Status: IN
Using `NotPrincipal` with `Deny` in resource-based policies always denies principals with permissions boundaries attached — use `ArnNotEquals` with `aws:PrincipalArn` condition instead.
Source: entries/2026/03/08/iam-permission-boundaries.md
JSON