Home > Storage > ObjectScale and ECS > Product Documentation > ECS IAM Introduction > ECS IAM limitations
ECS IAM has certain limitations on its resources, such as naming the entities, characters to be used for the identities, number of policies to be attached to an entity, and the number of resources that can be linked to an entity.
Resource | Limits |
Names of users, groups, roles, and managed policies |
|
Inline policy names |
|
Policy documents |
|
Resource | Limit |
Users in a namespace | 500 |
100 | |
Roles in a namespace | 200 |
Customer-managed policies in a namespace | 500 |
ECS IAM users in a group | Equal to user quota in namespace |
Managed policies that are attached to an ECS IAM group | 10 |
Managed policies that are attached to an ECS IAM role | 10 |
Managed policies that are attached to an ECS IAM user | 10 |
Resource | Limit |
Access keys that are assigned to an ECS IAM user | 2 |
Access keys that are assigned to the namespace root user | 2 |
Groups an ECS IAM user can be a member of | 10 |
Identity providers (IdPs) associated with an ECS IAM SAML provider object | 1 |
Keys per SAML provider | 1 |
1 | |
Permissions boundaries for an ECS IAM role | 1 |
SAML providers in an AWS account | 10 |
Tags that can be attached to an ECS IAM user | 50 |
Tags that can be attached to an ECS IAM role | 50 |
Versions of a managed policy that can be stored | 5 |
Description | Limit |
Path | Only the character slash (/) is supported. |
User name | 64 characters |
128 characters | |
Role name | 64 characters |
Tag key | 128 characters |
Tag value | 0~256 characters |
Unique IDs created by ECS IAM | 128 characters |
Policy name | 128 characters |
Role trust policy JSON text (the policy that determines who is allowed to assume the role) | 2,048 characters |
Role session name | 64 characters |
Max role session duration | 12 hours |
For inline policies | You can add as many inline policies as you want to an IAM user, role, or group. But the total aggregate policy size (the sum size of all inline policies) per entity cannot exceed the following limits:
IAM does not count white space when calculating the size of a policy against these limitations. |
For managed policies |
|
For session policies |
|