Testbed showing how to embed QuickSight dashboards into a web app.
- Using the following snippet create an IAM role allowing to generate embedded URLs of QuickSight dashboards
and name it
QuickSightDashboardEmbedder:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "quicksight:GetDashboardEmbedUrl",
"Resource": "*",
"Effect": "Allow"
}
]
}
- Using the snippet below create new IAM role
QuickSightDashboardBackendthat will be used by the app to assumeQuickSightDashboardEmbedderrole:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/QuickSightDashboardEmbedder"
}
]
}
-
Create new IAM user
quicksight-dasboard-backendand give it programmatic access by generating a new pair of API keys. -
Update trust relationships of
QuickSightDashboardEmbedderandQuickSightDashboardBackendroles:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:user/quicksight-dasboard-backend"
},
"Action": "sts:AssumeRole"
}
]
}
- Create a new QuickSight user:
aws quicksight register-user \
--aws-account-id <YOUR_AWS_ACCOUNT_ID> \
--namespace default \
--identity-type IAM \
--iam-arn "arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/QuickSightDashboardEmbedder" \
--user-role READER \
--session-name tom.smith@hilbertteam.net \
--email tom.smith@hilbertteam.net- Map
quicksight.hilbertteam.netto localhost in/etc/hosts:
127.0.0.1 quicksight.hilbertteam.net
-
Whitelist
quicksight.hilbertteam.netin QuickSight. -
Rename config.cfg.example to
config.cfgand fill in all the credentials. -
Run the testbed:
docker-compose build
docker-compose up- Open https://quicksight.hilbertteam.net in your browser and agree to open an unsafe website:
