2022/07/05 - Amazon QuickSight - 2 new3 updated api methods
Changes This release allows customers to programmatically create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.
Creates an Amazon QuickSight account, or subscribes to Amazon QuickSight Q.
The Amazon Web Services Region for the account is derived from what is configured in the CLI or SDK. This operation isn't supported in the US East (Ohio) Region, South America (Sao Paulo) Region, or Asia Pacific (Singapore) Region.
Before you use this operation, make sure that you can connect to an existing Amazon Web Services account. If you don't have an Amazon Web Services account, see Sign up for Amazon Web Services in the Amazon QuickSight User Guide. The person who signs up for Amazon QuickSight needs to have the correct Identity and Access Management (IAM) permissions. For more information, see IAM Policy Examples for Amazon QuickSight in the Amazon QuickSight User Guide.
If your IAM policy includes both the Subscribe and CreateAccountSubscription actions, make sure that both actions are set to Allow. If either action is set to Deny, the Deny action prevails and your API call fails.
You can't pass an existing IAM role to access other Amazon Web Services services using this API operation. To pass your existing IAM role to Amazon QuickSight, see Passing IAM roles to Amazon QuickSight in the Amazon QuickSight User Guide.
You can't set default resource access on the new account from the Amazon QuickSight API. Instead, add default resource access from the Amazon QuickSight console. For more information about setting default resource access to Amazon Web Services services, see Setting default resource access to Amazon Web Services services in the Amazon QuickSight User Guide.
See also: AWS API Documentation
Request Syntax
client.create_account_subscription( Edition='STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q', AuthenticationMethod='IAM_AND_QUICKSIGHT'|'IAM_ONLY'|'ACTIVE_DIRECTORY', AwsAccountId='string', AccountName='string', NotificationEmail='string', ActiveDirectoryName='string', Realm='string', DirectoryId='string', AdminGroup=[ 'string', ], AuthorGroup=[ 'string', ], ReaderGroup=[ 'string', ], FirstName='string', LastName='string', EmailAddress='string', ContactNumber='string' )
string
[REQUIRED]
The edition of Amazon QuickSight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q.
If you choose ENTERPRISE_AND_Q, the following parameters are required:
FirstName
LastName
EmailAddress
ContactNumber
string
[REQUIRED]
The method that you want to use to authenticate your Amazon QuickSight account. Currently, the valid values for this parameter are IAM_AND_QUICKSIGHT, IAM_ONLY, and ACTIVE_DIRECTORY.
If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup associated with your Active Directory.
string
[REQUIRED]
The Amazon Web Services account ID of the account that you're using to create your Amazon QuickSight account.
string
[REQUIRED]
The name of your Amazon QuickSight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in. You can't change AccountName value after the Amazon QuickSight account is created.
string
[REQUIRED]
The email address that you want Amazon QuickSight to send notifications to regarding your Amazon QuickSight account or Amazon QuickSight subscription.
string
The name of your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.
string
The realm of the Active Directory that is associated with your Amazon QuickSight account. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.
string
The ID of the Active Directory that is associated with your Amazon QuickSight account.
list
The admin group associated with your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.
(string) --
list
The author group associated with your Active Directory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.
(string) --
list
The reader group associated with your Active Direcrtory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.
(string) --
string
The first name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.
string
The last name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.
string
The email address of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.
string
A 10-digit phone number for the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.
dict
Response Syntax
{ 'SignupResponse': { 'IAMUser': True|False, 'userLoginName': 'string', 'accountName': 'string', 'directoryType': 'string' }, 'Status': 123, 'RequestId': 'string' }
Response Structure
(dict) --
SignupResponse (dict) --
A SignupResponse object that returns information about a newly created Amazon QuickSight account.
IAMUser (boolean) --
A Boolean that is TRUE if the Amazon QuickSight uses IAM as an authentication method.
userLoginName (string) --
The user login name for your Amazon QuickSight account.
accountName (string) --
The name of your Amazon QuickSight account.
directoryType (string) --
The type of Active Directory that is being used to authenticate the Amazon QuickSight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD.
