How do I access orphaned resources of a deleted user in QuickSight?

I got my Quicksight User deleted but i want those orphaned resources by deleted users to a new user, i have followed AWS blog , but it does not seem to be working

Blog - Access orphaned resources of a deleted user in QuickSight

Error:

 aws quicksight update-analysis-permissions --aws-account-id 551127968046 --analysis-id 0199ee60-edea-49a5-b927-96b11e11f916 --grant-permissions Principal=arn:aws:quicksight:us-east-1:551127968046:user/khushahal.trivedi@domain.com,Actions=quicksight:RestoreAnalysis,quicksight:UpdateAnalysisPermissions,quicksight:DeleteAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:QueryAnalysis,quicksight:DescribeAnalysis,quicksight:UpdateAnalysis --region 'us-east-1'

An error occurred (ResourceNotFoundException) when calling the UpdateAnalysisPermissions operation: Analysis arn:aws:quicksight:us-east-1:551127968046:analysis/0199ee60-edea-49a5-b927-96b11e11f916 is not found

And When we list we get the DELETED status of that resource as follows

{
            "Arn": "arn:aws:quicksight:us-east-1:551127968046:analysis/0199ee60-edea-49a5-b927-96b11e11f916",
            "AnalysisId": "0199ee60-edea-49a5-b927-96b11e11f916",
            "Name": "_drug_timeline check",
            "Status": "DELETED",
            "CreatedTime": "2021-07-22T03:28:13.748000+05:30",
            "LastUpdatedTime": "2022-09-01T10:56:57.766000+05:30"
        },

Any Help would be appreciated

It seems like you need to restore the analysis first as it is deleted.

https://docs.aws.amazon.com/cli/latest/reference/quicksight/restore-analysis.html

After that you can update the permissions

I have tried to restore the analysis and got below status

{
    "Status": 200,
    "Arn": "arn:aws:quicksight:us-east-1:551127968046:analysis/0199ee60-edea-49a5-b927-96b11e11f916",
    "AnalysisId": "0199ee60-edea-49a5-b927-96b11e11f916",
    "RequestId": "f37e1c51-f50d-400f-948a-0c7ea2755237"
}

Now i tried to update the permission

but it says the following error

An error occurred (InvalidParameterValueException) when calling the UpdateAnalysisPermissions operation: Invalid principals given [arn:aws:quicksight:us-east-1:551127968046:user/userid].

But userid present and account ID is also correct can you please let me know whats wrong in principal

Are you passing in arn:aws:quicksight:us-east-1:551127968046:user/userid in your JSON / command?

It needs to be arn:aws:quicksight:us-east-1:551127968046:user/khushahal.trivedi@domain.com from your example

Nope, I have used correct CLI form Pls check below

aws quicksight update-analysis-permissions --aws-account-id 551127968046 --analysis-id 0199ee60-edea-49a5-b927-96b11e11f916 --grant-permissions Principal=arn:aws:quicksight:us-east-1:551127968046:user/user@domain.com,Actions=quicksight:RestoreAnalysis,quicksight:UpdateAnalysisPermissions,quicksight:DeleteAnalysis,quicksight:DescribeAnalysisPermissions,quicksight:QueryAnalysis,quicksight:DescribeAnalysis,quicksight:UpdateAnalysis --region 'us-east-1'

Hmm there might be an issue with not putting in a namespace. Do you know what namespace your user is in? Might be default.

aws quicksight list-namespaces --aws-account-id 551127968046

aws quicksight list-users --aws-account-id 551127968046 --namespace your_namespace

That should generate the users principal.

Also, can you try using the cli-skeleton? I find that much easier personally so I don’t mess up any syntax in the cli command.

First make a json file and substitute your values to this JSON accordingly.

{
“AwsAccountId”: “your_account_id”,
“AnalysisId”: “your_analysis_id”,
“GrantPermissions”: [
{
“Principal”: “arn:aws:quicksight:region:account_id:user/namespace/user”,
“Actions”: [
“quicksight:RestoreAnalysis”, “quicksight:UpdateAnalysisPermissions”, “quicksight:DeleteAnalysis”, “quicksight:QueryAnalysis”, “quicksight:DescribeAnalysisPermissions”, “quicksight:DescribeAnalysis”, “quicksight:UpdateAnalysis”
]
}
]
}

Then you can run

aws quicksight update-analysis-permissions --cli-input-json file://path_to_your_file.json