By using AWS re:Post, you agree to the Terms of Use

sso create permission-sets not authorized in CLI but works in Console


I'm using the same SSO Role in the same account to create a an SSO Permission set. It works in Console but not from CLI. I'm using AdministrationAccess managed policy. Checked with IAM Policy simulator and it should work.

This is the CLI

`aws sso-admin create-permission-set --name test --instance-arn 'arn:aws:sso:::instance/ssoins-1234567c07aa927c'

An error occurred (AccessDeniedException) when calling the CreatePermissionSet operation: User: arn:aws:sts::123456789012:assumed-role/AWSReservedSSO_AdministratorAccess_d856d636dbae8a64/admin_XXX is not authorized to perform: sso:CreatePermissionSet`

1 Answers
Accepted Answer

Resolved the problem, the SSO arn was incorrect. Not using the one of the correct organization

answered a month ago
  • In addition it needs to run in the same region as the region where the SSO was created

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions