Enhancements

• Added iam_custom_managed_policy_attached_to_role and iam_custom_policy_unused controls to exclude AWS managed policies from compliance checks, reducing report noise. (#957)

Bug fixes

• Fixed the s3_bucket_policy_restrict_public_access query to prevent false positives for S3 bucket policies with Principal:* restricted via AWS Organization conditions (aws:PrincipalOrgID) or specific AWS accounts. (#954)