将QuickSight仪表板与身份验证集成可以确保只有经过身份验证的用户才能访问仪表板。为此,可以使用Amazon Cognito进行身份验证,并授予用户访问QuickSight的权限。
以下是代码示例:
1.创建Amazon Cognito用户池和客户端:
import boto3
client = boto3.client('cognito-idp')
response = client.create_user_pool(
PoolName='QuickSightUserPool'
)
user_pool_id = response['UserPool']['Id']
response = client.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName='QuickSightUserPoolClient'
)
app_client_id = response['UserPoolClient']['ClientId']
2.在QuickSight中创建组和用户,并将其与Cognito用户池集成:
import boto3
client = boto3.client('quicksight')
response = client.create_group(
AwsAccountId='123456789012',
Namespace='default',
GroupName='QuickSightGroup'
)
group_arn = response['Group']['Arn']
response = client.register_user(
IdentityType='IAM',
Email='user1@example.com',
UserRole='READER',
IamArn='arn:aws:iam::123456789012:user/User1',
SessionName='User1',
AwsAccountId='123456789012'
)
user_arn = response['User']['Arn']
response = client.create_user(
UserName='User1',
Email='user1@example.com',
Role='READER',
CustomPermissionsName='None',
UserAttributes=[
{
'Name': 'email',
'Value': 'user1@example.com'
},
]
)
response = client.update_user(
UserName='User1',
Email='user1@example.com',
Role='READER',
CustomPermissionsName='None',
UserAttributes=[
{
'Name': 'email',
'Value': 'user1@example.com'
},
],
GroupList=[
group_arn,
]
)
response = client.register_user(
IdentityType='COGNITO',
Email='user2@example.com',
UserRole='READER',
UserArn=user_arn,
SessionName='User2',
AwsAccountId='123456789012'
)
cognito_user_pool = 'arn:aws:cognito-idp:us-east-1:{account_id}:userpool/{user_pool_id}'.format(
account_id='123456789012',
user_pool_id=user_pool_id
)
response = client.update_user(
UserName='User1',
Email='user1@example.com',
Role='READER',
CustomPermissionsName='None',
UserAttributes=[
{
'Name': 'email',
'Value': 'user1@example.com'
},
{
'Name': 'cognito:user_pool_id',
'Value': user_pool_id
},
{
'Name': 'cognito:groups',
'Value': group_arn
}
],
ExternalLoginFederationProviderType='COGNITO',
ExternalLoginIdType='EMAIL',
ExternalLoginId='user2@example.com',
UserPool=cognito_user_pool,
IdentityType='IAM'
)
3.在QuickSight中创建一个数据集和仪表板,并将其授权给用户组:
response = client.create_data_source(
AwsAccountId='123456789012',
DataSourceId='MyDataSource',
Name='MyDataSource',
Type='S3',