madan712/.js

## .js
const {STSClient, AssumeRoleCommand} = require("@aws-sdk/client-sts");
const {QuickSightClient, GetDashboardEmbedUrlCommand, RegisterUserCommand} = require("@aws-sdk/client-quicksight");

const AWS_REGION = "us-east-1";
const AWS_ACCOUNT_ID = "123456789012";
const QUICKSIGHT_ROLE_ARN = `arn:aws:iam::${AWS_ACCOUNT_ID}:role/QuicksightDashboardViewer`;
const stsClient = new STSClient({
    region: AWS_REGION
});

const getQuickSightClient = (credentials) => {
    return new QuickSightClient({
        region: AWS_REGION, credentials: {
            accessKeyId: credentials.AccessKeyId,
            secretAccessKey: credentials.SecretAccessKey,
            sessionToken: credentials.SessionToken,
            expiration: credentials.Expiration
        }
    });
}

const assumeRole = async (email) => {
    console.log(`Assuming role`);
    const param = {
        RoleArn: QUICKSIGHT_ROLE_ARN,
        RoleSessionName: email, // An unique identifier like email/username etc
        DurationSeconds: 900,
    };
    const command = new AssumeRoleCommand(param);

    const response = await stsClient.send(command);
    console.log(JSON.stringify(response));
    return getQuickSightClient(response.Credentials);
};

const registerUser = async (qsClient, email) => {
    console.log(`Registering user`);
    const param = {
        IdentityType: "IAM",
        Email: email,
        UserRole: "READER",
        IamArn: QUICKSIGHT_ROLE_ARN,
        SessionName: email,
        AwsAccountId: AWS_ACCOUNT_ID,
        Namespace: "default"
    };
    const command = new RegisterUserCommand(param);

    try {
        const response = await qsClient.send(command);
        console.log(JSON.stringify(response));
        return response;
    } catch (error) {
        // registerUser need to be called only once on subsequent hit it will give error httpStatusCode: 409,
        console.log(JSON.stringify(error));
        return {};
    }
}

const getEmbedUrl = async (qsClient, dashboardId) => {
    console.log(`Fetching embed url`);
    const param = {
        AwsAccountId: AWS_ACCOUNT_ID,
        DashboardId: dashboardId,
        IdentityType: "IAM",
        UndoRedoDisabled: true,
        ResetDisabled: true

    };
    const command = new GetDashboardEmbedUrlCommand(param);
    const response = await qsClient.send(command);
    console.log(JSON.stringify(response));
    return response.EmbedUrl.toString();
}

/**
 * @type {import('@types/aws-lambda').APIGatewayProxyHandler}
 */
exports.handler = async (event) => {
    console.log(`EVENT: ${JSON.stringify(event)}`);

    const email = event.queryStringParameters.email;
    const dashboardId = event.queryStringParameters.dashboardId;

    const quickSightClient = await assumeRole(email);

    await registerUser(quickSightClient, email)

    const url = await getEmbedUrl(quickSightClient, dashboardId);

    return {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers": "Content-Type",
            "Access-Control-Allow-Origin": "https://www.yourdomain.com",
            "Access-Control-Allow-Methods": "GET"
        },
        body: url,
    };
};
	const {STSClient, AssumeRoleCommand} = require("@aws-sdk/client-sts");
	const {QuickSightClient, GetDashboardEmbedUrlCommand, RegisterUserCommand} = require("@aws-sdk/client-quicksight");

	const AWS_REGION = "us-east-1";
	const AWS_ACCOUNT_ID = "123456789012";
	const QUICKSIGHT_ROLE_ARN = `arn:aws:iam::${AWS_ACCOUNT_ID}:role/QuicksightDashboardViewer`;
	const stsClient = new STSClient({
	region: AWS_REGION
	});

	const getQuickSightClient = (credentials) => {
	return new QuickSightClient({
	region: AWS_REGION, credentials: {
	accessKeyId: credentials.AccessKeyId,
	secretAccessKey: credentials.SecretAccessKey,
	sessionToken: credentials.SessionToken,
	expiration: credentials.Expiration
	}
	});
	}

	const assumeRole = async (email) => {
	console.log(`Assuming role`);
	const param = {
	RoleArn: QUICKSIGHT_ROLE_ARN,
	RoleSessionName: email, // An unique identifier like email/username etc
	DurationSeconds: 900,
	};
	const command = new AssumeRoleCommand(param);

	const response = await stsClient.send(command);
	console.log(JSON.stringify(response));
	return getQuickSightClient(response.Credentials);
	};

	const registerUser = async (qsClient, email) => {
	console.log(`Registering user`);
	const param = {
	IdentityType: "IAM",
	Email: email,
	UserRole: "READER",
	IamArn: QUICKSIGHT_ROLE_ARN,
	SessionName: email,
	AwsAccountId: AWS_ACCOUNT_ID,
	Namespace: "default"
	};
	const command = new RegisterUserCommand(param);

	try {
	const response = await qsClient.send(command);
	console.log(JSON.stringify(response));
	return response;
	} catch (error) {
	// registerUser need to be called only once on subsequent hit it will give error httpStatusCode: 409,
	console.log(JSON.stringify(error));
	return {};
	}
	}

	const getEmbedUrl = async (qsClient, dashboardId) => {
	console.log(`Fetching embed url`);
	const param = {
	AwsAccountId: AWS_ACCOUNT_ID,
	DashboardId: dashboardId,
	IdentityType: "IAM",
	UndoRedoDisabled: true,
	ResetDisabled: true

	};
	const command = new GetDashboardEmbedUrlCommand(param);
	const response = await qsClient.send(command);
	console.log(JSON.stringify(response));
	return response.EmbedUrl.toString();
	}

	/**
	* @type {import('@types/aws-lambda').APIGatewayProxyHandler}
	*/
	exports.handler = async (event) => {
	console.log(`EVENT: ${JSON.stringify(event)}`);

	const email = event.queryStringParameters.email;
	const dashboardId = event.queryStringParameters.dashboardId;

	const quickSightClient = await assumeRole(email);

	await registerUser(quickSightClient, email)

	const url = await getEmbedUrl(quickSightClient, dashboardId);

	return {
	statusCode: 200,
	headers: {
	"Access-Control-Allow-Headers": "Content-Type",
	"Access-Control-Allow-Origin": "https://www.yourdomain.com",
	"Access-Control-Allow-Methods": "GET"
	},
	body: url,
	};
	};