Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

An error occurred (AccessDeniedException) when calling the ListPermissionSets operation

0

Hi, i have created IAM user and attached below policy. AdministratorAccess AWSOrganizationsFullAccess AWSSSOReadOnly also added one inline policy as well for these actions[ "sso:", "sso-directory:","identitystore:*"] but still i am getting below Error: An error occurred (AccessDeniedException) when calling the ListPermissionSets operation: User: arn:aws:iam::account-id:user/test_user is not authorized to perform: sso:ListPermissionSets

can any one please let us know where i should done wrong?

  • Oleksii Bebych EXPERT
    2 years ago

    please accept the answer if it was useful

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
asked 2 years ago1.2K views
1 Answer
1

the needed action is "Action": "sso:ListPermissionSets"

you need to replace your "sso:", with "sso:*", or better avoid asterisks "*" and provide a specific action

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • rePost-User-7320116
    2 years ago

    Thanks, but my questions is even if i provide enough permissions ,still i couldn't list the permission sets.

    client = boto3.client('sso-admin') response = client.list_permission_sets( InstanceArn='arn:aws:sso:::instance/ins-*****' ) print(response)

  • Osvaldo Marte EXPERT
    2 years ago

    Explicitly allow sso:ListPermissionSets. Adding a specific inline policy for sso:ListPermissionSets should resolve the issue.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content