Using an action with a wildcard(*), Action and NotResource can allow creation of unintended service-linked roles because it can allow iam:CreateServiceLinkedRole permissions on multiple resources. We recommend that you specify resource ARNs instead.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/service_code_examples_iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy