{"id":"cloudtrail-fullaccess-passrole-conditioned","text":"The `AWSCloudTrail_FullAccess` policy restricts `iam:PassRole` with condition `iam:PassedToService: cloudtrail.amazonaws.com`, preventing role passing to other services.","truth_value":"IN","source":"entries/2026/03/12/aws-managed-policy-latest-reference-AWSCloudTrail_FullAccesshtml.md","source_url":"","source_hash":"454d33fc9804931f","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"cloudtrail-fullaccess-passrole-conditioned","truth_value":"IN","reason":"premise"}]}}