Sentiel test for iam policy

i want to develop one sentinel rule to check AWS IAM Policy size
here is example
LimitExceeded: Cannot exceed quota for PolicySize: 6144

Hi @sridhar.ravula, have you tried using the length function to check if the policy document exceed 6144 characters?

Also, if parsing an instance of the aws_iam_policy_document data source (which is often the best way to specify IAM policies in Terraform since it avoids having an entire policy treated as computed (known after apply)), you can inspect the length of its json attribute.

In fact, here is a policy that restricts S3 bucket policies and actually forces use of the aws_iam_policy_document data source.


can you guide me on the logic , like how to get the each policy ? since am learning