By using AWS re:Post, you agree to the Terms of Use
/create-account-assignment calls fail from CLI, work in console/

create-account-assignment calls fail from CLI, work in console


Hello there -

I'm running into a problem where I'm trying to run aws sso-admin create-account-assignment from a terminal and while the request is accepted, I then run `aws sso-admin describe-account-assignment-creation-status with the returned requestId and eventually the status transitions to "FAILED" with the error message:

"AccountAssignmentCreationStatus": {
"Status": "FAILED",
"RequestId": "[REDACTED]",
"FailureReason": "An unexpected internal service exception was encountered",
"TargetId": "[REDACTED]",
"TargetType": "AWS_ACCOUNT",
"PermissionSetArn": "arn:aws:sso:::permissionSet/ssoins-[REDACTED]/ps-[REDACTED]",
"PrincipalType": "GROUP",
"PrincipalId": "[REDACTED]",
"CreatedDate": "2021-09-17T18:20:33.708000-04:00"

This is when using AWS Access Keys associated with a user in my organizational account. When I attempt to attach the same permission set to the same group and account in the console, the request succeeds.

Has anyone experienced this issue and have an idea what might be going on. Unfortunately, I'm on a basic plan which doesn't include support.


1 Answers

Well, I think I found out what was going on. The account I was attempting to assign a permission set assignment to was the organizational root account. When I switched to another account within my organization it worked fine from the CLI. Not sure why it works when in the in the console though.

This gets me unblocked as I can continue with my experimentations becoming familiar with SSO -- especially as managed via terraform.


answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions