I’m trying to promote assets using the new “asset-bundle-import” cli commands that are described in this blog: Automate and accelerate your Amazon QuickSight asset deployments using the new APIs | AWS Big Data Blog. I’m promoting assets to different account in different region.
I receive an error message in describe-asset-bundle-import-job part.
“Type”: “com.amazonaws.services.quicksight.model.AccessDeniedException”,
“Message”: “User: arn:aws:sts::<>:assumed-role/<> is not authorized to perform: iam:PassRole on resource: arn:aws:iam::<< target-account-id >>:role/<<source-vpc-connection-id>> because no identity-based policy allows the iam:PassRole action”
What I’m not getting is why the above error message has /<<source-vpc-connection-id>> connection in it?
I override vpc conn parameters in start-asset-bundle-import-job this way:
"OverrideParameters": {
"VPCConnections": [
{
"VPCConnectionId": "<< source-vpc-connection-id >>",
"Name": "<<target-vpc-connection-id >>",
"SubnetIds": [
"<<target-vpc-subnet1>>",
"<< target-vpc-subnet2>>",
"<< target-vpc-subnet3>>"
],
"SecurityGroupIds": [
"<<target-sg1>>"
]
}
]
How to resolve this error? It is confusing that I get this error because /<<source-vpc-connection-id>> cannot exist on target account with that name.
Can you help on this? I could provide more details if needed.