The DataSourceParameters is not authorized to use the CopySourceArn

DRK · April 27, 2022, 8:09pm

I am getting this error when I am trying to create a new data source using the CreateDataSource API. I am not sure what I have to do to authorize the CopySourceArn.

The DataSourceParameters is not authorized to use the CopySourceArn arn:aws:quicksight:us-east-2:xxxxxxx:datasource/03823d06-ee26-4c7f-a206-d8019197a572

ArunSanthosh · May 6, 2022, 4:18pm

Hi DRK,

In order to use the CopyDataSource option under credentials, the role that you are using to invoke the CreateDataSource function should have permission to quicksight:PassDataSource action. Please add this permission to the role and try again.

Regards,
Arun Santhosh

DRK · May 6, 2022, 5:03pm

Hi Arun,

It is not clear what you mean by the role being used to invoke the CreateDataSource function. Is this role determined by something that is set when I create a new AmazonQuickSightClient? If so how do I know what that role is and where to change it’s permissions?

Here is some more information:

When I create a datasource using the APi, the api returns without an error. However, when I describe the datasource using the API the datasource indicates that it was not created successfully. Here is what the DescribeDataSourceAsync returns. Notice the status CREATION_FAILED and the ErrorInfo element:

{“DataSource”:{“AlternateDataSourceParameters”:[],“Arn”:“arn:aws:quicksight:us-east-2:402467524418:datasource/9999_56-DataSource”,“CreatedTime”:“2022-05-03T13:40:15.761Z”,“DataSourceId”:“9999_56-DataSource”,“DataSourceParameters”:{“AmazonElasticsearchParameters”:null,“AmazonOpenSearchParameters”:null,“AthenaParameters”:null,“AuroraParameters”:null,“AuroraPostgreSqlParameters”:null,“AwsIotAnalyticsParameters”:null,“ExasolParameters”:null,“JiraParameters”:null,“MariaDbParameters”:null,“MySqlParameters”:null,“OracleParameters”:null,“PostgreSqlParameters”:null,“PrestoParameters”:null,“RdsParameters”:null,“RedshiftParameters”:null,“S3Parameters”:null,“ServiceNowParameters”:null,“SnowflakeParameters”:null,“SparkParameters”:null,“SqlServerParameters”:{“Database”:“9999_56”,“Host”:“10.100.9.165”,“Port”:1433},“TeradataParameters”:null,“TwitterParameters”:null},“ErrorInfo”:{“Message”:“The DataSourceParameters is not authorized to use the CopySourceArn arn:aws:quicksight:us-east-2:402467524418:datasource/e833711b-63ac-42fe-a2cd-751026103071”,“Type”:{“Value”:“ACCESS_DENIED”}},“LastUpdatedTime”:“2022-05-03T13:40:16.407Z”,“Name”:“9999_56 DELETE ME”,“SslProperties”:{“DisableSsl”:true},“Status”:{“Value”:“CREATION_FAILED”},“Type”:{“Value”:“SQLSERVER”},“VpcConnectionProperties”:{“VpcConnectionArn”:“arn:aws:quicksight:us-east-2:402467524418:vpcConnection/Six Disciplines”}},“RequestId”:“c60c93ad-a70a-46e9-9663-556dd29f276c”,“Status”:200,“ResponseMetadata”:{“RequestId”:“c60c93ad-a70a-46e9-9663-556dd29f276c”,“Metadata”:{},“ChecksumAlgorithm”:0,“ChecksumValidationStatus”:0},“ContentLength”:1428,“HttpStatusCode”:200}

If I then try and use that datasource to create a new dataset, I get the error: One or more errors occurred. (DataSource arn:aws:quicksight:us-east-2:402467524418:datasource/9999_56-DataSource is in status CREATION_FAILED)

Here is the code I am using for the CreateDataSourceRequest:

                var createDataSource = new CreateDataSourceRequest
                {
                    AwsAccountId = AccountID,
                    DataSourceId = "9999_56-DataSource",
                    Name = "9999_56 DELETE ME",
                    Type = DataSourceType.SQLSERVER,
                    Permissions = new List<ResourcePermission>() {
                       new ResourcePermission() {
                           Actions = new List<string>() {
                               "quicksight:UpdateDataSourcePermissions",
                               "quicksight:DescribeDataSource",
                               "quicksight:DescribeDataSourcePermissions",
                               "quicksight:PassDataSource",
                               "quicksight:UpdateDataSource",
                               "quicksight:DeleteDataSource"
                           },
                           Principal = $"arn:aws:quicksight:{"us-east-1"}:{AccountID}:group/default/Author"
                       }
                    },
                    Credentials = new DataSourceCredentials()
                    {
                        CopySourceArn = "arn:aws:quicksight:us-east-2:402467524418:datasource/e833711b-63ac-42fe-a2cd-751026103071"
                    },
                    DataSourceParameters = new DataSourceParameters()
                    {
                        SqlServerParameters = new SqlServerParameters()
                        {
                            Database = "9999_56",
                            Host = "10.100.9.165",
                            Port = 1433
                        }
                    },
                    SslProperties = new SslProperties()
                    {
                        DisableSsl = true,
                    },
                    VpcConnectionProperties = new VpcConnectionProperties()
                    {
                        VpcConnectionArn = "arn:aws:quicksight:us-east-2:402467524418:vpcConnection/Six Disciplines"
                    }
                };

ArunSanthosh · May 9, 2022, 2:50pm

Hi DRK,

It depends on how you are running your program. Say, if you are running it from Lambda, you would have configured a role for Lambda to use. Likewise, if you are running it from EC2, you can check what is the role linked to EC2 instance. If using IAM user credentials, check the policies linked to the IAM user. In case you don’t have access to IAM console, please involve your AWS account admin/s and they will know the update to be made based on my last response.

Regards,
Arun Santhosh