Service Limitations

Service Quotas

Maximum secrets per region: 500,000

Secret value size: 64 KB maximum

Maximum versions per secret: 100

Tags per secret: 50

Secret name length: 1-512 characters

API Rate Limits

Read Operations

GetSecretValue: 5,000 requests per second per region

Write Operations

CreateSecret, UpdateSecret: 50 requests per second

List Operations

ListSecrets: 100 requests per second per region

Secret Limits

Max secrets: 500,000
Name length: 1-512 chars
Value size: 64 KB
Description: 2,048 chars

Rotation Limits

Min interval: 1 day
Max interval: 365 days
Concurrent: 10 per secret
Window: 24 hours max

Version Limits

Max versions: 100
Labels per version: 20
Label length: 1-63 chars
Deletion: 7-30 days

Tagging Limits

Tags per secret: 50
Key length: 1-128 chars
Value length: 0-256 chars
System tags: aws: reserved

Cost Considerations

$0.40

Per Secret/Month

Regardless of size or usage

$0.05

Per 10,000 API Calls

Beyond free tier

Additional Costs

KMS, Lambda, data transfer

Scale Management

Implement caching to reduce API calls
Use connection pooling
Batch operations where possible
Monitor quotas proactively

Rotation Optimization

Stagger rotation schedules
Use multi-user rotation
Proper error handling and retries
Monitor rotation metrics

Cost Optimization

Consolidate related secrets
Clean up unused secrets
Optimize API call patterns
Use appropriate caching

Exam Strategy Tip

Remember key limits: 64KB secret size, 500,000 secrets per region, 100 versions per secret, and 50 tags per secret. GetSecretValue has the highest rate limit at 5,000 RPS, while write operations are limited to 50 RPS.

Back to Monitoring Next: Questions & Answers