Amazon QuickSight

2019/03/11 - Amazon QuickSight - 1 new 9 updated api methods

Changes  Amazon QuickSight user and group operation results now include group principal IDs and user principal IDs. This release also adds "DeleteUserByPrincipalId", which deletes users given their principal ID. The update also improves role session name validation.

DeleteUserByPrincipalId (new) Link ¶

Deletes a user after locating the user by its principal ID.

See also: AWS API Documentation

Request Syntax

client.delete_user_by_principal_id(
    PrincipalId='string',
    AwsAccountId='string',
    Namespace='string'
)
type PrincipalId

string

param PrincipalId

[REQUIRED]

The principal ID of the user.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

CreateGroup (updated) Link ¶
Changes (response) 
{'Group': {'PrincipalId': 'string'}}

Creates an Amazon QuickSight group.

The permissions resource is arn:aws:quicksight:us-east-1:<relevant-aws-account-id>:group/default/<group-name> .

The response is a group object.

CLI Sample:

aws quicksight create-group --aws-account-id=111122223333 --namespace=default --group-name="Sales-Management" --description="Sales Management - Forecasting"

See also: AWS API Documentation

Request Syntax

client.create_group(
    GroupName='string',
    Description='string',
    AwsAccountId='string',
    Namespace='string'
)
type GroupName

string

param GroupName

[REQUIRED]

A name for the group that you want to create.

type Description

string

param Description

A description for the group that you want to create.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'Group': {
        'Arn': 'string',
        'GroupName': 'string',
        'Description': 'string',
        'PrincipalId': 'string'
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    The response object for this operation.

    • Group (dict) --

      The name of the group.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the group.

      • GroupName (string) --

        The name of the group.

      • Description (string) --

        The group description.

      • PrincipalId (string) --

        The principal ID of the group.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

DescribeGroup (updated) Link ¶
Changes (response) 
{'Group': {'PrincipalId': 'string'}}

Returns an Amazon QuickSight group's description and Amazon Resource Name (ARN).

The permissions resource is arn:aws:quicksight:us-east-1:<relevant-aws-account-id>:group/default/<group-name> .

The response is the group object.

CLI Sample:

aws quicksight describe-group -\-aws-account-id=11112222333 -\-namespace=default -\-group-name=Sales

See also: AWS API Documentation

Request Syntax

client.describe_group(
    GroupName='string',
    AwsAccountId='string',
    Namespace='string'
)
type GroupName

string

param GroupName

[REQUIRED]

The name of the group that you want to describe.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'Group': {
        'Arn': 'string',
        'GroupName': 'string',
        'Description': 'string',
        'PrincipalId': 'string'
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • Group (dict) --

      The name of the group.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the group.

      • GroupName (string) --

        The name of the group.

      • Description (string) --

        The group description.

      • PrincipalId (string) --

        The principal ID of the group.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

DescribeUser (updated) Link ¶
Changes (response) 
{'User': {'PrincipalId': 'string'}}

Returns information about a user, given the user name.

The permission resource is arn:aws:quicksight:us-east-1:<aws-account-id>:user/default/<user-name> .

The response is a user object that contains the user's Amazon Resource Name (ARN), AWS Identity and Access Management (IAM) role, and email address.

CLI Sample:

aws quicksight describe-user --aws-account-id=111122223333 --namespace=default --user-name=Pat

See also: AWS API Documentation

Request Syntax

client.describe_user(
    UserName='string',
    AwsAccountId='string',
    Namespace='string'
)
type UserName

string

param UserName

[REQUIRED]

The name of the user that you want to describe.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'User': {
        'Arn': 'string',
        'UserName': 'string',
        'Email': 'string',
        'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
        'IdentityType': 'IAM'|'QUICKSIGHT',
        'Active': True|False,
        'PrincipalId': 'string'
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • User (dict) --

      The user name.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the user.

      • UserName (string) --

        The user's user name.

      • Email (string) --

        The user's email address.

