AWS Security ChangesHomeSearch

AWS quicksight high security documentation change

Service: quicksight · 2025-10-10 · Security-related high

File: quicksight/latest/developerguide/assetbundle-permissions.md

Summary

Added IAM condition requiring iam:PassedToService for QuickSight in PassRole permissions

Security assessment

The added Condition block enforces that roles can only be passed to QuickSight service, preventing privilege escalation through role hijacking. This is a direct security improvement to least privilege implementation.

Diff

diff --git a/quicksight/latest/developerguide/assetbundle-permissions.md b/quicksight/latest/developerguide/assetbundle-permissions.md
index d9a3fe0f7..6e44ca6e5 100644
--- a//quicksight/latest/developerguide/assetbundle-permissions.md
+++ b//quicksight/latest/developerguide/assetbundle-permissions.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon QuickSight](/quicksight/index.html)[Developer Guide](welcome.html)
+[Documentation](/index.html)[Amazon Quick Sight](/quicksuite/index.html)[Developer Guide](welcome.html)
@@ -12,0 +13,6 @@ The following example shows an IAM policy that you can add to an existing IAM ro
+JSON
+    
+
+****
+    
+    
@@ -45,0 +53,6 @@ The following example shows an IAM policy that you can add to an existing IAM ro
+JSON
+    
+
+****
+    
+    
@@ -108 +121,6 @@ The following example shows an IAM policy that you can add to an existing IAM ro
-            "Resource": "*"
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "iam:PassedToService": "quicksight.amazonaws.com"
+                }
+            }