permission set limition(20)

Question

Hi,

I'll start from the end, we have a problem creating permission set with more than 20 managed policies.
We want to create a permission set per working team in our company that will allow for example to Dev team to use 30 services (every service in different permissions - EC2 as administrator and S3 as read only for example.)
the problem is that permission set have limit of 20 managed policies, and we don't want to use costumer managed policy because we don't want to warry if AWS add/remove/change permission so what will happen to the missing/changed permission and how it effect the end users.

Accepted Answer

Hi

Here are the alternatives you can consider "Specifically to Your requirement"

* Create more **IAM groups and attach the managed policy to the group**. You can assign IAM users to up to 10 groups. You can also attach up to 10 managed policies to each group, for a maximum of 120 policies (20 managed policies attached to the IAM user, 10 IAM groups, with 10 policies each). More Information - https://repost.aws/knowledge-center/iam-increase-policy-size
* Create a single, high-level permission set with the core permissions common to all teams. Establish **permissions boundaries for each team** - Refer https://aws.amazon.com/blogs/security/when-and-where-to-use-iam-permissions-boundaries/
* Use **IAM Switch Roles**, Lets assume "Developer-Role" - Max 20 Policies and tell your team to switch role if they want to acess other services other than the permissions they have.

permission set limition(20)

Relevant content