Status (integer) --
The HTTP status of the request.
RequestId (string) --
The Amazon Web Services request ID for this operation.
Use the DescribeAccountSubscription operation to receive a description of a Amazon QuickSight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.
See also: AWS API Documentation
Request Syntax
client.describe_account_subscription( AwsAccountId='string' )
string
[REQUIRED]
The Amazon Web Services account ID associated with your Amazon QuickSight account.
dict
Response Syntax
{ 'AccountInfo': { 'AccountName': 'string', 'Edition': 'STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q', 'NotificationEmail': 'string', 'AuthenticationType': 'string', 'AccountSubscriptionStatus': 'string' }, 'Status': 123, 'RequestId': 'string' }
Response Structure
(dict) --
AccountInfo (dict) --
A structure that contains the following elements:
Your Amazon QuickSight account name.
The edition of Amazon QuickSight that your account is using.
The notification email address that is associated with the Amazon QuickSight account.
The authentication type of the Amazon QuickSight account.
The status of the Amazon QuickSight account's subscription.
AccountName (string) --
The account name that you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It's unique over all of Amazon Web Services, and it appears only when users sign in.
Edition (string) --
The edition of your Amazon QuickSight account.
NotificationEmail (string) --
The email address that will be used for Amazon QuickSight to send notifications regarding your Amazon Web Services account or Amazon QuickSight subscription.
AuthenticationType (string) --
The way that your Amazon QuickSight account is authenticated.
AccountSubscriptionStatus (string) --
The status of your account subscription.
Status (integer) --
The HTTP status of the request.
RequestId (string) --
The Amazon Web Services request ID for this operation.
{'AccountSettings': {'Edition': {'ENTERPRISE_AND_Q'}}}
Describes the settings that were used when your Amazon QuickSight subscription was first created in this Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.describe_account_settings( AwsAccountId='string' )
string
[REQUIRED]
The ID for the Amazon Web Services account that contains the settings that you want to list.
dict
Response Syntax
{ 'AccountSettings': { 'AccountName': 'string', 'Edition': 'STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q', 'DefaultNamespace': 'string', 'NotificationEmail': 'string', 'PublicSharingEnabled': True|False }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
AccountSettings (dict) --
The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription.
In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight "account" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.
AccountName (string) --
The "account name" you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It is unique in all of Amazon Web Services and it appears only when users sign in.
Edition (string) --
The edition of Amazon QuickSight that you're currently subscribed to: Enterprise edition or Standard edition.
DefaultNamespace (string) --
The default Amazon QuickSight namespace for your Amazon Web Services account.
NotificationEmail (string) --
The main notification email for your Amazon QuickSight subscription.
PublicSharingEnabled (boolean) --
A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account. For more information about turning on public sharing, see UpdatePublicSharingSettings.
RequestId (string) --
The Amazon Web Services request ID for this operation.
Status (integer) --
The HTTP status of the request.
{'AllowedDomains': ['string']}
Generates an embed URL that you can use to embed an Amazon QuickSight dashboard in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.
The following rules apply to the generated URL:
It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.
The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.
You are charged only when the URL is used or there is interaction with Amazon QuickSight.
For more information, see Embedded Analytics in the Amazon QuickSight User Guide.
For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.
See also: AWS API Documentation
Request Syntax
client.generate_embed_url_for_anonymous_user( AwsAccountId='string', SessionLifetimeInMinutes=123, Namespace='string', SessionTags=[ { 'Key': 'string', 'Value': 'string' }, ], AuthorizedResourceArns=[ 'string', ], ExperienceConfiguration={ 'Dashboard': { 'InitialDashboardId': 'string' } }, AllowedDomains=[ 'string', ] )
string
[REQUIRED]
The ID for the Amazon Web Services account that contains the dashboard that you're embedding.
integer
How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.
string
[REQUIRED]
The Amazon QuickSight namespace that the anonymous user virtually belongs to. If you are not using an Amazon QuickSight custom namespace, set this to default.
list
The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.
