This topic describes the limits on Elastic Compute Service (ECS) and how to apply for extensions on these limits.

Overview

ECS has the following limits:

  • Only ECS Bare Metal Instance families and Super Computing Cluster (SCC) instance families support secondary virtualization, and other ECS instance families do not support the installation of virtualization software and secondary virtualization.
  • ECS does not support sound card applications.
  • External hardware devices such as hardware dongles, USB flash drives, external hard disks, and bank U keys cannot be directly attached to ECS instances. Software verification methods such as software dongles and two-factor authentication based on one-time passwords can be used.
  • ECS does not support multicast protocols. We recommend that you use unicast protocols instead.
  • Log Service does not support 32-bit Linux ECS instances.

    For more information about the ECS instances that support Log Service, see Use Logtail to collect data.

  • To apply for Internet Content Provider (ICP) filings for websites that are deployed on your ECS instance, make sure that the instance meets ICP filing requirements. You can apply for only a limited number of ICP filing service numbers for each ECS instance. For more information, see Prepare and check the instance and access information.

Instance limits

Item Limit Adjustable
Permissions to create ECS instances To create ECS instances within mainland China regions, you must first complete real-name verification. N/A
Instance types that can be used to create pay-as-you-go instances Instance types that have less than 16 vCPUs. Submit a ticket.
Instances of a specific instance type, billing method, and network type within a specific zone You can view the instance quota in the ECS console. For more information, see View and increase instance quotas. You can apply for a quota increase in the ECS console. For more information, see View and increase instance quotas.
Subscription instances that you can purchase at a time You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Launch templates per region within an account 30 N/A
Versions of a single launch template 30 N/A
Permissions to change the billing method from pay-as-you-go to subscription You cannot change the billing method of instances of retired instance types from pay-as-you-go to subscription. For more information, see Retired instance types. N/A
Permissions to change the billing method from subscription to pay-as-you-go
  • This limit is determined based on your ECS usage.
  • If you change the billing method from subscription to pay-as-you-go, a refund may be made. Each account has a maximum monthly refund amount. Details of the refund are displayed on the Switch to Pay-As-You-Go page in the ECS console.
N/A

Reserved instance limits

Item Limit Adjustable
Regional reserved instances within an account 20 Submit a ticket.
Zonal reserved instances per zone within an account 20 Submit a ticket.
Instance types that support reserved instances The following instance families support reserved instances:
  • General purpose instance families: g7, g6e, g6, g5, g5ne, and sn2ne
  • Compute optimized instance families: c7, c6e, c6, c5, ic5, and sn1ne
  • Memory optimized instance families: r7, r6e, r6, r5, re6, re4, and se1ne
  • Big data instance family: d2s
  • Instance families with local SSDs: i2 and i2g
  • Instance families with high clock speeds: hfc6, hfc5, hfg6, hfg5, and hfr6
  • GPU-accelerated compute optimized instance families: gn6i, gn6e, and gn6v
  • ECS Bare Metal Instance families: ebmc6, ebmg6, ebmr6, ebmhfc6, ebmhfg6, and ebmhfr6
  • Burstable instance families: t6 and t5
N/A
Note For more information about the reserved instance limits, see the "Limits" section in Overview.

Savings plan limits

Item Limit Adjustable
Savings plans within an account 40 N/A
Instance types that support savings plans Savings plans cannot be applied to instances of retired Generation I instance families, which include t1, s1, s2, s3, m1, m2, c1, and c2. N/A

