LimitExceeded
policy
resource_error
ai_generated
true
错误:放置 IAM 策略时出错:LimitExceeded:不能超过 PolicySize 配额:5120
Error: Error putting IAM policy: LimitExceeded: Cannot exceed quota for PolicySize: 5120
ID: policy/terraform-aws-iam-policy-size-limit
85%修复率
90%置信度
1证据数
2023-07-05首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| AWS IAM | active | — | — | — |
| Terraform v1.5+ | active | — | — | — |
根因分析
AWS IAM 策略文档最大大小为 5120 个字符(包括空格),生成的策略因资源 ARN 或条件过多而超出此限制。
English
AWS IAM policy document has a maximum size of 5120 characters (including whitespace), and the generated policy exceeds this limit due to many resource ARNs or conditions.
官方文档
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html解决方案
-
将策略拆分为多个托管策略,并附加到同一角色或用户。
-
如果安全允许,使用资源 ARN 中的通配符来减小策略大小。
无效尝试
常见但无效的做法:
-
95% 失败
This increases the policy size further, making the error worse.
-
60% 失败
Inline policies have the same 5120 character limit and are harder to manage at scale.