- Newest
- Most votes
- Most comments
Hello.
Is the IAM policy you are trying to use a customer managed policy?
In that case, you will not be able to configure the permission set unless the AWS account you are trying to link the permission set to has the same IAM policy.
In other words, the possible cause of the error is that the AWS account to which you are trying to associate the permission set does not have the same IAM policy.
https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocmp.html
Before you assign your permission set with IAM policies, you must prepare your member account. The name of an IAM policy in your member account must be a case-sensitive match to name of the policy in your management account. IAM Identity Center fails to assign the permission set if the policy doesn't exist in your member account.
The permissions that the policy grants don't have to be an exact match between accounts.
Hi Riku,
Thank you for your answer, but the policy does exist in the member account. It is a customer managed policy. We get a 404 error with the ARN for the policy in the member account, but if we duplicate the exact policy JSON and attached new one it works. However, this is not a viable solution for us because we manager our policies through Terraform. Any thoughts?
Thanks,
Relevant content
- Accepted Answerasked 2 months ago
- asked 8 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
