Trust Policy - CI/CD Glossary Definition
A trust policy defines who is permitted to assume an IAM role and under what conditions.
A trust policy is the part of an IAM role that specifies which principals are allowed to assume the role and under what conditions.
The trust policy is the security boundary that decides whether a pipeline's OIDC token can assume a cloud role.
In CI/CD
A trust policy can restrict role assumption to a specific repository and branch by matching the OIDC token's subject claim, blocking other workflows.
Related guides
IAM Role - CI/CD Glossary DefinitionIAM Role: An IAM role is an identity in a cloud provider with a set of permissions that trusted principals ca…
Assume Role - CI/CD Glossary DefinitionAssume Role: Assume role is the action of an identity requesting temporary credentials for an IAM role it is…
Workload Identity - CI/CD Glossary DefinitionWorkload Identity: Workload identity is a mechanism that gives a workload (such as a CI job or Kubernetes pod…