{"id":"dax-iam-role-creation-excluded-from-managed-policies","text":"The four IAM permissions needed to create a DAX service role (iam:CreateRole, iam:CreatePolicy, iam:AttachRolePolicy, iam:PassRole) are intentionally excluded from AWS managed DynamoDB policies to prevent privilege escalation.","truth_value":"IN","source":"entries/2026/03/11/amazondynamodb-latest-developerguide-DAXcreate-clusterhtml.md","source_url":"","source_hash":"3dd738b75822d6d5","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"dax-iam-role-creation-excluded-from-managed-policies","truth_value":"IN","reason":"premise"}]}}