AWS::QuickSight::DataSource RedshiftIAMParameters - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::QuickSight::DataSource RedshiftIAMParameters

A structure that grants Amazon QuickSight access to your cluster and make a call to the redshift:GetClusterCredentials API. For more information on the redshift:GetClusterCredentials API, see GetClusterCredentials.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "AutoCreateDatabaseUser" : Boolean, "DatabaseGroups" : [ String, ... ], "DatabaseUser" : String, "RoleArn" : String }


AutoCreateDatabaseUser: Boolean DatabaseGroups: - String DatabaseUser: String RoleArn: String



Automatically creates a database user. If your database doesn't have a DatabaseUser, set this parameter to True. If there is no DatabaseUser, Amazon QuickSight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user.

Required: No

Type: Boolean

Update requires: No interruption


A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster. These permissions are combined with the permissions granted to Amazon QuickSight by the DatabaseUser. If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 64 | 50

Update requires: No interruption


The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster. If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions.

Required: No

Type: String

Minimum: 1

Maximum: 64

Update requires: No interruption


Use the RoleArn structure to allow Amazon QuickSight to call redshift:GetClusterCredentials on your cluster. The calling principal must have iam:PassRole access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role.

Required: Yes

Type: String

Minimum: 20

Maximum: 2048

Update requires: No interruption