quicksight_generate_embed_url_for_anonymous_user: Generates an embed URL that you can use to embed an Amazon...

View source: R/quicksight_operations.R

quicksight_generate_embed_url_for_anonymous_userR Documentation

Generates an embed URL that you can use to embed an Amazon Quick dashboard or visual in your website, without having to register any reader users

Description

Generates an embed URL that you can use to embed an Amazon Quick dashboard or visual in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

See https://www.paws-r-sdk.com/docs/quicksight_generate_embed_url_for_anonymous_user/ for full documentation.

Usage

quicksight_generate_embed_url_for_anonymous_user(
  AwsAccountId,
  SessionLifetimeInMinutes = NULL,
  Namespace,
  SessionTags = NULL,
  AuthorizedResourceArns,
  ExperienceConfiguration,
  AllowedDomains = NULL
)

Arguments

AwsAccountId

[required] The ID for the Amazon Web Services account that contains the dashboard that you're embedding.

SessionLifetimeInMinutes

How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.

Namespace

[required] The Amazon Quick Sight namespace that the anonymous user virtually belongs to. If you are not using an Amazon Quick custom namespace, set this to default.

SessionTags

Session tags are user-specified strings that identify a session in your application. You can use these tags to implement row-level security (RLS) controls. Before you use the SessionTags parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

When using SessionTags in generate_embed_url_for_anonymous_user,

  • Treat SessionTags as security credentials. Do not expose SessionTags to end users or client-side code.

  • Implement server-side controls. Ensure that SessionTags are set exclusively by your trusted backend services, not by parameters that end users can modify.

  • Protect SessionTags from enumeration. Ensure that users in one tenant cannot discover or guess sessionTag values belonging to other tenants.

  • Review your architecture. If downstream customers or partners are allowed to call the generate_embed_url_for_anonymous_user API directly, evaluate whether those parties could specify sessionTag values for tenants they should not access.

Besides, these are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tags in the Amazon Quick User Guide.

AuthorizedResourceArns

[required] The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.

If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view.

If you want to make changes to the theme of your embedded content, pass a list of theme ARNs that the anonymous users need access to.

Currently, you can pass up to 25 theme ARNs in each API call.

ExperienceConfiguration

[required] The configuration of the experience that you are embedding.

AllowedDomains

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage Quick Sight menu in the Amazon Quick Sight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include all subdomains under a specific domain to the allow list, use *. For example, ⁠https://*.sapp.amazon.com⁠ includes all subdomains under ⁠https://sapp.amazon.com⁠.


paws.analytics documentation built on May 30, 2026, 9:16 a.m.