Status: IN
OIDC federated principals (e.g., GitHub Actions, Cognito) can only be specified in IAM role trust policies, not in other resource-based policy types.
Source: entries/2026/03/11/IAM-latest-UserGuide-reference_policies_elements_principalhtml.md