lul*_*dro 1 amazon-web-services amazon-cognito amazon-quicksight quicksight-embedding
I'm trying to get a Quicksight embed URL in a lambda function,
The lambda function receives a jwtToken from the frontend created on a react app using aws amplify, all the cognito setup works well (userpool and identity pool), the user receives the role "arn:aws:iam::xx:role/Cognito_qa1_Admin" when logging in,
The role has permissions to quicksight:registerUser and quicksight:getDashboardEmbedUrl
var cognitoIdentity = new AWS.CognitoIdentity();
var params = {
IdentityPoolId: "eu-west-2:xxx-291d-xx-b9a7-8b27c73c796c", // your identity pool id here
Logins: {
// your logins here
"cognito-idp.eu-west-2.amazonaws.com/eu-west-2_xxx": event.jwtToken,
},
};
// Get cognito identity from jwtToken
cognitoIdentity.getId(params, function (err, data) {
if (err) {
return callback(err);
}
var roleArn = "arn:aws:iam::xx:role/Cognito_qa1_Admin"; // your cognito authenticated role arn here
data.Logins = params.Logins;
// Get credentials for the identity (it also does the AssumeRoleWithWebIdentity)
cognitoIdentity.getCredentialsForIdentity(data, function (err, data) {
console.log(data);
if (err) {
return callback(err);
}
// update credentials with web identity ones
AWS.config.update({
region: "eu-west-2",
accessKeyId: data.Credentials.AccessKeyId,
secretAccessKey: data.Credentials.SecretKey,
sessionToken: data.Credentials.SessionToken,
expiration: data.Credentials.Expiration,
});
const quicksight = new AWS.QuickSight();
var getDashboardParams = {
AwsAccountId: "xx",
DashboardId: "a048efb6-3d3c-xx-8920-xxx",
IdentityType: "IAM",
ResetDisabled: false,
SessionLifetimeInMinutes: 100,
UndoRedoDisabled: false,
};
var registerUserParams = {
AwsAccountId: "xxx",
Email: event.userEmail,
IdentityType: "IAM",
Namespace: "default",
UserRole: "READER",
IamArn: roleArn,
SessionName: event.payloadSub,
};
// register user, this one works well
quicksight.registerUser(registerUserParams, function (err, data) {
if (err) {
if (err.code !== "ResourceExistsException") {
console.log("error registering user");
return callback(err);
}
console.log("user already exists");
}
console.log("User registration data", data);
// Get dashboard url, this is the one failing with QuickSightUserNotFoundException
quicksight.getDashboardEmbedUrl(getDashboardParams, function (
err,
data
) {
if (err) {
console.log("getDashboardEmbedUrl error", err);
return callback(err);
}
callback(null, data);
});
});
});
});
Everything goes smooth, the credentials for the web identity are retrieved and set to the config, the registerUser call registers the user (or returns user already exists error)
But the getDashboardEmbedUrl fails with QuickSightUserNotFoundException: Could not find user information in QuickSight
If I call sts.getCallerIdentity after setting the credentials I get this
{
ResponseMetadata: { RequestId: 'd5cb26f1-f2f5-4148-87e5-74d6c998fb91' },
UserId: 'AROAU63RLM5WIRTFDRETQ:CognitoIdentityCredentials',
Account: 'xxx',
Arn: 'arn:aws:sts::xxx:assumed-role/Cognito_qa1_Admin/CognitoIdentityCredentials'
}
Any idea? Thanks a lot in advance
注册用户时,IdentityType必须是,IAM但对于 getDashboardEmbedUrl 来说,它必须是类型QUICKSIGHT,并且您需要传递UserArn它,您可以在响应中找到它registerUser
| 归档时间: |
|
| 查看次数: |
2291 次 |
| 最近记录: |