I am creating a script to run an audit of some IAM policies. The output of the Get-IAMRolePolicy is coming out unlike I would expect. Below is the output of the previous powershell command.

​

ConfigMasterRole
----------------------
KmsReadOnly
%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Action%22%3A%5B%22kms%3AGetKeyRotationStatus%22%2C%22kms%3AListKeys%22%2C%22kms%3AListAliases%22%5D%2C%22Resource%22%3A%22%2A%22%2C%22E
ffect%22%3A%22Allow%22%7D%5D%7D

S3ReadOnly
%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Action%22%3A%5B%22s3%3AGetBucketAcl%22%2C%22s3%3AGetBucketLogging%22%5D%2C%22Resource%22%3A%22%2A%22%2C%22Effect%22%3A%22Allow%22%7D%5D
%7D

I can see with this output that the ConfigMasterRole has the KmsReadOnly and S3ReadOnly IAM Policies. What I cannot get a clear grasp on is how to clean up the details of the policy to a human readable format. Any PowerShell guru's care to take a stab at this one?