Deploy Amazon QuickSight dashboards across environments using the SMUS CI/CD pipeline.
The QuickSight deployment feature enables you to:
- Export dashboards from one environment (e.g., dev)
- Bundle dashboards with your application code
- Deploy dashboards to multiple environments (test, prod)
- Override parameters per environment (datasets, data sources)
- Manage dashboard permissions automatically
QuickSight dashboards are configured in two places:
- Content (
content.quicksight) - Defines WHAT dashboards to deploy - Deployment Configuration (
stages.<stage>.deployment_configuration.quicksight) - Defines HOW to deploy them (overrides, permissions)
applicationName: my-analytics-app
content:
quicksight:
- dashboardId: sales-dashboard
assetBundle: export # or quicksight/sales-dashboard.qs
stages:
dev:
domain:
region: us-east-2
project:
name: dev-analytics
deployment_configuration:
quicksight:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: dev-
permissions:
- principal: "arn:aws:quicksight:${DEV_DOMAIN_REGION:us-east-2}:*:user/default/admin"
actions:
- "quicksight:DescribeDashboard"
- "quicksight:QueryDashboard"
prod:
domain:
region: us-east-1
project:
name: prod-analytics
deployment_configuration:
quicksight:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: prod-
permissions:
- principal: "arn:aws:quicksight:us-east-1:*:group/default/analysts"
actions:
- "quicksight:DescribeDashboard"
- "quicksight:QueryDashboard"- dashboardId (string, required): QuickSight dashboard ID
- source (string, optional): Dashboard bundle source
export- Export from dev environment during bundle creation (default)quicksight/dashboard.qs- Path in bundle zip
-
overrideParameters (object, optional): Parameters to override during import
- Common overrides:
ResourceIdOverrideConfiguration,DataSetArn,DataSourceArn - Format: AWS QuickSight OverrideParameters structure
- Supports variable substitution:
{proj.name},${ENV_VAR}
- Common overrides:
-
permissions (array, optional): Dashboard permissions to grant after deployment
- principal (string): ARN of user or group (use
*for account wildcard) - actions (array): QuickSight permission actions
- principal (string): ARN of user or group (use
Note: Use * instead of hardcoded account IDs in ARNs. Use ${REGION_VAR} for regions.
When running aws-smus-cicd-cli bundle, dashboards with assetBundle: export are exported:
aws-smus-cicd-cli bundle --targets devWhat happens:
- Connects to QuickSight in dev environment
- Exports dashboard as asset bundle
- Downloads bundle to
quicksight/{dashboardId}.qsin bundle zip - Bundle is ready for deployment
When running aws-smus-cicd-cli deploy, dashboards are imported:
aws-smus-cicd-cli deploy --targets prodWhat happens:
- Extracts dashboard bundle from zip
- Imports dashboard to target environment
- Applies override parameters from
deployment_configuration.quicksight - Grants permissions to specified principals
- Dashboard and datasets are live in target environment
- Imported dataset IDs are captured for bootstrap actions
Scenario: You have a dashboard in dev that you want to deploy to prod with different resource prefixes.
content:
quicksight:
- dashboardId: sales-dashboard
assetBundle: export
stages:
dev:
deployment_configuration:
quicksight:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: dev-
prod:
deployment_configuration:
quicksight:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: prod-Steps:
- Create dashboard in dev environment
- Add to manifest with
assetBundle: export - Run
aws-smus-cicd-cli bundle --targets dev - Run
aws-smus-cicd-cli deploy --targets prod
Scenario: Different permissions for different environments.
content:
quicksight:
- dashboardId: analytics-dashboard
assetBundle: export
stages:
dev:
deployment_configuration:
quicksight:
permissions:
- principal: "arn:aws:quicksight:us-east-2:*:user/default/dev-team"
actions: ["quicksight:DescribeDashboard", "quicksight:QueryDashboard"]
prod:
deployment_configuration:
quicksight:
permissions:
- principal: "arn:aws:quicksight:us-east-1:*:group/default/executives"
actions: ["quicksight:DescribeDashboard", "quicksight:QueryDashboard"]Scenario: Automatically refresh QuickSight datasets after deploying ETL workflows.
content:
quicksight:
- dashboardId: sales-dashboard
assetBundle: export
workflows:
- workflowName: etl_pipeline
connectionName: default.workflow_serverless
stages:
prod:
deployment_configuration:
quicksight:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: prod-
bootstrap:
actions:
- type: workflow.run
workflowName: etl_pipeline
wait: true
- type: quicksight.refresh_dataset
refreshScope: IMPORTED # Refreshes datasets from dashboard import
wait: trueOverride parameters allow you to customize dashboards per environment. Common parameters:
overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: prod-overrideParameters:
DataSetArn: "arn:aws:quicksight:us-east-1:*:dataset/prod-dataset"overrideParameters:
DataSourceArn: "arn:aws:quicksight:us-east-1:*:datasource/prod-source"overrideParameters:
ResourceIdOverrideConfiguration:
PrefixForAllResources: ${STAGE}-
DataSetArn: "arn:aws:quicksight:${REGION}:*:dataset/${STAGE}-sales"
ThemeArn: "arn:aws:quicksight:us-east-1:123456789012:theme/dark-mode"Grant dashboard access to users and groups after deployment.
Common QuickSight dashboard actions:
quicksight:DescribeDashboard- View dashboard metadataquicksight:ListDashboardVersions- List dashboard versionsquicksight:QueryDashboard- View dashboard dataquicksight:UpdateDashboard- Modify dashboardquicksight:DeleteDashboard- Delete dashboardquicksight:UpdateDashboardPermissions- Manage permissions
permissions:
- principal: "arn:aws:quicksight:us-east-1:123456789012:user/default/john.doe"
actions:
- "quicksight:DescribeDashboard"
- "quicksight:QueryDashboard"permissions:
- principal: "arn:aws:quicksight:us-east-1:123456789012:group/default/analysts"
actions:
- "quicksight:DescribeDashboard"
- "quicksight:QueryDashboard"permissions:
- principal: "arn:aws:quicksight:us-east-1:123456789012:group/default/viewers"
actions: ["quicksight:DescribeDashboard", "quicksight:QueryDashboard"]
- principal: "arn:aws:quicksight:us-east-1:123456789012:group/default/editors"
actions: ["quicksight:DescribeDashboard", "quicksight:QueryDashboard", "quicksight:UpdateDashboard"]The AWS credentials used must have these QuickSight permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"quicksight:StartAssetBundleExportJob",
"quicksight:DescribeAssetBundleExportJob"
],
"Resource": "*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"quicksight:StartAssetBundleImportJob",
"quicksight:DescribeAssetBundleImportJob",
"quicksight:UpdateDashboardPermissions"
],
"Resource": "*"
}
]
}See examples/analytic-workflow/etl/manifest.yaml for a complete example with QuickSight deployment.
- Manifest Schema - Complete manifest reference
- Event Initialization - Trigger events on deployment
- CLI Commands - Bundle and deploy command reference