As part of the onboarding wizard, CloudSploit provides the option to connect your account using a CloudFormation template. This is the recommended way to connect the account because the template launches all of the resources in the exact configuration required, with no complex setup needed.

If you launched the CloudFormation template, and then receive the following error:

The cross-account role could not be assumed using the provided role and external ID. If this issue persists, please contact support and reference ID: 
Please double check your IAM role to ensure the CloudSploit account number (057012691312) has permission to assume your role through the trust relationship and that the external ID matches the value provided.

There are several troubleshooting steps you can take:

1. Ensure you have not refreshed the page after launching the template. CloudSploit uses an external ID for the IAM role it creates, which is auto-generated when you select the "CloudFormation" option. If you launch the template, and then return to CloudSploit later, the ID will be different.

2. Ensure you are not attempting to connect an account on behalf of someone else. If they launched the template, the external ID will be different than when your wizard loads, which will prevent the account from connecting.

3. If you have already launched the template, the easiest resolution is to delete the CloudFormation stack and re-launch it, this time remaining on the CloudSploit Wizard page until the template has completed.

4. If you do not want to, or cannot re-launch the template, follow the steps below.

I (or someone else) launched the template already, help me connect the role

1. Navigate to your AWS console and open the IAM page.

2. Locate the role that CloudSploit created with the CloudFormation template. You can search "cloudsploit"

3. Copy the role's ARN to a safe location

4. Click "Trust Relationship" and copy the external ID on the right side under the "String" condition. It should look like a UUID.

5. Return to CloudSploit's Wizard and select the "Manual" onboarding method.

6. Paste the role ARN and external ID into the fields and select "Connect"

If you still experience connection issues, please contact support.