Resolution
----------

### Reduce the character size of the inline policy

If you reach the [inline policy or character size quota](https://docs.aws.amazon.com/singlesignon/latest/userguide/limits.html#awsaccountlimits), then use the following workarounds to optimize the permission set size:

*   Remove optional elements, such as **Sid**, as IAM Identity Center includes these elements in the total number of characters allowed.
*   Review existing policies and remove duplicate permissions. For example, put all actions with the same **Effect**, **Resource**, and **Conditions** in one statement instead of multiple statements.  
    **Example:** "Action": \[ "ec2:StartInstances", "iam:ChangePassword", "s3:GetObject" \]
*   Use wildcard ("\*") for actions with the same suffixes or prefixes. For example, if an action has **ec2:DescribeInstances**, **ec2:DescribeTags**, and **ec2:DescribeSubnets** in the policy, then join them as **ec2:Describe\***.
*   Aggregate JSON policy statements.
*   Use the [NotAction](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html) and [NotResource](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html) policy elements to shorten the policy. Use these policy elements to list actions that must not match, rather than a long list of actions that match.

### Use managed policies instead of inline policies

Instead of inline policies, you can use managed policies. The maximum character size limit for each managed policy is 6,144 characters. By default, you can attach up to 10 managed policies to a permission set. You can increase this limit to 25 policies.

To increase the default quota, request an increase to the IAM quota **Managed policies per role** in the Service Quotas console. You must request this increase for each AWS Account where you want to provision the permission set. For more information, see [How do I increase my IAM quota?](https://repost.aws/knowledge-center/iam-quota-increase)

Related information
-------------------

[How do I increase the default size quota for managed policies or character size for an IAM user or role?](https://repost.aws/knowledge-center/iam-increase-policy-size)

[Requesting a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html)

I want to reduce the size of policies that are associated with an AWS IAM Identity Center permission set.

Optimize an IAM Identity Center permission set policy size

How do I reduce a policy size within an IAM Identity Center permission set?

Security, Identity, & Compliance

Support Automation Workflow (SAW) Runbook: Contain a compromised Identity and Access Management (IAM) User/Role

How do I increase the default size quota for managed policies or character size for an IAM user or role?

How do I resolve a 402 status error in IAM Identity Center?

How can I resolve the IAM Identity Center error message "This permission set is currently provisioned in ## AWS accounts"?

How do I manage the SCP character size limit or number of SCPs for an AWS Organization?

Where to create finegrained access policies?

Permissions Boundaries and IAM Identity Center Permissions Sets

Why can't (multiple) user managed policies be added to an SSO Permission Set?

How allow s3:putobject with inline policy only for the buckets belonging to a specific AWS account ?

No access error during access to Management Console from the Access Portal for an IAM Identity Center's user with AdministratorAccess &/| PowerUserAccess permission sets

How do I reduce a policy size within an IAM Identity Center permission set?

Resolution

Reduce the character size of the inline policy

Use managed policies instead of inline policies

Related information

Relevant content