Using CUDOS, is there way to prevent AWS users from viewing data to other AWS accounts?

Hi Mielad,

Clarifying the Issue

You're absolutely on the right track with Row-Level Security (RLS) in Amazon QuickSight—this can definitely help restrict users from viewing CUDOS data across accounts. Here's a straightforward way to approach it:

1. Use Row-Level Security in QuickSight

• Start by ensuring your dataset includes a field for user-based attributes (like source_account_id).
• This is key to locking down which users see which account data.

2. Set Up a Permissions Dataset

• Create a separate dataset that maps QuickSight user ARNs to the AWS account IDs they’re allowed to view.
• For example:

3. Attach RLS to Your CUDOS Dataset

• In QuickSight, link this permissions dataset to your primary CUDOS dataset.
• QuickSight will then enforce these rules so users can only see their allowed account data.

4. Test and Validate

• Try logging in as different users to confirm that each one only sees the data they’re supposed to.

This method gives you a clean, scalable way to manage access while keeping the CUDOS dashboards useful and secure.

If you hit any roadblocks or need a deeper dive into setting this up, feel free to ask—happy to help!

Cheers,
Aaron 😊

Please see the description of RLS solution on the workshop page: https://catalog.workshops.aws/awscid/en-US/customizations/row-level-security