QuickSight DataSource created using boto3 is not able to access LakeFormation data through Athena
I am having issues using boto3 to create Athena DataSources in Quicksight. If I create an Athena DataSource from the QuickSight console I'm able to use it in a DataSet and see my Athena tables (stored in Lake Formation). If create that same DataSource (exact same configuration) using a boto3 client and an assumed role with QuickSight permissions, it is not able to see the LakeFormation tables. What permissions are used by QuickSight to determine the data DataSources access? Do I need to add permissions to my assumed role? I've tried giving it LF tag access and full Athena permissions without any luck. What is needed to access Lake Formation data in QuickSight through DataSources created using boto3?
Here are two screenshots to demonstrate what is happening. The DataSources have the exact same DataSourceParameters and Permissions.
- 最新
- 最多得票
- 最多評論
Do you these permissions while creating data source ?
"Permissions": [
{
"Principal": "arn:aws:quicksight:us-east-1:xxxxxx:user/default/xxxxx/xxxx",
"Actions": [
"quicksight:UpdateDataSourcePermissions",
"quicksight:DescribeDataSource",
"quicksight:DescribeDataSourcePermissions",
"quicksight:PassDataSource",
"quicksight:UpdateDataSource",
"quicksight:DeleteDataSource"
]
}
]
Have you been able to solve the problem?
we've faced it yesterday and (although not really solving it) we came up with a partial 'solution'
Apparently, for some reason the QuickSight 'Database' Dropdown, is not using the service role attached to it
but it is using the default Lakeformation Group IAMAllowedPrincipals to fetch the databases,
We granted database permissions to IAMAllowedPrincipals, and only then we were able to fetch the database
相關內容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
Yes. I am able to see the DataSource in QuickSight and can select it when creating a DataSet. I have updated the question with some screen shots to illustrate what is happening.