Quotas - Amazon CloudFront

Quotas

You can request a CloudFront quota increase by using the following options:

CloudFront is subject to the following quotas.

General quotas

Entity Default quota

Data transfer rate per distribution

150 Gbps

Request a higher quota

Requests per second per distribution

250,000

Request a higher quota

Tags that can be added to a distribution

50

Request a higher quota

Files that you can serve per distribution

No quota

Maximum length of a request or an origin response, including headers and query strings, but not including the body content

20,480 bytes

Maximum length of a URL

8,192 bytes

General quotas on distributions

Entity Default quota

Alternate domain names (CNAMEs) per distribution

For more information, see Use custom URLs by adding alternate domain names (CNAMEs).

100

Request a higher quota

Cache behaviors per distribution

25

Request a higher quota

Connection attempts per origin

For more information, see Connection attempts.

1-3

Connection timeout per origin

For more information, see Connection timeout.

1-10 seconds

Distributions per AWS account

For more information, see Create a distribution.

200

Request a higher quota

Distributions per origin access control

100

Request a higher quota

Distributions within chain of requests to origin endpoint

We don't recommend placing one distribution in front of another. Exceeding this quota results in a 403 error.

2

File compression: range of file sizes that CloudFront compresses

For more information, see Serve compressed files.

1,000 to 10,000,000 bytes

Keep-alive timeout per origin

For more information, see Keep-alive timeout (custom origins only).

1-60 seconds

Request a higher quota

Maximum cacheable file size per HTTP GET response.

Only the responses for an HTTP GET are cached. Responses for POST or PUT are not cached.

50 GB

Origin access controls per AWS account

100

Origin access identities per AWS account

100

Request a higher quota

Origins per distribution

25

Request a higher quota

Origin groups per distribution

10

Request a higher quota

Response timeout per origin

For more information, see Response timeout (custom origins only).

1-60 seconds

Request a higher quota

Staging distributions per AWS account

For more information, see Use CloudFront continuous deployment to safely test CDN configuration changes.

20

Request a higher quota

Distributions associated with the same VPC origin

50

VPC origins per AWS account

25

Request a higher quota

General quotas on policies

Entity Default quota

Custom cache policies per AWS account

(Does not apply to CloudFront managed cache policies)

20

Request a higher quota

Distributions associated with the same cache policy

100

Query strings per cache policy

10

Request a higher quota

Headers per cache policy

10

Request a higher quota

Cookies per cache policy

10

Request a higher quota

Total combined length of all query string, header, and cookie names in a cache policy

1024

Custom origin request policies per AWS account

(Does not apply to CloudFront managed origin request policies)

20

Request a higher quota

Distributions associated with the same origin request policy

100

Query strings per origin request policy

10

Request a higher quota

Headers per origin request policy

10

Request a higher quota

Cookies per origin request policy

10

Request a higher quota

Total combined length of all query string, header, and cookie names in an origin request policy

1024

Custom response headers policies per AWS account

(Does not apply to CloudFront managed response headers policies)

20

Request a higher quota

Distributions associated with the same response headers policy

100

Request a higher quota

Custom headers per response headers policy

10

Request a higher quota

Continuous deployment policies per AWS account

20

Request a higher quota

Quotas on CloudFront Functions

Entity

Default quota

Functions per AWS account

100

Maximum function size

This quota isn't adjustable. To store additional data for your CloudFront Functions, create a key value store and add your key-value pairs. For more information, see Amazon CloudFront KeyValueStore.

10 KB

Maximum function memory

2 MB

Distributions associated with the same function

100

In addition to these quotas, there are some other restrictions when using CloudFront Functions. For more information, see Restrictions on CloudFront Functions.

Quotas on key value stores

Entity

Default quota

Maximum size of a key in a key-value pair 512 Bytes
Maximum size of the value in a key-value pair 1 KB
Maximum key values pairs that you can update in a single API request 50 keys or 3 MB payload, whichever is reached first
Maximum size of an individual key value store 5 MB
Maximum number of functions that a single key value store can be associated with 10
Maximum number of key value stores per function 1
Maximum number of key value stores per account

50

Request a higher quota

Quotas on Lambda@Edge

General quotas

Entity

Default quota

Distributions per AWS account that can have Lambda@Edge functions

500

Request a higher quota

Lambda@Edge functions per distribution

100

Request a higher quota

Concurrent executions

Note

Lambda manages the concurrency quotas for Lambda@Edge. All Lambda functions in the AWS Region share this quota.

For more information, see Function scaling in the AWS Lambda Developer Guide.

