Hey there. This looks interesting. It looks like you're enumerating IAM managed policies. How do you handle inline policies? That seems like it'd be a blindspot if you're just enumerating the policies the account.
We also return the inline policies for users, groups, and roles. There's an open issue to convert them to standard form that I expect will be done in the next week, so this will also be possible.