Reputation: 75
What is the best way to consolidate IAM policies for a user group?
IAM has a limit of 10 policies per group and this is not adjustable according to Service Quotas. I have users that need to use 20 policies. Since the policy limit is 10 per group I created a custom policy combining all of them but halfway through I get this error,
"Your policy character exceeds the non-whitespace character limit of 6,144."
According to Service Quotas, this is also non-adjustable. How do I get around this? I do not want to make these users full admins or power users.
Edit: I should add that I am configuring the permissions this way to meet the control IAM.2 for CIS AWS Foundations Benchmark v1.4.0, NIST SP 8000-53 Rev. 5 and PCI DSS, which states that IAM users should not have IAM policies attached.
Upvotes: 0
Views: 1436
Answers (1)
Reputation: 1089
You could create multiple Roles and allow your users to assume them.
So you could create a separate Role for every task, each with the specific policies attached to it.
Upvotes: 0
Related Questions
- How to restrict AWS Cognito users from taking certain actions?
- What is the best way to pass AWS credentials to a Docker container?
- Cognito Group Limitations
- Amazon SES Exception: IAM User is not authorized to perform `ses:SendRawEmail' on resource
- How to set policy for IAM user group?
- In AWS IAM, What is the Purpose/Use of the "Path" Variable?
- What is the IAM User Attributes?
- AWS: what is the most secure way to combine CKM policies and IAM policies?