Quotas and limits

This document lists the quotas and system limits that apply to Artifact Registry. Quotas specify the amount of a countable, shared resource that you can use, and they are defined by Google Cloud services such as Artifact Registry. System limits are fixed values that cannot be changed.

Google Cloud uses quotas to help ensure fairness and reduce spikes in resource use and availability. A quota restricts how much of a Google Cloud resource your Google Cloud project can use. Quotas apply to a range of resource types, including hardware, software, and network components. For example, quotas can restrict the number of API calls to a service, the number of load balancers used concurrently by your project, or the number of projects that you can create. Quotas protect the community of Google Cloud users by preventing the overloading of services. Quotas also help you to manage your own Google Cloud resources.

The Cloud Quotas system does the following:

  • Monitors your consumption of Google Cloud products and services
  • Restricts your consumption of those resources
  • Provides a way to request changes to the quota value

In most cases, when you attempt to consume more of a resource than its quota allows, the system blocks access to the resource, and the task that you're trying to perform fails.

Quotas generally apply at the Google Cloud project level. Your use of a resource in one project doesn't affect your available quota in another project. Within a Google Cloud project, quotas are shared across all applications and IP addresses.

There are also system limits on Artifact Registry resources. System limits can't be changed.

Artifact Registry limits the maximum rate of incoming requests and enforces quotas on a per-project and per-user basis.

See Working with quotas for information on quota policies, viewing your quota, and managing your quota.

Go to the API dashboard for your current API activity.

Quotas

Artifact Registry enforces the following quotas.

Per-project request quota

Quota Value Additional information
Requests per minute in each region or multi-region 60,000
Write requests per minute in each region or multi-region 18,000 In most cases, a single HTTP request or API call counts as a single request. However, some operations count as multiple requests. For example, a batch request like `ImportAptArtifacts` might charge quota for each item in the batch. A Docker pull or push usually makes multiple HTTP requests, so quota is charged for each request.
Delete requests per minute in each region or multi-region 18,000 Deletions requested by cleanup policies count towards the delete requests quota and deletions per day, per repository limit.

Per-user request quota

By default, projects have unlimited per-user quota. You can optionally cap per-user quota within a project. Per-user quota applies per authenticated user or per client IP address for unauthenticated requests to a public repository.

Cloud KMS quotas and Artifact Registry

When you use CMEK in Artifact Registry, your projects can consume Cloud KMS cryptographic requests quotas. For example, CMEK-encrypted repositories can consume these quotas for each upload or download. Encryption and decryption operations using CMEK keys affect Cloud KMS quotas only if you use hardware (Cloud HSM) or external (Cloud EKM) keys. Confirm that you have enough quota to enable application-layer secrets encryption for your applications and workflows. For more information, see Cloud KMS quotas.

Artifact Analysis quotas

See Artifact Analysis quotas and limits for information on scanning usage policies.

Public upstream quotas

If you use remote repositories to cache public upstream repositories, you might be subject to the upstream repositories' read and write quotas.

Usage Limits

Artifact Registry enforces the following usage limits.

Usage limit Value
Cleanup policy deletions per repository, per day 300,000
Cleanup policies per repository 10
Max data retrieval from upstream of remote repository per request 9.9 GB
Max upstream policies for virtual repositories 30
Max number of total upstream resolutions per request for virtual repositories 250
Max number of remote repository upstream resolutions per request for virtual repositories 30
Repository creation and deletion operations, per region, per minute 30

Remote Repository Limits

When you request an artifact from your remote repository, and the artifact hasn't already been cached in your remote, the artifact is requested from the upstream repository, and then stored in your remote repository. Requests to upstream hosts count against your organization’s upstream host read request limit, and caching the artifact in your remote repository uses your project’s write and request quotas. Once the artifact has been cached to your remote, requests for that artifact only count against your project's request quota.

Artifact Registry enforces the following usage limits for remote repositories.

Limit Public upstream Value
Public upstream host reads per organization, per region, per minute Default 600
Docker Hub 600
Maven Central 3000
NpmJS 1800
PyPI 1200

Limit for listing artifacts in a repository

Format-specific API requests to all formats are limited to 10,000. For example, the Docker Registry API method to list container images returns an incomplete list if a repository has more than 10,000 images or tags.

The limitation does not apply to the gcloud artifacts docker images list command or Artifact Registry API requests.

Request a quota increase

To adjust most quotas, use the Google Cloud console. For more information, see Request a quota adjustment.