CreateAccountSubscription with existing IAM role

Hello,

What is a work around to assign an existing IAM role when create a QuickSight subscription automatically?

We provided lab AWS accounts to our customers for learning Quicksight. For each account, we currently allow customers to sign up for Quicksight via the console. However, since there is no way to prevent customer signing up for Pixel-perfect paginated reports accidentally, we want to move to automatically provision QuickSight subscription and only give customer Quicksight AUTHOR role. We run into a problem when using CreateAccountSubscription won’t let us associate existing IAM role to grant QuickSight access to other AWS services (such as Athena, or S3). And the AUTHOR role won’t have permission to change IAM role or provide access to AWS service on the console.

Has someone figured out how to solve this issue before?

Hi @hong_p

As of today this is not possible and it requires using the UI to set the role.

Please share via private message your company information and can add as you as customer influence.

Regards,
Ramon Lopez

Did this solution work for you? I am marking this reply as, “Solution,” but let us know if this is not resolved. Thanks for posting your questions on the QuickSight Community!