How to fix "ASSUME_ROLE" warning from AWS Organization

  • Updated

When using the AWS Organization integration workflow, you might be seeing a warning in the Inventory page, AWS Organization, for certain accounts labeled "ASSUME_ROLE." This indicates that your AWS child account is missing the proper vanta-auditor role required. 

Screenshot_2023-01-05_at_12.57.16_PM.png

 

Procedure

  • Navigate to the Integration page
  • Under Amazon Web Services
  • Click Manage
  • Click Edit
  • Follow step 1 to create the AWS policies and roles for each of the affected account
    • Policy creation
    • Role creation
  • Repeat steps 1 and 2 for every account besides the management/root account
  • Once complete, click next until the Configure scope page
  • Click Done