By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

aws: error: argument --permission-set-arn: expected one argument during Amplify Admin User creation

0

I get the following error when trying to create the Amplify Admin after following the steps in this link https://docs.amplify.aws/react/start/account-setup/

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters] To see help text, you can run:

aws help aws <command> help aws <command> <subcommand> help

aws: error: argument --permission-set-arn: expected one argument

The code I'm supposed to run is this:

response=$(aws sso-admin list-instances) ssoId=$(echo $response | jq '.Instances[0].IdentityStoreId' -r) ssoArn=$(echo $response | jq '.Instances[0].InstanceArn' -r) email_json=$(jq -n --arg email "$user_email" '{"Type":"Work","Value":$email}') response=$(aws identitystore create-user --identity-store-id $ssoId --user-name amplify-admin --display-name 'Amplify Admin' --name Formatted=string,FamilyName=Admin,GivenName=Amplify --emails "$email_json") userId=$(echo $response | jq '.UserId' -r) response=$(aws sso-admin create-permission-set --name amplify-policy --instance-arn=$ssoArn --session-duration PT12H) permissionSetArn=$(echo $response | jq '.PermissionSet.PermissionSetArn' -r) aws sso-admin attach-managed-policy-to-permission-set --instance-arn $ssoArn --permission-set-arn $permissionSetArn --managed-policy-arn arn:aws:iam::aws:policy/service-role/AmplifyBackendDeployFullAccess accountId=$(aws sts get-caller-identity | jq '.Account' -r) aws sso-admin create-account-assignment --instance-arn $ssoArn --target-id $accountId --target-type AWS_ACCOUNT --permission-set-arn $permissionSetArn --principal-type USER --principal-id $userId

Hit enter

Topics
Security, Identity, & ComplianceFront-End Web & MobileManagement & Governance
Tags
AWS Identity and Access ManagementAWS AmplifyAWS Management ConsoleAWS Command Line InterfaceIAM Policies
Language
English
cb2-dev
asked a month ago43 views
1 Answer
0

The error you're encountering suggests that the --permission-set-arn argument is missing a value in one of the AWS CLI commands. This typically occurs when a required parameter is not provided or is incorrectly formatted.

To resolve this issue, you should ensure that all the variables in your script are correctly set and that they contain the expected values. Specifically, check that the $permissionSetArn variable is properly populated before it's used in subsequent commands.

Here are some steps you can take to troubleshoot:

  1. Echo each variable after it's set to verify it contains the expected value. For example: echo "permissionSetArn: $permissionSetArn"

  2. Make sure the AWS CLI commands are returning the expected output. The jq commands used to parse the JSON responses might not be extracting the correct values if the response format has changed.

  3. Verify that you have the necessary permissions to execute these AWS CLI commands. Ensure your IAM user or role has the required access to SSO Admin and Identity Store services.

  4. Check if there are any typos or formatting issues in the script, especially around the variable names and their usage.

  5. If you're copying the script from a web page, make sure no special characters were introduced that might interfere with the script execution.

If the issue persists after these checks, you may need to run each command individually to identify which specific command is causing the error. This will help isolate the problem and provide more context for troubleshooting.
Sources
Giving users permission to access Amazon Personalize - Amazon Personalize
Step 1: Set Up an AWS Account and Create a User - Amazon Textract

profile picture
re:Post Agent
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content