Quotas and limits

This document contains the content limits for the Access Context Manager API. The content limits specified in this document are subject to change.

For quotas and limits for service perimeters, a component of VPC Service Controls, see the VPC Service Controls documentation.

Access Context Manager enforces the following limits:

  • Read requests per minute: A read request is an operation that reads an Access Context Manager resource, such as an access level. The limit is 500 requests per minute per organization.

  • Write requests per minute: A write request is an operation that creates or modifies an Access Context Manager resource, such as an access level. The limit is 50 requests per minute per organization.

  • Access policies per organization: One organization-level policy and a maximum of 50 scoped policies can exist for an organization.

  • Access levels per organization: 500

  • Conditions per access level: 40

  • List items per access level attribute (for example, the number of CIDR ranges you can include for the IP Subnetworks attribute): 200

  • VPC networks across all access levels per access policy: 500

The following limits apply specifically to custom access levels:

  • Maximum CEL list length: 200