Status: IN
The `AWSCloudTrail_FullAccess` managed policy should only be granted to account administrators because it can disable or reconfigure auditing.
Source: entries/2026/03/12/awscloudtrail-latest-userguide-security_iam_id-based-policy-exampleshtml.md