If you encounter the following error:

No permissions to perform sts:AssumeRole on the given role, 
please check that the given role has the wanted trusted entity (check documentation) 
and that the external id matches the condition in the role. 

Original Message: 
User: arn:aws:sts::428641199958:assumed-role/upsolver-api/i-0c31b9143ea9ce8cb 
is not authorized to perform: sts:AssumeRole on 
resource: arn:aws:iam::XXXXXX:user/you (Service: AWSSecurityTokenService; 
Status Code: 403; Error Code: AccessDenied; 
Request ID: XXXXXX-ac95-4cff-bca7-e3b60e6c8174; Proxy: null)

Possible Causes

• The error happens when there is an attempt to connect an S3 location managed by another AWS account, other than the one running Upsolver.

• You created an AWS_ROLE to access your bucket. However, the role running where you run Upsolver doesn't have permission to assume your new role and access the location.

Possible Solutions

• If you run on the Upsolver cloud, follow the guide:

• If you run on a private VPC, contact your system administrator. Follow the above guide but configure the trust policy to allow where the VPC is installed to assume the role created to access your bucket.