- AWS Quicksight Tutorial
- AWS Quicksight - Home
- AWS Quicksight - Overview
- AWS Quicksight - Landing Page
- AWS Quicksight - Using Data Sources
- AWS Quicksight - Data Source Limit
- AWS Quicksight - Editing Datasets
- AWS Quicksight - Creating New Analysis
- AWS Quicksight - Adding Visuals
- Using Filters to a Visual
- AWS Quicksight - Insights
- AWS Quicksight - Creating Story
- AWS Quicksight - Using Parameters
- AWS Quicksight - Sharing Analysis
- AWS Quicksight - Dashboards
- AWS Quicksight - Managing Quicksight
- AWS Quicksight - Edition Type
- AWS Quicksight - Managing IAM Policies
- AWS Quicksight - Embedding Dashboard
- AWS Quicksight - AWS SDKs
- Developer Responsibilities
- AWS Quicksight Useful Resources
- AWS Quicksight - Quick Guide
- AWS Quicksight - Useful Resources
- AWS Quicksight - Discussion
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
AWS Quicksight - Managing IAM Policies
To manage IAM policies for Quicksight account, you can use root user or IAM credentials. It is recommended to use IAM credentials to manage resource access and policies instead of root user.
Following policies are required to signup and use Amazon Quicksight −
Standard Edition
- ds:AuthorizeApplication
- ds:CheckAlias
- ds:CreateAlias
- ds:CreateIdentityPoolDirectory
- ds:DeleteDirectory
- ds:DescribeDirectories
- ds:DescribeTrusts
- ds:UnauthorizeApplication
- iam:CreatePolicy
- iam:CreateRole
- iam:ListAccountAliases
- quicksight:CreateUser
- quicksight:CreateAdmin
- quicksight:Subscribe
Enterprise Edition
Apart from the above mentioned policies, below permissions are required in enterprise edition −
- quicksight:GetGroupMapping
- quicksight:SearchDirectoryGroups
- quicksight:SetGroupMapping
You can also allow a user to manage permissions for AWS resources in Quicksight. Following IAM policies should be assigned in both editions −
- iam:AttachRolePolicy
- iam:CreatePolicy
- iam:CreatePolicyVersion
- iam:CreateRole
- iam:DeletePolicyVersion
- iam:DeleteRole
- iam:DetachRolePolicy
- iam:GetPolicy
- iam:GetPolicyVersion
- iam:GetRole
- iam:ListAttachedRolePolicies
- iam:ListEntitiesForPolicy
- iam:ListPolicyVersions
- iam:ListRoles
- s3:ListAllMyBuckets
To prevent an AWS administrator to unsubscribe from Quicksight, you can deny all users “quicksight:Unsubscribe”
IAM policy for dashboard embedding
To embed an AWS Quciksight dashboard URL in web page, you need the following IAM policies to be assigned to the user −
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "quicksight:RegisterUser",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "quicksight:GetDashboardEmbedUrl",
"Resource": "arn:aws:quicksight:us-east-1:
868211930999:dashboard/
f2cb6cf2-477c-45f9-a1b3-639239eb95d8 ",
"Effect": "Allow"
}
]
}
You can manage and test these roles and policies using IAM policy simulator in Quicksight. Below is the link to access IAM Policy simulator −
https://policysim.aws.amazon.com/home/index.jsp?#
