如何用地形修复AWS中的LimitExceeded问题？

Question

当我运行terraform应用程序时，得到以下错误：

running "...terraform apply" in ".../aws-config": exit status 1
module.aws_config_role.aws_iam_policy.default: Modifying... [id=arn:aws:iam::10391031030:policy/my-aws-config-role]

Error: Error updating IAM policy arn:aws:iam::10391031030:policy/my-aws-config-role: LimitExceeded: Cannot exceed quota for PolicySize: 6144
    status code: 409, request id: 313b0l20-a29d-0121-la32-01210d0103c01

事实上，这项任务将更新IAM策略，并添加许多新的项目，从地形计划中知道：

~ update in-place

Terraform will perform the following actions:

  # module.aws_config_role.aws_iam_policy.default will be updated in-place
~ resource "aws_iam_policy" "default" {
        arn    = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        id     = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        name   = "my-aws-config-role"
        path   = "/"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                            "..." // old
                            "..." // old
                            "..." // old
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          ...

 Plan: 0 to add, 1 to change, 0 to destroy.

在aws提供程序版本升级之后，得到了此更改。如何避免呢？忽略此任务，还是可以扩展AWS的多层大小？

Answer 1

托管策略的6144字符限制来自AWS，而不是TF。因此，您必须从AWS的角度来修复/解决它，而不是TF。

您可以遵循正式的AWS推荐的建议：

• 如何提高IAM角色或用户的默认托管策略或字符大小限制？