This topic describes the limits of ECS, and how to apply for exceptions to some limits.
Overview
ECS has the following limits:
- You cannot install virtualization software, such as VMware Workstation, or use it for secondary virtualization. Only ECS Bare Metal Instances and Super Computing Clusters (SCCs) support secondary virtualization.
- ECS does not support sound card applications.
- External hardware devices, such as hardware dongles, USB flash drives, external hard disks, and hardware tokens, cannot be directly attached to ECS. Software verification methods such as two-factor authentication and dynamic passwords can be used.
- ECS does not support multicast protocols. We recommend that you use unicast transmission instead.
- Log Service does not support 32-bit Linux ECS instances.
For information about the ECS instances that support Log Service, see Overview.
- If you need to apply for ICP filing for websites that are deployed on your ECS instance, the instance must meet certain purchase requirements. You can apply for a limited number of ICP filing service numbers for websites that are deployed on each ECS instance. For more information, see Prepare and check the instance information (access information). For information about how to apply for ICP filing, see Apply for an ICP filing.
View quotas
You can click Privileges & Quotas on the Overview page of the ECS console, and select a region to view the resource usage and quotas in that region. If the quota of a resource is insufficient, submit a ticket to apply for an increased quota. For more information about how to view privileges and quotas, see Manage privileges and quotas or DescribeAccountAttributes.
Instance limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Permissions to create an ECS instance | To create an ECS instance in greater China regions, you must first complete real-name verification. | None |
| Instance types whose instances can be used as pay-as-you-go instances | Instance types with less than 16 vCPUs | Submit a ticket |
| Quota for vCPUs of all pay-as-you-go instances in each region for an account | 50 vCPUs | Submit a ticket |
| Quota for vCPUs of all preemptible instances in each region for an account | You must submit a ticket to apply for the quota, which is up to 50 vCPUs. | Submit a ticket |
| Total number of instance launch templates in each region for an account | 30 | None |
| Total number of versions of an instance launch template | 30 | None |
| Switching of the billing method from pay-as-you-go to subscription | Not supported by the following instance families: t1, s1, s2, s3, c1, c2, m1, m2, n1, n2, and e3. | None |
| Switching of the billing method from subscription to pay-as-you-go |
|
None |
Reserved instance limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of regional reserved instances of an account | 20 | Submit a ticket |
| Total number of zonal reserved instances of an account in a zone | 20 | Submit a ticket |
| Instance types that support reserved instances | Instance types in the following instance families: sn1ne, sn2ne, se1ne, ic5, c5, g5,
r5, c6, g6, r6, i2, i2g, hfc5, hfg5, and t5.
Note The t5 instance family supports only zonal reserved instances.
|
None |
Note For more information, see the "Limits" section in Reserved instance overview.
Block Storage limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Permissions to create a pay-as-you-go disk | You must complete real-name verification before you can create a disk in greater China regions. | None |
| Total number of pay-as-you-go disks in all regions for an account | Number of pay-as-you-go instances in all regions for an account × 5. You can create at least 10 pay-as-you-go disks for an account. | Submit a ticket |
| Total number of system disks for each instance | 1 | None |
| Total number of data disks for each instance | 16 (including cloud disks and Shared Block Storage devices) | None |
| Number of instances to which a Shared Block Storage device can be attached | 8 | None |
| Total number of Shared Block Storage devices in all regions for an account | 10 | Submit a ticket |
| Capacity of a basic disk | 5 GiB to 2,000 GiB | None |
| Capacity of a standard SSD | 20 GiB to 32,768 GiB | None |
| Capacity of an ultra disk | 20 GiB to 32,768 GiB | None |
| Capacity of an enhanced SSD | 20 GiB to 32,768 GiB | None |
| Capacity of a local SSD | 5 GiB to 800 GiB | None |
| Total capacity of all local SSDs for an instance | 1,024 GiB | None |
| Capacity of a local NVMe SSD | 1,456 GiB | None |
| Total capacity of all local NVMe SSDs for an instance | 2,912 GiB | None |
| Capacity of a local SATA HDD | 5,500 GiB | None |
| Total capacity of all local SATA HDDs for an instance | 154,000 GiB | None |
| Capacity of a Shared SSD Block Storage device | 32,768 GiB | None |
| Total capacity of all Shared SSD Block Storage devices for an instance | 128 TiB | None |
| Capacity of a Shared Ultra Block Storage device | 32,768 GiB | None |
| Total capacity of all Shared Ultra Block Storage devices for an instance | 128 TiB | None |
| Capacity of a system disk |
|
None |
| Capacity of a data disk |
|
None |
| Attachment of new local disks to instances that are equipped with local disks | Not allowed | None |
| Change of specifications of instances that are equipped with local disks | Only bandwidth can be changed. | None |
| System disk mount points | /dev/vda | None |
| Data disk mount points | /dev/vd[b-z] | None |
Note Block storage capacity is measured in binary units. 1 KiB equals 1,024 bytes. 1 GiB
equals 1,024 MiB.
