Automating Dashboard creation using Terraform

carlos-blanco-garcia · December 23, 2024, 8:16am

Hello Everyone,

Currently, I have a solution involving a common data architecture that is ingested by QuickSight through Athena. This is part of a large project where everything is automated using Terraform—except for the QuickSight resources. Unfortunately, this limitation prevents me from building a fully automated CI/CD pipeline.

I’ve been exploring the Terraform AWS Provider, but the current approach appears to require a highly manual implementation. It doesn’t seem possible to directly import existing QuickSight resources into Terraform. Instead, resources need to be recreated from scratch within the Terraform configuration itself.

Here’s the workflow I aim to establish to automate QuickSight dashboards in my project:

A developer creates a dashboard in a DEV account.
Once the dashboard is approved, it is exported in some form to extract the source code from QuickSight.
The exported data is adapted (via script, if necessary) and incorporated into Terraform for automated resource creation and updates across different environments.

I was wondering if there is any way to replicate the process used with CloudWatch dashboards, where dashboards can be exported in JSON format and directly included in Terraform code.

Achieving something similar for QuickSight would greatly enhance our projects by enabling full automation and unlocking opportunities to use QuickSight in additional initiatives.

I’d greatly appreciate any insights or suggestions on how to achieve this.

Thank you so much!

DylanM · December 26, 2024, 3:27pm

Hello @carlos-blanco-garcia, welcome to the QuickSight Community!

All of the assets in QuickSight can be converted into the JSON format by utilizing either the [describe-asset] or [describe-asset-definition] CLI or SDK commands. That will allow you to create a resource that can be migrated from the DEV to the QA account.

Analyses in QuickSight also have a really helpful format, where you can create a template that can be shared with another AWS account so that the analysis can be moved easily. Here is the CLI documentation for creating an analysis template:
https://awscli.amazonaws.com/v2/documentation/api/2.1.29/reference/quicksight/create-template.html

Then, for things like the datasource and dataset, you can check the other links that I attached.

Once all of those items are migrated to the new account, you can publish a dashboard utilizing the analysis you created from the analysis template. I would highly recommend testing all of these in CLI or running it locally with something like boto3 before putting it into Terraform to test out the process. Let me know if you have any further questions!

carlos-blanco-garcia · February 24, 2025, 7:32am

It has been a long time since the last reply to this thread.
First, I want to thank you, @DylanM, for your response—it really gave me a path to follow.

It wasn’t as easy as I initially thought, but here is the final solution I implemented, along with one more question that came to mind.

Ultimately, the approach I took was to build a script that uses the [start-asset-bundle-export-job] API call, selecting the export format as CLOUDFORMATION_JSON.
This allows me to generate a new CloudFormation template every time I make updates to the analysis, which I can then easily integrate with Terraform to “duplicate” the analysis.

Later on, this analysis serves as the source for a QuickSight template, which is then used as the source for a dashboard.

This was the best solution I found for my use case, as it doesn’t require any cumbersome workarounds at the Terraform code level—such as manually copying, pasting, and modifying the configuration every time an update is made to the analysis.

The following link provided a clear idea of what I was looking for:

However, after implementing this solution, I realized I’m missing something.

Customer access to the dashboard in my account was previously managed as follows:
Customers belong to different groups with RLS-mapped permissions, and the dashboard is shared with “All in the Account” using the QuickSight option shown below:

But I cannot found any similar approach in the AWS Terraform Provider or using via API (as last option, will work)

However, I cannot find a similar approach in the AWS Terraform Provider or via API.
As a last resort, I’m open to using the API, but ideally, I’d like to automate customer access to dashboards through Terraform.

Any insights or recommendations would be greatly appreciated.

Thanks!
Best Regards

william.h.wade · May 14, 2025, 11:45am

Within your Terraform code, you can create a folder in Quicksight that has permissions for certain users or groups, and then place your Quicksight artifacts (datasets, analysis, dashboards) into that folder.

Use aws_quicksight_group to create or collect an existing group:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/quicksight_group
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/quicksight_group

And then create a folder with permissions, like the example here :
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/quicksight_folder