Exercise 1 - Create a new user
Register-user command can be used for creating new users in QuickSight.
In Cloud9, Execute following register-user command from terminal to create a READER. Identity type of QUICKSIGHT means that the user is fully managed within QuickSight. Register-user can be used to create QuickSight users mapped to federated identities and IAM users as well.
Copy the UserInvitationUrl from output of above command and launch in a private browser window.
Enter and confirm QS-DemoPass as the password. If you are running this on your own account, be sure to set a password of your choice.
Click Continue button.
Enter username as Default-Reader1, the password you set and click Sign in button. We don’t need to have namespace as part of the user name. It is already part of the user/group arn. We are doing it here just to make it easier to understand in a lab setting.
Note that Default-Reader1 doesn’t have access to any dashboards currently. Don’t close the browser. We will come back to this in later step.
Exercise 2 - Create a new group
QuickSight groups can be used to share objects & folders and also to specify RLS and CLS rules.
In Cloud9, Execute following create-group command to create a QuickSight group.
From QuickSight Dashboards view of admin user, click on QSTCF-Dashboard.
Click on Share and select Share dashboard.
Search for Default. You will see both the user Default-Reader1 and the group Default-ReaderGroup in match list.
Select Default-ReaderGroup and click Share button.
Exercise 4 - Add Default-Reader1 to Default-ReaderGroup
We are purposefully doing this after sharing dashboard with the group. This makes it clear that the authorization is based on group membership at time of accessing the dashboard (in next step).
In Cloud9, Execute following create-group-membership command to add Reader1 to ReaderGroup