Assign Permissions to QuickSight Topic Created via CloudFormation

Question & Answer
,
1

Hi everyone,

I created a QuickSight Topic using CloudFormation, but I’m struggling to assign permissions to it during the deployment.

Here’s what I tried:

  • Created the Topic using AWS CDK with CfnInclude and a JSON template.
  • Attempted to add Permissions to the Topic in the CloudFormation template, similar to other QuickSight resources (like Analysis or Dashboard), but got the following error:
Properties validation failed for resource <my-topic-resource> with message: [#: extraneous key [Permissions] is not permitted]

I had to manually add permissions later using the CLI:

aws quicksight update-topic-permissions --aws-account-id <account-id> --topic-id <topic-id> --grant-permissions ...

Question:

  • Is there a way to assign permissions to a QuickSight Topic directly during its creation using CloudFormation?
  • If not, what is the best way to automate permission assignments for a Topic after creation?

Any advice is greatly appreciated!

2

@Lianet_Cylwik_Lopez ,

Currently the create topic API call does not take permissions when you are deploying through CloudFormation. To update the user permissions on the topic, you can automate this setup using a custom lambda resource that invokes the update_topic_permissions - Boto3 1.35.64 documentation API .

Will tag this post as a feature request :slight_smile:

Kind regards,
Koushik

1 Like
3

Hi @Lianet_Cylwik_Lopez,
It’s been awhile since we last heard from you. While Koushik tagged this as a feature request already, just checking in to see if you had any additional questions regarding your post?

If we do not hear back within the next 3 business days, I’ll close out this topic.

Thank you!

4

Hi @Lianet_Cylwik_Lopez,
Since we haven’t heard back, I’ll go ahead and close out this topic. If you have any additional questions, feel free to create a new topic in the community.

Thank you!