Status: IN
Resource-based policies referencing a session ARN bypass session policy limits and permissions boundary restrictions, while those referencing the entity (role/user) ARN do not bypass these limits.
Source: entries/2026/03/11/IAM-latest-UserGuide-access_policieshtml.md