Leaving the principal element empty or not specified in the trust policies implies that any entity could perform the specified action on the resource, which could lead to unintended consequences and security vulnerabilities. By explicitly specifying the principal element, you can control who has access to your resources and ensure that only the intended entities are able to perform the actions defined in the policy.
In AWS Console -
In Terraform -
The following applies to these resources: aws_iam_role_policy, aws_ecr_repository_policy, aws_backup_vault_policy, aws_s3_bucket_policy, aws_efs_file_system_policy, aws_secretsmanager_secret_policy, aws_api_gateway_rest_api_policy, aws_media_store_container_policy, aws_glue_resource_policy, aws_sns_topic_policy, aws_sqs_queue_policy, and aws_ses_identity_policy.
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/service_code_examples_iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy