# Quotas for Amazon Verified Permissions Quotas Your Amazon Web Services account has default quotas, formerly referred to as limits, for each Amazon service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased. To view the quotas for Verified Permissions, open the [Service Quotas console](https://console.amazonaws.cn/servicequotas/home). In the navigation pane, choose **Amazon services** and select **Verified Permissions**. To request a quota increase, see [Requesting a Quota Increase](https://docs.amazonaws.cn/servicequotas/latest/userguide/request-quota-increase.html) in the *Service Quotas User Guide*. If the quota is not yet available in Service Quotas, use the [limit increase form](https://console.amazonaws.cn/support/home#/case/create?issueType=service-limit-increase). Your Amazon Web Services account has the following quotas related to Verified Permissions. **Topics** + [ ## Quotas for resources ](#quotas-resources) + [ ## Quotas for hierarchies ](#quotas-hierarchies) + [ ## Quotas for operations per second ](#quotas-tps) ## Quotas for resources [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/verifiedpermissions/latest/userguide/quotas.html) ¹ The quota for an authorization request is the same for both [IsAuthorized](https://docs.amazonaws.cn/verifiedpermissions/latest/apireference/API_IsAuthorized.html) and [IsAuthorizedWithToken](https://docs.amazonaws.cn/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html). ² The default limit for the total size of all the policies scoped for a single resource is 200,000 bytes. Similarly, the total size of all the policies, where the scope leaves the resource undefined, thereby applying to all resources, is limited by default to 200,000 bytes. Note that for template-linked policies the size of the policy template is counted only once, plus the size of each set of parameters used to instantiate each template-linked policy. This limit can be raised, provided that your policy design meets certain constraints. If you need to explore this option, [contact Amazon Web Services Support](https://www.amazonaws.cn/contact-us/). ### Template-linked policy size example You can determine how template-linked policies contribute to the *Policy size per resource* quota by taking the sum of the length of the principal and resource. If the principal or resource isn't specified, the length of that piece is 0. If a resource isn't specified, its size counts towards the `"unspecified"` resource quota. The size of the template body itself has no impact on the policy size. Let's look at the following template: ``` @id("template1") permit ( principal in ?principal, action in [Action::"view", Action::"comment"], resource in ?resource ) unless { resource.tag =="private" }; ``` Let's create the following policies from that template: ``` TemplateLinkedPolicy { policyId: "policy1", templateId: "template1", principal: User::"alice", resource: Photo::"car.jpg" } TemplateLinkedPolicy { policyId: "policy2", templateId: "template1", principal: User::"bob", resource: Photo::"boat.jpg" } TemplateLinkedPolicy { policyId: "policy3", templateId: "template1", principal: User::"jane", resource: Photo::"car.jpg" TemplateLinkedPolicy { policyId: "policy4", templateId: "template1", principal: User::"jane", resource } ``` Now, let's calculate the size of those policies by counting the characters in the `principal` and `resource` for each one. Each character counts as 1 byte. The size of `policy1` would be the length of the principal `User::"alice"` (13) plus the length of the resource `Photo::"car.jpg"` (16). Adding them up we have 13 \$1 16 = 29 bytes. The size of `policy2` would be the length of the principal `User::"bob"` (11) plus the length of the resource `Photo::"boat.jpg"` (17). Adding them up we have 11 \$1 17 = 28 bytes. The size of `policy3` would be the length of the principal `User::"jane"` (12) plus the length of the resource `Photo::"car.jpg"` (16). Adding them up we have 12 \$1 16 = 28 bytes. The size of `policy4` would be the length of the principal `User::"jane"` (12) plus the length of the resource (0). Adding them up we have 12 \$1 0 = 12 bytes. Since `policy2` is the only policy that references the resource `Photo::"boat.jpg"`, the total resource size is 28 bytes. Since `policy1` and `policy3` both reference the resource `Photo::"car.jpg"`, the total resource size is 29 \$1 28 = 57 bytes. Since `policy4` is the only policy that references the `"unspecified"` resource, the total resource size is 12 bytes. ## Quotas for hierarchies **Note** The following quotas are aggregated, meaning they are added together. The maximum number of transitive parents for the group is what's listed. For example, if the limit of *Transitive parents per principal* is 100 that means there could be 100 parents of *principals* and 0 parents for both *actions* and *resources*, or any combination of parents that add up to 100 **total** parents. | Name | Default | Adjustable | Description | | --- | --- | --- | --- | | Transitive parents per principal | 100 | No | The maximum number of transitive parents for each principal. | | Transitive parents per action | 100 | No | The maximum number of transitive parents for each action. | | Transitive parents per resource | 100 | No | The maximum number of transitive parents for each resource. | The diagram below illustrates how transitive parents can be defined for an entity (principal, action, or resource). ![\[Transitive parents per entity\]](http://docs.amazonaws.cn/en_us/verifiedpermissions/latest/userguide/images/quotas-transitive-parents.png) ## Quotas for operations per second Verified Permissions throttles requests to service endpoints in an Amazon Web Services Region when application requests exceed the quota for an API operation. Verified Permissions might return an exception when you exceed the quota in requests per second, or you attempt simultaneous write operations. You can view your current RPS quotas in [Service Quotas](https://console.amazonaws.cn/servicequotas/home/services/verifiedpermissions/quotas). To prevent applications from exceeding the quota for an operation, you must optimize them for retries and exponential backoff. For more information, see [Retry with backoff pattern](https://docs.amazonaws.cn/prescriptive-guidance/latest/cloud-design-patterns/retry-backoff.html) and [Managing and monitoring API throttling in your workloads](https://www.amazonaws.cn/blogs/mt/managing-monitoring-api-throttling-in-workloads/). [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/verifiedpermissions/latest/userguide/quotas.html)