xdr-terraform-modules/submodules/iam/child_account_roles/assume_role_policy-non_saml.tf

data "aws_iam_policy_document" "non_saml_assume_role_policy" {
  statement {
    sid    = "AllowAssumeRoleFromTrustedAccounts"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = var.assume_role_trusted_arns
    }

    actions = [
      "sts:AssumeRole",
    ]
  }
}