AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-19 · Documentation low

File: cli/latest/reference/quicksight/describe-data-source.md

Summary

Added documentation for S3_TABLES data source type, ConsumerAccountRoleArn parameter, and S3TablesParameters structure

Security assessment

The change documents the ConsumerAccountRoleArn parameter which enables cross-account Athena access through role-chaining, a security feature for access control management. This is not fixing a security issue but documenting security-related functionality for data source configuration.

Diff

diff --git a/cli/latest/reference/quicksight/describe-data-source.md b/cli/latest/reference/quicksight/describe-data-source.md
index 7a5cdb928..e4a795ea0 100644
--- a//cli/latest/reference/quicksight/describe-data-source.md
+++ b//cli/latest/reference/quicksight/describe-data-source.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »
@@ -266,0 +267 @@ DataSource -> (structure)
+>>   * `S3_TABLES`
@@ -359,0 +361,11 @@ DataSource -> (structure)
+>>> 
+>>> ConsumerAccountRoleArn -> (string)
+>>>
+>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * min: `20`
+>>>>   * max: `2048`
+>>>> 
+
@@ -836,0 +849,14 @@ DataSource -> (structure)
+>> 
+>> S3TablesParameters -> (structure)
+>>
+>>> The parameters for S3 Tables.
+>>> 
+>>> TableBucketArn -> (string)
+>>>
+>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>>> 
+
@@ -1616,0 +1643,11 @@ DataSource -> (structure)
+>>>> 
+>>>> ConsumerAccountRoleArn -> (string)
+>>>>
+>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `20`
+>>>>>   * max: `2048`
+>>>>> 
+
@@ -2093,0 +2131,14 @@ DataSource -> (structure)
+>>> 
+>>> S3TablesParameters -> (structure)
+>>>
+>>>> The parameters for S3 Tables.
+>>>> 
+>>>> TableBucketArn -> (string)
+>>>>
+>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>>>> 
+
@@ -2890 +2941 @@ Status -> (integer)
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »