I want to automate the synchronization of Okta users to Quick Sight.
I used Lambda ThreadPoolExecutor to synchronize a large number of users. However, during the process, some users are missing and not created with a message that they are already registered in Quick Sight.
When you actually check in Quick Sight, the users are not showing up in list-users, but they are showing up in describe-user, which is causing data inconsistencies.
What is causing this to happen and how can I fix it?
Below are some examples of missing users for some roles that occurred during synchronization. (Note that there are no actual users in the Manage Quick Sight > Manage Users section).
aws quicksight list-users --aws-account-id 111122223333 --namespace default | jq -r ‘.UserList.UserName’ | grep author | sort
Quick SightOktaAuthorRole/aaaaa+ok_author22@gmail.com
Quick SightOktaAuthorRole/aaaaa+ok_author23@gmail.com
Quick SightOktaAuthorRole/aaaaa+ok_author24@gmail.com
Quick SightOktaAuthorRole/aaaaa+ok_author25@gmail.com
aws quicksight describe-user --aws-account-id 111122223333 --namespace default --user-name Quick SightOktaAuthorRole/aaaaa+ok_author21@gmail.com
{
“Status": 200,
“User": {
“Arn": “arn:aws:quicksight:ap-northeast-2:111122223333:user/default/Quick SightOktaAuthorRole/aaaaa+ok_author21@gmail.com”,
“UserName": “Quick SightOktaAuthorRole/aaaaa+ok_author21@gmail.com”,
“Email": “aaaaa+ok_author21@gmail.com”,
“Role": “AUTHOR”,
“IdentityType": “IAM”,
“Active": true,
“PrincipalId": “federated/iam/AROA6ODU3HZGW5MOYYYYY:aaaaa+ok_author21@gmail.com”
},
“RequestId": “235f368a-923e-427a-b762-971e73a7ff1e”
}