{"id":"cloudtrail-fullaccess-admin-only","text":"The `AWSCloudTrail_FullAccess` managed policy should only be granted to account administrators because it can disable or reconfigure auditing.","truth_value":"IN","source":"entries/2026/03/12/awscloudtrail-latest-userguide-security_iam_id-based-policy-exampleshtml.md","source_url":"","source_hash":"0eb0fda6dd15bd17","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"cloudtrail-fullaccess-admin-only","truth_value":"IN","reason":"premise"}]}}