- 최신
- 최다 투표
- 가장 많은 댓글
Hi.
I understand that you want an IAM user to be able to self-provision their own QuickSight user with the QuickSight role (ADMIN/AUTHOR/READER) determined by the IAM group they belong to.
First, QuickSight role when self-provisioning is determined by having one of the following in the applied IAM policy:
- quicksight: Create Admin
- quicksight: Create User
- quicksight: Create Reader
So you should set IAM policy to allow any of the above actions for IAM group.
https://dev.classmethod.jp/articles/quicksight-iam-provisioning/ (Sorry for Japanese, please translate)
But when I select "Manage QuickSight access to AWS services" and choose "IAM / Use existing role" I only see the option to select one role. So how would I best design this to get a different treatment for different users?
This role you're seeing is from the QuickSight admin screen, right?
This is a QuickSight service role. For example, this IAM role is used when QuickSight accesses Athena or S3 to retrieve data.
It has nothing to do with logged-in QuickSight users.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전