Is it possible to specify a pattern for an AWS role Trust Relationship

Question

I want to allow some roles from a different account to assume a role in my account. I don\'t want to specify the roles one by one, because they\'re prone to change frequentl

Answer 1

I encountered the same use-case recently. None of the responses resolved this for me.

Charli, your original solution is valid but I needed some tweaks get it to work, namely, I needed to replace 'ArnLike' with 'stringLike' and switch 'aws:SourceArn' to use 'aws:PrincipalArn':

    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam:::root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringLike": {
          "aws:PrincipalArn": "arn:aws:iam:::role/test-role-name-*"
        }
      }
    }