AWS Systems Manager endpoints and quotas
To connect programmatically to an AWS service, you use an endpoint. AWS services offer the following endpoint types in some or all of the AWS Regions that the service supports: IPv4 endpoints, dual-stack endpoints, and FIPS endpoints. Some services provide global endpoints. For more information, see AWS service endpoints.
Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
The following are the service endpoints and service quotas for this service.
Service endpoints for Systems Manager
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
ssm.us-east-2.amazonaws.com ssm-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
ssm.us-east-1.amazonaws.com ssm-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
ssm.us-west-1.amazonaws.com ssm-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
ssm.us-west-2.amazonaws.com ssm-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | ssm.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | ssm.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | ssm.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | ssm.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Malaysia) | ap-southeast-5 | ssm.ap-southeast-5.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | ssm.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | ssm.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | ssm.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | ssm.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | ssm.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | ssm.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Thailand) | ap-southeast-7 | ssm.ap-southeast-7.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | ssm.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 |
ssm.ca-central-1.amazonaws.com ssm-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Canada West (Calgary) | ca-west-1 |
ssm.ca-west-1.amazonaws.com ssm-fips.ca-west-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 | ssm.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | ssm.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | ssm.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | ssm.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | ssm.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | ssm.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | ssm.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | ssm.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | ssm.il-central-1.amazonaws.com | HTTPS |
| Mexico (Central) | mx-central-1 | ssm.mx-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | ssm.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | ssm.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | ssm.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | ssm.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 | ssm.us-gov-west-1.amazonaws.com | HTTPS |
Note
In addition to the ssm.* endpoints documented in the preceding table,
your managed nodes must also allow HTTPS (port 443) outbound traffic to the
following endpoints.
-
ec2messages.* -
ssmmessages.*
For more information, see Reference: ec2messages, ssmmessages, and other API operations in the AWS Systems Manager User Guide.
Service endpoints for Quick setup
Quick Setup is an AWS Systems Manager tool used for to quickly configuring frequently used Amazon Web Services services and features with recommended best practices.
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
ssm-quicksetup.us-east-2.amazonaws.com ssm-quicksetup-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
ssm-quicksetup.us-east-1.amazonaws.com ssm-quicksetup-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
ssm-quicksetup.us-west-1.amazonaws.com ssm-quicksetup-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
ssm-quicksetup.us-west-2.amazonaws.com ssm-quicksetup-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | ssm-quicksetup.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | ssm-quicksetup.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | ssm-quicksetup.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | ssm-quicksetup.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | ssm-quicksetup.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 |
ssm-quicksetup.ca-central-1.amazonaws.com ssm-quicksetup-fips.ca-central-1.amazonaws.com |
HTTPS HTTPS |
| Europe (Frankfurt) | eu-central-1 | ssm-quicksetup.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | ssm-quicksetup.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | ssm-quicksetup.eu-west-2.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | ssm-quicksetup.eu-west-3.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | ssm-quicksetup.eu-north-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | ssm-quicksetup.sa-east-1.amazonaws.com | HTTPS |
Related services
For information about endpoints for related services, see the following topics:
-
AWS AppConfig – AWS AppConfig endpoints and quotas
-
Incident Manager – AWS Systems Manager Incident Manager endpoints and quotas
-
AWS Systems Manager for SAP – AWS Systems Manager for SAP endpoints and quotas
Service quotas
The following sections list and describe the quotas for Systems Manager, grouped by tool or feature area.
Unless otherwise specified, each quota applies to an individual AWS Region in each AWS account. For example, the default quota for the number of State Manager associations is 2,000. This means that in the AWS account 123456789012, you can create 2,000 associations in the US East (N. Virginia) Region, 2,000 in the US East (Ohio) Region, and so on.
Topics
Service quotas for Application Manager
| Resource | Default |
|---|---|
| Maximum number of applications in Application Manager |
100 When you add an application in Application Manager, Systems Manager automatically creates a resource group to organize all of the resources for that application. The maximum number of applications is based on the underlying quota for AWS Resource Groups. |
| Maximum number of AWS resources assigned to an application |
For applications based on AWS CloudFormation stacks: 200 For applications based on AWS Resource Groups: Unlimited |
Service quotas for Automation
| Resource | Default |
|---|---|
| Concurrently running automations |
100 This quota can be increased up to 500 by enabling adaptive concurrency. Additionally, you can run up to 400 concurrent automations
with blocking actions. Blocking actions include
For more information about adaptive concurrency, see Allowing Automation to adapt to your concurrency needs in the AWS Systems Manager User Guide. |
| Automation queue |
5,000 If you attempt to run more automations than the concurrent automation limit, subsequent automations are added to the Automation queue. When an automation completes (or reaches a terminal state), the first automation in the queue is started. |
| Concurrently running rate control automations |
25 If you attempt to run more rate control automations than the
concurrent rate control automation limit, Systems Manager adds the
subsequent rate control automations to the queue and displays a
status of |
| Rate control automation queue |
1,000 If you attempt to run more automations than the concurrent rate control automation limit, subsequent automations are added to the queue. When an automation completes (or reaches a terminal state), the first automation in the queue is started. |
| Number of levels of nested automation |
5 A parent-level Automation runbook can start a child-level Automation runbook. This represents one level of nested automation. The child-level Automation runbook can start another Automation runbook, resulting in two levels of nested automation. This can continue up to a maximum of five levels below the top-level parent Automation runbook. |
| Number of days an automation execution history is stored in the system |
30 |
| Number of days an automation variable is stored in the system |
30 |
| Additional automation executions that can be queued |
1,000 |
| Maximum duration an automation execution can run in the context of a user |
12 hours If you expect an automation to run longer than 12 hours, then you must run the automation by using a service role (or assume role). |
Maximum executeScript action run time |
10 minutes Each |
Maximum executeScript action maximum output |
100 KB |
Maximum invokeLambdaFunction action run time |
5 minutes Each |
Maximum invokeLambdaFunction action output |
200 KB |
| Number of Automation runbook attachments |
5 per runbook |
| Size of an Automation runbook attachment |
256 MB per attachment, per runbook |
| Transactions per second for the StartAutomationExecution API action | 1 |
| Transactions per second for the DescribeAutomationStepExecutions API action | 3 |
| Transactions per second for the GetAutomationExecution API action | 3 |
| Transactions per second for the DescribeAutomationExecutions API action | 3 |
| Transactions per second for the SendAutomationSignal API action | 3 |
| Transactions per second for the StopAutomationExecution API action | 1 |
| Transactions per second for the StartExecutionPreview API action | 1 |
| Transactions per second for the GetExecutionPreview API action | 1 |
Service quotas for Distributor
| Resource | Default |
|---|---|
|
Maximum number of attachments in a Distributor package |
20 |
|
Maximum size per attachment in a Distributor package |
1 GB |
|
Maximum number of files in a Distributor package |
1,000 |
|
Maximum number of Distributor packages |
500 |
|
Maximum number of package versions per Distributor package |
25 |
|
Maximum package size in Distributor |
20 GB |
|
Maximum package manifest size in Distributor |
64 KB |
Service quotas for Documents
| Resource | Default |
|---|---|
| Document size |
64 KB per document |
| Total documents |
500 |
| Document versions |
1,000 per document |
| Privately shared Systems Manager document |
A single SSM document can be shared with a maximum of 1,000 AWS accounts. |
| Publicly shared Systems Manager document |
5 Each AWS account can publicly share a maximum of five documents. |
| Maximum number of favorites per document type |
20 |
Service quotas for Explorer
| Resource | Default |
|---|---|
|
Maximum number of resource data syncs |
5 |
Service quotas for Fleet Manager
| Resource | Default |
|---|---|
|
Maximum duration of an AWS Systems Manager GUI Connect Remote Desktop session |
60 minutes |
|
Maximum number of AWS Systems Manager GUI Connect concurrent Remote Desktop sessions |
5 Service quota increase requests up to 25 are automatically approved. Service quota increases can take up to two and a half hours to take effect. |
Service quotas for Inventory
| Resource | Default |
|---|---|
Maximum size of an inventory data item that can be sent in a
single PutInventory API request, per managed
node |
1024 KB |
|
Maximum number of resource data syncs |
5 |
|
Maximum size of inventory data collected per managed node, per call |
1 MB This maximum adequately supports most inventory collection scenarios. When this quota is reached, no new inventory data is collected for the node. Inventory data previously collected is stored until the expiration. |
|
Maximum size of inventory data collected per node, per day |
5,000 KB When this quota is reached, no new inventory data is collected for the instance. Inventory data previously collected is stored until the expiration. |
|
Number of custom inventory types |
20 |
|
Maximum size fo a custom inventory type |
200 KB This is the maximum size of the type, not the inventory collected. |
|
Maximum number attributes in a custom inventory type |
50 |
|
Length of inventory data retention |
