AWS Systems Manager endpoints and quotas
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
ssm.us-east-2.amazonaws.com ssm-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
ssm.us-east-1.amazonaws.com ssm-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
ssm.us-west-1.amazonaws.com ssm-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
ssm.us-west-2.amazonaws.com ssm-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | ssm.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | ssm.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | ssm.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | ssm.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 | ssm.ap-southeast-5.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | ssm.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | ssm.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | ssm.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | ssm.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | ssm.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | ssm.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | ssm.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 |
ssm.ca-central-1.amazonaws.com ssm-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Canada West (Calgary) | ca-west-1 |
ssm.ca-west-1.amazonaws.com ssm-fips.ca-west-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 | ssm.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | ssm.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | ssm.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | ssm.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | ssm.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | ssm.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | ssm.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | ssm.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | ssm.il-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | ssm.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | ssm.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | ssm.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | ssm.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 | ssm.us-gov-west-1.amazonaws.com | HTTPS |
In addition to the ssm.* endpoints, your managed nodes must also
allow HTTPS (port 443) outbound traffic to the following endpoints. For more
information, see Reference:
ec2messages, ssmmessages, and Other API Calls in the
AWS Systems Manager User Guide.
-
ec2messages.* -
ssmmessages.*
For information about AWS AppConfig endpoints and quotas, see AWS AppConfig endpoints and quotas.
For information about Incident Manager endpoints and quotas, see AWS Systems Manager Incident Manager endpoints and quotas.
For information about AWS Systems Manager for SAP endpoints and quotas, see AWS Systems Manager for SAP endpoints and quotas.
Service quotas
| Capability | Resource | Default |
|---|---|---|
| Application Manager | Maximum number of applications in Application Manager |
100 When you add an application in Application Manager, Systems Manager automatically creates a resource group to organize all of the resources for that application. The maximum number of applications is based on the underlying quota for AWS Resource Groups. |
| Application Manager | Maximum number of AWS resources you can assign to an application |
For applications based on AWS CloudFormation stacks: 200 For applications based on AWS Resource Groups: Unlimited |
| Automation | Concurrently running automations |
100 Each AWS account can run 100 automations concurrently. This
quota can be increased up to 500 by enabling adaptive concurrency.
Additionally, you can run up to 400 concurrent automations with
blocking actions. Blocking actions include |
| Automation | Automation queue |
5000 If you attempt to run more automations than the concurrent automation limit, subsequent automations are added to a queue. Each AWS account can queue 5,000 automations. When an automation completes (or reaches a terminal state), the first automation in the queue is started. |
| Automation | Concurrently running rate control automations |
25 Each AWS account can run 25 rate control automations
simultaneously. If you attempt to run more rate control automations
than the concurrent rate control automation limit, Systems Manager adds the
subsequent rate control automations to a queue and displays a status
of |
| Automation | Rate control automation queue |
1000 If you attempt to run more automations than the concurrent rate control automation limit, subsequent automations are added to a queue. Each AWS account can queue 1,000 rate control automations. When an automation completes (or reaches a terminal state), the first automation in the queue is started. |
| Automation | Number of levels of nested automation |
5 A parent-level Automation runbook can start a child-level Automation runbook. This represents one level of nested automation. The child-level Automation runbook can start another Automation runbook, resulting in two levels of nested automation. This can continue up to a maximum of five (5) levels below the top-level parent Automation runbook. |
| Automation | Number of days an automation execution history is stored in the system |
30 |
| Automation | Number of days an automation variable is stored in the system |
30 |
| Automation | Additional automation executions that can be queued |
1,000 |
| Automation | Maximum duration an automation execution can run when running in the context of a user |
12 hours If you expect an automation to run longer than 12 hours, then you must run the automation by using a service role (or assume role). |
| Automation | executeScript action run time |
10 minutes Each |
| Automation | executeScript action maximum output |
Up to 100KB. |
| Automation | invokeLambdaFunction action run time |
5 minutes Each |
| Automation | invokeLambdaFunction action maximum output |
Up to 200KB. |
| Automation | Number of Automation runbook attachments |
5 Each runbook can have up to five (5) attachments. |
| Automation | Automation runbook attachment size |
256 MB Each attachment can be up to 256 MB. |
| Compliance |
Maximum size of any single |
800 KB |
| Distributor |
Maximum number of attachments in a Distributor package |
20 |
| Distributor |
Maximum size per attachment in a Distributor package |
1 GB |
| Distributor |
Maximum number of files in a Distributor package |
1000 |
| Distributor |
Maximum number of Distributor packages per AWS account, per Region |
500 |
| Distributor |
Maximum number of package versions per Distributor package |
