Embedded url for registered user on ap-northeast2 region

HI, all

I have tested embed url for registered user with dashboard in us-east-1 region.
I generated embed url in terminal with below command and pasted the generated url in browse.

aws quicksight --profile <myrole> generate-embed-url-for-registered-user --aws-account-id <accountid> --user-arn arn:aws:quicksight:us-east-1:<accountid>:user/default/user1 --experience-configuration '{"Dashboard": {"InitialDashboardId": <dashboard id>}}' --session-lifetime-in-minutes 20

Then, browser shows dashboard successfully.

But, When I generated embed url for registered user with dashboard in ap-northeast-2 region and
I pasted the generated url in browser, the generated embed url doest not work.

aws quicksight --profile <myrole_ap-northeast-2> generate-embed-url-for-registered-user --aws-account-id <accountid_ap-northeast-2> --user-arn arn:aws:quicksight:ap-northeast-2:<accountid_ap-northeast-2>:user/default/user1 --experience-configuration '{"Dashboard": {"InitialDashboardId": <dashboard id in ap-northeast-2>}}' --session-lifetime-in-minutes 20
The browser shows below invalid URL or authorization code error page.

Is embed url for registered user supported in ap-northeast-2 region?

Hi,

1/ Can you double-check the region setting on the profile? The embed URL works the same regardless of the region. (Feature is available in ap-northeast-2 as well.)
Try to use the same command with --region ap-northeast-2 to override config/env settings.

2/ Could you also please verify if the user has permission to access the deployed dashboard?

1 Like

Hi,

  1. I checked my profile and the region is set to ap-northeast-2 and the generated embed url starts with https://ap-northeast-2, I think the region was properly set to ap-northest-2.
  2. Yes, the user has the permission to access the dashboard. (If I login in as the user, I can access the dashboard)

But, I’m still having the same problem.

Thank you for your advice.

Hi @minsik.jin @jmmin

I think identity region for QuickSight accounts in ap-northeast-2 may not be the same. Could you please try running the list users api and check the region captured in the userARN … i think it will be us-east-1.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/quicksight/client/list_users.html

you need to update the user ARN and run the generate embed url api again .
aws quicksight --profile <myrole_ap-northeast-2> generate-embed-url-for-registered-user --aws-account-id <accountid_ap-northeast-2> --user-arn arn:aws:quicksight:XXXXXXXXXX:<accountid_ap-northeast-2>:user/default/user1 --experience-configuration ‘{“Dashboard”: {“InitialDashboardId”: }}’ --session-lifetime-in-minutes 20

Thanks
VInod

1 Like

Him @apjvinod , Thank you for your reply

I checked ARN of user, but the ARN was ap-northeast-2.

         "Arn": "arn:aws:quicksight:ap-northeast-2:XXXXXXXX:user/default/user1",
         "UserName": "user1",
         "Email": "user1+e@gmail.com",
         "Role": "READER",
         "IdentityType": "QUICKSIGHT",
         "Active": true,
         "PrincipalId": "XXXXXXX"

Further, I created dashboard in us-east-1 region on the same aws account where embedded url for dahsboards in ap-northest-2 was not working. In this case the “generated embed url for resigered user” created by below command is working as expected. (the target user was registered in ap-northeast-2 region, and the dashboard was created in us-east-1 region)

aws quicksight --profile <myrole_us-east-1> generate-embed-url-for-registered-user --aws-account-id <accountid_ap-northeast-2> --user-arn arn:aws:quicksight:XXXXXXXXXX :<accountid_ap-northeast-2>:user/default/user1 --experience-configuration ‘{“Dashboard”: {“InitialDashboardId in us-east-1 region”: }}’ --session-lifetime-in-minutes 20

Thank you.