We are managing 1000+ AWS accounts and want to create QuickSight account for each of them. We are considering CloudFormation with Custom Resource triggered Lambda to call the CreateAccountSubscription API to create the QuickSight account in each AWS account.
In the API specification I don’t see how the Admin user is set (The very first user created when the QuickSight account is created). Is there a way to configure that?
After the QuickSight account creation, how can I login to the account as that Admin?
@Max Can you be more specific? I assume you meant I can’t login to the account as admin after programmatically created the account? If so, what info should I use in CreateAccountSubscription API call for admin user? or even that’s not something I provide but created by QuickSight with some default info?
My main concern about this is, after I created the account, how do I do permission management. Because only ADMIN can do user permission and resource permission management, right? E.g., change a user from READER to AUTHOR/ADMIN, or give a user access to a resource. From what I’ve tried, once the subscription was created, when another user login to the AWS account (as a different IAM role), he would be asked to provide info to created a new QuickSight user. That user was created as READER. If I can’t login with the ADMIN user created by CreateAccountSubscription API, how could I change the new user’s user type? Also, how could I grant the new user access to existing resources?