Okay, I understand your requirements. Here’s a step-by-step guide on how you can achieve this using Terraform and a Lambda function:
Create the Lambda Function in the Target Account:
Use Terraform to create the Lambda function in the target account.
The Lambda function should use the boto3 library to perform the following tasks:
Connect to the S3 bucket in the target account and read the CSV data.
Create a new dataset in the QuickSight service in the target account, using the data from the S3 bucket.
Create a new analysis in the QuickSight service in the target account, using the new dataset.
Export the analysis as a CloudFormation template.
Create the CloudFormation Template in the Source Account:
Use Terraform to create a CloudFormation stack in the source account.
The CloudFormation stack should deploy the exported analysis from the target account.
The CloudFormation stack should use the dataset from the target account's S3 bucket as the data source.
Here’s a high-level overview of the Terraform code you can use:
Target Account (Lambda Function):
Create the Lambda function
resource “aws_lambda_function” “copy_dashboard” {
filename = “path/to/lambda/code.zip”
function_name = “copy-dashboard”
role = aws_iam_role.lambda_role.arn
handler = “lambda_function.lambda_handler”
runtime = “python3.9”
}
Create the IAM role for the Lambda function
resource “aws_iam_role” “lambda_role” {
name = “lambda-role”
assume_role_policy = <<EOF
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: “sts:AssumeRole”,
“Principal”: {
“Service”: “lambda.amazonaws.com”
},
“Effect”: “Allow”,
“Sid”: “”
}
]
}
EOF
}
Attach the necessary permissions to the Lambda role
resource “aws_iam_role_policy_attachment” “lambda_policy” {
policy_arn = “arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole”
role = aws_iam_role.lambda_role.name
}
Source Account (CloudFormation Stack):
Create the CloudFormation stack
resource “aws_cloudformation_stack” “copy_dashboard” {
name = “copy-dashboard”
template_body = <<EOF
{
“AWSTemplateFormatVersion”: “2010-09-09”,
“Description”: “Copy dashboard from target account”,
“Resources”: {
“Dashboard”: {
“Type”: “AWS::QuickSight::Analysis”,
“Properties”: {
“AwsAccountId”: “${aws_account_id}”,
“Analysis”: {
“Name”: “Copied Dashboard”,
“DataSetReferences”: [
{
“DataSetPlaceholder”: “dataset_placeholder”,
“DataSetArn”: “arn:aws:quicksight:${aws_region}:${aws_account_id}:dataset/dataset_id”
}
]
}
}
}
},
“Parameters”: {
“DatasetArn”: {
“Type”: “String”,
“Description”: “ARN of the dataset in the target account”
}
}
}
EOF
parameters = {
DatasetArn = “arn:aws:quicksight:${aws_region}:${target_account_id}:dataset/dataset_id”
}
}
In this example, the Lambda function in the target account is responsible for creating the new dataset and analysis in QuickSight, and then exporting the analysis as a CloudFormation template. The CloudFormation stack in the source account then uses this exported template to create the dashboard, referencing the dataset from the target account’s S3 bucket.
Make sure to replace the placeholders (aws_account_id, aws_region, target_account_id, dataset_id) with the appropriate values for your specific use case.
Also, don’t forget to handle the necessary permissions and access between the two accounts, such as cross-account IAM roles or policies.
Let me know if you have any further questions or need additional assistance.