diff --git a/src/TaskManager/TaskManager/PluginStrings.cs b/src/TaskManager/TaskManager/PluginStrings.cs
index 6a8c5156a..3d8ba6f6d 100644
--- a/src/TaskManager/TaskManager/PluginStrings.cs
+++ b/src/TaskManager/TaskManager/PluginStrings.cs
@@ -24,7 +24,7 @@ public static class PluginStrings
 
         public const string Docker = "docker";
 
-        public static readonly IReadOnlyList<string> PlugsRequiresPermanentAccoutns = new List<string>() { Argo, Docker };
+        public static readonly IReadOnlyList<string> PlugsRequiresPermanentAccounts = new List<string>() { Argo, Docker };
     }
 }
 #pragma warning restore SA1600 // Elements should be documented
diff --git a/src/TaskManager/TaskManager/TaskManager.cs b/src/TaskManager/TaskManager/TaskManager.cs
index 80369aa62..a94c6d069 100644
--- a/src/TaskManager/TaskManager/TaskManager.cs
+++ b/src/TaskManager/TaskManager/TaskManager.cs
@@ -447,7 +447,7 @@ private async Task HandleDispatchTask(JsonMessage<TaskDispatchEvent> message)
 
             try
             {
-                if (PluginStrings.PlugsRequiresPermanentAccoutns.Contains(
+                if (PluginStrings.PlugsRequiresPermanentAccounts.Contains(
                         message.Body.TaskPluginType,
                         StringComparer.InvariantCultureIgnoreCase))
                 {
@@ -559,7 +559,13 @@ private async Task PopulateTemporaryStorageCredentials(params Messaging.Common.S
 
             foreach (var storage in storages)
             {
-                var credentials = await _storageService.CreateTemporaryCredentialsAsync(storage.Bucket, storage.RelativeRootPath, _options.Value.TaskManager.TemporaryStorageCredentialDurationSeconds, _cancellationToken).ConfigureAwait(false);
+                var credentials = await _storageService.CreateTemporaryCredentialsAsync(
+                        storage.Bucket,
+                        ShortenStoragePath(storage.RelativeRootPath),
+                        _options.Value.TaskManager.TemporaryStorageCredentialDurationSeconds,
+                        _cancellationToken)
+                    .ConfigureAwait(false);
+
                 storage.Credentials = new Credentials
                 {
                     AccessKey = credentials.AccessKeyId,
@@ -569,6 +575,20 @@ private async Task PopulateTemporaryStorageCredentials(params Messaging.Common.S
             }
         }
 
+        // added because AWS s3 policy creation is by defualt limited to 2048 characters, which
+        // can easily be surpassed with long multipart path names.
+        private string ShortenStoragePath(string path)
+        {
+            var pathParts = path.Split('/', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+            if (pathParts.Length <= 3)
+            {
+                return path;
+            }
+
+            var startsWith = path[0] == '/' ? "/" : string.Empty;
+            return $"{startsWith}{pathParts[0]}/{pathParts[1]}/{pathParts[2]}";
+        }
+
         private void AcknowledgeMessage<T>(JsonMessage<T> message)
         {
             Guard.Against.NullService(_messageBrokerSubscriberService, nameof(IMessageBrokerSubscriberService));