Application Load Balancer (ALB) is available in Basic, Standard, and WAF-enabled editions. This topic describes the resource quota limits for ALB instances of these editions and explains how to request a quota increase.
In the following tables, a hyphen (-) indicates that an item is not applicable.
If a resource is associated multiple times, its quota usage is cumulative. For example, if the same backend server is associated with multiple listeners and forwarding rules of the same ALB instance, the backend server is counted multiple times toward the quota for the Number of backend servers that can be added to an ALB instance.
Instance
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of additional certificates that can be added to an ALB instance (excluding the default certificate) | Basic | 10 | 150 | You can increase the quota using either of the following methods:
|
Standard | 25 | 300 | You can increase the quota using either of the following methods:
| |
WAF-enabled | 25 | 300 | You can increase the quota using either of the following methods:
| |
Number of forwarding rules that can be added to an ALB instance (excluding the default rule) | Basic | 40 | 100 | You can increase the quota using either of the following methods:
|
Standard | 100 | 200 | You can increase the quota using either of the following methods:
| |
WAF-enabled | 100 | 200 | You can increase the quota using either of the following methods:
| |
Number of listeners that can be added to an ALB instance | Basic | 50 | 80 | You can increase the quota using either of the following methods:
|
Standard | 50 | 100 | You can increase the quota using either of the following methods:
| |
WAF-enabled | 50 | 100 | You can increase the quota using either of the following methods:
| |
Number of backend servers that can be added to an ALB instance | Basic | 200 | 400 | You can increase the quota using either of the following methods:
|
Standard | 1,000 | 1,500 | You can increase the quota using either of the following methods:
| |
WAF-enabled | 1,000 | 1,500 | You can increase the quota using either of the following methods:
|
Listener
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of access control policy groups that can be associated with a listener | Basic/Standard/WAF-enabled | 3 | - | None |
Number of access control entries that can be associated with a listener | Basic | 300 | - | None |
Standard | 500 | - | None | |
WAF-enabled | 500 | - | None | |
Maximum request timeout period when you create a listener | Basic/Standard/WAF-enabled | 600 seconds | 900 seconds | You can increase the quota using either of the following methods:
|
Maximum idle timeout period when you create a listener | Basic/Standard/WAF-enabled | 600 seconds | 900 seconds | You can increase the quota using either of the following methods:
|
Forwarding rules
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of actions that can be added to a forwarding rule | Basic | 3 | - | None |
Standard | 5 | - | None | |
WAF-enabled | 5 | - | None | |
Number of conditions that can be added to a forwarding rule | Basic | 5 | - | None |
Standard | 10 | - | None | |
WAF-enabled | 10 | - | None | |
Number of entries that contain wildcard characters that can be added to a forwarding rule | Basic | 5 | - | None |
Standard | 10 | - | None | |
WAF-enabled | 10 | - | None |
Server groups
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of listeners or forwarding rules to which a server group can be associated | Basic/Standard/WAF-enabled | 50 times | 100 times | You can increase the quota using either of the following methods:
|
Number of times a backend server (by IP address) can be added to ALB server groups | Basic/Standard/WAF-enabled | 200 times | 300 times | You can increase the quota using either of the following methods:
|
Number of backend servers (by IP address and port) that can be added to a server group | Basic/Standard/WAF-enabled | 1,000 | - | None |
Access control and security policies
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of listeners that can be associated with an access control policy group | Basic/Standard/WAF-enabled | 50 | - | None |
Number of entries that can be added to an access control policy group | Basic/Standard/WAF-enabled | 500 | - | None |
Number of listeners that can be associated with a custom security policy | Basic/Standard/WAF-enabled | 10 | - | None |
Number of access control entries that can be associated with an ALB instance | Basic/Standard/WAF-enabled | 800 | - | None |
Region
Resource | Edition | Default limit | Maximum limit | How to increase |
Number of custom security policies supported per region | Basic/Standard/WAF-enabled | 50 | - | None |
Number of health check templates supported per region | Basic/Standard/WAF-enabled | 50 | - | None |
Number of ALB instances supported per region | Basic/Standard/WAF-enabled | 60 | 150 | You can increase the quota using either of the following methods:
|
Number of access control policy groups supported per region | Basic/Standard/WAF-enabled | 1,000 | - | None |
Number of server groups supported per region | Basic/Standard/WAF-enabled | 3,000 | - | None |
Other limitations
The following limits apply only to upgraded ALB instances. Non-upgraded ALB instances are not affected.
In a single zone, an ALB instance supports up to 250,000 concurrent connections to a single backend server (or IP address). If the number of concurrent connections exceeds this limit, port allocation fails and new connections are affected.
To ensure that this elastic scaling feature is available:
Reserve at least eight IP addresses in each vSwitch where the ALB instance is deployed and allow traffic from the vSwitch CIDR blocks in advance.
Reserve a sufficient number of rules for the managed security group of ALB in the quota for security group rules of an ECS instance or elastic network interface (ENI).
The managed security group of ALB automatically allows traffic from local IP addresses with a priority of 1. The number of security group rules associated with an ALB instance must satisfy the following formula: Number of rules in the managed security group of ALB + Number of rules in the custom security groups associated with the ALB instance ≤ Quota for security group rules of an ECS instance or ENI. For more information, see ALB security group quota limits.
To prevent the number of concurrent connections from exceeding the limit, add more servers (or IP addresses) to the server group to distribute connection requests across multiple backend servers (or IP addresses). This reduces the connection pressure on any single server (or IP address).