      • Role (string) --

        The Amazon QuickSight role for the user.

      • IdentityType (string) --

        The type of identity authentication used by the user.

      • Active (boolean) --

        Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password

      • PrincipalId (string) --

        The principal ID of the user.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

ListGroups (updated) Link ¶
Changes (response) 
{'GroupList': {'PrincipalId': 'string'}}

Lists all user groups in Amazon QuickSight.

The permissions resource is arn:aws:quicksight:us-east-1:<aws-account-id>:group/default/* .

The response is a list of group objects.

CLI Sample:

aws quicksight list-groups -\-aws-account-id=111122223333 -\-namespace=default

See also: AWS API Documentation

Request Syntax

client.list_groups(
    AwsAccountId='string',
    NextToken='string',
    MaxResults=123,
    Namespace='string'
)
type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type NextToken

string

param NextToken

A pagination token that can be used in a subsequent request.

type MaxResults

integer

param MaxResults

The maximum number of results to return.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'GroupList': [
        {
            'Arn': 'string',
            'GroupName': 'string',
            'Description': 'string',
            'PrincipalId': 'string'
        },
    ],
    'NextToken': 'string',
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • GroupList (list) --

      The list of the groups.

      • (dict) --

        A group in Amazon QuickSight consists of a set of users. You can use groups to make it easier to manage access and security. Currently, an Amazon QuickSight subscription can't contain more than 500 Amazon QuickSight groups.

        • Arn (string) --

          The Amazon Resource Name (ARN) for the group.

        • GroupName (string) --

          The name of the group.

        • Description (string) --

          The group description.

        • PrincipalId (string) --

          The principal ID of the group.

    • NextToken (string) --

      A pagination token that can be used in a subsequent request.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

ListUserGroups (updated) Link ¶
Changes (response) 
{'GroupList': {'PrincipalId': 'string'}}

Lists the Amazon QuickSight groups that an Amazon QuickSight user is a member of.

The permission resource is arn:aws:quicksight:us-east-1:<aws-account-id>:user/default/<user-name> .

The response is a one or more group objects.

CLI Sample:

aws quicksight list-user-groups -\-user-name=Pat -\-aws-account-id=111122223333 -\-namespace=default -\-region=us-east-1

See also: AWS API Documentation

Request Syntax

client.list_user_groups(
    UserName='string',
    AwsAccountId='string',
    Namespace='string',
    NextToken='string',
    MaxResults=123
)
type UserName

string

param UserName

[REQUIRED]

The Amazon QuickSight user name that you want to list group memberships for.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The AWS Account ID that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

type NextToken

string

param NextToken

A pagination token that can be used in a subsequent request.

type MaxResults

integer

param MaxResults

The maximum number of results to return from this request.

rtype

dict

returns

Response Syntax

{
    'GroupList': [
        {
            'Arn': 'string',
            'GroupName': 'string',
            'Description': 'string',
            'PrincipalId': 'string'
        },
    ],
    'NextToken': 'string',
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • GroupList (list) --

      The list of groups the user is a member of.

      • (dict) --

        A group in Amazon QuickSight consists of a set of users. You can use groups to make it easier to manage access and security. Currently, an Amazon QuickSight subscription can't contain more than 500 Amazon QuickSight groups.

        • Arn (string) --

          The Amazon Resource Name (ARN) for the group.

        • GroupName (string) --

          The name of the group.

        • Description (string) --

          The group description.

        • PrincipalId (string) --

          The principal ID of the group.

    • NextToken (string) --

      A pagination token that can be used in a subsequent request.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The HTTP status of the request.

ListUsers (updated) Link ¶
Changes (response) 
{'UserList': {'PrincipalId': 'string'}}

Returns a list of all of the Amazon QuickSight users belonging to this account.

The permission resource is arn:aws:quicksight:us-east-1:<aws-account-id>:user/default/* .

The response is a list of user objects, containing each user's Amazon Resource Name (ARN), AWS Identity and Access Management (IAM) role, and email address.

CLI Sample:

aws quicksight list-users --aws-account-id=111122223333 --namespace=default

See also: AWS API Documentation

Request Syntax

client.list_users(
    AwsAccountId='string',
    NextToken='string',
    MaxResults=123,
    Namespace='string'
)
type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type NextToken

string

param NextToken

A pagination token that can be used in a subsequent request.

type MaxResults

integer

param MaxResults

The maximum number of results to return from this request.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'UserList': [
        {
            'Arn': 'string',
            'UserName': 'string',
            'Email': 'string',
            'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
            'IdentityType': 'IAM'|'QUICKSIGHT',
            'Active': True|False,
            'PrincipalId': 'string'
        },
    ],
    'NextToken': 'string',
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • UserList (list) --

      The list of users.

      • (dict) --

        A registered user of Amazon QuickSight. Currently, an Amazon QuickSight subscription can't contain more than 20 million users.

        • Arn (string) --

          The Amazon Resource Name (ARN) for the user.

        • UserName (string) --

          The user's user name.

        • Email (string) --

          The user's email address.

        • Role (string) --

          The Amazon QuickSight role for the user.

        • IdentityType (string) --

          The type of identity authentication used by the user.

        • Active (boolean) --

          Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password

        • PrincipalId (string) --

          The principal ID of the user.

    • NextToken (string) --

      A pagination token that can be used in a subsequent request.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

RegisterUser (updated) Link ¶
Changes (response) 
{'User': {'PrincipalId': 'string'}}

Creates an Amazon QuickSight user, whose identity is associated with the AWS Identity and Access Management (IAM) identity or role specified in the request.

The permission resource is arn:aws:quicksight:us-east-1:<aws-account-id>:user/default/<user-name> .

The condition resource is the Amazon Resource Name (ARN) for the IAM user or role, and the session name.

The condition keys are quicksight:IamArn and quicksight:SessionName .

CLI Sample:

aws quicksight register-user -\-aws-account-id=111122223333 -\-namespace=default -\-email=pat@example.com -\-identity-type=IAM -\-user-role=AUTHOR -\-iam-arn=arn:aws:iam::111122223333:user/Pat

See also: AWS API Documentation

Request Syntax

client.register_user(
    IdentityType='IAM'|'QUICKSIGHT',
    Email='string',
    UserRole='ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
    IamArn='string',
    SessionName='string',
    AwsAccountId='string',
    Namespace='string',
    UserName='string'
)
type IdentityType

string

param IdentityType

[REQUIRED]

Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts two values:

  • IAM : A user whose identity maps to an existing IAM user or role.

  • QUICKSIGHT : A user whose identity is owned and managed internally by Amazon QuickSight.

type Email

string

param Email

[REQUIRED]

The email address of the user that you want to register.

type UserRole

string

param UserRole

[REQUIRED]

The Amazon QuickSight role of the user. The user role can be one of the following:

  • READER : A user who has read-only access to dashboards.

  • AUTHOR : A user who can create data sources, data sets, analyses, and dashboards.

  • ADMIN : A user who is an author, who can also manage Amazon QuickSight settings.

type IamArn

string

param IamArn

The ARN of the IAM user or role that you are registering with Amazon QuickSight.

type SessionName

string

param SessionName

The name of the session with the assumed IAM role. By using this parameter, you can register multiple users with the same IAM role, provided that each has a different session name. For more information on assuming IAM roles, see assume-role in the AWS CLI Reference.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

type UserName

string

param UserName

The Amazon QuickSight user name that you want to create for the user you are registering.

rtype

dict

returns

Response Syntax

{
    'User': {
        'Arn': 'string',
        'UserName': 'string',
        'Email': 'string',
        'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
        'IdentityType': 'IAM'|'QUICKSIGHT',
        'Active': True|False,
        'PrincipalId': 'string'
    },
    'UserInvitationUrl': 'string',
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • User (dict) --

      The user name.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the user.

      • UserName (string) --

        The user's user name.

      • Email (string) --

        The user's email address.

      • Role (string) --

        The Amazon QuickSight role for the user.

      • IdentityType (string) --

        The type of identity authentication used by the user.

      • Active (boolean) --

        Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password

      • PrincipalId (string) --

        The principal ID of the user.

    • UserInvitationUrl (string) --

      The URL the user visits to complete registration and provide a password. This is returned only for users with an identity type of QUICKSIGHT .

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

UpdateGroup (updated) Link ¶
Changes (response) 
{'Group': {'PrincipalId': 'string'}}

Changes a group description.

The permissions resource is arn:aws:quicksight:us-east-1:<aws-account-id>:group/default/<group-name> .

The response is a group object.

CLI Sample:

aws quicksight update-group --aws-account-id=111122223333 --namespace=default --group-name=Sales --description="Sales BI Dashboards"

See also: AWS API Documentation

Request Syntax

client.update_group(
    GroupName='string',
    Description='string',
    AwsAccountId='string',
    Namespace='string'
)
type GroupName

string

param GroupName

[REQUIRED]

The name of the group that you want to update.

type Description

string

param Description

The description for the group that you want to update.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

rtype

dict

returns

Response Syntax

{
    'Group': {
        'Arn': 'string',
        'GroupName': 'string',
        'Description': 'string',
        'PrincipalId': 'string'
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • Group (dict) --

      The name of the group.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the group.

      • GroupName (string) --

        The name of the group.

      • Description (string) --

        The group description.

      • PrincipalId (string) --

        The principal ID of the group.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.

UpdateUser (updated) Link ¶
Changes (response) 
{'User': {'PrincipalId': 'string'}}

Updates an Amazon QuickSight user.

The permission resource is arn:aws:quicksight:us-east-1:<aws-account-id>:user/default/<user-name> .

The response is a user object that contains the user's Amazon QuickSight user name, email address, active or inactive status in Amazon QuickSight, Amazon QuickSight role, and Amazon Resource Name (ARN).

CLI Sample:

aws quicksight update-user --user-name=Pat --role=ADMIN --email=new_address@amazon.com --aws-account-id=111122223333 --namespace=default --region=us-east-1

See also: AWS API Documentation

Request Syntax

client.update_user(
    UserName='string',
    AwsAccountId='string',
    Namespace='string',
    Email='string',
    Role='ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER'
)
type UserName

string

param UserName

[REQUIRED]

The Amazon QuickSight user name that you want to update.

type AwsAccountId

string

param AwsAccountId

[REQUIRED]

The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.

type Namespace

string

param Namespace

[REQUIRED]

The namespace. Currently, you should set this to default .

type Email

string

param Email

[REQUIRED]

The email address of the user that you want to update.

type Role

string

param Role

[REQUIRED]

The Amazon QuickSight role of the user. The user role can be one of the following:

  • READER : A user who has read-only access to dashboards.

  • AUTHOR : A user who can create data sources, data sets, analyses, and dashboards.

  • ADMIN : A user who is an author, who can also manage Amazon QuickSight settings.

rtype

dict

returns

Response Syntax

{
    'User': {
        'Arn': 'string',
        'UserName': 'string',
        'Email': 'string',
        'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
        'IdentityType': 'IAM'|'QUICKSIGHT',
        'Active': True|False,
        'PrincipalId': 'string'
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • User (dict) --

      The Amazon QuickSight user.

      • Arn (string) --

        The Amazon Resource Name (ARN) for the user.

      • UserName (string) --

        The user's user name.

      • Email (string) --

        The user's email address.

      • Role (string) --

        The Amazon QuickSight role for the user.

      • IdentityType (string) --

        The type of identity authentication used by the user.

      • Active (boolean) --

        Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password

      • PrincipalId (string) --

        The principal ID of the user.

    • RequestId (string) --

      The AWS request ID for this operation.

    • Status (integer) --

      The http status of the request.