There are two restrictions on the size of a policy that gets passed to STS. First is the length of the policy string that you pass to the API, which is 2048. Second is the size of the "packed" policy after optimized for space by the service. Currently AWS doesn't specify exactly how this is determined, so the API returns a "PackedPolicySize" value, which is a percentage indicating how close to 100% your policy is. As this value gets close to 100%, small changes to the policy may cause STS to reject your policy.
Because of this, it's important to use fairly small policies when calling STS.
There are two primary strategies for limiting the size of policies you use with STS:
• Associate as much policy logic as possible with the underlying IAM user who calls STS
• Use wildcard characters ('*' and '?') to limit duplication
If you were worried about access to files in other buckets, you could restrict the policy for the underlying IAM user only to buckets (see the IAM User Guide for details on the policy evaluation semantics):