-
-
Save madan712/9af75f2646a79266cc809fafff174a29 to your computer and use it in GitHub Desktop.
Node lambda function using AWS SDK javascript v3 to fetch quicksight embed url
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const {STSClient, AssumeRoleCommand} = require("@aws-sdk/client-sts"); | |
const {QuickSightClient, GetDashboardEmbedUrlCommand, RegisterUserCommand} = require("@aws-sdk/client-quicksight"); | |
const AWS_REGION = "us-east-1"; | |
const AWS_ACCOUNT_ID = "123456789012"; | |
const QUICKSIGHT_ROLE_ARN = `arn:aws:iam::${AWS_ACCOUNT_ID}:role/QuicksightDashboardViewer`; | |
const stsClient = new STSClient({ | |
region: AWS_REGION | |
}); | |
const getQuickSightClient = (credentials) => { | |
return new QuickSightClient({ | |
region: AWS_REGION, credentials: { | |
accessKeyId: credentials.AccessKeyId, | |
secretAccessKey: credentials.SecretAccessKey, | |
sessionToken: credentials.SessionToken, | |
expiration: credentials.Expiration | |
} | |
}); | |
} | |
const assumeRole = async (email) => { | |
console.log(`Assuming role`); | |
const param = { | |
RoleArn: QUICKSIGHT_ROLE_ARN, | |
RoleSessionName: email, // An unique identifier like email/username etc | |
DurationSeconds: 900, | |
}; | |
const command = new AssumeRoleCommand(param); | |
const response = await stsClient.send(command); | |
console.log(JSON.stringify(response)); | |
return getQuickSightClient(response.Credentials); | |
}; | |
const registerUser = async (qsClient, email) => { | |
console.log(`Registering user`); | |
const param = { | |
IdentityType: "IAM", | |
Email: email, | |
UserRole: "READER", | |
IamArn: QUICKSIGHT_ROLE_ARN, | |
SessionName: email, | |
AwsAccountId: AWS_ACCOUNT_ID, | |
Namespace: "default" | |
}; | |
const command = new RegisterUserCommand(param); | |
try { | |
const response = await qsClient.send(command); | |
console.log(JSON.stringify(response)); | |
return response; | |
} catch (error) { | |
// registerUser need to be called only once on subsequent hit it will give error httpStatusCode: 409, | |
console.log(JSON.stringify(error)); | |
return {}; | |
} | |
} | |
const getEmbedUrl = async (qsClient, dashboardId) => { | |
console.log(`Fetching embed url`); | |
const param = { | |
AwsAccountId: AWS_ACCOUNT_ID, | |
DashboardId: dashboardId, | |
IdentityType: "IAM", | |
UndoRedoDisabled: true, | |
ResetDisabled: true | |
}; | |
const command = new GetDashboardEmbedUrlCommand(param); | |
const response = await qsClient.send(command); | |
console.log(JSON.stringify(response)); | |
return response.EmbedUrl.toString(); | |
} | |
/** | |
* @type {import('@types/aws-lambda').APIGatewayProxyHandler} | |
*/ | |
exports.handler = async (event) => { | |
console.log(`EVENT: ${JSON.stringify(event)}`); | |
const email = event.queryStringParameters.email; | |
const dashboardId = event.queryStringParameters.dashboardId; | |
const quickSightClient = await assumeRole(email); | |
await registerUser(quickSightClient, email) | |
const url = await getEmbedUrl(quickSightClient, dashboardId); | |
return { | |
statusCode: 200, | |
headers: { | |
"Access-Control-Allow-Headers": "Content-Type", | |
"Access-Control-Allow-Origin": "https://www.yourdomain.com", | |
"Access-Control-Allow-Methods": "GET" | |
}, | |
body: url, | |
}; | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment