AWS AWS Network Firewall Service Limits
26 quotas for AWS Network Firewall. 8 can be increased.
| Quota | Default | Status |
|---|---|---|
Suricata rules string size Suricata rules string size storage | 2,000,000 count | Fixed |
Stateful rulegroups Stateful rulegroups general | 50 count | Adjustable |
TLS inspection configurations per policy TLS inspection configurations per policy identity | 1 count | Fixed |
Number of policies that can use the same rule group Number of policies that can use the same rule group general | 1,000 count | Fixed |
Number of firewalls that can use the same policy Number of firewalls that can use the same policy identity | 1,000 count | Fixed |
Resource filters Resource filters general | 50 count | Adjustable |
Stateless rulegroups Stateless rulegroups general | 50 count | Adjustable |
VPC endpoint associations per Availability Zone per Firewall VPC endpoint associations per Availability Zone per Firewall networking | 50 count | Fixed |
Suricata rule character length Suricata rule character length general | 8,192 count | Fixed |
Number of policies using a TLS inspection configuration Number of policies using a TLS inspection configuration general | 1,000 count | Fixed |
CA certificates per TLS configuration CA certificates per TLS configuration general | 1 count | Fixed |
IP set references per Suricata compatible stateful rule group IP set references per Suricata compatible stateful rule group general | 5 count | Fixed |
Stateless rules per policy Stateless rules per policy identity | 30,000 count | Fixed |
Stateful rule group capacity Stateful rule group capacity general | 30,000 count | Fixed |
Firewall policies Firewall policies general | 20 count | Adjustable |
Stateless rule group custom actions Stateless rule group custom actions general | 10 count | Fixed |
Network traffic bandwidth per firewall endpoint Network traffic bandwidth per firewall endpoint networking | 100 count | Fixed |
Stateless rule groups per policy Stateless rule groups per policy identity | 20 count | Fixed |
Stateless rule group capacity Stateless rule group capacity general | 30,000 count | Fixed |
Stateful rules per policy Stateful rules per policy identity | 30,000 count | Adjustable |
Stateful rule groups per policy Stateful rule groups per policy identity | 20 count | Fixed |
Required firewall policies per firewall Required firewall policies per firewall general | 1 count | Fixed |
VPC endpoint associations VPC endpoint associations networking | 300 count | Adjustable |
Server certificates per TLS configuration Server certificates per TLS configuration general | 10 count | Fixed |
Firewalls Firewalls general | 5 count | Adjustable |
TLS configurations TLS configurations general | 20 count | Adjustable |
How to Request a Quota Increase
- 1Open the AWS Service Quotas console.
- 2Select AWS Network Firewall from the service list.
- 3Find the quota and click "Request increase".
- 4Enter the desired value and submit. Most increases are approved within a few hours.
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to Newsletter