Maximum Policy Size Exceeded

[brandon...@levvel.io]

I'm working for a client and they want to lock down the AWS permissions that Vault generates for their terraform pipelines. The policy they have isn't huge but it's over AWS's 2048 byte limit.

vault read aws/creds/terraform
Error reading aws/creds/terraform: Error making API request.


URL: GET https://10.140.56.171:8200/v1/aws/creds/terraform
Code: 400. Errors:


* Error putting user policy: LimitExceeded: Maximum policy size of 2048 bytes exceeded for user vault-root-terraform-1518026112-5056
        status code: 409, request id: 0c19c8ae-0c30-11e8-a3d2-5fe5210079c0

Is there a way to work around this? Like is it possible to use the policy as a role and vault creates a user that assumes that role? (The role policy size limit is 10,240.)