AWS cli documentation change
Summary
Added documentation for ConsumerAccountRoleArn parameter and S3TablesParameters for cross-account Athena access
Security assessment
Documents security feature for role chaining in cross-account access scenarios. No evidence of addressing a specific security vulnerability.
Diff
diff --git a/cli/latest/reference/quicksight/update-data-source.md b/cli/latest/reference/quicksight/update-data-source.md index d132c0b2f..65e87b5b4 100644 --- a//cli/latest/reference/quicksight/update-data-source.md +++ b//cli/latest/reference/quicksight/update-data-source.md @@ -15 +15 @@ - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) » @@ -169,0 +170,11 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +>> +>> ConsumerAccountRoleArn -> (string) +>> +>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources. +>>> +>>> Constraints: +>>> +>>> * min: `20` +>>> * max: `2048` +>>> + @@ -646,0 +658,14 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks +> +> S3TablesParameters -> (structure) +> +>> The parameters for S3 Tables. +>> +>> TableBucketArn -> (string) +>> +>>> The Amazon Resource Name (ARN) of the S3 Tables bucket. +>>> +>>> Constraints: +>>> +>>> * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$` +>>> + @@ -1381,0 +1407 @@ JSON Syntax: + "ConsumerAccountRoleArn": "string", @@ -1453,0 +1480,3 @@ JSON Syntax: + "S3TablesParameters": { + "TableBucketArn": "string" + }, @@ -1644,0 +1674,11 @@ JSON Syntax: +>>>>> +>>>>> ConsumerAccountRoleArn -> (string) +>>>>> +>>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources. +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * min: `20` +>>>>>> * max: `2048` +>>>>>> + @@ -2121,0 +2162,14 @@ JSON Syntax: +>>>> +>>>> S3TablesParameters -> (structure) +>>>> +>>>>> The parameters for S3 Tables. +>>>>> +>>>>> TableBucketArn -> (string) +>>>>> +>>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket. +>>>>>> +>>>>>> Constraints: +>>>>>> +>>>>>> * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$` +>>>>>> + @@ -2983,0 +3038 @@ JSON Syntax: + "ConsumerAccountRoleArn": "string", @@ -3055,0 +3111,3 @@ JSON Syntax: + "S3TablesParameters": { + "TableBucketArn": "string" + }, @@ -3381 +3439 @@ Status -> (integer) - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) »