Optional ReadonlyadditionalAdditional STS actions the trusted principal can perform beyond sts:AssumeRole (e.g. ["sts:SetSourceIdentity"]).
Use cases: Extended trust capabilities; Source identity propagation
AWS: IAM trust policy additional actions
Validation: Optional; array of valid IAM action strings
ReadonlytrustedAWS principal identifier for trust policy. Supports formats: "this_account", "service:svc.amazonaws.com", "federation:name", or ARN.
Use cases: Service trust; Cross-account trust; Federation trust
AWS: IAM trust policy principal specification
Validation: Required; must be valid principal identifier
Trusted principal for IAM role trust policy with optional additional actions.
Use cases: Multi-service trust; Additional STS actions (e.g. sts:SetSourceIdentity)
AWS: IAM role trust policy principal with optional additional trusted actions
Validation: trustedPrincipal required; additionalTrustedActions optional