I want to automate the synchronization of Okta users to QuickSight.
I used Lambda ThreadPoolExecutor to synchronize a large number of users. However, during the process, some users are missing and not created with a message that they are already registered in QuickSight.
When you actually check in QuickSight, the users are not showing up in list-users, but they are showing up in describe-user, which is causing data inconsistencies.
What is causing this to happen and how can I fix it?
Below are some examples of missing users for some roles that occurred during synchronization. (Note that there are no actual users in the Manage QuickSight > Manage Users section).
aws quicksight list-users --aws-account-id 111122223333 --namespace default | jq -r ‘.UserList.UserName’ | grep author | sort
QuickSightOktaAuthorRole/aaaaa+ok_author22@gmail.com
QuickSightOktaAuthorRole/aaaaa+ok_author23@gmail.com
QuickSightOktaAuthorRole/aaaaa+ok_author24@gmail.com
QuickSightOktaAuthorRole/aaaaa+ok_author25@gmail.com
aws quicksight describe-user --aws-account-id 111122223333 --namespace default --user-name QuickSightOktaAuthorRole/aaaaa+ok_author21@gmail.com
{
“Status": 200,
“User": {
“Arn": “arn:aws:quicksight:ap-northeast-2:111122223333:user/default/QuickSightOktaAuthorRole/aaaaa+ok_author21@gmail.com”,
“UserName": “QuickSightOktaAuthorRole/aaaaa+ok_author21@gmail.com”,
“Email": “aaaaa+ok_author21@gmail.com”,
“Role": “AUTHOR”,
“IdentityType": “IAM”,
“Active": true,
“PrincipalId": “federated/iam/AROA6ODU3HZGW5MOYYYYY:aaaaa+ok_author21@gmail.com”
},
“RequestId": “235f368a-923e-427a-b762-971e73a7ff1e”
}