My organization is switching to IAM Identity Center. There is no path convert an existing quicksight account to use IAM Identity Center, so I was told to export/import the account assets into a new quicksight account. But I can’t have two quicksight accounts in the same aws account, so I thought I would try exporting the quicksight assets to a new account and use this as my “Quicksight” AWS account. But in that case I need it to reference data in the original account, there’s no way for me to recreate this data. I have set up the target account to have cross-account glue/athena/s3 access to the orginal account, but there doesn’t appear to be a way to make the asset migration code substitute the catalog name in the data sets to use the cross-account catalog. Any suggestions welcome.
I have set up the target account to have cross-account glue/athena/s3 access to the orginal account, but there doesn’t appear to be a way to make the asset migration code substitute the catalog name in the data sets to use the cross-account catalog.
Even in a cross-account setup, if Athena is being used, Athena has access to the cross-account catalog. QuickSight and Athena are in the same account in the same region. The catalog would show up in Athena and that is what I believe you would reference ( Use Amazon Athena and Amazon QuickSight in a cross-account environment | AWS Big Data Blog ) .
Kind regards,
Koushik
@Koushik_Muthanna
Athena and Athena are in the same account, and Athena can access/query the cross-account glue catalog fine. The problem is that there’s no mechanism to make the quicksight asset import command use the cross acount catalog, because in the source quicksight account from which it was exported the data source used the default glue catalog, because it wasn’t operating cross-account.
Does the quicksight team have any update on making it possible to migrate from quicksight-managed accounts to IAM Identity Center? I see posts from last year indicating this was in the works, but I haven’t seen anything recently.
Hi @cpopetz,
It’s been awhile since last communication took place on this thread, are you still working on this case or were you able to find a work around in the interim?
In terms of your case, I would suggest creating a support ticket with AWS to receive more direct assistance on your account’s issue, and if this is currently not an available feature, a feature request can be created.
If we do not hear back within the next 3 business days, I’ll close out this topic.
Thank you!
I did create a support ticket, they just said “use the asset import/export calls.” I was eventually able to get it working using a bunch of perl scripts to modify the json in the asset archive, but it does seem like a very fragile process as the only path to SSO for existing quicksight data.