How to generate policy based on CloudTrail events and resolve errors

Question

While generating a policy in IAM for a specific role using feature "Generate policy based on CloudTrail events", I get error "Policy generation failed. CloudTrail log files processed per policy generation limit exceeded. Please fix before trying again."

And if generated for few days, policy does not include DynamoDB and SQS policies used by the role

score 3 · Answer 1 · edited Oct 20 '21 at 10:58

3

Please have a look at the Access Analyzer quotas

Based on the error message you hit the quota of 100,000 AWS CloudTrail log files processed per policy generation.

You can reduce the period of the policy or reduce the number of regions selected.

edited Oct 20 '21 at 10:58

Dharman

30,962
25
85
135

answered Oct 20 '21 at 10:53

Nathaniel Assis

91
6

Any tips on how to estimate the maximum period that can be analysed instead of trial-and-error? – Daniel Serodio Sep 02 '22 at 17:37

How to generate policy based on CloudTrail events and resolve errors

1 Answers1