diff --git a/cmd/kiam/agent.go b/cmd/kiam/agent.go
index 1f8e0264..64308799 100644
--- a/cmd/kiam/agent.go
+++ b/cmd/kiam/agent.go
@@ -89,7 +89,7 @@ func (opts *agentCommand) run() error {
 	b := kiamserver.NewKiamGatewayBuilder().WithAddress(opts.serverAddress).WithKeepAlive(opts.keepaliveParams)
 	_, err := b.WithTLS(opts.certificatePath, opts.keyPath, opts.caPath)
 	if err != nil {
-		log.Errorf("error configuring TLS: ", err.Error())
+		log.Errorf("error configuring TLS: %s", err.Error())
 		return err
 	}
 
diff --git a/pkg/aws/sts/cache.go b/pkg/aws/sts/cache.go
index e14bd169..87809f37 100644
--- a/pkg/aws/sts/cache.go
+++ b/pkg/aws/sts/cache.go
@@ -25,8 +25,6 @@ import (
 )
 
 type credentialsCache struct {
-	arnResolver     ARNResolver
-	baseARN         string
 	cache           *cache.Cache
 	expiring        chan *CachedCredentials
 	sessionName     string
diff --git a/pkg/server/server_builder.go b/pkg/server/server_builder.go
index e5d62f9f..c4fcb619 100644
--- a/pkg/server/server_builder.go
+++ b/pkg/server/server_builder.go
@@ -61,7 +61,15 @@ func (b *KiamServerBuilder) WithAWSSTSGateway() (*KiamServerBuilder, error) {
 	if err != nil {
 		return nil, err
 	}
-	cfg.WithCredentialsFromAssumedRole(sts.NewSTSCredentialsProvider(), b.config.AssumeRoleArn)
+	arnResolver, err := newRoleARNResolver(b.config)
+	if err != nil {
+		return nil, err
+	}
+	assumeRoleARN, err := arnResolver.Resolve(b.config.AssumeRoleArn)
+	if err != nil {
+		return nil, err
+	}
+	cfg.WithCredentialsFromAssumedRole(sts.NewSTSCredentialsProvider(), assumeRoleARN.ARN)
 	stsGateway, err := sts.DefaultGateway(cfg.Config())
 	if err != nil {
 		return nil, err