Skip to content

Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

sso create permission-sets not authorized in CLI but works in Console

0

I'm using the same SSO Role in the same account to create a an SSO Permission set. It works in Console but not from CLI. I'm using AdministrationAccess managed policy. Checked with IAM Policy simulator and it should work.

This is the CLI

`aws sso-admin create-permission-set --name test --instance-arn 'arn:aws:sso:::instance/ssoins-1234567c07aa927c'

An error occurred (AccessDeniedException) when calling the CreatePermissionSet operation: User: arn:aws:sts::123456789012:assumed-role/AWSReservedSSO_AdministratorAccess_d856d636dbae8a64/admin_XXX is not authorized to perform: sso:CreatePermissionSet`

Topics: Management & Governance Security, Identity, & Compliance
Tags: AWS IAM Identity Center AWS Command Line Interface AWS Identity and Access Management Security, Identity, & Compliance
Language: English

AWS-User-8503569

asked 4 years ago717 views

1 Answer

Newest
Most votes
Most comments

1

Accepted Answer

Resolved the problem, the SSO arn was incorrect. Not using the one of the correct organization

AWS-User-8503569

answered 4 years ago

EXPERT

reviewed 2 years ago

AWS-User-8503569
4 years ago
In addition it needs to run in the same region as the region where the SSO was created

Relevant content

create-account-assignment calls fail from CLI, work in console
tgmcran
asked 4 years ago
SSO logged in to AWS CLI but cannot check my own Credentials
HY
asked 2 years ago
Manage identities in AWS SSO - how to create Users via CLI or API ?
AWS-User-NV
asked 4 years ago
Access External AWS Account via CLI SSO
rePost-User-7105910
asked 3 years ago
How do I configure an SSO user to access my Amazon EKS cluster?
AWS OFFICIALUpdated a month ago
How do I use the AWS CLI to get temporary credentials for an IAM Identity Center user?
AWS OFFICIALUpdated 5 months ago
How do I resolve an “authorization error" when attempting to view or modify a cross-account SQS subscription's attributes on the Amazon SNS console?
AWS OFFICIALUpdated 4 years ago
How do I enforce MFA authentication for IAM users that use the AWS Management Console and the AWS CLI?
AWS OFFICIALUpdated 2 months ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 4 years ago
AWS Wickr Single Sign-on (SSO) setup with Amazon Cognito
EXPERT
Akarsh_S
published 10 months ago