Threat actors may gather information on Cloud Organization Policies (e.g., AWS SCPs) or IAM boundaries to identify paths for privilege escalation and understand the security constraints applied to the tenancy.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.