Is it possible to specify a pattern for an AWS role Trust Relationship

I encountered the same use-case recently. None of the responses resolved this for me.

Charli, your original solution is valid but I needed some tweaks get it to work, namely, I needed to replace 'ArnLike' with 'stringLike' and switch 'aws:SourceArn' to use 'aws:PrincipalArn':

    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<ACCOUNT_ID>:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringLike": {
          "aws:PrincipalArn": "arn:aws:iam::<ACCOUNT_ID>:role/test-role-name-*"
        }
      }
    }

It is not possible to use wildcard in the trust policy except "Principal" : { "AWS" : "*" } . The reason being when you specify an identity as Principal, you must use the full ARN since IAM translates to the unique ID e.g. AIDAxxx (for IAM user) or AROAxxx (for IAM role). Below is the from document:

If your Principal element in a role trust policy contains an ARN that points to a specific IAM user, then that ARN is transformed to the user's unique principal ID when the policy is saved. This helps mitigate the risk of someone escalating their privileges by removing and recreating the user. You don't normally see this ID in the console, because there is also a reverse transformation back to the user's ARN when the trust policy is displayed.