A company uses AWS CloudFormation to deploy IAM resources within accounts that AWS Control Tower governs. The security team wants to prevent the deployment of IAM roles that include inline policies with the following statements: "Effect": "Allow", "Action": "*", "Resource": "*" Which solution will meet this requirement?