Quotas in Amazon CloudTrail
The following table describes quotas (formerly referred to as limits) within CloudTrail. CloudTrail has no adjustable quotas. For information about other quotas in Amazon, see Amazon service quotas.
Resource | Default quota | Comments |
---|---|---|
Trails per Region | 5 | This quota cannot be increased. |
Get, describe, and list APIs | 10 transactions per second (TPS) |
The maximum number of operation requests you can make per second without being
throttled. The |
LookupEvents API | 2 transactions per second (TPS) | The maximum number of operation requests you can make per second without being
throttled. This quota cannot be increased. |
ListInsightsMetricData API | 1 transaction per second (TPS) | The maximum number of operation requests you can make per second without being
throttled. This quota cannot be increased. |
All other APIs | 1 transaction per second (TPS) | The maximum number of operation requests you can make per second without being
throttled. This quota cannot be increased. |
Event selectors | 5 per trail | This quota cannot be increased. |
Advanced event selectors | 500 conditions across all advanced event selectors |
If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. Unless a trail logs data events on all resources, such as all S3 buckets or all Lambda functions, you are limited to 250 data resources. Data resources can be distributed across event selectors, but the overall total cannot exceed 250. This quota cannot be increased. |
Data resources in event selectors | 250 across all event selectors in a trail | If you choose to limit data events by using event selectors or advanced event selectors,
the total number of data resources cannot exceed 250 across all event selectors in a trail.
The limit of number of resources on an individual event selector is configurable up to 250.
This upper limit is allowed only if the total number of data resources does not exceed 250
across all event selectors. Examples:
Event selectors apply only to trails. For event data stores, you must use advanced event selectors. This quota cannot be increased. The quota does not apply if you choose to log data events on all resources, such as all S3 buckets or all Lambda functions. |
Event size |
All event versions: events over 256 KB cannot be sent to CloudWatch Logs Event version 1.05 and newer: total event size limit of 256 KB |
Amazon CloudWatch Logs and Amazon EventBridge each allow a maximum event size of 256 KB. CloudTrail does not send events over 256 KB to CloudWatch Logs or EventBridge. Starting with event version 1.05, events have a maximum size of 256 KB. This is to help prevent exploitation by malicious actors, and allow events to be consumed by other Amazon services, such as CloudWatch Logs and EventBridge. |
CloudTrail file size sent to Amazon S3 |
50 MB ZIP file, after compression |
For both management and data events, CloudTrail sends events to S3 in maximum 50 MB (compressed) ZIP files. If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends ZIP files to S3. |