A trust policy is a policy document that defines which entities (users, roles, services) are allowed to assume the role. This policy is attached to the role and uses the same JSON policy syntax as other IAM policies.
Example Trust Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}