{"id":"iam-policies-attach-to-groups-not-users","text":"AWS best practice is to attach IAM policies to groups or roles, not directly to individual IAM users.","truth_value":"IN","source":"entries/2026/03/11/IAM-latest-UserGuide-security-audit-guidehtml.md","source_url":"","source_hash":"f3a3fbbc547c3afb","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-policies-attach-to-groups-not-users","truth_value":"IN","reason":"premise"}]}}