Custom Namespace Invalid resource identifiers provided from federate

Unable to register a user in the Custom Namespace using the AWS CLI. Currently, we are utilizing Microsoft Entra ID for communication with AWS QuickSight and have successfully created a user only in the default namespace. When attempting to create a user in a custom namespace using the following CLI code:

aws quicksight register-user --identity-type iam --email abc@def.com --user-role READER --iam-arn arn:aws:sts::0000000000:assumed-role/dummyRole/abc@def.com --aws-account-id 0000000000 --namespace customeNamespace1 --session-name abc@def.com --user-name dummyRole/abc@def.com 	

The value for --iam-arn is obtained from the following command:

aws sts get-caller-identity

If I change --iam-arn to a user that exists in IAM users, the user is created successfully. However, for federated user cases, I am unable to determine the appropriate iam-arn or if there is something else I am not aware of. Assistance in resolving this issue would be greatly appreciated.

Thank you.

Hi @qsCommunity
do you get any error or is it just not working?
BR

Encountering the following error.
An error occurred (InvalidParameterValueException) when calling the RegisterUser operation: Invalid resource identifiers provided. Please check the documentation.

Hi @qsCommunity
you are writing

If I change --iam-arn to a user that exists in IAM

Means arn:aws:sts::0000000000:assumed-role/dummyRole/abc@def.com isnt a IAM user right now?.
What if you do not specify the --iam-arn ?

BR

It’s federated authorized user coming from Microsoft Entra id. iam-arn is mandatory for creating quicksight users

i checked the documentation

Hello @qsCommunity !

It has been some time since we have heard from you but would still like to help you find a solution. Was @ErikG 's comment helpful and if so can you mark their comment as a solution to help the community?

If we do not hear from you in 7 days this post will be archived.