AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-19 · Documentation medium

File: cli/latest/reference/quicksight/list-data-sources.md

Summary

Added documentation for new S3_TABLES data source type and ConsumerAccountRoleArn parameter for cross-account Athena access with role chaining

Security assessment

The change adds documentation for ConsumerAccountRoleArn which enables secure cross-account access through role chaining, a security feature for managing access control between AWS accounts. No evidence of addressing a specific security vulnerability.

Diff

diff --git a/cli/latest/reference/quicksight/list-data-sources.md b/cli/latest/reference/quicksight/list-data-sources.md
index f79b06fdc..a25d7b3b4 100644
--- a//cli/latest/reference/quicksight/list-data-sources.md
+++ b//cli/latest/reference/quicksight/list-data-sources.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »
@@ -288,0 +289 @@ DataSources -> (list)
+>>>   * `S3_TABLES`
@@ -381,0 +383,11 @@ DataSources -> (list)
+>>>> 
+>>>> ConsumerAccountRoleArn -> (string)
+>>>>
+>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `20`
+>>>>>   * max: `2048`
+>>>>> 
+
@@ -858,0 +871,14 @@ DataSources -> (list)
+>>> 
+>>> S3TablesParameters -> (structure)
+>>>
+>>>> The parameters for S3 Tables.
+>>>> 
+>>>> TableBucketArn -> (string)
+>>>>
+>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>>>> 
+
@@ -1638,0 +1665,11 @@ DataSources -> (list)
+>>>>> 
+>>>>> ConsumerAccountRoleArn -> (string)
+>>>>>
+>>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `20`
+>>>>>>   * max: `2048`
+>>>>>> 
+
@@ -2115,0 +2153,14 @@ DataSources -> (list)
+>>>> 
+>>>> S3TablesParameters -> (structure)
+>>>>
+>>>>> The parameters for S3 Tables.
+>>>>> 
+>>>>> TableBucketArn -> (string)
+>>>>>
+>>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>>>>> 
+
@@ -2916 +2967 @@ Status -> (integer)
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »