ECS enforces limits on resources, performance, and service usage. Some limits are fixed; others are adjustable by requesting a quota increase. Review these limits before deploying ECS to plan capacity, avoid hard constraints, and identify where to request increases.
How to read the tables
Each section contains a table with the following columns:
Limit: The specific constraint that applies, including fixed values or instructions for checking quota-based limits.
Adjustable: Whether the limit can be increased. If it can, the column contains a link to request an increase. If it cannot, the column shows "Not adjustable."
Some limits are quota-based — the actual value depends on your account and region. Use the quota ID to look up your current limit in the Quota Center.
A quota is the maximum amount of a cloud resource or the maximum number of operations that a single Alibaba Cloud account can use in a given region.
Instances
Restriction item | Limit | Adjustable |
vCPU quotas | The maximum number of vCPUs per instance family per account per region, broken down by billing method (subscription, pay-as-you-go, or spot). See vCPU quotas below. | |
GPU and vGPU quotas | The maximum number of GPUs or vGPU instances per instance family per account per region, broken down by billing method. See GPU and vGPU quotas below. | |
Maximum subscription instances purchasable at one time (per account per region) | Quota ID: | Not adjustable |
Convert pay-as-you-go to subscription | No limit on the number of instances. Discontinued instance types cannot be converted. See Convert a pay-as-you-go instance to a subscription instance. | Not adjustable |
Convert subscription to pay-as-you-go | Each conversion generates a refund that counts against your monthly refund limit. If you exceed the limit, no further conversions are possible until the limit resets on the first day of the next month. See Convert a subscription instance to a pay-as-you-go instance. | Not adjustable |
Secondary virtualization | Only ECS Bare Metal instances and Super Computing Clusters (SCC) support secondary virtualization. Other instance families do not support installing virtualization software or secondary virtualization. | Not adjustable |
Sound card applications | Not supported. | Not adjustable |
External hardware devices | Cannot directly attach external hardware devices such as hardware dongles, USB flash drives, external hard drives, or bank U-Keys. Software dongles or dynamic passwords can be used for secondary authentication instead. | Not adjustable |
Multicast | Not supported. Use unicast point-to-point communication for one-to-many communication. | Not adjustable |
ICP filing | To apply for an ICP filing, purchase a subscription instance with a duration of three months or more. Each instance supports ICP filings for a maximum of five websites or apps. See Check the server for ICP filing. | Not adjustable |
Software licenses | Some software licenses are bound to instance hardware. Migrating an instance may change its hardware information and invalidate the license. | Not adjustable |
vCPU quotas
GPU and vGPU quotas
Image
Restriction item | Limit | Adjustable |
Maximum custom images per account per region | Quota ID: | |
Maximum accounts a single custom image can be shared with | Quota ID: | |
Image and instance type compatibility | Instance types with 4 GiB or more of memory cannot use 32-bit images. | Not adjustable |
For more information, see Image overview.
Block storage
Block storage capacity uses binary units (base 1024). For example, 1 GiB = 1,024 MiB.
Pay-by-bandwidth: 200 Mbit/s
Pay-by-bandwidth:
Subscription instances: 200 Mbit/s
Pay-as-you-go instances: 100 Mbit/s
Pay-by-traffic:
Subscription instances: 200 Mbit/s
Pay-as-you-go instances: 100 Mbit/s
Pay-by-traffic: 100 Mbit/s
Restriction item | Limit | Adjustable |
System disks per instance | 1 | Not adjustable |
Data disks per instance | Varies by instance type. When creating an instance, you can specify up to 1 system disk and 64 data disks; the actual limit shown in the console applies. Attach additional data disks after creation if needed. Call DescribeInstanceTypes to query the limit for a specific type. See Instance families. | Not adjustable |
Disk capacity quota per account per region and zone | Varies by disk type. See View or increase block storage quotas. | |
Basic disk capacity | 5 GiB to 2,000 GiB | Not adjustable |
Standard SSD capacity | 20 GiB to 32,768 GiB | Not adjustable |
Ultra disk capacity | 20 GiB to 32,768 GiB | Not adjustable |
Enhanced SSD (ESSD) capacity | PL0: 1–65,536 GiB; PL1: 20–65,536 GiB; PL2: 461–65,536 GiB; PL3: 1,261–65,536 GiB | Not adjustable |
ESSD AutoPL disk capacity | 1 GiB to 65,536 GiB | Not adjustable |
ESSD Entry disk capacity | 10 GiB to 32,768 GiB | Not adjustable |
Regional ESSD capacity | 1 GiB to 65,536 GiB | Not adjustable |
Local SSD capacity | Varies by instance type, from 5 GiB to 7,152 GiB per disk | Not adjustable |
Total local SSD capacity per instance | Varies by instance type, up to 8 × 7,152 GiB | Not adjustable |
Elastic ephemeral disk capacity | 64 GiB to 8,192 GiB | Not adjustable |
System disk capacity | Windows Server: 40–2,048 GiB; FreeBSD: 30–2,048 GiB; Other Linux: 20–2,048 GiB. When a basic disk is used as a system disk, the maximum capacity is 500 GiB. | Not adjustable |
Attach new local disks to an instance that already has local disks | Not supported. | Not adjustable |
Configuration changes for instances with local disks | Only bandwidth changes are supported. | Not adjustable |
Linux system disk mount point |
| Not adjustable |
Linux data disk mount points | 1–25 data disks: | Not adjustable |
For more information, see Block storage overview.
