Hi, I’m working on embedding dashboard into our app. While I’m making server side logic to manage quicksight resources, I faced this issue. Please give me a clue to resolve issue.
- delete a namespace without ds:* permission. (Called API via ECS task)
- describe the response that says RETRYABLE_FAILUE
{
“Status”: 200,
“Namespace”: {
“Name”: “team_25731a70-4808-4d14-8a4a-3ca9cfe13949”,
“Arn”: “arn:aws:quicksight:ap-northeast-1:999999999999:namespace/team_25731a70-4808-4d14-8a4a-3ca9cfe13949”,
“CapacityRegion”: “ap-northeast-1”,
“CreationStatus”: “RETRYABLE_FAILURE”,
“IdentityStore”: “QUICKSIGHT”,
“NamespaceError”: {
“Type”: “PERMISSION_DENIED”,
“Message”: “You do not have permission to perform ds:UnauthorizeApplication in your IAM policy. Please ensure that you have ds:Unauthoriz
eApplication, ds:DeleteDirectory, ds:DescribeDirectories in your IAM policy and call DeleteNamespace. If you would like to recreate the namespace after deleting, ensure you also have ds:AuthorizeApplication, ds:CreateIdentityPoolDirectory in your IAM policy and try again.”
}
},
“RequestId”: “919f275c-991a-4922-be58-5d5d45a5474b”
}
- Try to delete it via local using Admin permission. But it says not found error.
% aws quicksight delete-namespace --aws-account-id 999999999999 --namespace=team_25731a70-4808-4d14-8a4a-3ca9cfe13949
An error occurred (ResourceNotFoundException) when calling the DeleteNamespace operation: Account 999999999999 is not signed up with QuickSight with namespace team_25731a70-4808-4d14-8a4a-3ca9cfe13949. AWS account ID: 999999999999, Namespace: team_25731a70-4808-4d14-8a4a-3ca9cfe13949.
- But I can see it exists with list-namespaces command via local using Admin permission.
% aws quicksight list-namespaces --aws-account-id 99999999999
{
“Namespaces”: [
{
“Name”: “team_25731a70-4808-4d14-8a4a-3ca9cfe13949”,
“Arn”: “arn:aws:quicksight:ap-northeast-1:99999999999:namespace/team_25731a70-4808-4d14-8a4a-3ca9cfe13949”,
“CapacityRegion”: “ap-northeast-1”,
“CreationStatus”: “RETRYABLE_FAILURE”,
“IdentityStore”: “QUICKSIGHT”,
“NamespaceError”: {
“Type”: “PERMISSION_DENIED”,
“Message”: “You do not have permission to perform ds:UnauthorizeApplication in your IAM policy. Please ensure that you have ds:Unauth
orizeApplication, ds:DeleteDirectory, ds:DescribeDirectories in your IAM policy and call DeleteNamespace. If you would like to recreate the namespace after deleting, ensure you also have ds:AuthorizeApplication, ds:CreateIdentityPoolDirectory in your IAM policy and try again.”
}
},
How can I delete this namespace?
Plus, same thing happens on creation. I tried to create namespace and it failed due to permission error. I updated permission then called create API. Creation failed due to resource exists exception.
Aws::QuickSight::Errors::ResourceExistsException: The resource arn:aws:quicksight:ap-northeast-1:999999999999:namespace/company_3b9d3a4e-8043-4026-8e33-f44d925c5d8d already exists or is being deleted.
from /app/vendor/bundle/ruby/3.2.0/gems/aws-sdk-core-3.185.0/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call’