Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot exceed quota for PoliciesPerRole error

See original GitHub issue

Before opening, please confirm:

I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
I have searched for duplicate or closed issues.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

Amplify CLI Version

4.45.0

What operating system are you using?

linux (amplify console build)

Amplify Categories

api

Amplify Commands

push

Describe the bug

adding { allow: private, provider: iam } @auth option on each 50+ graphql models causes the backend to fail with error Cannot exceed quota for PoliciesPerRole: 10

Expected behavior

This usually works for graphql with 4 models

Reproduction steps

Have a graphql schema with 50+ models.
Append { allow: private, provider: iam } @auth to each.
Do amplify push

Log output

UPDATE_FAILED      GraphQLSchema    AWS::AppSync::GraphQLSchema Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource update cancelled
CREATE_FAILED      AuthRolePolicy06 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy08 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy14 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy09 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy02 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy04 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy07 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy03 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy01 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy11 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:22 GMT+0000 (Coordinated Universal Time) Resource creation cancelled
CREATE_FAILED      AuthRolePolicy12 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:21 GMT+0000 (Coordinated Universal Time) Cannot exceed quota for PoliciesPerRole: 10 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: 586cc950-458a-4521-9099-da26719a5e0a; Proxy: null)
CREATE_FAILED      AuthRolePolicy10 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:21 GMT+0000 (Coordinated Universal Time) Cannot exceed quota for PoliciesPerRole: 10 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: f4804e41-b7b5-4ba6-8dab-8ec81ae1eca9; Proxy: null)
CREATE_FAILED      AuthRolePolicy05 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:21 GMT+0000 (Coordinated Universal Time) Cannot exceed quota for PoliciesPerRole: 10 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: 8f788ff0-0ccd-411a-9231-a365822669ca; Proxy: null)
UPDATE_COMPLETE    GraphQLAPIKey    AWS::AppSync::ApiKey        Wed Mar 10 2021 00:14:21 GMT+0000 (Coordinated Universal Time)
CREATE_FAILED      AuthRolePolicy13 AWS::IAM::ManagedPolicy     Wed Mar 10 2021 00:14:21 GMT+0000 (Coordinated Universal Time) Cannot exceed quota for PoliciesPerRole: 10 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: ddd71f1b-b488-420e-8526-8628b3a9419c; Proxy: null)

Upon checking api build director. Amplify generates 14 AuthRolePolicies under api stack:

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

incr3mcommented, Mar 12, 2021

@attilah I have sent you the files

0reactions

github-actions[bot]commented, May 24, 2021

This issue has been automatically locked since there hasn’t been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.

Top Results From Across the Web

python 3.x - Cannot exceed quota for PoliciesPerRole: 10

There are some limits for resources in AWS. So suppose you want to increase that limit,. Just go to. Service Quotas --> Aws...

IAM and AWS STS quotas, name requirements, and character ...

If you intend to use a role with the Switch Role feature in the AWS Management Console, then the combined Path and RoleName...

How can I increase the default managed policies or ... - YouTube

Your browser can't play this video. ... 0:28 Additional information 1:06 How to request a service quota increase 2:38 More options 3:55 ...

Quotas and limits | IAM Documentation - Google Cloud

Limits cannot be changed. Quotas. By default, the following IAM quotas apply to every Google Cloud project, with the exception of workforce identity...

While adding/updating an SSL Certificate on an AWS server I ...

An exception occurred in your cloud in adding certificate to IAM: Cannot exceed quota for ServerCertificatesPerAccount: 20.