Your organization requires a solution to detect and alert on any unauthorized changes to IAM policies. How would you use AWS CloudTrail and AWS Config to achieve this, and how would you configure them to provide comprehensive security insights?