diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 55564464..80b48900 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -44,6 +44,7 @@ services:
       API_ERO_MANAGEMENT_URL: http://wiremock:8080/ero-management-api
       API_IER_BASE_URL: http://wiremock:8080/ier-ero
       API_IER_STS_ASSUME_ROLE: arn:aws:iam::1234567890987:role/grant-me-access-to-ier
+      API_IER_STS_ASSUME_ROLE_EXTERNAL_ID: abc123
     depends_on:
       database:
         condition: service_healthy
diff --git a/src/main/kotlin/uk/gov/dluhc/emsintegrationapi/config/IerRestTemplateConfiguration.kt b/src/main/kotlin/uk/gov/dluhc/emsintegrationapi/config/IerRestTemplateConfiguration.kt
index cdb9ddfb..52075caa 100644
--- a/src/main/kotlin/uk/gov/dluhc/emsintegrationapi/config/IerRestTemplateConfiguration.kt
+++ b/src/main/kotlin/uk/gov/dluhc/emsintegrationapi/config/IerRestTemplateConfiguration.kt
@@ -26,6 +26,7 @@ import java.net.URI
 class IerRestTemplateConfiguration(
     @Value("\${api.ier.base.url}") private val ierApiBaseUrl: String,
     @Value("\${api.ier.sts.assume.role}") private val ierStsAssumeRole: String,
+    @Value("\${api.ier.sts.assume.role.external-id}") private val ierStsAssumeRoleExternalId: String,
     private val correlationIdRestTemplateClientHttpRequestInterceptor: CorrelationIdRestTemplateClientHttpRequestInterceptor,
 ) {
 
@@ -50,6 +51,7 @@ class IerRestTemplateConfiguration(
                 AssumeRoleRequest.builder()
                     .roleArn(ierStsAssumeRole)
                     .roleSessionName(STS_SESSION_NAME)
+                    .externalId(ierStsAssumeRoleExternalId)
                     .build()
             )
             .stsClient(stsClient)
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index b6422354..199ebea2 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -42,6 +42,7 @@ api:
   ier:
     base.url: ${API_IER_BASE_URL}
     sts.assume.role: ${API_IER_STS_ASSUME_ROLE}
+    sts.assume.role.external-id: ${API_IER_STS_ASSUME_ROLE_EXTERNAL_ID}
 
 jobs:
   enabled: true
diff --git a/src/test/resources/application-integration-test.yml b/src/test/resources/application-integration-test.yml
index 717a5a30..98ca0275 100644
--- a/src/test/resources/application-integration-test.yml
+++ b/src/test/resources/application-integration-test.yml
@@ -40,6 +40,7 @@ api:
   ier:
     base.url: http://replaced-by-wireMockServer-bean
     sts.assume.role: arn:aws:iam::1234567890987:role/grant-me-access-to-ier
+    sts.assume.role.external-id: abc123
 
 caching.time-to-live: PT2S