You cannot use a wildcard to match part of a name or an ARN.
We strongly recommend that you do not use a wildcard in the
Principal element in a role's trust policy unless you otherwise restrict access through a
Condition element in the policy. Otherwise, any IAM user in any account in your partition can access the role.
Download this paper