Aws Quicksight 简明教程

AWS Quicksight - Managing IAM Policies

要管理 Quicksight 账户的 IAM 策略,您可以使用 root 用户或 IAM 凭证。建议使用 IAM 凭证而不是 root 用户来管理资源访问和策略。

To manage IAM policies for Quicksight account, you can use root user or IAM credentials. It is recommended to use IAM credentials to manage resource access and policies instead of root user.

注册并使用 Amazon Quicksight 需要以下策略:

Following policies are required to signup and use Amazon Quicksight −

Standard Edition

  1. ds:AuthorizeApplication

  2. ds:CheckAlias

  3. ds:CreateAlias

  4. ds:CreateIdentityPoolDirectory

  5. ds:DeleteDirectory

  6. ds:DescribeDirectories

  7. ds:DescribeTrusts

  8. ds:UnauthorizeApplication

  9. iam:CreatePolicy

  10. iam:CreateRole

  11. iam:ListAccountAliases

  12. quicksight:CreateUser

  13. quicksight:CreateAdmin

  14. quicksight:Subscribe

Enterprise Edition

除了上述策略外,企业版还需要以下权限:

Apart from the above mentioned policies, below permissions are required in enterprise edition −

  1. quicksight:GetGroupMapping

  2. quicksight:SearchDirectoryGroups

  3. quicksight:SetGroupMapping

您还可以允许 user to manage permissions for AWS resources in Quicksight 。以下 IAM 策略应该在这两个版本中分配:

You can also allow a user to manage permissions for AWS resources in Quicksight. Following IAM policies should be assigned in both editions −

  1. iam:AttachRolePolicy

  2. iam:CreatePolicy

  3. iam:CreatePolicyVersion

  4. iam:CreateRole

  5. iam:DeletePolicyVersion

  6. iam:DeleteRole

  7. iam:DetachRolePolicy

  8. iam:GetPolicy

  9. iam:GetPolicyVersion

  10. iam:GetRole

  11. iam:ListAttachedRolePolicies

  12. iam:ListEntitiesForPolicy

  13. iam:ListPolicyVersions

  14. iam:ListRoles

  15. s3:ListAllMyBuckets

要防止 AWS 管理员取消订阅 Quicksight,您可以拒绝所有用户 “quicksight:Unsubscribe”

To prevent an AWS administrator to unsubscribe from Quicksight, you can deny all users “quicksight:Unsubscribe”

IAM policy for dashboard embedding

要在网页中嵌入 AWS Quciksight 仪表板 URL,您需要将以下 IAM 策略分配给用户:

To embed an AWS Quciksight dashboard URL in web page, you need the following IAM policies to be assigned to the user −

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Action": "quicksight:RegisterUser",
         "Resource": "*",
         "Effect": "Allow"
      },
      {
         "Action": "quicksight:GetDashboardEmbedUrl",
         "Resource": "arn:aws:quicksight:us-east-1:
         868211930999:dashboard/
         f2cb6cf2-477c-45f9-a1b3-639239eb95d8 ",
         "Effect": "Allow"
      }
   ]
}

您可以在 Quicksight 中使用 IAM 策略模拟器管理和测试这些角色和策略。以下是访问 IAM 策略模拟器的链接:

You can manage and test these roles and policies using IAM policy simulator in Quicksight. Below is the link to access IAM Policy simulator −

链接:https://policysim.aws.amazon.com/home/index.jsp? [https://policysim.aws.amazon.com/home/index.jsp? ]

https://policysim.aws.amazon.com/home/index.jsp?

iam policy simulator