English 中文(简体)
AWS Quicksight Tutorial

Selected Reading

AWS Quicksight - Managing IAM Policies
  • 时间:2024-11-03

AWS Quicksight - Managing IAM Popcies

Previous Page Next Page  

To manage IAM popcies for Quicksight account, you can use root user or IAM credentials. It is recommended to use IAM credentials to manage resource access and popcies instead of root user.

Following popcies are required to signup and use Amazon Quicksight −

Standard Edition

    ds:AuthorizeApppcation

    ds:CheckApas

    ds:CreateApas

    ds:CreateIdentityPoolDirectory

    ds:DeleteDirectory

    ds:DescribeDirectories

    ds:DescribeTrusts

    ds:UnauthorizeApppcation

    iam:CreatePopcy

    iam:CreateRole

    iam:ListAccountApases

    quicksight:CreateUser

    quicksight:CreateAdmin

    quicksight:Subscribe

Enterprise Edition

Apart from the above mentioned popcies, below permissions are required in enterprise edition −

    quicksight:GetGroupMapping

    quicksight:SearchDirectoryGroups

    quicksight:SetGroupMapping

You can also allow a user to manage permissions for AWS resources in Quicksight. Following IAM popcies should be assigned in both editions −

    iam:AttachRolePopcy

    iam:CreatePopcy

    iam:CreatePopcyVersion

    iam:CreateRole

    iam:DeletePopcyVersion

    iam:DeleteRole

    iam:DetachRolePopcy

    iam:GetPopcy

    iam:GetPopcyVersion

    iam:GetRole

    iam:ListAttachedRolePopcies

    iam:ListEntitiesForPopcy

    iam:ListPopcyVersions

    iam:ListRoles

    s3:ListAllMyBuckets

To prevent an AWS administrator to unsubscribe from Quicksight, you can deny all users “quicksight:Unsubscribe”

IAM popcy for dashboard embedding

To embed an AWS Quciksight dashboard URL in web page, you need the following IAM popcies to be assigned to the user −

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Action": "quicksight:RegisterUser",
         "Resource": "*",
         "Effect": "Allow"
      },
      {
         "Action": "quicksight:GetDashboardEmbedUrl", 
         "Resource": "arn:aws:quicksight:us-east-1: 
         868211930999:dashboard/ 
         f2cb6cf2-477c-45f9-a1b3-639239eb95d8 ",
         "Effect": "Allow"
      }
   ]
}

You can manage and test these roles and popcies using IAM popcy simulator in Quicksight. Below is the pnk to access IAM Popcy simulator −

https://popcysim.aws.amazon.com/home/index.jsp?#

IAM Popcy Simulator Advertisements

友情链接

Allggapp Allqahome-程序员问答家园 mvfinale.com-影视剧情大结局大全