This topic describes the limits of ECS and how to apply for exceptions to some limits.

Overview

ECS has the following limits:

  • You cannot install virtualization software such as VMware Workstation, or use it for secondary virtualization. Only ECS Bare Metal Instances and Super Computing Clusters (SCCs) support secondary virtualization.
  • ECS does not support sound card applications.
  • External hardware devices such as hardware dongles, USB flash drives, external hard disks, and hardware tokens, cannot be directly attached to ECS. Software verification methods such as two-factor authentication and dynamic passwords can be used.
  • ECS does not support multicast protocols. We recommend that you use unicast transmission instead.
  • Log Service does not support 32-bit Linux ECS instances.

    For information about the ECS instances that support Log Service, see Overview.

  • If you need to apply for ICP filing for websites that are deployed on your ECS instance, the instance must meet certain purchase requirements. You can apply for a limited number of ICP filing service numbers for websites that are deployed on each ECS instance. For more information, see Prepare and check the instance and access information. For information about how to apply for ICP filing, see ICP filing application overview.

View quotas

You can click Privileges & Quota on the Overview page of the ECS console, and select a region to view the resource usage and quotas in that region. If the quota of a resource is insufficient, submit a ticket to apply for an increased quota. For more information about how to view privileges and quotas, see Manage privileges and quotas or DescribeAccountAttributes.

Instance limits

Item Limit How to apply for an exception to the limit
Permissions to create an ECS instance To create an ECS instance in mainland China regions, you must first complete real-name verification. None
Instance types whose instances can be used as pay-as-you-go instances Instance types with less than 16 vCPUs Submit a ticket
Quota for vCPUs of all pay-as-you-go instances in each region for an account 50 vCPUs Submit a ticket
Quota for vCPUs of all preemptible instances in each region for an account You must submit a ticket to apply for the quota, which is up to 50 vCPUs. Submit a ticket
Total number of instance launch templates in each region for an account 30 None
Total number of versions of an instance launch template 30 None
Switching of the billing method from pay-as-you-go to subscription Not supported by the following instance families: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3. None
Switching of the billing method from subscription to pay-as-you-go
  • Whether this feature is supported depends on your ECS usage.
  • 5,000 vCPUs × Hours per month.
  • Switching the billing method may result in a refund. Each account is limited to a maximum monthly refund amount. For more information, see Switch the billing method from subscription to pay-as-you-go.
None

Reserved instance limits

Item Limit How to apply for an exception to the limit
Total number of regional reserved instances of an account 20 Submit a ticket
Total number of zonal reserved instances of an account in a zone 20 Submit a ticket
Instance types that support reserved instances Instance types in the following instance families: sn1ne, sn2ne, se1ne, ic5, c5, g5, r5, c6, g6, r6, i2, i2g, hfc5, hfg5, and t5.
Note The t5 instance family supports only zonal reserved instances.
None
Note For more information, see the "Limits" section in Reserved instance overview.

Block Storage limits

Item Limit How to apply for an exception to the limit
Permissions to create a pay-as-you-go disk You must complete real-name verification before you can create a disk in mainland China regions. None
Total number of pay-as-you-go disks in all regions for an account Number of pay-as-you-go instances in all regions for an account × 5. You can create at least 10 pay-as-you-go disks for an account. Submit a ticket
Capacity of pay-as-you-go disks that are used as data disks for an account This limit is subject to ECS resource usage, region, and disk category. You can go to the Privileges & Quotas page of the ECS console to view this information. For more information, see Manage privileges and quotas. Submit a ticket
Total number of system disks for each instance 1 None
Total number of data disks for each instance 16 None
Capacity of a basic disk 5 GiB to 2,000 GiB None
Capacity of a standard SSD 20 GiB to 32,768 GiB None
Capacity of an ultra disk 20 GiB to 32,768 GiB None
Capacity of an enhanced SSD 20 GiB to 32,768 GiB None
Capacity of a local SSD 5 GiB to 800 GiB None
Total capacity of all local SSDs for an instance 1,024 GiB None
Capacity of a local NVMe SSD 1,456 GiB None
Total capacity of all local NVMe SSDs for an instance 2,912 GiB None
Capacity of a local SATA HDD 5,500 GiB None
Total capacity of all local SATA HDDs for an instance 154,000 GiB None
Capacity of a system disk
  • Windows Server: 40 GiB to 500 GiB
  • CoreOS and FreeBSD: 30 GiB to 500 GiB
  • Linux systems excluding CoreOS: 20 GiB to 500 GiB
None
Attachment of new local disks to instances that are equipped with local disks Not allowed None
Change of specifications of instances that are equipped with local disks Only bandwidth can be changed None
System disk mount points /dev/vda None
Data disk mount points /dev/vd[b-z] None
Note Block storage capacity is measured in binary units. 1 KiB equals 1,024 bytes. 1 GiB equals 1,024 MiB.

