LogoLogo
About UsCustomersResourcesGet Started for Free
  • What is Select Star?
  • 🏁Getting Started
    • 1. Data Source Setup
    • 2. Mark Service Accounts
    • 3. Hide Unwanted Datasets
    • 4. Invite Owners
    • 5. Add Documentation
    • Next Steps
  • 🔄Integrations
    • Snowflake
      • Using Key Pair Authentication
      • Using Password Authentication
      • Snowflake Tag Sync
      • Snowflake Key Pair Rotation
    • Databricks
      • Databricks on AWS
      • Databricks on Azure
    • BigQuery
    • AWS Redshift
      • Manual setup
    • Microsoft SQL Server / MS SQL (beta)
      • Query Logs
    • MySQL (beta)
      • Query Logs
    • Oracle (beta)
      • Query Logs
    • Salesforce (beta)
    • DB2 (beta)
    • PostgreSQL
      • AWS Aurora PostgreSQL
      • AWS RDS PostgreSQL
      • PostgreSQL on-prem
    • AWS Glue (beta)
    • dbt
      • dbt Cloud
      • dbt Core (open source)
      • dbt Tags
      • dbt Tests
      • dbt docs Sync
        • Github dbt docs Sync
        • Bitbucket dbt docs Sync
      • dbt Impact Report
      • dbt Project Dependencies
    • Apache Airflow (beta)
    • Tableau
      • Tableau Cloud
      • Tableau Server
    • PowerBI
    • Looker
    • Metabase
    • Fivetran (beta)
    • Mode
    • Sigma Computing
    • Sisense / Periscope (beta)
    • Looker Studio (beta)
    • ThoughtSpot
    • QuickSight (beta)
      • Event Logs
    • Hex (beta)
    • Slack
    • Monte Carlo
    • Private Network
    • Request an Integration
  • ✨Features
    • Search
    • Table Page
    • Database Page
    • Dashboard Page
    • Data Lineage
    • Entity Relationship Diagram (ERD)
    • Queries & Joins
    • Tags
    • Teams
    • Discussion
    • Downstream Notifications
    • Documentation
      • Pages
      • Metrics
        • Metrics Generation
      • Glossary
    • Automated Documentation
    • User Analytics
    • Chrome Extension
    • Source Tables
    • Cost Analysis
    • Schema Change Detection
    • AI Features & Settings
      • Ask AI Chatbot
    • Request a Feature
  • 🧭Data Discovery
    • Where's my data?
    • Where's my dashboard?
    • How can I get the full context of this data?
    • My dashboard looks off
    • Change management
    • I'm new to the team
    • I have a data question
  • 🗃️Data Management
    • Add Documentation
      • CSV Metadata Upload
    • Collections
    • Tags
    • Data Ownership
    • Sensitive / PII Data
    • Automated PII Detection
  • 📚Learning Data
    • Getting Started: Looker
    • Getting Started: Mode
    • Getting Started: Tableau
    • Getting Started: Snowflake
    • Getting Started: Databricks
    • Getting Started: Data Warehouse
    • Getting Started: BigQuery
      • Nested Fields
    • Getting Started: Sigma
    • Getting Started: ThoughtSpot
  • 🛠️Data Source Management
    • Manage Data Sources
    • Connect Data Source Users to Select Star
    • Custom Attributes
    • Recent Queries
  • 👥User Management
    • Invite Users
    • Roles & Permissions
    • SAML SSO
    • Importing Roles and Teams (Okta)
    • Policy Based Access Control
    • Account and User Settings
  • 💻Select Star API
    • Overview
    • API Token
    • Getting Started
    • Rich Text Descriptions via API
    • Troubleshooting
    • API Examples
    • API Reference
  • 🔓Security & Compliance
  • ❓FAQ
    • Icon Map
  • 📰Changelog
    • April 16, 2025 - Semantic Models, AI Metrics, and More!
    • March 12, 2025 - Fivetran Integration, Tableau Updates and More!
    • February 6, 2025 - Collections, Slack App Published, Salesforce Formula Lineage and more!
    • December 10, 2024 - Hex Integration, Impact Score & Snowflake Key Pair Authentication!
    • November 13, 2024 - New Navigation, Airflow and More!
    • September 30, 2024 - Upstream Data Quality Issue Tracking & 5 New Integrations!
    • August 30, 2024 - Monte Carlo, dbt Cross-Project Lineage
    • July 31, 2024 - Glossary Import, Lineage Updates & more!
    • July 9, 2024 - Lineage Explorer 2.0, Slack AI and Notifications
    • February 29, 2024 - AI Chat, Schema Change Notifications
    • February 23, 2024 - Manual Lineage Creation
    • November 23, 2023 - Bulk AI Documentation
    • October 19, 2023 - Downstream Notifications
    • October 16, 2023 - New Homepage
    • October 13, 2023 - dbt Impact Report
    • Historical Changelogs
  • Security & Compliance
  • System Status
Powered by GitBook
On this page
  • Setup CloudTrail logs on a S3 bucket
  • Step 1: Sign in to the AWS Management Console
  • Step 2: Create an S3 Bucket to Store CloudTrail Logs
  • Step 3: Create a CloudTrail to Monitor API Calls
  • Step 4: Verify CloudTrail is Logging
  • Step 5: Query CloudTrail Logs for AWS QuickSight API Usage
  • Step 6: The information needed for Select Star
  • Conclusion
  • Setup the access so Select Star can read the S3 stored logs
  • Step 1: Sign in to the AWS Management Console
  • Step 2: Navigate to the IAM Service
  • Step 3: Locate the IAM Role (CrossAccountQuicksight)
  • Step 4: Attach a Policy to the IAM Role to Access the S3 Bucket
  • Step 5: Verify the Role Update
  • Step 6: Save and Exit
  • Conclusion

