Status: IN
Granting IAM permissions like `iam:CreatePolicy`, `iam:AttachRolePolicy`, `iam:PutUserPolicy`, or similar policy-management permissions effectively grants full account access — these must be tightly controlled.
Source: entries/2026/03/11/IAM-latest-UserGuide-security-audit-guidehtml.md