diff --git a/route53-zone-association/lambda-role/main.tf b/route53-zone-association/lambda-role/main.tf
index 5cf777a..6cce023 100644
--- a/route53-zone-association/lambda-role/main.tf
+++ b/route53-zone-association/lambda-role/main.tf
@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "assume_role" {
     actions = ["sts:AssumeRole"]
     principals {
       type        = "AWS"
-      identifiers = ["*"]
+      identifiers = [format("arn:%v:iam::*:role/r-inf-dynamic-route53-*", data.aws_arn.current.partition)]
     }
     condition {
       test     = "StringEquals"