Hello QuickSight community!
I was following the great video QuickSight Automation Using The AWS CLI & CloudFormation: 2023 Amazon QuickSight Learning Series hosted by Max Engelhard(https://www.youtube.com/watch?v=TcZuNPQ-QlA) and everything was going great until the very last command at the very end of the video where you are attempting to share the analysis to the targeted account.
The json block that needs to be executed looks like this:
{
“AwsAccountId”: “{account_number}”,
“AnalysisId”: “{analysis_id}”,
“GrantPermissions”: [
{
“Principal”: “arn:aws:quicksight:{regions}:{account_number}:user/{namespace}/{user}”,
“Actions”: [
“quicksight:RestoreAnalysis”, “quicksight:UpdateAnalysisPermissions”, “quicksight:DeleteAnalysis”, “quicksight:QueryAnalysis”, “quicksight:DescribeAnalysisPermissions”, “quicksight:DescribeAnalysis”, “quicksight:UpdateAnalysis”
]
}
]
}
Json block with my hypothetical info:
{
“AwsAccountId”: “123412341234”,
“AnalysisId”: “CreateTemplateFromCLI”,
“GrantPermissions”: [
{
“Principal”: “arn:aws:iam::123412341234:role/CLOUDSECADMIN/rocklobster”,
“Actions”: [
“quicksight:RestoreAnalysis”, “quicksight:UpdateAnalysisPermissions”, “quicksight:DeleteAnalysis”, “quicksight:QueryAnalysis”, “quicksight:DescribeAnalysisPermissions”, “quicksight:DescribeAnalysis”, “quicksight:UpdateAnalysis”
]
}
]
}
I am getting the error:
An error occurred (InvalidParameterValueException) when calling the UpdateAnalysisPermissions operation: The principal arn:aws:iam::123412341234:role/CLOUDSECADMIN/rocklobster is invalid
In my environment we do not utilize Users. In the QuickSight video he was using a user.
Is this process possible utilizing a role? Video was excellent up until I hit the roadblock… and the very last command lol.
Thanks for your time!
Josh