Default limits for IAM entities:
| Resource | Default Limit |
|---|---|
| Customer managed policies in an AWS account | 1500 |
| Groups in an AWS account | 300 |
| Roles in an AWS account | 1000 |
| Managed policies attached to an IAM role | 10 |
| Managed policies attached to an IAM user | 10 |
| Virtual MFA devices (assigned or unassigned) in an AWS account | Equal to the user quota for the account |
| Instance profiles in an AWS account | 1000 |
| Server certificates stored in an AWS account | 20 |
Limits for IAM entities:
| Resource | Limit |
|---|---|
| Access keys assigned to an IAM user | 2 |
| Access keys assigned to the AWS account root user | 2 |
| Aliases for an AWS account | 1 |
| Groups an IAM user can be a member of | 10 |
| IAM users in a group | Equal to the user quota for the account |
| Users in an AWS account | 5000 (If you need to add a large number of users, consider using temporary security credentials.) |
| Identity providers (IdPs) associated with an IAM SAML provider object | 10 |
| Keys per SAML provider | 10 |
| Login profiles for an IAM user | 1 |
| Managed policies attached to an IAM group | 10 |
| Permissions boundaries for an IAM user | 1 |
| Permissions boundaries for an IAM role | 1 |
| MFA devices in use by an IAM user | 1 |
| MFA devices in use by the AWS account root user | 1 |
| Roles in an instance profile | 1 |
| SAML providers in an AWS account | 100 |
| Signing certificates assigned to an IAM user | 2 |
| SSH public keys assigned to an IAM user | 5 |
| Tags that can be attached to an IAM role | 50 |
| Tags that can be attached to an IAM user | 50 |
| Versions of a managed policy that can be stored | 5 |