Snapshots
Restriction item | Limit | Adjustable |
Manual snapshots per disk | 2,000 | Not adjustable |
Automatic snapshots per disk | 2,000 | Not adjustable |
Archived snapshots per disk | 10,000 | Not adjustable |
Automatic snapshot policies per account per region | 100 | Not adjustable |
Automatic snapshot policies per disk | 10 | Not adjustable |
Concurrent snapshots per ESSD disk (ESSD, ESSD AutoPL, ESSD Entry, regional ESSD) | 10 | Not adjustable |
Concurrent snapshots per legacy disk (standard SSD, ultra disk, basic disk) | 1 | Not adjustable |
Concurrent archived snapshots per disk | 10 | Not adjustable |
Snapshot support by disk type | Cannot create snapshots for local disks or elastic ephemeral disks. The snapshot-consistent group feature requires ESSD series disks (ESSD, ESSD AutoPL, or ESSD Entry) with the multi-attach feature disabled. See Multi-attach. The instant access (IA) feature requires ESSD series disks (ESSD, ESSD AutoPL, ESSD Entry, or regional ESSD). See Snapshot instant access. | Not adjustable |
Download or export snapshots | Not supported directly. Create a custom image from the snapshot, then export the image to your on-premises device. See Create a custom image from a snapshot. | Not adjustable |
Concurrent manual and automatic snapshots — ESSD series disks | Supported. If the concurrent snapshot limit is reached, subsequent snapshot tasks fail. See the concurrent snapshot limits above. | Not adjustable |
Concurrent manual and automatic snapshots — legacy disks (standard SSD, ultra disk, basic disk) | Not supported. If a snapshot is in progress when an automatic snapshot is scheduled, the automatic snapshot is skipped and retried at the next scheduled time. If an automatic snapshot is in progress, wait for it to complete before creating a manual snapshot. | Not adjustable |
For more information, see Snapshot overview.
Public bandwidth
Account-level total peak bandwidth
The following limits apply to the combined peak bandwidth of all pay-as-you-go and spot instances using the pay-by-bandwidth billing method under a single account in a single region.
Region | Total peak bandwidth |
China (Beijing), China (Shanghai), China (Hangzhou), and China (Shenzhen) | 50 Gbps |
China (Hong Kong) and Singapore | 20 Gbps |
All other regions | 10 Gbps |
To increase the limit, use the quota ID q_internet-bandwidth-pay-by-bandwidth-of-postpaid-instance. See View or increase ECS quotas.
Starting November 27, 2020, account-level rate limiting policies also apply when creating or changing ECS instance configurations:
The combined actual peak bandwidth of all pay-by-traffic instances in a single region cannot exceed 5 Gbps per account.
The combined actual peak bandwidth of all pay-by-bandwidth instances in a single region cannot exceed 50 Gbps per account.
To request a higher peak bandwidth, submit a ticket.
Per-instance bandwidth limits
For the pay-by-traffic billing method, peak bandwidth values are upper limits and are not guaranteed. During periods of resource contention, bandwidth may be reduced. Use the pay-by-bandwidth billing method if guaranteed bandwidth is required.
