How to programmatically create Dashboard having StaticImageFiles

Q&A
,
1

I am trying to create a new Dashboard via AWS CDK using a JSON definition, which includes a StaticImageFile that has been saved in S3.

{
__// … skipped
__“Definition”: {
____// … skipped
____“StaticFiles”: [
______{
________“ImageStaticFile”: {
__________“Source”: {
____________“S3Options”: {
______________“Region”: “ap-southeast-2”,
______________“BucketName”: “my-bucket-name”,
______________“ObjectKey”: “full/path/to/my/object.jpg”
____________}
__________},
__________“StaticFileId”: “a51d06a5087a4ce683b3007fbea6d5b8”
________}
______}
____]
__}
}

Quick Sight always returns error:

[DashboardError(type=STATIC_FILE_SOURCE_FETCH_ERROR, message=Failed to
download static file: a51d06a5087a4ce683b3007fbea6d5b8, violatedEntities=null)]")
8f-dd3c-8066-fcc2390880b3, HandlerErrorCode: null)

Initially, I thought it was because of the permission that Quick Sight couldn’t read the S3 object.
But even after I tried to deploy using an admin role user and set Quick Sight to consume an admin role, it still failed.

Can anyone please help me figure out what was wrong here and how I could make it work?
Thank you.

P.S: I have also tested directly with AWS CLI, it was able to start the dashboard creation, but eventually the created dashboard cannot be opened from the UI.

2

Hello Okada,

First of all Welcome to the Quick Sight community.

Possible causes and solutions:

  1. S3 bucket policy restrictions:
    • Even with admin roles, the bucket policy might be restricting access
    • Check if your bucket has a policy that explicitly denies access to the Quick Sight service

  2. S3 object permissions:
    • Verify the specific object has the correct ACLs

  3. S3 bucket region mismatch:
    • Ensure the S3 bucket is in the same region as your Quick Sight account or that cross-region access is properly configured

  4. Object path correctness:
    • Double-check that the object key path is exactly correct (case-sensitive)
    • Verify the object actually exists at that path

  5. Quick Sight service role permissions:
    • Quick Sight uses a service role to access resources - this role needs S3 permissions

  6. File format compatibility: looks ok from your code but
    • Ensure the image file format is supported by Quick Sight (JPG, PNG, etc.)
    • Check if the file size is within Quick Sight’s limits

Try these steps and see if it helps:

  1. Verify the object exists and is accessible:
    bash
    aws s3 ls s3://my-bucket-name/full/path/to/my/object.jpg

  2. Grant explicit permissions to Quick Sight service:
    Add a bucket policy that explicitly allows Quick Sight to access your bucket:

json
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “quicksight.amazonaws.com
},
“Action”: [
“s3:GetObject”,
“s3:ListBucket”
],
“Resource”: [
“arn:aws:s3:::my-bucket-name”,
“arn:aws:s3:::my-bucket-name/*”
]
}
]
}

  1. Try with a public test image (temporarily):
    • Make the specific image public (temporarily for testing)
    • Or try with a different image in a test bucket with simpler permissions

  2. Check Quick Sight service role:
    • In the Quick Sight console, go to “Manage Quick Sight” > “Security & permissions”
    • Ensure the Quick Sight service role has access to your S3 bucket

Hope it helps a bit.

Cheers,
Deep

3

Hi @okadadaisuke,
It’s been awhile since we last heard from you on this thread, did you have any additional questions regarding your initial post or did the solution provided help with your case?

If we do not hear back within the next 3 business days, I’ll close out this topic.

Thank you