Posted On: Feb 22, 2023

Amazon QuickSight now enables you to add role-based access policies to QuickSight data sources that connect to Amazon S3 and Amazon Athena. With this launch of the Run-as IAM Role for S3 and Athena, QuickSight account administrators will be able to provide an IAM Role to individual S3 or Athena data sources in their QuickSight account, rather than enabling account-wide access to connect from QuickSight to S3 or Athena.

When a specific business team needs to access certain data via S3 or Athena, Amazon QuickSight administrators can run an API and assign an AWS Identity and Access Management (IAM) role to specific QuickSight data sources while preventing other business teams from accessing S3 via QuickSight. With the role in place, you can ensure that QuickSight runs with the least-privileged permissions necessary to connect to S3 or run queries in Athena.

The new Run-as IAM Role for S3 and Athena is now available in Amazon QuickSight Enterprise and Standard Editions in all QuickSight regions - US East (N. Virginia and Ohio), US West (Oregon), Canada, Sau Paulo, Europe (Frankfurt, Ireland and London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney and Tokyo), and AWS GovCloud (US-West).

For further details, visit here.