Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Access Denied error when creating a QuickSight dataset using boto

0

Hello! I'm trying to migrate a QuickSight dashboard from one account to another, working out of this article. It gathers the details of each dataset, including the Physical Table Definition and Logical Table Definition. Once it has these, it modifies the dataset definition to point to the new data source, and then runs create_data_set() to replicate the dataset in the new account.

When I run create_data_set() it works for 70% of our datasets. But for a few, it returns this error:

An error occurred (AccessDeniedException) when calling the CreateDataSet operation: User: arn:aws:iam::12345678910:user/my_user is not authorized to access this resource

I can't find the reason why it fails for some datasets and works for others. I also can't figure out what resource I'm being denied access to - it's trying to create a dataset, so what resource is it being denied? For the record, my user has AdministratorAccess.

I would greatly appreciate any information about what permissions are needed to run create_data_set(), and what resources are being accessed, or anything else that could help me figure out what is going on with this error. Thank you!

Argomenti
Sicurezza, identità e conformitàAnalisi
Tag
Gestione identità e accesso AWSAmazon QuickSight
Lingua
English
jros14
posta 2 anni fa1770 visualizzazioni
1 Risposta
0

Thank you for posting the question and the detailed explanation, I understand you are trying to migrate the resources from a source account to destination account and you are facing "AccessDeniedException" when replicating a few datasets.

In order to investigate this issue, you can check the following:

  1. If you have access to the data sources for these datasets in the source account.

  2. Is the RLS dataset present in the source account for the failing datasets. If admin role in target account does not have access to that it can cause “AccessDeniedException” error. For more information about row-level security (RLS), please refer here

  3. Check if the users who owned the dataset in the source account are able to create those failing datasets or are they seeing the issue as well?

  4. If you have the datasources built for the datasets that are failing to create.

For diving deep into the issue, we will require details that are non-public information. Please open a support case with AWS using the following link

AWS
TECNICO DI SUPPORTO
Sanket_K
con risposta 2 anni fa
AWS
ESPERTO
Fabrizio@AWS
verificato 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente