Error: "Unable to perform STS:AssumeRole..." when integrating AWS

  • Updated


When integrating AWS, you run into the following error in Vanta when validating the ARN of the role you've created:

Unable to perform STS:AssumeRole. Please follow the linking instructions to create the vanta-auditor role



The Account ID and External ID required for the role were likely entered incorrectly, or MFA was enforced on the role. To correct this, navigate to the role you created in AWS IAM and select Trust relationships



  • These values should match what is provided by Vanta in the role creation step of the AWS linking flow:


  • Also, confirm that this trust relationship does not contain the following:
 "Bool": {
"aws:MultiFactorAuthPresent": true
  • If this exists in the trust relationship, remove it from the policy or set it to "false" and try to connect Vanta again.