test assumed role (#3621)

src/cfnlint/data/schemas/other/iam/policy.json

@@ -28,6 +28,9 @@
     {
      "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::\\d{12}:(?:root|user|group|role)"
     },
+    {
+     "pattern": "^arn:(aws|aws-cn|aws-us-gov):sts::\\d{12}:assumed-role"
+    },
     {
      "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::cloudfront:user/.+$"
     }

test/unit/rules/resources/iam/test_resource_policy.py

@@ -224,3 +224,29 @@ def test_principal_wildcard(self):
             )
         )
         self.assertListEqual(errs, [])
+
+    def test_assumed_role(self):
+        validator = CfnTemplateValidator({}).evolve(
+            context=Context(functions=FUNCTIONS)
+        )
+
+        policy = {
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": "*",
+                    "Resource": "arn:aws:s3:::bucket",
+                    "Principal": {
+                        "AWS": "arn:aws:sts::123456789012:assumed-role/rolename/rolesessionname"
+                    },
+                },
+            ],
+        }
+
+        errs = list(
+            self.rule.validate(
+                validator=validator, policy=policy, schema={}, policy_type=None
+            )
+        )
+        self.assertListEqual(errs, [])