30 days If you terminate a managed node that is configured to collect inventory data, Systems Manager retains the inventory data for 30 days and then deletes it. For running nodes, inventory data older than 30 days is deleted. If you need to store inventory data longer than 30 days, you can use AWS Config to record history or periodically query and upload the data to an Amazon S3 bucket. For more information, see, Recording Software Configuration for Managed Instances in the AWS Config Developer Guide. |
Service quotas for Maintenance Windows
| Resource | Default |
|---|---|
|
Maintenance windows |
50 |
|
Tasks per maintenance window |
20 |
|
Targets per maintenance window |
100 |
|
Targets per task |
10 |
|
Concurrent executions of maintenance windows |
5 |
Service quotas for Managed nodes
| Resource | Default |
|---|---|
| Maximum number of managed nodes (Amazon EC2 and hybrid) in a fleet |
2,400 If your use case requires more managed nodes, contact Support to increase your fleet size. |
| Maximum number of hybrid-activated machines in a hybrid and multicloud environment |
Standard instances: 1,000 Advanced instances: Advanced instances are available on a pay-per-use basis. Advanced instances also enable you to connect to your non-EC2 machines by using AWS Systems Manager Session Manager. For more information about activating non-EC2 machines for use in your hybrid and multicloud environment, see Setting up Systems Manager for hybrid and multicloud environments in the AWS Systems Manager User Guide. For more information about enabling advanced instances, see Configuring instance tiers. |
Service quotas for OpsCenter
| Resource | Default |
|---|---|
|
Maximum number of OpsItems (including Open and Resolved OpsItems) |
500,000 ImportantOpsItems that are created by an integration with AWS Security Hub are not currently limited by this maximum quota. It is therefore possible for Security Hub alerts to create more than 500,000 chargeable OpsItems in an account. For high-production environments, we therefore recommend limiting the scope of Security Hub findings to high severity issues only. For more information about OpsCenter integration with Security Hub and OpsItems pricing in AWS Systems Manager, see Understanding OpsCenter integration with AWS Security Hub in the AWS Systems Manager User Guide. |
|
Maximum number of OpsItems per AWS account per month |
10,000 |
|
Maximum operational data value size |
20 KB |
|
Maximum number of associated Automation runbooks per OpsItem |
10 |
|
Maximum number of Automation runbook executions stored in operational data under a single associated runbook |
10 |
|
Maximum number of related resources you can specify per OpsItem |
100 |
|
Maximum number of related OpsItems you can specify per OpsItem |
10 |
|
Maximum length of a deduplication string |
512 characters |
Service quotas for Parameter Store
| Resource | Default |
|---|---|
|
Maximum number of parameters |
Standard parameters: 10,000 Advanced parameters: 100,000 ¹ |
|
Maximum size for parameter value |
Standard parameter: 4 KB Advanced parameter: 8 KB ¹ |
|
Maximum number of parameter policies per advanced parameter |
10 ¹ |
|
Maximum number of parameter versions retained |
100 |
Transactions per second for the following API Actions: |
|
|
Transactions per second for the following API actions: |
|
|
Transactions per second for the following API actions: |
|
¹ Enabling the advanced parameter tier incurs a charge on your AWS account. For more information, see Managing parameter tiers in the AWS Systems Manager User Guide.
² You can raise the maximum transactions per second (TPS) for this API action to support applications and workloads that need concurrent access to multiple parameters. Increasing the TPS quota incurs a charge on your AWS account. For more information, see Increasing or resetting Parameter Store throughput in the AWS Systems Manager User Guide.
³ Throughput for SecureString parameters might be further
limited by AWS Key Management Service (AWS KMS) throughput limits depending on the Region. For more
information about AWS KMS limits, see Request quotas
in the AWS Key Management Service Developer Guide.
Service quotas for Patch Manager
| Resource | Default |
|---|---|
|
Patch baselines |
50 |
|
Patch groups per patch baseline |
25 |
| Operation history retention | Most recent 150 operations |
| Execution history retention |
30 days The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail. |
Service quotas for Session Manager
| Resource | Default |
|---|---|
| Transactions per second for the DescribeSessions API action | 6 |
| Transactions per second for the GetConnectionStatus API action | 50 |
| Transactions per second for the ResumeSession API action | 6 |
| Transactions per second for the StartSession API action | 3 |
| Transactions per second for the TerminateSession API action | 6 |
|
Idle time before session termination |
Default: 20 minutes Configurable to between 1 and 60 minutes. |
|
Execution history retention |
30 days The history of each command is available for up to 30 days. In addition, you can store a copy of all log files in Amazon Simple Storage Service or have an audit trail of all API calls in AWS CloudTrail. |
Service quotas for State Manager
| Resource | Default |
|---|---|
| Transactions per second (TPS) for the CreateAssociation API action | 3 |
| Transactions per second (TPS) for the CreateAssociationBatch API action | 1 |
| Transactions per second (TPS) for the DeleteAssociation API action | 2 |
| Transactions per second (TPS) for the DescribeAssociation API action | 2 |
| Transactions per second (TPS) for the DescribeAssociationExecutions API action | 4 |
| Transactions per second (TPS) for the DescribeAssociationExecutionTargets API action | 4 |
| Transactions per second (TPS) for the DescribeEffectiveInstanceAssociations API action | 1 |
| Transactions per second (TPS) for the DescribeInstanceAssociationsStatus API action | 2 |
| Transactions per second (TPS) for the ListAssociations API action | 4 |
| Transactions per second (TPS) for the ListAssociationVersions API action | 4 |
| Transactions per second (TPS) for the StartAssociationsOnce API action | 2 |
| Transactions per second (TPS) for the UpdateAssociation API action | 3 |
| Transactions per second (TPS) for the UpdateAssociationStatus API action | 3 |
| Maximum number of associations |
2,000 |
| Maximum number of versions per association |
1,000 |
| Maximum number of associations targeting a single managed node | 20 |
