AWS cli documentation change
Summary
Added documentation for new S3_TABLES data source type and ConsumerAccountRoleArn parameter for cross-account Athena access with role-chaining
Security assessment
The change adds documentation for a new feature (ConsumerAccountRoleArn) that enables cross-account Athena access through role-chaining, which is a security-related feature for managing access control across AWS accounts. This is not fixing a security issue but rather documenting a new security capability.
Diff
diff --git a/cli/latest/reference/quicksight/create-data-source.md b/cli/latest/reference/quicksight/create-data-source.md index 5e14b31fe..f2e2160d0 100644 --- a//cli/latest/reference/quicksight/create-data-source.md +++ b//cli/latest/reference/quicksight/create-data-source.md @@ -15 +15 @@ - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) » @@ -152,0 +153 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> * `S3_TABLES` @@ -221,0 +223,11 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +>> +>> ConsumerAccountRoleArn -> (string) +>> +>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources. +>>> +>>> Constraints: +>>> +>>> * min: `20` +>>> * max: `2048` +>>> + @@ -698,0 +711,14 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> +> S3TablesParameters -> (structure) +> +>> The parameters for S3 Tables. +>> +>> TableBucketArn -> (string) +>> +>>> The Amazon Resource Name (ARN) of the S3 Tables bucket. +>>> +>>> Constraints: +>>> +>>> * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$` +>>> + @@ -1433,0 +1460 @@ JSON Syntax: + "ConsumerAccountRoleArn": "string", @@ -1505,0 +1533,3 @@ JSON Syntax: + "S3TablesParameters": { + "TableBucketArn": "string" + }, @@ -1696,0 +1727,11 @@ JSON Syntax: +>>>>> +>>>>> ConsumerAccountRoleArn -> (string) +>>>>> +>>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources. +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * min: `20` +>>>>>> * max: `2048` +>>>>>> + @@ -2173,0 +2215,14 @@ JSON Syntax: +>>>> +>>>> S3TablesParameters -> (structure) +>>>> +>>>>> The parameters for S3 Tables. +>>>>> +>>>>> TableBucketArn -> (string) +>>>>> +>>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket. +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$` +>>>>>> + @@ -3035,0 +3091 @@ JSON Syntax: + "ConsumerAccountRoleArn": "string", @@ -3107,0 +3164,3 @@ JSON Syntax: + "S3TablesParameters": { + "TableBucketArn": "string" + }, @@ -3569 +3628 @@ Status -> (integer) - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) »