Skip to main content

Overview

To finish connecting an AWS SigV4 integration, you need:
  1. Access to your AWS account – enough permissions to create an IAM role using the instructions your vendor provides.
  2. The IAM Role ARN of the role you created, which trusts your vendor’s AWS account.
  3. (Optional) A region override if you want this connection to run in a different AWS region than the default advertised by the vendor.

Prerequisites

  • Follow the IAM role setup instructions your vendor surfaces in their onboarding flow (this should be done before Connect opens). The role must include an sts:ExternalId condition matching the External ID your vendor shared.
  • Copy the full IAM Role ARN that the role outputs.

Instructions

Step 1: Provide the Role ARN

  1. Open the Connect form.
  2. Paste the IAM Role ARN into the IAM Role ARN field exactly as it appears in AWS (for example arn:aws:iam::123456789012:role/NangoAccessRole).

Step 2: Confirm the External ID

The Connect form shows a read-only External ID. It should match the value your vendor asked you to embed in your IAM trust policy. If it doesn’t, return to your vendor’s onboarding flow before continuing.

Step 3: Enter connection details

  1. If the vendor asked you to use a specific AWS region, enter it in the AWS Region (optional) field (e.g., us-east-1). Leave it empty to use the vendor’s default region.
  2. Submit the form. Nango will validate the role by assuming it via AWS STS (or the vendor’s custom STS endpoint).
Once the form succeeds, the integration owner can begin proxying requests to AWS services on your behalf. You are now connected to the AWS SigV4 Proxy integration.