Ensure that IAM policy does not exceed the identity policy quota for AWS IAM Policy

LOW

Description

Policy size exceeds identity policy quota: The characters in the identity policy, excluding whitespace, exceed the character maximum for inline and managed policies. We recommend that you use multiple granular policies.

Remediation

In AWS Console -

  1. Sign in to the AWS console and go to the IAM console.
  2. In the Navigation pane, select Policies.
  3. In the list of policies, select the policy to edit.
  4. Select the Permissions tab, and then choose Edit policy.
  5. On the review page, review the changes and click Save.

In Terraform -

  1. In the aws_iam_policy, aws_iam_role_policy, aws_iam_group_policy, and aws_iam_user_policy resources, edit the policy field so that the total allotted character length does not exceed the maximum.
    For more information on how to effectively write an IAM policy see the AWS and Terraform documentation.

References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/service_code_examples_iam.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy

Policy Details

Rule Reference ID: AC_AWS_0499
CSP: AWS
Remediation Available: No
Resource: aws_iam_policy
Resource Type: Policy

Frameworks