larry
October 31, 2024, 4:01am
1
I am using Terraform to automate the creation of a shared folder and then adding users to share the assets using the permissions.
locals {
owners = ["user1","user2","user3"]
}
data "aws_quicksight_user" "owners" {
for_each = toset(local.owners)
user_name = each.key
}
resource "aws_quicksight_folder" "example" {
folder_id = "asset"
name = "folder_for_asset"
folder_type = "SHARED"
for_each = toset(local.owners)
permissions {
actions = [
"quicksight:CreateFolder",
"quicksight:DescribeFolder",
"quicksight:UpdateFolder",
"quicksight:DeleteFolder",
"quicksight:CreateFolderMembership",
"quicksight:DeleteFolderMembership",
"quicksight:DescribeFolderPermissions",
"quicksight:UpdateFolderPermissions",
]
principal = data.aws_quicksight_user.owners[each.key].arn
}
}
The problem here is that the principal does not allow list and I am limited to only one user.
OR I am doing some thing wrong ?
Do I need to switch to python( boto3) or cli ?
Thank you !
ErikG
October 31, 2024, 6:41am
2
Hi @larry
the the principal logic within the permissions looks like:
"Permissions": [
{
"Principal": "arn:aws:quicksight:us-east-1:accountID:user/default/user1",
"Actions": [
"quicksight:RestoreAnalysis",
"quicksight:UpdateAnalysisPermissions",
"quicksight:DeleteAnalysis",
"quicksight:DescribeAnalysisPermissions",
"quicksight:QueryAnalysis",
"quicksight:DescribeAnalysis",
"quicksight:UpdateAnalysis"
]
},
{
"Principal": "arn:aws:quicksight:us-east-1:accountID:user/default/admin/user2",
"Actions": [
"quicksight:RestoreAnalysis",
"quicksight:UpdateAnalysisPermissions",
"quicksight:DeleteAnalysis",
"quicksight:DescribeAnalysisPermissions",
"quicksight:QueryAnalysis",
"quicksight:DescribeAnalysis",
"quicksight:UpdateAnalysis"
]
}
],
Is you code is producing the same?
BR
larry
October 31, 2024, 2:27pm
3
@ErikG Thanks for your quick response. That exactly is the problem ( I think) because it is not allowing me to pass a list to the Principal, which is limiting to only one user. I have multiple alternatives to get an output like you suggested –
Use CLI
Use Python(boto3)
create a group and add users ( Don’t know if this will work ?)
Any guidance to pick an alternative will be helpful.