Amazon QuickSight

2022/07/05 - Amazon QuickSight - 2 new3 updated api methods

Changes  This release allows customers to programmatically create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.

CreateAccountSubscription (new) Link ¶

Creates an Amazon QuickSight account, or subscribes to Amazon QuickSight Q.

The Amazon Web Services Region for the account is derived from what is configured in the CLI or SDK. This operation isn't supported in the US East (Ohio) Region, South America (Sao Paulo) Region, or Asia Pacific (Singapore) Region.

Before you use this operation, make sure that you can connect to an existing Amazon Web Services account. If you don't have an Amazon Web Services account, see Sign up for Amazon Web Services in the Amazon QuickSight User Guide. The person who signs up for Amazon QuickSight needs to have the correct Identity and Access Management (IAM) permissions. For more information, see IAM Policy Examples for Amazon QuickSight in the Amazon QuickSight User Guide.

If your IAM policy includes both the Subscribe and CreateAccountSubscription actions, make sure that both actions are set to Allow. If either action is set to Deny, the Deny action prevails and your API call fails.

You can't pass an existing IAM role to access other Amazon Web Services services using this API operation. To pass your existing IAM role to Amazon QuickSight, see Passing IAM roles to Amazon QuickSight in the Amazon QuickSight User Guide.

You can't set default resource access on the new account from the Amazon QuickSight API. Instead, add default resource access from the Amazon QuickSight console. For more information about setting default resource access to Amazon Web Services services, see Setting default resource access to Amazon Web Services services in the Amazon QuickSight User Guide.

See also: AWS API Documentation

Request Syntax

client.create_account_subscription(
    Edition='STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q',
    AuthenticationMethod='IAM_AND_QUICKSIGHT'|'IAM_ONLY'|'ACTIVE_DIRECTORY',
    AwsAccountId='string',
    AccountName='string',
    NotificationEmail='string',
    ActiveDirectoryName='string',
    Realm='string',
    DirectoryId='string',
    AdminGroup=[
        'string',
    ],
    AuthorGroup=[
        'string',
    ],
    ReaderGroup=[
        'string',
    ],
    FirstName='string',
    LastName='string',
    EmailAddress='string',
    ContactNumber='string'
)
type Edition:

string

param Edition:

[REQUIRED]

The edition of Amazon QuickSight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q.

If you choose ENTERPRISE_AND_Q, the following parameters are required:

  • FirstName

  • LastName

  • EmailAddress

  • ContactNumber

type AuthenticationMethod:

string

param AuthenticationMethod:

[REQUIRED]

The method that you want to use to authenticate your Amazon QuickSight account. Currently, the valid values for this parameter are IAM_AND_QUICKSIGHT, IAM_ONLY, and ACTIVE_DIRECTORY.

If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup associated with your Active Directory.

type AwsAccountId:

string

param AwsAccountId:

[REQUIRED]

The Amazon Web Services account ID of the account that you're using to create your Amazon QuickSight account.

type AccountName:

string

param AccountName:

[REQUIRED]

The name of your Amazon QuickSight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in. You can't change AccountName value after the Amazon QuickSight account is created.

type NotificationEmail:

string

param NotificationEmail:

[REQUIRED]

The email address that you want Amazon QuickSight to send notifications to regarding your Amazon QuickSight account or Amazon QuickSight subscription.

type ActiveDirectoryName:

string

param ActiveDirectoryName:

The name of your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

type Realm:

string

param Realm:

The realm of the Active Directory that is associated with your Amazon QuickSight account. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

type DirectoryId:

string

param DirectoryId:

The ID of the Active Directory that is associated with your Amazon QuickSight account.

type AdminGroup:

list

param AdminGroup:

The admin group associated with your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

  • (string) --

type AuthorGroup:

list

param AuthorGroup:

The author group associated with your Active Directory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

  • (string) --

type ReaderGroup:

list

param ReaderGroup:

The reader group associated with your Active Direcrtory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

  • (string) --

type FirstName:

string

param FirstName:

The first name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

type LastName:

string

param LastName:

The last name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

type EmailAddress:

string

param EmailAddress:

The email address of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

type ContactNumber:

string

param ContactNumber:

A 10-digit phone number for the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

rtype:

dict

returns:

Response Syntax

{
    'SignupResponse': {
        'IAMUser': True|False,
        'userLoginName': 'string',
        'accountName': 'string',
        'directoryType': 'string'
    },
    'Status': 123,
    'RequestId': 'string'
}

Response Structure

  • (dict) --

    • SignupResponse (dict) --

      A SignupResponse object that returns information about a newly created Amazon QuickSight account.

      • IAMUser (boolean) --

        A Boolean that is TRUE if the Amazon QuickSight uses IAM as an authentication method.

      • userLoginName (string) --

        The user login name for your Amazon QuickSight account.

      • accountName (string) --

        The name of your Amazon QuickSight account.

      • directoryType (string) --

        The type of Active Directory that is being used to authenticate the Amazon QuickSight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD.

    • Status (integer) --

      The HTTP status of the request.

    • RequestId (string) --

      The Amazon Web Services request ID for this operation.

DescribeAccountSubscription (new) Link ¶

Use the DescribeAccountSubscription operation to receive a description of a Amazon QuickSight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.

See also: AWS API Documentation

Request Syntax

client.describe_account_subscription(
    AwsAccountId='string'
)
type AwsAccountId:

string

param AwsAccountId:

[REQUIRED]

The Amazon Web Services account ID associated with your Amazon QuickSight account.

rtype:

dict

returns:

Response Syntax

{
    'AccountInfo': {
        'AccountName': 'string',
        'Edition': 'STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q',
        'NotificationEmail': 'string',
        'AuthenticationType': 'string',
        'AccountSubscriptionStatus': 'string'
    },
    'Status': 123,
    'RequestId': 'string'
}

Response Structure

  • (dict) --

    • AccountInfo (dict) --

      A structure that contains the following elements:

      • Your Amazon QuickSight account name.

      • The edition of Amazon QuickSight that your account is using.

      • The notification email address that is associated with the Amazon QuickSight account.

      • The authentication type of the Amazon QuickSight account.

      • The status of the Amazon QuickSight account's subscription.

      • AccountName (string) --

        The account name that you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It's unique over all of Amazon Web Services, and it appears only when users sign in.

      • Edition (string) --

        The edition of your Amazon QuickSight account.

      • NotificationEmail (string) --

        The email address that will be used for Amazon QuickSight to send notifications regarding your Amazon Web Services account or Amazon QuickSight subscription.

      • AuthenticationType (string) --

        The way that your Amazon QuickSight account is authenticated.

      • AccountSubscriptionStatus (string) --

        The status of your account subscription.

    • Status (integer) --

      The HTTP status of the request.

    • RequestId (string) --

      The Amazon Web Services request ID for this operation.

DescribeAccountSettings (updated) Link ¶
Changes (response)
{'AccountSettings': {'Edition': {'ENTERPRISE_AND_Q'}}}

Describes the settings that were used when your Amazon QuickSight subscription was first created in this Amazon Web Services account.

See also: AWS API Documentation

Request Syntax

client.describe_account_settings(
    AwsAccountId='string'
)
type AwsAccountId:

string

param AwsAccountId:

[REQUIRED]

The ID for the Amazon Web Services account that contains the settings that you want to list.

rtype:

dict

returns:

Response Syntax

{
    'AccountSettings': {
        'AccountName': 'string',
        'Edition': 'STANDARD'|'ENTERPRISE'|'ENTERPRISE_AND_Q',
        'DefaultNamespace': 'string',
        'NotificationEmail': 'string',
        'PublicSharingEnabled': True|False
    },
    'RequestId': 'string',
    'Status': 123
}

Response Structure

  • (dict) --

    • AccountSettings (dict) --

      The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription.

      In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight "account" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.

      • AccountName (string) --

        The "account name" you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It is unique in all of Amazon Web Services and it appears only when users sign in.

      • Edition (string) --

        The edition of Amazon QuickSight that you're currently subscribed to: Enterprise edition or Standard edition.

      • DefaultNamespace (string) --

        The default Amazon QuickSight namespace for your Amazon Web Services account.

      • NotificationEmail (string) --

        The main notification email for your Amazon QuickSight subscription.

      • PublicSharingEnabled (boolean) --

        A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account. For more information about turning on public sharing, see UpdatePublicSharingSettings.

    • RequestId (string) --

      The Amazon Web Services request ID for this operation.

    • Status (integer) --

      The HTTP status of the request.

GenerateEmbedUrlForAnonymousUser (updated) Link ¶
Changes (request)
{'AllowedDomains': ['string']}

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

  • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

  • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

  • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

See also: AWS API Documentation

Request Syntax

client.generate_embed_url_for_anonymous_user(
    AwsAccountId='string',
    SessionLifetimeInMinutes=123,
    Namespace='string',
    SessionTags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    AuthorizedResourceArns=[
        'string',
    ],
    ExperienceConfiguration={
        'Dashboard': {
            'InitialDashboardId': 'string'
        }
    },
    AllowedDomains=[
        'string',
    ]
)
type AwsAccountId:

string

param AwsAccountId:

[REQUIRED]

The ID for the Amazon Web Services account that contains the dashboard that you're embedding.

type SessionLifetimeInMinutes:

integer

param SessionLifetimeInMinutes:

How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.

type Namespace:

string

param Namespace:

[REQUIRED]

The Amazon QuickSight namespace that the anonymous user virtually belongs to. If you are not using an Amazon QuickSight custom namespace, set this to default.

type SessionTags:

list

param SessionTags:

The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see `Using Row-Level Security (RLS) with Tags <https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html>`__in the Amazon QuickSight User Guide.

  • (dict) --

    The key-value pair used for the row-level security tags feature.

    • Key (string) -- [REQUIRED]

      The key for the tag.

