p0 aws permission-set assume

Browser opens but authentication fails

AWS Identity Center session expired or user not authorized

Log in to AWS Identity Center in your browser, then retry the command

Device authorization times out

User did not complete browser authentication in time

Retry the command and complete the browser authentication promptly

Timed out fetching AWS credentials. Try again...

Delay between token issuance and availability for exchange

Retry the command; if issue persists, contact [email protected]

Permission set not found or access denied

The requested permission set is not assigned to your user

Request access to the permission set first with p0 request aws permission-set <name>, or contact your administrator

Access denied after successful authentication

Permission set exists but user lacks assignment

Contact your AWS Identity Center administrator to assign the permission set

Unexpected login type. Expected IDC to be enabled for account {account}

AWS account uses Okta SAML federation instead of Identity Center

The permission-set subcommand is only available for Identity Center accounts. Run p0 aws --help to see the correct subcommand (role) for your account.

P0 is not installed on any AWS account

No AWS accounts have the P0 integration installed

Ask your P0 administrator to install the AWS integration on your account

P0 is not installed on AWS account {account}

The specified account ID or alias does not exist in P0

Verify the account ID with p0 ls aws account or check with your administrator

Please select a unique AWS account with --account; valid accounts are: ...

Multiple AWS accounts are configured and none was specified

Add --account <id> to specify which account, or set P0_AWS_ACCOUNT environment variable

Could not find an AWS account ID for this access request

Account ID not resolved during credential exchange

Specify the account explicitly with --account <id>

Your request was denied

An approver denied the P0 access request

Check your Slack/notification channel for denial reason; adjust your request or contact the approver

Your request encountered an error

P0 request processing failed

Check P0 dashboard for request details; contact P0 support if the issue persists

Your request did not complete within 5 minutes.

Request approval or provisioning timed out

Check notification channel for approval status; approvers may not have seen the request

connect ECONNREFUSED to AWS or P0 endpoints

Outbound HTTPS is blocked by firewall or proxy

Allow HTTPS to AWS OIDC endpoints (oidc.{region}.amazonaws.com), AWS SSO portal (portal.sso.{region}.amazonaws.com), and api.p0.app

getaddrinfo ENOTFOUND

DNS resolution failure

Verify DNS can resolve AWS endpoints and P0 API endpoint

Command hangs during authentication

Browser-based login is required but can't open

Ensure a browser is available; check if running in a headless environment

AWS commands fail with ExpiredToken

Session credentials have expired (1 hour lifetime)

Re-run p0 aws permission-set assume to obtain fresh credentials

Credentials work in one terminal but not another

Environment variables not set in the other terminal

Run the $(p0 aws permission-set assume ...) command in each terminal session

AWS_SECURITY_TOKEN vs AWS_SESSION_TOKEN confusion

Both are set for compatibility; some older tools use AWS_SECURITY_TOKEN

Both should work; prefer AWS_SESSION_TOKEN for modern AWS SDK versions

Enable debug output

p0 aws permission-set assume MyPermissionSet --debug

Check P0 login status

p0 login (prompts if session is expired)

List available accounts

p0 ls aws account

List available permission sets

p0 ls aws permission-set --account <id>

Verify AWS credentials

After assuming, run aws sts get-caller-identity

Clear cached AWS IDC tokens

Remove ~/.p0/cache/aws-idc-* files and retry