Reputation: 2544
Create IAM Role dynamically per application users
I would like to create AWS IAM role per my application users. 1 user to have 1 IAM role and the number of users can be like 100,000 users.
I do so that I can revoke STS temporary credentials when the user logout from my application. or revoke s3 presiged url.
Is there some limitation to create such large number of role in AWS?
Upvotes: 1
Views: 739
Answers (1)
Reputation: 238597
The number of IAM roles is limited to 1000 per account.
You would have to contact AWS support to try to increase the limit, but I doubt you would get the limit increased to 100,000. I think better way would be to rethink your design.
For example, using Cognito you could work with federated identities to which would would assign IAM roles. This way you could have fewer roles, and a user login out he/she will not have access to your AWS resources. To regain access, your uses would have to login using Cognito again.
Upvotes: 1
Related Questions
- Mimic user permissions on AWS EC2 instances using IAM roles
- Role-based cross-account S3 access
- How to change user 'role' per request in Amazon AWS S3 bucket?
- Granting access to S3 resources based on role name
- Allow multiple users access to private S3 folder using IAM roles
- AWS: Assinging IAM roles to IAM users
- IAM role based on an existing set of credentials from another account
- How do I limit access to S3 Bucket for particular IAM Role?
- AWS IAM Policy to allow user to create IAM User with specific Policy/Roles
- iam user per application