如何使用 generateEmbedUrlForRegisteredUser
How to use generateEmbedUrlForRegisteredUser
美好的一天。
我尝试了 getDashboardEmbedUrl() 并且在我的 Quicksight 帐户中将 UserArn 设置为 ADMIN 用户时它工作正常。现在我正在尝试使用 generateEmbedUrlForRegisteredUser()。但它给出了以下错误:
Error executing "GenerateEmbedUrlForRegisteredUser" on "https://quicksight.eu-west-1.amazonaws.com/accounts/971170084134/embed-url/registered-user"; AWS HTTP error: Client error: `POST https://quicksight.eu-west-1.amazonaws.com/accounts/xxxxxxxxxxxx/embed-url/registered-user` resulted in a `404 Not Found` response:
{"Message":"User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist.","RequestId":"5c310250- (truncated...)
ResourceNotFoundException (client): User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist. - {"Message":"User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist.","RequestId":"5c310250-a1bb-413f-b2d7-f07fdb91e027","ResourceType":null}
GenerateEmbedUrlForRegisteredUser 策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"quicksight:GenerateEmbedUrlForRegisteredUser",
"quicksight:RegisterUser"
],
"Resource": "*"
}
]
}
EmbeddingQuicksightAssumeRole 策略:
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::971170084134:role/GenerateEmbedUrlForRegisteredUser"
}
}
还尝试创建一个新的 Quicksight 用户,但没有成功。 URL 生成错误是一样的。我做错了什么?谢谢
问候。
贾勒特
错误信息说用户不存在:User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist
您需要 register the user with Quicksight 用户才能使用 Quicksight 执行任何操作。请求仪表板和注册用户是具有不同权限的不同方法。
例如:
client.register_user(
AwsAccountId=AWS_ACCOUNT_ID,
Namespace="default",
IdentityType="IAM",
IamArn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/{QUICKSIGHT_DASHBOARD_ROLE_NAME}",
UserRole="READER",
SessionName=user.email,
Email=user.email
)
QUICKSIGHT_DASHBOARD_ROLE_NAME 是允许嵌入仪表板的角色(例如 GenerateEmbedUrlForRegisteredUser)。
获取仪表板URL
- 担任角色并获得凭据
- 使用凭据获取仪表板嵌入URL
response = client.assume_role(
RoleArn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/{QUICKSIGHT_DASHBOARD_ROLE_NAME}",
RoleSessionName=user.email
)
creds = response["Credentials"]
# get the access key, the secret key, and the session token from the response
client = boto3.client(
"quicksight",
region_name=QUICKSIGHT_REGION,
aws_access_key_id=creds["AccessKeyId"],
aws_secret_access_key=creds["SecretAccessKey"],
aws_session_token=creds["SessionToken"],
)
response = client.get_dashboard_embed_url(
AwsAccountId=AWS_ACCOUNT_ID,
DashboardId=dashboard_id,
IdentityType="IAM",
SessionLifetimeInMinutes=60,
)
url = response.get("EmbedUrl")
美好的一天。
我尝试了 getDashboardEmbedUrl() 并且在我的 Quicksight 帐户中将 UserArn 设置为 ADMIN 用户时它工作正常。现在我正在尝试使用 generateEmbedUrlForRegisteredUser()。但它给出了以下错误:
Error executing "GenerateEmbedUrlForRegisteredUser" on "https://quicksight.eu-west-1.amazonaws.com/accounts/971170084134/embed-url/registered-user"; AWS HTTP error: Client error: `POST https://quicksight.eu-west-1.amazonaws.com/accounts/xxxxxxxxxxxx/embed-url/registered-user` resulted in a `404 Not Found` response:
{"Message":"User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist.","RequestId":"5c310250- (truncated...)
ResourceNotFoundException (client): User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist. - {"Message":"User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist.","RequestId":"5c310250-a1bb-413f-b2d7-f07fdb91e027","ResourceType":null}
GenerateEmbedUrlForRegisteredUser 策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"quicksight:GenerateEmbedUrlForRegisteredUser",
"quicksight:RegisterUser"
],
"Resource": "*"
}
]
}
EmbeddingQuicksightAssumeRole 策略:
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::971170084134:role/GenerateEmbedUrlForRegisteredUser"
}
}
还尝试创建一个新的 Quicksight 用户,但没有成功。 URL 生成错误是一样的。我做错了什么?谢谢
问候。 贾勒特
错误信息说用户不存在:User arn:aws:quicksight:eu-west-1:xxxxxxxxxxxx:user/default/jjordaan does not exist
您需要 register the user with Quicksight 用户才能使用 Quicksight 执行任何操作。请求仪表板和注册用户是具有不同权限的不同方法。
例如:
client.register_user(
AwsAccountId=AWS_ACCOUNT_ID,
Namespace="default",
IdentityType="IAM",
IamArn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/{QUICKSIGHT_DASHBOARD_ROLE_NAME}",
UserRole="READER",
SessionName=user.email,
Email=user.email
)
QUICKSIGHT_DASHBOARD_ROLE_NAME 是允许嵌入仪表板的角色(例如 GenerateEmbedUrlForRegisteredUser)。
获取仪表板URL
- 担任角色并获得凭据
- 使用凭据获取仪表板嵌入URL
response = client.assume_role(
RoleArn=f"arn:aws:iam::{AWS_ACCOUNT_ID}:role/{QUICKSIGHT_DASHBOARD_ROLE_NAME}",
RoleSessionName=user.email
)
creds = response["Credentials"]
# get the access key, the secret key, and the session token from the response
client = boto3.client(
"quicksight",
region_name=QUICKSIGHT_REGION,
aws_access_key_id=creds["AccessKeyId"],
aws_secret_access_key=creds["SecretAccessKey"],
aws_session_token=creds["SessionToken"],
)
response = client.get_dashboard_embed_url(
AwsAccountId=AWS_ACCOUNT_ID,
DashboardId=dashboard_id,
IdentityType="IAM",
SessionLifetimeInMinutes=60,
)
url = response.get("EmbedUrl")