larry
October 31, 2024, 4:01am
1
I am using Terraform to automate the creation of a shared folder and then adding users to share the assets using the permissions.
locals {
owners = ["user1","user2","user3"]
}
data "aws_quicksight_user" "owners" {
for_each = toset(local.owners)
user_name = each.key
}
resource "aws_quicksight_folder" "example" {
folder_id = "asset"
name = "folder_for_asset"
folder_type = "SHARED"
for_each = toset(local.owners)
permissions {
actions = [
"quicksight:CreateFolder",
"quicksight:DescribeFolder",
"quicksight:UpdateFolder",
"quicksight:DeleteFolder",
"quicksight:CreateFolderMembership",
"quicksight:DeleteFolderMembership",
"quicksight:DescribeFolderPermissions",
"quicksight:UpdateFolderPermissions",
]
principal = data.aws_quicksight_user.owners[each.key].arn
}
}
The problem here is that the principal does not allow list and I am limited to only one user.
Do I need to switch to python( boto3) or cli ?
Thank you !
ErikG
October 31, 2024, 6:41am
2
Hi @larry
"Permissions": [
{
"Principal": "arn:aws:quicksight:us-east-1:accountID:user/default/user1",
"Actions": [
"quicksight:RestoreAnalysis",
"quicksight:UpdateAnalysisPermissions",
"quicksight:DeleteAnalysis",
"quicksight:DescribeAnalysisPermissions",
"quicksight:QueryAnalysis",
"quicksight:DescribeAnalysis",
"quicksight:UpdateAnalysis"
]
},
{
"Principal": "arn:aws:quicksight:us-east-1:accountID:user/default/admin/user2",
"Actions": [
"quicksight:RestoreAnalysis",
"quicksight:UpdateAnalysisPermissions",
"quicksight:DeleteAnalysis",
"quicksight:DescribeAnalysisPermissions",
"quicksight:QueryAnalysis",
"quicksight:DescribeAnalysis",
"quicksight:UpdateAnalysis"
]
}
],
Is you code is producing the same?
BR
larry
October 31, 2024, 2:27pm
3
@ErikG Thanks for your quick response. That exactly is the problem ( I think) because it is not allowing me to pass a list to the Principal, which is limiting to only one user. I have multiple alternatives to get an output like you suggested –
Use CLI
Use Python(boto3)
create a group and add users ( Don’t know if this will work ?)
Any guidance to pick an alternative will be helpful.
@larry ,
The permissions block is a list which will have actions defined for each principal. Based on your code, for_each is outside of this block. Wouldn’t this create a folder for each user ?
resource "aws_quicksight_folder" "example" {
folder_id = "asset"
name = "folder_for_asset"
folder_type = "SHARED"
for_each = toset(local.owners)
permissions {
actions = [
"quicksight:CreateFolder",
"quicksight:DescribeFolder",
"quicksight:UpdateFolder",
"quicksight:DeleteFolder",
"quicksight:CreateFolderMembership",
"quicksight:DeleteFolderMembership",
"quicksight:DescribeFolderPermissions",
"quicksight:UpdateFolderPermissions",
]
principal = data.aws_quicksight_user.owners[each.key].arn
}
}
1/ Can you create the permissions block which has the principals and their actions initially and then reference it ?Dynamic Blocks - Configuration Language | Terraform | HashiCorp Developer ]
Brett
December 16, 2024, 6:16pm
5
Hi @larry ,
If we do not hear back within the next 3 business days, I’ll close out this topic.
Thank you!
Brett
December 20, 2024, 4:53pm
6
Hi @larry ,
Thank you!