You cannot use a wildcard to match part of a name or an ARN.

We strongly recommend that you do not use a wildcard in the Principal element in a role's trust policy unless you otherwise restrict access through a Condition element in the policy. Otherwise, any IAM user in any account in your partition can access the role.

Download this paper


this is an image of author of this paper
Hello, I'm
Victorious, the writer of this paper which published on DelvingOrbit.

Publish Your Great Work