    • Value (string) -- [REQUIRED]

      The value that you want to assign the tag.

type AuthorizedResourceArns:

list

param AuthorizedResourceArns:

[REQUIRED]

The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session. If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view. Currently, you can pass up to 25 dashboard ARNs in each API call.

  • (string) --

type ExperienceConfiguration:

dict

param ExperienceConfiguration:

[REQUIRED]

The configuration of the experience that you are embedding.

  • Dashboard (dict) --

    The type of embedding experience. In this case, Amazon QuickSight dashboards.

    • InitialDashboardId (string) -- [REQUIRED]

      The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard.

      The Amazon Resource Name (ARN) of this dashboard must be included in the AuthorizedResourceArns parameter. Otherwise, the request will fail with InvalidParameterValueException.

type AllowedDomains:

list

param AllowedDomains:

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'EmbedUrl': 'string',
    'Status': 123,
    'RequestId': 'string'
}

Response Structure

  • (dict) --

    • EmbedUrl (string) --

      The embed URL for the dashboard.

    • Status (integer) --

      The HTTP status of the request.

    • RequestId (string) --

      The Amazon Web Services request ID for this operation.

GenerateEmbedUrlForRegisteredUser (updated) Link ¶
Changes (request)
{'AllowedDomains': ['string']}

Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user registered in an Amazon QuickSight account. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.

The following rules apply to the generated URL:

  • It contains a temporary bearer token. It is valid for 5 minutes after it is generated. Once redeemed within this period, it cannot be re-used again.

  • The URL validity period should not be confused with the actual session lifetime that can be customized using the SessionLifetimeInMinutes parameter. The resulting user session is valid for 15 minutes (minimum) to 10 hours (maximum). The default session duration is 10 hours.

  • You are charged only when the URL is used or there is interaction with Amazon QuickSight.

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

See also: AWS API Documentation

Request Syntax

client.generate_embed_url_for_registered_user(
    AwsAccountId='string',
    SessionLifetimeInMinutes=123,
    UserArn='string',
    ExperienceConfiguration={
        'Dashboard': {
            'InitialDashboardId': 'string'
        },
        'QuickSightConsole': {
            'InitialPath': 'string'
        },
        'QSearchBar': {
            'InitialTopicId': 'string'
        }
    },
    AllowedDomains=[
        'string',
    ]
)
type AwsAccountId:

string

param AwsAccountId:

[REQUIRED]

The ID for the Amazon Web Services account that contains the dashboard that you're embedding.

type SessionLifetimeInMinutes:

integer

param SessionLifetimeInMinutes:

How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.

type UserArn:

string

param UserArn:

[REQUIRED]

The Amazon Resource Name for the registered user.

type ExperienceConfiguration:

dict

param ExperienceConfiguration:

[REQUIRED]

The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards or the entire Amazon QuickSight console.

  • Dashboard (dict) --

    The configuration details for providing a dashboard embedding experience.

    • InitialDashboardId (string) -- [REQUIRED]

      The dashboard ID for the dashboard that you want the user to see first. This ID is included in the output URL. When the URL in response is accessed, Amazon QuickSight renders this dashboard if the user has permissions to view it.

      If the user does not have permission to view this dashboard, they see a permissions error message.

  • QuickSightConsole (dict) --

    The configuration details for providing each Amazon QuickSight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see Customizing Access to the Amazon QuickSight Console in the Amazon QuickSight User Guide.

    Use GenerateEmbedUrlForRegisteredUser where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon QuickSight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use the RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:

    For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

    • InitialPath (string) --

      The initial URL path for the Amazon QuickSight console. InitialPath is required.

      The entry point URL is constrained to the following paths:

      • /start

      • /start/analyses

      • /start/dashboards

      • /start/favorites

      • /dashboards/DashboardId. DashboardId is the actual ID key from the Amazon QuickSight console URL of the dashboard.

      • /analyses/AnalysisId. AnalysisId is the actual ID key from the Amazon QuickSight console URL of the analysis.

  • QSearchBar (dict) --

    The configuration details for embedding the Q search bar.

    For more information about embedding the Q search bar, see Embedding Overview in the Amazon QuickSight User Guide.

    • InitialTopicId (string) --

      The ID of the Q topic that you want to make the starting topic in the Q search bar. You can find a topic ID by navigating to the Topics pane in the Amazon QuickSight application and opening a topic. The ID is in the URL for the topic that you open.

      If you don't specify an initial topic, a list of all shared topics is shown in the Q bar for your readers. When you select an initial topic, you can specify whether or not readers are allowed to select other topics from the available ones in the list.

type AllowedDomains:

list

param AllowedDomains:

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'EmbedUrl': 'string',
    'Status': 123,
    'RequestId': 'string'
}

Response Structure

  • (dict) --

    • EmbedUrl (string) --

      The embed URL for the Amazon QuickSight dashboard or console.

    • Status (integer) --

      The HTTP status of the request.

    • RequestId (string) --

      The Amazon Web Services request ID for this operation.