By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/sso create permission-sets not authorized in CLI but works in Console/

sso create permission-sets not authorized in CLI but works in Console

0

I'm using the same SSO Role in the same account to create a an SSO Permission set. It works in Console but not from CLI. I'm using AdministrationAccess managed policy. Checked with IAM Policy simulator and it should work.

This is the CLI

`aws sso-admin create-permission-set --name test --instance-arn 'arn:aws:sso:::instance/ssoins-1234567c07aa927c'

An error occurred (AccessDeniedException) when calling the CreatePermissionSet operation: User: arn:aws:sts::123456789012:assumed-role/AWSReservedSSO_AdministratorAccess_d856d636dbae8a64/admin_XXX is not authorized to perform: sso:CreatePermissionSet`

Topics
Security Identity & ComplianceManagement & Governance
Tags
Security Identity & ComplianceAWS Identity and Access ManagementAWS Command Line InterfaceAWS IAM Identity Center
AWS-User-8503569
asked a month ago45 views
1 Answers
0
Accepted Answer

Resolved the problem, the SSO arn was incorrect. Not using the one of the correct organization

AWS-User-8503569
answered a month ago
  • AWS-User-8503569 a month ago

    In addition it needs to run in the same region as the region where the SSO was created

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions