Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

The selected policies exceed this account's quota

-1

Hi re:Post!

Just got notice that this question was "flagged" , but it did not say what for. So I assuming it's the account ID and User info, which I will remove now. Account ID: IAM user:

I am attempting to attach a "Customer Managed" policy I made (via "Create inline policy" called "Lambda_Functions_Perms") to my IAM user account via "Attach Polices Directly" method but I am receiving this error message when clicking "Next" -->

"The selected policies exceed this account's quota"

Reading about "AWS IAM policy quotas", I find:

"Customer Managed Policies per Account: You can create up to 1,500 customer-managed policies in an AWS account (this limit is adjustable)."

Question_01: How can adjust this limit to a higher value?

Question_02: What are the costs associated with higher value limits?

Please advise!

Thanks!

Best Regards,

Donald

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English

asked a year ago2.3K views

1 Answer
0
Accepted Answer

It appears there's a misunderstanding about the error you're encountering. The error "The selected policies exceed this account's quota" is likely not referring to the number of customer managed policies in your account, but rather to a different quota limitation.

When you see this error while trying to attach an inline policy, it's typically related to one of these limitations:

  1. Policy size limit: IAM policies have a size limit of 6,144 characters. If your inline policy is too large, you'll get this error.

  2. Number of policies per identity: There are limits on how many policies can be attached to a single IAM entity (user, group, or role).

  3. Policy complexity: The policy might be too complex in terms of the number of statements or conditions.

To address your specific questions:

Question 1: If you need to increase the number of customer managed policies in your account (which is currently 1,500), you can request a quota increase through the AWS Service Quotas console. However, based on your error message, it's more likely you're hitting a different limit related to the specific user or the policy itself.

Question 2: There are no direct costs associated with increasing IAM policy quotas. AWS IAM is a free service, and you're only charged for the AWS resources that your users access. Increasing policy quotas doesn't incur additional charges.

To resolve your current issue, you could try:

  • Simplifying your policy by breaking it into smaller, more focused policies
  • Using managed policies instead of inline policies where appropriate
  • Reviewing existing policies attached to your user to see if any can be consolidated or removed
  • Checking if you've reached the maximum number of inline policies allowed for your IAM user

If you continue to experience issues, you might want to check the exact quota you're exceeding by reviewing your account's Service Quotas or contacting AWS Support for more specific guidance.
Sources
"Google::Cloud::ResourceExhaustedError" for "translate.googleapis.com" | AWS re:Post
permission set limition(20) | AWS re:Post

answered a year ago

  • DC
    a year ago

    Regarding: "The error "The selected policies exceed this account's quota" is likely not referring to the number of customer managed policies in your account, but rather to a different quota limitation." But I got the error when trying to apply a customer managed policy to my account. So the policy was created but I got the quota error when trying to add it to my user account which only has (13) permission policies at this time. Please advise! Thank you for your time and help! Best Regards, Donald

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content