Restriction item | Limit | Adjustable |
Peak inbound bandwidth | If the purchased outbound peak bandwidth is 10 Mbit/s or less, Alibaba Cloud allocates 10 Mbit/s inbound. If the purchased outbound peak bandwidth exceeds 10 Mbit/s, inbound bandwidth equals the purchased outbound bandwidth. | Not adjustable |
Peak outbound bandwidth — pay-by-traffic | Subscription instances: 200 Mbit/s; pay-as-you-go instances: 100 Mbit/s. The total public bandwidth of an instance is also capped by the instance type's baseline network bandwidth (see the Baseline Network Bandwidth column in Instance families). Some instance types (ecs.t6-c4m1.large, ecs.t6-c2m1.large, ecs.t6-c1m1.large, ecs.t6-c1m4.large) are limited to 80 Mbit/s. | Not adjustable |
Peak outbound bandwidth — pay-by-bandwidth | 200 Mbit/s. The total public bandwidth of an instance is also capped by the instance type's baseline network bandwidth. | Not adjustable |
Public IP address replacement | Replace the public IP address of a new instance within 6 hours of creation. Maximum 3 replacements per instance. | Not adjustable |
For more information, see Public bandwidth.
Elastic Network Interfaces
Restriction item | Limit | Adjustable |
Maximum secondary Elastic Network Interfaces (ENIs) per account per region | Quota ID: | |
VPC and zone requirements for ENI attachment | The instance and any attached ENI must be in the same Virtual Private Cloud (VPC) and the same zone. Multiple ENIs attached to an instance can belong to different vSwitches within the same VPC and zone. Attaching two or more ENIs from the same vSwitch to an instance may cause asymmetric routing issues. Assign secondary private IP addresses to an ENI instead. See Secondary private IP addresses. | Not adjustable |
Maximum ENIs per instance | Determined by instance type. See the Elastic Network Interface column in Instance families. | Not adjustable |
For more information, see ENI overview.
Prefix lists
Restriction item | Limit | Adjustable |
Prefix lists per account per region | 100 | Not adjustable |
Entries per prefix list | 200 | Not adjustable |
Associated instances per prefix list | 1,000 | Not adjustable |
For more information, see Prefix list overview.
Security groups
Restriction item | Basic security groups | Enterprise security groups |
Maximum security groups per account per region | Quota ID: | Same as basic security groups |
Security groups per ENI | 10 | 10 |
Maximum rules (inbound + outbound) across all security groups associated with a single ENI | 1,000 | 1,000 |
Maximum rules per security group that reference another security group as the authorization object | 20 | 0 — enterprise security groups do not support rules that use a security group as the authorization object, and cannot be used as the authorization object in other security group rules. |
Instances per VPC security group | No fixed limit; determined by the number of private IP addresses the security group can contain. | No limit |
Maximum private IP addresses per VPC security group (per account per region) | 6,000. The count includes all private IP address types on associated ENIs: primary private IPv4, IPv6, secondary private IPv4, IPv4 prefixes, and IPv6 prefixes. If more than 6,000 private IP addresses need to communicate internally, distribute the instances across multiple security groups and configure rules to allow access between groups. View the limit using quota ID | 65,536. The count includes all ENIs associated with the security group, including both primary and secondary network interfaces. |
Port 25 | Restricted by default for security reasons. Use SSL-encrypted port 465 to send emails instead. | Same as basic security groups |
For more information, see Security group overview.
Reserved instances
Restriction item | Limit | Adjustable |
Regional reserved instances per account (across all regions) | 20 | |
Zonal reserved instances per account per zone | 20 | |
Supported instance types | The gn6i and t5 instance families do not support regional reserved instances, splitting, or merging. Available instance types are shown on the purchase page. | Not adjustable |
Resources that can be offset | Pay-as-you-go instances only (spot instances excluded). Computing resources (vCPUs and memory) only — network and storage costs cannot be offset. Windows-type reserved instances also offset image costs. See Billing overview. | Not adjustable |
For more information, see What is a reserved instance?.
Savings plans
Restriction item | Limit | Adjustable |
Savings plans per account | 200 | Not adjustable |
Resources that can be offset | Pay-as-you-go ECS and Elastic Container Instance (ECI) instances (spot instances excluded). For ECS instances: computing resources (vCPUs and memory), images, system disks, data disks (capacity, provisioned performance, and burst fees), and fixed public bandwidth. For ECI instances with unspecified types: computing resources only. See Savings plan offset items and rules and Billing overview. | Not adjustable |
For more information, see What is a savings plan?.
