Status: IN
Cross-account PassRole scenarios require both explicit deny policies for broad permissions and specific role ARN allow-lists — neither control alone is sufficient.
JSON