How to programmatically create Dashboard having StaticImageFiles

Question & Answer
,
1

I am trying to create a new Dashboard via AWS CDK using a JSON definition, which includes a StaticImageFile that has been saved in S3.

{
__// … skipped
__“Definition”: {
____// … skipped
____“StaticFiles”: [
______{
________“ImageStaticFile”: {
__________“Source”: {
____________“S3Options”: {
______________“Region”: “ap-southeast-2”,
______________“BucketName”: “my-bucket-name”,
______________“ObjectKey”: “full/path/to/my/object.jpg”
____________}
__________},
__________“StaticFileId”: “a51d06a5087a4ce683b3007fbea6d5b8”
________}
______}
____]
__}
}

QuickSight always returns error:

[DashboardError(type=STATIC_FILE_SOURCE_FETCH_ERROR, message=Failed to
download static file: a51d06a5087a4ce683b3007fbea6d5b8, violatedEntities=null)]")
8f-dd3c-8066-fcc2390880b3, HandlerErrorCode: null)

Initially, I thought it was because of the permission that QuickSight couldn’t read the S3 object.
But even after I tried to deploy using an admin role user and set QuickSight to consume an admin role, it still failed.

Can anyone please help me figure out what was wrong here and how I could make it work?
Thank you.

P.S: I have also tested directly with AWS CLI, it was able to start the dashboard creation, but eventually the created dashboard cannot be opened from the UI.

2

Hello Okada,

First of all Welcome to the QuickSight community.

Possible causes and solutions:

  1. S3 bucket policy restrictions:
    • Even with admin roles, the bucket policy might be restricting access
    • Check if your bucket has a policy that explicitly denies access to the QuickSight service

  2. S3 object permissions:
    • Verify the specific object has the correct ACLs

  3. S3 bucket region mismatch:
    • Ensure the S3 bucket is in the same region as your QuickSight account or that cross-region access is properly configured

  4. Object path correctness:
    • Double-check that the object key path is exactly correct (case-sensitive)
    • Verify the object actually exists at that path

  5. QuickSight service role permissions:
    • QuickSight uses a service role to access resources - this role needs S3 permissions

  6. File format compatibility: looks ok from your code but
    • Ensure the image file format is supported by QuickSight (JPG, PNG, etc.)
    • Check if the file size is within QuickSight’s limits

Try these steps and see if it helps:

  1. Verify the object exists and is accessible:
    bash
    aws s3 ls s3://my-bucket-name/full/path/to/my/object.jpg

  2. Grant explicit permissions to QuickSight service:
    Add a bucket policy that explicitly allows QuickSight to access your bucket:

json
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “quicksight.amazonaws.com
},
“Action”: [
“s3:GetObject”,
“s3:ListBucket”
],
“Resource”: [
“arn:aws:s3:::my-bucket-name”,
“arn:aws:s3:::my-bucket-name/*”
]
}
]
}

  1. Try with a public test image (temporarily):
    • Make the specific image public (temporarily for testing)
    • Or try with a different image in a test bucket with simpler permissions

  2. Check QuickSight service role:
    • In the QuickSight console, go to “Manage QuickSight” > “Security & permissions”
    • Ensure the QuickSight service role has access to your S3 bucket

Hope it helps a bit.

Cheers,
Deep

3

Hi @okadadaisuke,
It’s been awhile since we last heard from you on this thread, did you have any additional questions regarding your initial post or did the solution provided help with your case?

If we do not hear back within the next 3 business days, I’ll close out this topic.

Thank you