Vault_secrets_sync_aws_destination

I am trying to use this terraform resource for vault to synchronize secrets to AWS secrets manager. I have a requirement to not use static aws credentials and to assume a role. There is an agrument in the resource for role_arn but I can not get this resource to work. What’s confusing to me is the verbiage for the role_arn argument An initial session with the proper trust relationship must exist for Vault to be able to assume this role. I’m not sure how to make this happen using terraform

https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/secrets_sync_aws_destination