Skip to main content

Error: "Unable to perform STS:AssumeRole..." when integrating AWS

S
Written by Shannon DeLange
Updated this week

Problem

When integrating AWS, you run into the following error in Vanta when validating the ARN of the role you've created:

Unable to perform STS:AssumeRole. Please follow the linking instructions to create the vanta-auditor role

Solution

The Account ID and External ID required for the role were likely entered incorrectly, or MFA was enforced on the role. To correct this, navigate to the role you created in AWS IAM and select Trust relationships

TrustRelationshipsvantaauditor.png

  • These values should match what is provided by Vanta in the role creation step of the AWS linking flow:

AWSrolecreation.png

  • Also, confirm that this trust relationship does not contain the following:

 "Bool": {
"aws:MultiFactorAuthPresent": true
}

  • If this exists in the trust relationship, remove it from the policy or set it to "false" and try to connect Vanta again.

Related Articles
Which resources does Vanta fetch from AWS?
Updating your AWS integration to utilize Identity Store
Connecting Vanta & AWS account
Porting AWS Integrations Across Regions
Changing AWS Roles in Vanta