diff --git a/iam.tf b/iam.tf
index 436a4398..69e6353f 100644
--- a/iam.tf
+++ b/iam.tf
@@ -52,6 +52,12 @@ data "aws_iam_policy_document" "assume_role" {
         identifiers = principals.value.identifiers
       }
     }
+
+    condition {
+      test     = "ForAnyValue:StringLike"
+      variable = "aws:SourceArn"
+      values   = var.trusted_entities_assume_role_source_arns
+    }
   }
 
   dynamic "statement" {
diff --git a/variables.tf b/variables.tf
index 42a18fe5..c249f3fc 100644
--- a/variables.tf
+++ b/variables.tf
@@ -596,6 +596,12 @@ variable "trusted_entities" {
   default     = []
 }
 
+variable "trusted_entities_assume_role_source_arns" {
+  description = "List of additional trusted entities for assuming Lambda Function role (trust relationship) with source ARNs"
+  type        = list(string)
+  default     = []
+}
+
 variable "assume_role_policy_statements" {
   description = "Map of dynamic policy statements for assuming Lambda Function role (trust relationship)"
   type        = any