AWS::QuickSight::DataSource RedshiftIAMParameters - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::QuickSight::DataSource RedshiftIAMParameters

A structure that grants Quick Sight access to your cluster and make a call to the redshift:GetClusterCredentials API. For more information on the redshift:GetClusterCredentials API, see GetClusterCredentials.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AutoCreateDatabaseUser" : Boolean,
  "DatabaseGroups" : [ String, ... ],
  "DatabaseUser" : String,
  "RoleArn" : String
}

YAML

  AutoCreateDatabaseUser: Boolean
  DatabaseGroups: 
    - String
  DatabaseUser: String
  RoleArn: String

Properties

AutoCreateDatabaseUser

Automatically creates a database user. If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Quick Sight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user.

Required: No

Type: Boolean

Update requires: No interruption

DatabaseGroups

A list of groups whose permissions will be granted to Quick Sight to access the cluster. These permissions are combined with the permissions granted to Quick Sight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 64 | 50

Update requires: No interruption

DatabaseUser

The user whose permissions and group memberships will be used by Quick Sight to access the cluster. If this user already exists in your database, Amazon Quick Sight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.

Required: No

Type: String

Minimum: 1

Maximum: 64

Update requires: No interruption

RoleArn

Use the RoleArn structure to allow Quick Sight to call redshift:GetClusterCredentials on your cluster. The calling principal must have iam:PassRole access to pass the role to Quick Sight. The role's trust policy must allow the Quick Sight service principal to assume the role.

Required: Yes

Type: String

Minimum: 20

Maximum: 2048

Update requires: No interruption