Problem:

When integrating AWS, you run into the following error in Vanta when validating the ARN of the role you've created:

Unable to perform STS:AssumeRole. Please follow the linking instructions to create the vanta-auditor role

Solution:

It's likely that the Account ID and External ID required for the role were entered incorrectly, or MFA was enforced on the role. To correct this, navigate to the role you created in AWS IAM, and select Trust relationships:

These values should match what is provided by Vanta in the "role creation" step of the AWS linking flow:

Also confirm that this trust relationship does not contain the following:

 "Bool": {
"aws:MultiFactorAuthPresent": true
}

If this exists in the trust relationship, remove it from the policy or set it to "false" and try to connect Vanta again.