:doc:`SSOAdmin <../../sso-admin>` / Client / create_permission_set

*********************
create_permission_set
*********************



.. py:method:: SSOAdmin.Client.create_permission_set(**kwargs)

  

  Creates a permission set within a specified IAM Identity Center instance.

   

  .. note::

    

    To grant users and groups access to Amazon Web Services account resources, use ``CreateAccountAssignment ``.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/CreatePermissionSet>`_  


  **Request Syntax**
  ::

    response = client.create_permission_set(
        Name='string',
        Description='string',
        InstanceArn='string',
        SessionDuration='string',
        RelayState='string',
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type Name: string
  :param Name: **[REQUIRED]** 

    The name of the  PermissionSet.

    

  
  :type Description: string
  :param Description: 

    The description of the  PermissionSet.

    

  
  :type InstanceArn: string
  :param InstanceArn: **[REQUIRED]** 

    The ARN of the IAM Identity Center instance under which the operation will be executed. For more information about ARNs, see `Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces </general/latest/gr/aws-arns-and-namespaces.html>`__ in the *Amazon Web Services General Reference*.

    

  
  :type SessionDuration: string
  :param SessionDuration: 

    The length of time that the application user sessions are valid in the ISO-8601 standard.

    

  
  :type RelayState: string
  :param RelayState: 

    Used to redirect users within the application during the federation authentication process.

    

  
  :type Tags: list
  :param Tags: 

    The tags to attach to the new  PermissionSet.

    

  
    - *(dict) --* 

      A set of key-value pairs that are used to manage the resource. Tags can only be applied to permission sets and cannot be applied to corresponding roles that IAM Identity Center creates in Amazon Web Services accounts.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The key for the tag.

        

      
      - **Value** *(string) --* **[REQUIRED]** 

        The value of the tag.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'PermissionSet': {
              'Name': 'string',
              'PermissionSetArn': 'string',
              'Description': 'string',
              'CreatedDate': datetime(2015, 1, 1),
              'SessionDuration': 'string',
              'RelayState': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **PermissionSet** *(dict) --* 

        Defines the level of access on an Amazon Web Services account.

        
        

        - **Name** *(string) --* 

          The name of the permission set.

          
        

        - **PermissionSetArn** *(string) --* 

          The ARN of the permission set. For more information about ARNs, see `Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces </general/latest/gr/aws-arns-and-namespaces.html>`__ in the *Amazon Web Services General Reference*.

          
        

        - **Description** *(string) --* 

          The description of the  PermissionSet.

          
        

        - **CreatedDate** *(datetime) --* 

          The date that the permission set was created.

          
        

        - **SessionDuration** *(string) --* 

          The length of time that the application user sessions are valid for in the ISO-8601 standard.

          
        

        - **RelayState** *(string) --* 

          Used to redirect users within the application during the federation authentication process.

          
    
  
  **Exceptions**
  
  *   :py:class:`SSOAdmin.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.InternalServerException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ValidationException`

  
  *   :py:class:`SSOAdmin.Client.exceptions.ConflictException`

  