Amazon Cognito Identity endpoints and quotas
Amazon Cognito Identity includes Amazon Cognito user pools and Amazon Cognito identity pools (federated identities).
The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.
Service endpoints
Amazon Cognito User Pools
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
cognito-idp.us-east-2.amazonaws.com cognito-idp-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
cognito-idp.us-east-1.amazonaws.com cognito-idp-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
cognito-idp.us-west-1.amazonaws.com cognito-idp-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
cognito-idp.us-west-2.amazonaws.com cognito-idp-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | cognito-idp.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | cognito-idp.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | cognito-idp.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | cognito-idp.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | cognito-idp.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | cognito-idp.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | cognito-idp.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | cognito-idp.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | cognito-idp.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | cognito-idp.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | cognito-idp.ca-central-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | cognito-idp.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | cognito-idp.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | cognito-idp.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | cognito-idp.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | cognito-idp.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | cognito-idp.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | cognito-idp.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | cognito-idp.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | cognito-idp.il-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | cognito-idp.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | cognito-idp.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | cognito-idp.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
cognito-idp.us-gov-west-1.amazonaws.com cognito-idp-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
Amazon Cognito Identity Pools
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 |
cognito-identity.us-east-2.amazonaws.com cognito-identity-fips.us-east-2.amazonaws.com |
HTTPS HTTPS |
| US East (N. Virginia) | us-east-1 |
cognito-identity.us-east-1.amazonaws.com cognito-identity-fips.us-east-1.amazonaws.com |
HTTPS HTTPS |
| US West (N. California) | us-west-1 |
cognito-identity.us-west-1.amazonaws.com cognito-identity-fips.us-west-1.amazonaws.com |
HTTPS HTTPS |
| US West (Oregon) | us-west-2 |
cognito-identity.us-west-2.amazonaws.com cognito-identity-fips.us-west-2.amazonaws.com |
HTTPS HTTPS |
| Africa (Cape Town) | af-south-1 | cognito-identity.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hyderabad) | ap-south-2 | cognito-identity.ap-south-2.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | cognito-identity.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Melbourne) | ap-southeast-4 | cognito-identity.ap-southeast-4.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | cognito-identity.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | cognito-identity.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | cognito-identity.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | cognito-identity.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | cognito-identity.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | cognito-identity.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | cognito-identity.ca-central-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | cognito-identity.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | cognito-identity.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | cognito-identity.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | cognito-identity.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | cognito-identity.eu-west-3.amazonaws.com | HTTPS |
| Europe (Spain) | eu-south-2 | cognito-identity.eu-south-2.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | cognito-identity.eu-north-1.amazonaws.com | HTTPS |
| Europe (Zurich) | eu-central-2 | cognito-identity.eu-central-2.amazonaws.com | HTTPS |
| Israel (Tel Aviv) | il-central-1 | cognito-identity.il-central-1.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | cognito-identity.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | cognito-identity.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | cognito-identity.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 |
cognito-identity.us-gov-west-1.amazonaws.com cognito-identity-fips.us-gov-west-1.amazonaws.com |
HTTPS HTTPS |
Service quotas
Amazon Cognito User Pools
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Apps per user pool | Each supported Region: 1,000 |
Yes |
The maximum number of app clients per user pool. |
| Custom domains per account | Each supported Region: 4 | No | The maximum number of custom domains that you can create in this account. |
| Groups per user | Each supported Region: 100 | No | The maximum number of groups per user that any individual user can be added to. |
| Groups per user pool | Each supported Region: 10,000 | No | The maximum number of groups per user pool. A group is a collection of users in a user pool. |
| Identity providers per user pool | Each supported Region: 300 |
Yes |
The maximum number of identity providers per user pool. |
| Rate of ClientAuthentication requests per account | Each supported Region: 150 per second | No | The maximum total combined call rate (requests per second) for all API operations in the ClientAuthentication category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserAccountRecovery requests | Each supported Region: 30 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserAccountRecovery category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserAuthentication requests | Each supported Region: 120 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserAuthentication category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserCreation requests | Each supported Region: 50 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserCreation category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserFederation requests | Each supported Region: 25 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserFederation category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserList requests | Each supported Region: 30 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserList category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolClientRead requests per account | Each supported Region: 15 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolClientRead category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolClientRead requests per user pool | Each supported Region: 5 per second | No | The maximum call rate (requests per second) for an operation in the UserPoolClientRead category per user pool. Any operation within this category could be called at this rate per user pool. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolClientUpdate requests per account | Each supported Region: 15 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolClientUpdate category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolClientUpdate requests per user pool | Each supported Region: 5 per second | No | The maximum call rate (requests per second) for an operation in the UserPoolClientUpdate category per user pool. Any operation within this category could be called at this rate per user pool. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolRead requests | Each supported Region: 15 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolRead category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolResourceRead requests per account | Each supported Region: 20 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolResourceRead category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolResourceRead requests per user pool | Each supported Region: 5 per second | No | The maximum call rate (requests per second) for an operation in the UserPoolResourceRead category per user pool. Any operation within this category could be called at this rate per user pool. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolResourceUpdate requests per account | Each supported Region: 15 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolResourceUpdate category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolResourceUpdate requests per user pool | Each supported Region: 5 per second | No | The maximum call rate (requests per second) for an operation in the UserPoolResourceUpdate category per user pool. Any operation within this category could be called at this rate per user pool. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserPoolUpdate requests | Each supported Region: 15 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserPoolUpdate category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserRead requests | Each supported Region: 120 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserRead category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserResourceRead requests | Each supported Region: 50 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserResourceRead category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserResourceUpdate requests | Each supported Region: 25 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserResourceUpdate category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserToken requests | Each supported Region: 120 per second |
Yes |
The maximum total combined call rate (requests per second) for all API operations in the UserToken category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Rate of UserUpdate requests | Each supported Region: 25 per second | No | The maximum total combined call rate (requests per second) for all API operations in the UserUpdate category. All operations within a category share the quota. You can find the list of included operations at https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html#category_operations. |
| Resource servers per user pool | Each supported Region: 25 |
Yes |
The maximum number of resource servers per user pool. A resource server is a server for access-protected resources. |
| Scopes per resource server | Each supported Region: 100 | No | The maximum number of scopes per resource server. A scope is a level of access (such as read or write access) that an app can request to a resource. |
| User import jobs per user pool | Each supported Region: 1,000 |
Yes |
The maximum number of user import jobs per user pool. |
| User pools per account | Each supported Region: 1,000 |
Yes |
The maximum number of user pools that you can create in this account per region. |
For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.
Amazon Cognito Federated Identities
| Name | Default | Adjustable | Description |
|---|---|---|---|
| Identity pool name size | Each supported Region: 128 Bytes | No | The maximum size of an identity pool name in bytes. |
| Identity pools per account | Each supported Region: 1,000 |
Yes |
The maximum number of identity pools per account. |
| List API call results | Each supported Region: 60 | No | The maximum number of results from a list or lookup API call. |
| Login provider name size | Each supported Region: 2,048 Bytes | No | The maximum size of a login provider name in bytes. |
| Rate of GetCredentialsForIdentity requests |
us-east-1: 2,000 us-east-2: 300 us-west-2: 300 ap-northeast-1: 500 ap-northeast-2: 300 ap-south-1: 210 eu-central-1: 300 eu-west-1: 500 Each of the other supported Regions: 200 |
Yes |
The maximum number of GetCredentialsForIdentity requests that you can make per second. |
| Rate of GetId requests |
us-east-1: 250 us-west-2: 150 af-south-1: 25 ap-northeast-1: 150 ap-northeast-2: 25 ap-northeast-3: 25 ap-south-1: 25 ap-southeast-3: 25 eu-west-1: 250 Each of the other supported Regions: 75 |
Yes |
The maximum number of GetId requests that you can make per second. |
| Rate of GetOpenIdToken requests |
us-east-2: 300 us-west-2: 300 ap-northeast-1: 500 ap-south-1: 210 eu-central-1: 300 eu-south-1: 1,000 eu-west-1: 500 me-south-1: 1,000 Each of the other supported Regions: 200 |
Yes |
The maximum number of GetOpenIdToken requests that you can make per second. |
| Rate of GetOpenIdTokenForDeveloperIdentity requests |
us-east-1: 50 us-east-2: 300 us-west-2: 300 ap-northeast-1: 500 ap-south-1: 210 eu-central-1: 300 eu-west-1: 500 Each of the other supported Regions: 200 |
Yes |
The maximum number of GetOpenIdTokenForDeveloperIdentity requests that you can make per second. |
| Rate of ListIdentities requests | Each supported Region: 5 |
Yes |
The maximum number of ListIdentities requests that you can make per second. |
| Rate of ListTagsForResource requests | Each supported Region: 10 |
Yes |
The maximum number of ListTagsForResource requests that you can make per second. |
| Rate of TagResource requests | Each supported Region: 1 |
Yes |
The maximum number of TagResource requests that you can make per second. |
| Rate of UntagResource requests | Each supported Region: 1 |
Yes |
The maximum number of UntagResource requests that you can make per second. |
| Role-based access control rules | Each supported Region: 25 | No | The maximum number of rules for role-based access control (RBAC) |
| User pool providers per identity pool | Each supported Region: 50 |
Yes |
The maximum number of Amazon Cognito user pool providers per identity pool. |
For more information, see Quotas in Amazon Cognito in the Amazon Cognito Developer Guide.
