I have created a template in my AWS account and have been trying to update the template permissions to allow access from another account. I'm failing to find any relevant documentation as to what actions are applicable to a QuickSight template.
Can anyone share any insight on this? I have no idea how to move from here.
While updating the template permissions to provide cross account access to template you need to use IAM ARN of an account root in the principal instead of an individual user.
Please try using the CLI and access policy below and suggest with the observations :
aws quicksight update-template-permissions --aws-account-id <aws account ID> --template-id <Template Id> --grant-permissions file://TemplatePermission.json --profile default
Contents of Templatepermission.json are as follows:
[
{
"Principal": "arn:aws:iam::<aws account ID>:root",
"Actions": ["quicksight:UpdateTemplatePermissions","quicksight:DescribeTemplate"]
}
Once you have shared the template with the other account you will be able to create a dashboard with the template using the following steps.
To create a dashboard in account B using template in account A or B use create-dashboard CLI.
aws quicksight create-dashboard --aws-account-id <Account ID> --dashboard-id <any ID> --name <any dashboard name> --source-entity file://DashboardFromTemplate.json
content of DashboardFromTemplate.json file are as below:
{
"SourceTemplate": {
"DataSetReferences": [
{
"DataSetPlaceholder": "placeholder",
"DataSetArn": "arn:aws:quicksight:us-east-1:<Account A ID>:dataset/<Dataset ID>"
}
],
"Arn": "arn:aws:quicksight:us-east-1:<Account ID>:template/<Template ID>"
}
}
Note that the 'DataSetPlaceholder' value needs to match the Data set placeholder used to create the Template. This can be found by executing this in the account the template was created in.
aws quicksight describe-template --aws-account-id <Account ID where the template is created> --template-id <Template ID>