How to Get Embed URLs for AWS Quicksight Dashboards using Java SDK

Question

I think I understand all the steps necessary to get the embed URL for an AWS Quicksight dashboard, and I have been able to get a valid URL via the AWS CLI as described in the AW

Answer 1

I finally figured it out. Here's a working Groovy/Grails sample project that gets Quicksight dashboard URLs using the AWS Java SDK v2.

Summary

I followed a modified version of the process outline in the AWS docs, here. The docs say to have your service account assume the user's IAM role and then request the dashboard as the end user using IdentityType.IAM. However, I made the request to get the url as the service account, without assuming the user's role, and specified the end user's ARN and IdentityType.QUICKSIGHT in the API call.

Code (full code)

import software.amazon.awssdk.services.quicksight.QuickSightClient
import software.amazon.awssdk.services.quicksight.model.*

class ApplicationController {
    String roleName = "embed-dashboard"
    String namespace = "default"
    String awsAccountId
    String dashboardId
    QuickSightClient quickSightClient

    def index(String awsAccountId, String email, String dashboardId) {

        //unimportant code removed

        String url = fetchEmbedUrl(email)
        render "<a href='$url' target='_blank'>Dashboard</a>"
    }

    private String fetchEmbedUrl(String email) {
        // look up the user by email address
        // if we don't find the user register them
        User user = fetchUser(email) ?: registerUser(email)

        // get the dashboard URL
        String embedUrl = quickSightClient.getDashboardEmbedUrl(GetDashboardEmbedUrlRequest.builder()
            .awsAccountId(awsAccountId)
            .dashboardId(dashboardId)
            .userArn(user.arn)
            .identityType(IdentityType.QUICKSIGHT)
            .sessionLifetimeInMinutes(600L)
            .build()
        ).embedUrl

        log.info("URL:\n$embedUrl")

        return embedUrl
    }

    private User fetchUser(String email) {
        return quickSightClient.listUsers(ListUsersRequest.builder()
            .awsAccountId(awsAccountId)
            .namespace(namespace)
            .build()
        ).userList().find { it.email() == email }
    }

    private User registerUser(String email) {
        String roleArn = "arn:aws:iam::$awsAccountId:role/$roleName"
        return quickSightClient.registerUser(RegisterUserRequest.builder()
            .awsAccountId(awsAccountId)
            .namespace(namespace)
            .identityType(IdentityType.IAM)
            .iamArn(roleArn)
            .userRole("READER")
            .email(email)
            .sessionName(email)
            .build()
        ).user()
    }

}