, see its documentation. The following are also good sources of
information about tagging:

• For a list of services that support tagging, see the Resource Groups Tagging API Reference.
• For information about Tag Editor, see Working with Tag Editor in the AWS Resource Groups User Guide.
• For information about using tags to control access to AWS resources, see Control Access Using IAM
Tags in the IAM User Guide.

Version 1.0
741
 AWS General Reference Reference guide
Amazon Resource Names (ARNs)

Amazon Resource Names (ARNs)

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to
specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database
Service (Amazon RDS) tags, and API calls.

The Service Authorization Reference lists the ARNs that you can use in IAM policies.

ARN format
The following are the general formats for ARNs. The specific formats depend on the resource. To use an
ARN, replace the italicized text with the resource-specific information. Be aware that the ARNs for
some resources omit the Region, the account ID, or both the Region and the account ID.

arn:partition:service:region:account-id:resource-id
arn:partition:service:region:account-id:resource-type/resource-id
arn:partition:service:region:account-id:resource-type:resource-id

partition

The partition in which the resource is located. A partition is a group of AWS Regions. Each AWS
account is scoped to one partition.

The following are the supported partitions:

• aws - AWS Regions
• aws-cn - China Regions
• aws-us-gov - AWS GovCloud (US) Regions
service

The service namespace that identifies the AWS product. For example, s3 for Amazon S3. To find a
service namespace, open the Service Authorization Reference, open the page for the service, and
find the phrase "service prefix" in the first sentence. For example, the following text appears in the
first sentence on the page for Amazon S3:

(service prefix: s3)

region

The Region code. For example, us-east-2 for US East (Ohio). For the list of Region codes, see
Regional endpoints (p. 733).
account-id

The ID of the AWS account that owns the resource, without the hyphens. For example,
123456789012.
resource-id

The resource identifier. This part of the ARN can be the name or ID of the resource or a resource
path (p. 743). For example, user/Bob for an IAM user or instance/i-1234567890abcdef0 for
an EC2 instance. Some resource identifiers include a parent resource (sub-resource-type/parent-
resource/sub-resource) or a qualifier such as a version (resource-type:resource-name:qualifier).

Version 1.0
742
 AWS General Reference Reference guide
Paths in ARNs

Paths in ARNs
Resource ARNs can include a path. For example, in Amazon S3, the resource identifier is an object name
that can include slashes (/) to form a path. Similarly, IAM user names and group names can include
paths.

Paths can include a wildcard character, namely an asterisk (*). For example, if you are writing an IAM
policy, you can specify all IAM users that have the path product_1234 using a wildcard as follows:

arn:aws:iam::123456789012:user/Development/product_1234/*

Similarly, you can specify user/* to mean all users or group/* to mean all groups, as in the following
examples:

"Resource":"arn:aws:iam::123456789012:user/*"
"Resource":"arn:aws:iam::123456789012:group/*"

The following example shows ARNs for an Amazon S3 bucket in which the resource name includes a
path:

arn:aws:s[Link]my_corporate_bucket/*
arn:aws:s[Link]my_corporate_bucket/Development/*

Incorrect wildcard usage

You cannot use a wildcard in the portion of the ARN that specifies the resource type, such as the term
user in an IAM ARN. For example, the following is not allowed.

arn:aws:iam::123456789012:u* <== not allowed

Version 1.0
743
 AWS General Reference Reference guide
Download

AWS IP address ranges

Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current
ranges, download the .json file. To maintain history, save successive versions of the .json file on your
system. To determine whether there have been changes since the last time that you saved the file, check
the publication time in the current file and compare it to the publication time in the last file that you
saved.

Contents
• Download (p. 744)
• Syntax (p. 744)
• Filtering the JSON file (p. 746)
• Implementing egress control (p. 749)
• AWS IP address ranges notifications (p. 750)
• Release notes (p. 752)

Download
Download [Link].

If you access this file programmatically, it is your responsibility to ensure that the application downloads
the file only after successfully verifying the TLS certificate presented by the server.

Syntax
The syntax of [Link] is as follows.

{
"syncToken": "0123456789",
"createDate": "yyyy-mm-dd-hh-mm-ss",
"prefixes": [
{
"ip_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
],
"ipv6_prefixes": [
{
"ipv6_prefix": "cidr",
"region": "region",
"network_border_group": "network_border_group",
"service": "subset"
}
]
}

Version 1.0
744
 AWS General Reference Reference guide
Syntax

syncToken

The publication time, in Unix epoch time format.

Type: String

Example: "syncToken": "1416435608"

createDate

The publication date and time, in UTC YY-MM-DD-hh-mm-ss format.

Type: String

Example: "createDate": "2014-11-19-23-29-02"

prefixes

The IP prefixes for the IPv4 address ranges.

Type: Array
ipv6_prefixes

The IP prefixes for the IPv6 address ranges.

Type: Array
ip_prefix

The public IPv4 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges. For example, prefix [Link]/17 in the file may be advertised as [Link]/21,
[Link]/21, [Link]/19, and [Link]/18.

Type: String

Example: "ip_prefix": "[Link]/24"

ipv6_prefix

The public IPv6 address range, in CIDR notation. Note that AWS may advertise a prefix in more
specific ranges.

Type: String

Example: "ipv6_prefix": "[Link]/64"

network_border_group

The name of the network border group, which is a unique set of Availability Zones or Local Zones
from where AWS advertises IP addresses.

Type: String

Example: "network_border_group": "us-west-2-lax-1"

region

The AWS Region or GLOBAL for edge locations. The CLOUDFRONT and ROUTE53 ranges are GLOBAL.

Type: String

Valid values: ap-east-1 | ap-northeast-1 | ap-northeast-2 | ap-northeast-3 | ap-south-1

| ap-southeast-1 | ap-southeast-2 | ca-central-1 | cn-north-1 | cn-northwest-1 | eu-

Version 1.0
745
 AWS General Reference Reference guide
Filtering the JSON file

central-1 | eu-north-1 | eu-west-1 | eu-west-2 | eu-west-3 | sa-east-1 | us-east-1 |

us-east-2 | us-gov-east-1 | us-gov-west-1 | us-west-1 | us-west-2 | GLOBAL

Example: "region": "us-east-1"

service

The subset of IP address ranges. The addresses listed for API_GATEWAY are egress only. Specify
AMAZON to get all IP address ranges (meaning that every subset is also in the AMAZON subset).
However, some IP address ranges are only in the AMAZON subset (meaning that they are not also
available in another subset).

Type: String

Valid values: AMAZON | AMAZON_APPFLOW | AMAZON_CONNECT | API_GATEWAY

| CHIME_MEETINGS | CHIME_VOICECONNECTOR | CLOUD9 | CLOUDFRONT |
CLOUDFRONT_ORIGIN_FACING | CODEBUILD | DYNAMODB | EBS | EC2 | EC2_INSTANCE_CONNECT
| GLOBALACCELERATOR | KINESIS_VIDEO_STREAMS | ROUTE53 | ROUTE53_HEALTHCHECKS |
ROUTE53_HEALTHCHECKS_PUBLISHING | ROUTE53_RESOLVER | S3 | WORKSPACES_GATEWAYS

Example: "service": "AMAZON"

Filtering the JSON file

You can download a command line tool to help you filter the information to just what you are looking
for.

Windows
The AWS Tools for Windows PowerShell includes a cmdlet, Get-AWSPublicIpAddressRange, to parse
this JSON file. The following examples demonstrate its use. For more information, see Querying the
Public IP Address Ranges for AWS and Get-AWSPublicIpAddressRange.

Example 1. Get the creation date

PS C:\> Get-AWSPublicIpAddressRange -OutputPublicationDate

Wednesday, August 22, 2018 [Link] PM

Example 2. Get the information for a specific Region

PS C:\> Get-AWSPublicIpAddressRange -Region us-east-1

IpPrefix Region NetworkBorderGroup Service

-------- ------ ------- -------
[Link]/14 us-east-1 us-east-1 AMAZON
[Link]/15 us-east-1 us-east-1 AMAZON
[Link]/16 us-east-1 us-east-1 AMAZON
...

Example 3. Get all IP addresses

PS C:\> (Get-AWSPublicIpAddressRange).IpPrefix
[Link]/14
[Link]/22
[Link]/24

Version 1.0
746
 AWS General Reference Reference guide
Linux

...
[Link]/64
[Link]/40
[Link]/64
[Link]/28

Example 4. Get all IPv4 addresses

PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv4"} | select

IpPrefix

IpPrefix
--------
[Link]/14
[Link]/22
[Link]/24
...

Example 5. Get all IPv6 addresses

PS C:\> Get-AWSPublicIpAddressRange | where {$_.IpAddressFormat -eq "Ipv6"} | select

IpPrefix

IpPrefix
--------
[Link]/40
[Link]/40
[Link]/40
...

Example 6. Get all IP addresses for a specific service

PS C:\> Get-AWSPublicIpAddressRange -ServiceKey CODEBUILD | select IpPrefix

IpPrefix
--------
[Link]/29
[Link]/29
[Link]/29
...

Linux
The following example commands use the jq tool to parse a local copy of the JSON file.

Example 1. Get the creation date

$ jq .createDate < [Link]

"2016-02-18-17-22-15"

Example 2. Get the information for a specific Region

$ jq '.prefixes[] | select(.region=="us-east-1")' < [Link]

{
"ip_prefix": "[Link]/14",

Version 1.0
747
 AWS General Reference Reference guide
Linux

"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "[Link]/15",
"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
{
"ip_prefix": "[Link]/16",
"region": "us-east-1",
"network_border_group": "us-east-1",
"service": "AMAZON"
},
...

Example 3. Get all IPv4 addresses

$ jq -r '.prefixes | .[].ip_prefix' < [Link]

[Link]/14
[Link]/22
[Link]/24
...

Example 4. Get all IPv6 addresses

$ jq -r '.ipv6_prefixes | .[].ipv6_prefix' < [Link]

[Link]/40
[Link]/40
[Link]/40
...

Example 5. Get all IPv4 addresses for a specific service

$ jq -r '.prefixes[] | select(.service=="CODEBUILD") | .ip_prefix' < [Link]

[Link]/29
[Link]/29
[Link]/29
...

Example 6. Get all IPv4 addresses for a specific service in a specific Region

$ jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="CODEBUILD")

| .ip_prefix' < [Link]

[Link]/28

Example 7. Get information for a certain network border group

$ jq -r '.prefixes[] | select(.region=="us-west-2") | select(.network_border_group=="us-

west-2-lax-1") | .ip_prefix' < [Link]
[Link]/18
[Link]/24

Version 1.0
748
 AWS General Reference Reference guide
Implementing egress control

[Link]/16
...

Implementing egress control

To allow an instance to access only AWS services, create a security group with rules that allow outbound
traffic to the CIDR blocks in the AMAZON list, minus the CIDR blocks that are also in the EC2 list. IP
addresses in the EC2 list can be assigned to EC2 instances.

Windows PowerShell
The following PowerShell example shows you how to get the IP addresses that are in the AMAZON list but
not the EC2 list. Copy the script and save it in a file named Select_address.ps1.

$amazon_addresses = Get-AWSPublicIpAddressRange -ServiceKey amazon

$ec2_addresses = Get-AWSPublicIpAddressRange -ServiceKey ec2

ForEach ($address in $amazon_addresses)

{
if( $ec2_addresses.IpPrefix -notcontains $[Link])
{
($address).IpPrefix
}
}

You can run this script as follows:

PS C:\> .\Select_address.ps1
[Link]/15
[Link]/16
[Link]/20
[Link]/21
[Link]/22
[Link]/22
[Link]/22
[Link]/24
[Link]/24
...

jq
The following example shows you how to get the IP addresses that are in the AMAZON list but not the
EC2 list, for all Regions:

jq -r '[.prefixes[] | select(.service=="AMAZON").ip_prefix] - [.prefixes[] |

select(.service=="EC2").ip_prefix] | .[]' < [Link]

[Link]/24
[Link]/24
[Link]/23
[Link]/22
[Link]/28
[Link]/23
[Link]/21
...

Version 1.0
749
 AWS General Reference Reference guide
Python

The following example shows you how to filter the results to one Region:

jq -r '[.prefixes[] | select(.region=="us-east-1" and .service=="AMAZON").ip_prefix] -

[.prefixes[] | select(.region=="us-east-1" and .service=="EC2").ip_prefix] | .[]' < ip-
[Link]

Python
The following python script shows you how to get the IP addresses that are in the AMAZON list but not
the EC2 list. Copy the script and save it in a file named get_ips.py.

#!/usr/bin/env python
import requests

ip_ranges = [Link]('[Link]
['prefixes']
amazon_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "AMAZON"]
ec2_ips = [item['ip_prefix'] for item in ip_ranges if item["service"] == "EC2"]

amazon_ips_less_ec2=[]

for ip in amazon_ips:
if ip not in ec2_ips:
amazon_ips_less_ec2.append(ip)

for ip in amazon_ips_less_ec2: print(str(ip))

You can run this script as follows:

$ python ./get_ips.py
[Link]/15
[Link]/16
[Link]/20
[Link]/21
[Link]/22
[Link]/22
[Link]/22
[Link]/24
[Link]/24
...

AWS IP address ranges notifications

Whenever there is a change to the AWS IP address ranges, we send notifications to subscribers of the
AmazonIpSpaceChanged topic. The payload contains information in the following format:

{
"create-time":"yyyy-mm-ddThh:mm:ss+00:00",
"synctoken":"0123456789",
"md5":"6a45316e8bc9463c9e926d5d37836d33",
"url":"[Link]
}

create-time

The creation date and time.

Version 1.0
750
 AWS General Reference Reference guide
AWS IP address ranges notifications

Notifications could be delivered out of order. Therefore, we recommend that you check the
timestamps to ensure the correct order.
synctoken

The publication time, in Unix epoch time format.

md5

The cryptographic hash value of the [Link] file. You can use this value to check whether
the downloaded file is corrupted.
url

The location of the [Link] file.

If you want to be notified whenever there is a change to the AWS IP address ranges, you can subscribe as
follows to receive notifications using Amazon SNS.

To subscribe to AWS IP address range notifications

1. Open the Amazon SNS console at [Link]

2. In the navigation bar, change the Region to US East (N. Virginia), if necessary. You must select this
Region because the SNS notifications that you are subscribing to were created in this Region.
3. In the navigation pane, choose Subscriptions.
4. Choose Create subscription.
5. In the Create subscription dialog box, do the following:

a. For Topic ARN, copy the following Amazon Resource Name (ARN):

arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged

b. For Protocol, choose the protocol to use (for example, Email).

c. For Endpoint, type the endpoint to receive the notification (for example, your email address).
d. Choose Create subscription.
6. You'll be contacted on the endpoint that you specified and asked to confirm your subscription. For
example, if you specified an email address, you'll receive an email message with the subject line
AWS Notification - Subscription Confirmation. Follow the directions to confirm your
subscription.

Notifications are subject to the availability of the endpoint. Therefore, you might want to check the
JSON file periodically to ensure that you've got the latest ranges. For more information about Amazon
SNS reliability, see [Link]

If you no longer want to receive these notifications, use the following procedure to unsubscribe.

To unsubscribe from AWS IP address ranges notifications

1. Open the Amazon SNS console at [Link]

2. In the navigation pane, choose Subscriptions.
3. Select the check box for the subscription.
4. Choose Actions, Delete subscriptions.
5. When prompted for confirmation, choose Delete.

For more information about Amazon SNS, see the Amazon Simple Notification Service Developer Guide.

Version 1.0
751
 AWS General Reference Reference guide
Release notes

Release notes
The following table describes updates to the AWS IP address ranges. We also add new Region codes with
each Region launch.

Description Release date

Added the CLOUDFRONT_ORIGIN_FACING service October 12, 2021

code.

Added the ROUTE53_RESOLVER service code. June 24, 2021

Added the EBS service code. May 12, 2021

Added the KINESIS_VIDEO_STREAMS service November 19, 2020

code.

Added the CHIME_MEETINGS and June 19, 2020

CHIME_VOICECONNECTOR service codes.

Added the AMAZON_APPFLOW service code. June 9, 2020

Add support for the network border group. April 7, 2020

Added the WORKSPACES_GATEWAYS service code. March 30, 2020

Added the January 30, 2020

ROUTE53_HEALTHCHECK_PUBLISHING service
code.

Added the API_GATEWAY service code. September 26, 2019

Added the EC2_INSTANCE_CONNECT service June 26, 2019

code.

Added the DYNAMODB service code. April 25, 2019

Added the GLOBALACCELERATOR service code. December 20, 2018

Added the AMAZON_CONNECT service code. June 20, 2018

Added the CLOUD9 service code. June 20, 2018

Added the CODEBUILD service code. April 19, 2018

Added the S3 service code. February 28, 2017

Added support for IPv6 address ranges. August 22, 2016

Initial release November 19, 2014

Version 1.0
752
 AWS General Reference Reference guide
API retries

AWS APIs
The following pages provide information that is useful when using an AWS API.

Contents
• Error retries and exponential backoff in AWS (p. 753)
• Signing AWS API requests (p. 754)
• AWS SDK support for Amazon S3 client-side encryption (p. 790)

Error retries and exponential backoff in AWS

Numerous components on a network, such as DNS servers, switches, load balancers, and others can
generate errors anywhere in the life of a given request. The usual technique for dealing with these error
responses in a networked environment is to implement retries in the client application. This technique
increases the reliability of the application and reduces operational costs for the developer.

Each AWS SDK implements automatic retry logic. The AWS SDK for Java automatically retries requests,
and you can configure the retry settings using the ClientConfiguration class. For example, you
might want to turn off the retry logic for a web page that makes a request with minimal latency and no
retries. Use the ClientConfiguration class and provide a maxErrorRetry value of 0 to turn off the
retries.

If you're not using an AWS SDK, you should retry original requests that receive server (5xx) or throttling
errors. However, client errors (4xx) indicate that you need to revise the request to correct the problem
before trying again.

In addition to simple retries, each AWS SDK implements exponential backoff algorithm for better flow
control. The idea behind exponential backoff is to use progressively longer waits between retries for
consecutive error responses. You should implement a maximum delay interval, as well as a maximum
number of retries. The maximum delay interval and maximum number of retries are not necessarily fixed
values, and should be set based on the operation being performed, as well as other local factors, such as
network latency.

Most exponential backoff algorithms use jitter (randomized delay) to prevent successive collisions.
Because you aren't trying to avoid such collisions in these cases, you don't need to use this random
number. However, if you use concurrent clients, jitter can help your requests succeed faster. For more
information, see the blog post for Exponential Backoff and Jitter.

The following pseudo code shows one way to poll for status using an increasing delay.

Do some asynchronous operation.

retries = 0

DO
wait for (2^retries * 100) milliseconds

status = Get the result of the asynchronous operation.

IF status = SUCCESS
retry = false
ELSE IF status = NOT_READY
retry = true
ELSE IF status = THROTTLED

Version 1.0
753
 AWS General Reference Reference guide
Signing AWS API requests

retry = true
ELSE
Some other error occurred, so stop calling the API.
retry = false
END IF

retries = retries + 1

WHILE (retry AND (retries < MAX_RETRIES))

Signing AWS API requests

Important
The AWS SDKs, AWS Command Line Interface (AWS CLI), and other AWS tools sign API requests
for you using the access key that you specify when you configure the tool. When you use these
tools, you don’t need to learn how to sign API requests. The following documentation
explains how to sign API requests, but is only useful if you’re writing your own code to send
and sign AWS API requests. We recommend that you use the AWS SDKs or other AWS tools to
send API requests, instead of writing your own code.

When you send API requests to AWS, you sign the requests so that AWS can identify who sent them.
You sign requests with your AWS access key, which consists of an access key ID and secret access key.
Some requests don’t need to be signed, including anonymous requests to Amazon Simple Storage
Service (Amazon S3) and some API operations in AWS Security Token Service (AWS STS) such as
AssumeRoleWithWebIdentity.

When to sign requests

When you write custom code to send API requests to AWS, you need to include code to sign the requests.
You might do this for the following reasons:

• You are working with a programming language for which there is no AWS SDK.
• You want complete control over how a request is sent to AWS.

You don’t need to sign requests when you use the AWS CLI or one of the AWS SDKs. These tools calculate
the signature for you, and also manage the connection details, handle request retries, and provide error
handling. In most cases, they also contain sample code, tutorials, and other resources to help you get
started writing applications that interact with AWS.

Why requests are signed

The signing process helps secure requests in the following ways:

• Verify the identity of the requester

Signing makes sure that the request has been sent by someone with a valid access key. For more
information, see Understanding and getting your AWS credentials (p. 3).
• Protect data in transit

To prevent tampering with a request while it's in transit, some of the request elements are used to
calculate a hash (digest) of the request, and the resulting hash value is included as part of the request.
When an AWS service receives the request, it uses the same information to calculate a hash and
matches it against the hash value in your request. If the values don't match, AWS denies the request.
• Protect against potential replay attacks

Version 1.0
754
 AWS General Reference Reference guide
Signing requests

In most cases, a request must reach AWS within five minutes of the time stamp in the request.
Otherwise, AWS denies the request.

Signing requests
To sign a request, you first calculate a hash (digest) of the request. Then you use the hash value, some
other information from the request, and your secret access key to calculate another hash known as the
signature. Then you add the signature to the request in one of the following ways:

• Using the HTTP Authorization header.

• Adding a query string value to the request. Because the signature is part of the URL in this case, this
type of URL is called a presigned URL.

Signature versions
AWS supports Signature Version 4 (SigV4) and Signature Version 2 (SigV2). All AWS services in all AWS
Regions support SigV4, except Amazon SimpleDB which requires SigV2. The AWS SDKs, including the
AWS CLI, automatically use SigV4 for all services that support it. If you manually sign API requests, you
should do the same.

AWS is rolling out an extension to SigV4 called Signature Version 4A (SigV4A). This extension enables
signatures that are valid in more than one AWS Region. This is required for signing multi-Region API
requests, for example with Amazon S3 Multi-Region Access Points. The AWS SDKs and AWS CLI support
SigV4A and use it automatically when it’s needed.
Note
To use SigV4A with temporary security credentials—for example, when using IAM roles—make
sure that you request the temporary credentials from a regional endpoint in AWS Security Token
Service (AWS STS). Don’t use the global endpoint for AWS STS ([Link]), because
by default temporary credentials from the global endpoint don’t work with SigV4A. You can use
any of the regional endpoints for AWS STS.

Signature Version 4 signing process

Important
The AWS SDKs, AWS Command Line Interface (AWS CLI), and other AWS tools sign API requests
for you using the access key that you specify when you configure the tool. When you use these
tools, you don’t need to learn how to sign API requests. The following documentation
explains how to sign API requests, but is only useful if you’re writing your own code to send
and sign AWS API requests. We recommend that you use the AWS SDKs or other AWS tools to
send API requests, instead of writing your own code.

Signature Version 4 (SigV4) is the process to add authentication information to AWS API requests sent
by HTTP. For security, most requests to AWS must be signed with an access key. The access key consists
of an access key ID and secret access key, which are commonly referred to as your security credentials.
For details on how to obtain credentials for your account, see Understanding and getting your AWS
credentials (p. 3).

How Signature Version 4 works

1. Create a canonical request.

2. Use the canonical request and additional metadata to create a string for signing.
3. Derive a signing key from your AWS secret access key. Then use the signing key, and the string from
the previous step, to create a signature.

Version 1.0
755
 AWS General Reference Reference guide
Signature Version 4 signing process

4. Add the resulting signature to the HTTP request in a header or as a query string parameter.

When an AWS service receives the request, it performs the same steps that you did to calculate the
signature you sent in your request. AWS then compares its calculated signature to the one you sent with
the request. If the signatures match, the request is processed. If the signatures don't match, the request
is denied.

For more information, see the following resources:

• To get started with the signing process, see Signing AWS requests with Signature Version 4 (p. 758).
• For sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 773).
• If you have questions about Signature Version 4, post your question in the AWS Identity and Access
Management forum.

Changes in Signature Version 4

Signature Version 4 is the current AWS signing protocol. It includes several changes from the previous
Signature Version 2:

• To sign your message, you use a signing key that is derived from your secret access key rather than
using the secret access key itself. For more information about deriving keys, see Task 3: Calculate the
signature for AWS Signature Version 4 (p. 766).
• You derive your signing key from the credential scope, which means that you don't need to include the
key itself in the request. Credential scope is represented by a slash-separated string of dimensions in
the following order:
1. Date information as an eight-digit string representing the year (YYYY), month (MM), and day (DD)
of the request (for example, 20150830). For more information about handling dates, see Handling
dates in Signature Version 4 (p. 770).
2. Region information as a lowercase alphanumeric string. Use the Region name that is part of the
service's endpoint. For services with a globally unique endpoint such as IAM, use us-east-1.
3. Service name information as a lowercase alphanumeric string (for example, iam). Use the
service name that is part of the service's endpoint. For example, the IAM endpoint is https://
[Link], so you use the string iam as part of the Credential parameter.
4. A special termination string: aws4_request.
• You use the credential scope in each signing task:
• If you add signing information to the query string, include the credential scope as part of the X-
Amz-Credential parameter when you create the canonical request in Task 1: Create a canonical
request for Signature Version 4 (p. 760).
• You must include the credential scope as part of your string to sign in Task 2: Create a string to sign
for Signature Version 4 (p. 765).
• Finally, you use the date, Region, and service name components of the credential scope to derive
your signing key in Task 3: Calculate the signature for AWS Signature Version 4 (p. 766).

Elements of an AWS Signature Version 4 request

Each HTTP/HTTPS request that uses version 4 signing must contain these elements.

• Endpoint Specification
• Action
• Required and Optional Parameters
Version 1.0
756
 AWS General Reference Reference guide
Signature Version 4 signing process

• Date
• Authentication Parameters

Endpoint specification
This is specified as the Host header in HTTP/1.1 requests. This header specifies the DNS name of the
computer to which you send the request, like [Link].

You must include the Host header with HTTP/1.1 requests. For HTTP/2 requests, you can use the
:authority header or the Host header. Use only the :authority header for compliance with the
HTTP/2 specification. Not all services support HTTP/2 requests, so check the service documentation for
details.

The endpoint usually contains the service name and Region, both of which you must use as part of the
Credential authentication parameter. For example, the Amazon DynamoDB endpoint for the eu-
west-1 Region is [Link]. If you don't specify a Region, a web service
uses the default Region, us-east-1. If you use a service like IAM that uses a globally unique endpoint,
use the default Region (us-east-1), as part of the Credential authentication parameter (described
later in this topic).

For a complete list of endpoints supported by AWS, see Regions and Endpoints.

Action
This element specifies the action that you want a web service to perform, such as the DynamoDB
CreateTable action or the Amazon EC2 DescribeInstances action. The specified action determines
the parameters used in the request. For query APIs, the action is an API name. For non-query APIs (such
as RESTful APIs), see the service documentation for the appropriate actions.

Required and optional parameters

This element specifies the parameters to the request action. Each action in a web service has a set of
required and optional parameters that define an API call. The API version is usually a required parameter.
See the service documentation for the details of required and optional parameters.

Date
This is the date and time at which you make the request. Including the date in the request helps prevent
third parties from intercepting your request and resubmitting it later. The date is specified using the
ISO8601 Basic format via the x-amz-date header in the YYYYMMDD'T'HHMMSS'Z' format.

Authentication parameters
Each request that you send must include the following set of parameters that AWS uses to ensure the
validity and authenticity of the request.

• Algorithm. The hash algorithm that you're using as part of the signing process. For example, if you use
SHA-256 to create hashes, use the value AWS4-HMAC-SHA256.
• Credential scope. A string separated by slashes ("/") that is formed by concatenating your access key
ID and your credential scope components. Credential scope includes the date in YYYYMMDD format,
the AWS Region, the service name, and a special termination string (aws4_request). For example, the
following string represents the Credential parameter for an IAM request in the us-east-1 Region.

AKIAIOSFODNN7EXAMPLE/20111015/us-east-1/iam/aws4_request
Important
You must use lowercase characters for the Region, service name, and special termination
string.

Version 1.0
757
 AWS General Reference Reference guide
Signature Version 4 signing process

• SignedHeaders A list delimited by semicolons (";") of HTTP/HTTPS headers to include in the signature.
• Signature A hexadecimal-encoded string that represents the output of the signature operation
described in Task 3: Calculate the signature for AWS Signature Version 4 (p. 766). You must calculate
the signature using the algorithm that you specified in the Algorithm parameter.

To view sample signed requests, see Examples of the complete Signature Version 4 signing process
(Python) (p. 773).

Signing AWS requests with Signature Version 4

This section explains how to create a signature and add it to an HTTP request to AWS.

Summary of signing steps

To create a signed request, complete the following:

• Task 1: Create a canonical request for Signature Version 4 (p. 760)

Arrange the contents of your request (host, action, headers, etc.) into a standard (canonical) format.
The canonical request is one of the inputs used to create a string to sign.
• Task 2: Create a string to sign for Signature Version 4 (p. 765)

Create a string to sign with the canonical request and extra information such as the algorithm, request
date, credential scope, and the digest (hash) of the canonical request.
• Task 3: Calculate the signature for AWS Signature Version 4 (p. 766)

Derive a signing key by performing a succession of keyed hash operations (HMAC operations) on the
request date, Region, and service, with your AWS secret access key as the key for the initial hashing
operation. After you derive the signing key, you then calculate the signature by performing a keyed
hash operation on the string to sign. Use the derived signing key as the hash key for this operation.
• Task 4: Add the signature to the HTTP request (p. 768)

After you calculate the signature, add it to an HTTP header or to the query string of the request.

