Status: IN
The `AWSCloudTrail_FullAccess` policy restricts `iam:PassRole` with condition `iam:PassedToService: cloudtrail.amazonaws.com`, preventing role passing to other services.
Source: entries/2026/03/12/aws-managed-policy-latest-reference-AWSCloudTrail_FullAccesshtml.md