How to get account ID with Sentinel?

For some rules we need to validate and compare with the current Account ID. So far, we couldn’t find a way except using data aws_caller_identity {} or set as workspace variable and use variable "account_id" {}. Does Sentinel have any smarter way to do it? Without using data lookup or variable?


Sentinel only has access to the information available in the JSON representation of the Terraform plan/configuration (for the tfplan and tfconfig imports, respectively)

There isn’t a global accessible credentials object or anything that has the equivalent information in the aws_caller_identity data source.

Is the use of the data source creating issues? If so, would you provide a mock/snippet example on the sentinel playground?