Important
The AWS SDKs handle the signature calculation process for you, so you do not have to manually
complete the signing process. For more information, see Tools for Amazon Web Services.

Additional resources
The following resources illustrate aspects of the signing process:

• Examples of how to derive a signing key for Signature Version 4 (p. 770). This page shows how to
derive a signing key using Java, C#, Python, Ruby, and JavaScript.
• Examples of the complete Signature Version 4 signing process (Python) (p. 773). This set of programs
in Python provide complete examples of the signing process. The examples show signing with a POST
request, with a GET request that has signing information in a request header, and with a GET request
that has signing information in the query string.

Version 1.0
758
 AWS General Reference Reference guide
Signature Version 4 signing process

What signing looks like in a request

The following example shows what an HTTPS request might look like as it is sent from your client to
AWS, without any signing information.

GET [Link] HTTP/1.1

Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: [Link]
X-Amz-Date: 20150830T123600Z

After you complete the signing tasks, you add the authentication information to the request. You can
add the authentication information in two ways:

Authorization header

You can add the authentication information to the request with an Authorization header. Although
the HTTP header is named Authorization, the signing information is actually used for authentication
to establish who the request came from.

The Authorization header includes the following information:

• Algorithm you used for signing (AWS4-HMAC-SHA256)

• Credential scope (with your access key ID)
• List of signed headers
• Calculated signature. The signature is based on your request information, and you use your AWS secret
access key to produce the signature. The signature confirms your identity to AWS.

The following example shows what the preceding request might look like after you've created the
signing information and added it to the request in the Authorization header.

Note that in the actual request, the Authorization header would appear as a continuous line of text.
The version below has been formatted for readability.

GET [Link] HTTP/1.1

Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7
content-type: application/x-www-form-urlencoded; charset=utf-8
host: [Link]
x-amz-date: 20150830T123600Z

Query string

As an alternative to adding authentication information with an HTTP request header, you can include it
in the query string. The query string contains everything that is part of the request, including the name
and parameters for the action, the date, and the authentication information.

The following example shows how you might construct a GET request with the action and authentication
information in the query string.

(In the actual request, the query string would appear as a continuous line of text. The version below has
been formatted with line breaks for readability.)

GET [Link]
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60

Version 1.0
759
 AWS General Reference Reference guide
Signature Version 4 signing process

&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02 HTTP/1.1
content-type: application/x-www-form-urlencoded; charset=utf-8
host: [Link]

GET and POST requests in the Query API

The query API that many AWS services support lets you make requests using either HTTP GET or POST.
(In the query API, you can use GET even if you're making requests that change state; that is, the query
API is not inherently RESTful.) Because GET requests pass parameters on the query string, they are
limited to the maximum length of a URL. If a request includes a large payload (for example, you might
upload a large IAM policy or send many parameters in JSON format for a DynamoDB request), you
generally use a POST request.

The signing process is the same for both types of requests.

Task 1: Create a canonical request for Signature Version 4

To begin the signing process, create a string that includes information from your request in a
standardized (canonical) format. This ensures that when AWS receives the request, it can calculate the
same signature that you calculated.

Follow the steps here to create a canonical version of the request. Otherwise, your version and the
version calculated by AWS won't match, and the request will be denied.

The following example shows the pseudocode to create a canonical request.

Example Canonical request pseudocode

CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))

In this pseudocode, Hash represents a function that produces a message digest, typically SHA-256. (Later
in the process, you specify which hashing algorithm you're using.) HexEncode represents a function
that returns the base-16 encoding of the digest in lowercase characters. For example, HexEncode("m")
returns the value 6d rather than 6D. Each input byte must be represented as exactly two hexadecimal
characters.

Signature Version 4 does not require that you use a particular character encoding to encode the
canonical request. However, some AWS services might require a specific encoding. For more information,
consult the documentation for that service.

The following examples show how to construct the canonical form of a request to IAM. The original
request might look like this as it is sent from the client to AWS, except that this example does not include
the signing information yet.

Example Request

GET [Link] HTTP/1.1

Host: [Link]
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20150830T123600Z

The preceding example request is a GET request (method) that makes a ListUsers API (action) call to
AWS Identity and Access Management (host). This action takes the Version parameter.

Version 1.0
760
 AWS General Reference Reference guide
Signature Version 4 signing process

To create a canonical request, concatenate the following components from each step into a
single string:

1. Start with the HTTP request method (GET, PUT, POST, etc.), followed by a newline character.

Example Request method

GET

2. Add the canonical URI parameter, followed by a newline character. The canonical URI is the URI-
encoded version of the absolute path component of the URI, which is everything in the URI from the
HTTP host to the question mark character ("?") that begins the query string parameters (if any).

Normalize URI paths according to RFC 3986. Remove redundant and relative path components. Each
path segment must be URI-encoded twice (except for Amazon S3 which only gets URI-encoded
once).

Example Canonical URI with encoding

/documents%2520and%2520settings/

Note
In exception to this, you do not normalize URI paths for requests to Amazon S3.
For example, if you have a bucket with an object named my-object//example//
[Link], use that path. Normalizing the path to my-object/example/[Link]
will cause the request to fail. For more information, see Task 1: Create a Canonical Request
in the Amazon Simple Storage Service API Reference.

If the absolute path is empty, use a forward slash (/). In the example IAM request, nothing follows
the host in the URI, so the absolute path is empty.

Example Canonical URI

3. Add the canonical query string, followed by a newline character. If the request does not include a
query string, use an empty string (essentially, a blank line). The example request has the following
query string.

Example Canonical query string

Action=ListUsers&Version=2010-05-08

To construct the canonical query string, complete the following steps:

a. Sort the parameter names by character code point in ascending order. Parameters with
duplicate names should be sorted by value. For example, a parameter name that begins with
the uppercase letter F precedes a parameter name that begins with a lowercase letter b.
b. URI-encode each parameter name and value according to the following rules:

• Do not URI-encode any of the unreserved characters that RFC 3986 defines: A-Z, a-z, 0-9,
hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
• Percent-encode all other characters with %XY, where X and Y are hexadecimal characters (0-9
and uppercase A-F). For example, the space character must be encoded as %20 (not using '+',
as some encoding schemes do) and extended UTF-8 characters must be in the form %XY%ZA
%BC. Version 1.0
761
 AWS General Reference Reference guide
Signature Version 4 signing process

• Double-encode any equals ( = ) characters in parameter values.

c. Build the canonical query string by starting with the first parameter name in the sorted list.
d. For each parameter, append the URI-encoded parameter name, followed by the equals
sign character (=), followed by the URI-encoded parameter value. Use an empty string for
parameters that have no value.
e. Append the ampersand character (&) after each parameter value, except for the last value in the
list.

One option for the query API is to put all request parameters in the query string. For example, you
can do this for Amazon S3 to create a presigned URL. In that case, the canonical query string must
include not only parameters for the request, but also the parameters used as part of the signing
process—the hashing algorithm, credential scope, date, and signed headers parameters.

The following example shows a query string that includes authentication information. The example
is formatted with line breaks for readability, but the canonical query string must be one continuous
line of text in your code.

Example Authentication parameters in a query string

Action=ListUsers&
Version=2010-05-08&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request&
X-Amz-Date=20150830T123600Z&
X-Amz-SignedHeaders=content-type%3Bhost%3Bx-amz-date

For more information about authentication parameters, see Task 2: Create a string to sign for
Signature Version 4 (p. 765).
Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you add signing information to the query string you must add an additional query
parameter for the security token. The parameter name is X-Amz-Security-Token, and
the parameter's value is the URI-encoded session token (the string you received from AWS
STS when you obtained temporary security credentials).
For some services, you must include the X-Amz-Security-Token query parameter in the
canonical (signed) query string. For other services, you add the X-Amz-Security-Token
parameter at the end, after you calculate the signature. For details, see the API reference
documentation for that service.
4. Add the canonical headers, followed by a newline character. The canonical headers consist of a list of
all the HTTP headers that you are including with the signed request.

For HTTP/1.1 requests, you must include the host header at a minimum. Standard headers like
content-type are optional. For HTTP/2 requests, you must include the :authority header
instead of the host header. Different services might require other headers.

Example Canonical headers

content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:[Link]\n
x-amz-date:20150830T123600Z\n

To create the canonical headers list, convert all header names to lowercase and remove leading
spaces and trailing spaces. Convert sequential spaces in the header value to a single space.
Version 1.0
762
 AWS General Reference Reference guide
Signature Version 4 signing process

The following pseudocode describes how to construct the canonical list of headers:

CanonicalHeaders =
CanonicalHeadersEntry0 + CanonicalHeadersEntry1 + ... + CanonicalHeadersEntryN
CanonicalHeadersEntry =
Lowercase(HeaderName) + ':' + Trimall(HeaderValue) + '\n'

Lowercase represents a function that converts all characters to lowercase. The Trimall function
removes excess white space before and after values, and converts sequential spaces to a single
space.

Build the canonical headers list by sorting the (lowercase) headers by character code and then
iterating through the header names. Construct each header according to the following rules:

• Append the lowercase header name followed by a colon.

• Append a comma-separated list of values for that header. Do not sort the values in headers that
have multiple values.
• Append a new line ('\n').

The following examples compare a more complex set of headers with their canonical form:

Example Original headers

Host:[Link]\n
Content-Type:application/x-www-form-urlencoded; charset=utf-8\n
My-header1:    a   b   c \n
X-Amz-Date:20150830T123600Z\n
My-Header2:    "a   b   c" \n

Example Canonical form

content-type:application/x-www-form-urlencoded; charset=utf-8\n
host:[Link]\n
my-header1:a b c\n
my-header2:"a b c"\n
x-amz-date:20150830T123600Z\n

Note
Each header is followed by a newline character, meaning the complete list ends with a
newline character.

In the canonical form, the following changes were made:

• The header names were converted to lowercase characters.

• The headers were sorted by character code.
• Leading and trailing spaces were removed from the my-header1 and my-header2 values.
• Sequential spaces in a b c were converted to a single space for the my-header1 and my-
header2 values.

Note
You can use temporary security credentials provided by the AWS Security Token Service
(AWS STS) to sign a request. The process is the same as using long-term credentials, but
when you include signing information in the Authorization header you must add an
Version 1.0
763
 AWS General Reference Reference guide
Signature Version 4 signing process

additional HTTP header for the security token. The header name is X-Amz-Security-
Token, and the header's value is the session token (the string you received from AWS STS
when you obtained temporary security credentials).
5. Add the signed headers, followed by a newline character. This value is the list of headers that you
included in the canonical headers. By adding this list of headers, you tell AWS which headers in the
request are part of the signing process and which ones AWS can ignore (for example, any additional
headers added by a proxy) for purposes of validating the request.

For HTTP/1.1 requests, the host header must be included as a signed header. For HTTP/2
requests that include the :authority header instead of the host header, you must include the
:authority header as a signed header. If you include a date or x-amz-date header, you must also
include that header in the list of signed headers.

To create the signed headers list, convert all header names to lowercase, sort them by character
code, and use a semicolon to separate the header names. The following pseudocode describes how
to construct a list of signed headers. Lowercase represents a function that converts all characters
to lowercase.

SignedHeaders =
Lowercase(HeaderName0) + ';' + Lowercase(HeaderName1) + ";" + ... +
Lowercase(HeaderNameN)

Build the signed headers list by iterating through the collection of header names, sorted by
lowercase character code. For each header name except the last, append a semicolon (';') to the
header name to separate it from the following header name.

Example Signed headers

content-type;host;x-amz-date\n

6. Use a hash (digest) function like SHA256 to create a hashed value from the payload in the body of
the HTTP or HTTPS request. Signature Version 4 does not require that you use a particular character
encoding to encode text in the payload. However, some AWS services might require a specific
encoding. For more information, consult the documentation for that service.

Example Structure of payload

HashedPayload = Lowercase(HexEncode(Hash(requestPayload)))

When you create the string to sign, you specify the signing algorithm that you used to hash the
payload. For example, if you used SHA256, you will specify AWS4-HMAC-SHA256 as the signing
algorithm. The hashed payload must be represented as a lowercase hexadecimal string.

If the payload is empty, use an empty string as the input to the hash function. In the IAM example,
the payload is empty.

Example Hashed payload (empty string)

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

7. To construct the finished canonical request, combine all the components from each step as a single
string. As noted, each component ends with a newline character. If you follow the canonical request
pseudocode explained earlier, the resulting canonical request is shown in the following example.

Version 1.0
764
 AWS General Reference Reference guide
Signature Version 4 signing process

Example Canonical request

GET
/
Action=ListUsers&Version=2010-05-08
content-type:application/x-www-form-urlencoded; charset=utf-8
host:[Link]
x-amz-date:20150830T123600Z

content-type;host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

8. Create a digest (hash) of the canonical request with the same algorithm that you used to hash the
payload.
Note
Signature Version 4 does not require that you use a particular character encoding to encode
the canonical request before calculating the digest. However, some AWS services might
require a specific encoding. For more information, consult the documentation for that
service.

The hashed canonical request must be represented as a string of lowercase hexadecimal characters.
The following example shows the result of using SHA-256 to hash the example canonical request.

Example Hashed canonical request

f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

You include the hashed canonical request as part of the string to sign in Task 2: Create a string to
sign for Signature Version 4 (p. 765).

Task 2: Create a string to sign for Signature Version 4

The string to sign includes meta information about your request and about the canonical request that
you created in Task 1: Create a canonical request for Signature Version 4 (p. 760). You will use the
string to sign and a derived signing key that you create later as inputs to calculate the request signature
in Task 3: Calculate the signature for AWS Signature Version 4 (p. 766).

To create the string to sign, concatenate the algorithm, date and time, credential scope, and digest of the
canonical request, as shown in the following pseudocode:

Structure of string to sign

StringToSign =
Algorithm + \n +
RequestDateTime + \n +
CredentialScope + \n +
HashedCanonicalRequest

The following example shows how to construct the string to sign with the same request from Task 1:
Create A Canonical Request (p. 760).

Example HTTPS request

GET [Link] HTTP/1.1

Host: [Link]
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Version 1.0
765
 AWS General Reference Reference guide
Signature Version 4 signing process

X-Amz-Date: 20150830T123600Z

To create the string to sign

1. Start with the algorithm designation, followed by a newline character. This value is the hashing
algorithm that you use to calculate the digests in the canonical request. For SHA256, AWS4-HMAC-
SHA256 is the algorithm.

AWS4-HMAC-SHA256\n

2. Append the request date value, followed by a newline character. The date is specified with ISO8601
basic format in the x-amz-date header in the format YYYYMMDD'T'HHMMSS'Z'. This value must
match the value you used in any previous steps.

20150830T123600Z\n

3. Append the credential scope value, followed by a newline character. This value is a string that
includes the date, the Region you are targeting, the service you are requesting, and a termination
string ("aws4_request") in lowercase characters. The Region and service name strings must be
UTF-8 encoded.

20150830/us-east-1/iam/aws4_request\n

• The date must be in the YYYYMMDD format. Note that the date does not include a time value.
• Verify that the Region you specify is the Region that you are sending the request to.
4. Append the hash of the canonical request that you created in Task 1: Create a canonical request
for Signature Version 4 (p. 760). This value is not followed by a newline character. The hashed
canonical request must be lowercase base-16 encoded, as defined by Section 8 of RFC 4648.

f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

The following string to sign is a request to IAM on August 30, 2015.

Example string to sign

AWS4-HMAC-SHA256
20150830T123600Z
20150830/us-east-1/iam/aws4_request
f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

Task 3: Calculate the signature for AWS Signature Version 4

Before you calculate a signature, you derive a signing key from your AWS secret access key. Because the
derived signing key is specific to the date, service, and Region, it offers a greater degree of protection.
You don't just use your secret access key to sign the request. You then use the signing key and the string
to sign that you created in Task 2: Create a string to sign for Signature Version 4 (p. 765) as the inputs
to a keyed hash function. The hex-encoded result from the keyed hash function is the signature.

Signature Version 4 does not require that you use a particular character encoding to encode the string to
sign. However, some AWS services might require a specific encoding. For more information, consult the
documentation for that service.

Version 1.0
766
 AWS General Reference Reference guide
Signature Version 4 signing process

To calculate a signature

1. Derive your signing key. To do this, use your secret access key to create a series of hash-based
message authentication codes (HMACs). This is shown in the following pseudocode, where
HMAC(key, data) represents an HMAC-SHA256 function that returns output in binary format. The
result of each hash function becomes input for the next one.

Pseudocode for deriving a signing key

kSecret = your secret access key

kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")

Note that the date used in the hashing process is in the format YYYYMMDD (for example, 20150830),
and does not include the time.

Make sure you specify the HMAC parameters in the correct order for the programming language you
are using. This example shows the key as the first parameter and the data (message) as the second
parameter, but the function that you use might specify the key and data in a different order.

Use the digest (binary format) for the key derivation. Most languages have functions to compute
either a binary format hash, commonly called a digest, or a hex-encoded hash, called a hexdigest.
The key derivation requires that you use a binary-formatted digest.

The following example show the inputs to derive a signing key and the resulting output, where
kSecret = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY.

The example uses the same parameters from the request in Task 1 and Task 2 (a request to IAM in
the us-east-1 Region on August 30, 2015).

Example inputs

HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20150830"),"us-east-1"),"iam"),"aws4_request")

The following example shows the derived signing key that results from this sequence of HMAC hash
operations. This shows the hexadecimal representation of each byte in the binary signing key.

Example signing key

c4afb1cc5771d871763a393e44b703571b55cc28424d1a5e86da6ed3c154a4b9

For more information about how to derive a signing key in different programming languages, see
Examples of how to derive a signing key for Signature Version 4 (p. 770).
2. Calculate the signature. To do this, use the signing key that you derived and the string to sign as
inputs to the keyed hash function. After you calculate the signature, convert the binary value to a
hexadecimal representation.

The following pseudocode shows how to calculate the signature.

signature = HexEncode(HMAC(derived signing key, string to sign))

Note
Make sure you specify the HMAC parameters in the correct order for the programming
language you are using. This example shows
Version 1.0 the key as the first parameter and the data
767
 AWS General Reference Reference guide
Signature Version 4 signing process

(message) as the second parameter, but the function that you use might specify the key and
data in a different order.

The following example shows the resulting signature if you use the same signing key and the string
to sign from Task 2:

Example signature

5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7

Task 4: Add the signature to the HTTP request

After you calculate the signature, add it to the request. You can add the signature to a request in one of
two ways:

• An HTTP header named Authorization

• The query string

You cannot pass signing information in both the Authorization header and the query string.
Note
You can use temporary security credentials provided by the AWS Security Token Service (AWS
STS) to sign a request. The process is the same as using long-term credentials, but requires
an additional HTTP header or query string parameter for the security token. The name of
the header or query string parameter is X-Amz-Security-Token, and the value is the
session token (the string you received from AWS STS when you obtained temporary security
credentials).
When you add the X-Amz-Security-Token parameter to the query string, some services
require that you include this parameter in the canonical (signed) request. For other services,
you add this parameter at the end, after you calculate the signature. For details, see the API
reference documentation for that service.

Adding signing information to the authorization header

You can include signing information by adding it to an HTTP header named Authorization. The
contents of the header are created after you calculate the signature as described in the preceding steps,
so the Authorization header is not included in the list of signed headers. Although the header is
named Authorization, the signing information is actually used for authentication.

The following pseudocode shows the construction of the Authorization header.

Authorization: algorithm Credential=access key ID/credential scope,

SignedHeaders=SignedHeaders, Signature=signature

The following example shows a finished Authorization header.

Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.

Authorization: AWS4-HMAC-SHA256
Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request,
SignedHeaders=content-type;host;x-amz-date,
Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7

Note the following:

Version 1.0
768
 AWS General Reference Reference guide
Signature Version 4 signing process

• There is no comma between the algorithm and Credential. However, the SignedHeaders and
Signature are separated from the preceding values with a comma.
• The Credential value starts with the access key ID, which is followed by a forward slash (/), which
is followed by the credential scope that you calculated in Task 2: Create a string to sign for Signature
Version 4 (p. 765). The secret access key is used to derive the signing key for the signature, but is not
included in the signing information sent in the request.

Adding signing information to the Query string

You can make requests and pass all request values in the query string, including signing information. This
is sometimes referred to as a presigned URL, because it produces a single URL with everything required
in order to make a successful call to AWS. It's commonly used in Amazon S3. For more information, see
Authenticating Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple
Storage Service API Reference.
Important
If you make a request in which all parameters are included in the query string, the resulting URL
represents an AWS action that is already authenticated. Therefore, treat the resulting URL with
as much caution as you would treat your actual credentials. We recommend you specify a short
expiration time for the request with the X-Amz-Expires parameter.

When you use this approach, all the query string values (except the signature) are included in the
canonical query string that is part of the canonical query that you construct in the first part of the
signing process (p. 760).

The following pseudocode shows the construction of a query string that contains all request parameters.

querystring = Action=action
querystring += &X-Amz-Algorithm=algorithm
querystring += &X-Amz-Credential= urlencode(access_key_ID + '/' + credential_scope)
querystring += &X-Amz-Date=date
querystring += &X-Amz-Expires=timeout interval
querystring += &X-Amz-SignedHeaders=signed_headers

After the signature is calculated (which uses the other query string values as part of the calculation), you
add the signature to the query string as the X-Amz-Signature parameter:

querystring += &X-Amz-Signature=signature

The following example shows what a request might look like when all the request parameters and the
signing information are included in query string parameters.

Note that in the actual request, the authorization header would appear as a continuous line of text. The
version below has been formatted for readability.

[Link]
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIDEXAMPLE%2F20150830%2Fus-east-1%2Fiam%2Faws4_request
&X-Amz-Date=20150830T123600Z
&X-Amz-Expires=60
&X-Amz-SignedHeaders=content-type%3Bhost
&X-Amz-Signature=37ac2f4fde00b0ac9bd9eadeb459b1bbee224158d66e7ae5fcadb70b2d181d02

Note the following:

• For the signature calculation, query string parameters must be sorted in code point order from low to
high, and their values must be URI-encoded. See the step about creating a canonical query string in
Task 1: Create a canonical request for Signature Version 4 (p. 760).

Version 1.0
769
 AWS General Reference Reference guide
Signature Version 4 signing process

• Set the timeout interval (X-Amz-Expires) to the minimal viable time for the operation you're
requesting.

Handling dates in Signature Version 4

The date that you use as part of your credential scope must match the date of your request. You can
include the date as part of your request in several ways. You can use a date header, an x-amz-date
header or include x-amz-date as a query parameter. For example requests, see Examples of the
complete Signature Version 4 signing process (Python) (p. 773).

The time stamp must be in UTC and in the following ISO 8601 format: YYYYMMDD'T'HHMMSS'Z'. For
example, 20150830T123600Z is a valid time stamp. Do not include milliseconds in the time stamp.

AWS first checks the x-amz-date header or parameter for a time stamp. If AWS can't find a value for x-
amz-date, it looks for the date header. AWS then checks the credential scope for an eight-digit string
representing the year (YYYY), month (MM), and day (DD) of the request. For example, if the x-amz-date
header value is 20111015T080000Z and the date component of the credential scope is 20111015, AWS
allows the authentication process to proceed.

If the dates don't match, AWS rejects the request, even if the time stamp is only seconds away from the
date in the credential scope. For example, AWS will reject a request that has an x-amz-date header
value of 20151014T235959Z and a credential scope that has the date 20151015.

Examples of how to derive a signing key for Signature Version 4

This page shows examples in several programming languages for how to derive a signing key for
Signature Version 4. The examples on this page show only how to derive a signing key, which is just
one part of signing AWS requests. For examples that show the complete process, see Examples of the
complete Signature Version 4 signing process (Python) (p. 773).
Important
If you are using one of the AWS SDKs (including the SDK for Java, .NET, Python, Ruby, or
JavaScript), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.

Examples
• Deriving a signing key using Java (p. 770)
• Deriving a signing key using .NET (C#) (p. 771)
• Deriving a signing key using Python (p. 771)
• Deriving a signing key using Ruby (p. 771)
• Deriving a signing key using JavaScript ([Link]) (p. 771)
• Deriving a signing key using other languages (p. 772)
• Common coding errors (p. 772)

Deriving a signing key using Java

static byte[] HmacSHA256(String data, byte[] key) throws Exception {

String algorithm="HmacSHA256";
Mac mac = [Link](algorithm);
[Link](new SecretKeySpec(key, algorithm));
return [Link]([Link]("UTF-8"));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String

serviceName) throws Exception {

Version 1.0
770
 AWS General Reference Reference guide
Signature Version 4 signing process

byte[] kSecret = ("AWS4" + key).getBytes("UTF-8");

byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);
return kSigning;
}

Deriving a signing key using .NET (C#)

static byte[] HmacSHA256(String data, byte[] key)

{
String algorithm = "HmacSHA256";
KeyedHashAlgorithm kha = [Link](algorithm);
[Link] = key;

return [Link]([Link](data));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String

serviceName)
{
byte[] kSecret = [Link](("AWS4" + key).ToCharArray());
byte[] kDate = HmacSHA256(dateStamp, kSecret);
byte[] kRegion = HmacSHA256(regionName, kDate);
byte[] kService = HmacSHA256(serviceName, kRegion);
byte[] kSigning = HmacSHA256("aws4_request", kService);

return kSigning;
}

Deriving a signing key using Python

def sign(key, msg):

return [Link](key, [Link]("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):

kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, "aws4_request")
return kSigning

Deriving a signing key using Ruby

def getSignatureKey key, dateStamp, regionName, serviceName

kDate = OpenSSL::[Link]('sha256', "AWS4" + key, dateStamp)
kRegion = OpenSSL::[Link]('sha256', kDate, regionName)
kService = OpenSSL::[Link]('sha256', kRegion, serviceName)
kSigning = OpenSSL::[Link]('sha256', kService, "aws4_request")

kSigning
end

Deriving a signing key using JavaScript ([Link])

The following example uses the crypto-js library. For more information, see [Link]
package/crypto-js and [Link]

var crypto = require("crypto-js");

Version 1.0
771
 AWS General Reference Reference guide
Signature Version 4 signing process

function getSignatureKey(key, dateStamp, regionName, serviceName) {

var kDate = crypto.HmacSHA256(dateStamp, "AWS4" + key);
var kRegion = crypto.HmacSHA256(regionName, kDate);
var kService = crypto.HmacSHA256(serviceName, kRegion);
var kSigning = crypto.HmacSHA256("aws4_request", kService);
return kSigning;
}

Deriving a signing key using other languages

If you need to implement this logic in a different programming language, we recommend testing the
intermediary steps of the key derivation algorithm against the values in this section. The following
example in Ruby prints the results using the hexEncode function after each step in the algorithm.

def hexEncode bindata

result=""
data=[Link]("C*")
[Link] {|b| result+= "%02x" % b}
result
end

Given the following test input:

key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'

Your program should generate the following values for the values in getSignatureKey. Note that
these are hex-encoded representations of the binary data; the key itself and the intermediate values
should be in binary format.

kSecret =
'41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'

Common coding errors

To simplify your task, avoid the following common coding errors.
Tip
Examine the HTTP request that you're sending to AWS with a tool that shows you what your raw
HTTP requests look like. This can help you spot issues that aren't evident from your code.

• Don't include an extra newline character, or forget one where it's required.
• Don't format the date incorrectly in the credential scope, such as using a time stamp instead of
YYYYMMDD format.
• Make sure the headers in the canonical headers and the signed headers are the same.
• Don't inadvertently swap the key and the data (message) when calculating intermediary keys. The
result of the previous step's computation is the key, not the data. Check the documentation for your
cryptographic primitives carefully to ensure that you place the parameters in the proper order.
• Don't forget to add the string "AWS4" in front of the key for the first step. If you implement the key
derivation using a for loop or iterator, don't forget to special-case the first iteration so that it includes
the "AWS4" string.

Version 1.0
772
 AWS General Reference Reference guide
Signature Version 4 signing process

For more information about possible errors, see Troubleshooting AWS Signature Version 4
errors (p. 780).

Examples of the complete Signature Version 4 signing process

(Python)
This section shows example programs written in Python that illustrate how to work with Signature
Version 4 in AWS. We deliberately wrote these example programs to be simple (to use few Python-
specific features) to make it easier to understand the overall process of signing AWS requests.
Note
If you are using one of the AWS SDKs (including the SDK for C++, SDK for Go, SDK for Java,
AWS SDK for JavaScript, AWS SDK for .NET, SDK for PHP, SDK for Python (Boto3), or SDK for
Ruby), you do not have to manually perform the steps of deriving a signing key and adding
authentication information to a request. The SDKs perform this work for you. You need to
manually sign requests only if you are directly making HTTP or HTTPS requests.

In order to work with these example programs, you need the following:

• Python 2.x installed on your computer, which you can get from the Python site. These programs were
tested using Python 2.7 and 3.6.
• The Python requests library, which is used in the example script to make web requests. A convenient
way to install Python packages is to use pip, which gets packages from the Python package index site.
You can then install requests by running pip install requests at the command line.
• An access key (access key ID and secret access key) in environment variables named
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Alternatively, you can keep these values in a
credentials file and read them from that file. As a best practice, we recommend that you do not embed
credentials in code. For more information, see Best Practices for Managing AWS Access Keys in the
Amazon Web Services General Reference.

The following examples use UTF-8 to encode the canonical request and string to sign, but Signature
Version 4 does not require that you use a particular character encoding. However, some AWS services
might require a specific encoding. For more information, consult the documentation for that service.

Examples
• Using GET with an authorization header (Python) (p. 773)
• Using POST (Python) (p. 776)
• Using GET with authentication information in the Query string (Python) (p. 778)

Using GET with an authorization header (Python)

The following example shows how to make a request using the Amazon EC2 query API without SDK for
Python (Boto3). The request makes a GET request and passes authentication information to AWS using
the Authorization header.

# Copyright 2010-2019 [Link], Inc. or its affiliates. All Rights Reserved.

#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# [Link]
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific

Version 1.0
773
 AWS General Reference Reference guide
Signature Version 4 signing process

# language governing permissions and limitations under the License.

#
# ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference
# Signing AWS API Requests top available at
# [Link]
#

# AWS Version 4 signing example

# EC2 API (DescribeRegions)

# See: [Link]
# This version makes a GET request and passes the signature
# in the Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests

# ************* REQUEST VALUES *************

method = 'GET'
service = 'ec2'
host = '[Link]'
region = 'us-east-1'
endpoint = '[Link]
request_parameters = 'Action=DescribeRegions&Version=2013-10-15'

# Key derivation functions. See:

# [Link]
examples-python
def sign(key, msg):
return [Link](key, [Link]('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = [Link]('AWS_ACCESS_KEY_ID')
secret_key = [Link]('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
[Link]()

# Create a date for headers and the credential string

t = [Link]()
amzdate = [Link]('%Y%m%dT%H%M%SZ')
datestamp = [Link]('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************

# [Link]

# Step 1 is to define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

# Step 3: Create the canonical query string. In this example (a GET request),
# request parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
# For this example, the query string is pre-formatted in the request_parameters variable.
canonical_querystring = request_parameters

Version 1.0
774
 AWS General Reference Reference guide
Signature Version 4 signing process

# Step 4: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note that there is a trailing \n.
canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n'

# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers lists those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
signed_headers = 'host;x-amz-date'

# Step 6: Create payload hash (hash of the request body content). For GET
# requests, the payload is an empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

# Step 7: Combine elements to create canonical request

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************

# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************

# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, datestamp, region, service)

# Sign the string_to_sign using the signing_key

signature = [Link](signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************

# The signing information can be either in a query string value or in
# a header named Authorization. This code shows how to use a header.
# Create authorization header and add to request headers
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature

# The request can include any headers, but MUST include "host", "x-amz-date",
# and (for this scenario) "Authorization". "host" and "x-amz-date" must
# be included in the canonical_headers and signed_headers, as noted
# earlier. Order here is not significant.
# Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'x-amz-date':amzdate, 'Authorization':authorization_header}

# ************* SEND THE REQUEST *************

request_url = endpoint + '?' + canonical_querystring

print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = [Link](request_url, headers=headers)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print([Link])

Version 1.0
775
 AWS General Reference Reference guide
Signature Version 4 signing process

Using POST (Python)

The following example shows how to make a request using the Amazon DynamoDB query API without
SDK for Python (Boto3). The request makes a POST request and passes values to AWS in the body of the
request. Authentication information is passed using the Authorization request header.

# Copyright 2010-2019 [Link], Inc. or its affiliates. All Rights Reserved.

#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# [Link]
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.

# AWS Version 4 signing example

# DynamoDB API (CreateTable)

# See: [Link]
# This version makes a POST request and passes request parameters
# in the body (payload) of the request. Auth information is passed in
# an Authorization header.
import sys, os, base64, datetime, hashlib, hmac
import requests # pip install requests

# ************* REQUEST VALUES *************

method = 'POST'
service = 'dynamodb'
host = '[Link]'
region = 'us-west-2'
endpoint = '[Link]
# POST requests use a content type header. For DynamoDB,
# the content is JSON.
content_type = 'application/x-amz-json-1.0'
# DynamoDB requires an x-amz-target header that has this format:
# DynamoDB_<API version>.<operationName>
amz_target = 'DynamoDB_20120810.CreateTable'

# Request parameters for CreateTable--passed in a JSON block.

request_parameters = '{'
request_parameters += '"KeySchema": [{"KeyType": "HASH","AttributeName": "Id"}],'
request_parameters += '"TableName": "TestTable","AttributeDefinitions": [{"AttributeName":
"Id","AttributeType": "S"}],'
request_parameters += '"ProvisionedThroughput": {"WriteCapacityUnits":
5,"ReadCapacityUnits": 5}'
request_parameters += '}'

# Key derivation functions. See:

# [Link]
examples-python
def sign(key, msg):
return [Link](key, [Link]("utf-8"), hashlib.sha256).digest()

def getSignatureKey(key, date_stamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)

Version 1.0
776
 AWS General Reference Reference guide
Signature Version 4 signing process

kSigning = sign(kService, 'aws4_request')

return kSigning

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = [Link]('AWS_ACCESS_KEY_ID')
secret_key = [Link]('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
[Link]()

# Create a date for headers and the credential string

t = [Link]()
amz_date = [Link]('%Y%m%dT%H%M%SZ')
date_stamp = [Link]('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************

# [Link]

# Step 1 is to define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

## Step 3: Create the canonical query string. In this example, request

# parameters are passed in the body of the request and the query string
# is blank.
canonical_querystring = ''

# Step 4: Create the canonical headers. Header names must be trimmed

# and lowercase, and sorted in code point order from low to high.
# Note that there is a trailing \n.
canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-amz-
date:' + amz_date + '\n' + 'x-amz-target:' + amz_target + '\n'

# Step 5: Create the list of signed headers. This lists the headers
# in the canonical_headers list, delimited with ";" and in alpha order.
# Note: The request can include any headers; canonical_headers and
# signed_headers include those that you want to be included in the
# hash of the request. "Host" and "x-amz-date" are always required.
# For DynamoDB, content-type and x-amz-target are also required.
signed_headers = 'content-type;host;x-amz-date;x-amz-target'

# Step 6: Create payload hash. In this example, the payload (body of

# the request) contains the request parameters.
payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()

# Step 7: Combine elements to create canonical request

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************

# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = date_stamp + '/' + region + '/' + service + '/' + 'aws4_request'
string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************

# Create the signing key using the function defined above.
signing_key = getSignatureKey(secret_key, date_stamp, region, service)

Version 1.0
777
 AWS General Reference Reference guide
Signature Version 4 signing process

# Sign the string_to_sign using the signing_key

signature = [Link](signing_key, (string_to_sign).encode('utf-8'),
hashlib.sha256).hexdigest()

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************

# Put the signature information in a header named Authorization.
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' +
credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' +
signature

# For DynamoDB, the request can include any headers, but MUST include "host", "x-amz-date",
# "x-amz-target", "content-type", and "Authorization". Except for the authorization
# header, the headers must be included in the canonical_headers and signed_headers values,
as
# noted earlier. Order here is not significant.
# # Python note: The 'host' header is added automatically by the Python 'requests' library.
headers = {'Content-Type':content_type,
'X-Amz-Date':amz_date,
'X-Amz-Target':amz_target,
'Authorization':authorization_header}

# ************* SEND THE REQUEST *************

print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + endpoint)

r = [Link](endpoint, data=request_parameters, headers=headers)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print([Link])

Using GET with authentication information in the Query string (Python)

The following example shows how to make a request using the IAM query API without SDK for Python
(Boto3). The request makes a GET request and passes parameters and signing information using the
query string.

# Copyright 2010-2019 [Link], Inc. or its affiliates. All Rights Reserved.

#
# This file is licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License. A copy of the
# License is located at
#
# [Link]
#
# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
#
# ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference
# Signing AWS API Requests top available at
# [Link]
#

# AWS Version 4 signing example

# IAM API (CreateUser)

# See: [Link]

Version 1.0
778
 AWS General Reference Reference guide
Signature Version 4 signing process

# This version makes a GET request and passes request parameters

# and authorization information in the query string
import sys, os, datetime, hashlib, hmac, [Link]
import requests # pip install requests

# ************* REQUEST VALUES *************

method = 'GET'
service = 'iam'
host = '[Link]'
region = 'us-east-1'
endpoint = '[Link]

# Key derivation functions. See:

# [Link]
examples-python
def sign(key, msg):
return [Link](key, [Link]('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
return kSigning

# Read AWS access key from env. variables or configuration file. Best practice is NOT
# to embed credentials in code.
access_key = [Link]('AWS_ACCESS_KEY_ID')
secret_key = [Link]('AWS_SECRET_ACCESS_KEY')
if access_key is None or secret_key is None:
print('No access key is available.')
[Link]()

# Create a date for headers and the credential string

t = [Link]()
amz_date = [Link]('%Y%m%dT%H%M%SZ') # Format date as YYYYMMDD'T'HHMMSS'Z'
datestamp = [Link]('%Y%m%d') # Date w/o time, used in credential scope

# ************* TASK 1: CREATE A CANONICAL REQUEST *************

# [Link]

# Because almost all information is being passed in the query string,

# the order of these steps is slightly different than examples that
# use an authorization header.

# Step 1: Define the verb (GET, POST, etc.)--already done.

# Step 2: Create canonical URI--the part of the URI from domain to query
# string (use '/' if no path)
canonical_uri = '/'

# Step 3: Create the canonical headers and signed headers. Header names
# must be trimmed and lowercase, and sorted in code point order from
# low to high. Note trailing \n in canonical_headers.
# signed_headers is the list of headers that are being included
# as part of the signing process. For requests that use query strings,
# only "host" is included in the signed headers.
canonical_headers = 'host:' + host + '\n'
signed_headers = 'host'

# Match the algorithm to the hashing algorithm you use, either SHA-1 or
# SHA-256 (recommended)
algorithm = 'AWS4-HMAC-SHA256'
credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request'

Version 1.0
779
 AWS General Reference Reference guide
Signature Version 4 signing process

# Step 4: Create the canonical query string. In this example, request

# parameters are in the query string. Query string values must
# be URL-encoded (space=%20). The parameters must be sorted by name.
canonical_querystring = 'Action=CreateUser&UserName=NewUser&Version=2010-05-08'
canonical_querystring += '&X-Amz-Algorithm=AWS4-HMAC-SHA256'
canonical_querystring += '&X-Amz-Credential=' + [Link].quote_plus(access_key + '/' +
credential_scope)
canonical_querystring += '&X-Amz-Date=' + amz_date
canonical_querystring += '&X-Amz-Expires=30'
canonical_querystring += '&X-Amz-SignedHeaders=' + signed_headers

# Step 5: Create payload hash. For GET requests, the payload is an

# empty string ("").
payload_hash = hashlib.sha256(('').encode('utf-8')).hexdigest()

# Step 6: Combine elements to create canonical request

canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' +
canonical_headers + '\n' + signed_headers + '\n' + payload_hash

# ************* TASK 2: CREATE THE STRING TO SIGN*************

string_to_sign = algorithm + '\n' + amz_date + '\n' + credential_scope + '\n' +
hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()

# ************* TASK 3: CALCULATE THE SIGNATURE *************

# Create the signing key
signing_key = getSignatureKey(secret_key, datestamp, region, service)

# Sign the string_to_sign using the signing_key

signature = [Link](signing_key, (string_to_sign).encode("utf-8"),
hashlib.sha256).hexdigest()

# ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************

# The auth information can be either in a query string
# value or in a header named Authorization. This code shows how to put
# everything into a query string.
canonical_querystring += '&X-Amz-Signature=' + signature

# ************* SEND THE REQUEST *************

# The 'host' header is added automatically by the Python 'request' lib. But it
# must exist as a header in the request.
request_url = endpoint + "?" + canonical_querystring

print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++')
print('Request URL = ' + request_url)
r = [Link](request_url)

print('\nRESPONSE++++++++++++++++++++++++++++++++++++')
print('Response code: %d\n' % r.status_code)
print([Link])

Troubleshooting AWS Signature Version 4 errors

When you develop code that implements Signature Version 4, you might receive errors from AWS
products that you test against. The errors typically come from an error in the canonicalization of the
request, the incorrect derivation or use of the signing key, or a validation failure of signature-specific
parameters sent along with the request.

Errors

Version 1.0
780
 AWS General Reference Reference guide
Signature Version 4 signing process

• Troubleshooting canonicalization errors (p. 781)

• Troubleshooting credential scope errors (p. 781)
• Troubleshooting key signing errors (p. 783)

Troubleshooting canonicalization errors

Consider the following request:

[Link]
&Action=ListGroupsForUser
&UserName=Test
&Version=2010-05-08
&X-Amz-Date=20120223T063000Z
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20120223/us-east-1/iam/aws4_request
&X-Amz-SignedHeaders=host
&X-Amz-Signature=<calculated value>

If you incorrectly calculate the canonical request or the string to sign, the signature verification step
performed by the service fails. The following example is a typical error response, which includes the
canonical string and the string to sign as computed by the service. You can troubleshoot your calculation
error by comparing the returned strings with the canonical string and your calculated string to sign.

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service documentation for
details.

The canonical string for this request should have been 'GET /
Action=ListGroupsForUser&MaxItems=100&UserName=Test&Version=2010-05-08&X-Amz-
Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential
=AKIAIOSFODNN7EXAMPLE%2F20120223%2Fus-east-1%2Fiam%2Faws4_request&X-Amz-
Date=20120223T063000Z&X-Amz-SignedHeaders=host
host:[Link]

host
<hashed-value>'

The String-to-Sign should have been

'AWS4-HMAC-SHA256
20120223T063000Z
20120223/us-east-1/iam/aws4_request
<hashed-value>'
</Message>
</Error>
<RequestId>4ced6e96-5de8-11e1-aa78-a56908bdf8eb</RequestId>
</ErrorResponse>

Troubleshooting credential scope errors

AWS products validate credentials for proper scope; the credential parameter must specify the correct
service, Region, and date. For example, the following credential references the Amazon RDS service:

Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-east-1/rds/aws4_request

If you use the same credentials to submit a request to IAM, you'll receive the following error response:

Version 1.0
781
 AWS General Reference Reference guide
Signature Version 4 signing process

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to correct service: 'iam'. </Message>
</Error>
<RequestId>aa0da9de-5f2b-11e1-a2c0-c1dc98b6c575</RequestId>

The credential must also specify the correct Region. For example, the following credential for an IAM
request incorrectly specifies the US West (N. California) Region.

Credential=AKIAIOSFODNN7EXAMPLE/20120224/us-west-1/iam/aws4_request

If you use the credential to submit a request to IAM, which accepts only the us-east-1 Region
specification, you'll receive the following response:

comma-separated<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Credential should be scoped to a valid Region, not 'us-west-1'. </Message>
</Error>
<RequestId>8e229682-5f27-11e1-88f2-4b1b00f424ae</RequestId>
</ErrorResponse>

You'll receive the same type of invalid Region response from AWS products that are available in multiple
Regions if you submit requests to a Region that differs from the Region specified in your credential
scope.

The credential must also specify the correct Region for the service and action in your request.

The date that you use as part of the credential must match the date value in the x-amz-date header.
For example, the following x-amz-date header value does not match the date value used in the
Credential parameter that follows it.

x-amz-date:"20120224T213559Z"
Credential=AKIAIOSFODNN7EXAMPLE/20120225/us-east-1/iam/aws4_request

If you use this pairing of x-amz-date header and credential, you'll receive the following error response:

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>Date in Credential scope does not match YYYYMMDD from ISO-8601 version of date
from HTTP: '20120225' != '20120224', from '20120 224T213559Z'.</Message>
</Error>
<RequestId>9d6ddd2b-5f2f-11e1-b901-a702cd369eb8</RequestId>
</ErrorResponse>

An expired signature can also generate an error response. For example, the following error response was
generated due to an expired signature.

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>

Version 1.0
782
 AWS General Reference Reference guide
Signature Version 2 signing process

<Message>Signature expired: 20120306T074514Z is now earlier than 20120306T074556Z

(20120306T080056Z - 15 min.)</Message>
</Error>
<RequestId>fcc88440-5dec-11e1-b901-a702cd369eb8</RequestId>
</ErrorResponse>

Troubleshooting key signing errors

Errors that are caused by an incorrect derivation of the signing key or improper use of cryptography are
more difficult to troubleshoot. The error response will tell you that the signature does not match. If you
verified that the canonical string and the string to sign are correct, the cause of the signature mismatch
is most likely one of the two following issues:

• The secret access key does not match the access key ID that you specified in the Credential
parameter.
• There is a problem with your key derivation code.

To check whether the secret key matches the access key ID, you can use your secret key and access key ID
with a known working implementation. One way is to use one of the AWS SDKs to write a program that
makes a simple request to AWS using the access key ID and secret access key that you want to use.

To check whether your key derivation code is correct, you can compare it to our example derivation code.
For more information, see Examples of how to derive a signing key for Signature Version 4 (p. 770).

Service-specific reference for Signature Version 4

To learn more about making and signing HTTP requests in the context of specific AWS services, see the
documentation for the following services:

• Amazon API Gateway

• Amazon CloudSearch
• Amazon CloudWatch
• AWS Data Pipeline
• Amazon Elastic Compute Cloud (Amazon EC2)
• Amazon Elastic Transcoder
• Amazon S3 Glacier
• Amazon Mobile Analytics
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Email Service (Amazon SES)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Simple Storage Service (Amazon S3)
• Amazon Simple Workflow Service (Amazon SWF)
• AWS WAF

Signature Version 2 signing process

Important
The AWS SDKs, AWS Command Line Interface (AWS CLI), and other AWS tools sign API requests
for you using the access key that you specify when you configure the tool. When you use these
tools, you don’t need to learn how to sign API requests. The following documentation
explains how to sign API requests, but is only useful if you’re writing your own code to send

Version 1.0
783
 AWS General Reference Reference guide
Signature Version 2 signing process

and sign AWS API requests. We recommend that you use the AWS SDKs or other AWS tools to
send API requests, instead of writing your own code.
If you must write your own code to sign AWS API requests, use Signature Version 4
(SigV4) (p. 755).

Supported Regions and services

You can use Signature Version 2 to sign API requests for some AWS services in some AWS Regions.
Otherwise, you must use Signature Version 4 to sign API requests.

Regions that support Signature Version 2

• US East (N. Virginia) Region

• US West (N. California) Region
• US West (Oregon) Region
• Europe (Ireland) Region
• Asia Pacific (Tokyo) Region
• Asia Pacific (Singapore) Region
• Asia Pacific (Sydney) Region
• South America (São Paulo) Region

Services that support Signature Version 2

• Amazon EC2 Auto Scaling

• AWS CloudFormation
• Amazon CloudWatch
• AWS Elastic Beanstalk
• Amazon Elastic Compute Cloud (Amazon EC2)
• Elastic Load Balancing
• Amazon EMR
• Amazon ElastiCache
• AWS Identity and Access Management (IAM)
• AWS Import/Export
• Amazon Relational Database Service (Amazon RDS)
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon SimpleDB

Services deprecating Signature Version 2

• Amazon Simple Storage Service (Amazon S3) - Amazon S3 Update - SigV2 Deprecation
• Amazon Simple Email Service (Amazon SES)

Components of a query request for Signature Version 2

AWS requires that each HTTP or HTTPS Query request formatted for Signature Version 2 contains the
following:

Version 1.0
784
 AWS General Reference Reference guide
Signature Version 2 signing process

Endpoint

Also known as the host part of an HTTP request. This is the DNS name of the computer where you
send the Query request. This is different for each AWS Region.
Action

The action you want a web service to perform. This value determines the parameters used in the
request.
AWSAccessKeyId

A value distributed by AWS when you sign up for an AWS account.

SignatureMethod

The hash-based protocol used to calculate the signature. This can be either HMAC-SHA1 or HMAC-
SHA256 for Signature Version 2.
SignatureVersion

The version of the AWS signature protocol.

Timestamp

The time at which you make the request. Include this in the Query request to help prevent third
parties from intercepting your request.
Required and optional parameters

Each action has a set of required and optional parameters that define the API call.
Signature

The calculated value that ensures the signature is valid and has not been tampered.

The following is an example Amazon EMR Query request formatted as an HTTPS GET request.

• The endpoint, [Link], is the default endpoint and maps to the Region
us-east-1.
• The action is DescribeJobFlows, which requests information about one or more job flows.

Note
In the actual Query request, there are no spaces or newline characters. The request is a
continuous line of text. The version below is formatted for human readability.

[Link]
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&Action=DescribeJobFlows
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2011-10-03T15%3A19%3A30
&Version=2009-03-31
&Signature=calculated value

How to generate a signature for a Query request

Web service requests are sent across the Internet and are vulnerable to tampering. To check that the
request has not been altered, AWS calculates the signature to determine if any of the parameters or
parameter values were changed en route. AWS requires a signature as part of every request.

Be sure to URI encode the request. For example, blank spaces in your request should be encoded as
%20. Although an unencoded space is normally allowed by the HTTP protocol specification, unencoded

Version 1.0
785
 AWS General Reference Reference guide
Signature Version 2 signing process

characters create an invalid signature in your Query request. Do not encode spaces as a plus sign (+) as
this will cause errors.

The following topics describe the steps needed to calculate a signature using AWS Signature Version 2.

Task 1: Format the Query request

Before you can sign the Query request, format the request in a standardized (canonical) format. This is
needed because the different ways to format a Query request will result in different HMAC signatures.
Format the request in a canonical format before signing. This ensures your application and AWS will
calculate the same signature for a request.

To create the string to sign, you concatenate the Query request components. The following example
generates the string to sign for the following call to the Amazon EMR API.

[Link]
Action=DescribeJobFlows
&Version=2009-03-31
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2011-10-03T[Link]

Note
In the preceding request, the last four parameters (AWSAccessKeyID through Timestamp) are
called authentication parameters. They're required in every Signature Version 2 request. AWS
uses them to identify who is sending the request and whether to grant the requested access.

To create the string to sign

1. Start with the request method (either GET or POST), followed by a newline character. For human
readability, the newline character is represented as \n.

GET\n

2. Add the HTTP host header (endpoint) in lowercase, followed by a newline character. The port
information is omitted if it is the standard port for the protocol (port 80 for HTTP and port 443 for
HTTPS), but included if it is a nonstandard port.

[Link]\n

3. Add the URL-encoded version of each path segment of the URI, which is everything between the
HTTP host header to the question mark character (?) that begins the query string parameters,
followed by a newline character. Don't encode the forward slash (/) that delimits each path
segment.

In this example, if the absolute path is empty, use a forward slash (/).

/\n

4. a. Add the query string components, as UTF-8 characters which are URL encoded (hexadecimal
characters must be uppercase). You do not encode the initial question mark character (?) in the
request. For more information, see RFC 3986.
b. Sort the query string components by byte order. Byte ordering is case sensitive. AWS sorts these
components based on the raw bytes.

For example, this is the original order for the query string components.

Version 1.0
786
 AWS General Reference Reference guide
Signature Version 2 signing process

Action=DescribeJobFlows
Version=2009-03-31
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
SignatureVersion=2
SignatureMethod=HmacSHA256
Timestamp=2011-10-03T15%3A19%3A30

The query string components would be reorganized as the following:

AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
Action=DescribeJobFlows
SignatureMethod=HmacSHA256
SignatureVersion=2
Timestamp=2011-10-03T15%3A19%3A30
Version=2009-03-31

c. Separate parameter names from their values with the equal sign character (=), even if the value
is empty. Separate parameter and value pairs with the ampersand character (&). Concatenate
the parameters and their values to make one long string with no spaces. Spaces within a
parameter value are allowed, but must be URL encoded as %20. In the concatenated string,
period characters (.) are not escaped. RFC 3986 considers the period character an unreserved
character, so it is not URL encoded.
Note
RFC 3986 does not specify what happens with ASCII control characters, extended
UTF-8 characters, and other characters reserved by RFC 1738. Since any values may be
passed into a string value, these other characters should be percent encoded as %XY
where X and Y are uppercase hex characters. Extended UTF-8 characters take the form
%XY%ZA... (this handles multibytes).

The following example shows the query string components, with the parameters concatenated with
the ampersand character (&), and sorted by byte order.

AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer

5. To construct the finished canonical request, combine all the components from each step. As shown,
each component ends with a newline character.

GET\n
[Link]\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVer

Task 2: Calculate the signature

After you've created the canonical string as described in Task 1: Format the Query request (p. 786),
calculate the signature by creating a hash-based message authentication code (HMAC) that uses either
the HMAC-SHA1 or HMAC-SHA256 protocols. The HMAC-SHA256 is preferred.

In this example, the signature is calculated with the following canonical string and secret key as inputs to
a keyed hash function:

• Canonical query string:

GET\n

Version 1.0
787
 AWS General Reference Reference guide
Signature Version 2 signing process

[Link]\n
/\n
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersi

• Sample secret key:

wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

The resulting signature must be base-64 encoded.

i91nKc4PWAt0JJIdXwz9HxZCJDdiy6cf%2FMj6vPxyYIs%3D

Add the resulting value to the query request as a Signature parameter. When you add this parameter
to the request, you must URI encode it just like any other parameter. You can use the signed request in
an HTTP or HTTPS call.

[Link]
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersion
%2FMj6vPxyYIs%3D

Note
You can use temporary security credentials provided by AWS Security Token Service (AWS STS)
to sign a request. The process is the same as using long-term credentials, but requests require
an additional parameter for the security token.

The following request uses a temporary access key ID and the SecurityToken parameter.

Example Example request with temporary security credentials

[Link]
?Action=GetAttributes
&AWSAccessKeyId=access-key-from-AWS Security Token Service
&DomainName=MyDomain
&ItemName=MyItem
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2010-01-25T15%3A03%3A07-07%3A00
&Version=2009-04-15
&Signature=signature-calculated-using-the-temporary-access-key
&SecurityToken=session-token

For more information, see the following resources:

• The Amazon EMR Developer Guide has information about Amazon EMR API calls.
• The API documentation for each service has information about requirements and specific parameters
for an action.
• The AWS SDKs offer functions to generate Query request signatures. To see an example using the AWS
SDK for Java, see Using the Java SDK to sign a Query request (p. 789).

Troubleshooting request signatures

This section describes some error codes you might see when you are initially developing code to generate
the signature to sign Query requests.

Version 1.0
788
 AWS General Reference Reference guide
Signature Version 2 signing process

SignatureDoesNotMatch signing error in a web service

The following error response is returned when a web service attempts to validate the request signature
by recalculating the signature value and generates a value that does not match the signature you
appended to the request. This can occur because the request was altered between the time you sent it
and the time it reached a web service endpoint (which is what the signature is designed to detect) or
because the signature was calculated improperly. A common cause of the following error message is not
properly creating the string to sign, such as forgetting to URL-encode characters such as the colon (:) and
the forward slash (/) in Amazon S3 bucket names.

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you
provided.
Check your AWS Secret Access Key and signing method.
Consult the service documentation for details.</Message>
</Error>
<RequestId>7589637b-e4b0-11e0-95d9-639f87241c66</RequestId>
</ErrorResponse>

IncompleteSignature signing error in a web service

The following error indicates that signature is missing information or has been improperly formed.

<ErrorResponse xmlns="[Link]
<Error>
<Type>Sender</Type>
<Code>IncompleteSignature</Code>
<Message>Request must contain a signature that conforms to AWS standards</Message>
</Error>
<RequestId>7146d0dd-e48e-11e0-a276-bd10ea0cbb74</RequestId>
</ErrorResponse>

Using the Java SDK to sign a Query request

The following example uses the [Link] package of the AWS SDK for Java to
generate an AWS Signature Version 2 Query request signature. To do so, it creates an RFC 2104-
compliant HMAC signature. For more information about HMAC, see HMAC: Keyed-Hashing for Message
Authentication.
Note
Java is used as an example implementation. You can use the programming language of your
choice to implement the HMAC algorithm to sign Query requests.

import [Link];
import [Link];
import [Link];
import [Link].*;

/**
* This class defines common routines for generating
* authentication signatures for AWS Platform requests.
*/
public class Signature {
private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

Version 1.0
789
 AWS General Reference Reference guide
AWS SDK support for Amazon S3 client-side encryption

/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The signed data.
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws
* [Link] when signature generation fails
*/
public static String calculateRFC2104HMAC(String data, String key)
throws [Link]
{
String result;
try {

// Get an hmac_sha256 key from the raw key bytes.

SecretKeySpec signingKey = new SecretKeySpec([Link]("UTF-8"),
HMAC_SHA256_ALGORITHM);

// Get an hmac_sha256 Mac instance and initialize with the signing key.
Mac mac = [Link](HMAC_SHA256_ALGORITHM);
[Link](signingKey);

// Compute the hmac on input data bytes.

byte[] rawHmac = [Link]([Link]("UTF-8"));

// Base64-encode the hmac by using the utility in the SDK

result = BinaryUtils.toBase64(rawHmac);

} catch (Exception e) {
throw new SignatureException("Failed to generate HMAC : " + [Link]());
}
return result;
}
}

AWS SDK support for Amazon S3 client-side

encryption
The following tables list the cryptographic algorithms and features that are supported by the language–
specific AWS SDKs. For information about how to use the features for a particular SDK, see the developer
guide for that SDK.

