This topic describes the limits on ECS and how to apply for extensions on some limits.
ECS has the following limits:
- You cannot install virtualization software such as VMware Workstation or use ECS instances for secondary virtualization. Only ECS bare metal instances and Super Computing Clusters (SCCs) support secondary virtualization.
- ECS does not support sound card applications.
- External hardware devices such as hardware dongles, USB flash drives, external hard disks, and hardware tokens, cannot be directly attached to ECS instances. Software verification methods such as two-factor authentication and dynamic passwords can be used.
- ECS does not support multicast protocols. We recommend that you use unicast protocols instead.
- Log Service does not support 32-bit Linux ECS instances.
For information about the ECS instances that support Log Service, see Logtail overview.
- To apply for ICP filings for websites that are deployed on your ECS instance, make sure that the instance meets ICP filing requirements. You can apply for a limited number of ICP filing service numbers for each ECS instance. For more information, see Prepare and check the instance and access information.
You can click Privileges on the Overview page of the ECS console, and select a region to view the resource usage and quotas in that region. If the quota for a resource type is insufficient, submit a ticket to request a quota increase. For more information about how to view privileges and quotas, see View quotas (old version) or DescribeAccountAttributes.
|Permissions to create an ECS instance||To create an ECS instance within a region in mainland China, you must first complete real-name verification.||None.|
|Instance types that can be used to create pay-as-you-go instances||Instance types that have less than 16 vCPUs.||Submit a ticket.|
|Quota for vCPUs available for pay-as-you-go instances per region in an account||50 vCPUs||Submit a ticket.|
|Quota for vCPUs available for preemptible instances per region in an account||Submit a ticket to apply for a quota of up to 50 vCPUs.||Submit a ticket.|
|Quota for instance launch templates per region in an account||30||None.|
|Quota for versions for an instance launch template||30||None.|
|Permissions to change the billing method from pay-as-you-go to subscription||The following instance types or families do not support billing method changes: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3.||None.|
|Permissions to change the billing method from subscription to pay-as-you-go||
Reserved instance limits
|Quota for regional reserved instances in an account||20||Submit a ticket.|
|Quota for zonal reserved instances per zone in an account||20||Submit a ticket.|
|Instance families that support reserved instances||sn1ne, sn2ne, se1ne, ic5, c5, g5, r5, c6, g6, r6, i2, i2g, hfc5, hfg5, and t5
Note The t5 instance family supports only zonal reserved instances.
Elastic Block Storage limits
|Permissions to create a pay-as-you-go disk||You must complete real-name verification before you can create a disk within a region in mainland China.||None.|
|Quota for pay-as-you-go disks in all regions for an account||This quota is calculated by using the following formula: Number of ECS instances across all regions × 5. A minimum of ten pay-as-you-go disks can be created in each account.||Submit a ticket.|
|Quota for system disks on an instance||1||None.|
|Quota for data disks on an instance||16 (including cloud disks and Shared Block Storage devices)||None.|
|Quota for instances to which a Shared Block Storage device can be attached||8||None.|
|Quota for Shared Block Storage devices in all regions for an account||10||Submit a ticket.|
|Capacity of a basic disk||5 GiB to 2,000 GiB||None.|
|Capacity of a standard SSD||20 GiB to 32,768 GiB||None.|
|Capacity of an ultra disk||20 GiB to 32,768 GiB||None.|
|Capacity of an enhanced SSD (ESSD)||20 GiB to 32,768 GiB||None.|
|Capacity of a local SSD||5 GiB to 800 GiB||None.|
|Total capacity of all local SSDs on an instance||1,024 GiB||None.|
|Capacity of a local NVMe SSD||1,456 GiB||None.|
|Total capacity of all local NVMe SSDs on an instance||2,912 GiB||None.|
|Capacity of a local SATA HDD||5,500 GiB||None.|
|Total capacity of all local SATA HDDs on an instance||154, 000 GiB||None.|
|Capacity of a Shared SSD Block Storage device||32,768 GiB||None.|
|Total capacity of all Shared SSD Block Storage devices on an instance||128 TiB||None.|
|Capacity of a Shared Ultra Block Storage device||32, 768 GiB||None.|
|Total capacity of all Shared Ultra Block Storage devices on an instance||128 TiB||None.|
|Capacity of a system disk||
|Permissions to attach new local disks to instances that are equipped with local disks||Not allowed.||None.|
|Permissions to change configurations of instances that are equipped with local disks||Only bandwidth configurations of instances that are equipped with local disks can be changed.||None.|
|Mount points of system disks||/dev/vda||None.|
|Mount points of data disks||/dev/vd[b-z]||None.|
|Quota for user-created snapshots (also called manual snapshots) that can be created for each disk or Shared Block Storage device||256||None.|
|Quota for automatic snapshots that can be created for each disk or Shared Block Storage device||1,000||None.|
|Quota for automatic snapshot policies that can be created per region in an account||100||None.|
|Quota for custom images that can be created per region in an account||100||Submit a ticket.|
|Quota for users to whom a single image can be shared||50||Submit a ticket.|
|Support of instance types for images||Instance types that have 4 GiB or larger memory do not support 32-bit images.||None.|
SSH key pair limits
|Quota for SSH key pairs per region in an account||500||None.|
|Instance types that support SSH key pairs||Non-I/O optimized instance types of Generation I instance families do not support SSH key pairs||None.|
|Images that support SSH key pairs||Only Linux images||None.|
Public bandwidth limits
- In a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-traffic billing method for network usage cannot exceed 5 Gbit/s.
