Open caquinomrge opened 1 month ago
wozzer72
commented
1 month ago Hey @caquinomrge . The error is more related to Quicksight not your IdP:
not valid QuickSight users https://github.com/appvia/terraform-aws-cudos/blob/main/main.tf#L327 is the originator of this error.
For the AWS account into which you are deploying the dashboard, do you have an instance of QuickSight in the target region with the user created as identified by var.quicksights_username?
caquinomrge
commented
1 month ago Hey @wozzer72 . Thank you for this information we managed to deploy the dashboards by manually creating the user.
Currently we are getting this error, we still unable to create the user. We create this user manually by inviting him to our quicksight then we managed it by defining it in locals.tf
Error: registering QuickSight User (fullname@emaildomain.com): operation error QuickSight: RegisterUser, https response error StatusCode: 400, RequestID: d2744a6d-dca4-480c-a6bf-4a0027513468, InvalidParameterValueException: Invalid resource identifiers provided. Please check the documentation.
│
│ with module.cudos.module.this.aws_quicksight_user.users["fullname@emaildomain.com"],
│ on .terraform/modules/cudos.this/quicksights.tf line 14, in resource "aws_quicksight_user" "users":
│ 14: resource "aws_quicksight_user" "users" {Here below, we clearly define the user in our locals.tf.
quicksight_users = {
"fullname@emaildomain.com" = {
identity_type = "QUICKSIGHT"
role = "READER"
}
}Good to know you got through to the end of deployment. That's no mean feat. Well done indeed.
We're still working through the Quicksight subscription/user resource ourselves.
In all instances we too have had to create the Quicksight instance manually and the users/groups accordingly. It's work in progress.
caquinomrge
commented
1 month ago @wozzer72 . When we try to add a new user using the module it generated a plan but.
# module.cudos.module.this.aws_quicksight_user.users["fullname@email.com"] will be created
+ resource "aws_quicksight_user" "users" {
+ arn = (known after apply)
+ aws_account_id = (known after apply)
+ email = "fullname@email.com"
+ id = (known after apply)
+ identity_type = "QUICKSIGHT"
+ namespace = "default"
+ user_role = "READER"
}
Plan: 1 to add, 0 to change, 0 to destroy.
We get still get this error.
Error: registering QuickSight User (fullname@emaildomain.com): operation error QuickSight: RegisterUser, https response error StatusCode: 400, RequestID: d2744a6d-dca4-480c-a6bf-4a0027513468, InvalidParameterValueException: Invalid resource identifiers provided. Please check the documentation.
│
│ with module.cudos.module.this.aws_quicksight_user.users["fullname@emaildomain.com"],
│ on .terraform/modules/cudos.this/quicksights.tf line 14, in resource "aws_quicksight_user" "users":
│ 14: resource "aws_quicksight_user" "users" {
We just want to know if we missed anything in input?
wozzer72
commented
1 month ago Hey Christian
I cannot see anything obvious in your plan that would fail. The 400 is a "bad input data" API response which suggests it data validation issue. I do wonder if AWS is performing some basic validation on the email address - in your example "email.com" and "emaildomain.com" could indeed be examples only for the purpose of creating this issue. AWS QuickSight will of course be trying to send an invitation by email; maybe the 400 is because it failed to send the email invite or maybe because the user already exists (have you checked your QuickSight admin for existing users)?
But terraform is little more than a wrapper on the AWS SDK. Have you tried creating the user manually using the AWS SDK/CLI: https://docs.aws.amazon.com/quicksight/latest/developerguide/register-user.html?
Hello,
We are trying to deploy aws cudos dashboard using this module, but currently we are getting this error when applying.
Note: Our identity provider is google and we are passing an xml
@gambol99 hope you can help, thank you!