Was this helpful?

  1. Integrations
  2. QuickSight (beta)

Event Logs

PreviousQuickSight (beta)NextHex (beta)

Last updated 2 months ago

Was this helpful?

Available event logs sources for QuickSight data sources:

  • AWS CloudTrail

Setup CloudTrail logs on a S3 bucket

Setting up AWS CloudTrail to store data in an S3 bucket for tracking API usage in AWS QuickSight involves several steps. Here’s a step-by-step guide using the AWS Management Console:

Step 1: Sign in to the AWS Management Console

  1. Go to the .

  2. Sign in using your AWS account credentials.

Step 2: Create an S3 Bucket to Store CloudTrail Logs

  1. Navigate to the S3 Service:

    • In the AWS Management Console, search for "S3" in the search bar at the top, and select S3 from the results.

  2. Create a New Bucket:

    • Click on Create bucket.

    • Provide a unique bucket name (e.g., cloudtrail-logs-youraccountname).

    • Choose the AWS Region where you want to create the bucket.

    • Click Create bucket.

Step 3: Create a CloudTrail to Monitor API Calls

  1. Navigate to the CloudTrail Service:

    • In the AWS Management Console, search for "CloudTrail" in the search bar, and select CloudTrail from the results.

  2. Create a Trail:

    • In the CloudTrail dashboard, click on Create trail.

    • Step 1:

      • Trail name: Enter a name for your trail (e.g., QuickSightAPILogging).

      • In the Storage location section, under Create a new S3 bucket or use an existing one, select Existing S3 bucket.

      • S3 bucket: Choose the S3 bucket you created earlier (e.g., cloudtrail-logs-youraccountname).

      • Prefix: Optionally, specify a prefix for your CloudTrail logs (e.g., quicksight-logs/). Take note of this value, it will be required later for your data source configuration (e.g., quicksight-logs/AWSLogs/792169733636)

    • Step 2:

      • Management events: Enable management events if not already enabled. This logs control plane activities (e.g., CreateTable in QuickSight).

      • Management events: Choose the Read option.

    • Step 3:

      • Review and Create

Step 4: Verify CloudTrail is Logging

  1. Check CloudTrail Logs:

    • Return to the CloudTrail dashboard.

