This topic lists the limits of Resource Access Management (RAM).

Category Item Upper limit
RAM user The number of RAM users that can be created for an Alibaba Cloud account 1,000
The number of characters that the name of a RAM user can contain 64
The number of groups that a RAM user can join 5
The number of AccessKey pairs that a RAM user can create 2
The number of multi-factor authentication (MFA) devices that can be enabled for a RAM user 1
The number of system policies that can be attached to a RAM user 20
The number of custom policies that can be attached to a RAM user 10
RAM user group The number of RAM user groups that can be created for an Alibaba Cloud account 50
The number of characters that the name of a RAM user group can contain 64
The number of system policies that can be attached to a RAM user group 20
The number of custom policies that can be attached to a RAM user group 5
RAM role The number of RAM roles that can be created for an Alibaba Cloud account 1,000
The number of characters that the name of a RAM role can contain 64
The number of system policies that can be attached to a RAM role 20
The number of custom policies that can be attached to a RAM role 5
Alibaba Cloud account alias The number of characters that an account alias can contain 64
Note An account alias must be 3 to 64 characters in length.
Policy The number of characters that the name of a policy can contain 128
MFA The number of MFA devices that can be created for an Alibaba Cloud account 1,000
Custom policy The number of custom policies that can be created for an Alibaba Cloud account 1,500
The number of characters that a custom policy can contain 2,048
The number of versions that a custom policy can have 5
Identity provider (IdP) The number of IdPs that can be created for an Alibaba Cloud account 100
The number of IdP descriptors that an IdP metadata file can contain 1
The number of certificates that an IdP descriptor in an IdP metadata file can contain 2