Default Limit of Different AWS Services
VPC & Subnets
Maximum number of VPCs per Region — 5
Maximum number of subnets per VPC — 200 (It can be increased by requesting aws support)
For IPv4, minimum size of a subnet is /28 (14 IP Addresses). Total number of 5 CIDR blocks can be used per VPC. (It can be increased up to 50 by requesting aws support)
For IPv4, subnet can not be larger than VPC size.
For IPv6, size of a subnet is fixed /64. Only 1 CIDR block can be used per VPC.
AWS S3
Total number of buckets per aws account — 100 (It can be increased upto 1000 by requesting aws support)
Bucket ownership can not be transferred to another account.
AWS S3 is a Global service. Still we have to choose region while creating bucket because Amazon creates bucket in a region which we specify at the time of creation to optimize latency, minimize cost etc.
Bucket names must be unique within a partition. A partition is a grouping of Regions. AWS currently has three partitions: Standard Regions, China Regions, AWS GovCloud US Regions.
Name must begins and ends with a letter which can have dot(.), hyphen(-), numbers(0–9) and lower case letters(a-z) of length between 3 and 63.
Bucket name can not have IP address. Though numbers and dots(.) are allowed in bucket name.
AWS Glue
As per AWS documentation:
Concurrent machine learning task runs per transform — 3
Label file size — 10 Megabytes
Max concurrent job runs per account — 50
Max concurrent job runs per job — 1000
Max connection per account — 1000
Max databases per account — 10000
Max databases per catalog — 10000
Max development endpoint per account — 25
Max dpus per dev endpoint — 50
Max functions per account — 100
Max functions per database — 100
Max jobs per account — 1000
Max jobs per trigger — 50
Max partitions per account — 20000000
Max partitions per table — 10000000
Max security configurations per account — 250
Max table versions per account — 1000000
Max table versions per table — 100000
Max tables per account — 1000000
Max tables per database — 200000 Megabytes
Max task dpus per account — 300
Max triggers per account — 1000
Number of Schema Registries. — 10
Number of Schema Versions. — 1000
Number of crawlers per account — 1000
Number of crawlers running concurrently per account — 50
Number of machine learning transforms — 100
Number of metadata key value pairs per Schema Version. — 10
Number of workflows — 250
Total concurrent machine learning task runs for transforms per account — 30
Security Groups
There are 2 types of security groups:
- Default Security Group :- It allows all inbound traffic from other EC2 instances associated with the default security group. It also allows all outbound traffic from the instance.
- Custom Security Group :- It allows all outbound traffic and denies all inbound traffic.
Security group rules are always permissive, we can’t create rules that deny access. We can only allow traffic in security groups. Rest of the traffic is by default ignored.
Security groups filter traffic based on protocols and port numbers.
Security groups are stateful — if we send a request from the instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.
If multiple security group are associated with one EC2 instance in that case rules of each security groups gets combined. Amazon EC2 uses this set of rules to determine whether to allow access.