- In a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-bandwidth billing method for network usage cannot exceed 50 Gbit/s.
|Peak inbound bandwidth||
|Peak outbound bandwidth||
|Change to the public IP address of an instance||The public IP address of an instance can be changed within six hours after the instance is created, and can be changed a maximum of three times.||None.|
Security group limits
|Item||Basic security group||Advanced security group|
|Quota for security groups that can be created per region in an account||100||Same as the limit on basic security groups.|
|Quota for classic network-type ECS instances that can be contained in a classic network-type security group||1,000*||The classic network is not supported.|
|Quota for VPC-type ECS instances that can be contained in a VPC-type security group||Depends on the number of private IP addresses that can be contained in the VPC-type security group.||No limits.|
|Quota for security groups to which an ECS instance can belong||5
You can submit a ticket to raise the limit to 10 or 16 security groups.
|Same as the limit on basic security groups.|
|Quota for security groups to which an elastic network interface (ENI) of an ECS instance can belong|
|Quota for rules (including inbound and outbound rules) in a security group||200***||Same as the limit on basic security group|
|Quota for rules (both inbound and outbound rules) in all security groups to which an ENI belongs||1,000||Same as the limit on basic security groups.|
|Quota for private IP addresses that can be contained in a VPC-type security group||2,000**||65536|
|Internet access port||The default STMP port for outbound traffic is port 25, which is disabled by default. It cannot be enabled by security group rules.||Same as the limit on basic security groups.|
* If more than 1,000 classic network-type instances need mutual access over the internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.
** If more than 2,000 private IP addresses need mutual access over the internal network, you can distribute the ECS instances of these IP addresses to multiple security groups and authorize mutual access among these security groups.
*** If you increase the quota for security groups to which an ECS instance can belong, the quota for rules in each security group decreases. The product of the quota for security groups to which an ECS instance belongs and the quota for rules in each security group cannot exceed 1,000. For example, if the quota for security groups to which the ECS instance can belong is 5, 10, or 16, the corresponding quota for rules in each security group is 200, 100, or 60, which are verified by using the following formulas: 5 × 200 = 1,000, 10 × 100 = 1,000, and 16 × 60 ≤ 1,000.
Deployment set limits
|Quota for deployment sets per region in an account||2||None.|
|Quota for instances that can be contained in a deployment set||A maximum of seven instances are allowed in each zone. The number of instances allowed in a deployment set within a region is calculated by using the following formula: 7 × Number of zones in the region.||None.|
|Instance families that support deployment sets||c5, d1, d1ne, g5, hfc5, hfg5, i2, ic5, r5, se1ne, sn1ne, and sn2ne||None.|
Cloud Assistant limits
|Quota for Cloud Assistant commands that can be created per region in an account||100||Submit a ticket.|
|Quota for Cloud Assistant commands that can be run each day by an account within a region||5,000||Submit a ticket.|
|Quota for ENIs per region in an account||100||Submit a ticket.|
|Quota for tags that can be bound to an instance||20||None.|
|Quota for calls to the CreateInstance operation||200 calls per minute||Submit a ticket.|