diff --git a/modules/ami-housekeeper/main.tf b/modules/ami-housekeeper/main.tf
index f462c240fc..0be45ab179 100644
--- a/modules/ami-housekeeper/main.tf
+++ b/modules/ami-housekeeper/main.tf
@@ -55,7 +55,7 @@ resource "aws_cloudwatch_log_group" "ami_housekeeper" {
 }
 
 resource "aws_iam_role" "ami_housekeeper" {
-  name                 = "${var.prefix}-ami-housekeeper-role"
+  name                 = substr("${var.prefix}-ami-housekeeper-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = local.role_path
   permissions_boundary = var.role_permissions_boundary
diff --git a/modules/lambda/main.tf b/modules/lambda/main.tf
index 137b727774..e234a682fd 100644
--- a/modules/lambda/main.tf
+++ b/modules/lambda/main.tf
@@ -60,7 +60,7 @@ resource "aws_cloudwatch_log_group" "main" {
 }
 
 resource "aws_iam_role" "main" {
-  name                 = "${var.lambda.prefix}-${var.lambda.name}"
+  name                 = substr("${var.lambda.prefix}-${var.lambda.name}", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = local.role_path
   permissions_boundary = var.lambda.role_permissions_boundary
diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
index d3f5f08efa..f0bdaaf92b 100644
--- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf
+++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf
@@ -58,7 +58,7 @@ resource "aws_lambda_function" "syncer" {
 
 resource "aws_iam_role_policy" "lambda_kms" {
   count = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) != null ? 1 : 0
-  name  = "${var.prefix}-lambda-kms-policy-syncer"
+  name  = substr("${var.prefix}-lambda-kms-policy-syncer", 0, 63)
   role  = aws_iam_role.syncer_lambda.id
 
   policy = templatefile("${path.module}/policies/lambda-kms.json", {
diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf
index d923c143cb..7c53b8b18c 100644
--- a/modules/runners/policies-runner.tf
+++ b/modules/runners/policies-runner.tf
@@ -1,7 +1,7 @@
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "runner" {
-  name                 = "${var.prefix}-runner-role"
+  name                 = substr("${var.prefix}-runner-role", 0, 63)
   assume_role_policy   = templatefile("${path.module}/policies/instance-role-trust-policy.json", {})
   path                 = local.role_path
   permissions_boundary = var.role_permissions_boundary
diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf
index 49ab15b2c1..b52ce1c60a 100644
--- a/modules/runners/pool/main.tf
+++ b/modules/runners/pool/main.tf
@@ -74,7 +74,7 @@ resource "aws_cloudwatch_log_group" "pool" {
 }
 
 resource "aws_iam_role" "pool" {
-  name                 = "${var.config.prefix}-action-pool-lambda-role"
+  name                 = substr("${var.config.prefix}-action-pool-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = var.config.role_path
   permissions_boundary = var.config.role_permissions_boundary
diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf
index 786f584280..93eabd4413 100644
--- a/modules/runners/scale-down.tf
+++ b/modules/runners/scale-down.tf
@@ -85,7 +85,7 @@ resource "aws_lambda_permission" "scale_down" {
 }
 
 resource "aws_iam_role" "scale_down" {
-  name                 = "${var.prefix}-action-scale-down-lambda-role"
+  name                 = substr("${var.prefix}-action-scale-down-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = local.role_path
   permissions_boundary = var.role_permissions_boundary
diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf
index ad96c496a4..5e4ae75a9c 100644
--- a/modules/runners/scale-up.tf
+++ b/modules/runners/scale-up.tf
@@ -101,7 +101,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" {
 }
 
 resource "aws_iam_role" "scale_up" {
-  name                 = "${var.prefix}-action-scale-up-lambda-role"
+  name                 = substr("${var.prefix}-action-scale-up-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = local.role_path
   permissions_boundary = var.role_permissions_boundary
diff --git a/modules/runners/ssm-housekeeper.tf b/modules/runners/ssm-housekeeper.tf
index e9c2a175ba..b73514fed8 100644
--- a/modules/runners/ssm-housekeeper.tf
+++ b/modules/runners/ssm-housekeeper.tf
@@ -83,7 +83,7 @@ resource "aws_lambda_permission" "ssm_housekeeper" {
 }
 
 resource "aws_iam_role" "ssm_housekeeper" {
-  name                 = "${var.prefix}-ssm-hk-lambda"
+  name                 = substr("${var.prefix}-ssm-hk-lambda", 0, 63)
   description          = "Lambda role for SSM Housekeeper (${var.prefix})"
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = local.role_path
diff --git a/modules/setup-iam-permissions/main.tf b/modules/setup-iam-permissions/main.tf
index ce39031058..0f6e4a70a6 100644
--- a/modules/setup-iam-permissions/main.tf
+++ b/modules/setup-iam-permissions/main.tf
@@ -1,7 +1,7 @@
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "deploy" {
-  name = "${var.prefix}-terraform"
+  name = substr("${var.prefix}-terraform", 0, 63)
 
   permissions_boundary = aws_iam_policy.deploy_boundary.arn
   assume_role_policy = templatefile("${path.module}/policies/assume-role-for-account.json", {
diff --git a/modules/webhook/direct/webhook.tf b/modules/webhook/direct/webhook.tf
index a8adc380a6..778ba5b077 100644
--- a/modules/webhook/direct/webhook.tf
+++ b/modules/webhook/direct/webhook.tf
@@ -90,7 +90,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role" "webhook_lambda" {
-  name                 = "${var.config.prefix}-direct-webhook-lambda-role"
+  name                 = substr("${var.config.prefix}-direct-webhook-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = var.config.role_path
   permissions_boundary = var.config.role_permissions_boundary
diff --git a/modules/webhook/eventbridge/dispatcher.tf b/modules/webhook/eventbridge/dispatcher.tf
index 85b109504e..23f2ce8327 100644
--- a/modules/webhook/eventbridge/dispatcher.tf
+++ b/modules/webhook/eventbridge/dispatcher.tf
@@ -85,7 +85,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda" {
 }
 
 resource "aws_iam_role" "dispatcher_lambda" {
-  name                 = "${var.config.prefix}-dispatcher-lambda-role"
+  name                 = substr("${var.config.prefix}-dispatcher-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = var.config.role_path
   permissions_boundary = var.config.role_permissions_boundary
diff --git a/modules/webhook/eventbridge/webhook.tf b/modules/webhook/eventbridge/webhook.tf
index 84bbfba057..6557e7c617 100644
--- a/modules/webhook/eventbridge/webhook.tf
+++ b/modules/webhook/eventbridge/webhook.tf
@@ -89,7 +89,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
 }
 
 resource "aws_iam_role" "webhook_lambda" {
-  name                 = "${var.config.prefix}-eventbridge-webhook-lambda-role"
+  name                 = substr("${var.config.prefix}-eventbridge-webhook-lambda-role", 0, 63)
   assume_role_policy   = data.aws_iam_policy_document.lambda_assume_role_policy.json
   path                 = var.config.role_path
   permissions_boundary = var.config.role_permissions_boundary