Snapshot limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Number of manual snapshots that can be created for each disk or Shared Block Storage device | 256 | None |
| Number of automatic snapshots that can be created for each disk or Shared Block Storage device | 1,000 | None |
| Number of automatic snapshot policies that can be created in a region for an account | 100 | None |
Image limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of custom images that can be created in each region for an account | 100 | Submit a ticket |
| Maximum number of users to whom a single image can be shared | 50 | Submit a ticket |
| Restrictions on images and instance types | Instance types that have 4 GiB or larger memory do not support 32-bit images. | None |
SSH key pair limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of SSH key pairs in each region for an account | 500 | None |
| Instance types that support SSH key pairs | All instance types except non-I/O optimized instance types in Generation I | None |
| Images that support SSH key pairs | Linux images only | None |
Public bandwidth limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Maximum inbound public bandwidth |
|
None |
| Maximum outbound public bandwidth |
|
None |
| Change in the assigned public IP address for an instance | The public IP address can be changed within six hours after the instance is created, and can be changed a maximum of three times. | None |
Security group limits
| Item | Basic security group | Advanced security group |
|---|---|---|
| Total number of security groups that can be created in each region for an account | 100 | Same as the limit on basic security groups. |
| Number of classic network-type ECS instances that can be included in a classic network-type security group | 1,000* | The classic network is not supported. |
| Number of VPC-type ECS instances that can be included in a VPC-type security group | Depends on the number of private IP addresses that can be included in the VPC-type security group. | No limit |
| Number of security groups to which an ECS instance can belong | 5
You can submit a ticket to raise the limit to 10 or 16 security groups. |
Same as the limit on basic security groups. |
| Number of security groups to which an ENI of an ECS instance can belong | ||
| Maximum number of rules (both inbound and outbound) in a security group | 200*** | Same as the limit on basic security groups. |
| Maximum number of rules (both inbound and outbound) in all security groups to which an ENI belongs | 1,000 | Same as the limit on basic security groups. |
| Number of private IP addresses that can be included in a VPC-type security group | 2,000** | 65,536 |
| Public network access port | The default STMP port for outbound traffic is port 25, which is disabled by default. It cannot be enabled by security group rules. | Same as the limit on basic security groups. |
* If more than 1,000 classic network-type instances need mutual access over an internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.
** If more than 2,000 instances with private IP addresses need mutual access over an internal network, you can assign them to multiple security groups and authorize mutual access among these security groups.
*** If you increase the number of security groups to which an ECS instance can belong, the maximum number of rules in each security group will decrease. The product of the number of security groups to which an ECS instance belongs and the maximum number of rules in each security group must be less than or equal to 1,000. For example, if the number of security groups to which the ECS instance belongs is 5, 10, or 16, the corresponding maximum number of rules in each security group is 200, 100, or 60, because 5 × 200 = 1000, 10 × 100 = 1000, and 16 × 60 ≤ 1000.
Deployment set limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of deployment sets in each region for an account | 2 | None |
| Total number of instances that can be included in a deployment set | A maximum of seven instances are allowed in a zone. The number of instances allowed in a region is calculated as follows: 7 × Number of zones in the region. | None |
| Instance types that can be created in a deployment set | Instance types in the following instance families: c5, d1, d1ne, g5, hfc5, hfg5, i2, ic5, r5, se1ne, sn1ne, and sn2ne. | None |
Cloud Assistant limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of Cloud Assistant scripts that can be created in each region for an account | 100 | Submit a ticket |
| Total number of Cloud Assistant scripts that can be used by an account each day in a region | 5,000 | Submit a ticket |
ENI limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Quota of ENIs in each region for an account | 100 | Submit a ticket |
Tag limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of tags that can be bound to an instance | 20 | None |
API call limits
| Item | Limit | How to apply for an exception to the limit |
|---|---|---|
| Total number of CreateInstance calls | 200 calls per minute | Submit a ticket |
Note For more information about the limits on VPCs, see Limits.