I am trying to add an identity center group with associated permissions to the account being created by Account Factory by using a Blue print. I have tried a number of things, the latest of which is:
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
SsoAssignment:
Type: 'AWS::SSO::Assignment'
Properties:
InstanceArn: 'arn:aws:sso:::instance/ssoins-6666666666666666'
PermissionSetArn: 'arn:aws:sso:::permissionSet/ssoins-6666666666666666/ps-a222222222222222'
PrincipalId: 11111111-2222-3333-4444-5555555555555
PrincipalType: GROUP
TargetId: !Sub '${AWS::AccountId}'
TargetType: AWS_ACCOUNT
The error I keep getting is: "Model validation failed (#/TargetId: failed validation constraint for keyword [pattern])". Which, to me, implies that the format of the Account Id, which I am hoping is the id of the account being created, is invalid. I have tried hard coding the numeric id with and without quotes with no affect (during update so I know the id). I originally was using JSON but switched to YAML in the hopes that might make a difference.
The indication of keyword[pattern] implies to me that it's a format problem rather than permissions.