如何用CDK创建具有trust policy的角色

【以下的问题经过翻译处理】 我想创建一个具有AmazonChimeFullAccess权限的角色，并允许lambda运行STS-AssumeRole。我无法使用AWS Console创建IAM角色来创建此角色，也无法确认如何使用CDK来创建。下面粘贴了在cdk中创建此角色所使用的代码。

Permissions:

AmazonChimeFullAccess

Trusted entities:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::<account-number>:role/dev-lambda"
                ]
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}

CDK代码：

val role = Role(
            stackInstance, "StsChimeChatAssumeRole",
            RoleProps.builder()
                .assumedBy(ServicePrincipal("sts.amazonaws.com"))
                .build()
        )

        // Add a statement to the trust policy to allow the AWS account with ID "123456789012" to assume the role
        role.addToPolicy(
            PolicyStatement.Builder
                .create()
                .effect(Effect.ALLOW)
                .principals(listOf(ArnPrincipal("arn:aws:iam::<account-number>:role/dev")))
                .actions(listOf("sts:AssumeRole"))
                .build()
        )

        role.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("AmazonChimeFullAccess"))

错误：

Exception in thread "main" java.lang.RuntimeException: Error: Validation failed with the following errors:
  [TemplateServiceStack/dev/TemplateServiceDevWaveLambdaStack/StsChimeChatAssumeRole/DefaultPolicy] A PolicyStatement used in an identity-based policy cannot specify any IAM principals.
  [TemplateServiceStack/dev/TemplateServiceDevWaveLambdaStack/StsChimeChatAssumeRole/DefaultPolicy] A PolicyStatement used in an identity-based policy must specify at least one resource.