{"id":"iam-passrole-should-list-specific-roles","text":"The `iam:PassRole` permission should explicitly list allowed role ARNs — wildcards (`*`) in the Resource element for PassRole is a security anti-pattern.","truth_value":"IN","source":"entries/2026/03/11/IAM-latest-UserGuide-security-audit-guidehtml.md","source_url":"","source_hash":"f3a3fbbc547c3afb","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-passrole-should-list-specific-roles","truth_value":"IN","reason":"premise"}]}}