Aws Quicksight 简明教程
AWS Quicksight - Managing IAM Policies
要管理 Quicksight 账户的 IAM 策略,您可以使用 root 用户或 IAM 凭证。建议使用 IAM 凭证而不是 root 用户来管理资源访问和策略。
注册并使用 Amazon Quicksight 需要以下策略:
Standard Edition
-
ds:AuthorizeApplication
-
ds:CheckAlias
-
ds:CreateAlias
-
ds:CreateIdentityPoolDirectory
-
ds:DeleteDirectory
-
ds:DescribeDirectories
-
ds:DescribeTrusts
-
ds:UnauthorizeApplication
-
iam:CreatePolicy
-
iam:CreateRole
-
iam:ListAccountAliases
-
quicksight:CreateUser
-
quicksight:CreateAdmin
-
quicksight:Subscribe
Enterprise Edition
除了上述策略外,企业版还需要以下权限:
-
quicksight:GetGroupMapping
-
quicksight:SearchDirectoryGroups
-
quicksight:SetGroupMapping
您还可以允许 user to manage permissions for AWS resources in Quicksight 。以下 IAM 策略应该在这两个版本中分配:
-
iam:AttachRolePolicy
-
iam:CreatePolicy
-
iam:CreatePolicyVersion
-
iam:CreateRole
-
iam:DeletePolicyVersion
-
iam:DeleteRole
-
iam:DetachRolePolicy
-
iam:GetPolicy
-
iam:GetPolicyVersion
-
iam:GetRole
-
iam:ListAttachedRolePolicies
-
iam:ListEntitiesForPolicy
-
iam:ListPolicyVersions
-
iam:ListRoles
-
s3:ListAllMyBuckets
要防止 AWS 管理员取消订阅 Quicksight,您可以拒绝所有用户 “quicksight:Unsubscribe”
IAM policy for dashboard embedding
要在网页中嵌入 AWS Quciksight 仪表板 URL,您需要将以下 IAM 策略分配给用户:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "quicksight:RegisterUser",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "quicksight:GetDashboardEmbedUrl",
"Resource": "arn:aws:quicksight:us-east-1:
868211930999:dashboard/
f2cb6cf2-477c-45f9-a1b3-639239eb95d8 ",
"Effect": "Allow"
}
]
}
您可以在 Quicksight 中使用 IAM 策略模拟器管理和测试这些角色和策略。以下是访问 IAM 策略模拟器的链接:
链接:https://policysim.aws.amazon.com/home/index.jsp? [https://policysim.aws.amazon.com/home/index.jsp? ]