If you are new to cryptography, see Cryptography Basics in the AWS Key Management Service Developer
Guide to get familiar with terms and concepts.
Note
The AWS Encryption SDK is an encryption library that is separate from the language–specific
SDKs. You can use this encryption library to more easily implement encryption best practices in
Amazon S3. Unlike the Amazon S3 encryption clients in the language–specific AWS SDKs, the
AWS Encryption SDK is not tied to Amazon S3 and can be used to encrypt or decrypt data to be
stored anywhere.
The AWS Encryption SDK and the Amazon S3 encryption clients are not compatible because
they produce ciphertexts with different data formats. For more information about the AWS
Encryption SDK, see the AWS Encryption SDK Developer Guide.

Version 1.0
790
 AWS General Reference Reference guide
AWS SDK features for Amazon S3 client-side encryption

AWS SDK features for Amazon S3 client-side

encryption
To use the Amazon S3 client-side encryption feature to encrypt data before uploading to Amazon S3,
you must provide a master key to the Amazon S3 encryption client. You can provide a client-side master
key or use the AWS Key Management Service (AWS KMS)–managed master keys feature. The AWS KMS–
managed master keys feature provides an easy way to create and manage keys that are used to encrypt
data. For more information about these features, choose the links provided in the Feature column.

For details about how to use the features for a particular SDK, see the SDK's developer guide.

In the following table, each column indicates whether the AWS Command Line Interface or SDK for a
specific language supports the features used in client-side encryption.

Feature Java .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI

Amazon Yes Yes Yes No No Yes No Yes Yes

S3
client-
side
encryption

AWS Yes Yes Yes No No Yes No Yes Yes

KMS–
managed
master
keys

For information about the v2 Amazon S3 encryption clients that support client-side encryption, see our
blog post about Updates to the Amazon S3 Encryption Client.

For more details about the legacy v1 Amazon S3 encryption client, see the following blog posts.

• Client-Side Data Encryption for Amazon S3 Using the AWS SDK for Java
• Client Side Data Encryption with AWS SDK for .NET and Amazon S3
• Using Client-Side Encryption for Amazon S3 in the AWS SDK for Ruby
• Using the AWS SDK for Go Encryption Client
• Amazon S3 Encryption Client Now Available for C++ Developers

Amazon S3 encryption client cryptographic

algorithms
The following table lists the algorithms that each language–specific AWS SDK supports for encrypting
keys and data when using the Amazon S3 encryption client.

AlgorithmJava .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI

Key Yes Yes Yes No No No No No No

Wrap:

Version 1.0
791
 AWS General Reference Reference guide
Amazon S3 encryption client cryptographic algorithms

AlgorithmJava .NET Ruby v2 AWS Boto3 PHP v3 JavaScriptGo C++

CLI
RSA-
OAEP-
SHA1

Key Yes Yes Yes No No No No No Yes

Wrap:
AES/
GCM

Key Yes Yes Yes No No Yes No Yes Yes

Wrap:
KMS
+context

Key DeprecatedDeprecatedDeprecatedNo No No No No No
Wrap:
AES/
ECB

Key DeprecatedDeprecatedDeprecatedNo No No No No Deprecated

Wrap:
AESWrap

Key DeprecatedNo DeprecatedNo No No No No No

Wrap:
RSA

Key DeprecatedDeprecatedDeprecatedNo No DeprecatedNo DeprecatedDeprecated

Wrap:
KMS

Content Yes Yes Yes No No Yes No Yes Yes

Encryption:
AES/
GCM

Content DeprecatedNo DeprecatedNo No No No DeprecatedDeprecated

Encryption:
AES/
CBC

For more information about authenticated and encryption-only modes, see the Amazon S3 Client-Side
Authenticated Encryption blog post.

Version 1.0
792
 AWS General Reference Reference guide

Document conventions
The following are the common typographical conventions for AWS technical publications.

Inline code (for example, commands, operations, parameters, constants, XML elements, and regular
expressions)

Formatting: Text in a monospace font

Example: java -version

Example blocks (for example, sample code and scripts)

Formatting: Text in a monospace font inside a shaded block

Example:

# ls -l /var/www/html/[Link]
-rw-rw-r-- 1 root root 1872 Jun 21 09:33 /var/www/html/[Link]
# date
Wed Jun 21 [Link] EDT 2006

Mutually exclusive options

Formatting: Text separated by vertical bars

Example: (start | stride | edge)

Optional parameters

Formatting: Text enclosed in square brackets

Example: [-n, -quiet]

Definitions

Formatting: Text in italics

Example: Amazon Machine Image (AMI)

Technical publications

Formatting: Text in italics

Example: Amazon Simple Storage Service User Guide

Elements in the user interface

Formatting: Text in bold

Example: Choose File, Properties.

User input (text that a user types)

Formatting: Text in a monospace font

Example: For the name, type my-new-resource.

Placeholder text for a required value

Formatting: Text in italics

Version 1.0
793
 AWS General Reference Reference guide

Example:

aws ec2 register-image --image-location my-s3-bucket/[Link]

Version 1.0
794
 AWS General Reference Reference guide

AWS glossary

Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

Numbers and symbols

100-continue A method that gives a client the ability to see whether a server can accept a
request before actually sending it. For large PUT requests, this method can save
both time and bandwidth charges.

A
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

AAD See additional authenticated data.

Access Analyzer A feature of AWS Identity and Access Management (IAM) (p. 808) that helps
you identify the resources in your organization and accounts, such as Amazon S3
buckets or IAM roles that are shared with an external entity.
See Also [Link]
aws-identity-and-access-management-access-analyzer/.

access control list (ACL) A document that defines who can access a particular bucket (p. 813) or
object. Each bucket (p. 813) and object in Amazon S3 (p. 803) has an ACL.
The document defines what each type of user can do, such as write and read
permissions.

access identifiers See credentials.

access key The combination of an access key ID (p. 795) (for example,
AKIAIOSFODNN7EXAMPLE) and a secret access key (p. 844) (for example,
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign
API requests that you make to AWS.

access key ID A unique identifier that's associated with a secret access key (p. 844); the
access key ID and secret access key are used together to sign programmatic AWS
requests cryptographically.

Version 1.0
795
 AWS General Reference Reference guide

access key rotation A method to increase security by changing the AWS access key ID. You can use
this method to retire an old key at your discretion.

access policy language A language for writing documents (specifically, policies (p. 837)) that specify
who can access a particular AWS resource (p. 842) and under what conditions.

account A formal relationship with AWS that's associated with all of the following:

• The owner email address and password

• The control of resources created under its umbrella
• Payment for the AWS activity related to those resources

The AWS account has permission to do anything and everything with all the
AWS account resources. This is in contrast to a user (p. 851), which is an entity
contained within the account.

account activity A webpage showing your month-to-date AWS usage and costs. The account
activity page is located at [Link]

ACL See access control list (ACL).

ACM See the section called “ACM”.

ACM PCA See the section called “ACM Private CA”.

ACM Private CA See the section called “ACM Private CA”.

action An API function. Also called operation or call. The activity the principal (p. 838)
has permission to perform. The action is B in the statement "A has permission
to do B to C where D applies." For example, Jane sends a request to Amazon
SQS (p. 803) with Action=ReceiveMessage.

Amazon CloudWatch (p. 797): The response initiated by the change in an alarm's
state (for example, from OK to ALARM). The state change might be caused by a
metric reaching the alarm threshold, or by a SetAlarmState request. Each alarm
can have one or more actions assigned to each state. Actions are performed once
each time the alarm changes to a state that has an action assigned, such as an
Amazon Simple Notification Service (p. 802) notification, the running of an
Amazon EC2 Auto Scaling (p. 798) policy (p. 837), or an Amazon EC2 (p. 798)
instance (p. 828) stop/terminate action.

active trusted key groups A list showing each of the trusted key groups (p. 851), and the IDs of the public
keys in each key group, that are active for a distribution in Amazon CloudFront.
CloudFront can use the public keys in these key groups to verify the signatures of
CloudFront signed URLs and signed cookies.

active trusted signers See active trusted key groups (p. 796).

additional authenticated data Information that's checked for integrity but not encrypted, such as headers or
other contextual metadata.

administrative suspension Amazon EC2 Auto Scaling (p. 798) might suspend processes for Auto Scaling
group (p. 805) that repeatedly fail to launch instances. Auto Scaling groups
that most commonly experience administrative suspension have zero running
instances, have been trying to launch instances for more than 24 hours, and have
not succeeded in that time.

alarm An item that watches a single metric over a specified time period and starts an
Amazon SNS (p. 802) topic (p. 850) or an Amazon EC2 Auto Scaling (p. 798)

Version 1.0
796
 AWS General Reference Reference guide

policy (p. 837) if the value of the metric crosses a threshold value over a
predetermined number of time periods.

allow One of two possible outcomes (the other is deny (p. 820)) when an
IAM (p. 808) access policy (p. 837) is evaluated. When a user makes a request
to AWS, AWS evaluates the request based on all permissions that apply to the
user and then returns either allow or deny.

Amazon API Gateway A fully managed service that makes it easy for developers to create, publish,
maintain, monitor, and secure APIs at any scale.
See Also [Link]

Amazon AppStream 2.0 A fully managed, secure service for streaming desktop applications to users
without rewriting those applications.
See Also [Link]

Amazon Athena An interactive query service that makes it easy to analyze data in Amazon S3
using ANSI SQL. Athena is serverless, so there's no infrastructure to manage.
Athena scales automatically and is simple to use, so you can start analyzing your
datasets within seconds.
See Also [Link]

Amazon Aurora A fully managed MySQL-compatible relational database engine that combines
the speed and availability of commercial databases with the simplicity and cost-
effectiveness of open-source databases.
See Also [Link]

Amazon Chime A secure, real-time, unified communications service that transforms meetings by
making them more efficient and easier to conduct.
See Also [Link]

Amazon Cloud Directory A service that provides a highly scalable directory store for your application’s
(Cloud Directory) multihierarchical data.
See Also [Link]

Amazon CloudFront An AWS content delivery service that helps you improve the performance,
reliability, and availability of your websites and applications.
See Also [Link]

Amazon CloudSearch A fully managed service in the AWS Cloud that makes it easy to set up, manage,
and scale a search solution for your website or application.

Amazon CloudWatch A web service that you can use to monitor and manage various metrics, and
configure alarm actions based on data from those metrics.
See Also [Link]

Amazon CloudWatch Events A web service that you can use to deliver a timely stream of system events that
describe changes in AWS resource (p. 842)s to AWS Lambda (p. 809) functions,
streams in Amazon Kinesis Data Streams (p. 800), Amazon Simple Notification
Service (p. 802) topics, or built-in targets.
See Also [Link]

Amazon CloudWatch Logs A web service for monitoring and troubleshooting your systems and applications
from your existing system, application, and custom log files. You can send your
existing log files to CloudWatch Logs and monitor these logs in near-real time.
See Also [Link]

Amazon Cognito A web service that makes it easy to save mobile user data, such as app
preferences or game state, in the AWS Cloud without writing any backend

Version 1.0
797
 AWS General Reference Reference guide

code or managing any infrastructure. Amazon Cognito offers mobile identity

management and data synchronization across devices.
See Also [Link]

Amazon Comprehend A natural language processing (NLP) service that uses machine learning to find
insights and relationships in text.
See Also [Link]

Amazon Comprehend Medical A HIPAA-eligible natural language processing (NLP) service that uses machine
learning to extract health data from medical text.
See Also [Link]

Amazon Connect A service solution that offers easy, self-service configuration and provides
dynamic, personal, and natural customer engagement at any scale.
See Also [Link]

Amazon Corretto A no-cost, multiplatform, production-ready distribution of the Open Java

Development Kit (OpenJDK).
See Also [Link]

Amazon Detective A service that collects log data from your AWS resources to analyze and identify
the root cause of security findings or suspicious activities. The Detective behavior
graph provides visualizations to help you to determine the nature and extent of
possible security issues and conduct an efficient investigation.
See Also [Link]

Amazon DocumentDB (with A managed database service that you can use to set up, operate, and scale
MongoDB compatibility) MongoDB-compatible databases in the cloud.
See Also [Link]

Amazon DynamoDB A fully managed NoSQL database service that provides fast and predictable
performance with seamless scalability.
See Also [Link]

Amazon DynamoDB A software library that helps you protect your table data before you send it to
Encryption Client Amazon DynamoDB (p. 798).

Amazon DynamoDB Storage A storage backend for the Titan graph database implemented on top of Amazon
Backend for Titan DynamoDB. Titan is a scalable graph database optimized for storing and querying
graphs.
See Also [Link]

Amazon DynamoDB Streams An AWS service that captures a time-ordered sequence of item-level
modifications in any Amazon DynamoDB table, and stores this information in a
log for up to 24 hours. Applications can access this log and view the data items as
they appeared before and after they were modified, in near real time.
See Also [Link]

Amazon EBS-backed AMI A type of Amazon Machine Image (AMI) (p. 801) whose instance (p. 828)s use
an Amazon EBS (p. 799) volume (p. 853) as their root device. Compare this
with instances launched from instance store-backed AMI (p. 828)s, which use the
instance store (p. 828) as the root device.

Amazon EC2 A web service for launching and managing Linux/UNIX and Windows Server
instance (p. 828)s in Amazon's data centers.
See Also Amazon Elastic Compute Cloud (Amazon EC2), [Link]
ec2.

Amazon EC2 Auto Scaling A web service designed to launch or terminate instance (p. 828)s automatically
based on user-defined policies (p. 837), schedules, and health check (p. 826)s.

Version 1.0
798
 AWS General Reference Reference guide

See Also [Link]

Amazon Elastic Block Store A service that provides block level storage volume (p. 853)s for use with EC2
(Amazon EBS) instance (p. 821)s.
See Also [Link]

Amazon Elastic Compute A web service for launching and managing Linux/UNIX and Windows Server
Cloud (Amazon EC2) instance (p. 828)s in Amazon's data centers.
See Also [Link]

Amazon Elastic Container A fully managed Docker container registry that makes it easy for developers to
Registry (Amazon ECR) store, manage, and deploy Docker container images. Amazon ECR is integrated
with Amazon Elastic Container Service (Amazon ECS) (p. 799) and AWS Identity
and Access Management (IAM) (p. 808).
See Also [Link]

Amazon Elastic Container A highly scalable, fast, container (p. 816) management service that makes it
Service (Amazon ECS) easy to run, stop, and manage Docker containers on a cluster (p. 815) of EC2
instance (p. 821)s.
See Also [Link]

Amazon Elastic File System A file storage service for EC2 (p. 798) instance (p. 828)s. Amazon EFS is easy
(Amazon EFS) to use and provides a simple interface with which you can create and configure
file systems. Amazon EFS storage capacity grows and shrinks automatically as you
add and remove files.
See Also [Link]

Amazon Elastic Kubernetes A managed service that simplifies running Kubernetes on AWS without your
Service (Amazon EKS) needing to stand up or maintain your own Kubernetes control plane.
See Also [Link]

Amazon Elastic Transcoder A cloud-based media transcoding service. Elastic Transcoder is a highly scalable
tool for converting (or transcoding) media files from their source format into
versions that play on devices such as smartphones, tablets, and PCs.
See Also [Link]

Amazon ElastiCache A web service that simplifies deploying, operating, and scaling an in-memory
cache in the cloud. The service improves the performance of web applications by
providing information retrieval from fast, managed, in-memory caches, instead of
relying entirely on slower disk-based databases.
See Also [Link]

Amazon OpenSearch Service An AWS managed service for deploying, operating, and scaling OpenSearch, an
(OpenSearch Service) open-source search and analytics engine, in the AWS Cloud. Amazon OpenSearch
Service (OpenSearch Service) also offers security options, high availability, data
durability, and direct access to the OpenSearch API.
See Also [Link]

Amazon EMR A web service that makes it easy to process large amounts of data efficiently.
Amazon EMR uses Hadoop (p. 826) processing combined with several AWS
products to do such tasks as web indexing, data mining, log file analysis, machine
learning, scientific simulation, and data warehousing.
See Also [Link]

Amazon EventBridge A serverless event bus service that you can use to connect your applications
with data from a variety of sources and routes that data to targets such as AWS
Lambda. You can set up routing rules to determine where to send your data to
build application architectures that react in real time to all of your data sources.
See Also [Link]

Version 1.0
799
 AWS General Reference Reference guide

Amazon Forecast A fully managed service that uses statistical and machine learning algorithms to
produce highly accurate time-series forecasts.
See Also [Link]

Amazon GameLift A managed service for deploying, operating, and scaling session-based
multiplayer games.
See Also [Link]

Amazon GuardDuty A continuous security monitoring service. Amazon GuardDuty can help to identify
unexpected and potentially unauthorized or malicious activity in your AWS
environment.
See Also [Link]

Amazon Inspector An automated security assessment service that helps improve the security and
compliance of applications deployed on AWS. Amazon Inspector automatically
assesses applications for vulnerabilities or deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed report with
prioritized steps for remediation.
See Also [Link]

Amazon Kinesis A platform for streaming data on AWS. Kinesis offers services that simplify the
loading and analysis of streaming data.
See Also [Link]

Amazon Kinesis Data Firehose A fully managed service for loading streaming data into AWS. Kinesis Data
Firehose can capture and automatically load streaming data into Amazon
S3 (p. 803) and Amazon Redshift (p. 802), enabling near real-time analytics
with existing business intelligence tools and dashboards. Kinesis Data Firehose
automatically scales to match the throughput of your data and requires no
ongoing administration. It can also batch, compress, and encrypt the data before
loading it.
See Also [Link]

Amazon Kinesis Data Streams A web service for building custom applications that process or analyze streaming
data for specialized needs. Amazon Kinesis Data Streams can continuously
capture and store terabytes of data per hour from hundreds of thousands of
sources.
See Also [Link]

Amazon Lightsail Lightsail is designed to be the easiest way to launch and manage a virtual private
server with AWS. Lightsail offers bundled plans that include everything you need
to deploy a virtual private server, for a low monthly rate.
See Also [Link]

Amazon Lookout for A machine learning service that uses data from sensors mounted on factory
Equipment equipment to detect abnormal behavior so you can take action before machine
failures occur.
See Also [Link]

Amazon Lookout for Vision A machine learning service that uses computer vision (CV) to find defects in
industrial products. Amazon Lookout for Vision can identify missing components
in an industrial product, damage to vehicles or structures, irregularities in
production lines, and even minuscule defects in silicon wafers—or any other
physical item where quality is important.
See Also [Link]

Amazon Lumberyard A cross-platform, 3D game engine for creating high-quality games. You can
connect games to the compute and storage of the AWS Cloud and engage fans on
Twitch.

Version 1.0
800
 AWS General Reference Reference guide

See Also [Link]

Amazon Machine Image (AMI) An encrypted machine image stored in Amazon Elastic Block Store (Amazon
EBS) (p. 799) or Amazon Simple Storage Service (p. 803). AMIs function similar
to a template of a computer's root drive. They contain the operating system and
can also include software and layers of your application, such as database servers,
middleware, and web servers.

Amazon Machine Learning A cloud-based service that creates machine learning (ML) models by finding
patterns in your data, and uses these models to process new data and generate
predictions.
See Also [Link]

Amazon Macie A security service that uses machine learning to automatically discover, classify,
and protect sensitive data in AWS.
See Also [Link]

Amazon Managed Blockchain A fully managed service for creating and managing scalable blockchain networks
using popular open source frameworks.
See Also [Link]

Amazon Managed Grafana A fully managed and secure data visualization service that you can use to
instantly query, correlate, and visualize operational metrics, logs, and traces from
multiple data sources.
See Also [Link]

Amazon Managed Service for A service that provides highly available, secure, and managed monitoring for your
Prometheus containers.
See Also [Link]

Amazon ML See Amazon Machine Learning.

Amazon Mobile Analytics A service for collecting, visualizing, understanding, and extracting mobile app
(Mobile Analytics) usage data at scale.
See Also [Link]

Amazon Monitron An end-to-end system that uses machine learning (ML) to detect abnormal
behavior in industrial machinery. Use Amazon Monitron to implement predictive
maintenance and reduce unplanned downtime.
See Also [Link]

Amazon MQ A managed message broker service for Apache ActiveMQ that makes it easy to set
up and operate message brokers in the cloud.
See Also [Link]

Amazon Neptune A managed graph database service that you can use to build and run applications
that work with highly connected datasets. Neptune supports the popular graph
query languages Apache TinkerPop Gremlin and W3C’s SPARQL, enabling you to
build queries that efficiently navigate highly connected datasets.
See Also [Link]

Amazon Personalize An artificial intelligence service for creating individualized product and content
recommendations.
See Also [Link]

Amazon Polly A text-to-speech (TTS) service that turns text into natural-sounding human
speech. Amazon Polly provides dozens of lifelike voices across a broad set of
languages so that you can build speech-enabled applications that work in many
different countries.

Version 1.0
801
 AWS General Reference Reference guide

See Also [Link]

Amazon QuickSight A fast, cloud-powered business analytics service that makes it easy to build
visualizations, perform analysis, and quickly get business insights from your data.
See Also [Link]

Amazon Rekognition A machine learning service that identifies objects, people, text, scenes, and
activities, including inappropriate content, in either image or video files. With
Amazon Rekognition Custom Labels, you can create a customized ML model that
detects objects and scenes specific to your business in images.
See Also [Link]

Amazon Redshift A fully managed, petabyte-scale data warehouse service in the cloud. With
Amazon Redshift, you can analyze your data using your existing business
intelligence tools.
See Also [Link]

Amazon Relational Database A web service that makes it easier to set up, operate, and scale a relational
Service (Amazon RDS) database in the cloud. It provides cost-efficient, resizable capacity for an industry-
standard relational database and manages common database administration
tasks.
See Also [Link]

Amazon Resource Name A standardized way to refer to an AWS resource (p. 842) (for example,
(ARN) arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob).

Amazon Route 53 A web service you can use to create a new DNS service or to migrate your existing
DNS service to the cloud.
See Also [Link]

Amazon S3 Storage for the internet. You can use it to store and retrieve any amount of data
at any time, from anywhere on the web.
See Also Amazon Simple Storage Service (Amazon S3), [Link]
s3.

Amazon S3-Backed AMI See instance store-backed AMI.

Amazon S3 Glacier A secure, durable, and low-cost storage service for data archiving and long-term
backup. You can reliably store large or small amounts of data for significantly
less than on-premises solutions. S3 Glacier is optimized for infrequently accessed
data, where a retrieval time of several hours is suitable.
See Also [Link]

AWS Security Hub A service that provides a comprehensive view of the security state of your AWS
resources. Security Hub collects security data from AWS accounts and services and
helps you analyze your security trends to identify and prioritize the security issues
across your AWS environment.
See Also [Link]

Amazon Silk A next-generation web browser available only on Fire OS tablets and phones.
Built on a split architecture that divides processing between the client and the
AWS Cloud, Amazon Silk is designed to create a faster, more responsive mobile
browsing experience.

Amazon Simple Email Service An easy-to-use, cost-effective email solution for applications.
(Amazon SES) See Also [Link]

Amazon Simple Notification A web service that applications, users, and devices can use to instantly send and
Service (Amazon SNS) receive notifications from the cloud.
See Also [Link]

Version 1.0
802
 AWS General Reference Reference guide

Amazon Simple Queue Reliable and scalable hosted queues for storing messages as they travel between
Service (Amazon SQS) computers.
See Also [Link]

Amazon Simple Storage Storage for the internet. You can use it to store and retrieve any amount of data
Service (Amazon S3) at any time, from anywhere on the web.
See Also [Link]

Amazon Simple Workflow A fully managed service that helps developers build, run, and scale background
Service (Amazon SWF) jobs that have parallel or sequential steps. Amazon SWF functions similar to a
state tracker and task coordinator in the AWS Cloud.
See Also [Link]

Amazon Sumerian A set of tools for creating and running high-quality 3D, augmented reality (AR),
and virtual reality (VR) applications on the web.
See Also [Link]

Amazon Textract A service that automatically extracts text and data from scanned documents.
Amazon Textract goes beyond simple optical character recognition (OCR) to also
identify the contents of fields in forms and information stored in tables.
See Also [Link]

Amazon Transcribe A machine learning service that uses automatic speech recognition (ASR) to
quickly and accurately convert speech to text.
See Also [Link]

Amazon Transcribe Medical An automatic speech recognition (ASR) service for adding medical speech-to-text
capabilities to voice-enabled clinical documentation applications.
See Also [Link]

Amazon Translate A neural machine translation service that delivers fast, high-quality, and
affordable language translation.
See Also [Link]

Amazon Virtual Private Cloud A web service for provisioning a logically isolated section of the AWS Cloud
(Amazon VPC) virtual network that you define. You control your virtual networking environment,
including selection of your own IP address range, creation of subnet (p. 848)s,
and configuration of route table (p. 843)s and network gateways.
See Also [Link]

Amazon VPC See Amazon Virtual Private Cloud (Amazon VPC).

Amazon Web Services (AWS) An infrastructure web services platform in the cloud for companies of all sizes.
See Also [Link]

Amazon WorkDocs A managed, secure enterprise document storage and sharing service with
administrative controls and feedback capabilities.
See Also [Link]

Amazon WorkLink A cloud-based service that provides secure access to internal websites and web
apps from mobile devices.
See Also [Link]

Amazon WorkMail A managed, secure business email and calendar service with support for existing
desktop and mobile email clients.
See Also [Link]

Amazon WorkSpaces A managed, secure desktop computing service for provisioning cloud-
based desktops and providing users access to documents, applications, and
resource (p. 842)s from supported devices.

Version 1.0
803
 AWS General Reference Reference guide

See Also [Link]

Amazon WorkSpaces A web service for deploying and managing applications for WorkSpaces. Amazon
Application Manager (Amazon WAM accelerates software deployment, upgrades, patching, and retirement by
WAM) packaging Windows desktop applications into virtualized application containers.
See Also [Link]

AMI See Amazon Machine Image (AMI).

analysis scheme Amazon CloudSearch (p. 797): Language-specific text analysis options that
are applied to a text field to control stemming and configure stopwords and
synonyms.

application AWS Elastic Beanstalk (p. 807): A logical collection of components, including
environments, versions, and environment configurations. An application is
conceptually similar to a folder.

AWS CodeDeploy (p. 806): A name that uniquely identifies the application to be
deployed. AWS CodeDeploy uses this name to ensure the correct combination of
revision, deployment configuration, and deployment group are referenced during
a deployment.

Application Auto Scaling A web service that you can use to configure automatic scaling for AWS resources
beyond Amazon EC2, such as Amazon ECS services, Amazon EMR clusters, and
DynamoDB tables.
See Also [Link]

Application Billing The location where your customers manage the Amazon DevPay products they've
purchased. The web address is [Link]

application revision AWS CodeDeploy (p. 806): An archive file containing source content—such
as source code, webpages, executable files, and deployment scripts—along
with an application specification file (p. 804). Revisions are stored in Amazon
S3 (p. 803) bucket (p. 813)s or GitHub (p. 825) repositories. For Amazon S3, a
revision is uniquely identified by its Amazon S3 object key and its ETag, version, or
both. For GitHub, a revision is uniquely identified by its commit ID.

application specification file AWS CodeDeploy (p. 806): A YAML-formatted file used to map the source files
in an application revision to destinations on the instance. The file is also used to
specify custom permissions for deployed files and specify scripts to be run on
each instance at various stages of the deployment process.

application version AWS Elastic Beanstalk (p. 807): A specific, labeled iteration of an application
that represents a functionally consistent set of deployable application code. A
version points to an Amazon S3 (p. 803) object (a JAVA WAR file) that contains
the application code.

AppSpec file See application specification file.

ARN See Amazon Resource Name (ARN).

artifact AWS CodePipeline (p. 806): A copy of the files or changes that will be worked
upon by the pipeline.

asymmetric encryption Encryption (p. 822) that uses both a public key and a private key.

asynchronous bounce A type of bounce (p. 813) that occurs when a receiver (p. 840) initially accepts
an email message for delivery and then subsequently fails to deliver it.

atomic counter DynamoDB: A method of incrementing or decrementing the value of an existing

attribute without interfering with other write requests.

Version 1.0
804
 AWS General Reference Reference guide

attribute A fundamental data element, something that doesn't need to be broken down
any further. In DynamoDB, attributes are similar in many ways to fields or
columns in other database systems.

Amazon Machine Learning: A unique, named property within an observation in a

dataset. In tabular data, such as spreadsheets or comma-separated values (.csv)
files, the column headings represent the attributes, and the rows contain values
for each attribute.

AUC Area Under a Curve. An industry-standard metric to evaluate the quality of a

binary classification machine learning model. AUC measures the ability of the
model to predict a higher score for positive examples, those that are “correct,”
than for negative examples, those that are “incorrect.” The AUC metric returns a
decimal value from 0 to 1. AUC values near 1 indicate an ML model that's highly
accurate.

Aurora See the section called “Amazon Aurora”.

authenticated encryption Encryption (p. 822) that provides confidentiality, data integrity, and authenticity
assurances of the encrypted data.

authentication The process of proving your identity to a system.

