IAM has certain limitations on its resources such as naming the entities, characters to be used for the identities, number of policies to be attached to an entity, and the number of resources that can be linked to an entity.
NOTE:Paths are not supported for IAM entities.
IAM entity name limits
Resource
Limits
Names of users, groups, roles, and managed policies
Must be unique within the account.
Must be alphanumeric and it may include any of these special characters: Plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-).
NOTE:These names are case insensitive.
Inline policy names
Must be unique to the user, group, or to the role that they are embedded in.
Can contain any Basic Latin (ASCII) characters except these special characters: Backward slash (\), forward slash (/), asterisk (*), question mark (?), and space. These characters are reserved according to the RFC (Request for Comments) 3986 Internet standard.
Policy documents
Can contain these Unicode characters: horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range from U+0020 to U+00FF.
IAM entity object limits
Resource
Limit
Customer managed policies in an account
500
Groups in an account
100
Roles in an account
200
Managed policies that are attached to an IAM group
10
Managed policies that are attached to an IAM role
10
Managed policies that are attached to an IAM user
10
IAM users in a group
Equal to user quota in an account
Users in an account
500
IAM entities limits
Resource
Limit
Access keys that are assigned to an IAM user
2
Access keys that are assigned to the account root user
2
Groups an IAM user can be a member of
10
Identity providers (IdPs) associated with an IAM SAML provider object
10
Keys per SAML provider
1
Managed policies attached to an IAM group
10
Permissions boundaries for an IAM user
1
Permissions boundaries for an IAM role
1
SAML providers in an AWS account
10
Tags that can be attached to an IAM user
50
Tags that can be attached to an IAM role
50
Versions of a managed policy that can be stored
5
IAM entity character limits
Description
Limit
Path
512 characters
User name
64 characters
Group name
128 characters
Role name
64 characters
Tag key
128 characters
Tag value
256 characters
NOTE:Tag values can be empty. That is, tag values can have a length of 0 characters.
Unique IDs created by IAM
128 characters
Policy name
128 characters
Role trust policy JSON text (the policy that determines who is allowed to assume the role)
2,048 characters
Role session name
64 characters
Max role session duration
24 hours
For inline policies
You can add as many inline policies as you want to an IAM user, role, or group. But the total aggregate policy size (the sum size of all inline policies) per entity cannot exceed the following limits:
User policy size cannot exceed 2,048 characters.
Role policy size cannot exceed 10,240 characters.
Group policy size cannot exceed 5,120 characters.
NOTE:IAM does not count white space when calculating the size of a policy against these limitations.
For managed policies
You can add up to 10 managed policies to an IAM user, role, or group.
The size of each managed policy cannot exceed 6,144 characters.
NOTE:IAM does not count white space when calculating the size of a policy against these limitations.
For session policies
You can pass only one JSON policy as a parameter when you programmatically create a temporary session for a role or federated user.
The size of each session policy cannot exceed 2,048 characters.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\