Storage Capacity Units
Restriction item | Limit | Adjustable |
Maximum capacity per Storage Capacity Unit (SCU) purchase | 50 TiB | |
Maximum SCUs per region | 100 | Not adjustable |
Supported products | ESSDs, standard SSDs, ultra disks, and basic disks; Capacity and Performance Network Attached Storage (NAS) file systems; standard snapshots; Standard, Infrequent Access, and Archive OSS; Cloud Backup vault storage; Photo Album and Cloud Storage. | Not adjustable |
Offset type | Pay-as-you-go bills only. Pay-as-you-go disk bills for spot instances cannot be offset. | Not adjustable |
Effective time | Set when purchasing. Cannot be more than 6 months after the creation time. | Not adjustable |
API management | Not supported. SCUs must be created and managed through the console. | Not adjustable |
For more information, see Storage Capacity Unit (SCU).
Launch templates
Restriction item | Limit | Adjustable |
Launch templates per account per region | Quota ID: | |
Versions per launch template per region | Quota ID: | |
Required parameters | All parameters are optional when creating a template. If required parameters (such as instance type or image) are omitted, provide them when using the template to create an instance. | Not adjustable |
Modifying a launch template | Cannot be modified after creation. Create a new version to change configuration. See Manage launch template versions. | Not adjustable |
For more information, see Launch template overview.
Deployment sets
Restriction item | Limit | Adjustable |
Deployment sets per account per region | Quota ID: | |
Instances per deployment set | Determined by the deployment strategy. See Deployment strategies. | Not adjustable |
Dedicated hosts in a deployment set | Not supported. | Not adjustable |
Region and zone requirements | The instance and its deployment set must be in the same region. For the low-latency network strategy, all instances must also be in the same zone. | Not adjustable |
Supported instance types | Varies by deployment strategy. Call DescribeDeploymentSetSupportedInstanceTypeFamily with a deployment strategy to get the supported instance families. | Not adjustable |
Merging deployment sets | Not supported. | Not adjustable |
For more information, see Deployment sets.
Auto provisioning groups
Restriction item | Limit | Adjustable |
Cross-region provisioning | Not supported. | Not adjustable |
Configuration sources per group | One specific launch template version as the base configuration. Instance types in the template can be extended to form multiple resource pools. | Not adjustable |
Resource pools per group | 20 (each pool is a zone + instance type combination) | Not adjustable |
Instances per group | 1,000 | Not adjustable |
For more information, see Auto provisioning group overview.
Cloud Assistant
Restriction item | Limit | Adjustable |
Cloud Assistant commands per account per region | Quota ID: | |
Task output size limit per account per region | Quota ID: | Not adjustable |
Task output retention period per account per region | Quota ID: | Not adjustable |
Activation codes for managed instances per account per region | Quota ID: | Not adjustable |
Instances per command execution per account per region | Quota ID: | |
Script size limits (Base64-encoded Bat, PowerShell, or Shell scripts, including custom parameters) | Create command: 18 KB after Base64 encoding. Run and save command: 18 KB. Run command without saving: 24 KB. Upload file: 32 KB. | Not adjustable |
Custom parameters per command | 20 | Not adjustable |
Supported operating systems | Alibaba Cloud Linux; CentOS 6, 7, 8, and later; CoreOS; Debian 8, 9, 10, and later; OpenSUSE; Red Hat Enterprise Linux 5, 6, 7, and later (requires manual RPM package installation — see Install the Cloud Assistant Agent); SUSE Linux Enterprise Server 11, 12, 15, and later; Ubuntu 12, 14, 16, 18, and later; FreeBSD 11, 12, 13, 14, and later; Windows Server 2012, 2016, 2019, and later. | Not adjustable |
The Cloud Assistant Agent is pre-installed on instances created from ECS public images. For instances created from custom images or Alibaba Cloud Marketplace images, verify OS support and install the agent manually. See Install the Cloud Assistant Agent.
For more information, see Cloud Assistant overview.
Network connectivity diagnosis
Restriction item | Limit | Adjustable |
Diagnostic lines per region | 100 | Not adjustable |
Diagnostic tasks per region | 1,000 | Not adjustable |
Concurrent diagnostic tasks per region | 5 | Not adjustable |
For more information, see Diagnose network connectivity.
API rate limits
An API rate limit constrains the frequency of OpenAPI calls. ECS enforces two types of rate limits based on API version and resource type.
API type | Applies to | Adjustable |
Elastic Compute Service API rate limit | APIs with version | Not adjustable |
Elastic Block Storage API rate limit | Advanced feature APIs for block storage with version |
For more information about ECS APIs, see Integration overview.