25 |
| Distributor |
Maximum package size in Distributor |
20 GB |
| Distributor |
Maximum package manifest size in Distributor |
64 KB |
| Explorer |
Maximum number of resource data syncs (per AWS account per Region) |
5 |
| Fleet Manager |
Maximum Remote Desktop session limit |
60 minutes |
| Fleet Manager |
Maximum number of Remote Desktop sessions (per AWS account per Region) The maximum number of concurrent Remote Desktop sessions (per AWS account per Region) for AWS Systems Manager GUI Connect. Service quota increase requests up to 25 are automatically approved. Service quota increases can take up to two and a half hours to take effect. |
5 |
| Inventory |
Maximum number of resource data syncs (per AWS account per Region) |
5 |
| Inventory |
Inventory data collected per instance per call |
1 MB This maximum adequately supports most inventory collection scenarios. When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
| Inventory |
Inventory data collected per instance per day |
5000 KB When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
| Inventory |
Custom inventory types |
20 You can add up to 20 custom inventory types. |
| Inventory |
Custom inventory type size |
200 KB This is the maximum size of the type, not the inventory collected. |
| Inventory |
Custom inventory type attributes |
50 This is the maximum number of attributes within the custom inventory type. |
| Inventory |
Inventory data expiration |
30 days If you terminate an instance that is configured to collect inventory data, Systems Manager retains the inventory data for 30 days and then deletes it. For running instances, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Software Configuration for Managed Instances in the AWS Config Developer Guide. |
| Maintenance Windows |
Maintenance windows per AWS account |
50 |
| Maintenance Windows |
Tasks per maintenance window |
20 |
| Maintenance Windows |
Targets per maintenance window |
100 |
| Maintenance Windows |
Managed node IDs per target |
50 |
| Maintenance Windows |
Targets per task |
10 |
| Maintenance Windows |
Concurrent executions of a single maintenance window |
1 |
| Maintenance Windows |
Concurrent executions of maintenance windows |
5 |
| Maintenance Windows |
Execution history retention |
30 days |
| Managed nodes - EC2 and on-premises | Maximum number of managed nodes (Amazon EC2 and on-premises) in a fleet | 2400 If your use case requires more managed nodes, contact AWS Support to increase your fleet size. |
| Managed nodes - Hybrid and multicloud environment | Maximum number of hybrid-activated machines in a hybrid and multicloud environment |
Standard instances: 1,000 (per account per Region) Advanced instances: Advanced instances are available on a pay-per-use basis. Advanced instances also enable you to connect to your non-EC2 machines by using AWS Systems Manager Session Manager. For more information about activating non-EC2 machines for use in your hybrid and multicloud environment, see Setting up Systems Manager for hybrid and multicloud environments in the AWS Systems Manager User Guide. For more information about enabling advanced instances, see Configuring instance tiers. |
| OpsCenter |
Total number of OpsItems allowed per AWS account per Region (including Open and Resolved OpsItems) |
500,000 |
| OpsCenter |
Maximum number of OpsItems per AWS account per month |
10,000 |
| OpsCenter |
Maximum operational data value size |
20 KB |
| OpsCenter |
Maximum number of associated Automation runbooks per OpsItem |
10 |
| OpsCenter |
Maximum number of Automation runbook executions stored in operational data under a single associated runbook |
10 |
| OpsCenter |
Maximum number of related resources you can specify per OpsItem |
100 |
| OpsCenter |
Maximum number of related OpsItems you can specify per OpsItem |
10 |
| OpsCenter |
Maximum length of a deduplication string |
512 characters |
| Parameter Store |
Total number of parameters allowed (per AWS account and Region) |
Standard parameters: 10,000 Advanced parameters: 100,000 For more information about advanced parameters, see Managing parameter tiers in the AWS Systems Manager User Guide. |
| Parameter Store |
Maximum size for parameter value |
Standard parameter: 4 KB Advanced parameter: 8 KB |
| Parameter Store |
Maximum number of parameter policies per advanced parameter |
10 |
| Parameter Store |
Maximum throughput (transactions per second) |
Standard throughput: 40 (Shared by the following API actions:
Higher throughput: 10,000 (GetParameter) Higher throughput: 1,000 (GetParameters) Higher throughput: 100 (GetParametersByPath) SecureStrings may be limited to KMS throughput limits depending on the region. For more information on KMS limits, see Request quotas in the AWS Key Management Service Developer Guide For more information about Parameter Store throughput, see Increasing Parameter Store throughput in the AWS Systems Manager User Guide. |
| Parameter Store |
Maximum history for a parameter |
100 past values |
| Patch Manager |
Patch baselines per AWS account |
50 |
| Patch Manager |
Patch groups per patch baseline |
25 |
| Patch Manager | Operation history retention | Most recent 150 operations |
| Run Command | Execution history retention |
30 days The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail. |
| Session Manager |
Idle time before session termination |
Default: 20 minutes Configurable to between 1 and 60 minutes. |
| Session Manager |
Execution history retention |
30 days The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail. |
| SSM Documents | Document size | 64 KB A single SSM document can have a maximum size of 64 KB. |
| SSM Documents | Total documents |
500 Each AWS account can create a maximum of 500 documents per Region. |
| SSM Documents | Document versions |
1000 A single SSM document can have a maximum of 1,000 versions. |
| SSM Documents | Privately shared Systems Manager document |
1000 A single SSM document can be shared with a maximum of 1000 AWS accounts. |
| SSM Documents | Publicly shared Systems Manager document |
5 Each AWS account can publicly share a maximum of five documents. |
| SSM Documents | Maximum number of favorites per document type |
20 |
| State Manager | Associations per AWS account per Region |
2,000 Each AWS account can have a maximum of 2,000 associations per Region. |
| State Manager | Association versions |
1,000 A single State Manager association can have a maximum of 1,000 versions. |
| State Manager | Maximum number of associations targeting a single managed node | 20 |
