Using wildcards in AWS API Gateway Rest API Policy may lead to unauthorized access.
In AWS Console -
In Terraform -
There are additional methods for securing access to an API Gateway. For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api_policy