When onboarding multiple asset types (more than 5), some customers may encounter stack deployment failures due to the PoliciesPerRole quota being exceeded in their AWS account. This quota limits the number of policies that can be attached to a single IAM role.
To resolve this, you must request a quota increase for the account where the stack is being deployed.
Procedure
AWS IAM roles have a default limit of 10 managed policies per role. This is a soft limit, meaning it can be increased via the AWS Service Quotas console without any intervention from AWS Support.
Note
Since IAM quotas is a global quota, the quota must be updated in the us-east-1 region, where IAM quotas are managed globally.
-
Switch to the us-east-1 region.
-
Open the AWS Service Quotas dashboard (navigate to the AWS Console, search for "service quotas", and then select Service Quotas).
The Service Quotas dashboard appears.
-
Select AWS Services from the left-hand navigation.
-
In the AWS services field, search for and then select AWS Identity and Access Management (IAM).
The AWS Identity and Access Management (IAM) page appears.
-
Perform the following steps:
-
Search for "Managed policies per role".
-
Select the Managed policies per role button.
-
Click Request increase at account.
The Request quota increase: Managed policies per role dialog box appears.
-
-
In the Increase quota value field, enter the desired value (for example, 15).
-
Click Request.