Added disclaimer on AWSCT throttling

yelevin · yelevin · commit df1a7522c08b · 2020-05-27T16:57:14.000+03:00
diff --git a/articles/sentinel/connect-aws.md b/articles/sentinel/connect-aws.md
@@ -22,6 +22,9 @@ ms.author: yelevin
 Use the AWS connector to stream all your AWS CloudTrail events into Azure Sentinel. This connection process delegates access for Azure Sentinel to your AWS resource logs, creating a trust relationship between AWS CloudTrail and
 Azure Sentinel. This is accomplished on AWS by creating a role that gives permission to Azure Sentinel to access your AWS logs.
 
+> [!NOTE]
+> AWS CloudTrail has [built-in limitations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) in its LookupEvents API. It allows no more than two transactions per second (TPS) per account, and each query can return a maximum of 50 records. Consequently, if a single tenant constantly generates more than 100 records per second in one region, backlogs and delays in data ingestion will result.
+
 ## Prerequisites
 
 You must have write permission on the Azure Sentinel workspace.
