(3.7.0‐3.8.0) ParallelCluster API Deployment fails due to IAM Policy size exceeding service limits

Question

(3.7.0‐3.8.0) ParallelCluster API Deployment fails due to IAM Policy size exceeding service limits

francesco-giordano opened this issue 4 months ago · comments

Francesco Giordano commented 4 months ago

Bug description

The deployment of the ParallelCluster API stack fails when the parameter Region is set. In particular, CloudFormation stack fails with CREATE_FAILED and the message:

Resource handler returned message: "Cannot exceed quota for PolicySize: 6144 (Service: Iam, Status Code: 409, Request ID: bb3fa361-b2a7-41d9-be2b-d7668ee8ba1f)" (RequestToken: 7b853345-c08e-555d-ee3a-f163521a0acc, HandlerErrorCode: ServiceLimitExceeded)

The issue is caused by the Region parameter that is used in the IAM managed policy ParallelClusterClusterPolicy. This addition makes the policy exceed the maximum length allowed.

Affected versions (OSes, schedulers)

ParallelCluster API 3.7.0
ParallelCluster API 3.8.0

Mitigation

See details in Wiki https://github.com/aws/aws-parallelcluster/wiki/(3.7.0%E2%80%903.8.0)-ParallelCluster-API-Deployment-fails-due-to-IAM-Policy-size-exceeding-service-limits

Himani Anil Deshpande · Answer 1 · Wed Mar 13 2024 00:14:52 GMT+0800 (China Standard Time)

Release as part of 3.9.0