Aws Quicksight 简明教程

AWS Quicksight - Managing IAM Policies

要管理 Quicksight 账户的 IAM 策略,您可以使用 root 用户或 IAM 凭证。建议使用 IAM 凭证而不是 root 用户来管理资源访问和策略。

注册并使用 Amazon Quicksight 需要以下策略:

Standard Edition

  1. ds:AuthorizeApplication

  2. ds:CheckAlias

  3. ds:CreateAlias

  4. ds:CreateIdentityPoolDirectory

  5. ds:DeleteDirectory

  6. ds:DescribeDirectories

  7. ds:DescribeTrusts

  8. ds:UnauthorizeApplication

  9. iam:CreatePolicy

  10. iam:CreateRole

  11. iam:ListAccountAliases

  12. quicksight:CreateUser

  13. quicksight:CreateAdmin

  14. quicksight:Subscribe

Enterprise Edition

除了上述策略外,企业版还需要以下权限:

  1. quicksight:GetGroupMapping

  2. quicksight:SearchDirectoryGroups

  3. quicksight:SetGroupMapping

您还可以允许 user to manage permissions for AWS resources in Quicksight 。以下 IAM 策略应该在这两个版本中分配:

  1. iam:AttachRolePolicy

  2. iam:CreatePolicy

  3. iam:CreatePolicyVersion

  4. iam:CreateRole

  5. iam:DeletePolicyVersion

  6. iam:DeleteRole

  7. iam:DetachRolePolicy

  8. iam:GetPolicy

  9. iam:GetPolicyVersion

  10. iam:GetRole

  11. iam:ListAttachedRolePolicies

  12. iam:ListEntitiesForPolicy

  13. iam:ListPolicyVersions

  14. iam:ListRoles

  15. s3:ListAllMyBuckets

要防止 AWS 管理员取消订阅 Quicksight,您可以拒绝所有用户 “quicksight:Unsubscribe”

IAM policy for dashboard embedding

要在网页中嵌入 AWS Quciksight 仪表板 URL,您需要将以下 IAM 策略分配给用户:

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Action": "quicksight:RegisterUser",
         "Resource": "*",
         "Effect": "Allow"
      },
      {
         "Action": "quicksight:GetDashboardEmbedUrl",
         "Resource": "arn:aws:quicksight:us-east-1:
         868211930999:dashboard/
         f2cb6cf2-477c-45f9-a1b3-639239eb95d8 ",
         "Effect": "Allow"
      }
   ]
}

您可以在 Quicksight 中使用 IAM 策略模拟器管理和测试这些角色和策略。以下是访问 IAM 策略模拟器的链接:

链接:https://policysim.aws.amazon.com/home/index.jsp? [https://policysim.aws.amazon.com/home/index.jsp? ]

iam policy simulator