Using IAM policies attached to AWS Backup Vault Policy with wildcards could lead to unauthorized access.
In AWS Console -
In Terraform -
For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_policy