Quotas in Amazon CloudTrail - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Quotas in Amazon CloudTrail

The following table describes quotas (formerly referred to as limits) within CloudTrail. CloudTrail has no adjustable quotas. For information about other quotas in Amazon, see Amazon service quotas.

Resource Default quota Comments
Trails per Region 5 This quota cannot be increased.
Get, describe, and list APIs 10 transactions per second (TPS)

The maximum number of operation requests you can make per second without being throttled. The LookupEvents and ListInsightsMetricData APIs are not included in this category.
LookupEvents API 2 transactions per second (TPS) The maximum number of operation requests you can make per second without being throttled.

This quota cannot be increased.
ListInsightsMetricData API 1 transaction per second (TPS) The maximum number of operation requests you can make per second without being throttled.

This quota cannot be increased.
All other APIs 1 transaction per second (TPS) The maximum number of operation requests you can make per second without being throttled.

This quota cannot be increased.
Event selectors 5 per trail This quota cannot be increased.
Advanced event selectors 500 conditions across all advanced event selectors

If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. Unless a trail logs data events on all resources, such as all S3 buckets or all Lambda functions, you are limited to 250 data resources. Data resources can be distributed across event selectors, but the overall total cannot exceed 250.

This quota cannot be increased.
Data resources in event selectors 250 across all event selectors in a trail If you choose to limit data events by using event selectors or advanced event selectors, the total number of data resources cannot exceed 250 across all event selectors in a trail. The limit of number of resources on an individual event selector is configurable up to 250. This upper limit is allowed only if the total number of data resources does not exceed 250 across all event selectors.

Examples:

  • A trail with 5 event selectors, each configured with 50 data resources, is allowed. (5*50=250)

  • A trail with 5 event selectors, 3 of which are configured with 50 data resources, 1 of which is configured with 99 data resources, and 1 of which is configured with 1 data resource, is also allowed. ((3*50)+1+99=250)

  • A trail configured with 5 event selectors, all of which are configured with 100 data resources, is not allowed. (5*100=500)

Event selectors apply only to trails. For event data stores, you must use advanced event selectors.

This quota cannot be increased.

The quota does not apply if you choose to log data events on all resources, such as all S3 buckets or all Lambda functions.
Event size

All event versions: events over 256 KB cannot be sent to CloudWatch Logs

Event version 1.05 and newer: total event size limit of 256 KB

Amazon CloudWatch Logs and Amazon EventBridge each allow a maximum event size of 256 KB. CloudTrail does not send events over 256 KB to CloudWatch Logs or EventBridge.

Starting with event version 1.05, events have a maximum size of 256 KB. This is to help prevent exploitation by malicious actors, and allow events to be consumed by other Amazon services, such as CloudWatch Logs and EventBridge.
CloudTrail file size sent to Amazon S3

50 MB ZIP file, after compression

For both management and data events, CloudTrail sends events to S3 in maximum 50 MB (compressed) ZIP files.

If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends ZIP files to S3.