AWS Service Quotas Explained: Check Limits, Increase Quotas, Avoid Errors
Quota issues are behind some of the most confusing failures in AWS. An EC2 launch fails with a vCPU limit error. A Lambda function starts throttling at peak traffic. Terraform rolls back because you hit the VPC limit in a Region. These problems are preventable if you know how to check, increase, and monitor your service quotas before they become production incidents.
This page explains how AWS service quotas work, shows you how to find and increase them using the console and the AWS CLI, and covers how to set up monitoring so you get warned before hitting a limit. If you are new to AWS, read this before your first real deployment.
It is launch day. Your auto-scaling group tries to spin up 20 new EC2 instances to handle a traffic spike, but your account only allows 32 vCPUs total. Half the instances fail to launch. Your load balancer returns 503 errors to customers. The fix takes five minutes once you know the cause, but finding the cause under pressure can take much longer. This page helps you avoid being in that situation.
Simple explanation
Every AWS service has built-in caps on how much you can use. These caps are called service quotas. Some limit how many resources you can create (like the number of VPCs in a Region). Others limit how fast you can call an API (like requests per second to EC2).
You will also see the term service limits in older AWS documentation, blog posts, and error messages. “Service limits” and “service quotas” mean the same thing. AWS renamed them to “service quotas” in 2019 when it launched the Service Quotas console, but the older term is still widely used.
Quotas work like the circuit breakers in your house. They exist to stop something dangerous before it gets out of hand. A runaway script that creates thousands of EC2 instances could rack up a massive bill in minutes. Quotas trip the breaker before that happens. And just like calling an electrician to upgrade your panel, you can request higher quotas when you genuinely need more capacity.
How AWS service quotas work
Default quota vs applied quota
The default quota is the starting value AWS assigns when you create an account. The applied quota is the actual limit currently in effect for your account. If you have never requested an increase, these two values are the same. After an approved increase, the applied quota is higher than the default.
Default quotas can differ between accounts. AWS sometimes adjusts defaults based on account age, usage history, or support plan. Do not assume your account has the same defaults as a tutorial or blog post. Always check your own applied values.
Adjustable vs non-adjustable quotas
Adjustable quotas (sometimes called soft limits) can be increased by submitting a request. Most quotas you encounter in practice are adjustable. Non-adjustable quotas (hard limits) are fixed and cannot be changed regardless of business justification. The Service Quotas console marks each quota clearly.
Account-level, Region-level, and resource-level quotas
Most quotas are scoped per account per
Region. For example,
the VPC quota applies independently in each Region. Reaching the limit in
us-east-1 does not affect eu-west-1. A few quotas are global
(per account regardless of Region), such as IAM roles or S3 general-purpose buckets.
Some quotas apply at the resource level, like the number of
tags per resource or the
maximum size of an IAM policy.
Resource counts vs request-rate limits
Resource quotas cap how many of something you can have at once (VPCs, EC2 vCPUs, Lambda
functions). Rate quotas cap how many API calls you can make per second
(DescribeInstances calls, GetRole requests). Both types appear
in the Service Quotas console, but they cause different kinds of failures and require
different responses.
| Concept | What it means | Example |
|---|---|---|
| Default quota | Starting value for new accounts | 5 VPCs per Region |
| Applied quota | Your current effective limit | 10 VPCs per Region (after increase) |
| Adjustable | Can be increased by request | EC2 On-Demand vCPUs, VPCs per Region |
| Non-adjustable | Fixed, cannot be changed | Maximum IAM managed policy size (6,144 characters) |
| Region-level | Separate limit per Region | Lambda concurrent executions |
| Account-level (global) | One limit for the whole account | S3 general-purpose buckets, IAM roles |
| Resource count | How many you can create | Number of VPCs, number of IAM roles |
| Request rate | How many API calls per second | EC2 DescribeInstances calls per second |
How to check your current quotas
Using the console
The fastest way to browse your quotas:
- Open the Service Quotas console.
- Select AWS services in the left navigation.
- Search for or select the service you want to inspect (for example, Amazon EC2).
- Browse the list of quotas. Each entry shows the quota name, applied value, default value, and whether it is adjustable.
Using the CLI
The AWS CLI is better for scripting and quick lookups. You can also use AWS CloudShell if you do not have the CLI installed locally. The commands below walk through a logical discovery flow: start broad, then narrow down to the specific quota you need.
