This topic describes the limits on Elastic Compute Service (ECS) and how to apply for extensions on these limits.
Overview
ECS has the following limits:
- Only ECS Bare Metal Instance families and Super Computing Cluster (SCC) instance families support secondary virtualization, and other ECS instance families do not support the installation of virtualization software and secondary virtualization.
- ECS does not support sound card applications.
- External hardware devices such as hardware dongles, USB flash drives, external hard disks, and bank U keys cannot be directly attached to ECS instances. Software verification methods such as software dongles and two-factor authentication based on one-time passwords can be used.
- ECS does not support multicast protocols. We recommend that you use unicast protocols instead.
- Log Service does not support 32-bit Linux ECS instances.
For more information about the ECS instances that support Log Service, see Use Logtail to collect data.
- To apply for Internet Content Provider (ICP) filings for websites that are deployed on your ECS instance, make sure that the instance meets ICP filing requirements. You can apply for only a limited number of ICP filing service numbers for each ECS instance. For more information, see Prepare and check the instance and access information.
Instance limits
| Item | Limit | Adjustable |
|---|---|---|
| Permissions to create ECS instances | To create ECS instances within mainland China regions, you must first complete real-name verification. | N/A |
| Instance types that can be used to create pay-as-you-go instances | Instance types that have less than 16 vCPUs. | Submit a ticket. |
| Instances of a specific instance type, billing method, and network type within a specific zone | You can view the instance quota in the ECS console. For more information, see View and increase instance quotas. | You can apply for a quota increase in the ECS console. For more information, see View and increase instance quotas. |
| Subscription instances that you can purchase at a time | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Launch templates per region within an account | 30 | N/A |
| Versions of a single launch template | 30 | N/A |
| Permissions to change the billing method from pay-as-you-go to subscription | You cannot change the billing method of instances of retired instance types from pay-as-you-go to subscription. For more information, see Retired instance types. | N/A |
| Permissions to change the billing method from subscription to pay-as-you-go |
|
N/A |
Reserved instance limits
| Item | Limit | Adjustable |
|---|---|---|
| Regional reserved instances within an account | 20 | Submit a ticket. |
| Zonal reserved instances per zone within an account | 20 | Submit a ticket. |
| Instance types that support reserved instances | The following instance families support reserved instances:
|
N/A |
Note For more information about the reserved instance limits, see the "Limits" section
in Overview.
Savings plan limits
| Item | Limit | Adjustable |
|---|---|---|
| Savings plans within an account | 40 | N/A |
| Instance types that support savings plans | Savings plans cannot be applied to instances of retired Generation I instance families, which include t1, s1, s2, s3, m1, m2, c1, and c2. | N/A |
Elastic Block Storage (EBS) limits
| Item | Limit | Adjustable |
|---|---|---|
| Permissions to create pay-as-you-go disks | To create disks within mainland China regions, you must first complete real-name verification. | N/A |
| Pay-as-you-go disks | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| System disks on a single instance | 1 | N/A |
| Data disks on a single instance | 16 | N/A |
| Capacity of all pay-as-you-go ultra disks within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Capacity of all pay-as-you-go standard SSDs within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Capacity of all pay-as-you-go enhanced SSDs (ESSDs) within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Capacity of a single basic disk | 5 GiB~2000 GiB | N/A |
| Capacity of a single standard SSD | 20 GiB~32768 GiB | N/A |
| Capacity of a single ultra disk | 20 GiB~32768 GiB | N/A |
| Capacity of a single ESSD | 20 GiB~32768 GiB | N/A |
| Capacity of a single local SSD | 5 GiB~800 GiB | N/A |
| Capacity of all local SSDs on an instance | 1024 GiB | N/A |
| Capacity of a single system disk |
|
N/A |
| Permissions to attach new local disks to instances that are equipped with local disks | New local disks cannot be attached to instances that are already equipped with local disks. | N/A |
| Permissions to change configurations of instances that are equipped with local disks | Only bandwidth configurations of instances that are equipped with local disks can be changed. | N/A |
| Mount points of system disks | /dev/vda | N/A |
| Mount points of data disks | /dev/vd[b-z] | N/A |
Note The capacity of EBS devices is measured in binary units. Example: 1 GiB = 1,024 MiB.
Storage capacity unit (SCU) limits
| Item | Limit | Adjustable |
|---|---|---|
| Capacity that you can purchase for an SCU | 50 TiB | Submit a ticket. |
| SCUs that you can purchase within a region | 100 | N/A |
| Resource types that support SCUs |
|
N/A |
Snapshot limits
| Item | Limit | Adjustable |
|---|---|---|
| Manual snapshots that can be retained for a single disk | 256 | N/A |
| Automatic snapshots that can be retained for a single disk | 1000 | N/A |
| Automatic snapshot policies that can be created per region within an account | 100 | N/A |
Image limits
| Item | Limit | Adjustable |
|---|---|---|
| Images within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | You can apply for a quota increase in the ECS console. For more information, see View and increase resource quotas. |
| Users to whom a single image can be shared | 50 | Submit a ticket. |
| Support of instance types for images | Instance types that have 4 GiB or larger memory do not support 32-bit images. | N/A |
SSH key pair limits
| Item | Limit | Adjustable |
|---|---|---|
| SSH key pairs per region within an account | 500 | N/A |
| Instance types that support SSH key pairs | Non-I/O optimized instances of Generation I instance families do not support SSH key pairs. | N/A |
| Images that support SSH key pairs | Only Linux images. | N/A |
Public bandwidth limits
Starting from November 27, 2020, the maximum bandwidth available for you to create
ECS instances or change the configurations of ECS instances is subject to throttling
policies within your account. If you want to raise the maximum bandwidth, submit a ticket. The following throttling policies apply:
- Within a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-traffic billing method for network usage cannot exceed 5 Gbit/s.
- Within a single region, the sum of actual peak bandwidths of all ECS instances that use the pay-by-bandwidth billing method for network usage cannot exceed 50 Gbit/s.
| Item | Limit | Adjustable |
|---|---|---|
| Maximum inbound bandwidth per instance |
|
N/A |
| Maximum outbound bandwidth per instance |
|
N/A |
| Changes to the assigned public IP address of an instance | The public IP address of an instance can be changed within 6 hours after the instance is created, and can be changed a maximum of three times. | N/A |
Notice When the pay-by-traffic billing method for network usage is used, the maximum inbound and outbound bandwidths
are both the upper limits of bandwidths and for reference only. In scenarios where
demand outstrips resource supplies, these maximum bandwidths may be limited. If you
want guaranteed bandwidths for your instance, use the pay-by-bandwidth billing method for network usage.
Security group limits
| Item | Limit on basic security groups | Limit on advanced security groups |
|---|---|---|
| Security groups per region within an account | You can view the resource quota in the ECS console①. For more information, see View and increase resource quotas. | This limit is the same as that on basic security groups. |
| ECS instances of the classic network type that can be contained in a security group of the classic network type | 1,000② | The classic network is not supported. |
| ECS instances of the Virtual Private Cloud (VPC) type that can be contained in a security group of the VPC type | This limit varies based on the number of private IP addresses that can be contained in the security group of the VPC type. | No limits. |
| Security groups to which an ECS instance can belong | 5
You can submit a ticket to raise the limit to 10 or 16 security groups. |
This limit is the same as that on basic security groups. |
| Security groups to which an elastic network interface (ENI) of an ECS instance can belong | ||
| Inbound and outbound rules in a security group | 200③ | This limit is the same as that on basic security groups. |
| Inbound and outbound rules in all security groups to which an ENI belongs | 1000 | This limit is the same as that on basic security groups. |
| Private IP addresses that can be contained in a security group of the VPC type | 2,000④ | 65536 |
| Internet access port | The default Simple Mail Transfer Protocol (SMTP) port for outbound traffic is port 25 and is disabled by default. The port cannot be enabled by configuring security group rules. | This limit is the same as that on basic security groups. |
- ① The following regions share the quota for security groups that can be created within each account: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Shenzhen), China (Hong Kong), US (Silicon Valley), and Singapore (Singapore). A maximum of 100 security groups can be created in all of these regions within an account.
- ② If more than 1,000 instances of the classic network type need mutual access over the internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.
- ③ If you increase the quota for security groups to which an ECS instance can belong,
the quota for rules in each security group decreases. The product of the quota for
security groups to which an ECS instance can belong and the quota for rules in each
security group cannot exceed 1,000. For example, if the quota for security groups
to which the ECS instance can belong is 5, 10, or 16, the corresponding quota for
rules in each security group is 200, 100, or 60, as verified by using the following
formulas: 5 × 200 = 1000, 10 × 100 = 1000, and 16 × 60 ≤ 1000.
If prefix lists are referenced in security group rules, the maximum number of entries in the prefix lists counts towards the quota for security group rules. For example, a prefix list can contain a maximum of 100 entries. If the prefix list is referenced in a security group rule, the prefix list counts as 100 rules for the security group regardless of the number of existing entries in the prefix list.
- ④ If more than 2,000 private IP addresses need mutual access over the internal network, you can distribute ECS instances that have these private IP addresses to multiple security groups and authorize mutual access among these security groups.
Prefix list limits
| Item | Limit | Adjustable |
|---|---|---|
| Prefix lists per region within an account | 100 | N/A |
| Entries in a single prefix list | 200 | N/A |
| Associated resources of a prefix list | 1000 | N/A |
Network Connectivity Diagnostics limits
| Item | Limit | Adjustable |
|---|---|---|
| Diagnostic paths within a single region | 100 | N/A |
| Diagnostic tasks within a single region | 1000 | N/A |
| Diagnostic tasks that can be concurrently executed within a single region | 5 | N/A |
Deployment set limits
| Item | Limit | Adjustable |
|---|---|---|
| Deployment sets within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | You can apply for a quota increase in the ECS console. For more information, see View and increase resource quotas. |
| Instances that can be contained in a single deployment set | A maximum of 20 instances are allowed within each zone. The number of instances allowed in a deployment set within a region is calculated by using the following formula: 20 × Number of zones in the region. | N/A |
| Instance types that support deployment sets |
|
N/A |
Cloud Assistant limits
| Item | Limit | Adjustable |
|---|---|---|
| Cloud Assistant commands within an account | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Executions of Cloud Assistant commands per day | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
| Retention period of a Cloud Assistant command output | 14 days | N/A |
| Cloud Assistant command outputs that can be retained | 100000 | N/A |
ENI limits
| Item | Limit | Adjustable |
|---|---|---|
| Secondary ENIs that you can create | You can view the resource quota in the ECS console. For more information, see View and increase resource quotas. | N/A |
Tag limits
| Item | Limit | Adjustable |
|---|---|---|
| Tags that can be added to a single instance | 20 | N/A |
API
| Item | Limit | Adjustable |
|---|---|---|
| Calls to the CreateInstance operation | 200 calls per minute | Submit a ticket. |
Note For more information about the limits on VPCs, see Limits and quotas.