Amazon GuardDuty quotas

Your Amazon Web Services account has default quotas, formerly referred to as limits, for each Amazon Web Services service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas can't be increased.

To view the quotas for GuardDuty, open the Service Quotas console. In the navigation pane, choose Amazon Web Services services and select Amazon GuardDuty.

To request a quota increase, see Requesting a quota increase in the Service Quotas User Guide.

Your Amazon Web Services account has the following quotas for Amazon GuardDuty per Region.

Note

For quotas specific to GuardDuty Malware Protection for EC2, see Quotas in Malware Protection for EC2.
For quotas specific to Malware Protection for S3, see Quotas in Malware Protection for S3.

GuardDuty quotas per Region
Resource	Default	Comments
Detectors	1	The maximum number of detector resources that you can create per Amazon account per Region. You can't request a quota increase.
Filters	100	The maximum number of saved filters per Amazon account per Region. You can't request a quota increase.
Finding retention period	90 days	The maximum number of days a finding is retained. You can't request a quota increase.
IP addresses and CIDR ranges per Trusted IP List	2,000	The maximum number of IP addresses and CIDR ranges that you can include in a single Trusted IP List. You can't request a quota increase.
IP addresses and CIDR ranges per Threat List	250,000	The maximum number of IP address and CIDR ranges that you can include in a Threat List. You can't request a quota increase.
Maximum file size	35 MB	The maximum file size for the file used to upload a list of IP addresses or CIDR ranges to include in a Trusted IP List or a Threat List. You can't request a quota increase.
Member accounts (by invitation)	5000	The maximum number of member accounts associated with a administrator account. You can't request a quota increase.
Member accounts	50,000	The maximum number of member accounts associated with a administrator account through Amazon Organizations. This includes member accounts that are added to the organization by invitation. This default value depends on your current quota for member accounts in Amazon Organizations. The number of member accounts in GuardDuty that are added through Amazon Organizations can't exceed the number of member accounts in your organization. For information about number of Amazon Web Services accounts in an organization, see Maximum and minimum values in the Amazon Organizations User Guide.
Threat intel sets	6	The maximum number of Threat intel sets that you can add per Amazon account per Region. You can't request a quota increase.
Trusted IP sets	1	The maximum number of trusted IP sets that can be uploaded and activated per Amazon Web Services account per Region. You can't request a quota increase.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

GuardDuty announcements

Troubleshooting