Class: Aws::QuickSight::Types::GenerateEmbedUrlForAnonymousUserRequest

Inherits:

Struct

Object
Struct
Aws::QuickSight::Types::GenerateEmbedUrlForAnonymousUserRequest

show all

Includes:: Structure

Defined in:: lib/aws-sdk-quicksight/types.rb

Overview

Constant Summary collapse

SENSITIVE =

[]

Instance Attribute Summary collapse

#allowed_domains ⇒ Array<String>

The domains that you want to add to the allow list for access to the generated URL that is then embedded.
#authorized_resource_arns ⇒ Array<String>

The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.
#aws_account_id ⇒ String

The ID for the Amazon Web Services account that contains the dashboard that you’re embedding.
#experience_configuration ⇒ Types::AnonymousUserEmbeddingExperienceConfiguration

The configuration of the experience that you are embedding.
#namespace ⇒ String

The Amazon Quick Sight namespace that the anonymous user virtually belongs to.
#session_lifetime_in_minutes ⇒ Integer

How many minutes the session is valid.
#session_tags ⇒ Array<Types::SessionTag>

Session tags are user-specified strings that identify a session in your application.

Instance Attribute Details

#allowed_domains ⇒ `Array<String>`

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage Quick Sight menu in the Amazon Quick Sight console. Instead, it allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include all subdomains under a specific domain to the allow list, use ‘*`. For example, `*.sapp.amazon.com` includes all subdomains under `sapp.amazon.com`.

Returns:

(Array<String>)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#authorized_resource_arns ⇒ `Array<String>`

The Amazon Resource Names (ARNs) for the Quick Sight resources that the user is authorized to access during the lifetime of the session.

If you choose ‘Dashboard` embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view.

If you want to make changes to the theme of your embedded content, pass a list of theme ARNs that the anonymous users need access to.

Currently, you can pass up to 25 theme ARNs in each API call.

Returns:

(Array<String>)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#aws_account_id ⇒ `String`

The ID for the Amazon Web Services account that contains the dashboard that you’re embedding.

Returns:

(String)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#experience_configuration ⇒ `Types::AnonymousUserEmbeddingExperienceConfiguration`

The configuration of the experience that you are embedding.

Returns:

(Types::AnonymousUserEmbeddingExperienceConfiguration)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#namespace ⇒ `String`

The Amazon Quick Sight namespace that the anonymous user virtually belongs to. If you are not using an Amazon Quick custom namespace, set this to ‘default`.

Returns:

(String)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#session_lifetime_in_minutes ⇒ `Integer`

How many minutes the session is valid. The session lifetime must be in [15-600] minutes range.

Returns:

(Integer)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

#session_tags ⇒ `Array<Types::SessionTag>`

Session tags are user-specified strings that identify a session in your application. You can use these tags to implement row-level security (RLS) controls. Before you use the ‘SessionTags` parameter, make sure that you have configured the relevant datasets using the `DataSet$RowLevelPermissionTagConfiguration` parameter so that session tags can be used to provide row-level security.

When using ‘SessionTags` in `GenerateEmbedUrlForAnonymousUser`,

Treat ‘SessionTags` as security credentials. Do not expose `SessionTags` to end users or client-side code.
Implement server-side controls. Ensure that ‘SessionTags` are set exclusively by your trusted backend services, not by parameters that end users can modify.
Protect ‘SessionTags` from enumeration. Ensure that users in one tenant cannot discover or guess sessionTag values belonging to other tenants.
Review your architecture. If downstream customers or partners are allowed to call the ‘GenerateEmbedUrlForAnonymousUser` API directly, evaluate whether those parties could specify sessionTag values for tenants they should not access.

Besides, these are not the tags used for the Amazon Web Services resource tagging feature. For more information, see [Using Row-Level Security (RLS) with Tags] in the *Amazon Quick User Guide*.

[1]: docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html

Returns:

(Array<Types::SessionTag>)

# File 'lib/aws-sdk-quicksight/types.rb', line 21162

class GenerateEmbedUrlForAnonymousUserRequest < Struct.new(
  :aws_account_id,
  :session_lifetime_in_minutes,
  :namespace,
  :session_tags,
  :authorized_resource_arns,
  :experience_configuration,
  :allowed_domains)
  SENSITIVE = []
  include Aws::Structure
end

Class: Aws::QuickSight::Types::GenerateEmbedUrlForAnonymousUserRequest

Overview

Constant Summary collapse

Instance Attribute Summary collapse

Instance Attribute Details

#allowed_domains ⇒ Array<String>

#authorized_resource_arns ⇒ Array<String>

#aws_account_id ⇒ String

#experience_configuration ⇒ Types::AnonymousUserEmbeddingExperienceConfiguration

#namespace ⇒ String

#session_lifetime_in_minutes ⇒ Integer

#session_tags ⇒ Array<Types::SessionTag>

#allowed_domains ⇒ `Array<String>`

#authorized_resource_arns ⇒ `Array<String>`

#aws_account_id ⇒ `String`

#experience_configuration ⇒ `Types::AnonymousUserEmbeddingExperienceConfiguration`

#namespace ⇒ `String`

#session_lifetime_in_minutes ⇒ `Integer`

#session_tags ⇒ `Array<Types::SessionTag>`