Status: IN
There are 15 trusted condition keys (e.g., `aws:PrincipalAccount`, `aws:SourceVpc`, `aws:PrincipalOrgID`) that can make a `Principal: "*"` DynamoDB resource-based policy non-public; values must not contain wildcards or variables.
Source: entries/2026/03/11/amazondynamodb-latest-developerguide-rbac-bpa-rbphtml.md