Skip to content

Instantly share code, notes, and snippets.

@fideliocc

fideliocc/getDashboardUrl.js

Last active May 2, 2024 20:52
Show Gist options
  • Save fideliocc/272495e862ac50b8e8e5957710949d96 to your computer and use it in GitHub Desktop.
Save fideliocc/272495e862ac50b8e8e5957710949d96 to your computer and use it in GitHub Desktop.
Download ZIP
Lambda function hooked to API Gateway GET endpoint to attend: role assuming, registering for QuickSight and dashboard URL resolving for web app embedding feature
Raw
getDashboardUrl.js
'use strict'
// IMPORTANT: Replace environment variables with your current values
const aws = require('aws-sdk')
aws.config.region = process.env.REGION
const sts = new aws.STS({apiVersion: '2011-06-15'})
module.exports.handler = (event, context, callback) => {
console.log('User email', event.queryStringParameters.email)
const UserEmail = event.queryStringParameters.email
const accountId = process.env.AWS_ACCOUNT_ID
const dashboardId = process.env.QUICKSIGHT_MOBILE_DASHBOARD_ID
const identityType = 'IAM'
const region = process.env.REGION
const iamRole = process.env.QUICKSIGHT_ROLE_ARN
// Returns QuickSight Dashboard URL
function getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight) {
const urlParams = {
AwsAccountId: accountId, /* required */
DashboardId: dashboardId, /* required */
IdentityType: identityType, /* required */
}
return quicksight.getDashboardEmbedUrl(urlParams, (err, urlData) => {
if (err) {
console.log(err, err.stack);
callback(err, null);
} else {
console.log('Embed URL: ', urlData);
// HTTP response
const response = {
statusCode: 200,
headers: {
"Content-Type": "application/json",
"X-Requested-With": '*',
"Access-Control-Allow-Headers": 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Requested-With',
"Access-Control-Allow-Origin": '*',
"Access-Control-Allow-Methods": 'GET, OPTIONS',
"Access-Control-Allow-Credentials": true // Required for cookies, authorization headers with HTTPS
},
body: JSON.stringify({ payload: urlData }),
isBase64Encoded: false
};
callback(null, response)
}
})
}
// First of all, assume the QuickSightEmbedRole previously created, into Serverless Lambda Execution Role
const stsParams = {
RoleArn: iamRole, /* required */
RoleSessionName: UserEmail, /* required */
}
return sts.assumeRole(stsParams, (err, stsData) => {
if (err) {
// Oops, an error occured when assuming the new role...
console.log(err, err.stack);
callback(err, null);
} else {
console.log(stsData)
// Now you're authorized to perform Quicksight actions
const credentials = stsData.Credentials;
// Create new Quicksight object with recently obtained credentials
const quicksight = new aws.QuickSight({
apiVersion: '2018-04-01',
region: region,
credentials: {
accessKeyId: credentials.AccessKeyId,
secretAccessKey: credentials.SecretAccessKey,
sessionToken: credentials.SessionToken,
expiration: credentials.Expiration
}
})
// Now you're ready to register a new user...
const registerParams = {
AwsAccountId: accountId, /* required */
Email: UserEmail, /* required */
IdentityType: identityType, /* required */
Namespace: 'default', /* required */
UserRole: 'READER', /* required */
IamArn: iamRole,
SessionName: UserEmail,
}
return quicksight.registerUser(registerParams, (err, registerData) => {
if (err) {
if (err.code === 'ResourceExistsException') {
// If an user already exists in Quicksight, returns Dashboard URL
console.log('User exists!')
return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)
}
// An error occurred when registering a new user...
console.log('Ooops, an error occurred', err)
callback(err, null)
} else {
// User succesfully registered to Quicksight as a READER, then returns Dashboard URL
// This only happens when an web application user signs-in for the first time
console.log(registerData)
return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)
}
})
}
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment