Enabling connection from Lake Formation - Amazon QuickSight
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enabling connection from Lake Formation

Before you begin using this solution with Amazon QuickSight, make sure that you can access your data using Athena with Lake Formation. After you verify that the connection is working through Athena, you need to verify only that Amazon QuickSight can connect to Athena. Doing this means you don't have to troubleshoot connections through all three products at once. One easy way to test the connection is to use the Athena query console to run a simple SQL command, for example SELECT 1 FROM table.

To set up Lake Formation, the person or team who works on it needs access to create a new IAM role and to Lake Formation. They also need the information shown in the following list. For more information, see Setting up lake formation in the Amazon Lake Formation Developer Guide.

  • Collect the Amazon Resource Names (ARNs) of the Amazon QuickSight users and groups that need to access the data in Lake Formation. These users should be Amazon QuickSight authors or administrators.

    To find Amazon QuickSight user and group ARNs

    1. Use the Amazon CLI to find user ARNs for Amazon QuickSight authors and admins. To do this, run the following list-users command in your terminal (Linux or Mac) or at your command prompt (Windows).

      aws quicksight list-users --aws-account-id 111122223333 --namespace default --region us-east-1

      The response returns information for each user. We show the Amazon Resource Name (ARN) in bold in the following example. 

      RequestId: a27a4cef-4716-48c8-8d34-7d3196e76468
Status: 200
UserList:
- Active: true
  Arn: arn:aws-cn:quicksight:us-east-1:111122223333:user/default/SaanviSarkar
  Email: SaanviSarkar@example.com
  PrincipalId: federated/iam/AIDAJVCZOVSR3DESMJ7TA
  Role: ADMIN
  UserName: SaanviSarkar

      To avoid using the Amazon CLI, you can construct the ARNs for each user manually.

    2. (Optional) Use the Amazon CLI to find ARNs for Amazon QuickSight groups by running the following list-group command in your terminal (Linux or Mac) or at your command prompt (Windows).

      aws quicksight list-groups --aws-account-id 111122223333 --namespace default --region us-east-1

      The response returns information for each group. The ARN appears in bold in the following example. 

      GroupList:
- Arn: arn:aws-cn:quicksight:us-east-1:111122223333:group/default/DataLake-Scorecard
  Description: Data Lake for CXO Balanced Scorecard
  GroupName: DataLake-Scorecard
  PrincipalId: group/d-90671c9c12/6f9083c2-8400-4389-8477-97ef05e3f7db
RequestId: c1000198-18fa-4277-a1e2-02163288caf6
Status: 200

      If you don't have any Amazon QuickSight groups, add a group by using the Amazon CLI to run the create-group command. There currently isn't an option to do this from the Amazon QuickSight console. For more information, see Creating and managing groups in Amazon QuickSight.

      To avoid using the Amazon CLI, you can construct the ARNs for each group manually.