    • View the Events history to confirm that CloudTrail is logging events. Open Dashboards and Analyses to generate GetDashboard and GetAnalysis events. (It may take seconds or even a minute between opening a Dashboard and event generation on CloudTrail).

  2. Check S3 Bucket:

    • Navigate to the S3 service and open your bucket.

    • Verify that logs are being delivered to the specified folder in the bucket.

Step 5: Query CloudTrail Logs for AWS QuickSight API Usage

  1. Identify QuickSight API Calls:

    • Look for API calls related to QuickSight, such as GetDashboard, GetAnalysis (This may take a while to show up too).

  2. Download and Analyze Logs:

    • You can download the logs from your S3 bucket and analyze them manually or using tools like Amazon Athena to query logs directly in S3.

Step 6: The information needed for Select Star

  • Event Log Bucket: The bucket name you chose on step 2.2 (e.g., cloudtrail-logs-youraccountname).

  • Event Log Bucket Prefix: The prefix name chosen on step 3.2, plus CloudTrail/yourregion (e.g., /AWSLogs/792169733636/CloudTrail/us-east-2/)

Conclusion

By following these steps, you’ll have AWS CloudTrail configured to log API calls, store them in an S3 bucket, and track AWS QuickSight usage. You can use these logs for security audits, compliance, or understanding how QuickSight is used in your organization.

Setup the access so Select Star can read the S3 stored logs

Updating an existing AWS IAM role to enable access to an S3 bucket containing CloudTrail logs involves attaching an appropriate policy to the IAM role. Here’s a step-by-step guide:

Step 1: Sign in to the AWS Management Console

  1. Go to the AWS Management Console: Navigate to https://aws.amazon.com/.

  2. Sign in: Enter your credentials to log in.

Step 2: Navigate to the IAM Service

  1. Search for IAM:

    • In the AWS Management Console, use the search bar at the top to search for "IAM" and select IAM from the results.

  2. Open IAM Roles:

    • In the IAM dashboard, click on Roles in the left-hand navigation pane.

Step 3: Locate the IAM Role (CrossAccountQuicksight)

  1. Search for the Role:

    • Use the search bar to find the IAM role named CrossAccountQuicksight.

  2. Select the Role:

    • Click on the role name CrossAccountQuicksight to open its configuration page.

Step 4: Attach a Policy to the IAM Role to Access the S3 Bucket

  1. Click on Add Permissions:

    • On the role's page, click the Add permissions button.

    • Choose Create inline policy from the dropdown menu.

  2. Create a Custom Policy:

    • Since you need to grant access to a specific S3 bucket, you’ll create a custom inline policy.

    • Click on the JSON tab to enter the policy directly.

  3. Enter the S3 Bucket Policy:

    • Add actions s3:GetObject and s3:ListBucket.

    • Add the Event Log Bucket arn and the Event Log Bucket Prefix folder arn (/*) as Resources.

    • Here's a sample policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetObject",
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::cloudtrail-logs-youraccountname",
                    "arn:aws:s3:::cloudtrail-logs-youraccountname/AWSLogs/792169733636/CloudTrail/us-east-2/*"
                ]
            }
        ]
    }
  4. Review and Attach the Policy:

    • After entering the policy, click Next.

    • Provide a name for the policy (e.g., SelectStarAccessS3CloudTrailLogs).

    • Review the details and click Create policy to attach it to the role.

Step 5: Verify the Role Update

  1. Review Attached Policies:

    • Back on the IAM role page, review the list of attached policies to ensure that your new policy (AccessS3CloudTrailLogs) is listed.

  2. Test the Role (Optional):

    • If you have access to the system where this role is used, you can test it by attempting to access the CloudTrail logs in the specified S3 bucket.

Step 6: Save and Exit

  1. Save the Configuration:

    • Ensure that all changes are saved and the policy is properly attached.

  2. Exit the IAM Console:

    • You can now exit the IAM console.

Conclusion

By following these steps, you’ve successfully updated the IAM role CrossAccountQuicksight to enable it to access the S3 bucket where your CloudTrail logs are stored. This ensures that any service or application using this role can retrieve and process the CloudTrail logs as needed.

🔄
AWS Management Console