How can I resolve the IAM Identity Center error message "This permission set is currently provisioned in xx AWS accounts"?

Last updated: 2022-02-01

I tried to delete the AWS IAM Identity Center (successor to AWS Single Sign-On) permission set and received an error similar to the following:

"This permission set is currently provisioned in xx AWS accounts".

Resolution

To delete the permission set, you must first remove it from the AWS account that it's provisioned for.

  1. Open the IAM Identity Center console, and then in the navigation pane choose AWS accounts.
  2. In AWS Accounts, choose the AWS organization tab.
  3. Choose the AWS account that is associated with the permission set that you want to delete.
  4. Expand Permission sets, and then choose the permission set that you want to remove.
  5. In the Remove permission set dialog box, choose Remove access.
  6. If you have multiple AWS accounts associated with the permission set, repeat steps 3-5.
  7. Choose AWS Accounts in the navigation pane.
  8. Choose the Permissions sets tab, choose the permission set, and then choose Delete.

The permission set is now deleted. For more information, see Delete permission sets.