Amazon.QuickSight.Model.AccessDeniedException: ‘User: arn:aws:sts::redacted:assumed-role/redacted/Quick_Sight_Embedd_seesion is not authorized to perform: quicksight:GenerateEmbedUrlForAnonymousUser on resource: arn:aws:quicksight:Europe (Ireland) (eu-west-1):redacted:dashboard/<redacted because no identity-based policy allows the quicksight:GenerateEmbedUrlForAnonymousUser action’.
What I have done:
I created a role which QuickSight users can assume. I have attached a trust relationship that allows the users to assume the role. The trust relationship is as follows:
As you can see I have done everything I think I need to do so that the specific error being thrown should not occur. So does anyone know why this is happening? Why is QuickSIght saying there is no policy to allow that action when clearly there is that action.
Hello @user12345, welcome to the QuickSight community!
This is similar to an issue I have experienced before and I am pretty confident it is still an issue with the policy. Based on my experience, QuickSight does not accept this arn:aws:quicksight:eu-west-1:redacted:dashboard/* with the * at the end of your resource name. Try testing it with the full resource name defined and see if you are able to get that to run. I also understand that this will require you to manually input all of the resources if you have more than one dashboard, which is fairly tedious, but this is how I have achieved this. Let me know if that works when you make that change. Thank you!
Apart from setting the policy, possibly give it some time and test it again. Check if capacity pricing is enabled in QuickSight.
Possibly you can run a similar test as mine and test later with .NET > I have created a user in IAM . Created an inline policy and tested the anonymous url generation from cli.
Hello @user12345, did the recommendation provided by @Koushik_Muthanna help guide you to a solution on this issue? If so, please mark his response as the solution to your topic. Otherwise, let me know if you have encountered another issue or what problems you are currently facing and we can try to guide you further. If we do not hear back from you in 3 days, we will archive the question. Thank you!
