ECS IAM has certain limitations on its resources such as naming the entities, characters to be used for the identities, number of policies to be attached to an entity, and the number of resources that can be linked to an entity.
NOTE: Paths are not supported for IAM entities.
ECS IAM entity name limits
Resource
Limits
Names of users, groups, roles, and managed policies
Must be unique within the namespace.
Must be alphanumeric and it may include any of these special characters: Plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-).
NOTE: These names are case insensitive.
Inline policy names
Must be unique to the user, group, or to the role that they are embedded in.
Can contain any Basic Latin (ASCII) characters except these special characters: Backward slash (\), forward slash (/), asterisk (*), question mark (?), and space. These characters are reserved according to the
RFC (Request for Comments) 3986 Internet standard.
Policy documents
Can contain these Unicode characters: horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range from U+0020 to U+00FF.
ECS IAM entity object limits
Resource
Limit
Users in a namespace
500
Groups in a namespace
100
Roles in a namespace
200
Customer-managed policies in a namespace
500
ECS IAM users in a group
Equal to user quota in namespace
Managed policies that are attached to an ECS IAM group
10
Managed policies that are attached to an ECS IAM role
10
Managed policies that are attached to an ECS IAM user
10
ECS IAM entities limits
Resource
Limit
Access keys that are assigned to an ECS IAM user
2
Access keys that are assigned to the namespace root user
2
Groups an ECS IAM user can be a member of
10
Identity providers (IdPs) associated with an ECS IAM SAML provider object
1
Keys per SAML provider
1
Permissions boundaries for an ECS IAM user
1
Permissions boundaries for an ECS IAM role
1
SAML providers in an AWS account
10
Tags that can be attached to an ECS IAM user
50
Tags that can be attached to an ECS IAM role
50
Versions of a managed policy that can be stored
5
ECS IAM entity character limits
Description
Limit
Path
Only the character slash (/) is supported.
User name
64 characters
Group name
128 characters
Role name
64 characters
Tag key
128 characters
Tag value
256 characters
NOTE: Tag values can be empty. That is, tag values can have a length of 0 characters.
Unique IDs created by ECS IAM
128 characters
Policy name
128 characters
Role trust policy JSON text (the policy that determines who is allowed to assume the role)
2,048 characters
Role session name
64 characters
Max role session duration
12 hours
For inline policies
You can add as many inline policies as you want to an IAM user, role, or group. But the total aggregate policy size (the sum size of all inline policies) per entity cannot exceed the following limits:
User policy size cannot exceed 2,048 characters.
Role policy size cannot exceed 10,240 characters.
Group policy size cannot exceed 5,120 characters.
NOTE: IAM does not count white space when calculating the size of a policy against these limitations.
For managed policies
You can add up to 10 managed policies to an IAM user, role, or group.
The size of each managed policy cannot exceed 6,144 characters.
NOTE: IAM does not count white space when calculating the size of a policy against these limitations.
For session policies
You can pass only one inline policy or specify up to 10 managed policy ARNs when assuming a role.
The size of each session policy cannot exceed 2,048 characters.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\