AWS Service Quotas Explained: Check Limits, Increase Quotas, Avoid Errors

Quota issues are behind some of the most confusing failures in AWS. An EC2 launch fails with a vCPU limit error. A Lambda function starts throttling at peak traffic. Terraform rolls back because you hit the VPC limit in a Region. These problems are preventable if you know how to check, increase, and monitor your service quotas before they become production incidents.

This page explains how AWS service quotas work, shows you how to find and increase them using the console and the AWS CLI, and covers how to set up monitoring so you get warned before hitting a limit. If you are new to AWS, read this before your first real deployment.

Real-world scenario

It is launch day. Your auto-scaling group tries to spin up 20 new EC2 instances to handle a traffic spike, but your account only allows 32 vCPUs total. Half the instances fail to launch. Your load balancer returns 503 errors to customers. The fix takes five minutes once you know the cause, but finding the cause under pressure can take much longer. This page helps you avoid being in that situation.

Simple explanation

Every AWS service has built-in caps on how much you can use. These caps are called service quotas. Some limit how many resources you can create (like the number of VPCs in a Region). Others limit how fast you can call an API (like requests per second to EC2).

You will also see the term service limits in older AWS documentation, blog posts, and error messages. “Service limits” and “service quotas” mean the same thing. AWS renamed them to “service quotas” in 2019 when it launched the Service Quotas console, but the older term is still widely used.

Think of it this way

Quotas work like the circuit breakers in your house. They exist to stop something dangerous before it gets out of hand. A runaway script that creates thousands of EC2 instances could rack up a massive bill in minutes. Quotas trip the breaker before that happens. And just like calling an electrician to upgrade your panel, you can request higher quotas when you genuinely need more capacity.

How AWS service quotas work

Default quota vs applied quota

The default quota is the starting value AWS assigns when you create an account. The applied quota is the actual limit currently in effect for your account. If you have never requested an increase, these two values are the same. After an approved increase, the applied quota is higher than the default.

Watch out

Default quotas can differ between accounts. AWS sometimes adjusts defaults based on account age, usage history, or support plan. Do not assume your account has the same defaults as a tutorial or blog post. Always check your own applied values.

Adjustable vs non-adjustable quotas

Adjustable quotas (sometimes called soft limits) can be increased by submitting a request. Most quotas you encounter in practice are adjustable. Non-adjustable quotas (hard limits) are fixed and cannot be changed regardless of business justification. The Service Quotas console marks each quota clearly.

Account-level, Region-level, and resource-level quotas

Most quotas are scoped per account per Region. For example, the VPC quota applies independently in each Region. Reaching the limit in us-east-1 does not affect eu-west-1. A few quotas are global (per account regardless of Region), such as IAM roles or S3 general-purpose buckets. Some quotas apply at the resource level, like the number of tags per resource or the maximum size of an IAM policy.

Resource counts vs request-rate limits

Resource quotas cap how many of something you can have at once (VPCs, EC2 vCPUs, Lambda functions). Rate quotas cap how many API calls you can make per second (DescribeInstances calls, GetRole requests). Both types appear in the Service Quotas console, but they cause different kinds of failures and require different responses.

ConceptWhat it meansExample
Default quotaStarting value for new accounts5 VPCs per Region
Applied quotaYour current effective limit10 VPCs per Region (after increase)
AdjustableCan be increased by requestEC2 On-Demand vCPUs, VPCs per Region
Non-adjustableFixed, cannot be changedMaximum IAM managed policy size (6,144 characters)
Region-levelSeparate limit per RegionLambda concurrent executions
Account-level (global)One limit for the whole accountS3 general-purpose buckets, IAM roles
Resource countHow many you can createNumber of VPCs, number of IAM roles
Request rateHow many API calls per secondEC2 DescribeInstances calls per second

How to check your current quotas

Using the console

The fastest way to browse your quotas:

  1. Open the Service Quotas console.
  2. Select AWS services in the left navigation.
  3. Search for or select the service you want to inspect (for example, Amazon EC2).
  4. Browse the list of quotas. Each entry shows the quota name, applied value, default value, and whether it is adjustable.

Using the CLI

The AWS CLI is better for scripting and quick lookups. You can also use AWS CloudShell if you do not have the CLI installed locally. The commands below walk through a logical discovery flow: start broad, then narrow down to the specific quota you need.

# Step 1: List services available in Service Quotas
aws service-quotas list-services \
  --query 'Services[*].{Code:ServiceCode,Name:ServiceName}' \
  --output table
# Step 2: List all quotas for a specific service (e.g., EC2)
aws service-quotas list-service-quotas \
  --service-code ec2 \
  --query 'Quotas[*].{Name:QuotaName,Code:QuotaCode,Value:Value,Adjustable:Adjustable}' \
  --output table
# Step 3: Filter to find a specific quota by name
# This example searches for On-Demand vCPU quotas
aws service-quotas list-service-quotas \
  --service-code ec2 \
  --query "Quotas[?contains(QuotaName,'On-Demand')].{Name:QuotaName,Code:QuotaCode,Value:Value}" \
  --output table
# Step 4: Get full details for a specific quota using its code
# Use the QuotaCode value from Step 3
aws service-quotas get-service-quota \
  --service-code ec2 \
  --quota-code L-1216C47A
Tip

Always use list-service-quotas to discover the quota code you need first. Quota codes like L-1216C47A are not guessable, and they differ between services. Use the —query filter to narrow results by name.

Lambda concurrency quotas

Lambda has a concurrency model worth understanding separately. The account-level concurrency quota caps the total number of Lambda function instances running simultaneously across all functions in a Region. For a deeper look at how Lambda scales under load, see the Lambda Scaling Behaviour guide.

  • Account concurrency: total simultaneous executions across all functions in a Region. The default varies. Established accounts typically have 1,000, but newer accounts may start lower.
  • Reserved concurrency: a portion of the account limit you reserve for a specific function. Guarantees capacity for that function but also caps it.
  • Provisioned concurrency: pre-warmed execution environments that eliminate cold starts. Has its own quota separate from the account concurrency limit.
# Check your Lambda concurrency limits
aws lambda get-account-settings \
  --query '{TotalConcurrency:AccountLimit.ConcurrentExecutions,UnreservedConcurrency:AccountLimit.UnreservedConcurrentExecutions}'

How quota increases work

Most quotas are adjustable. You request an increase through the Service Quotas console or CLI. What happens next depends on the size of the request.

  • Small, routine increases are often approved automatically within minutes. AWS has automated approval for common quotas within certain thresholds.
  • Larger increases go through a manual review. AWS may ask for business justification. Approval typically takes one to several business days.
  • Urgent requests do not get priority treatment. There is no “rush” option. If you need higher quotas for a launch, request them at least one to two weeks in advance.
Common trap

Each increase request targets a single quota in a single Region. If you need the same increase in five Regions, that is five separate requests. New Regions also start at default quotas, even if your primary Region has been increased. Plan for this when expanding your infrastructure.

# Request an increase (example: increase EC2 On-Demand Standard vCPUs)
# Use the quota code you discovered with list-service-quotas
aws service-quotas request-service-quota-increase \
  --service-code ec2 \
  --quota-code L-1216C47A \
  --desired-value 128
# Check the status of pending requests for a service
aws service-quotas list-requested-service-quota-changes-by-service \
  --service-code ec2 \
  --query 'RequestedQuotas[*].{Quota:QuotaName,Requested:DesiredValue,Status:Status}' \
  --output table
Rule of thumb

Treat quota increases like visa applications: submit them well before your trip, not at the airport gate. Build quota reviews into your planning process for launches, migrations, load tests, and large environment rollouts. Once your API calls start returning LimitExceededException, the quota is already hit and a new request will not help immediately.

Monitoring quota usage

The Service Quotas service integrates with Amazon CloudWatch. For supported services, AWS publishes usage metrics in the AWS/Usage namespace. You can create alarms that fire when usage approaches your applied quota.

Partial coverage

Not every service or quota publishes CloudWatch usage metrics. Coverage is growing, but check the Service Quotas console to see whether the specific quota you care about has CloudWatch integration. For quotas without metrics, check usage manually through the console or build your own count using the CLI.

Setting up a quota usage alarm

The easiest path is through the Service Quotas console: find the quota, click Create CloudWatch alarm, and set a percentage threshold. To do the same thing from the CLI:

# Create a CloudWatch alarm when EC2 On-Demand vCPU usage reaches a threshold.
# Replace the --threshold value with ~80% of your applied quota.
# Replace the SNS ARN with your own notification topic.
aws cloudwatch put-metric-alarm \
  --alarm-name ec2-vcpu-quota-warning \
  --alarm-description "EC2 On-Demand vCPU usage approaching quota" \
  --namespace AWS/Usage \
  --metric-name ResourceCount \
  --dimensions \
    Name=Service,Value=EC2 \
    Name=Resource,Value=vCPU \
    Name=Type,Value=Resource \
    Name=Class,Value=Standard/OnDemand \
  --statistic Maximum \
  --period 300 \
  --evaluation-periods 1 \
  --threshold 80 \
  --comparison-operator GreaterThanOrEqualToThreshold \
  --alarm-actions arn:aws:sns:us-east-1:123456789012:quota-alerts
Note

The —threshold in this example is an absolute resource count, not a percentage. If your applied vCPU quota is 128, set the threshold to around 102 (roughly 80%) to get an early warning. Adjust the value to match your actual applied quota. Check your applied quota first using the commands in the previous section.

