AWS cli documentation change
Summary
Clarified permissions requirements for Redshift database user creation
Security assessment
Explains security implications of PUBLIC permissions but doesn't indicate a vulnerability fix
Diff
diff --git a/cli/latest/reference/quicksight/create-data-source.md b/cli/latest/reference/quicksight/create-data-source.md index 1c7e2e29f..7e1e9e579 100644 --- a//cli/latest/reference/quicksight/create-data-source.md +++ b//cli/latest/reference/quicksight/create-data-source.md @@ -15 +15 @@ - * [AWS CLI 2.31.10 Command Reference](../../index.html) » + * [AWS CLI 2.31.13 Command Reference](../../index.html) » @@ -166,0 +167,7 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> * `GOOGLE_DRIVE` +> * `CONFLUENCE` +> * `SHAREPOINT` +> * `ONE_DRIVE` +> * `WEB_CRAWLER` +> * `S3_KNOWLEDGE_BASE` +> * `QBUSINESS` @@ -172 +179 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks -> The parameters that QuickSight uses to connect to your underlying source. +> The parameters that Amazon Quick Sight uses to connect to your underlying source. @@ -608 +615 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks ->>>> The user whose permissions and group memberships will be used by QuickSight to access the cluster. If this user already exists in your database, QuickSight is granted the same permissions that the user has. If the user doesn’t exist, set the value of `AutoCreateDatabaseUser` to `True` to create a new user with PUBLIC permissions. +>>>> The user whose permissions and group memberships will be used by Quick Sight to access the cluster. If this user already exists in your database, Amazon Quick Sight is granted the same permissions that the user has. If the user doesn’t exist, set the value of `AutoCreateDatabaseUser` to `True` to create a new user with PUBLIC permissions. @@ -639 +646 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks ->>>> Automatically creates a database user. If your database doesn’t have a `DatabaseUser` , set this parameter to `True` . If there is no `DatabaseUser` , Amazon QuickSight can’t connect to your cluster. The `RoleArn` that you use for this operation must grant access to `redshift:CreateClusterUser` to successfully create the user. +>>>> Automatically creates a database user. If your database doesn’t have a `DatabaseUser` , set this parameter to `True` . If there is no `DatabaseUser` , Quick Sight can’t connect to your cluster. The `RoleArn` that you use for this operation must grant access to `redshift:CreateClusterUser` to successfully create the user. @@ -690,0 +698,37 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> +> S3KnowledgeBaseParameters -> (structure) +> +>> The parameters for S3 Knowledge Base. +>> +>> RoleArn -> (string) +>> +>>> Use the `RoleArn` structure to override an account-wide role for a specific S3 Knowledge Base data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use `RoleArn` to bypass the account-wide role and allow S3 access for the single S3 Knowledge Base data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active. +>>> +>>> Constraints: +>>> +>>> * min: `20` +>>> * max: `2048` +>>> + +>> +>> BucketUrl -> (string) [required] +>> +>>> The URL of the S3 bucket that contains the knowledge base data. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> MetadataFilesLocation -> (string) +>> +>>> The location of metadata files within the S3 bucket that describe the structure and content of the knowledge base. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + @@ -1243,0 +1288,132 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> +> WebCrawlerParameters -> (structure) +> +>> The parameters for Web Crawler. +>> +>> WebCrawlerAuthType -> (string) [required] +>> +>>> The authentication type for the web crawler. The type can be one of the following: +>>> +>>> * `NO_AUTH` : No authentication required. +>>> * `BASIC_AUTH` : Basic authentication using username and password. +>>> * `SAML` : SAML-based authentication. +>>> * `FORM` : Form-based authentication. +>>> + +>>> +>>> Possible values: +>>> +>>> * `NO_AUTH` +>>> * `BASIC_AUTH` +>>> * `FORM` +>>> * `SAML` +>>> + +>> +>> UsernameFieldXpath -> (string) +>> +>>> The XPath expression for locating the username field on the login page. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> PasswordFieldXpath -> (string) +>> +>>> The XPath expression for locating the password field on the login page. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> UsernameButtonXpath -> (string) +>> +>>> The XPath expression for locating the username submit button on the login page. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> PasswordButtonXpath -> (string) +>> +>>> The XPath expression for locating the password submit button on the login page. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> LoginPageUrl -> (string) +>> +>>> The URL of the login page for the web crawler to authenticate. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +>> +>> WebProxyHostName -> (string) +>> +>>> The hostname of the web proxy server for the web crawler. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `256` +>>> + +>> +>> WebProxyPortNumber -> (integer) +>> +>>> The port number of the web proxy server for the web crawler. +>>> +>>> Constraints: +>>> +>>> * min: `0` +>>> * max: `65535` +>>> + +> +> ConfluenceParameters -> (structure) +> +>> The parameters for Confluence. +>> +>> ConfluenceUrl -> (string) [required] +>> +>>> The URL of the Confluence site to connect to. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> + +> +> QBusinessParameters -> (structure) +> +>> The parameters for Amazon Q Business. +>> +>> ApplicationArn -> (string) [required] +>> +>>> The Amazon Resource Name (ARN) of the Amazon Q Business application. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1284` +>>> * pattern: `^arn:[-a-z0-9]*:qbusiness:[-a-z0-9]*:[0-9]{12}:application/.+` +>>> + @@ -1326,0 +1503,5 @@ JSON Syntax: + "S3KnowledgeBaseParameters": { + "RoleArn": "string", + "BucketUrl": "string", + "MetadataFilesLocation": "string"