We are getting the following exception when trying to embed a dashboard via the Python API:
An error occurred (AccessDeniedException) when calling the GetDashboardEmbedUrl operation: User: arn:aws:sts::891208296108:assumed-role/quicksight-embed-dashboard-role/ is not authorized to perform: quicksight:GetDashboardEmbedUrl on resource: arn:aws:quicksight:us-east-1:891208296108:dashboard/00f7a1aa-b8a0-42e0-a1a8-a27b36a3ce3f because no identity-based policy allows the quicksight:GetDashboardEmbedUrl action
What makes this somewhat confusing is that we successfully embed dashboards all the time, and there doesn’t appear to be anything different about the sharing settings on this particular dashboard. I have never had to do anything special in the past to make dashboards accessible. Any suggestions on how to fix?
Hi,
The application which is making the API calls to QuickSight is using the following IAM Role : quicksight-embed-dashboard-role .
What permissions does the following IAM Role have : quicksight-embed-dashboard-role
To add identity policy , please refer to following : Actions, resources, and condition keys for Amazon QuickSight - Service Authorization Reference
If QuickSight Action : quicksight:GetDashboardEmbedUrl is part of the IAM Role , it has a dependency on Resource Types ( Dashboard ) . Is there a restriction on what dashboards are allowed or is it ( arn:aws:quicksight:eu-central-1:XXXXX:dashboard/*)
Regards,
Koushik
Thanks, we were able to get this sorted out. We needed to add the dashbiard to the AWS IAM quicksight-embed-dashboard policy.
I don’t recall this being an issue in the past, so I’m not sure if something changed. But in any case, it is working now.