This topic describes Resource Access Management (RAM)-related quotas and how to increase the quotas.
Category | Item | Upper limit | Quota increase method |
RAM user | The number of RAM users that can be created within an Alibaba Cloud account | 5000 | None |
The number of characters that the name of a RAM user can contain | 64 | None | |
The maximum number of RAM user groups to which a RAM user can be added | 10 | None | |
The number of AccessKey pairs that a RAM user can create | 2 | None | |
The number of multi-factor authentication (MFA) devices that can be bound to a RAM user | 1 | None | |
The number of system policies that can be attached to a RAM user | 20 | ||
The number of custom policies that can be attached to a RAM user | 10 | ||
The number of tags that can be added to a RAM user | 20 | None | |
RAM user group | The number of RAM user groups that can be created within an Alibaba Cloud account | 300 | None |
The number of characters that the name of a RAM user group can contain | 64 | None | |
The number of system policies that can be attached to a RAM user group | 20 | ||
The number of custom policies that can be attached to a RAM user group | 10 | ||
RAM role | The number of RAM roles that can be created within an Alibaba Cloud account | 1000 | |
The number of characters that the name of a RAM role can contain | 64 | None | |
The number of system policies that can be attached to a RAM role | 20 | ||
The number of custom policies that can be attached to a RAM role | 10 | ||
Default domain name | The number of characters that can be contained in a default domain name (including the suffix) | 64 | None |
Policy | The number of characters that the name of a policy can contain | 128 | None |
Custom policy | The number of custom policies that can be created within an Alibaba Cloud account | 1500 | |
The number of characters that a custom policy can contain | 6144 | None | |
The number of versions that a custom policy can have | 5 | None | |
Identity provider (IdP) | The number of Security Assertion Markup Language (SAML) IdPs that can be created within an Alibaba Cloud account | 100 | None |
The number of SAML IdP descriptors that an IdP metadata file can contain | 1 | None | |
The number of certificates that an IdP descriptor in an IdP metadata file can contain | 2 | None | |
The number of OpenID Connect (OIDC) IdPs that can be created within an Alibaba Cloud account | 100 | None | |
The number of client IDs that can be added to an OIDC IdP | 20 | None | |
The number of fingerprints that can be added to an OIDC IdP | 5 | None |
The number of policies that can be attached to a RAM user, RAM user group, or RAM role is not affected by authorization scope. In other words, you can apply the same number of policies whether you grant permissions on a single resource group or on your Alibaba Cloud account.
RAM roles with names prefixed by
AliyunReservedSSOare provisioned by CloudSSO when an access configuration is deployed. For these roles, the limits on the number of attachable custom and system policies are configured centrally in the CloudSSO console. For more information, see Limitations of CloudSSO.