Stay organized with collections
Save and categorize content based on your preferences.
This document describes the quotas for OS Login, which define the maximum number
of requests that your project can make to the
OS Login API.
Google Cloud uses quotas to help ensure fairness and reduce
spikes in resource use and availability. A quota restricts how much of a
Google Cloud resource your Google Cloud project can use. Quotas
apply to a range of resource types, including hardware, software, and network
components. For example, quotas can restrict the number of API calls to a
service, the number of load balancers used concurrently by your project, or the
number of projects that you can create. Quotas protect the community of
Google Cloud users by preventing the overloading of services. Quotas also
help you to manage your own Google Cloud resources.
The Cloud Quotas system does the following:
Monitors your consumption of Google Cloud products and services
In most cases, when you attempt to consume more of a resource than its quota
allows, the system blocks access to the resource, and the task that
you're trying to perform fails.
Quotas generally apply at the Google Cloud project
level. Your use of a resource in one project doesn't affect
your available quota in another project. Within a Google Cloud project, quotas
are shared across all applications and IP addresses.
Rate quotas
Any requests you make to the OS Login API count towards your OS Login quota. OS
Login usage through the Google Cloud console or Google Cloud CLI also counts towards
your quota because these services use the OS Login API. OS Login quotas apply to
your entire project and are separate for each project.
Each quota group is counted separately, so you can achieve the maximum
limit in each group simultaneously. Quotas are enforced at intervals of
every 60 seconds. If you reach a group's enforced maximum anytime within 60
seconds, you need to wait for the next interval for your quota to refresh before
you can make more requests in that group.
Per user quotas
Quota group
Details
Default quota
Read requests
Description: Quota for *.get, and
*.getLoginProfile methods.
Description: Limit for calls to the metadata server
for OS Login POSIX group lookups. If VMs don't have
OS
Login groups configured, metadata server groups quota might be
consumed, but consumption has no impact on VM performance.
OS Login makes calls to the metadata server to retrieve OS Login
groups during the following operations:
When a VM is created. OS Login caches the result.
When system processes search for a group that isn't in the cache.
If you need higher quotas than the default maximum,
request a quota adjustment.
In your request, add information showing the consumption rate in your
environment. These include
OS Login audit logs or other error
messages stating that the rate limit is exceeded.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eOS Login quotas define the maximum number of requests a project can make to the OS Login API, ensuring fair resource use and preventing service overload.\u003c/p\u003e\n"],["\u003cp\u003eQuotas are generally applied at the Google Cloud project level and are enforced at 60-second intervals, with each quota group being counted separately.\u003c/p\u003e\n"],["\u003cp\u003eThere are distinct quota limits for read requests, write requests, session start/continue attempts per user, and metadata server requests per region, each with default values.\u003c/p\u003e\n"],["\u003cp\u003eOS Login usage through the Google Cloud console or Google Cloud CLI counts toward the quota because these services utilize the OS Login API.\u003c/p\u003e\n"],["\u003cp\u003eYou can manage quotas by following API rate limit best practices, using the Google Cloud console to view and adjust them, or requesting higher limits if necessary.\u003c/p\u003e\n"]]],[],null,["# OS Login Quotas\n\n*** ** * ** ***\n\nThis document describes the quotas for OS Login, which define the maximum number\nof requests that your project can make to the\n[OS Login API](/compute/docs/oslogin/rest).\n\nGoogle Cloud uses quotas to help ensure fairness and reduce\nspikes in resource use and availability. A quota restricts how much of a\nGoogle Cloud resource your Google Cloud project can use. Quotas\napply to a range of resource types, including hardware, software, and network\ncomponents. For example, quotas can restrict the number of API calls to a\nservice, the number of load balancers used concurrently by your project, or the\nnumber of projects that you can create. Quotas protect the community of\nGoogle Cloud users by preventing the overloading of services. Quotas also\nhelp you to manage your own Google Cloud resources.\n\nThe Cloud Quotas system does the following:\n\n- Monitors your consumption of Google Cloud products and services\n- Restricts your consumption of those resources\n- Provides a way to [request changes to the quota value](/docs/quotas/help/request_increase) and [automate quota adjustments](/docs/quotas/quota-adjuster)\n\nIn most cases, when you attempt to consume more of a resource than its quota\nallows, the system blocks access to the resource, and the task that\nyou're trying to perform fails.\n\nQuotas generally apply at the Google Cloud project\nlevel. Your use of a resource in one project doesn't affect\nyour available quota in another project. Within a Google Cloud project, quotas\nare shared across all applications and IP addresses.\n\nRate quotas\n-----------\n\nAny requests you make to the OS Login API count towards your OS Login quota. OS\nLogin usage through the Google Cloud console or Google Cloud CLI also counts towards\nyour quota because these services use the OS Login API. OS Login quotas apply to\nyour entire project and are separate for each project.\n\nEach quota group is counted separately, so you can achieve the maximum\nlimit in each group simultaneously. Quotas are enforced at intervals of\nevery 60 seconds. If you reach a group's enforced maximum anytime within 60\nseconds, you need to wait for the next interval for your quota to refresh before\nyou can make more requests in that group.\n\n### Per user quotas\n\n### Per region quotas\n\nManage quotas\n-------------\n\nTo manage the quotas for your project, do the following:\n\n- Follow the best practices for [preserving API rate limits](/compute/docs/api/best-practices#preserve-API-rate-limits).\n- Use the Google Cloud console to view and edit quotas:\n\n [Go to Quotas](https://console.cloud.google.com/iam-admin/quotas?service=oslogin.googleapis.com)\n - If you want to quotas, see [Capping usage](/docs/quotas/view-manage#capping_usage).\n - If you need higher quotas than the default maximum, [request a quota adjustment](/docs/quotas/help/request_increase). In your request, add information showing the consumption rate in your environment. These include [OS Login audit logs](/compute/docs/oslogin/view-audit-logs) or other error messages stating that the rate limit is exceeded.\n\nWhat's next?\n------------\n\n- Learn more about [working with Cloud Quotas](/docs/quotas/overview).\n- Learn more about [OS Login](/compute/docs/oslogin)."]]
