Docker.github.io: The policy listed on this page is too long

Created on 21 Jul 2017  Â·  9Comments  Â·  Source: docker/docker.github.io

File: docker-for-aws/iam-permissions.md, CC @johndmulhausen

Just wanted to make you aware that the policy on this page throws the following error when trying to create:

"An error occurred: Cannot exceed quota for PolicySize: 5120"

I'll sort this out on my own, but since I imagine I need all of these permissions for provisioning Docker on AWS, using your CloudFormation template, I would very much appreciate any help you can provide.

Thank you!

Most helpful comment

@cwcoffman Most policies can be broken down into multiple chunks - You can then assign all of the policies to the user.
Typical breakdowns are:

  • Cloudfront
  • EC2
  • DynamoDB + logs + sqs
  • ELB
  • Lambda

The permissions are very granular, but can be shrunk via a * if desired.

All 9 comments

cc @friism @FrenchBen

@cwcoffman Most policies can be broken down into multiple chunks - You can then assign all of the policies to the user.
Typical breakdowns are:

  • Cloudfront
  • EC2
  • DynamoDB + logs + sqs
  • ELB
  • Lambda

The permissions are very granular, but can be shrunk via a * if desired.

Thanks so much for the reply. Really appreciate your time.

On Mon, Aug 14, 2017 at 2:17 PM, French Ben notifications@github.com
wrote:

@cwcoffman https://github.com/cwcoffman Most policies can be broken
down into multiple chunks - You can then assign all of the policies to the
user.
Typical breakdowns are:

  • Cloudfront
  • EC2
  • DynamoDB + logs + sqs
  • ELB
  • Lambda

The permissions are very granular, but can be shrunk via a * if desired.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/docker/docker.github.io/issues/3939#issuecomment-322312437,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALlZ5-nfoH2BVIAFkcntEqJpVx1LqAQWks5sYLlwgaJpZM4OeyhV
.

@FrenchBen Should we break up the policy on the page so that people can easily copy/paste without getting the length error?

I don't have a strong opinion on this. Feel free to do as you see fit.

My opinion - if I had understood policies better at the time, the single
policy would have made sense, and I would have been able to work around the
errors. I think it is valid to just put a simple, short paragraph
explaining this, and pointing folks to resources for breaking the policy up
if needed.

On Tue, Aug 29, 2017 at 3:53 PM, French Ben notifications@github.com
wrote:

I don't have a strong opinion on this. Feel free to do as you see fit.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/docker/docker.github.io/issues/3939#issuecomment-325827437,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALlZ50tcfcRA7rWCxAcPA6IbxDZ9wK7Uks5sdJZ8gaJpZM4OeyhV
.

We have info about this in the Cloud docs and can duplicate or link to it from here.

See #3406

If anyone still struggles with that just create role without permissions attached and attach custom inline policy later on the role page.

Was this page helpful?
0 / 5 - 0 ratings