2019/03/11 - Amazon QuickSight - 1 new 9 updated api methods
Changes Amazon QuickSight user and group operation results now include group principal IDs and user principal IDs. This release also adds "DeleteUserByPrincipalId", which deletes users given their principal ID. The update also improves role session name validation.
Deletes a user after locating the user by its principal ID.
See also: AWS API Documentation
Request Syntax
client.delete_user_by_principal_id( PrincipalId='string', AwsAccountId='string', Namespace='string' )
string
[REQUIRED]
The principal ID of the user.
string
[REQUIRED]
The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'Group': {'PrincipalId': 'string'}}
Creates an Amazon QuickSight group.
The permissions resource is ``arn:aws:quicksight:us-east-1:<relevant-aws-account-id> :group/default/<group-name> `` .
The response is a group object.
CLI Sample:
aws quicksight create-group --aws-account-id=111122223333 --namespace=default --group-name="Sales-Management" --description="Sales Management - Forecasting"
See also: AWS API Documentation
Request Syntax
client.create_group( GroupName='string', Description='string', AwsAccountId='string', Namespace='string' )
string
[REQUIRED]
A name for the group that you want to create.
string
A description for the group that you want to create.
string
[REQUIRED]
The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'Group': { 'Arn': 'string', 'GroupName': 'string', 'Description': 'string', 'PrincipalId': 'string' }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
The response object for this operation.
Group (dict) --
The name of the group.
Arn (string) --
The Amazon Resource Name (ARN) for the group.
GroupName (string) --
The name of the group.
Description (string) --
The group description.
PrincipalId (string) --
The principal ID of the group.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'Group': {'PrincipalId': 'string'}}
Returns an Amazon QuickSight group's description and Amazon Resource Name (ARN).
The permissions resource is ``arn:aws:quicksight:us-east-1:<relevant-aws-account-id> :group/default/<group-name> `` .
The response is the group object.
CLI Sample:
aws quicksight describe-group -\-aws-account-id=11112222333 -\-namespace=default -\-group-name=Sales
See also: AWS API Documentation
Request Syntax
client.describe_group( GroupName='string', AwsAccountId='string', Namespace='string' )
string
[REQUIRED]
The name of the group that you want to describe.
string
[REQUIRED]
The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'Group': { 'Arn': 'string', 'GroupName': 'string', 'Description': 'string', 'PrincipalId': 'string' }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
Group (dict) --
The name of the group.
Arn (string) --
The Amazon Resource Name (ARN) for the group.
GroupName (string) --
The name of the group.
Description (string) --
The group description.
PrincipalId (string) --
The principal ID of the group.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'User': {'PrincipalId': 'string'}}
Returns information about a user, given the user name.
The permission resource is ``arn:aws:quicksight:us-east-1:<aws-account-id> :user/default/<user-name> `` .
The response is a user object that contains the user's Amazon Resource Name (ARN), AWS Identity and Access Management (IAM) role, and email address.
CLI Sample:
aws quicksight describe-user --aws-account-id=111122223333 --namespace=default --user-name=Pat
See also: AWS API Documentation
Request Syntax
client.describe_user( UserName='string', AwsAccountId='string', Namespace='string' )
string
[REQUIRED]
The name of the user that you want to describe.
string
[REQUIRED]
The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'User': { 'Arn': 'string', 'UserName': 'string', 'Email': 'string', 'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER', 'IdentityType': 'IAM'|'QUICKSIGHT', 'Active': True|False, 'PrincipalId': 'string' }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
User (dict) --
The user name.
Arn (string) --
The Amazon Resource Name (ARN) for the user.
UserName (string) --
The user's user name.
Email (string) --
The user's email address.
Role (string) --
The Amazon QuickSight role for the user.
IdentityType (string) --
The type of identity authentication used by the user.
Active (boolean) --
Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password
PrincipalId (string) --
The principal ID of the user.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'GroupList': {'PrincipalId': 'string'}}
Lists all user groups in Amazon QuickSight.
The permissions resource is arn:aws:quicksight:us-east-1:*<aws-account-id>* :group/default/* .
The response is a list of group objects.
CLI Sample:
aws quicksight list-groups -\-aws-account-id=111122223333 -\-namespace=default
See also: AWS API Documentation
Request Syntax
client.list_groups( AwsAccountId='string', NextToken='string', MaxResults=123, Namespace='string' )
string
[REQUIRED]
The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
A pagination token that can be used in a subsequent request.
integer
The maximum number of results to return.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'GroupList': [ { 'Arn': 'string', 'GroupName': 'string', 'Description': 'string', 'PrincipalId': 'string' }, ], 'NextToken': 'string', 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
GroupList (list) --
The list of the groups.
(dict) --
A group in Amazon QuickSight consists of a set of users. You can use groups to make it easier to manage access and security. Currently, an Amazon QuickSight subscription can't contain more than 500 Amazon QuickSight groups.
Arn (string) --
The Amazon Resource Name (ARN) for the group.
GroupName (string) --
The name of the group.
Description (string) --
The group description.
PrincipalId (string) --
The principal ID of the group.
NextToken (string) --
A pagination token that can be used in a subsequent request.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'GroupList': {'PrincipalId': 'string'}}
Lists the Amazon QuickSight groups that an Amazon QuickSight user is a member of.
The permission resource is ``arn:aws:quicksight:us-east-1:<aws-account-id> :user/default/<user-name> `` .
The response is a one or more group objects.
CLI Sample:
aws quicksight list-user-groups -\-user-name=Pat -\-aws-account-id=111122223333 -\-namespace=default -\-region=us-east-1
See also: AWS API Documentation
Request Syntax
client.list_user_groups( UserName='string', AwsAccountId='string', Namespace='string', NextToken='string', MaxResults=123 )
string
[REQUIRED]
The Amazon QuickSight user name that you want to list group memberships for.
string
[REQUIRED]
The AWS Account ID that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
string
A pagination token that can be used in a subsequent request.
integer
The maximum number of results to return from this request.
dict
Response Syntax
{ 'GroupList': [ { 'Arn': 'string', 'GroupName': 'string', 'Description': 'string', 'PrincipalId': 'string' }, ], 'NextToken': 'string', 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
GroupList (list) --
The list of groups the user is a member of.
(dict) --
A group in Amazon QuickSight consists of a set of users. You can use groups to make it easier to manage access and security. Currently, an Amazon QuickSight subscription can't contain more than 500 Amazon QuickSight groups.
Arn (string) --
The Amazon Resource Name (ARN) for the group.
GroupName (string) --
The name of the group.
Description (string) --
The group description.
PrincipalId (string) --
The principal ID of the group.
NextToken (string) --
A pagination token that can be used in a subsequent request.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The HTTP status of the request.
{'UserList': {'PrincipalId': 'string'}}
Returns a list of all of the Amazon QuickSight users belonging to this account.
The permission resource is arn:aws:quicksight:us-east-1:*<aws-account-id>* :user/default/* .
The response is a list of user objects, containing each user's Amazon Resource Name (ARN), AWS Identity and Access Management (IAM) role, and email address.
CLI Sample:
aws quicksight list-users --aws-account-id=111122223333 --namespace=default
See also: AWS API Documentation
Request Syntax
client.list_users( AwsAccountId='string', NextToken='string', MaxResults=123, Namespace='string' )
string
[REQUIRED]
The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
A pagination token that can be used in a subsequent request.
integer
The maximum number of results to return from this request.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'UserList': [ { 'Arn': 'string', 'UserName': 'string', 'Email': 'string', 'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER', 'IdentityType': 'IAM'|'QUICKSIGHT', 'Active': True|False, 'PrincipalId': 'string' }, ], 'NextToken': 'string', 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
UserList (list) --
The list of users.
(dict) --
A registered user of Amazon QuickSight. Currently, an Amazon QuickSight subscription can't contain more than 20 million users.
Arn (string) --
The Amazon Resource Name (ARN) for the user.
UserName (string) --
The user's user name.
Email (string) --
The user's email address.
Role (string) --
The Amazon QuickSight role for the user.
IdentityType (string) --
The type of identity authentication used by the user.
Active (boolean) --
Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password
PrincipalId (string) --
The principal ID of the user.
NextToken (string) --
A pagination token that can be used in a subsequent request.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'User': {'PrincipalId': 'string'}}
Creates an Amazon QuickSight user, whose identity is associated with the AWS Identity and Access Management (IAM) identity or role specified in the request.
The permission resource is ``arn:aws:quicksight:us-east-1:<aws-account-id> :user/default/<user-name> `` .
The condition resource is the Amazon Resource Name (ARN) for the IAM user or role, and the session name.
The condition keys are quicksight:IamArn and quicksight:SessionName .
CLI Sample:
aws quicksight register-user -\-aws-account-id=111122223333 -\-namespace=default -\-email=pat@example.com -\-identity-type=IAM -\-user-role=AUTHOR -\-iam-arn=arn:aws:iam::111122223333:user/Pat
See also: AWS API Documentation
Request Syntax
client.register_user( IdentityType='IAM'|'QUICKSIGHT', Email='string', UserRole='ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER', IamArn='string', SessionName='string', AwsAccountId='string', Namespace='string', UserName='string' )
string
[REQUIRED]
Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts two values:
IAM : A user whose identity maps to an existing IAM user or role.
QUICKSIGHT : A user whose identity is owned and managed internally by Amazon QuickSight.
string
[REQUIRED]
The email address of the user that you want to register.
string
[REQUIRED]
The Amazon QuickSight role of the user. The user role can be one of the following:
READER : A user who has read-only access to dashboards.
