Hello, l am trying to create a policy that ensures the assume_role_policy attribute, principal value is not a wildcard * but not too sure how to go about this.
resource “aws_iam_role” “this” {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = “sts:AssumeRole”
+ Effect = “Allow”
+ Principal = {
+ Service = “lambda.amazonaws.com”
}
+ Sid = “AllowLambda”
},
]