{"id":"iam-dangerous-permissions-equivalent-full-access","text":"Granting IAM permissions like `iam:CreatePolicy`, `iam:AttachRolePolicy`, `iam:PutUserPolicy`, or similar policy-management permissions effectively grants full account access — these must be tightly controlled.","truth_value":"IN","source":"entries/2026/03/11/IAM-latest-UserGuide-security-audit-guidehtml.md","source_url":"","source_hash":"f3a3fbbc547c3afb","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-dangerous-permissions-equivalent-full-access","truth_value":"IN","reason":"premise"}]}}