How can one centrally manage / audit AWS resource-based policies
An administrator of an AWS account wants their users to be able to create their own S3 buckets, SQS queues, and KMS keys and attach resource-based IAM policies to their resources. How can said administrator find resources that have resource-based IAM policies in bulk and review these to ensure they are in compliance with a set of standards?
Given that these policies are in line, the only thing I can think of is to use Amazon's list of aws services that support resource based policies, find all resources of each of these services, and then get the policy associated with each of the resources.
This approach does not allow effective planning for the potential of AWS enabling users to attach resource-based policies to future Amazon services.
Is there a best practice or a smarter approach here?
