This detection rule identifies the creation of a new AWS IAM policy version that grants broad access to all resources within an AWS account. It leverages AWS CloudTrail logs to watch for the `CreatePolicyVersion` event, specifically looking for policy documents that include permissions for all actions on all resources. This behavior is critical to detect as it contradicts the principle of least privilege and may expose the AWS environment to significant risk, allowing unauthorized actions or data exfiltration by malicious actors. If such activity is confirmed to be unauthorized, it could indicate a serious security breach within the AWS infrastructure.