AWS AWS Firewall Manager Service Limits
30 quotas for AWS Firewall Manager. 23 can be increased.
| Quota | Default | Status |
|---|---|---|
Protocols per protocol list Protocols per protocol list general | 5 count | Adjustable |
Resource sets per Firewall Manager admin account Resource sets per Firewall Manager admin account general | 20 count | Adjustable |
Partner rule groups per AWS WAF policy Partner rule groups per AWS WAF policy identity | 1 count | Adjustable |
Applications per application list Applications per application list general | 50 count | Adjustable |
Custom managed application lists in any content audit security group policy setting Custom managed application lists in any content audit security group policy setting identity | 1 count | Adjustable |
Resources per resource set Resources per resource set general | 100 count | Adjustable |
Audit security groups per security group content audit policy Audit security groups per security group content audit policy identity | 1 count | Adjustable |
Amazon VPC instances in scope of a common security group policy Amazon VPC instances in scope of a common security group policy networking | 100 count | Adjustable |
Organizational units in scope per policy per Region Organizational units in scope per policy per Region identity | 20 count | Adjustable |
AWS WAF Classic rule groups per AWS WAF Classic policy AWS WAF Classic rule groups per AWS WAF Classic policy identity | 2 count | Fixed |
Stateful rule group capacity per Network Firewall policy Stateful rule group capacity per Network Firewall policy networking | 30,000 count | Adjustable |
Custom managed application lists per account Custom managed application lists per account general | 10 count | Adjustable |
Custom managed protocol lists in any content audit security group policy setting Custom managed protocol lists in any content audit security group policy setting identity | 1 count | Adjustable |
Inbound/outbound rules per network ACL policy Inbound/outbound rules per network ACL policy networking | 5 count | Adjustable |
Primary security groups per common security group policy Primary security groups per common security group policy identity | 3 count | Adjustable |
VPCs that a single Network Firewall policy can automatically remediate VPCs that a single Network Firewall policy can automatically remediate networking | 1,000 count | Fixed |
Accounts per Firewall Manager admin Accounts per Firewall Manager admin general | 10,000 count | Adjustable |
Rule groups per AWS WAF policy Rule groups per AWS WAF policy identity | 50 count | Adjustable |
Explicitly included or excluded accounts per policy per Region Explicitly included or excluded accounts per policy per Region identity | 200 count | Adjustable |
Tags to include or exclude resources per policy Tags to include or exclude resources per policy identity | 8 count | Adjustable |
IPV4 CIDRs for a Network Firewall policy IPV4 CIDRs for a Network Firewall policy networking | 50 count | Adjustable |
Custom managed protocol lists per account Custom managed protocol lists per account general | 10 count | Adjustable |
Firewall Manager policies per organization per Region Firewall Manager policies per organization per Region general | 50 count | Adjustable |
Stateful rule groups per Network Firewall policy Stateful rule groups per Network Firewall policy networking | 20 count | Fixed |
Route 53 Resolver DNS Firewall rule groups per DNS Firewall policy Route 53 Resolver DNS Firewall rule groups per DNS Firewall policy identity | 2 count | Adjustable |
Stateless rule group capacity per Network Firewall policy Stateless rule group capacity per Network Firewall policy networking | 30,000 count | Fixed |
Stateless rule groups per Network Firewall policy Stateless rule groups per Network Firewall policy networking | 20 count | Fixed |
Custom managed application lists for rules that allow all traffic Custom managed application lists for rules that allow all traffic general | 1 count | Adjustable |
Admins per organization in Firewall Manager Admins per organization in Firewall Manager general | 10 count | Fixed |
Web ACL capacity units (WCU) used in an AWS WAF policy Web ACL capacity units (WCU) used in an AWS WAF policy identity | 5,000 count | Fixed |
How to Request a Quota Increase
- 1Open the AWS Service Quotas console.
- 2Select AWS Firewall Manager from the service list.
- 3Find the quota and click "Request increase".
- 4Enter the desired value and submit. Most increases are approved within a few hours.
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to Newsletter