Status: IN
AWS Control Tower trails are not supported for IAM Access Analyzer policy generation because logs are in the Log Archive account and S3 bucket permissions are restricted by SCPs.
Source: entries/2026/03/11/IAM-latest-UserGuide-access-analyzer-policy-generationhtml.md