Lists feature provides you with the capability to list the assets that match the GSL criteria and apply operators on the list. Now you can count assets that match criteria, i.e. making sure that there are at-least/no-more-than/exactly x elements that match logic.
List should [not] have items with [attr operator value] list-functions-logic
– Make sure that there are no more than 3 admin users per account
List <IamUser> should have items with [name like 'admin' or name like 'administrator'] length() <= 3
– Make sure that there are less than 5 instances that were not reviewed (specific tag)
List <Instance> should have items with [ tags with [ key=‘review' and value = ‘approved' ] ] length() < 5
GroupBy feature allows you to group array of entities based on an attribute. Now you have the ability to assess each group of elements i. e. making sure that each group has at-least/no-more-than/exactly x elements that match logic.
List should [not] have items groupBy [attr] list-functions-logic
– Detect if your account is near the limit of VPCs per Region (Amazon allow by default up to 5 VPCs per region)
List <SecurityGroup> should have items groupBy [region] contain-all [values length() < 5]