Snapshot limits

Item Limit How to apply for an exception to the limit
Number of manual snapshots that can be created for each disk 256 None
Number of automatic snapshots that can be created for each disk 1,000 None
Number of automatic snapshot policies that can be created in a region for an account 100 None

Image limits

Item Limit How to apply for an exception to the limit
Total number of custom images that can be created in each region for an account 100 Submit a ticket
Maximum number of users to whom a single image can be shared 50 Submit a ticket
Restrictions on images and instance types Instance types that have 4 GiB or larger memory do not support 32-bit images. None

SSH key pair limits

Item Limit How to apply for an exception to the limit
Total number of SSH key pairs in each region for an account 500 None
Instance types that support SSH key pairs All instance types except non-I/O optimized instance types in Generation I None
Images that support SSH key pairs Linux images only None

Public bandwidth limits

Item Limit How to apply for an exception to the limit
Peak inbound bandwidth
  • If the purchased peak outbound bandwidth is less than or equal to 10 Mbit/s, Alibaba Cloud will allocate an inbound bandwidth of 10 Mbit/s.
  • If the purchased peak outbound bandwidth is greater than 10 Mbit/s, Alibaba Cloud will allocate an inbound bandwidth that is equal to the purchased peak outbound bandwidth.
None
Peak outbound bandwidth
  • Subscription: 200 Mbit/s
  • Pay-as-you-go: 100 Mbit/s
None
Change in the assigned public IP address for an instance The public IP address can be changed within six hours after the instance is created, and can be changed a maximum of three times. None

Security group limits

Item Basic security group Advanced security group
Total number of security groups that can be created in each region for an account 100 Same as the limit on basic security groups.
Number of classic network-type ECS instances that can be included in a classic network-type security group 1,000* The classic network is not supported.
Number of VPC-type ECS instances that can be included in a VPC-type security group Depends on the number of private IP addresses that can be included in the VPC-type security group. No limit
Number of security groups to which an ECS instance can belong 5

You can submit a ticket to raise the limit to 10 or 16 security groups.

Same as the limit on basic security groups.
Number of security groups to which an ENI of an ECS instance can belong
Maximum number of rules (both inbound and outbound) in a security group 200*** Same as the limit on basic security groups.
Maximum number of rules (both inbound and outbound) in all security groups to which an ENI belongs 1,000 Same as the limit on basic security groups.
Number of private IP addresses that can be included in a VPC-type security group 2,000** 65,536
Public network access port The default SMTP port for outbound traffic is port 25, which is disabled by default. It cannot be enabled by security group rules. Same as the limit on basic security groups.

* If more than 1,000 classic network-type instances need mutual access over an internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.

** If more than 2,000 instances with private IP addresses need mutual access over an internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.

*** If you increase the number of security groups to which an ECS instance can belong, the maximum number of rules in each security group will decrease. The product of the number of security groups to which an ECS instance belongs and the maximum number of rules in each security group must be less than or equal to 1,000. For example, if the number of security groups to which the ECS instance belongs is 5, 10, or 16, the corresponding maximum number of rules in each security group is 200, 100, or 60, because 5 × 200 = 1000, 10 × 100 = 1000, and 16 × 60 ≤ 1000.

Deployment set limits

Item Limit How to apply for an exception to the limit
Total number of deployment sets in each region for an account 2 Submit a ticket
Total number of instances that can be included in a deployment set A maximum of seven instances are allowed in a zone. The number of instances allowed in a region is calculated as follows: 7 × Number of zones in the region. None
Instance types that can be created in a deployment set Instance types in the following instance families: c5, c6, d1, d1ne, d2, d2s, g5, g6, hfc5, hfg5, i2, ic5, r5, r6, se1ne, sn1ne and sn2ne. None

Cloud Assistant limits

Item Limit How to apply for an exception to the limit
Total number of Cloud Assistant scripts that can be created in each region for an account 100 Submit a ticket
Total number of Cloud Assistant scripts that can be used by an account each day in a region 5,000 Submit a ticket

ENI limits

Item Limit How to apply for an exception to the limit
Quota of ENIs in each region for an account 100 Submit a ticket

Tag limits

Item Limit How to apply for an exception to the limit
Total number of tags that can be bound to an instance 20 None

API call limits

Item Limit How to apply for an exception to the limit
Total number of CreateInstance calls 200 calls per minute Submit a ticket
Note For more information about the limits on VPCs, see Limits.