{"id":"cloudtrail-fullaccess-s3-sns-scoped-to-prefix","text":"The `AWSCloudTrail_FullAccess` policy scopes S3 and SNS write permissions to resources matching `aws-cloudtrail-logs*` — not all buckets/topics.","truth_value":"IN","source":"entries/2026/03/12/aws-managed-policy-latest-reference-AWSCloudTrail_FullAccesshtml.md","source_url":"","source_hash":"454d33fc9804931f","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"cloudtrail-fullaccess-s3-sns-scoped-to-prefix","truth_value":"IN","reason":"premise"}]}}