Trust policy of IAM Roleused by Azure Devops Pipeline

Hi team,

I want to use the IAM role to use AWS service from AzureDevops Pipeline.

In my AWS account, I don't have the right to create IAM users, so I should only use the IAM role/IAM role anywhere

in case I create a role in my AWS Account to be used by the Azure DevOps Pipeline what would be the trust policy of this IAM role (Principal section).

(I can't use the Principal as an IAM user because I can't create any IAM user in my AWS account)

In Azure DevOps Pipeline how can I use the credentials issued by this IAM role, via PowerShell in the YAML file?

I tried this script in my AzureDevops Pipeline

script: |
      aws sts assume-role --role-arn "arn:aws:iam::AWS_ACCOUNT_ID:role/ROLE_NAME" --role-session-name "AssumedRole" > assumed-role-output.json

and it still needs accessKey and SecretAccess key to run this command that will give me AccessKey and secret access key

the entire objective is to avoid creating an IAM user and using his credentials in azureDevops but rather assume a role and use temporary credentials generated by the role but seems even that to run the assume role command I still need an access key and secret access key just to run the sts assume-role commad

Thank you for your valuable help!