These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see `Using Row-Level Security (RLS) with Tags <https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html>`__in the Amazon QuickSight User Guide.
(dict) --
The key-value pair used for the row-level security tags feature.
Key (string) -- [REQUIRED]
The key for the tag.
Value (string) -- [REQUIRED]
The value that you want to assign the tag.
list
[REQUIRED]
The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session. If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view. Currently, you can pass up to 25 dashboard ARNs in each API call.
(string) --
dict
[REQUIRED]
The configuration of the experience that you are embedding.
Dashboard (dict) --
The type of embedding experience. In this case, Amazon QuickSight dashboards.
InitialDashboardId (string) -- [REQUIRED]
The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard.
The Amazon Resource Name (ARN) of this dashboard must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.
list
The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.
To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.
(string) --
dict
Response Syntax
{ 'EmbedUrl': 'string', 'Status': 123, 'RequestId': 'string' }
Response Structure
(dict) --
EmbedUrl (string) --
The embed URL for the dashboard.
Status (integer) --
The HTTP status of the request.
RequestId (string) --
The Amazon Web Services request ID for this operation.
{'AllowedDomains': ['string']}
Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user registered in an Amazon QuickSight account. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.
The following rules apply to the generated URL:
It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.
The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.
You are charged only when the URL is used or there is interaction with Amazon QuickSight.
For more information, see Embedded Analytics in the Amazon QuickSight User Guide.
For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.
See also: AWS API Documentation
Request Syntax
client.generate_embed_url_for_registered_user( AwsAccountId='string', SessionLifetimeInMinutes=123, UserArn='string', ExperienceConfiguration={ 'Dashboard': { 'InitialDashboardId': 'string' }, 'QuickSightConsole': { 'InitialPath': 'string' }, 'QSearchBar': { 'InitialTopicId': 'string' } }, AllowedDomains=[ 'string', ] )
string
[REQUIRED]
The ID for the Amazon Web Services account that contains the dashboard that you're embedding.
integer
How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.
string
[REQUIRED]
The Amazon Resource Name for the registered user.
dict
[REQUIRED]
The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards or the entire Amazon QuickSight console.
Dashboard (dict) --
The configuration details for providing a dashboard embedding experience.
InitialDashboardId (string) -- [REQUIRED]
The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard if the user has permissions to view it.
If the user does not have permission to view this dashboard, they see a permissions error message.
QuickSightConsole (dict) --
The configuration details for providing each Amazon QuickSight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see Customizing Access to the Amazon QuickSight Console in the Amazon QuickSight User Guide.
Use GenerateEmbedUrlForRegisteredUser where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon QuickSight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use the RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:
For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.
InitialPath (string) --
The initial URL path for the Amazon QuickSight console. InitialPath is required.
The entry point URL is constrained to the following paths:
/start
/start/analyses
/start/dashboards
/start/favorites
/dashboards/DashboardId. DashboardId is the actual ID key from the Amazon QuickSight console URL of the dashboard.
/analyses/AnalysisId. AnalysisId is the actual ID key from the Amazon QuickSight console URL of the analysis.
QSearchBar (dict) --
The configuration details for embedding the Q search bar.
For more information about embedding the Q search bar, see Embedding Overview in the Amazon QuickSight User Guide.
InitialTopicId (string) --
The ID of the Q topic that you want to make the starting topic in the Q search bar. You can find a topic ID by navigating to the Topics pane in the Amazon QuickSight application and opening a topic. The ID is in the URL for the topic that you open.
If you don't specify an initial topic, a list of all shared topics is shown in the Q bar for your readers. When you select an initial topic, you can specify whether or not readers are allowed to select other topics from the available ones in the list.
list
The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.
To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.
(string) --
dict
Response Syntax
{ 'EmbedUrl': 'string', 'Status': 123, 'RequestId': 'string' }
Response Structure
(dict) --
EmbedUrl (string) --
The embed URL for the Amazon QuickSight dashboard or console.
Status (integer) --
The HTTP status of the request.
RequestId (string) --
The Amazon Web Services request ID for this operation.