When you configured Hybrid Linked Mode, you were asked to "Add Cloud Administrator" and you should have selected a group of user to be granted cloudadmin privledges. Have you tried logging in as one of those users and performing permissions configuration?
VMC on AWS is a VMware managed service and in SDDC VC you will not have rights to create new users or groups.
Anyway, customers have rights to add their own OnPrem Identity Source to their SDDC VC; please find below few methods :
- Configuring Hybrid Linked Mode - 2 methods (inside SDDC or using a Cloud Gateway): Configuring Hybrid Linked Mode
As a requirement you will need an IPsec VPN or DX connection between OnPrem and SDDC.