From e0d375b428e6f25f15b592ae58aa44acb9e8225b Mon Sep 17 00:00:00 2001
From: Rico Huijbers <rix0rrr@gmail.com>
Date: Thu, 30 Jun 2022 15:15:48 +0200
Subject: [PATCH] docs(pipelines): describe how to work around policy size
 errors (#20569)

Fixes #20565.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/@aws-cdk/pipelines/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/packages/@aws-cdk/pipelines/README.md b/packages/@aws-cdk/pipelines/README.md
index c6a8ed91928e5..e0490385b3aec 100644
--- a/packages/@aws-cdk/pipelines/README.md
+++ b/packages/@aws-cdk/pipelines/README.md
@@ -1379,6 +1379,22 @@ After turning on `privilegedMode: true`, you will need to do a one-time manual c
 pipeline to get it going again (as with a broken 'synth' the pipeline will not be able to self
 update to the right state).
 
+### IAM policies: Cannot exceed quota for PoliciesPerRole / Maximum policy size exceeded
+
+This happens as a result of having a lot of targets in the Pipeline: the IAM policies that
+get generated enumerate all required roles and grow too large.
+
+Make sure you are on version `2.26.0` or higher, and that your `cdk.json` contains the
+following:
+
+```json
+{
+  "context": {
+    "@aws-cdk/aws-iam:minimizePolicies": true
+  }
+}
+```
+
 ### S3 error: Access Denied
 
 An "S3 Access Denied" error can have two causes: