aws-cdk_pipelines: Maximum policy size of 10240 bytes exceeded for role

### What is the problem?

Experiencing an error with CDK Pipelines and a limit with respect to the Managed IAM Role associated with the Pipeline. Every-time a assets in the pipeline, the pipeline automatically adds assume role permissions to a cdk managed role during the "Self Mutate" state. When we add 60+ assets/lambda functions to a CDK pipeline, the IAM role becomes too large and as a result, the pipeline fails to update during the "Self Mutate" state.

The role policy looks like below:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject*",
                "s3:Abort*"
            ],
            "Resource": [
                "arn:aws:s3:::amwaycognitopipelinestac-amwaycognitopipelinearti-1doqf25ffndr3",
                "arn:aws:s3:::amwaycognitopipelinestac-amwaycognitopipelinearti-1doqf25ffndr3/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineBuil-1W1NZE3SQ7YCQ",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineUpda-12S5M6LW8VK0T",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1CLJZDVCQIO32",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-UQYP66LZH3QI",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-B3YWVLPNBXO2",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-36QVR9COMR4F",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1CXAYLMTPNCLD",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1V5WJ7SQ1W51S",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1WOZ0CW28JZXE",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1PNCT6GG2ES9S",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1AKF3RGV9LQ08",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-YRUWDL9KCHPS",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-O0I1HDIBF1KX",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-GLDQD7CR5FY1",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-142G6PO8GAT57",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-UPJHFB3SQ6JP",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1FEB9O6KD825F",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-TV4034AQV9HV",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-EYWZ15IVPARW",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1RA0A5QFCDL4W",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1QY0MAYJO7UZO",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-6UHG1YX91CJ0",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1MPLGMPEISYY5",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-WWSFHIHJ8HH6",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-C32JRQW9NPS1",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-PYVLKHU1YCPM",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1KXUX1RQHK1OA",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-RUOXO2WCSENR",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1L4JDWGCDRPV6",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-18QYALASWK23P",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-G40KWBQF90GH",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1BO8SC8JX9NYE",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-D1ARE616AGIV",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-GNT7JUL23YWB",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-73JLNQKI9V0V",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-FW0F1WSBE6SZ",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-G3ZV5JOVM1O7",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1XY5GU71FV775",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-G41NUSYH4M0K",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-6VBXZZAFQ5A9",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-1RPONWD7KKDU0",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-A095JYVRWQW7",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-Z43N5B72LMTP",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::935677405004:role/AmwayCognitoPipelineStack-AmwayCognitoPipelineAsse-3S8MO6SYNSKD",
            "Effect": "Allow"
        },
        ........ and so on

### Reproduction Steps

Have more than 60 assets in the cdk pipeline.

### What did you expect to happen?

The pipeline should get executed successfully.

### What actually happened?

<html>
<body>


AmwayCognitoPipelineStackdevcdk \| 13/29 \| 3:20:18 PM \| UPDATE_IN_PROGRESS   \| AWS::IAM::Policy            \| AmwayCognitoPipeline/Pipeline/Role/DefaultPolicy (AmwayCognitoPipelineRoleDefaultPolicyB4A64DD9)
--
184 | AmwayCognitoPipelineStackdevcdk \| 13/29 \| 3:20:20 PM \| UPDATE_FAILED        \| AWS::IAM::Policy            \| AmwayCognitoPipeline/Pipeline/Role/DefaultPolicy (AmwayCognitoPipelineRoleDefaultPolicyB4A64DD9) Maximum policy size of 10240 bytes exceeded for role AmwayCognitoPipelineStack-AmwayCognitoPipelineRole-RIBKSANTPBC8 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: b9581531-700c-4e50-a178-06ec2a05676b; Proxy: null)
185 | new Policy (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-iam/lib/policy.ts:89:22)
186 | \_ Role.addToPrincipalPolicy (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-iam/lib/role.ts:236:28)
187 | \_ Function.addToPrincipal (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-iam/lib/grant.ts:92:61)
188 | \_ Function.addToPrincipalOrResource (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-iam/lib/grant.ts:48:26)
189 | \_ Bucket.grant (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-s3/lib/bucket.ts:384:27)
190 | \_ Bucket.grantReadWrite (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-s3/lib/bucket.ts:314:17)
191 | \_ new Pipeline (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/aws-codepipeline/lib/pipeline.ts:283:25)
192 | \_ CodePipeline.doBuildPipeline (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/pipelines/lib/codepipeline/codepipeline.ts:162:24)
193 | \_ CodePipeline.buildPipeline (/codebuild/output/src070/src/s3/00/node_modules/@aws-cdk/pipelines/lib/main/pipeline-base.ts:70:10)


</body>
</html>

### CDK CLI Version

2.8.0

### Framework Version

_No response_

### Node.js Version

14.18.1

### OS

Linux

### Language

Typescript

### Language Version

_No response_

### Other information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws-cdk_pipelines: Maximum policy size of 10240 bytes exceeded for role #18531

What is the problem?

Reproduction Steps

What did you expect to happen?

What actually happened?

AmwayCognitoPipelineStackdevcdk | 13/29 | 3:20:18 PM | UPDATE_IN_PROGRESS | AWS::IAM::Policy | AmwayCognitoPipeline/Pipeline/Role/DefaultPolicy (AmwayCognitoPipelineRoleDefaultPolicyB4A64DD9)

CDK CLI Version

Framework Version

Node.js Version

OS

Language

Language Version

Other information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

aws-cdk_pipelines: Maximum policy size of 10240 bytes exceeded for role #18531

Description

What is the problem?

Reproduction Steps

What did you expect to happen?

What actually happened?

AmwayCognitoPipelineStackdevcdk | 13/29 | 3:20:18 PM | UPDATE_IN_PROGRESS | AWS::IAM::Policy | AmwayCognitoPipeline/Pipeline/Role/DefaultPolicy (AmwayCognitoPipelineRoleDefaultPolicyB4A64DD9)

CDK CLI Version

Framework Version

Node.js Version

OS

Language

Language Version

Other information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions