Users need Quicksight Access to many AWS Accounts

I work at a large organization with many potential Quicksight users and many AWS accounts. How do large companies generally handle the scenario where users need to use Quicksight with the data from several accounts?

The two options I see for how to handle this for an individual person are,

  1. Provision the person’s Quicksight user in a single account, and then set up cross-account data access for all accounts that the user needs to pull data from.
  2. Provision a separate Quicksight user for this person in each account.

1 seems like a lot of additional work, whereas 2 costs more (in terms of needing to pay for additional QS users) and would only allow you to see the data from one account at a time if you haven’t set up cross account access. Are these the two patterns that are generally followed? Any other recommendations?

Option one is the ideal option. There is no other way that I am aware of that would allow for users to see data from a separate account.

Hi @jochapjo

Where is the data stored the users are trying to get access to?

A number of the AWS analytics services support cross account sharing, which might help you here.

Amazon Athena Federated Query
AWS Lake Formation Data Sharing
Redshift Data Sharing

We will have data stored in many accounts across many services (e.g. Redshift and Athena). It would be nice to have the QS pricing tied to a person rather than a specific QS user resource. That way you could just say this person can log in to account A, account B, and account C without accruing an additional cost for each account. Cross-account sharing is an option but it can be costly to setup, and if you only need to see the data from one account at a time it’d be nice to be able to just login to each account without the additional charges. Do you know if AWS is considering making something like that available? Or do you think long-term we would need to follow the approaches I mentioned in my first post?

Hi @jochapjo,
This is an interesting situation and we may be able to find a solution for you. I will message you to get your contact information and forward your question to one of our Solution Architects.