@@ -101,7 +101,7 @@ def match(self, cfn: Template) -> RuleMatches:
101101 # !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
102102 # is valid even with aws as the account #. This handles empty string
103103 if self .config ["partition" ] and not re .match (
104- r"^\$\{\w+}|\$\{AWS::Partition}|$" , candidate [0 ]
104+ r"^\$\{\w+}|\$\{AWS::Partition}|\*| $" , candidate [0 ]
105105 ):
106106 # or not re.match(r'^(\$\{\w+}|\$\{AWS::Region}|)$',candidate[1])
107107 # or not re.match(r'^\$\{\w+}|\$\{AWS::AccountId}|aws|$', candidate[2]):
@@ -111,7 +111,7 @@ def match(self, cfn: Template) -> RuleMatches:
111111 )
112112 matches .append (RuleMatch (path , message .format (path [1 ])))
113113 if self .config ["region" ] and not re .match (
114- r"^(\$\{\w+}|\$\{AWS::Region}|)$" , candidate [1 ]
114+ r"^(\$\{\w+}|\$\{AWS::Region}|\*| )$" , candidate [1 ]
115115 ):
116116 # or or not re.match(r'^\$\{\w+}|\$\{AWS::AccountId}|aws|$', candidate[2]):
117117 message = (
@@ -123,7 +123,7 @@ def match(self, cfn: Template) -> RuleMatches:
123123 # Lambda is added for authorizer's Uniform Resource Identifier (URI)
124124 # https://github.com/aws-cloudformation/cfn-lint/issues/3716
125125 if self .config ["accountId" ] and not re .match (
126- r"^\$\{\w+}|\$\{AWS::AccountId}|aws|lambda|$" , candidate [2 ]
126+ r"^\$\{\w+}|\$\{AWS::AccountId}|aws|lambda|\*| $" , candidate [2 ]
127127 ):
128128 if candidate [2 ] not in "cloudfront" ]:
129129 message = (
0 commit comments