Error: LimitExceeded: Policy document exceeds the maximum allowed size
AWS only checks IAM policy size at apply time - not at plan time. By the time you see this error, your deployment is already half-broken and you are doing an emergency rollback.
The harder part: if your policies use Terraform's templatefile() function with ${variable} placeholders, you cannot measure the real size just by looking at the file. The variables are shorter than the real values they become.
AWS IAM Size Limits
6,144
Managed Policy
aws_iam_policy
10,240
Inline Policy
aws_iam_role_policy
These limits apply to the minified JSON - all spaces and newlines removed. That is what AWS counts. That is what this extension measures.
How It Works
01
Variable Substitution
Replace every ${variable} placeholder with a realistic value. Enter once, saved forever. No more guessing.
02
Exact Minification
JSON.parse() → JSON.stringify(). This is exactly how AWS measures your policy size. No approximation.
JSON.stringify(JSON.parse(rendered)).length
03
Report
Size, percentage of limit, statement breakdown sorted largest first, wildcard flags, duplicate savings.
Policy Quality Checks
⚠️
Wildcard Detection
Flags * and service wildcards like s3:*, ec2:* in Action and Resource fields. A warning - never an error. Confirms each wildcard is deliberate.
🔁
Duplicate Action Detection
Finds repeated actions within the same statement. Shows exact chars saved. When removing duplicates fixes an over-limit policy - it tells you directly.
Built Like a Real Product
CI Pipeline
GitHub Actions - tests on every push, Node 18 + Node 20 matrix
Release Pipeline
Tag v1.x.x → VSIX packaged automatically → GitHub Release created
Why a DevOps engineer with no TypeScript knowledge built this, how AI collaboration actually worked, and what it felt like when someone else contributed.