Needed permissions for SSO and index error

[orenbenya]

Now SSO is configured, I'm running the code and got these errors:
What permission is needed for the SSO groups to be be able to run it successfully ?
The First role have 'Permissions boundary' attached to it - does it matter for the solution if it is used or not ?
Is the 'index out of range' error an issue ? shouldn't the process search for all valid\available roles to be able to proceed?
Many Thanks!

Listing ACCOUNTID using role, AWSReadOnlyAccess
FAILED to create trust: arn:aws:iam::ACCOUNTID-A:role/Found-Role-name, AWS, AlphaNumeric-string   
list index out of range   
FAILED to create trust: arn:aws:iam::ACCOUNTID-B:role/Found-Role-name, AWS, AlphaNumeric-string   
list index out of range   
Completed (1/2)   
FAILED to create trust: arn:aws:iam::ACCOUNTID-A:role/Found-Role-name, AWS, AlphaNumeric-string   
list index out of range   
Completed (2/2)

[sebastian-mora]

Thanks for the output. Initially, it looks like the method that parses the role name is failing to index the correct position in the split arn. This could be either a formatting I did not account for or bad input is being passed to the function. I will take a look at the issue later today.

[sebastian-mora]

@orenbenya Can you please send me the format of the trust policy associated with arn:aws:iam::ACCOUNTID-A:role/Found-Role-name . It seems the function __create_role_trust() is failing to parse the ARN specific in that specific role's trust. The error messages for only for that single role and the program should continue to build to the graph.

[orenbenya]

@sebastian-mora
Checked those 3 roles: all have the same format.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "Short-AlphaNumeric-string"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}