Assistance regarding enabling Amazon QuickSight Q capabilities

Question & Answer
, , , , , , ,
1

We are currently working on a QuickSight dashboard integration and would like assistance regarding enabling Amazon QuickSight Q capabilities. Below are the details of our current implementation:

We have our data stored in a PostgreSQL database, which is imported into QuickSight with a daily refresh schedule to ensure up-to-date insights. To secure the data, we have applied Row Level Security (RLS) to the dashboard by leveraging a specific column that determines user access levels based on their roles or associated organizations. This dashboard is embedded into our React website using the following steps:

  1. Authenticate Users Using Amazon Cognito: We authenticate users via Cognito and retrieve their Cognito Identity ID using the GetIdCommand. Once the Identity ID is retrieved, we generate an OpenID token with the GetOpenIdTokenCommand.

  2. Assume an IAM Role for Temporary Credentials: Using the OpenID token, we call the AssumeRoleWithWebIdentityCommand to assume an IAM role. This step provides temporary AWS credentials (Access Key, Secret Key, and Session Token), which allow us to perform QuickSight operations securely.

  3. Register Users in QuickSight: If a user is not already registered, we use the RegisterUserCommand to register them dynamically in QuickSight. Each user is assigned the Reader role, enabling them to view the dashboard.

  4. Retrieve the User’s QuickSight Username: Once the user is registered, we use the ListUsersCommand to fetch all registered users in QuickSight and identify the username associated with the user’s email address.

  5. Store User Information in PostgreSQL: We store user information, such as their QuickSight username and associated company (determined from their email domain), in PostgreSQL. This information is used to enforce RLS by mapping the user’s username to their organization or role.

  6. Generate the Dashboard Embed URL: Finally, we use the GetDashboardEmbedUrlCommand to generate a secure, user-specific embed URL. This URL is tied to the user’s session and permissions, ensuring that only authorized users can access the embedded dashboard.

Help Needed:

Now, we want to enable Amazon QuickSight Q capabilities for our implementation. Specifically, we would like to integrate the natural language querying feature into our existing QuickSight dashboards.

We are seeking guidance on:

  • The prerequisites for enabling Q capabilities in our QuickSight setup.
  • Any additional configuration required for the datasets, dashboards, or permissions to support Q.
  • Steps to incorporate and test Q capabilities effectively.
  • Best practices for embedding dashboards with Q features enabled in a website.

Any detailed instructions or references to documentation that could help us enable and utilize QuickSight Q capabilities would be greatly appreciated.

2

Hello Ajay,

Please see below and let others add more if i missed any

The prerequisites for enabling Q capabilities in our QuickSight setup.

  • check for the supported region -Supported AWS Regions for Amazon Q in QuickSight - Amazon QuickSight
  • make sure you have at least one Pro-user or topic created for amazon Q to get enabled in your QuickSight Account. (* A $250/month per account Amazon Q enablement fee applies for accounts with at least one Pro user or with at least one Amazon Q Topic.)

Any additional configuration required for the datasets, dashboards, or permissions to support Q.

  • generally no. you need to create topic on the topic on the top of data set and share with users so that they can use it for Q&A
  • see workshop Workshop Studio

Steps to incorporate and test Q capabilities effectively.

Best practices for embedding dashboards with Q features enabled in a website.
-Embedding the Amazon Q in QuickSight Generative Q&A experience - Amazon QuickSight
-amazon-quicksight-embedding-sdk - npm

Hope this helps.
Cheers,
Deep

2 Likes
3

Cost Clarification for Registered Users in QuickSight: License vs. License + Session Cost

We are implementing an integration with QuickSight where we are:

  1. Assigning an IAM role to users by using the AssumeRoleWithWebIdentityCommand from the AWS STS service to provide temporary credentials for QuickSight access.
  2. Registering users in the “default” namespace of QuickSight as READER users using the RegisterUserCommand and associating each user with the IAM role.
  3. Granting access to specific topics using the UpdateTopicPermissionsCommand.
  4. Generating embed URLs for dashboards and generative Q&A topics via the GenerateEmbedUrlForRegisteredUserCommand.

Since our users are already registered in QuickSight, we would like to understand the associated costs. Specifically:

  • Will the cost for each user be limited to just the QuickSight license fee (e.g., author/reader pricing)?
  • Or, will it also include any session-based cost incurred each time a user accesses the dashboard or topic using the embed URL?

We want to ensure we account for all recurring costs accurately. Any clarification or documentation references would be greatly appreciated.

4

HEllo Ajay,

I would highly recommend to open a new thread on your question as it will help others as well and you get more attention from other experts as well.
Else it way get buried in the chain of resposne.

Thank you.
Cheers,
Deep

1 Like