How can I increase the default managed policies or character size limit for an IAM role or user?
Last updated: 2020-06-16
I want to attach more than 10 managed policies or increase the character size limit for an AWS Identity and Access Management (IAM) role or user.
The maximum limit for attaching a managed policy to an IAM role or user is 10. The maximum character size limit for managed policies is 6,144. For more information, see IAM object limits and IAM and STS character limits.
If you have reached the managed policy or character size limit for an IAM group or user, then use the following workaround depending on your scenario.
Create another IAM group. You can have up to 300 IAM groups per account. Attach the managed policy to the IAM role or user instead of the IAM group. You can attach up to 10 managed policies to IAM roles and users.
Create more IAM groups and attach the managed policy to the group. You can assign IAM users to up to 10 groups. You can also attach up to 10 managed policies to each group, for a maximum of 110 policies (10 managed policies attached to the IAM user, 10 IAM groups, with 10 policies each).
Combine managed policies
Combine multiple managed policies into a single policy. You can add up to 6,144 characters per managed policy.
Reduce the character size of the managed policies
Remove duplicate permissions by putting all actions with the same Effect, combine resource and condition statements, and remove unnecessary statements such as Sid. Use wildcards (*) for actions with the same suffix or prefix.
Use inline policies instead of managed policies
Important: It's a best practice to use customer managed policies instead of inline policies.
You can use as many inline policies as you want, but the aggregate policy size can't exceed the character limits. The inline policy character limits are 2,048 for users, 10,240 for roles, and 5,120 for groups.