Join us at the Dash conference! July 16-17, NYC

Error: Datadog is not authorized to perform sts:AssumeRole

This error usually indicates an issue with the trust policy associated with the DatadogAWSIntegrationRole. Most of the time, this issue is caused by the role delegation process.

Check the following points for the AWS account mentioned in the error:

  1. When creating an IAM role, ensure that you are using the correct IAM role name in the Datadog AWS integration tile. Extra spaces or characters in AWS or Datadog causes the role delegation to fail:

  2. Ensure Datadog’s account ID 464622532012 is entered under Another AWS account. Entering any other account ID causes the integration to fail. Also ensure Required MFA is unchecked:

  3. Generate a new AWS External ID in the Datadog AWS Integration tile and click the Update Configuration button:

  4. Add the newly generated AWS External ID to your AWS trust policy:

Note that the error may persist in the UI for a few hours whilst the changes propagate. If the error persists, repeat steps 2 through 7 of the AWS Installation instructions.

Still need help? Contact Datadog support.

Further Reading

Additional helpful documentation, links, and articles: