Status: IN
AWS Control Tower trails are not supported for IAM Access Analyzer policy generation because organization logs go to a separate Log Archive account with restricted S3 bucket permissions.
Source: entries/2026/03/11/IAM-latest-UserGuide-access_policies_generate-policyhtml.md