search

data-dot-all / dataall

A modern data marketplace that makes collaboration among diverse users (like business, analysts and engineers) easier, increasing efficiency and agility in data projects on AWS.
https://data-dot-all.github.io/dataall/
Apache License 2.0
226 stars 82 forks source link

Quicksight users created by data.all are inactive users - Register federated QS users in data.all #281

Closed dlpzx closed 1 month ago

dlpzx commented 1 year ago

Data.all creates users of identity type = Quicksight which appear as inactive when listing them. Inactive users do not have some features of Quicksight.

Describe the solution you'd like I would like QS users created by data.all to have all features of Quicksight.

dlpzx commented 1 year ago

In the picture maria is a user created in data.all

image
dlpzx commented 1 year ago

One alternative is to use externalloginfederationprovidertype in the register_user API calls made in the quicksight handler

response = client.register_user(
    IdentityType='IAM',
    Email='string',
    UserRole='ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER',
    IamArn='string',
    SessionName='string',
    AwsAccountId='string',
    Namespace='string',
    UserName='string',
    CustomPermissionsName='string',
    ExternalLoginFederationProviderType='string',
    CustomFederationProviderUrl='string',
    ExternalLoginId='string'
)

However we need to test the implications of reading from one Cognito user pool in the data.all central account and using this same user pool for all the environment accounts

For some inspiration, check out the following blog https://aws.amazon.com/blogs/big-data/enabling-amazon-quicksight-federation-with-azure-ad/

dlpzx commented 1 month ago

Closing this issue in favor of #1408. We'll re-open if needed