Elastic Block Storage (EBS) limits

Item Limit Adjustable
Permissions to create pay-as-you-go disks To create disks within mainland China regions, you must first complete real-name verification. N/A
Pay-as-you-go disks You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
System disks on a single instance 1 N/A
Data disks on a single instance 16 N/A
Capacity of all pay-as-you-go ultra disks within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Capacity of all pay-as-you-go standard SSDs within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Capacity of all pay-as-you-go enhanced SSDs (ESSDs) within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Capacity of a single basic disk 5 GiB~2000 GiB N/A
Capacity of a single standard SSD 20 GiB~32768 GiB N/A
Capacity of a single ultra disk 20 GiB~32768 GiB N/A
Capacity of a single ESSD 20 GiB~32768 GiB N/A
Capacity of a single local SSD 5 GiB~800 GiB N/A
Capacity of all local SSDs on an instance 1024 GiB N/A
Capacity of a single system disk
  • Windows Server: 40 GiB to 500 GiB
  • Red Hat: 40 GiB to 500 GiB
  • CoreOS and FreeBSD: 30 GiB to 500 GiB
  • Linux distributions excluding CoreOS: 20 GiB to 500 GiB
N/A
Permissions to attach new local disks to instances that are equipped with local disks New local disks cannot be attached to instances that are already equipped with local disks. N/A
Permissions to change configurations of instances that are equipped with local disks Only bandwidth configurations of instances that are equipped with local disks can be changed. N/A
Mount points of system disks /dev/vda N/A
Mount points of data disks /dev/vd[b-z] N/A
Note The capacity of EBS devices is measured in binary units. Example: 1 GiB = 1,024 MiB.

Storage capacity unit (SCU) limits

Item Limit Adjustable
Capacity that you can purchase for an SCU 50 TiB Submit a ticket.
SCUs that you can purchase within a region 100 N/A
Resource types that support SCUs
  • ESSDs, standard SSDs, ultra disks, and basic disks
  • Apsara File Storage NAS Capacity and NAS Performance
  • Normal snapshots
  • Object Storage Service (OSS) Standard, Infrequent Access, and Archive storage classes
  • Hybrid Backup Recovery (HBR) backup storage capacity
N/A

Snapshot limits

Item Limit Adjustable
Manual snapshots that can be retained for a single disk 256 N/A
Automatic snapshots that can be retained for a single disk 1000 N/A
Automatic snapshot policies that can be created per region within an account 100 N/A

Image limits

Item Limit Adjustable
Images within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. You can apply for a quota increase in the ECS console. For more information, see View and increase resource quotas.
Users to whom a single image can be shared 50 Submit a ticket.
Support of instance types for images Instance types that have 4 GiB or larger memory do not support 32-bit images. N/A

SSH key pair limits

Item Limit Adjustable
SSH key pairs per region within an account 500 N/A
Instance types that support SSH key pairs Non-I/O optimized instances of Generation I instance families do not support SSH key pairs. N/A
Images that support SSH key pairs Only Linux images. N/A

Public bandwidth limits

Starting from November 27, 2020, the maximum bandwidth available for you to create ECS instances or change the configurations of ECS instances is subject to throttling policies within your account. If you want to raise the maximum bandwidth, submit a ticket. The following throttling policies apply:
  • Within a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-traffic billing method for network usage cannot exceed 5 Gbit/s.
  • Within a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-bandwidth billing method for network usage cannot exceed 50 Gbit/s.
Item Limit Adjustable
Maximum inbound bandwidth per instance
  • If the purchased maximum outbound bandwidth is less than or equal to 10 Mbit/s, Alibaba Cloud allocates an inbound bandwidth of 10 Mbit/s.
  • If the purchased maximum outbound bandwidth is greater than 10 Mbit/s, Alibaba Cloud allocates an inbound bandwidth that is equal to the purchased maximum outbound bandwidth.
N/A
Maximum outbound bandwidth per instance
  • Subscription instance: 200 Mbit/s
  • Pay-as-you-go instance: 100 Mbit/s
N/A
Changes to the assigned public IP address of an instance The public IP address of an instance can be changed within 6 hours after the instance is created, and can be changed a maximum of three times. N/A
Notice When the pay-by-traffic billing method for network usage is used, the maximum inbound and outbound bandwidths are both the upper limits of bandwidths and for reference only. In scenarios where demand outstrips resource supplies, these maximum bandwidths may be limited. If you want guaranteed bandwidths for your instance, use the pay-by-bandwidth billing method for network usage.

