1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
- To provide cross-account access to Amazon QuickSight dashboards in Account A for IAM users from Account B, without creating additional IAM users in Account A or using passwords.
Please follow bellow steps.
Create an IAM Role in Account A
-
Role Creation In Account A, create an IAM role that can be assumed by IAM users from Account B.
-
Trust Policy Configure the role's trust policy to allow Account B's users to assume the role. This establishes the trust relationship between the two accounts.
Grant QuickSight Access
- Attach Permissions Attach an IAM policy to the role that grants the necessary permissions to access QuickSight dashboards. This policy will allow the role to list, view, and embed the dashboards.
Share the QuickSight Dashboards
- Dashboard Sharing In QuickSight, share the dashboards with the IAM role created in Account A. This step ensures that when the role is assumed, the user will have access to the specific dashboards.
Assume the IAM Role from Account B
- Role Assumption Users in Account B will assume the IAM role in Account A using AWS Security Token Service (STS). This provides temporary security credentials that allow access to resources in Account A, including QuickSight.
Access the Dashboards
- Pre-Signed URL Use the GetDashboardEmbedUrl API in Account A to generate a pre-signed URL for the dashboards. This URL can be used by the users in Account B to access the QuickSight dashboards directly, without requiring a QuickSight login.
https://repost.aws/knowledge-center/quicksight-cross-account-template
Relevant content
- Accepted Answerasked 10 days ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago