{"id":"iam-access-analyzer-control-tower-trails-not-supported","text":"AWS Control Tower trails are not supported for IAM Access Analyzer policy generation because logs are in the Log Archive account and S3 bucket permissions are restricted by SCPs.","truth_value":"IN","source":"entries/2026/03/11/IAM-latest-UserGuide-access-analyzer-policy-generationhtml.md","source_url":"","source_hash":"0f1241ca12af3c80","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-access-analyzer-control-tower-trails-not-supported","truth_value":"IN","reason":"premise"}]}}