LimitExceeded
policy
resource_error
ai_generated
true
Error: Error putting IAM policy: LimitExceeded: Cannot exceed quota for PolicySize: 5120
ID: policy/terraform-aws-iam-policy-size-limit
85%Fix Rate
90%Confidence
1Evidence
2023-07-05First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| AWS IAM | active | — | — | — |
| Terraform v1.5+ | active | — | — | — |
Root Cause
AWS IAM policy document has a maximum size of 5120 characters (including whitespace), and the generated policy exceeds this limit due to many resource ARNs or conditions.
generic中文
AWS IAM 策略文档最大大小为 5120 个字符(包括空格),生成的策略因资源 ARN 或条件过多而超出此限制。
Official Documentation
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.htmlWorkarounds
-
85% success Split the policy into multiple managed policies and attach them to the same role or user.
Split the policy into multiple managed policies and attach them to the same role or user.
-
70% success Use wildcards in resource ARNs to reduce policy size (if security allows).
Use wildcards in resource ARNs to reduce policy size (if security allows).
中文步骤
将策略拆分为多个托管策略,并附加到同一角色或用户。
如果安全允许,使用资源 ARN 中的通配符来减小策略大小。
Dead Ends
Common approaches that don't work:
-
95% fail
This increases the policy size further, making the error worse.
-
60% fail
Inline policies have the same 5120 character limit and are harder to manage at scale.