Quicksight Enterprise with IAM Management, how to handle read only?


I have a Quicksight account in a multi account structure and I’m using IAM user management from the beginning. Every user who is allowed to use Quicksight can simply login with his console account and can use it. Most of the users (25 from 30+) are using Quicksight only to view dashboards/reports, but AWS bills als the users as “AUTHOR”, the moment they login.

Is there a way for IAM users to only view reports? I don’t see paying for users a full price that only need to have read access.

Thank you in advance

Hi @mlabenski
Are these users created in IAM as users or being federated using an IAM role?
In either case, please check the IAM policy attached to the role or users for QuickSight permissions.
If it had quicksight:CreateUser, the users will be created as Authors. Please change it to quicksight:CreateReader. This lets the first time users to automatically provisioned as readers.