All Products
Search
Document Center

Resource Access Management:Limits

Last Updated:Aug 29, 2023

This topic describes the limits of Resource Access Management (RAM).

Category

Item

Upper limit

RAM user

The number of RAM users that can be created within an Alibaba Cloud account

5000

The number of characters that the name of a RAM user can contain

64

The maximum number of RAM user groups to which a RAM user can be added

10

The number of AccessKey pairs that a RAM user can create

2

The number of multi-factor authentication (MFA) devices that can be bound to a RAM user

1

The number of system policies that can be attached to a RAM user

20

The number of custom policies that can be attached to a RAM user

10

The number of tags that can be added to a RAM user

20

RAM user group

The number of RAM user groups that can be created within an Alibaba Cloud account

300

The number of characters that the name of a RAM user group can contain

64

The number of system policies that can be attached to a RAM user group

20

The number of custom policies that can be attached to a RAM user group

10

RAM role

The number of RAM roles that can be created within an Alibaba Cloud account

1000

The number of characters that the name of a RAM role can contain

64

The number of system policies that can be attached to a RAM role

20

The number of custom policies that can be attached to a RAM role

10

Default domain name.

The number of characters that can be contained in a default domain name (including the suffix).

64

Policy

The number of characters that the name of a policy can contain

128

Multi-factor authentication (MFA)

The number of virtual MFA devices or U2F security keys that can be created within an Alibaba Cloud account

1000

Custom policy

The number of custom policies that can be created within an Alibaba Cloud account

1500

The number of characters that a custom policy can contain

6144

The number of versions that a custom policy can have

5

Identity provider (IdP)

The number of Security Assertion Markup Language (SAML) IdPs that can be created within an Alibaba Cloud account

100

The number of SAML IdP descriptors that an IdP metadata file can contain

1

The number of certificates that an IdP descriptor in an IdP metadata file can contain

2

The number of OpenID Connect (OIDC) IdPs that can be created within an Alibaba Cloud account

100

The number of client IDs that can be added to an OIDC IdP

20

The number of fingerprints that can be added to an OIDC IdP

5

Note
  • The number of policies that can be attached to a RAM user, RAM user group, or RAM role is not affected by authorization scope. In other words, you can apply the same number of policies whether you grant permissions on a single resource group or on your Alibaba Cloud account.

  • This topic lists only the default quotas for the items. The quotas of specific items are adjustable. To apply for a quota increase, go to the Quota Center page. You can configure quotas for a wide range of Alibaba Cloud services in Quota Center. For more information, see Services that work with Quota Center.