# Step 1: List services available in Service Quotas
aws service-quotas list-services \
--query 'Services[*].{Code:ServiceCode,Name:ServiceName}' \
--output table# Step 2: List all quotas for a specific service (e.g., EC2)
aws service-quotas list-service-quotas \
--service-code ec2 \
--query 'Quotas[*].{Name:QuotaName,Code:QuotaCode,Value:Value,Adjustable:Adjustable}' \
--output table# Step 3: Filter to find a specific quota by name
# This example searches for On-Demand vCPU quotas
aws service-quotas list-service-quotas \
--service-code ec2 \
--query "Quotas[?contains(QuotaName,'On-Demand')].{Name:QuotaName,Code:QuotaCode,Value:Value}" \
--output table# Step 4: Get full details for a specific quota using its code
# Use the QuotaCode value from Step 3
aws service-quotas get-service-quota \
--service-code ec2 \
--quota-code L-1216C47AAlways use list-service-quotas to discover the quota code you need
first. Quota codes like L-1216C47A are not guessable, and they differ
between services. Use the —query filter to narrow results by name.
Lambda concurrency quotas
Lambda has a concurrency model worth understanding separately. The account-level concurrency quota caps the total number of Lambda function instances running simultaneously across all functions in a Region. For a deeper look at how Lambda scales under load, see the Lambda Scaling Behaviour guide.
- Account concurrency: total simultaneous executions across all functions in a Region. The default varies. Established accounts typically have 1,000, but newer accounts may start lower.
- Reserved concurrency: a portion of the account limit you reserve for a specific function. Guarantees capacity for that function but also caps it.
- Provisioned concurrency: pre-warmed execution environments that eliminate cold starts. Has its own quota separate from the account concurrency limit.
# Check your Lambda concurrency limits
aws lambda get-account-settings \
--query '{TotalConcurrency:AccountLimit.ConcurrentExecutions,UnreservedConcurrency:AccountLimit.UnreservedConcurrentExecutions}'How quota increases work
Most quotas are adjustable. You request an increase through the Service Quotas console or CLI. What happens next depends on the size of the request.
- Small, routine increases are often approved automatically within minutes. AWS has automated approval for common quotas within certain thresholds.
- Larger increases go through a manual review. AWS may ask for business justification. Approval typically takes one to several business days.
- Urgent requests do not get priority treatment. There is no “rush” option. If you need higher quotas for a launch, request them at least one to two weeks in advance.
Each increase request targets a single quota in a single Region. If you need the same increase in five Regions, that is five separate requests. New Regions also start at default quotas, even if your primary Region has been increased. Plan for this when expanding your infrastructure.
# Request an increase (example: increase EC2 On-Demand Standard vCPUs)
# Use the quota code you discovered with list-service-quotas
aws service-quotas request-service-quota-increase \
--service-code ec2 \
--quota-code L-1216C47A \
--desired-value 128# Check the status of pending requests for a service
aws service-quotas list-requested-service-quota-changes-by-service \
--service-code ec2 \
--query 'RequestedQuotas[*].{Quota:QuotaName,Requested:DesiredValue,Status:Status}' \
--output tableTreat quota increases like visa applications: submit them well before your trip, not
at the airport gate. Build quota reviews into your planning process for launches,
migrations, load tests, and large environment rollouts. Once your
API calls start returning
LimitExceededException, the quota is already hit and a new request
will not help immediately.
Monitoring quota usage
The Service Quotas service integrates with
Amazon CloudWatch.
For supported services, AWS publishes usage
metrics in the
AWS/Usage namespace. You can
create alarms that
fire when usage approaches your applied quota.
Not every service or quota publishes CloudWatch usage metrics. Coverage is growing, but check the Service Quotas console to see whether the specific quota you care about has CloudWatch integration. For quotas without metrics, check usage manually through the console or build your own count using the CLI.
Setting up a quota usage alarm
The easiest path is through the Service Quotas console: find the quota, click Create CloudWatch alarm, and set a percentage threshold. To do the same thing from the CLI:
# Create a CloudWatch alarm when EC2 On-Demand vCPU usage reaches a threshold.
# Replace the --threshold value with ~80% of your applied quota.
# Replace the SNS ARN with your own notification topic.
aws cloudwatch put-metric-alarm \
--alarm-name ec2-vcpu-quota-warning \
--alarm-description "EC2 On-Demand vCPU usage approaching quota" \
--namespace AWS/Usage \
--metric-name ResourceCount \
--dimensions \
Name=Service,Value=EC2 \
Name=Resource,Value=vCPU \
Name=Type,Value=Resource \
Name=Class,Value=Standard/OnDemand \
--statistic Maximum \
--period 300 \
--evaluation-periods 1 \
--threshold 80 \
--comparison-operator GreaterThanOrEqualToThreshold \
--alarm-actions arn:aws:sns:us-east-1:123456789012:quota-alertsThe —threshold in this example is an absolute resource count, not a
percentage. If your applied vCPU quota is 128, set the threshold to around 102
(roughly 80%) to get an early warning. Adjust the value to match your actual
applied quota. Check your applied quota first using the commands in the previous
section.
When to use this
Check and plan around service quotas in these situations:
- Before a production launch. Review quotas for every service your application depends on. A quota-related failure during launch is entirely preventable.
- Before scaling EC2, Lambda, or EKS. Scaling plans often exceed default vCPU, concurrency, or node group quotas. Check limits before you auto-scale into a wall.
