I'm trying to polish the organization of my IAM roles in Amazon and their access to permissions.
I have groups, with policies attached, which map to groups within my company. I have reached the 10-policy limit on some groups.
So, users have a 10-policy limit, and a 10-group limit. If I want to keep things tidy, I can't start creating groups just for the sake of bundling unrelated policies together to try and keep everything under the limit of 10.
How is one supposed to organize permissions?
Two options:
Create a customer-managed policy that consolidates the access the user(s) need [Recommended]
Request that AWS raise its 10 managed policies attached to role limit for your account at the link below. That is a soft limit which you can request to be increased. Note that roles attached to groups are hard limits and cannot be increased. https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html