I have tried adding the Quicksight user to lake formation (still there, but I was not using LF intentionally; so not sure why I would have to do this), I have tried adding
Let me just say that I am ready to cancel the quicksight account that was just created today. The fact that this is so counter intuitive, there are hundreds of different docs that all contradict each other, and that this doesn’t just work is the reason AWS is losing market share.
This platform is supposed to be as low cost as possible for that small business or start-up to use. The fact that it is extremely technically complex and doesn’t just intuitively work is horrific and completely offsets any cost savings that may or may not exist when things like Google Cloud Analytics and Azure Analysis services just work (even if they aren’t quite as good) is a huge problem for you as a company. I have spent over 6 hours going over every single doc, stakoverflow, and any other thing I can get my hands on to try and figure out why I can’t just get this to see some tables.
Your services, in my view at this point, get an 0/5 star rating.
Hi @ECT - Welcome to AWS QuickSight community and thanks for posting the details. I will suggest raise a ticket to AWS Customer support team and provide the problem statement and other details clearly. This will help AWS team to guide you the right solution as well. To raise a ticket, please follow the link - Creating support cases and case management - AWS Support.
I am also tagging @Kristin who can arrange a QuickSight SME to talk and discuss with you on this matter.
I have granted it Athena. I even got to the point I edited a custom inline policy to give it "* " and “*”, because I am trying everything I can, resulting in no change.
I granted permissions on the database for all tables in LF, then I tried just the database with the tables specifically named with select describe. I tried that for both the root account and the quicksight user and user group. I noted that I followed that blog post, which also resulted in no change. I have tried from the root account and an IAM User account.
I will have to check and see if they are paying for AWS SUpport.
I spent over an hour on Chime with support; this is still not resolved even though we tried everything I did, and a few other things, to get this working. This has had to be escalated to the internal team.
This highlights everything I said in my post. AWS services, generally and especially in this specific case, need to be re-thought. The complexity of getting something that should be simple to work is killing these offerings. I may not have tested for my cloud-practitioner cert yet, but I have taken the class from Udemy for 2022 and I have a new 2023 one ready to go and this is just not the way I want to see this company continue to offer services.
Hi @ECT - If you do not mind, can you please share some details around your current set up and problem statement. Please share some more details so that I will try to replicate at my end.
Thanks for reaching out @Sanjeeb2022. @ECT, welcome to the QuickSight Community. We are so sorry to hear that you are having this experience. I have reached out to one of our internal experts to ask them to take a look at this post.
Sent you a direct message to see how we can help you out quickly here - I agree - should not be this hard, something odd is happening and we can get to the bottom of it.
Is the answer. Which, much like I posted earlier, AWS services are horribly designed and complex. It doesn’t tell you when you go to setup Quicksight you cannot access different regions. At this point I will be working on finding a low cost or free 3rd party alternative so that I do not have to redo everything I did when I setup all of my other services.
I will be passing along the feedback to product/documentation to ensure we clearly state that in order to access s3 data in other regions, they need to be catalogued and queried from athena in the region where QuickSight is deployed. There should be no reason to re-do everything - but happy to discuss and strategize with you to ensure a smooth deployment and ensure quicksight is the right solution for your use case.
Well, s3, glue, Athena, and lake formation are all in us-west-1; so I am not sure how I would move the catalog without moving everything else as well. That would be re-doing everything. There is no easy way to just migrate all of these services across regions.
I mean I can RL the database and tables in LF to another LF in us-west-2, but that makes for a super complex setup where there are now competing LF setups unless I completely remove the LF setup in us-west-1. I also don’t know how RL these things solves the issue of quicksight not being able to access s3 cross region, but I am willing to try it. That said, having a second AWS account is a non-starter. They are a startup with not a huge budget.
Quicksight is not available in us-west-1 according to the console, so if it were available that seems to solve all these issues.
Indeed us-west-1 currently has no quicksight available. Once we receive more customer demand we can prioritize.
Regarding Resource links - cross region via lakeformation with resource links is possible.
From another post:
Ensure the following permissions are configured in Lake Formation (in account where resource links have been created.)
-Grant describe (permission + grantable) on the resource link to QuickSight user/group arn.
Ensure that you are using QuickSight arn and not iam arn.
-Grant on target on the resource link with select (permission + grantable) for QuickSight user/group arn. (Selecting all tables option is causing error in LF; Selecting needed tables explicitly works.)
Cross check the following in source account’s Lake Formation.
-Ensure that the s3 bucket is registered as a data location in Lake Formation.
(Usually will already be done; Cross check for public buckets as they would work from Athena even without this, but will work from QuickSight only if explicitly registered in Lake Formation)
Well, looks like 2 people had some issues with this working; I am going to try it anyway even though it talks about cross account and not cross region. So we’ll see how this goes.
Honestly, outside of China, I am not sure why quicksight is not a deployable service in any region. Instead of making it tied to whatever specific infra you have behind it that limits this making it more like Tableau cloud where you can deploy to wherever you need to and plug in connectors to services wherever you deploy it.
This is what you are competing against - Tableau Cloud | Fast, flexible, and easy analytics in the cloud and I know it costs about 2.5x more, but they host it all and deal with all of the potential infrastructure issues on their cloud. It can connect to Athena right now today without all of this complexity. I think that is something that needs consideration.
Understood. Happy to discuss your use case and additional feedback on the product. Will share my email address via DM and we can continue conversation there.