When to use this

Check and plan around service quotas in these situations:

  • Before a production launch. Review quotas for every service your application depends on. A quota-related failure during launch is entirely preventable.
  • Before scaling EC2, Lambda, or EKS. Scaling plans often exceed default vCPU, concurrency, or node group quotas. Check limits before you auto-scale into a wall.
  • When creating multiple environments, accounts, or VPCs. Dev, staging, and production environments in the same Region share the same quotas. The default of 5 VPCs per Region fills up quickly in multi-environment setups.
  • When automation starts failing with throttling or limit errors. If Terraform, CDK, or a CI/CD pipeline fails with LimitExceededException or ThrottlingException, a quota or rate limit is the likely cause.
  • Before load testing or migration. Load tests can push usage past quota limits rapidly. Request increases before the test, not during it.
  • When enabling a new service or expanding to a new Region. New Regions start at default quotas even if you have higher applied quotas elsewhere.

Common mistakes

  1. Not checking quotas before a production launch. A quota failure during a high-traffic event is embarrassing and avoidable. Review quotas for every service your application uses before any significant deployment.

  2. Confusing quota errors with application bugs. An EC2 launch that fails with “You have reached your limit” or a Lambda function returning TooManyRequestsException at peak traffic can look like application failures. Check for quota-related error codes before debugging application logic.

  3. Requesting quota increases too late. Larger increases require manual review and can take several business days. There is no expedite option. Request increases during planning, not during an incident.

  4. Not monitoring quota usage. Hitting a quota during peak traffic is a preventable outage. Set CloudWatch alarms at 70–80% of your applied quota for services critical to your application.

  5. Assuming quotas are the same across accounts. A quota increase approved in your production account does not carry over to staging, dev, or a new account. Each account starts at its own defaults.

  6. Forgetting that most quotas are per Region. Increasing your EC2 vCPU quota in us-east-1 does not change it in eu-west-1. If you operate in multiple Regions, submit increase requests for each one.

  7. Treating defaults from tutorials as your own values. Blog posts and tutorials cite specific default quotas that may not match your account. AWS adjusts defaults over time and across account types. Always verify your own applied quotas rather than relying on published numbers.

AWS service quotas vs throttling vs billing controls

These three concepts are related but solve different problems. Confusing them leads to the wrong fix.

MechanismWhat it limitsWhat happens when you hit itHow to respond
Service quotasMaximum resource count or capacity for a serviceResource creation fails with a limit errorRequest a quota increase or delete unused resources
API throttlingRequests per second to an AWS APIAPI returns ThrottlingException or HTTP 429Add exponential backoff and retries; request a rate limit increase if sustained
Billing controlsNothing. They notify, but do not stop resourcesYou receive an email or SNS alert when spending crosses a thresholdReview spending in Cost Explorer and take manual action
Think of it this way

Quotas are like a parking garage with a fixed number of spaces. Throttling is like a speed limit on the ramp into the garage. Billing alerts are like your bank’s spending notification. The garage stops you from parking more cars than it holds. The speed limit stops you from driving in too fast. The bank notification just tells you that you spent money. All three protect you, but in different ways.

Service quotas and API throttling are both enforced by AWS and will block actions when exceeded. Billing controls (AWS Budgets) are informational only. They alert you but do not prevent resource creation or stop running services. You need all three working together: quotas to prevent accidental over-provisioning, throttling retries to handle API rate limits gracefully, and billing alerts to catch cost surprises.

Frequently asked questions

What are AWS service quotas?

AWS service quotas are caps on the number of resources you can create or the rate of API requests you can make for each AWS service. Most quotas apply per account per Region. They exist to prevent accidental runaway usage and to ensure fair resource distribution. Most quotas are adjustable through the Service Quotas console or CLI.

Are quotas per account or per Region?

Most quotas are per account per Region. The same account can have different applied quotas in different Regions. A few quotas are global, such as S3 general-purpose buckets or IAM roles. Check the scope in the Service Quotas console for the specific quota you are working with.

Can all quotas be increased?

No. Most quotas are adjustable and can be increased by request. Some are fixed and cannot be changed. The Service Quotas console marks each quota as adjustable or not.

What is the difference between a quota error and a throttling error?

A quota error means you reached the maximum count of a resource. A throttling error means you made API calls too quickly and hit a rate limit. Quota errors require an increase request or resource cleanup. Throttling errors are handled with exponential backoff and retries.

How do I monitor quota usage?

AWS publishes usage metrics for many services in the AWS/Usage CloudWatch namespace. You can create CloudWatch alarms that trigger when usage approaches your quota. Not all services support this yet, so check the Service Quotas console for services without CloudWatch integration.

Last verified: 29 March 2026 Cloud services change frequently. Verify details against official documentation before making infrastructure decisions.