VPC limits and Pricing
In this, we will learn about VPC limits and Pricing. The quotas, formerly known as limitations, for Amazon VPC resources by Region for your AWS account are listed in the tables below. Unless otherwise stated, you have the option to seek an increase in these quotas. You can check your current quota for some of these quotas on the VPC limits and Pricing tab of the Amazon EC2 interface.
VPC and Subnets
| Resource | Default limit | Comments |
| Count of VPCs / Region | 5 | limit for internet gateways / Region is correlated to it. Can have 100s of VPCs / Region. default limit is 5 VPCs / Region. |
| Count of Subnets / VPC | 200 | – |
| Count of IPv4 CIDR blocks / VPC | 5 | limit is made up of primary CIDR block plus 4 secondary CIDR blocks. |
| Count of IPv6 CIDR blocks / VPC | 1 | limit cannot be increased. |
Elastic IP Addresses (IPv4)
| Resource | Default limit | Comments |
| Count of Elastic IP addresses / Region | 5 | limit for number of Elastic IP addresses for use in EC2-VPC. |
Gateways
| Resource | Default limit | Comments |
| Count of Customer gateways / Region | 50 | – |
| Count of Egress-only internet gateways / Region | 5 | limit is correlated with limit on VPCs / Region. To increase it, increase limit on VPCs / Region. |
| Count of Internet gateways / Region | 5 | limit is correlated with limit on VPCs / Region. To increase it, increase limit on VPCs / Region. |
| Count of NAT gateways / Availability Zone | 5 | NAT gateway in pending, active, or deleting state counts against your limit. |
| Count of Virtual private gateways / Region | 5 | can attach only one virtual private gateway to a VPC at a time. |
Network ACLs
| Resource | Default limit | Comments |
| Count of Network ACLs / VPC | 200 | can associate one network ACL to one or more subnets in a VPC. |
| Count of Rules / network ACL | 20 | one-way limit for a single NACL. limit for ingress rules is 20, and for egress rules is 20. includes both IPv4 and IPv6 rules, and includes default deny rules can be increased to maximum of 40 |
Network Interfaces
| Resource | Default limit | Comments |
| Count of Network interfaces / instance | – | This limit varies by instance type. |
| Count of Network interfaces / Region | 350 | limit is greater of either default limit (350) or On-Demand Instance limit multiplied by 5. default limit for On-Demand Instances is 20. If your On-Demand Instance limit is below 70, default limit of 350 applies. |
Route Tables
| Resource | Default limit | Comments |
| Count of Route tables / VPC | 200 | This limit includes main route table. |
| Count of Routes / route table (non-propagated routes) | 50 | can increase to maximum of 1000. enforced separately for IPv4 routes and IPv6 routes. |
| Count of BGP advertised routes / route table (propagated routes) | 100 | This limit cannot be increased. For more than 100 prefixes, advertise a default route. |
Security Groups
| Resource | Default limit | Comments |
| Count of VPC security groups / Region | 2500 | maximum is 10000. |
| Count of Inbound or outbound rules / security group | 60 | can have 60 inbound and 60 outbound rules / security group (making a total of 120 rules). enforced separately for IPv4 rules and IPv6 rules |
| Count of Security groups / network interface | 5 | maximum is 16. limit for security groups / network interface multiplied by limit for rules / security group cannot exceed 1000. |
VPC Peering Connections
| Resource | Default limit | Comments |
| Count of Active VPC peering connections / VPC | 50 | maximum limit is 125 peering connections / VPC. |
| Count of Outstanding VPC peering connection requests | 25 | limit for number of outstanding VPC peering connection requests requested from account. |
| Count of Expiry time for an unaccepted VPC peering connection request | 1 week (168 hours) | – |
VPC Endpoints
| Resource | Default limit | Comments |
| Count of Gateway VPC endpoints / Region | 20 | cannot have more than 255 gateway endpoints / VPC. |
| Count of Interface VPC endpoints / VPC | 20 | maximum limit for interface endpoints / Region is this limit multiplied by number of VPCs in Region. |
For traffic that travels via a VPC endpoint, the following maximum transmission unit (MTU) regulations apply.
- A network connection’s maximum transmission unit (MTU) is the size, in bytes, of the greatest allowed packet that may transit through the VPC endpoint. The MTU determines how much data may be sent in a single packet. An MTU of 8500 bytes is supported by a VPC endpoint.
- Packets arriving at the VPC endpoint with a size greater than 8500 bytes are dropped.
- Path MTU Discovery (PMTUD) is not supported since the VPC endpoint does not emit the FRAG NEEDEDICMP packet.
- Maximum Segment Size (MSS) clamping is enforced by the VPC endpoint for all packets.
AWS Certified Advanced Networking Specialty Free Practice TestTake a Quiz