AWS quicksight documentation change
Summary
Updated terminology from 'Amazon QuickSight' to 'QuickSight' throughout the document for consistency. No substantive changes to security guidance.
Security assessment
Changes are purely branding/terminology updates (removing 'Amazon' prefix). Core security recommendations about IAM permissions, ARN restrictions, and least-privilege principles remain unchanged. No evidence of addressing a specific vulnerability or adding new security features.
Diff
diff --git a/quicksight/latest/developerguide/resource-permissions.md b/quicksight/latest/developerguide/resource-permissions.md index 843bddfba..66217f8ac 100644 --- a//quicksight/latest/developerguide/resource-permissions.md +++ b//quicksight/latest/developerguide/resource-permissions.md @@ -7 +7 @@ Best practices -# Permissions for Amazon QuickSight resources +# Permissions for QuickSight resources @@ -9 +9 @@ Best practices -If you're not sure what the necessary permission is, you can attempt to make a call. The client then tells you what the missing permission is. You can use asterisk (`*`) in the Resource field of your permission policy instead of specifying explicit resources. However, we highly recommend that you restrict each permission as much as possible. You can restrict user access by specifying or excluding resources in the policy, using their Amazon QuickSight ARN. To retrieve the ARN of an Amazon QuickSight resource, use the `Describe` operation on the relevant resource. +If you're not sure what the necessary permission is, you can attempt to make a call. The client then tells you what the missing permission is. You can use asterisk (`*`) in the Resource field of your permission policy instead of specifying explicit resources. However, we highly recommend that you restrict each permission as much as possible. You can restrict user access by specifying or excluding resources in the policy, using their QuickSight ARN. To retrieve the ARN of an QuickSight resource, use the `Describe` operation on the relevant resource. @@ -11 +11 @@ If you're not sure what the necessary permission is, you can attempt to make a c -Before you can call the Amazon QuickSight API operations, you need the `quicksight:_operation-name_` permission in a policy attached to your IAM identity. For example, to call `list-users`, you need the permission `quicksight:ListUsers`. The same pattern applies to all operations. If you attempt to make the call you don't have permissions to call, the resulting error shows you what the missing permission is. We highly recommend that you restrict each permission as much as possible. +Before you can call the QuickSight API operations, you need the `quicksight:_operation-name_` permission in a policy attached to your IAM identity. For example, to call `list-users`, you need the permission `quicksight:ListUsers`. The same pattern applies to all operations. If you attempt to make the call you don't have permissions to call, the resulting error shows you what the missing permission is. We highly recommend that you restrict each permission as much as possible. @@ -13 +13 @@ Before you can call the Amazon QuickSight API operations, you need the `quicksig -You can add conditions in IAM to further restrict access to an API in some scenarios. For example, when you add `User1` to `Group1`, the main resource is `Group1`. You can allow or deny access to certain groups. Or you can also edit the Amazon QuickSight IAM key `quicksight:UserName` to add a condition to allow or prevent certain users from being added to that group. +You can add conditions in IAM to further restrict access to an API in some scenarios. For example, when you add `User1` to `Group1`, the main resource is `Group1`. You can allow or deny access to certain groups. Or you can also edit the QuickSight IAM key `quicksight:UserName` to add a condition to allow or prevent certain users from being added to that group. @@ -26 +26 @@ For more information, see the following: -By working with Amazon QuickSight, you can share analyses, dashboards, templates, and themes with up to 100 principals. A _principal_ can be one of the following: +By working with QuickSight, you can share analyses, dashboards, templates, and themes with up to 100 principals. A _principal_ can be one of the following: @@ -28 +28 @@ By working with Amazon QuickSight, you can share analyses, dashboards, templates - * The Amazon Resource Name (ARN) of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.) + * The Amazon Resource Name (ARN) of an QuickSight user or group associated with a data source or dataset. (This is common.) @@ -30 +30 @@ By working with Amazon QuickSight, you can share analyses, dashboards, templates - * The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.) + * The ARN of an QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)