1,000 (in each AWS Region)

Request a higher quota

Distributions associated with the same function

500

Maximum compressed size of a Lambda function and any included libraries

50 MB

Lambda@Edge requests per second (each supported AWS Region)

10,000

Quotas that differ by event type

Entity

Viewer request and viewer response events

Origin request and origin response events

Function memory size

128 MB

Same as Lambda quotas

Function timeout. The function can make network calls to resources such as Amazon S3 buckets, DynamoDB tables, or Amazon EC2 instances in AWS Regions.

5 seconds

30 seconds

Size of a response that is generated by a Lambda function, including headers and body

40 KB

1 MB

In addition to these quotas, there are some other restrictions when using Lambda@Edge functions. For more information, see Restrictions on Lambda@Edge.

Quotas on SSL certificates

Entity Default quota

SSL certificates per AWS account when serving HTTPS requests using dedicated IP addresses (no quota when serving HTTPS requests using SNI)

For more information, see Use HTTPS with CloudFront.

2

Request a higher quota

SSL certificates that can be associated with a CloudFront distribution

1

If your SSL certificate is specifically for HTTPS communication between viewers and CloudFront, and if you used AWS Certificate Manager (ACM) or the IAM certificate store to provision or import your certificate, additional quotas apply. For more information, see Quotas on using SSL/TLS certificates with CloudFront (HTTPS between viewers and CloudFront only).

There are also quotas on the number of SSL certificates that you can import into AWS Certificate Manager (ACM) or upload to AWS Identity and Access Management (IAM). For more information, see Increase the quotas for SSL/TLS certificates.

Quotas on invalidations

Entity Default quota

File invalidation: maximum number of files allowed in active invalidation requests, excluding wildcard invalidations

For more information, see Invalidate files to remove content.

3,000

File invalidation: maximum number of active wildcard invalidations allowed

15

File invalidation: maximum number of files that one wildcard invalidation can process

No quota

Quotas on key groups

Entity Default quota

Public keys in a single key group

5

Request a higher quota

Key groups associated with a single cache behavior

4

Request a higher quota

Key groups per AWS account

10

Request a higher quota

Distributions associated with a single key group

100

Request a higher quota

Quotas on WebSocket connections

Entity Default quota

Origin response timeout (idle timeout)

10 minutes

If CloudFront hasn't detected any bytes sent from the origin to the client within the past 10 minutes, the connection is assumed to be idle and is closed.

Quotas on field-level encryption

Entity Default quota

Maximum length of a field to encrypt

For more information, see Use field-level encryption to help protect sensitive data.

16 KB

Maximum number of fields in a request body when field-level encryption is configured

10

Maximum length of a request body when field-level encryption is configured

1 MB

Maximum number of field-level encryption configurations that can be associated with one AWS account

10

Maximum number of field-level encryption profiles that can be associated with one AWS account

10

Maximum number of public keys that can be added to one AWS account

10

Maximum number of fields to encrypt that can be specified in one profile

10

Maximum number of CloudFront distributions that can be associated with a field-level encryption configuration

20

Maximum number of query argument profile mappings that can be included in a field-level encryption configuration

5

Quotas on cookies (legacy cache settings)

These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.

Entity Default quota

Cookies per cache behavior

For more information, see Cache content based on cookies.

10

Request a higher quota

Total number of bytes in cookie names (doesn't apply if you configure CloudFront to forward all cookies to the origin)

512 minus the number of cookies

Quotas on query strings (legacy cache settings)

These quotas apply to CloudFront's legacy cache settings. We recommend using a cache policy or origin request policy instead of the legacy settings.

Entity Default quota

Maximum number of characters in a query string

128 characters

Maximum number of characters total for all query strings in the same parameter

512 characters

Query strings per cache behavior

For more information, see Cache content based on query string parameters.

10

Request a higher quota

Quotas on headers

Entity Default quota

Headers per cache behavior (legacy cache settings)

For more information, see Cache content based on request headers.

10

Request a higher quota

Custom headers: maximum number of custom headers that you can configure CloudFront to add to origin requests

For more information, see Add custom headers to origin requests.

10

Request a higher quota

Custom headers: maximum number of custom headers that you can add to a response headers policy

10

Request a higher quota

Custom headers: maximum length of a header name

256 characters

Custom headers: maximum length of a header value

1,783 characters

Custom headers: maximum length of all header values and names combined

10,240 characters

Maximum length of the Content-Security-Policy header value

1,783 characters

Request a higher quota

Maximum length of a CORS (Access-Control-Allow-Origin) header value

1,783 characters

For more information, see Amazon CloudFront endpoints and quotas in the AWS General Reference.