sso create permission-sets not authorized in CLI but works in Console

I'm using the same SSO Role in the same account to create a an SSO Permission set. It works in Console but not from CLI. I'm using AdministrationAccess managed policy. Checked with IAM Policy simulator and it should work.

This is the CLI

`aws sso-admin create-permission-set --name test --instance-arn 'arn:aws:sso:::instance/ssoins-1234567c07aa927c'

An error occurred (AccessDeniedException) when calling the CreatePermissionSet operation: User: arn:aws:sts::123456789012:assumed-role/AWSReservedSSO_AdministratorAccess_d856d636dbae8a64/admin_XXX is not authorized to perform: sso:CreatePermissionSet`

Topics

Security, Identity, & Compliance Management & Governance

Relevant content

Access External AWS Account via CLI SSO
bmechen
asked 2 years ago
SSO is not working~
Accepted Answer
rePost-User-5471206
asked a year ago
create-account-assignment calls fail from CLI, work in console
tgmcran
asked 3 years ago
AWS CLI Create EC2 working perfectly but not visible or available in AWS Console
Accepted Answer
Kreuzzes
asked 10 months ago
Why is my EventBridge rule not working in Regions other than the one I created it in?
AWS OFFICIALUpdated 7 months ago
How do I configure an SSO user to access my Amazon EKS cluster?
AWS OFFICIALUpdated a year ago
How do I create alias resource record sets in Route 53 using the AWS CLI?
AWS OFFICIALUpdated 2 years ago
I created an IAM role, but the role doesn't appear in the dropdown list when I launch an instance. What do I do?
AWS OFFICIALUpdated a year ago
How to use the AWS CLI to collect Cost Explorer Forecasting data per account for all accounts in an AWS Organization
EXPERT
Fernando_F
published 10 months ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 2 years ago