CreatePermissionSet
Creates a permission set within a specified IAM Identity Center instance.
Note
To grant users and groups access to AWS account resources, use
CreateAccountAssignment
.
Request Syntax
{
"Description": "string",
"InstanceArn": "string",
"Name": "string",
"RelayState": "string",
"SessionDuration": "string",
"Tags": [
{
"Key": "string",
"Value": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- Description
-
The description of the PermissionSet.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 700.
Pattern:
[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*Required: No
- InstanceArn
-
The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso:::instance/(sso)?ins-[a-zA-Z0-9-.]{16}Required: Yes
- Name
-
The name of the PermissionSet.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern:
[\w+=,.@-]+Required: Yes
- RelayState
-
Used to redirect users within the application during the federation authentication process.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 240.
Pattern:
[a-zA-Z0-9&$@#\\\/%?=~\-_'"|!:,.;*+\[\]\ \(\)\{\}]+Required: No
- SessionDuration
-
The length of time that the application user sessions are valid in the ISO-8601 standard.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern:
(-?)P(?=\d|T\d)(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)([DW]))?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+(?:\.\d+)?)S)?)?Required: No
- Tags
-
The tags to attach to the new PermissionSet.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 75 items.
Required: No
Response Syntax
{
"PermissionSet": {
"CreatedDate": number,
"Description": "string",
"Name": "string",
"PermissionSetArn": "string",
"RelayState": "string",
"SessionDuration": "string"
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- PermissionSet
-
Defines the level of access on an AWS account.
Type: PermissionSet object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 400
- ConflictException
-
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 400
- InternalServerException
-
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 500
- ResourceNotFoundException
-
Indicates that a requested resource is not found.
HTTP Status Code: 400
- ServiceQuotaExceededException
-
Indicates that the principal has crossed the permitted number of resources that can be created.
HTTP Status Code: 400
- ThrottlingException
-
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400
- ValidationException
-
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
