AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-04-19 · Documentation medium

File: cli/latest/reference/quicksight/update-data-source.md

Summary

Added documentation for ConsumerAccountRoleArn parameter and S3TablesParameters for cross-account Athena access

Security assessment

Documents security feature for role chaining in cross-account access scenarios. No evidence of addressing a specific security vulnerability.

Diff

diff --git a/cli/latest/reference/quicksight/update-data-source.md b/cli/latest/reference/quicksight/update-data-source.md
index d132c0b2f..65e87b5b4 100644
--- a//cli/latest/reference/quicksight/update-data-source.md
+++ b//cli/latest/reference/quicksight/update-data-source.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »
@@ -169,0 +170,11 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks
+>> 
+>> ConsumerAccountRoleArn -> (string)
+>>
+>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `20`
+>>>   * max: `2048`
+>>> 
+
@@ -646,0 +658,14 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/quicks
+> 
+> S3TablesParameters -> (structure)
+>
+>> The parameters for S3 Tables.
+>> 
+>> TableBucketArn -> (string)
+>>
+>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>> 
+
@@ -1381,0 +1407 @@ JSON Syntax:
+        "ConsumerAccountRoleArn": "string",
@@ -1453,0 +1480,3 @@ JSON Syntax:
+      "S3TablesParameters": {
+        "TableBucketArn": "string"
+      },
@@ -1644,0 +1674,11 @@ JSON Syntax:
+>>>>> 
+>>>>> ConsumerAccountRoleArn -> (string)
+>>>>>
+>>>>>> Use `ConsumerAccountRoleArn` to perform cross-account Athena access. This is an IAM role ARN in the same AWS account as the Athena resources you want to access. Provide this along with `RoleArn` to enable role-chaining, where Amazon Quick Sight first assumes the `RoleArn` and then assumes the `ConsumerAccountRoleArn` to access Athena resources.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * min: `20`
+>>>>>>   * max: `2048`
+>>>>>> 
+
@@ -2121,0 +2162,14 @@ JSON Syntax:
+>>>> 
+>>>> S3TablesParameters -> (structure)
+>>>>
+>>>>> The parameters for S3 Tables.
+>>>>> 
+>>>>> TableBucketArn -> (string)
+>>>>>
+>>>>>> The Amazon Resource Name (ARN) of the S3 Tables bucket.
+>>>>>> 
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `^(arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:bucket/[a-zA-Z0-9-_]{3,63})$`
+>>>>>> 
+
@@ -2983,0 +3038 @@ JSON Syntax:
+              "ConsumerAccountRoleArn": "string",
@@ -3055,0 +3111,3 @@ JSON Syntax:
+            "S3TablesParameters": {
+              "TableBucketArn": "string"
+            },
@@ -3381 +3439 @@ Status -> (integer)
-  * [AWS CLI 2.34.29 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.32 Command Reference](../../index.html) »