2 Answers
- Newest
- Most votes
- Most comments
2
Hello,
I have encountered the same error as well and I solved it in this way:
- My IAM Identity Center is located in the Milan region
- The AWS Account in the AWS Organization didn't have the Milan region enabled
- I enabled the Milan region for the AWS Organization account
- I tried to assign the permissions again and then it worked.
Best, Stefano
answered 4 months ago
0
Hello.
A few things: Ensure the IAM role or user you are using to assign the permission sets has adequate permissions to perform the operation. Make sure it has sso:InstanceAccessControlAttributeConfiguration, sso:PermissionSet, and sso:ManagedPolicy permissions.
Confirm that the trust relationships are set up correctly, and "OrganizationAccountAccessRole" is able to assume the necessary roles across accounts. Cross-account access necessitates that the trusting account (the account being accessed) has a trust policy that allows the accessing (trusted) account to assume a role.
Regards, Andrii
Relevant content
- asked 8 months ago
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated 5 months ago