Error: "Unable to perform STS:AssumeRole..." when integrating AWS


When integrating AWS, you run into the following error in Vanta when validating the ARN of the role you've created:

Unable to perform STS:AssumeRole. Please follow the linking instructions to create the vanta-auditor role



It's likely that the Account ID and External ID required for the role were entered incorrectly, or MFA was enforced on the role. To correct this, navigate to the role you created in AWS IAM, and select Trust relationships:



These values should match what is provided by Vanta in the "role creation" step of the AWS linking flow:


Also confirm that this trust relationship does not contain the following:

 "Bool": {
"aws:MultiFactorAuthPresent": true

If this exists in the trust relationship, remove it from the policy or set it to "false" and try to connect Vanta again.