{"id":"dynamodb-bpa-15-trusted-condition-keys","text":"There are 15 trusted condition keys (e.g., `aws:PrincipalAccount`, `aws:SourceVpc`, `aws:PrincipalOrgID`) that can make a `Principal: \"*\"` DynamoDB resource-based policy non-public; values must not contain wildcards or variables.","truth_value":"IN","source":"entries/2026/03/11/amazondynamodb-latest-developerguide-rbac-bpa-rbphtml.md","source_url":"","source_hash":"975fa22b535dfcd4","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"dynamodb-bpa-15-trusted-condition-keys","truth_value":"IN","reason":"premise"}]}}