Auto Scaling group A representation of multiple EC2 instance (p. 821)s that share similar
characteristics, and that are treated as a logical grouping for the purposes of
instance scaling and management.

Availability Zone A distinct location within a Region (p. 841) that's insulated from failures in other
Availability Zones, and provides inexpensive, low-latency network connectivity to
other Availability Zones in the same Region.

AWS See Amazon Web Services (AWS).

AWS Application Discovery A web service that helps you plan to migrate to AWS by identifying IT assets
Service in a data center—including servers, virtual machines, applications, application
dependencies, and network infrastructure.
See Also [Link]
application-discovery-service/.

AWS AppSync An enterprise level, fully managed GraphQL service with real-time data
synchronization and offline programming features.
See Also [Link]

AWS Auto Scaling A fully managed service that you can use to quickly discover the scalable AWS
resources that are part of your application and configure dynamic scaling.
See Also [Link]

AWS Backup A managed backup service that you can use to centralize and automate the
backup of data across AWS services in the cloud and on premises.
See Also [Link]

AWS Billing and Cost The AWS Cloud computing model where you pay for services on demand and
Management use as much or as little as you need. While resource (p. 842)s are active under
your account, you pay for the cost of allocating those resources. You also pay for
any incidental usage associated with those resources, such as data transfer or
allocated storage.
See Also [Link]

AWS Blockchain Templates A service for creating and deploying open-source blockchain frameworks on AWS,
such as Ethereum and Hyperledger Fabric.
See Also [Link]

Version 1.0
805
 AWS General Reference Reference guide

AWS Certificate Manager A web service for provisioning, managing, and deploying Secure Sockets
(ACM) Layer/Transport Layer Security (p. 851) (SSL/TLS) certificates for use with AWS
services.
See Also [Link]

AWS Certificate Manager A hosted private certificate authority service for issuing and revoking private
Private Certificate Authority digital certificate (p. 814)s.
(ACM PCA) See Also [Link]
authority/.

AWS Cloud Development Kit An open-source software development framework for defining your cloud
(CDK) infrastructure in code and provisioning it through AWS CloudFormation.
See Also [Link]

AWS Cloud Map A service that you use to create and maintain a map of the backend services and
resources that your applications depend on. With AWS Cloud Map, you can name
and discover your AWS Cloud resources.
See Also [Link]

AWS Cloud9 A cloud-based integrated development environment (IDE) that you use to write,
run, and debug code.
See Also [Link]

AWS CloudFormation A service for writing or changing templates that create and delete related AWS
resource (p. 842)s together as a unit.
See Also [Link]

AWS CloudHSM A web service that helps you meet corporate, contractual, and regulatory
compliance requirements for data security by using dedicated hardware security
module (HSM) appliances within the AWS Cloud.
See Also [Link]

AWS CloudTrail A web service that records AWS API calls for your account and delivers log files to
you. The recorded information includes the identity of the API caller, the time of
the API call, the source IP address of the API caller, the request parameters, and
the response elements returned by the AWS service.
See Also [Link]

AWS CodeBuild A fully managed continuous integration service that compiles source code, runs
tests, and produces software packages that are ready to deploy.
See Also [Link]

AWS CodeCommit A fully managed source control service that makes it easy for companies to host
secure and highly scalable private Git repositories.
See Also [Link]

AWS CodeDeploy A service that automates code deployments to any instance, including EC2
instance (p. 821)s and instance (p. 828)s running on-premises.
See Also [Link]

AWS CodeDeploy agent A software package that, when installed and configured on an instance, enables
that instance to be used in CodeDeploy deployments.

AWS CodePipeline A continuous delivery service for fast and reliable application updates.
See Also [Link]

AWS Command Line Interface A unified downloadable and configurable tool for managing AWS services.
(AWS CLI) Control multiple AWS services from the command line and automate them
through scripts.
See Also [Link]

Version 1.0
806
 AWS General Reference Reference guide

AWS Config A fully managed service that provides an AWS resource (p. 842) inventory,
configuration history, and configuration change notifications for better security
and governance. You can create rules that automatically check the configuration
of AWS resources that AWS Config records.
See Also [Link]

AWS Database Migration A web service that can help you migrate data to and from many widely used
Service commercial and open-source databases.
See Also [Link]

AWS Data Pipeline A web service for processing and moving data between different AWS compute
and storage services, as well as on-premises data sources, at specified intervals.
See Also [Link]

AWS Device Farm (Device An app testing service that allows developers to test Android, iOS, and Fire OS
Farm) devices on real, physical phones and tablets that are hosted by AWS.
See Also [Link]

AWS Direct Connect A web service that simplifies establishing a dedicated network connection
from your premises to AWS. Using AWS Direct Connect, you can establish
private connectivity between AWS and your data center, office, or colocation
environment.
See Also [Link]

AWS Directory Service A managed service for connecting your AWS resource (p. 842)s to an existing
on-premises Microsoft Active Directory or to set up and operate a new,
standalone directory in the AWS Cloud.
See Also [Link]

AWS Elastic Beanstalk A web service for deploying and managing applications in the AWS Cloud without
worrying about the infrastructure that runs those applications.
See Also [Link]

AWS Elemental MediaConnect A service that broadcasters and other premium video providers can reliably use
to ingest live video into the AWS Cloud and distribute it to multiple destinations
inside or outside the AWS Cloud.
See Also [Link]

AWS Elemental MediaConvert A file-based video conversion service that transforms media into formats required
for traditional broadcast and for internet streaming to multi-screen devices.
See Also [Link]

AWS Elemental MediaLive A video service that you can use to create live outputs for broadcast and
streaming delivery.
See Also [Link]

AWS Elemental MediaPackage A just-in-time packaging and origination service that you can use to format highly
secure and reliable live outputs for a variety of devices.
See Also [Link]

AWS Elemental MediaStore A storage service optimized for media that provides the performance, consistency,
and low latency required to deliver live and on-demand video content at scale.
See Also [Link]

AWS Elemental MediaTailor A video service that you can use to serve targeted ads to viewers while
maintaining broadcast quality in over-the-top (OTT) video applications.
See Also [Link]

AWS Encryption SDK A client-side encryption library designed to make it easy for everyone to encrypt
and decrypt data using industry standards and best practices.

Version 1.0
807
 AWS General Reference Reference guide

See Also [Link]

AWS Firewall Manager A service that you use with AWS WAF to simplify your AWS WAF administration
and maintenance tasks across multiple accounts and resources. With AWS Firewall
Manager, you set up your firewall rules only once. The service automatically
applies your rules across your accounts and resources, even as you add new
resources.
See Also [Link]

AWS Global Accelerator A network layer service that you use to create accelerators that direct traffic to
optimal endpoints over the AWS global network. This improves the availability
and performance of your internet applications that are used by a global audience.
See Also [Link]

AWS Glue A fully managed extract, transform, and load (ETL) (p. 824) service that you can
use to catalog data and load it for analytics. With AWS Glue, you can discover
your data, develop scripts to transform sources into targets, and schedule and run
ETL jobs in a serverless environment.
See Also [Link]

AWS GovCloud (US) An isolated AWS Region designed to host sensitive workloads in the cloud,
ensuring that this work meets the US government's regulatory and compliance
requirements. The AWS GovCloud (US) Region adheres to United States
International Traffic in Arms Regulations (ITAR), Federal Risk and Authorization
Management Program (FedRAMP) requirements, Department of Defense (DOD)
Cloud Security Requirements Guide (SRG) Levels 2 and 4, and Criminal Justice
Information Services (CJIS) Security Policy requirements.
See Also [Link]

AWS Identity and Access A web service that Amazon Web Services (AWS) (p. 803) customers can use to
Management (IAM) manage users and user permissions within AWS.
See Also [Link]

AWS Import/Export A service for transferring large amounts of data between AWS and portable
storage devices.
See Also [Link]

AWS IoT Core A managed cloud platform that lets connected devices easily and securely
interact with cloud applications and other devices.
See Also [Link]

AWS IoT 1-Click A service that simple devices can use to launch AWS Lambda functions.
See Also [Link]

AWS IoT Analytics A fully managed service used to run sophisticated analytics on massive volumes
of IoT data.
See Also [Link]

AWS IoT Device Defender An AWS IoT security service that you can use to audit the configuration of your
devices, monitor your connected devices to detect abnormal behavior, and to
mitigate security risks.
See Also [Link]

AWS IoT Device Management A service used to securely onboard, organize, monitor, and remotely manage IoT
devices at scale.
See Also [Link]

AWS IoT Events A fully managed AWS IoT service that makes it easy to detect and respond to
events from IoT sensors and applications.
See Also [Link]

Version 1.0
808
 AWS General Reference Reference guide

AWS IoT Greengrass Software that you can use to run local compute, messaging, data caching, sync,
and ML inference capabilities for connected devices in a secure way.
See Also [Link]

AWS IoT SiteWise A managed service that you can use to collect, organize, and analyze data from
industrial equipment at scale.
See Also [Link]

AWS IoT Things Graph A service that makes it easy to visually connect different devices and web services
to build IoT applications.
See Also [Link]

AWS Key Management A managed service that simplifies the creation and control of
Service (AWS KMS) encryption (p. 822) keys that are used to encrypt data.
See Also [Link]

AWS Lambda A web service that you can use to run code without provisioning or managing
servers. You can run code for virtually any type of application or backend service
with zero administration. You can set up your code to automatically start from
other AWS services or call it directly from any web or mobile app.
See Also [Link]

AWS managed key One type of customer master key (CMK) (p. 818) in AWS Key Management
Service (AWS KMS) (p. 809).

AWS managed policy An IAM (p. 808) managed policy (p. 832) that's created and managed by AWS.

AWS Management Console A graphical interface to manage compute, storage, and other cloud
resource (p. 842)s.
See Also [Link]

AWS Management Portal for A web service for managing your AWS resource (p. 842)s using VMware
vCenter vCenter. You install the portal as a vCenter plugin within your existing vCenter
environment. Once installed, you can migrate VMware VMs to Amazon
EC2 (p. 798) and manage AWS resources from within vCenter.
See Also [Link]

AWS Marketplace A web portal where qualified partners market and sell their software to AWS
customers. AWS Marketplace is an online software store that helps customers
find, buy, and immediately start using the software and services that run on AWS.
See Also [Link]

AWS Migration Hub A service that provides a single location to track migration tasks across multiple
AWS tools and partner solutions.
See Also [Link]

AWS Mobile Hub (Mobile Hub) An integrated console for building, testing, and monitoring mobile apps.
See Also [Link]

AWS Mobile SDK A software development kit whose libraries, code examples, and documentation
help you build high quality mobile apps for the iOS, Android, Fire OS, Unity, and
Xamarin platforms.
See Also [Link]

AWS OpsWorks A configuration management service that helps you use Chef to configure and
operate groups of instances and applications. You can define the application’s
architecture and the specification of each component including package
installation, software configuration, and resource (p. 842)s such as storage. You
can automate tasks based on time, load, lifecycle events, and more.
See Also [Link]

Version 1.0
809
 AWS General Reference Reference guide

AWS Organizations An account management service that you can use to consolidate multiple AWS
accounts into an organization that you create and centrally manage.
See Also [Link]

AWS Resource Access A service that you can use to share your resources with any AWS account or
Manager organization in AWS Organizations.
See Also [Link]

AWS ParallelCluster An AWS supported open source cluster management tool that helps you to
deploy and manage high performance computing (HPC) clusters in the AWS
Cloud.

AWS SDK for C++ A software development kit for that provides C++ APIs for many AWS
services including Amazon S3 (p. 803), Amazon EC2 (p. 798), Amazon
DynamoDB (p. 798), and more. The single, downloadable package includes the
AWS C++ library, code examples, and documentation.
See Also [Link]

AWS SDK for Go A software development kit for integrating your Go application with the full suite
of AWS services.
See Also [Link]

AWS SDK for Java A software development kit that provides Java API operations for many AWS
services including Amazon S3 (p. 803), Amazon EC2 (p. 798), Amazon
DynamoDB (p. 798), and more. The single, downloadable package includes the
AWS Java library, code examples, and documentation.
See Also [Link]

AWS SDK for JavaScript in the A software development kit for accessing AWS services from JavaScript code
Browser running in the browser. Authenticate users through Facebook, Google, or Login
with Amazon using web identity federation. Store application data in Amazon
DynamoDB (p. 798), and save user files to Amazon S3 (p. 803).
See Also [Link]

AWS SDK for JavaScript in A software development kit for accessing AWS services from JavaScript in
[Link] [Link]. The SDK provides JavaScript objects for AWS services, including Amazon
S3 (p. 803), Amazon EC2 (p. 798), Amazon DynamoDB (p. 798), and Amazon
Simple Workflow Service (Amazon SWF) (p. 803). The single, downloadable
package includes the AWS JavaScript library and documentation.
See Also [Link]

AWS SDK for .NET A software development kit that provides .NET API operations for AWS services
including Amazon S3 (p. 803), Amazon EC2 (p. 798), IAM (p. 808), and more.
You can download the SDK as multiple service-specific packages on NuGet.
See Also [Link]

AWS SDK for PHP A software development kit and open-source PHP library for integrating your
PHP application with AWS services such as Amazon S3 (p. 803), Amazon S3
Glacier (p. 802), and Amazon DynamoDB (p. 798).
See Also [Link]

AWS SDK for Python (Boto) A software development kit for using Python to access AWS services such
as Amazon EC2 (p. 798), Amazon EMR (p. 799), Amazon EC2 Auto
Scaling (p. 798), Amazon Kinesis (p. 800), or AWS Lambda (p. 809).
See Also [Link]

AWS SDK for Ruby A software development kit for accessing AWS services from Ruby. The SDK
provides Ruby classes for many AWS services including Amazon S3 (p. 803),
Amazon EC2 (p. 798), Amazon DynamoDB (p. 798) and more. The single,
downloadable package includes the AWS Ruby Library and documentation.

Version 1.0
810
 AWS General Reference Reference guide

See Also [Link]

AWS Secrets Manager A service for securely encrypting, storing, and rotating credentials for databases
and other services.
See Also [Link]

AWS Security Token Service A web service for requesting temporary, limited-privilege credentials for AWS
(AWS STS) Identity and Access Management (IAM) (p. 808) users or for users that you
authenticate (federated users (p. 824)).
See Also [Link]

AWS Service Catalog A web service that helps organizations create and manage catalogs of IT services
that are approved for use on AWS. These IT services can include everything from
virtual machine images, servers, software, and databases to complete multitier
application architectures.
See Also [Link]

AWS Shield A service that helps to protect your resources—such as Amazon EC2 instances,
Elastic Load Balancing load balancers, Amazon CloudFront distributions, and
Route 53 hosted zones—against DDoS attacks. AWS Shield is automatically
included at no extra cost beyond what you already pay for AWS WAF and your
other AWS services. For added protection against DDoS attacks, AWS offers AWS
Shield Advanced.
See Also [Link]

AWS Single Sign-On A cloud-based service that simplifies managing SSO access to AWS accounts and
business applications. You can control SSO access and user permissions across all
your AWS accounts in AWS Organizations.
See Also [Link]

AWS Step Functions A web service that coordinates the components of distributed applications as a
series of steps in a visual workflow.
See Also [Link]

AWS Snowball A petabyte-scale data transport solution that uses devices designed to be secure
to transfer large amounts of data into and out of the AWS Cloud.
See Also [Link]

Storage Gateway A web service that connects an on-premises software appliance with cloud-based
storage. Storage Gateway provides seamless and secure integration between an
organization’s on-premises IT environment and AWS storage infrastructure.
See Also [Link]

AWS Toolkit for Eclipse An open-source plugin for the Eclipse Java integrated development environment
(IDE) that makes it easier to develop, debug, and deploy Java applications using
Amazon Web Services.
See Also [Link]

AWS Toolkit for JetBrains An open-source plugin for the integrated development environments (IDEs)
from JetBrains that makes it easier to develop, debug, and deploy serverless
applications using Amazon Web Services.
See Also [Link] [Link]

AWS Toolkit for Visual Studio An extension for Visual Studio that helps in developing, debugging, and
deploying .NET applications using Amazon Web Services.
See Also [Link]

AWS Toolkit for Visual Studio An open-source plugin for the Visual Studio Code (VS Code) editor that makes it
Code easier to develop, debug, and deploy applications using Amazon Web Services.

Version 1.0
811
 AWS General Reference Reference guide

See Also [Link]

AWS Tools for PowerShell A set of PowerShell cmdlets to help developers and administrators manage their
AWS services from the PowerShell scripting environment.
See Also [Link]

AWS Toolkit for Microsoft Provides tasks you can use in build and release definitions in VSTS to interact with
Azure DevOps AWS services.
See Also [Link]

AWS Trusted Advisor A web service that inspects your AWS environment and makes recommendations
for saving money, improving system availability and performance, and helping to
close security gaps.
See Also [Link]

AWS VPN CloudHub Enables secure communication between branch offices using a simple hub-and-
spoke model, with or without a VPC (p. 853).

AWS WAF A web application firewall service that controls access to content by allowing or
blocking web requests based on criteria that you specify. For example, you can
filter access based on the header values or the IP addresses that the requests
originate from. AWS WAF helps protect web applications from common web
exploits that could affect application availability, compromise security, or
consume excessive resources.
See Also [Link]

AWS X-Ray A web service that collects data about requests that your application serves. X-
Ray provides tools that you can use to view, filter, and gain insights into that data
to identify issues and opportunities for optimization.
See Also [Link]

B
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

basic monitoring Monitoring of AWS provided metrics derived at a 5-minute frequency.

batch See document batch.

BGP ASN Border Gateway Protocol Autonomous System Number. A unique identifier for a
network, for use in BGP routing. Amazon EC2 (p. 798) supports all 2-byte ASN
numbers in the range of 1 – 65335, with the exception of 7224, which is reserved.

batch prediction Amazon Machine Learning: An operation that processes multiple input data
observations at one time (asynchronously). Unlike real-time predictions, batch
predictions aren't available until all predictions have been processed.
See Also real-time predictions.

billing See the section called “Billing and Cost Management”.

binary attribute Amazon Machine Learning: An attribute for which one of two possible values is
possible. Valid positive values are 1, y, yes, t, and true answers. Valid negative
values are 0, n, no, f, and false. Amazon Machine Learning outputs 1 for positive
values and 0 for negative values.
See Also attribute.

Version 1.0
812
 AWS General Reference Reference guide

binary classification model Amazon Machine Learning: A machine learning model that predicts the answer to
questions where the answer can be expressed as a binary variable. For example,
questions with answers of “1” or “0”, “yes” or “no”, “will click” or “will not click”
are questions that have binary answers. The result for a binary classification
model is always either a “1” (for a “true” or affirmative answers) or a “0” (for a
“false” or negative answers).

block A dataset. Amazon EMR (p. 799) breaks large amounts of data into subsets. Each
subset is called a data block. Amazon EMR assigns an ID to each block and uses a
hash table to keep track of block processing.

block device A storage device that supports reading and (optionally) writing data in fixed-size
blocks, sectors, or clusters.

block device mapping A mapping structure for every AMI (p. 801) and instance (p. 828) that specifies
the block devices attached to the instance.

blue/green deployment CodeDeploy: A deployment method where the instances in a deployment group
(the original environment) are replaced by a different set of instances (the
replacement environment).

bootstrap action A user-specified default or custom action that runs a script or an application on
all nodes of a job flow before Hadoop (p. 826) starts.

Border Gateway Protocol See BGP ASN.

Autonomous System Number

bounce A failed email delivery attempt.

breach Amazon EC2 Auto Scaling (p. 798): The condition where a user-set
threshold (upper or lower boundary) is passed. If the duration of the breach is
significant, as set by a breach duration parameter, it can possibly start a scaling
activity (p. 843).

bucket Amazon Simple Storage Service (Amazon S3) (p. 803): A container for stored
objects. Every object is contained in a bucket. For example, if the object named
photos/[Link] is stored in the DOC-EXAMPLE-BUCKET bucket, then
authorized users can access the object with the URL [Link]
endpoint/DOC-EXAMPLE-BUCKET/photos/[Link].

bucket owner The person or organization that owns a bucket (p. 813) in Amazon S3 (p. 803).
In the same way that Amazon is the only owner of the domain name
[Link], only one person or organization can own a bucket.

bundling A commonly used term for creating an Amazon Machine Image (AMI) (p. 801). It
specifically refers to creating instance store-backed AMI (p. 828)s.

C
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

cache cluster A logical cache distributed over multiple cache node (p. 814)s. A cache cluster
can be set up with a specific number of cache nodes.

cache cluster identifier Customer-supplied identifier for the cache cluster that must be unique for that
customer in an AWS Region (p. 841).

Version 1.0
813
 AWS General Reference Reference guide

cache engine version The version of the Memcached service that's running on the cache node.

cache node A fixed-size chunk of secure, network-attached RAM. Each cache node runs an
instance of the Memcached service, and has its own DNS name and port. Multiple
types of cache nodes are supported, each with varying amounts of associated
memory.

cache node type An EC2 instance (p. 821) type used to run the cache node.

cache parameter group A container for cache engine parameter values that can be applied to one or more
cache clusters.

cache security group A group maintained by ElastiCache that combines inbound authorizations
to cache nodes for hosts belonging to Amazon EC2 (p. 798) security
group (p. 844)s specified through the console or the API or command line tools.

campaign Amazon Personalize (p. 801): A deployed solution version (trained model)
with provisioned dedicated transaction capacity for creating real-time
recommendations for your application users. After you create a campaign, you
use the getRecommendations or getPersonalizedRanking personalization
operations to get recommendations.
See Also recommendations, solution version.

canned access policy A standard access control policy that you can apply to a bucket (p. 813)
or object. Options include: private, public-read, public-read-write, and
authenticated-read.

canonicalization The process of converting data into a standard format that a service such as
Amazon S3 (p. 803) can recognize.

capacity The amount of available compute size at a given time. Each Auto Scaling
group (p. 805) is defined with a minimum and maximum compute size. A scaling
activity (p. 843) increases or decreases the capacity within the defined minimum
and maximum values.

Cartesian product processor A processor that calculates a Cartesian product. Also known as a Cartesian data
processor.

Cartesian product A mathematical operation that returns a product from multiple sets.

CDN See content delivery network (CDN).

certificate A credential that some AWS products use to authenticate AWS accounts (p. 796)
and users. Also known as an X.509 certificate (p. 853). The certificate is paired
with a private key.

chargeable resources Features or services whose use incurs fees. Although some AWS products are
free, others include charges. For example, in an AWS CloudFormation (p. 806)
stack (p. 847), AWS resource (p. 842)s that have been created incur charges.
The amount charged depends on the usage load. Use the Amazon Web Services
Simple Monthly Calculator to estimate your cost prior to creating instances,
stacks, or other resources.

CIDR block Classless Inter-Domain Routing. An internet protocol address allocation and route
aggregation methodology.
See Also Classless Inter-Domain Routing in Wikipedia.

ciphertext Information that has been encrypted (p. 822), as opposed to plaintext (p. 837),
which is information that has not.

Version 1.0
814
 AWS General Reference Reference guide

ClassicLink A feature for linking an EC2-Classic instance (p. 828) to a VPC (p. 853),
allowing your EC2-Classic instance to communicate with VPC instances using
private IP addresses.
See Also link to VPC, unlink from VPC.

classification In machine learning, a type of problem that seeks to place (classify) a data sample
into a single category or “class.” Often, classification problems are modeled to
choose one category (class) out of two. These are binary classification problems.
Problems with more than two available categories (classes) are called "multiclass
classification" problems.
See Also binary classification model, multiclass classification model.

CLI See AWS Command Line Interface (AWS CLI).

Cloud Directory See the section called “Cloud Directory”.

cloud service provider (CSP) A company that provides subscribers with access to internet-hosted computing,
storage, and software services.

CloudHub See AWS VPN CloudHub.

cluster A logical grouping of container instance (p. 816)s that you can place
task (p. 849)s on.

Amazon OpenSearch Service (OpenSearch Service) (p. 799): A logical grouping

of one or more data nodes, optional dedicated master nodes, and storage
required to run Amazon OpenSearch Service (OpenSearch Service) and operate
your OpenSearch Service domain.
See Also data node, dedicated master node, node.

cluster compute instance A type of instance (p. 828) that provides a great amount of CPU power
coupled with increased networking performance, making it well suited for High
Performance Compute (HPC) applications and other demanding network-bound
applications.

cluster placement group A logical cluster compute instance (p. 815) grouping to provide lower latency
and high-bandwidth connectivity between the instance (p. 828)s.

cluster status Amazon OpenSearch Service (OpenSearch Service) (p. 799): An indicator of the
health of a cluster. A status can be green, yellow, or red. At the shard level, green
means that all shards are allocated to nodes in a cluster, yellow means that the
primary shard is allocated but the replica shards aren't, and red means that the
primary and replica shards of at least one index aren't allocated. The shard status
determines the index status, and the index status determines the cluster status.

CMK See customer master key (CMK).

CNAME Canonical Name Record. A type of resource record (p. 842) in the Domain
Name System (DNS) that specifies that the domain name is an alias of another,
canonical domain name. Specifically, it's an entry in a DNS table that you can use
to alias one fully qualified domain name to another.

Code Signing for AWS IoT A service for signing code that you create for any IoT device that's supported by
Amazon Web Services (AWS).

complaint The event where a recipient (p. 840) who doesn't want to receive an email
message chooses "Mark as Spam" within the email client, and the internet service
provider (ISP) (p. 828) sends a notification to Amazon SES (p. 802).

compound query Amazon CloudSearch (p. 797): A search request that specifies multiple search
criteria using the Amazon CloudSearch structured search syntax.

Version 1.0
815
 AWS General Reference Reference guide

condition IAM (p. 808): Any restriction or detail about a permission. The condition is D in
the statement "A has permission to do B to C where D applies."

AWS WAF (p. 812): A set of attributes that AWS WAF searches for in web
requests to AWS resource (p. 842)s such as Amazon CloudFront (p. 797)
distributions. Conditions can include values such as the IP addresses that web
requests originate from or values in request headers. Based on the specified
conditions, you can configure AWS WAF to allow or block web requests to AWS
resources.

conditional parameter See mapping.

configuration API Amazon CloudSearch (p. 797): The API call that you use to create, configure, and
manage search domains.

configuration template A series of key–value pairs that define parameters for various AWS products so
that AWS Elastic Beanstalk (p. 807) can provision them for an environment.

consistency model The method a service uses to achieve high availability. For example, it could
involve replicating data across multiple servers in a data center.
See Also eventual consistency.

console See AWS Management Console.

consolidated billing A feature of the AWS Organizations service for consolidating payment for
multiple AWS accounts. You create an organization that contains your AWS
accounts, and you use the management account of your organization to pay for
all member accounts. You can see a combined view of AWS costs that are incurred
by all accounts in your organization, and you can get detailed cost reports for
individual accounts.

container A Linux container that was created from a Docker image as part of a
task (p. 849).

container definition Specifies which Docker image (p. 820) to use for a container (p. 816), how
much CPU and memory the container is allocated, and more options. The
container definition is included as part of a task definition (p. 849).

container instance An EC2 instance (p. 821) that's running the Amazon Elastic Container Service
(Amazon ECS) (p. 799) agent and has been registered into a cluster (p. 815).
Amazon ECS task (p. 849)s are placed on active container instances.

container registry Stores, manages, and deploys Docker image (p. 820)s.

content delivery network A web service that speeds up distribution of your static and dynamic web content
(CDN) —such as .html, .css, .js, media files, and image files—to your users by using
a worldwide network of data centers. When a user requests your content, the
request is routed to the data center that provides the lowest latency (time delay).
If the content is already in the location with the lowest latency, the CDN delivers
it immediately. If not, the CDN retrieves it from an origin that you specify (for
example, a web server or an Amazon S3 bucket). With some CDNs, you can help
secure your content by configuring an HTTPS connection between users and data
centers, and between data centers and your origin. Amazon CloudFront is an
example of a CDN.

contextual metadata Amazon Personalize (p. 801): Interactions data that you collect about a user's
browsing context (such as device used or location) when an event (such as a click)
occurs. Contextual metadata can improve recommendation relevance for new and
existing users.

Version 1.0
816
 AWS General Reference Reference guide

See Also Interactions dataset, event.

continuous delivery A software development practice where code changes are automatically built,
tested, and prepared for a release to production.
See Also [Link]

continuous integration A software development practice where developers regularly merge code changes
into a central repository, after which automated builds and tests are run.
See Also [Link]

cooldown period Amount of time that Amazon EC2 Auto Scaling (p. 798) doesn't allow the
desired size of the Auto Scaling group (p. 805) to be changed by any other
notification from an Amazon CloudWatch (p. 797) alarm (p. 796).

core node An EC2 instance (p. 821) that runs Hadoop (p. 826) map and reduce tasks and
stores data using the Hadoop Distributed File System (HDFS). Core nodes are
managed by the master node (p. 832), which assigns Hadoop tasks to nodes and
monitors their status. The EC2 instances you assign as core nodes are capacity
that must be allotted for the entire job flow run. Because core nodes store data,
you can't remove them from a job flow. However, you can add more core nodes to
a running job flow.

Core nodes run both the DataNodes and TaskTracker Hadoop daemons.

corpus Amazon CloudSearch (p. 797): A collection of data that you want to search.

coverage Amazon Personalize (p. 801): An evaluation metric that tells you the proportion
of unique items that Amazon Personalize might recommend using your model
out of the total number of unique items in Interactions and Items datasets. To
make sure Amazon Personalize recommends more of your items, use a model
with a higher coverage score. Recipes that feature item exploration, such as user-
personalization, have higher coverage than those that don’t, such as popularity-
count.
See Also metrics, Items dataset, Interactions dataset, item exploration, user-
personalization recipe, popularity-count recipe.

credential helper AWS CodeCommit (p. 806): A program that stores credentials for repositories
and supplies them to Git when making connections to those repositories. The
AWS CLI (p. 806) includes a credential helper that you can use with Git when
connecting to CodeCommit repositories.

credentials Also called access credentials or security credentials. In authentication and

authorization, a system uses credentials to identify who is making a call and
whether to allow the requested access. In AWS, these credentials are typically the
access key ID (p. 795) and the secret access key (p. 844).

cross-account access The process of permitting limited, controlled use of resource (p. 842)s in one
AWS account (p. 796) by a user in another AWS account. For example, in AWS
CodeCommit (p. 806) and AWS CodeDeploy (p. 806) you can configure cross-
account access so that a user in AWS account A can access an CodeCommit
repository created by account B. Or a pipeline in AWS CodePipeline (p. 806)
created by account A can use CodeDeploy resources created by account B. In
IAM (p. 808) you use a role (p. 842) to delegate (p. 819) temporary access to
a user (p. 851) in one account to resources in another.

cross-Region replication A solution for replicating data across different AWS Regions (p. 841), in near-
real time.

customer gateway A router or software application on your side of a VPN tunnel that's managed
by Amazon VPC (p. 803). The internal interfaces of the customer gateway are

Version 1.0
817
 AWS General Reference Reference guide

attached to one or more devices in your home network. The external interface is
attached to the virtual private gateway (VGW) (p. 852) across the VPN tunnel.

customer managed policy An IAM (p. 808) managed policy (p. 832) that you create and manage in your
AWS account (p. 796).

customer master key (CMK) The fundamental resource (p. 842) that AWS Key Management Service (AWS
KMS) (p. 809) manages. CMKs can be either customer managed keys or AWS
managed keys. Use CMKs inside AWS KMS to encrypt (p. 822) or decrypt up to 4
kilobytes of data directly or to encrypt generated data keys, which are then used
to encrypt or decrypt larger amounts of data outside of the service.

D
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

dashboard See service health dashboard.

data consistency A concept that describes when data is written or updated successfully and
all copies of the data are updated in all AWS Regions (p. 841). However, it
takes time for the data to propagate to all storage locations. To support varied
application requirements, Amazon DynamoDB (p. 798) supports both eventually
consistent and strongly consistent reads.
See Also eventual consistency, eventually consistent read, strongly consistent
read.

data node Amazon OpenSearch Service (OpenSearch Service) (p. 799): An OpenSearch
instance that holds data and responds to data upload requests.
See Also dedicated master node, node.

data schema See schema.

data source The database, file, or repository that provides information required by an
application or database. For example, in AWS OpsWorks (p. 809), valid data
sources include an instance (p. 828) for a stack’s MySQL layer or a stack’s
Amazon RDS (p. 802) service layer. In Amazon Redshift (p. 802), valid data
sources include text files in an Amazon S3 (p. 803) bucket (p. 813), in an
Amazon EMR (p. 799) cluster, or on a remote host that a cluster can access
through an SSH connection.
See Also datasource.

database engine The database software and version running on the DB instance (p. 819).

database name The name of a database hosted in a DB instance (p. 819). A DB instance can host
multiple databases, but databases hosted by the same DB instance must each
have a unique name within that instance.

dataset Amazon Personalize (p. 801): A container for the data used by Amazon
Personalize. There are three types of Amazon Personalize datasets: Users, Items,
and Interactions.
See Also Interactions dataset, Users dataset, Items dataset.

dataset group Amazon Personalize (p. 801): A container for Amazon Personalize components,
including datasets, event trackers, solutions, filters, campaigns, and batch
inference jobs. A dataset group organizes your resources into independent

Version 1.0
818
 AWS General Reference Reference guide

collections, so resources from one dataset group can’t influence resources in any
other dataset group.
See Also dataset, event tracker, solution, campaign.

datasource Amazon Machine Learning (p. 801): An object that contains metadata about the
input data. Amazon ML reads the input data, computes descriptive statistics on its
attributes, and stores the statistics—along with a schema and other information
—as part of the datasource object. Amazon ML uses datasources to train and
evaluate a machine learning model and generate batch predictions.
See Also data source.

DB compute class The size of the database compute platform used to run the instance.

DB instance An isolated database environment running in the cloud. A DB instance can contain
multiple user-created databases.

DB instance identifier User-supplied identifier for the DB instance. The identifier must be unique for
that user in an AWS Region (p. 841).

DB parameter group A container for database engine parameter values that apply to one or more DB
instance (p. 819)s.

DB security group A method that controls access to the DB instance (p. 819). By default, network
access is turned off to DB instances. After inbound traffic is configured for a
security group (p. 844), the same rules apply to all DB instances associated with
that group.

DB snapshot A user-initiated point backup of a DB instance (p. 819).

Dedicated Host A physical server with EC2 instance (p. 821) capacity fully dedicated to a user.

Dedicated Instance An instance (p. 828) that's physically isolated at the host hardware level and
launched within a VPC (p. 853).

dedicated master node Amazon OpenSearch Service (OpenSearch Service) (p. 799): An OpenSearch
instance that performs cluster management tasks, but doesn't hold data or
respond to data upload requests. Amazon OpenSearch Service (OpenSearch
Service) uses dedicated master nodes to increase cluster stability.
See Also data node, node.

Dedicated Reserved Instance An option that you purchase to guarantee that sufficient capacity will be available
to launch Dedicated Instance (p. 819)s into a VPC (p. 853).

delegation Within a single AWS account (p. 796): Giving AWS user (p. 851)s access to
resource (p. 842)s in your AWS account.

Between two AWS accounts: Setting up a trust between the account that owns
the resource (the trusting account), and the account that contains the users that
need to access the resource (the trusted account).
See Also trust policy.

delete marker An object with a key and version ID, but without content. Amazon S3 (p. 803)
inserts delete markers automatically into versioned bucket (p. 813)s when an
object is deleted.

deliverability The likelihood that an email message will arrive at its intended destination.

deliveries The number of email messages, sent through Amazon SES (p. 802), that
were accepted by an internet service provider (ISP) (p. 828) for delivery to
recipient (p. 840)s over a period of time.

Version 1.0
819
 AWS General Reference Reference guide

deny The result of a policy (p. 837) statement that includes deny as the effect, so
that a specific action or actions are expressly forbidden for a user, group, or role.
Explicit deny take precedence over explicit allow (p. 797).

deployment configuration AWS CodeDeploy (p. 806): A set of deployment rules and success and failure
conditions used by the service during a deployment.

deployment group AWS CodeDeploy (p. 806): A set of individually tagged instance (p. 828)s, EC2
instance (p. 821)s in Auto Scaling group (p. 805)s, or both.

detailed monitoring Monitoring of AWS provided metrics derived at a 1-minute frequency.

Description property A property added to parameters, resource (p. 842)s, resource properties,
mappings, and outputs to help you to document AWS CloudFormation (p. 806)
template elements.

dimension A name–value pair (for example, InstanceType=[Link], or EngineName=mysql),

that contains additional information to identify a metric.

discussion forums A place where AWS users can post technical questions and feedback to help
accelerate their development efforts and to engage with the AWS community. For
more information, see the Amazon Web Services Discussion Forums.

distribution A link between an origin server (such as an Amazon S3 (p. 803)

bucket (p. 813)) and a domain name, which CloudFront (p. 797) automatically
assigns. Through this link, CloudFront identifies the object you have stored in your
origin server (p. 836).

DKIM DomainKeys Identified Mail. A standard that email senders use to sign their
messages. ISPs use those signatures to verify that messages are legitimate. For
more information, see [Link]

DNS See Domain Name System.

Docker image A layered file system template that's the basis of a Docker container (p. 816).
Docker images can comprise specific operating systems or applications.

document Amazon CloudSearch (p. 797): An item that can be returned as a search result.
Each document has a collection of fields that contain the data that can be
searched or returned. The value of a field can be either a string or a number. Each
document must have a unique ID and at least one field.

document batch Amazon CloudSearch (p. 797): A collection of add and delete document
operations. You use the document service API to submit batches to update the
data in your search domain.

document service API Amazon CloudSearch (p. 797): The API call that you use to submit document
batches to update the data in a search domain.

document service endpoint Amazon CloudSearch (p. 797): The URL that you connect to when sending
document updates to an Amazon CloudSearch domain. Each search domain has
a unique document service endpoint that remains the same for the life of the
domain.

domain Amazon OpenSearch Service (OpenSearch Service) (p. 799): The hardware,
software, and data exposed by Amazon OpenSearch Service (OpenSearch Service)
endpoints. An OpenSearch Service domain is a service wrapper around an
OpenSearch cluster. An OpenSearch Service domain encapsulates the engine
instances that process OpenSearch Service requests, the indexed data that you
want to search, snapshots of the domain, access policies, and metadata.

Version 1.0
820
 AWS General Reference Reference guide

See Also cluster, Elasticsearch.

Domain Name System A service that routes internet traffic to websites by translating friendly domain
names (for example, [Link]) into the numeric IP addresses, such as
[Link] that computers use to connect to each other.

Donation button An HTML-coded button to provide an easy and secure way for US-based, IRS-
certified 501(c)3 nonprofit organizations to solicit donations.

DynamoDB stream An ordered flow of information about changes to items in anAmazon

DynamoDB (p. 798) table. When you enable a stream on a table, DynamoDB
captures information about every modification to data items in the table.
See Also Amazon DynamoDB Streams.

E
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

EBS See Amazon Elastic Block Store (Amazon EBS).

EC2 See Amazon EC2.

EC2 compute unit (ECU) An AWS standard for compute CPU and memory. You can use this measure to
evaluate the CPU capacity of different EC2 instance (p. 821) types.

EC2 instance A compute instance (p. 828) in the Amazon EC2 (p. 798) service. Other AWS
services use the term EC2 instance to distinguish these instances from other types
of instances they support.

ECR See the section called “Amazon ECR”.

ECS See Amazon Elastic Container Service (Amazon ECS).

edge location A data center that an AWS service uses to perform service-specific operations.
For example, CloudFront (p. 797) uses edge locations to cache copies of
your content, so the content is closer to your users and can be delivered faster
regardless of their location. Route 53 (p. 802) uses edge locations to speed up
the response to public DNS queries.

EFS See Amazon Elastic File System (Amazon EFS).

Elastic A company that provides open-source solutions—including OpenSearch,

Logstash, Kibana, and Beats—that are designed to take data from any source and
search, analyze, and visualize it in real time.

Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also Amazon OpenSearch Service (OpenSearch Service), Elasticsearch.

Elastic Block Store See Amazon Elastic Block Store (Amazon EBS).

Elastic IP address A fixed (static) IP address that you have allocated in Amazon EC2 (p. 798) or
Amazon VPC (p. 803) and then attached to an instance (p. 828). Elastic IP
addresses are associated with your account, not a specific instance. They are
elastic because you can easily allocate, attach, detach, and free them as your

Version 1.0
821
 AWS General Reference Reference guide

needs change. Unlike traditional static IP addresses, Elastic IP addresses allow you
to mask instance or Availability Zone (p. 805) failures by rapidly remapping your
public IP addresses to another instance.

Elastic Load Balancing A web service that improves an application's availability by distributing incoming
traffic between two or more EC2 instance (p. 821)s.
See Also [Link]

elastic network interface An additional network interface that can be attached to an instance (p. 828).
Elastic network interfaces include a primary private IP address, one or more
secondary private IP addresses, an Elastic IP Address (optional), a MAC address,
membership in specified security group (p. 844)s, a description, and a source/
destination check flag. You can create an elastic network interface, attach it to an
instance, detach it from an instance, and attach it to another instance.

Elasticsearch An open-source, real-time distributed search and analytics engine used for full-
text search, structured search, and analytics. OpenSearch was developed by the
Elastic company.

Amazon OpenSearch Service (OpenSearch Service) is an AWS managed service for

deploying, operating, and scaling OpenSearch in the AWS Cloud.
See Also Amazon OpenSearch Service (OpenSearch Service), Elastic.

EMR See Amazon EMR.

encrypt To use a mathematical algorithm to make data unintelligible to unauthorized

user (p. 851)s. Encryption also gives authorized users a method (such as a key or
password) to convert the altered data back to its original state.

encryption context A set of key–value pairs that contains additional information associated with AWS
Key Management Service (AWS KMS) (p. 809)–encrypted information.

endpoint A URL that identifies a host and port as the entry point for a web service. Every
web service request contains an endpoint. Most AWS products provide endpoints
for a Region to enable faster connectivity.

Amazon ElastiCache (p. 799): The DNS name of a cache node (p. 814).

Amazon RDS (p. 802): The DNS name of a DB instance (p. 819).

AWS CloudFormation (p. 806): The DNS name or IP address of the server that
receives an HTTP request.

endpoint port Amazon ElastiCache (p. 799): The port number used by a cache node (p. 814).

Amazon RDS (p. 802): The port number used by a DB instance (p. 819).

envelope encryption The use of a master key and a data key to algorithmically protect data. The
master key is used to encrypt and decrypt the data key and the data key is used to
encrypt and decrypt the data itself.

environment AWS Elastic Beanstalk (p. 807): A specific running instance of an

application (p. 804). The application has a CNAME and includes an application
version and a customizable configuration (which is inherited from the default
container type).

AWS CodeDeploy (p. 806): Instances in a deployment group in a blue/green

deployment. At the start of a blue/green deployment, the deployment group is
made up of instances in the original environment. At the end of the deployment,
the deployment group is made up of instances in the replacement environment.

Version 1.0
822
 AWS General Reference Reference guide

environment configuration A collection of parameters and settings that define how an environment and its
associated resources behave.

ephemeral store See instance store.

epoch The date from which time is measured. For most Unix environments, the epoch is
January 1, 1970.

ETL See extract, transform, and load (ETL).

evaluation Amazon Machine Learning: The process of measuring the predictive performance
of a machine learning (ML) model.

Also a machine learning object that stores the details and result of an ML model
evaluation.

evaluation datasource The data that Amazon Machine Learning uses to evaluate the predictive accuracy
of a machine learning model.

event Amazon Personalize (p. 801): A user activity—such as a click, a purchase, or a

video viewing—that you record and upload to an Amazon Personalize Interactions
dataset. You record events individually in real time or record and upload events in
bulk.
See Also dataset, Interactions dataset.

event tracker Amazon Personalize (p. 801): Specifies a destination dataset group for event
data that you record in real time. When you record events in real time, you
provide the ID of the event tracker so that Amazon Personalize knows where to
add the data.
See Also dataset group, event.

eventual consistency The method that AWS services use to achieve high availability, which involves
replicating data across multiple servers in Amazon's data centers. When data is
written or updated and Success is returned, all copies of the data are updated.
However, it takes time for the data to propagate to all storage locations. The data
will eventually be consistent, but an immediate read might not show the change.
Consistency is usually reached within seconds.
See Also data consistency, eventually consistent read, strongly consistent read.

eventually consistent read A read process that returns data from only one Region and might not show the
most recent write information. However, if you repeat your read request after a
short time, the response should eventually return the latest data.
See Also data consistency, eventual consistency, strongly consistent read.

eviction The deletion by CloudFront (p. 797) of an object from an edge

location (p. 821) before its expiration time. If an object in an edge location
isn't frequently requested, CloudFront might evict the object (remove the object
before its expiration date) to make room for objects that are more popular.

exbibyte (EiB) A contraction of exa binary byte, an exbibyte is 2^60 or

1,152,921,504,606,846,976 bytes. An exabyte (EB) is 10^18 or
1,000,000,000,000,000,000 bytes. 1,024 EiB is a zebibyte (ZiB) (p. 853).

expiration For CloudFront (p. 797) caching, the time when CloudFront stops responding
to user requests with an object. If you don't use headers or CloudFront
distribution (p. 820) settings to specify how long you want objects to stay in
an edge location (p. 821), the objects expire after 24 hours. The next time a
user requests an object that has expired, CloudFront forwards the request to the
origin (p. 836).

Version 1.0
823
 AWS General Reference Reference guide

explicit impressions Amazon Personalize (p. 801): A list of items that you manually add to an
Amazon Personalize Interactions dataset to influence future recommendations.
Unlike implicit impressions, where Amazon Personalize automatically derives the
impressions data, you choose what to include in explicit impressions.
See Also recommendations, Interactions dataset, impressions data, implicit
impressions.

explicit launch permission An Amazon Machine Image (AMI) (p. 801) launch permission granted to a
specific AWS account (p. 796).

exponential backoff A strategy that incrementally increases the wait between retry attempts in order
to reduce the load on the system and increase the likelihood that repeated
requests will succeed. For example, client applications might wait up to 400
milliseconds before attempting the first retry, up to 1600 milliseconds before the
second, and up to 6400 milliseconds (6.4 seconds) before the third.

expression Amazon CloudSearch (p. 797): A numeric expression that you can use to control
how search hits are sorted. You can construct Amazon CloudSearch expressions
using numeric fields, other rank expressions, a document's default relevance
score, and standard numeric operators and functions. When you use the sort
option to specify an expression in a search request, the expression is evaluated for
each search hit and the hits are listed according to their expression values.

extract, transform, and load A process that's used to integrate data from multiple sources. Data is collected
(ETL) from sources (extract), converted to an appropriate format (transform), and
written to a target data store (load) for purposes of analysis and querying.

ETL tools combine these three functions to consolidate and move data from one
environment to another. AWS Glue (p. 808) is a fully managed ETL service for
discovering and organizing data, transforming it, and making it available for
search and analytics.

F
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

facet Amazon CloudSearch (p. 797): An index field that represents a category that you
want to use to refine and filter search results.

facet enabled Amazon CloudSearch (p. 797): An index field option that enables facet
information to be calculated for the field.

FBL See feedback loop (FBL).

feature transformation Amazon Machine Learning: The machine learning process of constructing more
predictive input representations or “features” from the raw input variables to
optimize a machine learning model’s ability to learn and generalize. Also known
as data transformation or feature engineering.

federated identity Allows individuals to sign in to different networks or services, using the same
management (FIM) group or personal credentials to access data across all networks. With identity
federation in AWS, external identities (federated users) are granted secure access
to resource (p. 842)s in an AWS account (p. 796) without having to create IAM
user (p. 851)s. These external identities can come from a corporate identity
store (such as LDAP or Windows Active Directory) or from a third party (such as

Version 1.0
824
 AWS General Reference Reference guide

Login with Amazon, Facebook, or Google). AWS federation also supports SAML
2.0.

federated user See federated identity management (FIM).

federation See federated identity management (FIM).

feedback loop (FBL) The mechanism by which a mailbox provider (for example, an internet service
provider (ISP) (p. 828)) forwards a recipient (p. 840)'s complaint (p. 815) back
to the sender (p. 844).

field weight The relative importance of a text field in a search index. Field weights control how
much matches in particular text fields affect a document's relevance score.

filter A criterion that you specify to limit the results when you list or describe your
Amazon EC2 (p. 798) resource (p. 842)s.

filter query A way to filter search results without affecting how the results are scored and
sorted. Specified with the Amazon CloudSearch (p. 797) fq parameter.

FIM See federated identity management (FIM).

Firehose See Amazon Kinesis Data Firehose.

format version See template format version.

forums See discussion forums.

function See intrinsic function.

fuzzy search A simple search query that uses approximate string matching (fuzzy matching) to
correct for typographical errors and misspellings.

G
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

geospatial search A search query that uses locations specified as a latitude and longitude to
determine matches and sort the results.

gibibyte (GiB) A contraction of giga binary byte, a gibibyte is 2^30 or 1,073,741,824 bytes.
A gigabyte (GB) is 10^9 or 1,000,000,000 bytes. 1,024 GiB is a tebibyte
(TiB) (p. 850).

GitHub A web-based repository that uses Git for version control.

global secondary index An index with a partition key and a sort key that can be different from those on
the table. A global secondary index is considered global because queries on the
index can span all of the data in a table, across all partitions.
See Also local secondary index.

grant AWS Key Management Service (AWS KMS) (p. 809): A mechanism for giving
AWS principal (p. 838)s long-term permissions to use customer master key
(CMK) (p. 818)s.

grant token A type of identifier that allows the permissions in a grant (p. 825) to take effect
immediately.

Version 1.0
825
 AWS General Reference Reference guide

ground truth The observations used in the machine learning (ML) model training process
that include the correct value for the target attribute. To train an ML model to
predict house sales prices, the input observations would typically include prices
of previous house sales in the area. The sale prices of these houses constitute the
ground truth.

group A collection of IAM (p. 808) user (p. 851)s. You can use IAM groups to simplify
specifying and managing permissions for multiple users.

H
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

Hadoop Software that enables distributed processing for big data by using clusters
and simple programming models. For more information, see http://
[Link].

hard bounce A persistent email delivery failure such as "mailbox does not exist."

hardware VPN A hardware-based IPsec VPN connection over the internet.

health check A system call to check on the health status of each instance in an Amazon EC2
Auto Scaling (p. 798) group.

high-quality email Email that recipients find valuable and want to receive. Value means different
things to different recipients and can come in such forms as offers, order
confirmations, receipts, or newsletters.

highlights Amazon CloudSearch (p. 797): Excerpts returned with search results that show
where the search terms appear within the text of the matching documents.

highlight enabled Amazon CloudSearch (p. 797): An index field option that enables matches within
the field to be highlighted.

hit A document that matches the criteria specified in a search request. Also referred
to as a search result.

HMAC Hash-based Message Authentication Code. A specific construction for calculating

a message authentication code (MAC) involving a cryptographic hash function in
combination with a secret key. You can use it to verify both the data integrity and
the authenticity of a message at the same time. AWS calculates the HMAC using a
standard, cryptographic hash algorithm, such as SHA-256.

hosted zone A collection of resource record (p. 842) sets that Amazon Route 53 (p. 802)
hosts. Similar to a traditional DNS zone file, a hosted zone represents a collection
of records that are managed together under a single domain name.

HRNN Amazon Personalize (p. 801): A hierarchical recurrent neural network machine
learning algorithm that models changes in user behavior and predicts the items
that a user might interact with in personal recommendation applications.

HTTP-Query See Query.

HVM virtualization Hardware Virtual Machine virtualization. Allows the guest VM to run as though it's
on a native hardware platform, except that it still uses paravirtual (PV) network
and storage drivers for improved performance.
See Also PV virtualization.

Version 1.0
826
 AWS General Reference Reference guide

I
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

IAM See AWS Identity and Access Management (IAM).

IAM group See group.

IAM policy simulator See policy simulator.

IAM role See role.

IAM user See user.

Identity and Access See AWS Identity and Access Management (IAM).
Management

identity provider (IdP) An IAM (p. 808) entity that holds metadata about external identity providers.

IdP See identity provider (IdP) .

image See Amazon Machine Image (AMI).

import/export station A machine that uploads or downloads your data to or from Amazon S3 (p. 803).

import log A report that contains details about how AWS Import/Export (p. 808) processed
your data.

implicit impressions Amazon Personalize (p. 801): The recommendations that your application shows
a user. Unlike explicit impressions, where you manually record each impression,
Amazon Personalize automatically derives implicit impressions from your
recommendation data.
See Also recommendations, impressions data, explicit impressions.

impressions data Amazon Personalize (p. 801): The list of items that you presented to a user
when they interacted with a particular item such as by clicking it, watching it,
or purchasing it. Amazon Personalize uses impressions data to calculate the
relevance of new items for a user based on how frequently users have selected or
ignored the same item.
See Also explicit impressions, implicit impressions.

in-place deployment CodeDeploy: A deployment method where the application on each instance in the
deployment group is stopped, the latest application revision is installed, and the
new version of the application is started and validated. You can choose to use a
load balancer so each instance is deregistered during its deployment and then
restored to service after the deployment is complete.

index See search index.

index field A name–value pair that's included in an Amazon CloudSearch (p. 797) domain's
index. An index field can contain text or numeric data, dates, or a location.

indexing options Configuration settings that define an Amazon CloudSearch (p. 797) domain's
index fields, how document data is mapped to those index fields, and how the
index fields can be used.

inline policy An IAM (p. 808) policy (p. 837) that's embedded in a single IAM user (p. 851),
group (p. 826), or role (p. 842).

Version 1.0
827
 AWS General Reference Reference guide

input data Amazon Machine Learning: The observations that you provide to Amazon
Machine Learning to train and evaluate a machine learning model and generate
predictions.

instance A copy of an Amazon Machine Image (AMI) (p. 801) running as a virtual server in
the AWS Cloud.

instance family A general instance type (p. 828) grouping using either storage or CPU capacity.

instance group A Hadoop (p. 826) cluster contains one master instance group that contains
one master node (p. 832), a core instance group containing one or more core
node (p. 817) and an optional task node (p. 849) instance group, which can
contain any number of task nodes.

instance profile A container that passes IAM (p. 808) role (p. 842) information to an EC2
instance (p. 821) at launch.

instance store Disk storage that's physically attached to the host computer for an EC2
instance (p. 821), and therefore has the same lifespan as the instance. When the
instance is terminated, you lose any data in the instance store.

instance store-backed AMI A type of Amazon Machine Image (AMI) (p. 801) whose instance (p. 828)s use
an instance store (p. 828) volume (p. 853) as the root device. Compare this
with instances launched from Amazon EBS (p. 799)-backed AMIs, which use an
Amazon EBS volume as the root device.

instance type A specification that defines the memory, CPU, storage capacity, and usage
cost for an instance (p. 828). Some instance types are designed for standard
applications, whereas others are designed for CPU-intensive, memory-intensive
applications, and so on.

Interactions dataset Amazon Personalize (p. 801): A container for historical and real-time data
collected from interactions between users and items (called events). Interactions
data can include impressions data and contextual metadata.
See Also dataset, event, impressions data, contextual metadata.

internet gateway Connects a network to the internet. You can route traffic for IP addresses outside
your VPC (p. 853) to the internet gateway.

internet service provider (ISP) A company that provides subscribers with access to the internet. Many ISPs are
also mailbox provider (p. 831)s. Mailbox providers are sometimes referred to as
ISPs, even if they only provide mailbox services.

intrinsic function A special action in a AWS CloudFormation (p. 806) template that assigns values
to properties not available until runtime. These functions follow the format
Fn::Attribute, such as Fn::GetAtt. Arguments for intrinsic functions can be
parameters, pseudo parameters, or the output of other intrinsic functions.

IP address A numerical address (for example, [Link]) that networked devices use
to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 821) is assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 834)):
a private IP address (following RFC 1918) and a public IP address. Instances
launched in a VPC (p. 803) are assigned only a private IP address. Instances
launched in your default VPC are assigned both a private IP address and a public
IP address.

IP match condition AWS WAF (p. 812): An attribute that specifies the IP addresses or IP
address ranges that web requests originate from. Based on the specified IP

Version 1.0
828
 AWS General Reference Reference guide

addresses, you can configure AWS WAF to allow or block web requests to AWS
resource (p. 842)s such as Amazon CloudFront (p. 797) distributions.

ISP See internet service provider (ISP).

issuer The person who writes a policy (p. 837) to grant permissions to a
resource (p. 842). The issuer (by definition) is always the resource owner. AWS
doesn't permit Amazon SQS (p. 803) users to create policies for resources they
don't own. If John is the resource owner, AWS authenticates John's identity when
he submits the policy he's written to grant permissions for that resource.

item A group of attributes that's uniquely identifiable among all of the other items.
Items in Amazon DynamoDB (p. 798) are similar in many ways to rows, records,
or tuples in other database systems.

item exploration Amazon Personalize (p. 801): The process that Amazon Personalize uses to test
different item recommendations, including recommendations of new items with
no or very little interaction data, and learn how users respond. You configure item
exploration at the campaign level for solution versions created with the user-
personalization recipe.
See Also recommendations, campaign, solution version, user-personalization
recipe.

item-to-item similarities Amazon Personalize (p. 801): A RELATED_ITEMS recipe that uses the data from
(SIMS) recipe an Interactions dataset to make recommendations for items that are similar to
a specified item. The SIMS recipe calculates similarity based on the way users
interact with items instead of matching item metadata, such as price or age.
See Also recipe, RELATED_ITEMS recipes, Interactions dataset.

Items dataset Amazon Personalize (p. 801): A container for metadata about items, such as
price, genre, or availability.
See Also dataset.

J
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

job flow Amazon EMR (p. 799): One or more step (p. 847)s that specify all of the
functions to be performed on the data.

job ID A five-character, alphanumeric string that uniquely identifies an AWS Import/

Export (p. 808) storage device in your shipment. AWS issues the job ID in
response to a CREATE JOB email command.

job prefix An optional string that you can add to the beginning of an AWS Import/
Export (p. 808) log file name to prevent collisions with objects of the same
name.
See Also key prefix.

JSON JavaScript Object Notation. A lightweight data interchange format. For

information about JSON, see [Link]

junk folder The location where email messages that various filters determine to be of lesser
value are collected so that they don't arrive in the recipient (p. 840)'s inbox but
are still accessible to the recipient. This is also referred to as a spam (p. 846) or
bulk folder.

