Author: Ying Wang (@Ying_Wang)
In Amazon QuickSight Enterprise edition, your team members can create personal and shared folders to add hierarchical structure to QuickSight asset management. Using folders, people can more easily organize, navigate through, and discover dashboards, analyses, and datasets.
For a large enterprise organization, the number of folders might be huge. The access permissions of the folders will be super complicated. Some QuickSight enterprise users approached me to look for a solution to generate a centralized view of all folders inside an account and the related information of each folder, such as folder owner, folder path, and the assets within this folder.
In this post, I provided a sample Lambda function and the deployment steps to produce this highly requested centralized view.
- Please download the sample code of the Lambda function from this link: amazon-quicksight-sdk-proserve/folder_assets.py at master · aws-samples/amazon-quicksight-sdk-proserve · GitHub
- From AWS management console, go to S3: https://s3.console.aws.amazon.com/s3/get-started?region=us-east-1®ion=us-east-1
- Create a S3 bucket and note down the bucket name. Let’s call it: ‘admin-console<<aws_account_id>>’. Please replace the <<aws_account_id>> with your AWS account id.
- Download the IAM policy from this link: amazon-quicksight-sdk-proserve/qs_monitoring_policy.JSON at master · aws-samples/amazon-quicksight-sdk-proserve · GitHub
And then, edit the JSON file, change the <<s3_bucket_name>> with the bucket name you created in step 3.
- Create an IAM role with Lambda function as trusted entity:
- Attach the IAM policy created in step 4 into this role:
- Provide a name to this role and save.
- Create a Lambda function called “folder_assets”. Set the Run time to be Python 3.8. Choose the IAM role created in step 7 to be the execution role:
- Copy and paste the Python code downloaded in step 1 into the code section. If you provide a S3 bucket name which is not ‘admin-console<<aws_account_id>>’, please search ‘admin-console’ in the Python file and correct the bucket name.
- In configuration of this Lambda function, edit the “Time out” to be 10 minutes.
- Test the Lambda function, and then you will be able to view three files in the S3 Bucket:
In folder_assets.csv, you can get the AWS region, id of all the folders, and id of its assets.
In folder_lk.csv, you can get the AWS account id, AWS region, folder name, folder id, folder arn, principal type (group or user), principal, and the access permissions of this principal.
- Now, you can run analysis based on these three files.