Security group limits

Item Limit on basic security groups Limit on advanced security groups
Security groups per region within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. This limit is the same as that on basic security groups.
ECS instances of the classic network type that can be contained in a security group of the classic network type 1,000 The classic network is not supported.
ECS instances of the Virtual Private Cloud (VPC) type that can be contained in a security group of the VPC type This limit varies based on the number of private IP addresses that can be contained in the security group of the VPC type. No limits.
Security groups to which an ECS instance can belong 5

You can submit a ticket to raise the limit to 10 or 16 security groups.

This limit is the same as that on basic security groups.
Security groups to which an elastic network interface (ENI) of an ECS instance can belong
Inbound and outbound rules in a security group 200 This limit is the same as that on basic security groups.
Inbound and outbound rules in all security groups to which an ENI belongs 1000 This limit is the same as that on basic security groups.
Private IP addresses that can be contained in a security group of the VPC type 2,000 65536
Internet access port The default Simple Mail Transfer Protocol (SMTP) port for outbound traffic is port 25 and is disabled by default. The port cannot be enabled by configuring security group rules. This limit is the same as that on basic security groups.
  • The following regions share the quota for security groups that can be created within each account: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Shenzhen), China (Hong Kong), US (Silicon Valley), and Singapore (Singapore). A maximum of 100 security groups can be created in all of these regions within an account.
  • If more than 1,000 instances of the classic network type need mutual access over the internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.
  • If you increase the quota for security groups to which an ECS instance can belong, the quota for rules in each security group decreases. The product of the quota for security groups to which an ECS instance can belong and the quota for rules in each security group cannot exceed 1,000. For example, if the quota for security groups to which the ECS instance can belong is 5, 10, or 16, the corresponding quota for rules in each security group is 200, 100, or 60, as verified by using the following formulas: 5 × 200 = 1000, 10 × 100 = 1000, and 16 × 60 ≤ 1000.

    If prefix lists are referenced in security group rules, the maximum number of entries in the prefix lists counts towards the quota for security group rules. For example, a prefix list can contain a maximum of 100 entries. If the prefix list is referenced in a security group rule, the prefix list counts as 100 rules for the security group regardless of the number of existing entries in the prefix list.

  • If more than 2,000 private IP addresses need mutual access over the internal network, you can distribute ECS instances that have these private IP addresses to multiple security groups and authorize mutual access among these security groups.

Prefix list limits

Item Limit Adjustable
Prefix lists per region within an account 100 N/A
Entries in a single prefix list 200 N/A
Associated resources of a prefix list 1000 N/A

Network Connectivity Diagnostics limits

Item Limit Adjustable
Diagnostic paths within a single region 100 N/A
Diagnostic tasks within a single region 1000 N/A
Diagnostic tasks that can be concurrently executed within a single region 5 N/A

Deployment set limits

Item Limit Adjustable
Deployment sets within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. You can apply for a quota increase in the ECS console. For more information, see View and increase resource quotas.
Instances that can be contained in a single deployment set A maximum of 20 instances are allowed within each zone. The number of instances allowed in a deployment set within a region is calculated by using the following formula: 20 × Number of zones in the region. N/A
Instance types that support deployment sets
  • c6, g6, r6, c5, g5, ic5, and r5
  • hfc6, hfg6, hfr6, hfc5, and hfg5
  • d2, d2s, d2c, d1, and d1ne
  • i2, i2g, and i1
  • se1ne, sn1ne, and sn2ne
N/A

Cloud Assistant limits

Item Limit Adjustable
Cloud Assistant commands within an account You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Executions of Cloud Assistant commands per day You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A
Retention period of a Cloud Assistant command output 14 days N/A
Cloud Assistant command outputs that can be retained 100000 N/A

ENI limits

Item Limit Adjustable
Secondary ENIs that you can create You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. N/A

Tag limits

Item Limit Adjustable
Tags that can be added to a single instance 20 N/A

API

Item Limit Adjustable
Calls to the CreateInstance operation 200 calls per minute Submit a ticket.
Note For more information about the limits on VPCs, see Limits and quotas.