The Magic Number 5 in AWS

Heidi N. Heidi N.

Heidi N.

DevSecOps Engineer | Paas| IaC| Automation| Microservices | Java, AWS, Docker, Kubernetes| AWS EKS | CI/CD | Data and GenAI| Mathematics | Team Leader | Learner| Thinker| Problem Solver

发布日期: 2025年3月21日
+ 关注

The number five is indeed magical! it appears in nature (five fingers on each hand, five senses) and even in iconic structures like the Pentagon. But did you know AWS also has a secret love for the number 5?

Across various AWS services, 5 is a common default limit, balancing resource allocation, performance, and scalability. Let’s explore some of the magical ways AWS uses this number!

AWS Well-Architected Framework

The AWS Well-Architected Framework is built around five pillars :

  • Operational Excellence: Run and monitor systems to deliver business value.
  • Security: Protect information and systems.
  • Reliability: Ensure workloads perform correctly.
  • Performance Efficiency: Use resources efficiently.
  • Cost Optimization: Avoid unnecessary costs.

AWS Limits Set to 5

1. CloudTrails per Region

You can configure up to 5 CloudTrails per region. This ensures customers don’t accidentally generate excessive logs, leading to high costs and storage bloat.

2. VPCs per Region

By default, each AWS account can create up to 5 VPCs per region. While this can be increased upon request, it helps prevent network sprawl.

  • IPv4 CIDR blocks per VPC: 5
  • IPv6 CIDR blocks per VPC: 5

3. NAT Gateways per Availability Zone

Each Availability Zone supports up to 5 NAT gateways for balancing performance and cost. While NAT gateways help instances access the internet securely, too many can be expensive!

4. Internet Gateways per Region

By default, an AWS account can have 5 Internet Gateways per region, ensuring controlled access to external networks.

  • Egress-only Internet Gateways per Region: 5

5. Security Groups per Network Interface

A single AWS network interface can be associated with up to 5 security groups. Any more, and you might run into rule conflicts or complexity.

6. Reserved IPs in Subnets

AWS reserves 5 IP addresses per subnet for critical networking functions:

  • .0 – Network address
  • .1 – VPC router
  • .2 – DNS server
  • .3 – Future AWS use
  • .255 – Reserved for broadcast (in older setups)

For example, if you create a /28 subnet (16 IPs), only 11 are usable!

7. Elastic IP Addresses per Region

Each AWS account is allocated 5 Elastic IP addresses per region by default. Because public IPv4 addresses are scarce, AWS enforces this limit to encourage efficient usage.

8. Limits in API Gateway

  • CreateResource – 5 requests per second
  • DeleteResource – 5 requests per second
  • GetResource – 5 requests per second

Conclusion

AWS seems to have a fascination with the number 5—or multiples of 5 (which we didn’t explore this time)! Whether it’s VPCs, NAT gateways, or Elastic IPs, these limits help ensure a balanced and scalable cloud architecture.

So next time you hit an AWS limit, take a moment to appreciate the Magic 5—and then submit that support ticket! ??

Note that most of these "Magic 5" limits are soft limits, meaning you can request an increase via AWS Support. But they exist for a reason: to prevent over-provisioning, improve performance, and keep things manageable.

References:

  1. VPC Limits: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
  2. API Gateway Limits: https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html


mayank pandey

knows a few things about Cloud and building systems ...

1 天前

You observed a good pattern here Heidi. Some of us just like to choose in multiples of 5.

回复
1 次回应

要查看或添加评论,请登录

Heidi N.的更多文章