- When creating multiple environments, accounts, or VPCs. Dev, staging, and production environments in the same Region share the same quotas. The default of 5 VPCs per Region fills up quickly in multi-environment setups.
- When automation starts failing with throttling or limit errors. If Terraform, CDK, or a CI/CD pipeline fails with
LimitExceededExceptionorThrottlingException, a quota or rate limit is the likely cause. - Before load testing or migration. Load tests can push usage past quota limits rapidly. Request increases before the test, not during it.
- When enabling a new service or expanding to a new Region. New Regions start at default quotas even if you have higher applied quotas elsewhere.
Common mistakes
Not checking quotas before a production launch. A quota failure during a high-traffic event is embarrassing and avoidable. Review quotas for every service your application uses before any significant deployment.
Confusing quota errors with application bugs. An EC2 launch that fails with “You have reached your limit” or a Lambda function returning
TooManyRequestsExceptionat peak traffic can look like application failures. Check for quota-related error codes before debugging application logic.Requesting quota increases too late. Larger increases require manual review and can take several business days. There is no expedite option. Request increases during planning, not during an incident.
Not monitoring quota usage. Hitting a quota during peak traffic is a preventable outage. Set CloudWatch alarms at 70–80% of your applied quota for services critical to your application.
Assuming quotas are the same across accounts. A quota increase approved in your production account does not carry over to staging, dev, or a new account. Each account starts at its own defaults.
Forgetting that most quotas are per Region. Increasing your EC2 vCPU quota in
us-east-1does not change it ineu-west-1. If you operate in multiple Regions, submit increase requests for each one.Treating defaults from tutorials as your own values. Blog posts and tutorials cite specific default quotas that may not match your account. AWS adjusts defaults over time and across account types. Always verify your own applied quotas rather than relying on published numbers.
AWS service quotas vs throttling vs billing controls
These three concepts are related but solve different problems. Confusing them leads to the wrong fix.
| Mechanism | What it limits | What happens when you hit it | How to respond |
|---|---|---|---|
| Service quotas | Maximum resource count or capacity for a service | Resource creation fails with a limit error | Request a quota increase or delete unused resources |
| API throttling | Requests per second to an AWS API | API returns ThrottlingException or HTTP 429 | Add exponential backoff and retries; request a rate limit increase if sustained |
| Billing controls | Nothing. They notify, but do not stop resources | You receive an email or SNS alert when spending crosses a threshold | Review spending in Cost Explorer and take manual action |
Quotas are like a parking garage with a fixed number of spaces. Throttling is like a speed limit on the ramp into the garage. Billing alerts are like your bank’s spending notification. The garage stops you from parking more cars than it holds. The speed limit stops you from driving in too fast. The bank notification just tells you that you spent money. All three protect you, but in different ways.
Service quotas and API throttling are both enforced by AWS and will block actions when exceeded. Billing controls (AWS Budgets) are informational only. They alert you but do not prevent resource creation or stop running services. You need all three working together: quotas to prevent accidental over-provisioning, throttling retries to handle API rate limits gracefully, and billing alerts to catch cost surprises.
Summary
- AWS service quotas cap how many resources you can create and how fast you can call APIs. Most apply per account per Region
- Default quotas vary by account. Always check your own applied values rather than relying on published defaults
- Most quotas are adjustable. Request increases through the Service Quotas console or CLI
- Request increases proactively, before launches, migrations, or load tests. Not during incidents
- Monitor usage with CloudWatch alarms on the
AWS/Usagenamespace, set at 70–80% of your applied quota - Quota errors, throttling errors, and billing alerts are different mechanisms that solve different problems
Frequently asked questions
What are AWS service quotas?
AWS service quotas are caps on the number of resources you can create or the rate of API requests you can make for each AWS service. Most quotas apply per account per Region. They exist to prevent accidental runaway usage and to ensure fair resource distribution. Most quotas are adjustable through the Service Quotas console or CLI.
Are quotas per account or per Region?
Most quotas are per account per Region. The same account can have different applied quotas in different Regions. A few quotas are global, such as S3 general-purpose buckets or IAM roles. Check the scope in the Service Quotas console for the specific quota you are working with.
Can all quotas be increased?
No. Most quotas are adjustable and can be increased by request. Some are fixed and cannot be changed. The Service Quotas console marks each quota as adjustable or not.
What is the difference between a quota error and a throttling error?
A quota error means you reached the maximum count of a resource. A throttling error means you made API calls too quickly and hit a rate limit. Quota errors require an increase request or resource cleanup. Throttling errors are handled with exponential backoff and retries.
How do I monitor quota usage?
AWS publishes usage metrics for many services in the AWS/Usage CloudWatch namespace. You can create CloudWatch alarms that trigger when usage approaches your quota. Not all services support this yet, so check the Service Quotas console for services without CloudWatch integration.