AUTHOR : A user who can create data sources, data sets, analyses, and dashboards.
ADMIN : A user who is an author, who can also manage Amazon QuickSight settings.
string
The ARN of the IAM user or role that you are registering with Amazon QuickSight.
string
The name of the session with the assumed IAM role. By using this parameter, you can register multiple users with the same IAM role, provided that each has a different session name. For more information on assuming IAM roles, see ` assume-role https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html`__ in the AWS CLI Reference.
string
[REQUIRED]
The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
string
The Amazon QuickSight user name that you want to create for the user you are registering.
dict
Response Syntax
{ 'User': { 'Arn': 'string', 'UserName': 'string', 'Email': 'string', 'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER', 'IdentityType': 'IAM'|'QUICKSIGHT', 'Active': True|False, 'PrincipalId': 'string' }, 'UserInvitationUrl': 'string', 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
User (dict) --
The user name.
Arn (string) --
The Amazon Resource Name (ARN) for the user.
UserName (string) --
The user's user name.
Email (string) --
The user's email address.
Role (string) --
The Amazon QuickSight role for the user.
IdentityType (string) --
The type of identity authentication used by the user.
Active (boolean) --
Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password
PrincipalId (string) --
The principal ID of the user.
UserInvitationUrl (string) --
The URL the user visits to complete registration and provide a password. This is returned only for users with an identity type of QUICKSIGHT .
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'Group': {'PrincipalId': 'string'}}
Changes a group description.
The permissions resource is ``arn:aws:quicksight:us-east-1:<aws-account-id> :group/default/<group-name> `` .
The response is a group object.
CLI Sample:
aws quicksight update-group --aws-account-id=111122223333 --namespace=default --group-name=Sales --description="Sales BI Dashboards"
See also: AWS API Documentation
Request Syntax
client.update_group( GroupName='string', Description='string', AwsAccountId='string', Namespace='string' )
string
[REQUIRED]
The name of the group that you want to update.
string
The description for the group that you want to update.
string
[REQUIRED]
The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
dict
Response Syntax
{ 'Group': { 'Arn': 'string', 'GroupName': 'string', 'Description': 'string', 'PrincipalId': 'string' }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
Group (dict) --
The name of the group.
Arn (string) --
The Amazon Resource Name (ARN) for the group.
GroupName (string) --
The name of the group.
Description (string) --
The group description.
PrincipalId (string) --
The principal ID of the group.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.
{'User': {'PrincipalId': 'string'}}
Updates an Amazon QuickSight user.
The permission resource is ``arn:aws:quicksight:us-east-1:<aws-account-id> :user/default/<user-name> `` .
The response is a user object that contains the user's Amazon QuickSight user name, email address, active or inactive status in Amazon QuickSight, Amazon QuickSight role, and Amazon Resource Name (ARN).
CLI Sample:
aws quicksight update-user --user-name=Pat --role=ADMIN --email=new_address@amazon.com --aws-account-id=111122223333 --namespace=default --region=us-east-1
See also: AWS API Documentation
Request Syntax
client.update_user( UserName='string', AwsAccountId='string', Namespace='string', Email='string', Role='ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER' )
string
[REQUIRED]
The Amazon QuickSight user name that you want to update.
string
[REQUIRED]
The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.
string
[REQUIRED]
The namespace. Currently, you should set this to default .
string
[REQUIRED]
The email address of the user that you want to update.
string
[REQUIRED]
The Amazon QuickSight role of the user. The user role can be one of the following:
READER : A user who has read-only access to dashboards.
AUTHOR : A user who can create data sources, data sets, analyses, and dashboards.
ADMIN : A user who is an author, who can also manage Amazon QuickSight settings.
dict
Response Syntax
{ 'User': { 'Arn': 'string', 'UserName': 'string', 'Email': 'string', 'Role': 'ADMIN'|'AUTHOR'|'READER'|'RESTRICTED_AUTHOR'|'RESTRICTED_READER', 'IdentityType': 'IAM'|'QUICKSIGHT', 'Active': True|False, 'PrincipalId': 'string' }, 'RequestId': 'string', 'Status': 123 }
Response Structure
(dict) --
User (dict) --
The Amazon QuickSight user.
Arn (string) --
The Amazon Resource Name (ARN) for the user.
UserName (string) --
The user's user name.
Email (string) --
The user's email address.
Role (string) --
The Amazon QuickSight role for the user.
IdentityType (string) --
The type of identity authentication used by the user.
Active (boolean) --
Active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an AD user, that user is inactive until they sign in and provide a password
PrincipalId (string) --
The principal ID of the user.
RequestId (string) --
The AWS request ID for this operation.
Status (integer) --
The http status of the request.