Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I increase the default size quota for managed policies or character size for an IAM user or role?

3 minute read
2

I want to increase the default size quota for managed policies or character size for an AWS Identity and Access Management (IAM) user or role.

Short description

The maximum quota for a managed policy that's attached to an IAM role or user is 20. The maximum character size limit for managed policies is 6,144. To view the default and maximum adjustable quota values, see the IAM resource quota table.

The default quota for IAM managed policies per user, role, or group is 10. To increase the default quota for a user or role from 10 to up to 20, you must submit a quota increase request.

Note:

  • You can only request an increase to default quotas that are adjustable.
  • IAM quota increase requests are available only in the US East (N. Virginia) AWS Region.

For more information, see How do I request an increase to my IAM quota?

Resolution

If you reached the managed policy or character size quota for an IAM group, user, role, or policy, then use the following workarounds as needed.

IAM users

Create more IAM groups and attach the managed policy to the group.

Note: An IAM user can directly attach a maximum of 20 managed policies. An IAM group can attach up to 10 managed policies, and an IAM user can join up to 10 groups. Therefore, a user can receive 100 managed policies through group membership (10 groups × 10 policies each). The user can attach 20 policies directly. This brings the total maximum to 120 managed policies.

IAM groups

Create another IAM group. You can have up to 300 IAM groups per AWS account. Attach the managed policy to the IAM user instead of the IAM group. You can attach up to 20 managed policies to IAM roles and users.

Combine managed policies

Combine multiple managed policies into a single policy. You can add up to 6,144 characters per managed policy.

Reduce the character size of the managed policies

To remove duplicate permissions:

  • Combine all actions with the same Effect.
  • Combine resource and condition statements.
  • Remove unnecessary statements such as Sid.
  • Use wildcards (*) for actions with the same suffix or prefix.

You can also use the NotAction and NotResource policy elements to shorten the policy. Use these policy elements to list only a few actions that must not match, rather than a long list of actions that match.

Use inline policies instead of managed policies

You can use as many inline policies as you want, but the aggregate policy size can't exceed the character limits. The IAM inline policies character limits are 2,048 for users, 10,240 for roles, and 5,120 for groups.

Important: It's a best practice to use managed policies instead of inline policies.

Related information

How do I manage my AWS service quotas?

Requesting a quota increase

Verifying your quota request

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English

Related videos

Watch Aarti's video to learn more (4:10)
Watch Aarti's video to learn more (4:10)
AWS OFFICIALUpdated 5 months ago
No comments

Relevant content