我正在尝试根据此链接quicksightembed和此 AWS Video AWSQuickSight嵌入基于 CLI 的命令来嵌入 QuickSight Dashboard 。
CLI 命令:
aws configure
aws sts assume-role --role-arn "arn:aws:iam::842034702001:role/QuickSightEmbed" --role-session-name QSviewer
aws quicksight register-user --aws-account-id 842034702001 --namespace default --identity-type IAM --iam-arn "arn:aws:iam::842034702001:role/QuickSightEmbed" --user-role READER --session-name QuickSightEmbed --email String@email.com
假定角色成功,但在注册用户时,出现以下错误:
调用 RegisterUser 操作时发生错误 (AccessDeniedException):用户:arn:aws:iam::238683320570:user/String 无权执行:quicksight:RegisterUser on resource:arn:aws:quicksight:eu-west-1: 842034702001:用户/默认/QuickSightEmbed/QuickSightEmbed
请建议我们如何避免此错误。
我们正在使用的自定义策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "quicksight:RegisterUser",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "quicksight:GetDashboardEmbedUrl",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "sts:AssumeRole",
"Resource": "*",
"Effect": "Allow"
}
]
}