Version 1.0
829
 AWS General Reference Reference guide

K
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

key A credential that identifies an AWS account (p. 796) or user (p. 851) to AWS
(such as the AWS secret access key (p. 844)).

Amazon Simple Storage Service (Amazon S3) (p. 803), Amazon EMR (p. 799):
The unique identifier for an object in a bucket (p. 813). Every object in a bucket
has exactly one key. Because a bucket and key together uniquely identify each
object, you can think of Amazon S3 as a basic data map between the bucket + key,
and the object itself. You can uniquely address every object in Amazon S3 through
the combination of the web service endpoint, bucket name, and key, as in this
example: [Link]
where doc is the name of the bucket, and 2006-03-01/[Link] is the
key.

AWS Import/Export (p. 808): The name of an object in Amazon S3. It's a
sequence of Unicode characters whose UTF-8 encoding can't exceed 1024 bytes.
If a key (for example, logPrefix + import-log-JOBID) is longer than 1024 bytes,
AWS Elastic Beanstalk (p. 807) returns an InvalidManifestField error.

IAM (p. 808): In a policy (p. 837), a specific characteristic that's the basis for
restricting access (such as the current time or the IP address of the requester).

Tagging resources: A general tag (p. 849) label that acts like a category for more
specific tag values. For example, you might have EC2 instance (p. 821) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 842)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

key pair A set of security credentials that you use to prove your identity electronically. A
key pair consists of a private key and a public key.

key prefix A string of characters that is a subset of an object key name, starting with the first
character. The prefix can be any length, up to the maximum length of the object
key name (1,024 bytes).

kibibyte (KiB) A contraction of kilo binary byte, a kibibyte is 2^10 or 1,024 bytes. A kilobyte (KB)
is 10^3 or 1,000 bytes. 1,024 KiB is a mebibyte (MiB) (p. 832).

KMS See AWS Key Management Service (AWS KMS).

L
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

labeled data In machine learning, data for which you already know the target or “correct”
answer.

launch configuration A set of descriptive parameters used to create new EC2 instance (p. 821)s in an
Amazon EC2 Auto Scaling (p. 798) activity.

Version 1.0
830
 AWS General Reference Reference guide

A template that an Auto Scaling group (p. 805) uses to launch new EC2
instances. The launch configuration contains information such as the Amazon
Machine Image (AMI) (p. 801) ID, the instance type, key pairs, security
group (p. 844)s, and block device mappings, among other configuration
settings.

launch permission An Amazon Machine Image (AMI) (p. 801) attribute that allows users to launch
an AMI.

lifecycle The lifecycle state of the EC2 instance (p. 821) contained in an Auto Scaling
group (p. 805). EC2 instances progress through several states over their lifespan;
these include Pending, InService, Terminating and Terminated.

lifecycle action An action that can be paused by Auto Scaling, such as launching or terminating
an EC2 instance.

lifecycle hook A feature for pausing Auto Scaling after it launches or terminates an EC2 instance
so that you can perform a custom action while the instance isn't in service.

link to VPC The process of linking (or attaching) an EC2-Classic instance (p. 828) to a
ClassicLink-enabled VPC (p. 853).
See Also ClassicLink, unlink from VPC.

load balancer A DNS name combined with a set of ports, which together provide a destination
for all requests intended for your application. A load balancer can distribute
traffic to multiple application instances across every Availability Zone (p. 805)
within a Region (p. 841). Load balancers can span multiple Availability Zones
within an AWS Region into which an Amazon EC2 (p. 798) instance was
launched. But load balancers can't span multiple Regions.

local secondary index An index that has the same partition key as the table, but a different sort key. A
local secondary index is local in the sense that every partition of a local secondary
index is scoped to a table partition that has the same partition key value.
See Also local secondary index.

logical name A case-sensitive unique string within an AWS CloudFormation (p. 806) template
that identifies a resource (p. 842), mapping (p. 832), parameter, or output. In
an AWS CloudFormation template, each parameter, resource (p. 842), property,
mapping, and output must be declared with a unique logical name. You use the
logical name when dereferencing these items using the Ref function.

M
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

Mail Transfer Agent (MTA) Software that transports email messages from one computer to another by using
a client-server architecture.

mailbox provider An organization that provides email mailbox hosting services. Mailbox providers
are sometimes referred to as internet service provider (ISP) (p. 828)s, even if
they only provide mailbox services.

mailbox simulator A set of email addresses that you can use to test an Amazon SES (p. 802)-based
email-sending application without sending messages to actual recipients. Each

Version 1.0
831
 AWS General Reference Reference guide

email address represents a specific scenario (such as a bounce or complaint) and

generates a typical response that's specific to the scenario.

main route table The default route table (p. 843) that any new VPC (p. 853) subnet (p. 848)
uses for routing. You can associate a subnet with a different route table of your
choice. You can also change which route table is the main route table.

managed policy A standalone IAM (p. 808) policy (p. 837) that you can attach to
multiple user (p. 851)s, group (p. 826)s, and role (p. 842)s in your IAM
account (p. 796). Managed policies can either be AWS managed policies (which
are created and managed by AWS) or customer managed policies (which you
create and manage in your AWS account).

manifest When sending a create job request for an import or export operation, you describe
your job in a text file called a manifest. The manifest file is a YAML-formatted
file that specifies how to transfer data between your storage device and the AWS
Cloud.

manifest file Amazon Machine Learning: The file used for describing batch predictions. The
manifest file relates each input data file with its associated batch prediction
results. It's stored in the Amazon S3 output location.

mapping A way to add conditional parameter values to an AWS CloudFormation (p. 806)
template. You specify mappings in the template's optional Mappings section and
retrieve the desired value using the FN::FindInMap function.

marker See pagination token.

master node A process running on an Amazon Machine Image (AMI) (p. 801) that keeps track
of the work its core and task nodes complete.

maximum price The maximum price you will pay to launch one or more Spot Instance (p. 847)s.
If your maximum price exceeds the current Spot price (p. 847) and your
restrictions are met, Amazon EC2 (p. 798) launches instances on your behalf.

maximum send rate The maximum number of email messages that you can send per second using
Amazon SES (p. 802).

mean reciprocal rank at 25 Amazon Personalize (p. 801): An evaluation metric that assesses the relevance
of a model’s highest ranked recommendation. Amazon Personalize calculates
this metric using the average accuracy of the model when ranking the most
relevant recommendation out of the top 25 recommendations over all requests
for recommendations.
See Also metrics, recommendations.

mebibyte (MiB) A contraction of mega binary byte, a mebibyte is 2^20 or 1,048,576 bytes.
A megabyte (MB) is 10^6 or 1,000,000 bytes. 1,024 MiB is a gibibyte
(GiB) (p. 825).

member resources See resource.

message ID Amazon Simple Email Service (Amazon SES) (p. 802): A unique identifier that's
assigned to every email message that's sent.

Amazon Simple Queue Service (Amazon SQS) (p. 803): The identifier returned
when you send a message to a queue.

metadata Information about other data or objects. In Amazon Simple Storage Service
(Amazon S3) (p. 803) and Amazon EMR (p. 799) metadata takes the form of

Version 1.0
832
 AWS General Reference Reference guide

name–value pairs that describe the object. These include default metadata such
as the date last modified and standard HTTP metadata (for example, Content-
Type). Users can also specify custom metadata at the time they store an object. In
Amazon EC2 (p. 798) metadata includes data about an EC2 instance (p. 821)
that the instance can retrieve to determine things about itself, such as the
instance type or the IP address.

metric An element of time-series data defined by a unique combination of exactly

one namespace (p. 834), exactly one metric name, and between zero and ten
dimensions. Metrics and the statistics derived from them are the basis of Amazon
CloudWatch (p. 797).

metrics Amazon Personalize (p. 801): Evaluation data that Amazon Personalize
generates when you train a model. You use metrics to evaluate the performance
of the model, view the effects of modifying a solution’s configuration, and
compare results between solutions that use the same training data but were
created with different recipes.
See Also solution, recipe.

metric name The primary identifier of a metric, used in combination with a

namespace (p. 834) and optional dimensions.

MFA See multi-factor authentication (MFA).

micro instance A type of EC2 instance (p. 821) that's more economical to use if you have
occasional bursts of high CPU activity.

MIME See Multipurpose Internet Mail Extensions (MIME).

ML model In machine learning (ML), a mathematical model that generates predictions by

finding patterns in data. Amazon Machine Learning supports three types of ML
models: binary classification, multiclass classification, and regression. Also known
as a predictive model.
See Also binary classification model, multiclass classification model, regression
model.

MTA See Mail Transfer Agent (MTA).

Multi-AZ deployment A primary DB instance (p. 819) that has a synchronous standby replica in a
different Availability Zone (p. 805). The primary DB instance is synchronously
replicated across Availability Zones to the standby replica.

multiclass classification A machine learning model that predicts values that belong to a limited, pre-
model defined set of permissible values. For example, "Is this product a book, movie, or
clothing?"

multi-factor authentication An optional AWS account (p. 796) security feature. Once you enable AWS
(MFA) MFA, you must provide a six-digit, single-use code in addition to your sign-in
credentials whenever you access secure AWS webpages or the AWS Management
Console (p. 809). You get this single-use code from an authentication device
that you keep in your physical possession.
See Also [Link]

multi-valued attribute An attribute with more than one value.

multipart upload A feature that you can use to upload a single object as a set of parts.

Multipurpose Internet Mail An internet standard that extends the email protocol to include non-ASCII text
Extensions (MIME) and nontext elements, such as attachments.

Version 1.0
833
 AWS General Reference Reference guide

Multitool A cascading application that provides a simple command-line interface for

managing large datasets.

N
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

namespace An abstract container that provides context for the items (names, or technical
terms, or words) it holds, and allows disambiguation of homonym items residing
in different namespaces.

NAT Network address translation. A strategy of mapping one or more IP addresses

to another while data packets are in transit across a traffic routing device. This
is commonly used to restrict internet communication to private instances while
allowing outgoing traffic.
See Also Network Address Translation and Protocol Translation, NAT gateway,
NAT instance.

NAT gateway A NAT (p. 834) device, managed by AWS, that performs network address
translation in a private subnet (p. 848), to secure inbound internet traffic. A NAT
gateway uses both NAT and port address translation.
See Also NAT instance.

NAT instance A NAT (p. 834) device, configured by a user, that performs network address
translation in a VPC (p. 853) public subnet (p. 848) to secure inbound internet
traffic.
See Also NAT gateway.

network ACL An optional layer of security that acts as a firewall for controlling traffic in and
out of a subnet (p. 848). You can associate multiple subnets with a single
network ACL (p. 795), but a subnet can be associated with only one network ACL
at a time.

Network Address Translation (NAT (p. 834)-PT) An internet protocol standard defined in RFC 2766.
and Protocol Translation See Also NAT instance, NAT gateway.

n-gram processor A processor that performs n-gram transformations.

See Also n-gram transformation.

n-gram transformation Amazon Machine Learning: A transformation that aids in text string analysis.
An n-gram transformation takes a text variable as input and outputs strings by
sliding a window of size n words, where n is specified by the user, over the text,
and outputting every string of words of size n and all smaller sizes. For example,
specifying the n-gram transformation with window size =2 returns all the two-
word combinations and all of the single words.

NICE Desktop Cloud A remote visualization technology for securely connecting users to graphic-
Visualization intensive 3D applications hosted on a remote, high-performance server.

node Amazon OpenSearch Service (OpenSearch Service) (p. 799): An OpenSearch

instance. A node can be either a data instance or a dedicated master instance.
See Also dedicated master node.

NoEcho A property of AWS CloudFormation (p. 806) parameters that prevent the
otherwise default reporting of names and values of a template parameter.

Version 1.0
834
 AWS General Reference Reference guide

Declaring the NoEcho property causes the parameter value to be masked with
asterisks in the report by the cfn-describe-stacks command.

normalized discounted Amazon Personalize (p. 801): An evaluation metric that tells you about the
cumulative gain (NCDG) at K relevance of your model’s highly ranked recommendations, where K is a sample
(5/10/25) size of 5, 10, or 25 recommendations. Amazon Personalize calculates this by
assigning weight to recommendations based on their position in a ranked list,
where each recommendation is discounted (given a lower weight) by a factor
dependent on its position. The normalized discounted cumulative gain at K
assumes that recommendations that are lower on a list are less relevant than
recommendations higher on the list.
See Also metrics, recommendations.

NoSQL Nonrelational database systems that are highly available, scalable, and optimized
for high performance. Instead of the relational model, NoSQL databases
(for example, Amazon DynamoDB (p. 798)) use alternate models for data
management, such as key–value pairs or document storage.

null object A null object is one whose version ID is null. Amazon S3 (p. 803) adds a null
object to a bucket (p. 813) when versioning (p. 852) for that bucket is
suspended. It's possible to have only one null object for each key in a bucket.

number of passes The number of times that you allow Amazon Machine Learning to use the same
data records to train a machine learning model.

O
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

object Amazon Simple Storage Service (Amazon S3) (p. 803): The fundamental entity
type stored in Amazon S3. Objects consist of object data and metadata. The data
portion is opaque to Amazon S3.

Amazon CloudFront (p. 797): Any entity that can be served either over HTTP or
a version of RTMP.

observation Amazon Machine Learning: A single instance of data that Amazon Machine
Learning (Amazon ML) uses to either train a machine learning model how to
predict or to generate a prediction. Each row in an Amazon ML input data file is
an observation.

On-Demand Instance An Amazon EC2 (p. 798) pricing option that charges you for compute capacity
by the hour or second (minimum of 60 seconds) with no long-term commitment.

operation An API function. Also called an action.

optimistic locking A strategy to ensure that an item that you want to update has not been modified
by others before you perform the update. For Amazon DynamoDB (p. 798),
optimistic locking support is provided by the AWS SDKs.

organization AWS Organizations (p. 810): An entity that you create to consolidate and
manage your AWS accounts. An organization has one management account along
with zero or more member accounts.

organizational unit AWS Organizations (p. 810): A container for accounts within a root (p. 842) of
an organization. An organizational unit (OU) can contain other OUs.

Version 1.0
835
 AWS General Reference Reference guide

origin access identity Also called OAI. When using Amazon CloudFront (p. 797) to serve content with
an Amazon S3 (p. 803) bucket (p. 813) as the origin, a virtual identity that you
use to require users to access your content through CloudFront URLs instead of
Amazon S3 URLs. Usually used with CloudFront private content (p. 838).

origin server The Amazon S3 (p. 803) bucket (p. 813) or custom origin containing
the definitive original version of the content you deliver through
CloudFront (p. 797).

original environment The instances in a deployment group at the start of an CodeDeploy blue/green
deployment.

OSB transformation Orthogonal sparse bigram transformation. In machine learning, a transformation

that aids in text string analysis and that's an alternative to the n-gram
transformation. OSB transformations are generated by sliding the window of size
n words over the text, and outputting every pair of words that includes the first
word in the window.
See Also n-gram transformation.

OU See organizational unit.

output location Amazon Machine Learning: An Amazon S3 location where the results of a batch
prediction are stored.

P
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

pagination The process of responding to an API request by returning a large list of records in
small separate parts. Pagination can occur in the following situations:

• The client sets the maximum number of returned records to a value below the
total number of records.
• The service has a default maximum number of returned records that's lower
than the total number of records.

When an API response is paginated, the service sends a subset of the large list
of records and a pagination token that indicates that more records are available.
The client includes this pagination token in a subsequent API request, and the
service responds with the next subset of records. This continues until the service
responds with a subset of records and no pagination token, indicating that all
records have been sent.

pagination token A marker that indicates that an API response contains a subset of a larger list of
records. The client can return this marker in a subsequent API request to retrieve
the next subset of records until the service responds with a subset of records and
no pagination token, indicating that all records have been sent.
See Also pagination.

paid AMI An Amazon Machine Image (AMI) (p. 801) that you sell to other Amazon
EC2 (p. 798) users on AWS Marketplace (p. 809).

paravirtual virtualization See PV virtualization.

part A contiguous portion of the object's data in a multipart upload request.

Version 1.0
836
 AWS General Reference Reference guide

partition key A simple primary key, composed of one attribute (also known as a hash attribute).
See Also partition key, sort key.

PAT Port address translation.

pebibyte (PiB) A contraction of peta binary byte, a pebibyte is 2^50 or 1,125,899,906,842,624

bytes. A petabyte (PB) is 10^15 or 1,000,000,000,000,000 bytes. 1,024 PiB is an
exbibyte (EiB) (p. 823).

period See sampling period.

permission A statement within a policy (p. 837) that allows or denies access to a particular
resource (p. 842). You can state any permission in the following way: "A has
permission to do B to C." For example, Jane (A) has permission to read messages
(B) from John's Amazon SQS (p. 803) queue (C). Whenever Jane sends a
request to Amazon SQS to use John's queue, the service checks to see if she has
permission. It further checks to see if the request satisfies the conditions John set
forth in the permission.

persistent storage A data storage solution where the data remains intact until it's deleted. Options
within AWS (p. 803) include: Amazon S3 (p. 803), Amazon RDS (p. 802),
Amazon DynamoDB (p. 798), and other services.

PERSONALIZED_RANKING Amazon Personalize (p. 801): Recipes that provide item recommendations in
recipes ranked order based on the predicted interest for a user.
See Also recipe, recommendations, personalized-ranking recipe, popularity-count
recipe.

personalized-ranking recipe Amazon Personalize (p. 801): A PERSONALIZED_RANKING recipe that ranks a
collection of items that you provide based on the predicted interest level for a
specific user. Use the personalized-ranking recipe to create curated lists of items
or ordered search results that are personalized for a specific user.
See Also recipe, PERSONALIZED_RANKING recipes.

physical name A unique label that AWS CloudFormation (p. 806) assigns to each
resource (p. 842) when creating a stack (p. 847). Some AWS CloudFormation
commands accept the physical name as a value with the --physical-name
parameter.

pipeline AWS CodePipeline (p. 806): A workflow construct that defines the way software
changes go through a release process.

plaintext Information that has not been encrypted (p. 822), as opposed to
ciphertext (p. 814).

policy IAM (p. 808): A document defining permissions that apply to a user, group,
or role; the permissions in turn determine what users can do in AWS. A policy
typically allow (p. 797)s access to specific actions, and can optionally grant
that the actions are allowed for specific resource (p. 842)s, such as EC2
instance (p. 821)s or Amazon S3 (p. 803) bucket (p. 813)s. Policies can also
explicitly deny (p. 820) access.

Amazon EC2 Auto Scaling (p. 798): An object that stores the information
needed to launch or terminate instances for an Auto Scaling group. Running
the policy causes instances to be launched or terminated. You can configure an
alarm (p. 796) to invoke an Auto Scaling policy.

policy generator A tool in the IAM (p. 808) AWS Management Console (p. 809) that helps you
build a policy (p. 837) by selecting elements from lists of available options.

Version 1.0
837
 AWS General Reference Reference guide

policy simulator A tool in the IAM (p. 808) AWS Management Console (p. 809) that helps you
test and troubleshoot policies (p. 837) so you can see their effects in real-world
scenarios.

policy validator A tool in the IAM (p. 808) AWS Management Console (p. 809) that examines
your existing IAM access control policies (p. 837) to ensure that they comply
with the IAM policy grammar.

popularity-count recipe Amazon Personalize (p. 801): A USER_PERSONALIZATION recipe that

recommends the items that have had the most interactions with unique users.
See Also recipe, USER_PERSONALIZATION recipes.

precision at K (5/10/25) Amazon Personalize (p. 801): An evaluation metric that tells you how relevant
your model’s recommendations are based on a sample size of K (5, 10, or 25)
recommendations. Amazon Personalize calculates this metric based on the
number of relevant recommendations out of the top K recommendations, divided
by K, where K is 5, 10, or 25.
See Also metrics, recommendations.

prefix See job prefix.

Premium Support A one-on-one, fast-response support channel that AWS customers can subscribe
to for support for AWS infrastructure services.
See Also [Link]

presigned URL A web address that uses query string authentication (p. 839).

primary key One or two attributes that uniquely identify each item in a Amazon
DynamoDB (p. 798) table, so that no two items can have the same key.
See Also partition key, sort key.

primary shard See shard.

principal The user (p. 851), service, or account (p. 796) that receives permissions that
are defined in a policy (p. 837). The principal is A in the statement "A has
permission to do B to C."

private content When using Amazon CloudFront (p. 797) to serve content with an Amazon
S3 (p. 803) bucket (p. 813) as the origin, a method of controlling access to
your content by requiring users to use signed URLs. Signed URLs can restrict user
access based on the current date and time, the IP addresses that the requests
originate from, or both.

private IP address A private numerical address (for example, [Link]) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 821) is assigned two IP addresses at launch, which are directly
mapped to each other through network address translation (NAT (p. 834)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 803) are assigned only a private IP address.

private subnet A VPC (p. 853) subnet (p. 848) whose instances can't be reached from the
internet.

product code An identifier provided by AWS when you submit a product to AWS
Marketplace (p. 809).

properties See resource property.

property rule A JSON (p. 829)-compliant markup standard for declaring properties, mappings,
and output values in an AWS CloudFormation (p. 806) template.

Version 1.0
838
 AWS General Reference Reference guide

Provisioned IOPS A storage option designed to deliver fast, predictable, and consistent I/O
performance. When you specify an IOPS rate while creating a DB instance,
Amazon RDS (p. 802) provisions that IOPS rate for the lifetime of the DB
instance.

pseudo parameter A predefined setting (for example, AWS:StackName) that can be used in AWS
CloudFormation (p. 806) templates without having to declare them. You can use
pseudo parameters anywhere you can use a regular parameter.

public AMI An Amazon Machine Image (AMI) (p. 801) that all AWS accounts (p. 796) have
permission to launch.

public dataset A large collection of public information that can be seamlessly integrated into
applications that are based in the AWS Cloud. Amazon stores public datasets
at no charge to the community and, similar to other AWS services, users pay
only for the compute and storage they use for their own applications. These
datasets currently include data from the Human Genome Project, the US Census,
Wikipedia, and other sources.
See Also [Link]

public IP address A public numerical address (for example, [Link]) that networked devices
use to communicate with one another using the Internet Protocol (IP). Each EC2
instance (p. 821) is assigned two IP addresses at launch, which are directly
mapped to each other through Network Address Translation (NAT (p. 834)): a
private address (following RFC 1918) and a public address. Exception: Instances
launched in Amazon VPC (p. 803) are assigned only a private IP address.

public subnet A subnet (p. 848) whose instances can be reached from the internet.

PV virtualization Paravirtual virtualization. Allows guest VMs to run on host systems that don't
have special support extensions for full hardware and CPU virtualization. Because
PV guests run a modified operating system that doesn't use hardware emulation,
they can't provide hardware-related features, such as enhanced networking or
GPU support.
See Also HVM virtualization.

Q
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

quartile binning Amazon Machine Learning: A process that takes two inputs, a numerical variable
transformation and a parameter called a bin number, and outputs a categorical variable. Quartile
binning transformations discover non-linearity in a variable's distribution by
enabling the machine learning model to learn separate importance values for
parts of the numeric variable’s distribution.

Query A type of web service that generally uses only the GET or POST HTTP method and
a query string with parameters in the URL.
See Also REST.

query string authentication An AWS feature that you can use to place the authentication information in the
HTTP request query string instead of in the Authorization header, which
provides URL-based access to objects in a bucket (p. 813).

queue A sequence of messages or jobs that are held in temporary storage awaiting
transmission or processing.

Version 1.0
839
 AWS General Reference Reference guide

queue URL A web address that uniquely identifies a queue.

quota The maximum value for your resources, actions, and items in your AWS account

R
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

range GET A request that specifies a byte range of data to get for a download. If an object is
large, you can break up a download into smaller units by sending multiple range
GET requests that each specify a different byte range to GET.

raw email A type of sendmail request with which you can specify the email headers and
MIME types.

RDS See Amazon Relational Database Service (Amazon RDS).

read replica Amazon RDS (p. 802): An active copy of another DB instance. Any updates to
the data on the source DB instance are replicated to the read replica DB instance
using the built-in replication feature of MySQL 5.1.

real-time predictions Amazon Machine Learning: Synchronously generated predictions for individual
data observations.
See Also batch prediction.

recipe Amazon Personalize (p. 801): An Amazon Personalize algorithm that's

preconfigured to predict the items that a user will interact with (for
USER_PERSONALIZATION recipes), or calculate items that are similar to specific
items that a user has shown interest in (for RELATED_ITEMS recipes), or rank a
collection of items that you provide based on the predicted interest for a specific
user (for PERSONALIZED_RANKING recipes).
See Also USER_PERSONALIZATION recipes, RELATED_ITEMS recipes,
PERSONALIZED_RANKING recipes.

recommendations Amazon Personalize (p. 801): A list of items that Amazon Personalize predicts
that a user will interact with. Depending on the Amazon Personalize recipe used,
recommendations can be either a list of items (with USER_PERSONALIZATION
recipes and RELATED_ITEMS recipes), or a ranking of a collection of items you
provided (with PERSONALIZED_RANKING recipes).
See Also recipe, campaign, solution version, USER_PERSONALIZATION recipes,
RELATED_ITEMS recipes, PERSONALIZED_RANKING recipes.

receipt handle Amazon SQS (p. 803): An identifier that you get when you receive a message
from the queue. This identifier is required to delete a message from the queue or
when changing a message's visibility timeout.

receiver The entity that consists of the network systems, software, and policies that
manage email delivery for a recipient (p. 840).

recipient Amazon Simple Email Service (Amazon SES) (p. 802): The person or entity
receiving an email message. For example, a person named in the "To" field of a
message.

Redis A fast, open-source, in-memory key-value data structure store. Redis comes with
a set of versatile in-memory data structures with which you can easily create a
variety of custom applications.

Version 1.0
840
 AWS General Reference Reference guide

reference A means of inserting a property from one AWS resource (p. 842) into another.
For example, you could insert an Amazon EC2 (p. 798) security group (p. 844)
property into an Amazon RDS (p. 802) resource.

Region A named set of AWS resource (p. 842)s in the same geographical area. A Region
comprises at least two Availability Zone (p. 805)s.

regression model Amazon Machine Learning: Preformatted instructions for common data
transformations that fine-tune machine learning model performance.

regression model A type of machine learning model that predicts a numeric value, such as the exact
purchase price of a house.

regularization A machine learning (ML) parameter that you can tune to obtain higher-quality
ML models. Regularization helps prevent ML models from memorizing training
data examples instead of learning how to generalize the patterns it sees (called
overfitting). When training data is overfitted, the ML model performs well on the
training data, but doesn't perform well on the evaluation data or on new data.

RELATED_ITEMS recipes Amazon Personalize (p. 801)Recipes that recommend items that are similar to a
specified item, such as the item-to-item (SIMS) recipe.
See Also recipe, item-to-item similarities (SIMS) recipe.

replacement environment The instances in a deployment group after the CodeDeploy blue/green
deployment.

replica shard See shard.

reply path The email address that an email reply is sent to. This is different from the return
path (p. 842).

representational state See REST.

transfer

reputation 1. An Amazon SES (p. 802) metric, based on factors that might include
bounce (p. 813)s, complaint (p. 815)s, and other metrics, regarding whether or
not a customer is sending high-quality email.

2. A measure of confidence, as judged by an internet service provider

(ISP) (p. 828) or other entity that an IP address that they are receiving email
from isn't the source of spam (p. 846).

requester The person (or application) that sends a request to AWS to perform a specific
action. When AWS receives a request, it first evaluates the requester's permissions
to determine whether the requester is allowed to perform the request action (if
applicable, for the requested resource (p. 842)).

Requester Pays An Amazon S3 (p. 803) feature that allows a bucket owner (p. 813) to specify
that anyone who requests access to objects in a particular bucket (p. 813) must
pay the data transfer and request costs.

reservation A collection of EC2 instance (p. 821)s started as part of the same launch
request. Not to be confused with a Reserved Instance (p. 841).

Reserved Instance A pricing option for EC2 instance (p. 821)s that discounts the on-
demand (p. 835) usage charge for instances that meet the specified parameters.
Customers pay for the entire term of the instance, regardless of how they use it.

Reserved Instance An online exchange that matches sellers who have reserved capacity that they
Marketplace no longer need with buyers who are looking to purchase additional capacity.

Version 1.0
841
 AWS General Reference Reference guide

Reserved Instance (p. 841)s that you purchase from third-party sellers have less
than a full standard term remaining and can be sold at different upfront prices.
The usage or reoccurring fees remain the same as the fees set when the Reserved
Instances were originally purchased. Full standard terms for Reserved Instances
available from AWS run for one year or three years.

resource An entity that users can work with in AWS, such as an EC2 instance (p. 821), an
Amazon DynamoDB (p. 798) table, an Amazon S3 (p. 803) bucket (p. 813), an
IAM (p. 808) user, or an AWS OpsWorks (p. 809) stack (p. 847).

resource property A value required when including an AWS resource (p. 842) in an AWS
CloudFormation (p. 806) stack (p. 847). Each resource can have one or more
properties associated with it. For example, an AWS::EC2::Instance resource
might have a UserData property. In an AWS CloudFormation template, resources
must declare a properties section, even if the resource has no properties.

resource record Also called resource record set. The fundamental information elements in the
Domain Name System (DNS).
See Also Domain Name System in Wikipedia.

REST Representational state transfer. A simple stateless architecture that generally runs
over HTTPS/TLS. REST emphasizes that resources have unique and hierarchical
identifiers (URIs), are represented by common media types (such as HTML, XML,
or JSON (p. 829)), and that operations on the resources are either predefined or
discoverable within the media type. In practice, this generally results in a limited
number of operations.
See Also Query, WSDL, SOAP.

RESTful web service Also known as RESTful API. A web service that follows REST (p. 842)
architectural constraints. The API operations must use HTTP methods explicitly;
expose hierarchical URIs; and transfer either XML, JSON (p. 829), or both.

return enabled Amazon CloudSearch (p. 797): An index field option that enables the field's
values to be returned in the search results.

return path The email address that bounced email is returned to. The return path is specified
in the header of the original email. This is different from the reply path (p. 841).

revision AWS CodePipeline (p. 806): A change made to a source that's configured in a
source action, such as a pushed commit to a GitHub (p. 825) repository or an
update to a file in a versioned Amazon S3 (p. 803) bucket (p. 813).

role A tool for giving temporary access to AWS resource (p. 842)s in your AWS
account (p. 796).

rollback A return to a previous state that follows the failure to create an object, such as
AWS CloudFormation (p. 806) stack (p. 847). All resource (p. 842)s associated
with the failure are deleted during the rollback. For AWS CloudFormation, you can
override this behavior using the --disable-rollback option on the command
line.

root AWS Organizations (p. 810): A parent container for the accounts in your
organization. If you apply a service control policy (p. 845) to the root, it applies
to every organizational unit (p. 835) and account in the organization.

root credentials Authentication information associated with the AWS account (p. 796) owner.

root device volume A volume (p. 853) that contains the image used to boot the instance (p. 828)
(also known as a root device). If you launched the instance from an AMI (p. 801)
backed by instance store (p. 828), this is an instance store volume (p. 853)

Version 1.0
842
 AWS General Reference Reference guide

created from a template stored in Amazon S3 (p. 803). If you launched the
instance from an AMI backed by Amazon EBS (p. 799), this is an Amazon EBS
volume created from an Amazon EBS snapshot.

route table A set of routing rules that controls the traffic leaving any subnet (p. 848) that's
associated with the route table. You can associate multiple subnets with a single
route table, but a subnet can be associated with only one route table at a time.

row identifier Amazon Machine Learning: An attribute in the input data that you can include
in the evaluation or prediction output to make it easier to associate a prediction
with an observation.

rule AWS WAF (p. 812): A set of conditions that AWS WAF searches for in web
requests to AWS resource (p. 842)s such as Amazon CloudFront (p. 797)
distributions. You add rules to a web ACL (p. 853), and then specify whether you
want to allow or block web requests based on each rule.

S
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

S3 See Amazon Simple Storage Service (Amazon S3).

sampling period A defined duration of time, such as one minute, which Amazon
CloudWatch (p. 797) computes a statistic (p. 847) over.

sandbox A testing location where you can test the functionality of your application without
affecting production, incurring charges, or purchasing products.

Amazon SES (p. 802): An environment that's designed for developers to test
and evaluate the service. In the sandbox, you have full access to the Amazon SES
API, but you can only send messages to verified email addresses and the mailbox
simulator. To get out of the sandbox, you need to apply for production access.
Accounts in the sandbox also have lower sending limits (p. 845) than production
accounts.

scale in To remove EC2 instances from an Auto Scaling group (p. 805).

scale out To add EC2 instances to an Auto Scaling group (p. 805).

scaling policy A description of how Auto Scaling should automatically scale an Auto Scaling
group (p. 805) in response to changing demand.
See Also scale in, scale out.

scaling activity A process that changes the size, configuration, or makeup of an Auto Scaling
group (p. 805) by launching or terminating instances.

scheduler The method used for placing task (p. 849)s on container instance (p. 816)s.

schema Amazon Machine Learning: The information needed to interpret the input data
for a machine learning model, including attribute names and their assigned data
types, and the names of special attributes.

score cut-off value Amazon Machine Learning: A binary classification model outputs a score that
ranges from 0 to 1. To decide whether an observation should be classified as 1
or 0, you pick a classification threshold, or cut-off, and Amazon ML compares the

Version 1.0
843
 AWS General Reference Reference guide

score against it. Observations with scores higher than the cut-off are predicted as
target equals 1, and scores lower than the cut-off are predicted as target equals 0.

SCP See service control policy.

search API Amazon CloudSearch (p. 797): The API that you use to submit search requests to
a search domain (p. 844).

search domain Amazon CloudSearch (p. 797): Encapsulates your searchable data and the
search instances that handle your search requests. You typically set up a separate
Amazon CloudSearch domain for each different collection of data that you want
to search.

search domain configuration Amazon CloudSearch (p. 797): A domain's indexing options, analysis
scheme (p. 804)s, expression (p. 824)s, suggester (p. 848)s, access policies,
and scaling and availability options.

search enabled Amazon CloudSearch (p. 797): An index field option that enables the field data
to be searched.

search endpoint Amazon CloudSearch (p. 797): The URL that you connect to when sending
search requests to a search domain. Each Amazon CloudSearch domain has a
unique search endpoint that remains the same for the life of the domain.

search index Amazon CloudSearch (p. 797): A representation of your searchable data that
facilitates fast and accurate data retrieval.

search instance Amazon CloudSearch (p. 797): A compute resource (p. 842) that indexes
your data and processes search requests. An Amazon CloudSearch domain
has one or more search instances, each with a finite amount of RAM and CPU
resources. As your data volume grows, more search instances or larger search
instances are deployed to contain your indexed data. When necessary, your index
is automatically partitioned across multiple search instances. As your request
volume or complexity increases, each search partition is automatically replicated
to provide additional processing capacity.

search request Amazon CloudSearch (p. 797): A request that's sent to an Amazon CloudSearch
domain's search endpoint to retrieve documents from the index that match
particular search criteria.

search result Amazon CloudSearch (p. 797): A document that matches a search request. Also
referred to as a search hit.

secret access key A key that's used in conjunction with the access key ID (p. 795) to
cryptographically sign programmatic AWS requests. Signing a request identifies
the sender and prevents the request from being altered. You can generate secret
access keys for your AWS account (p. 796), individual IAM user (p. 851)s, and
temporary sessions.

security group A named set of allowed inbound network connections for an instance. (Security
groups in Amazon VPC (p. 803) also include support for outbound connections.)
Each security group consists of a list of protocols, ports, and IP address ranges. A
security group can apply to multiple instances, and multiple groups can regulate a
single instance.

sender The person or entity sending an email message.

Sender ID A Microsoft-controlled version of SPF (p. 847). An email authentication and

anti-spoofing system. For more information about Sender ID, see Sender ID in
Wikipedia.

Version 1.0
844
 AWS General Reference Reference guide

sending limits The sending quota (p. 845) and maximum send rate (p. 832) that are
associated with every Amazon SES (p. 802) account.

sending quota The maximum number of email messages that you can send using Amazon
SES (p. 802) in a 24-hour period.

server-side encryption (SSE) The encrypting (p. 822) of data at the server level. Amazon S3 (p. 803)
supports three modes of server-side encryption: SSE-S3, where Amazon S3
manages the keys; SSE-C, where the customer manages the keys; and SSE-KMS,
where AWS Key Management Service (AWS KMS) (p. 809) manages keys.

service control policy AWS Organizations (p. 810): A policy-based control that specifies the services
and actions that users and roles can use in the accounts that the service control
policy (SCP) affects.

service endpoint See endpoint.

service health dashboard A webpage showing up-to-the-minute information about AWS service availability.
The dashboard is located at [Link]

Service Quotas A service for viewing and managing your quotas easily and at scale as your AWS
workloads grow. Quotas, also referred to as limits, are the maximum number of
resources that you can create in an AWS account.

service role An IAM (p. 808) role (p. 842) that grants permissions to an AWS service so it
can access AWS resource (p. 842)s. The policies that you attach to the service
role determine which AWS resources the service can access and what it can do
with those resources.

SES See Amazon Simple Email Service (Amazon SES).

session The period when the temporary security credentials provided by AWS Security
Token Service (AWS STS) (p. 811) allow access to your AWS account.

SHA Secure Hash Algorithm. SHA1 is an earlier version of the algorithm, which AWS
has replaced with SHA256.

shard Amazon OpenSearch Service (OpenSearch Service) (p. 799): A partition of data
in an index. You can split an index into multiple shards, which can include primary
shards (original shards) and replica shards (copies of the primary shards). Replica
shards provide failover, which means that a replica shard is promoted to a primary
shard if a cluster node that contains a primary shard fails. Replica shards also can
handle requests.

shared AMI An Amazon Machine Image (AMI) (p. 801) that a developer builds and makes
available for others to use.

shutdown action Amazon EMR (p. 799): A predefined bootstrap action that launches a script that
runs a series of commands in parallel before terminating the job flow.

signature Refers to a digital signature, which is a mathematical way to confirm the

authenticity of a digital message. AWS uses signatures to authenticate the
requests you send to our web services. For more information, to https://
[Link]/security.

SIGNATURE file AWS Import/Export (p. 808): A file you copy to the root directory of your
storage device. The file contains a job ID, manifest file, and a signature.

Signature Version 4 Protocol for authenticating inbound API requests to AWS services in all AWS
Regions.

Version 1.0
845
 AWS General Reference Reference guide

Simple Mail Transfer Protocol See SMTP.

Simple Object Access Protocol See SOAP.

Simple Storage Service See Amazon Simple Storage Service (Amazon S3).

SIMS recipe See item-to-item similarities (SIMS) recipe.

Single Sign-On See AWS Single Sign-On.

Single-AZ DB instance A standard (non-Multi-AZ) DB instance (p. 819) that's deployed in one
Availability Zone (p. 805), without a standby replica in another Availability Zone.
See Also Multi-AZ deployment.

sloppy phrase search A search for a phrase that specifies how close the terms must be to one another
to be considered a match.

SMTP Simple Mail Transfer Protocol. The standard that's used to exchange email
messages between internet hosts for the purpose of routing and delivery.

snapshot Amazon Elastic Block Store (Amazon EBS) (p. 799): A backup of your
volume (p. 853)s that's stored in Amazon S3 (p. 803). You can use these
snapshots as the starting point for new Amazon EBS volumes or to protect your
data for long-term durability.
See Also DB snapshot.

SNS See Amazon Simple Notification Service (Amazon SNS).

SOAP Simple Object Access Protocol. An XML-based protocol that you can use to
exchange information over a particular protocol (for example, HTTP or SMTP)
between applications.
See Also REST, WSDL.

soft bounce A temporary email delivery failure such as one resulting from a full mailbox.

software VPN A software appliance-based VPN connection over the internet.

solution Amazon Personalize (p. 801): The recipe, customized parameters, and trained
models (solution versions) that can be used to generate recommendations.
See Also recipe, solution version, recommendations.

solution version Amazon Personalize (p. 801): A trained model that you create as part of a
solution in Amazon Personalize. You deploy a solution version in a campaign to
generate recommendations.
See Also solution, campaign, recommendations.

sort enabled Amazon CloudSearch (p. 797): An index field option that enables a field to be
used to sort the search results.

sort key An attribute used to sort the order of partition keys in a composite primary key
(also known as a range attribute).
See Also partition key, primary key.

source/destination checking A security measure to verify that an EC2 instance (p. 821) is the origin of all
traffic that it sends and the ultimate destination of all traffic that it receives; that
is, that the instance isn't relaying traffic. Source/destination checking is turned
on by default. For instances that function as gateways, such as VPC (p. 853)
NAT (p. 834) instances, source/destination checking must be disabled.

spam Unsolicited bulk email.

Version 1.0
846
 AWS General Reference Reference guide

spamtrap An email address that's set up by an anti-spam (p. 846) entity, not for
correspondence, but to monitor unsolicited email. This is also called a honeypot.

SPF Sender Policy Framework. A standard for authenticating email.

Spot Instance A type of EC2 instance (p. 821) that you can bid on to take advantage of unused
Amazon EC2 (p. 798) capacity.

Spot price The price for a Spot Instance (p. 847) at any given time. If your maximum price
exceeds the current price and your restrictions are met, Amazon EC2 (p. 798)
launches instances on your behalf.

SQL injection match condition AWS WAF (p. 812): An attribute that specifies the part of web requests (such as
a header or a query string) that AWS WAF inspects for malicious SQL code. Based
on the specified conditions, you can configure AWS WAF to allow or block web
requests to an AWS resource (p. 842), such as an Amazon CloudFront (p. 797)
distribution.

SQS See Amazon Simple Queue Service (Amazon SQS).

SSE See server-side encryption (SSE).

SSL Secure Sockets Layer

See Also Transport Layer Security (TLS).

SSO See AWS Single Sign-On.

stack AWS CloudFormation (p. 806): A collection of AWS resources that you create and
delete as a single unit.

AWS OpsWorks (p. 809): A set of instances that you manage collectively,
typically because they have a common purpose such as serving PHP applications.
A stack serves as a container and handles tasks that apply to the group of
instances as a whole, such as managing applications and cookbooks.

station AWS CodePipeline (p. 806): A portion of a pipeline workflow where one or more
actions are performed.

station A place at an AWS facility where your AWS Import/Export data is transferred on
to, or off of, your storage device.

statistic One of five functions of the values submitted for a given sampling
period (p. 843). These functions are Maximum, Minimum, Sum, Average, and
SampleCount.

stem The common root or substring shared by a set of related words.

stemming The process of mapping related words to a common stem. This enables matching
on variants of a word. For example, a search for "horse" could return matches for
horses, horseback, and horsing, as well as horse. Amazon CloudSearch (p. 797)
supports both dictionary based and algorithmic stemming.

step Amazon EMR (p. 799): A single function applied to the data in a job
flow (p. 829). The sum of all steps comprises a job flow.

step type Amazon EMR (p. 799): The type of work done in a step. There are a limited
number of step types, such as moving data from Amazon S3 (p. 803) to Amazon
EC2 (p. 798) or from Amazon EC2 to Amazon S3.

sticky session A feature of the Elastic Load Balancing (p. 822) load balancer that binds a user's
session to a specific application instance so that all requests coming from the user
during the session are sent to the same application instance. By contrast, a load

Version 1.0
847
 AWS General Reference Reference guide

balancer defaults to route each request independently to the application instance

with the smallest load.

stopping The process of filtering stop words from an index or search request.

stopword A word that isn't indexed and is automatically filtered out of search requests
because it's either insignificant or so common that including it would result in too
many matches to be useful. Stopwords are language specific.

streaming Amazon EMR (p. 799): A utility that comes with Hadoop (p. 826) that you can
use to develop MapReduce executables in languages other than Java.

Amazon CloudFront (p. 797): The ability to use a media file in real time—as it's
transmitted in a steady stream from a server.

streaming distribution A special kind of distribution (p. 820) that serves streamed media files using a
Real Time Messaging Protocol (RTMP) connection.

Streams See Amazon Kinesis Data Streams.

string-to-sign Before you calculate an HMAC (p. 826) signature, you first assemble the required
components in a canonical order. The preencrypted string is the string-to-sign.

string match condition AWS WAF (p. 812): An attribute that specifies the strings that AWS WAF
searches for in a web request, such as a value in a header or a query string.
Based on the specified strings, you can configure AWS WAF to allow or block
web requests to an AWS resource (p. 842), such as a CloudFront (p. 797)
distribution.

strongly consistent read A read process that returns a response with the most up-to-date data, reflecting
the updates from all prior write operations that were successful—regardless of
the Region.
See Also data consistency, eventual consistency, eventually consistent read.

structured query Search criteria specified using the Amazon CloudSearch (p. 797) structured
query language. You use the structured query language to construct compound
queries that use advanced search options and combine multiple search criteria
using Boolean operators.

STS See AWS Security Token Service (AWS STS).

subnet A segment of the IP address range of a VPC (p. 853) that an EC2
instance (p. 821) can be attached to. You can create subnets to group instances
according to security and operational needs.

Subscription button An HTML-coded button that provides an easy way to charge customers a recurring
fee.

suggester Amazon CloudSearch (p. 797): Specifies an index field for getting autocomplete
suggestions and options that can enable fuzzy matches and control how
suggestions are sorted.

suggestions Documents that contain a match for the partial search string in the field
designated by the suggester (p. 848). Amazon CloudSearch (p. 797)
suggestions include the document IDs and field values for each matching
document. To be a match, the string must match the contents of the field starting
from the beginning of the field.

supported AMI An Amazon Machine Image (AMI) (p. 801) similar to a paid AMI (p. 836), except
that the owner charges for additional software or a service that customers use
with their own AMIs.

Version 1.0
848
 AWS General Reference Reference guide

SWF See Amazon Simple Workflow Service (Amazon SWF).

symmetric encryption Encryption (p. 822) that uses a private key only.
See Also asymmetric encryption.

synchronous bounce A type of bounce (p. 813) that occurs while the email servers of the
sender (p. 844) and receiver (p. 840) are actively communicating.

synonym A word that's the same or nearly the same as an indexed word and that should
produce the same results when specified in a search request. For example, a
search for "Rocky Four" or "Rocky 4" should return the fourth Rocky movie. This
can be done by designating that four and 4 are synonyms for IV. Synonyms are
language specific.

T
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

table A collection of data. Similar to other database systems, DynamoDB stores data in
tables.

tag Metadata that you can define and assign to AWS resource (p. 842)s, such as an
EC2 instance (p. 821). Not all AWS resources can be tagged.

tagging Tagging resources: Applying a tag (p. 849) to an AWS resource (p. 842).

Amazon SES (p. 802): Also called labeling. A way to format return path (p. 842)
email addresses so that you can specify a different return path for each
recipient of a message. You can use tagging to support VERP (p. 852). For
example, if Andrew manages a mailing list, he can use the return paths andrew
+recipient1@[Link] and andrew+recipient2@[Link] so that he can
determine which email bounced.

target attribute Amazon Machine Learning (Amazon ML ): The attribute in the input data that
contains the “correct” answers. Amazon ML uses the target attribute to learn how
to make predictions on new data. For example, if you were building a model for
predicting the sale price of a house, the target attribute would be “target sale
price in USD.”

target revision AWS CodeDeploy (p. 806): The most recent version of the application revision
that has been uploaded to the repository and will be deployed to the instances in
a deployment group. In other words, the application revision currently targeted
for deployment. This is also the revision that will be pulled for automatic
deployments.

task An instantiation of a task definition (p. 849) that's running on a container

instance (p. 816).

task definition The blueprint for your task. Specifies the name of the task (p. 849), revisions,
container definition (p. 816)s, and volume (p. 853) information.

task node An EC2 instance (p. 821) that runs Hadoop (p. 826) map and reduce tasks,
but doesn't store data. Task nodes are managed by the master node (p. 832),
which assigns Hadoop tasks to nodes and monitors their status. While a job flow
is running you can increase and decrease the number of task nodes. Because they

Version 1.0
849
 AWS General Reference Reference guide

don't store data and can be added and removed from a job flow, you can use task
nodes to manage the EC2 instance capacity your job flow uses, increasing capacity
to handle peak loads and decreasing it later.

Task nodes only run a TaskTracker Hadoop daemon.

tebibyte (TiB) A contraction of tera binary byte, a tebibyte is 2^40 or 1,099,511,627,776 bytes.
A terabyte (TB) is 10^12 or 1,000,000,000,000 bytes. 1,024 TiB is a pebibyte
(PiB) (p. 837).

template format version The version of an AWS CloudFormation (p. 806) template design that
determines the available features. If you omit the AWSTemplateFormatVersion
section from your template, AWS CloudFormation assumes the most recent
format version.

template validation The process of confirming the use of JSON (p. 829) code in an AWS
CloudFormation (p. 806) template. You can validate any AWS CloudFormation
template using the cfn-validate-template command.

temporary security Authentication information that's provided by AWS STS (p. 811) when you
credentials call an STS API action. Includes an access key ID (p. 795), a secret access
key (p. 844), a session (p. 845) token, and an expiration time.

throttling The automatic restricting or slowing down of a process based on one or more
limits. Examples: Amazon Kinesis Data Streams (p. 800) throttles operations if
an application (or group of applications operating on the same stream) attempts
to get data from a shard at a rate faster than the shard limit. Amazon API
Gateway (p. 797) uses throttling to limit the steady-state request rates for a
single account. Amazon SES (p. 802) uses throttling to reject attempts to send
email that exceeds the sending limits (p. 845).

time-series data Data provided as part of a metric. The time value is assumed to be when the value
occurred. A metric is the fundamental concept for Amazon CloudWatch (p. 797)
and represents a time-ordered set of data points. You publish metric data points
into CloudWatch and later retrieve statistics about those data points as a time-
series ordered dataset.

timestamp A date/time string in ISO 8601 format.

TLS See Transport Layer Security (TLS).

tokenization The process of splitting a stream of text into separate tokens on detectable
boundaries such as white space and hyphens.

topic A communication channel to send messages and subscribe to notifications. It

provides an access point for publishers and subscribers to communicate with each
other.

Traffic Mirroring An Amazon VPC feature that you can use to copy network traffic from an elastic
network interface of Amazon EC2 instances, and then send it to out-of-band
security and monitoring appliances for content inspection, threat monitoring, and
troubleshooting.
See Also [Link]

training datasource A datasource that contains the data that Amazon Machine Learning uses to train
the machine learning model to make predictions.

transition AWS CodePipeline (p. 806): The act of a revision in a pipeline continuing from
one stage to the next in a workflow.

Version 1.0
850
 AWS General Reference Reference guide

Transport Layer Security (TLS) A cryptographic protocol that provides security for communication over the
internet. Its predecessor is Secure Sockets Layer (SSL).

trust policy An IAM (p. 808) policy (p. 837) that's an inherent part of an IAM role (p. 842).
The trust policy specifies which principals are allowed to use the role.

trusted key groups Amazon CloudFront key groups whose public keys CloudFront can use to verify
the signatures of CloudFront signed URLs and signed cookies.

trusted signers See trusted key groups (p. 851).

tuning Selecting the number and type of AMIs (p. 801) to run a Hadoop (p. 826) job
flow most efficiently.

tunnel A route for transmission of private network traffic that uses the internet to
connect nodes in the private network. The tunnel uses encryption and secure
protocols such as PPTP to prevent the traffic from being intercepted as it passes
through public routing nodes.

U
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

unbounded The number of potential occurrences isn't limited by a set number. This
value is often used when defining a data type that's a list (for example,
maxOccurs="unbounded"), in WSDL (p. 853).

unit Standard measurement for the values submitted to Amazon

CloudWatch (p. 797) as metric data. Units include seconds, percent, bytes, bits,
count, bytes/second, bits/second, count/second, and none.

unlink from VPC The process of unlinking (or detaching) an EC2-Classic instance (p. 828) from a
ClassicLink-enabled VPC (p. 853).
See Also ClassicLink, link to VPC.

usage report An AWS record that details your usage of a particular AWS service. You can
generate and download usage reports from [Link]
reports/.

user A person or application under an account (p. 796) that needs to make API calls
to AWS products. Each user has a unique name within the AWS account, and a set
of security credentials not shared with other users. These credentials are separate
from the security credentials for the AWS account. Each user is associated with
one and only one AWS account.

Users dataset Amazon Personalize (p. 801): A container for metadata about your users, such as
age, gender, or loyalty membership.
See Also dataset.

user-personalization recipe Amazon Personalize (p. 801): An HRNN-based USER_PERSONALIZATION

recipe that predicts the items that a user will interact with. The user-
personalization recipe can use item exploration and impressions data to generate
recommendations for new items.
See Also HRNN, recipe, USER_PERSONALIZATION recipes, item exploration,
impressions data, recommendations.

Version 1.0
851
 AWS General Reference Reference guide

USER_PERSONALIZATION Amazon Personalize (p. 801): Recipes used to build a recommendation system
recipes that predicts the items that a user will interact with based on data provided in
Interactions, Items, and Users datasets.
See Also recipe, user-personalization recipe, popularity-count recipe, HRNN.

V
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

validation See template validation.

value Instances of attributes (p. 805) for an item, such as cells in a spreadsheet. An
attribute might have multiple values.

Tagging resources: A specific tag (p. 849) label that acts as a descriptor within a
tag category (key). For example, you might have EC2 instance (p. 821) with the
tag key of Owner and the tag value of Jan. You can tag an AWS resource (p. 842)
with up to 10 key–value pairs. Not all AWS resources can be tagged.

Variable Envelope Return See VERP.

Path

verification The process of confirming that you own an email address or a domain so that you
can send email from or to it.

VERP Variable Envelope Return Path. A way that email-sending applications can match
bounce (p. 813)d email with the undeliverable address that caused the bounce
by using a different return path (p. 842) for each recipient. VERP is typically
used for mailing lists. With VERP, the recipient's email address is embedded in the
address of the return path, which is where bounced email is returned. This makes
it possible to automate the processing of bounced email without having to open
the bounce messages, which might vary in content.

versioning Every object in Amazon S3 (p. 803) has a key and a version ID. Objects with the
same key, but different version IDs can be stored in the same bucket (p. 813).
Versioning is enabled at the bucket layer using PUT Bucket versioning.

VGW See virtual private gateway (VGW).

virtualization Allows multiple guest virtual machines (VM) to run on a host operating system.
Guest VMs can run on one or more levels above the host hardware, depending on
the type of virtualization.
See Also PV virtualization, HVM virtualization.

virtual private cloud See VPC.

virtual private gateway (VGW) The Amazon side of a VPN connection (p. 853) that maintains connectivity. The
internal interfaces of the virtual private gateway connect to your VPC (p. 853)
through the VPN attachment. The external interfaces connect to the VPN
connection, which leads to the customer gateway (p. 817).

visibility timeout The period of time that a message is invisible to the rest of your application after
an application component gets it from the queue. During the visibility timeout,
the component that received the message usually processes it, and then deletes
it from the queue. This prevents multiple components from processing the same
message.

Version 1.0
852
 AWS General Reference Reference guide

VM Import/Export A service for importing virtual machine (VM) images from your existing
virtualization environment to Amazon EC2 and then exporting them back.
See Also [Link]

volume A fixed amount of storage on an instance (p. 828). You can share volume data
between more than one container (p. 816) and persist the data on the container
instance (p. 816) when the containers are no longer running.

VPC Virtual private cloud. An elastic network populated by infrastructure, platform,

and application services that share common security and interconnection.

VPC endpoint A feature that you can use to create a private connection between your
VPC (p. 853) and another AWS service without requiring access over the
internet, through a NAT (p. 834) instance, a VPN connection (p. 853), or AWS
Direct Connect (p. 807).

VPG See virtual private gateway (VGW).

VPN CloudHub See AWS VPN CloudHub.

VPN connection Amazon Web Services (AWS) (p. 803): The IPsec connection between a
VPC (p. 853) and some other network, such as a corporate data center, home
network, or colocation facility.

W
Numbers and symbols (p. 795) | A (p. 795) | B (p. 812) | C (p. 813) | D (p. 818) | E (p. 821) | F (p. 824) |
G (p. 825) | H (p. 826) | I (p. 827) | J (p. 829) | K (p. 830) | L (p. 830) | M (p. 831) | N (p. 834) | O (p. 835)
| P (p. 836) | Q (p. 839) | R (p. 840) | S (p. 843) | T (p. 849) | U (p. 851) | V (p. 852) | W (p. 853) | X, Y,
Z (p. 853)

WAM See Amazon WorkSpaces Application Manager (Amazon WAM).

web access control list (web AWS WAF (p. 812): A set of rules that defines the conditions that AWS WAF
ACL) searches for in web requests to an AWS resource (p. 842), such as a Amazon
CloudFront (p. 797) distribution. A web access control list (web ACL) specifies
whether to allow, block, or count the requests.

Web Services Description See WSDL.

Language

WSDL Web Services Description Language. A language used to describe the actions
that a web service can perform, along with the syntax of action requests and
responses.
See Also REST, SOAP.

X, Y, Z
X.509 certificate A digital document that uses the X.509 public key infrastructure (PKI) standard to
verify that a public key belongs to the entity described in the certificate (p. 814).

yobibyte (YiB) A contraction of yotta binary byte, a yobibyte is 2^80 or

1,208,925,819,614,629,174,706,176 bytes. A yottabyte (YB) is 10^24 or
1,000,000,000,000,000,000,000,000 bytes.

zebibyte (ZiB) A contraction of zetta binary byte, a zebibyte is 2^70 or

1,180,591,620,717,411,303,424 bytes. A zettabyte (ZB) is 10^21 or
1,000,000,000,000,000,000,000 bytes. 1,024 ZiB is a yobibyte (YiB) (p. 853).

Version 1.0
853
 AWS General Reference Reference guide

zone awareness Amazon OpenSearch Service (OpenSearch Service) (p. 799): A configuration that
distributes nodes in a cluster across two Availability Zone (p. 805)s in the same
Region. Zone awareness helps to prevent data loss and minimizes downtime in
the event of node and data center failure. If you enable zone awareness, you must
have an even number of data instances in the instance count, and you also must
use the Amazon OpenSearch Service Configuration API to replicate your data for
your OpenSearch cluster.

Version 1.0
854