Accessing Amazon resources - Amazon QuickSight
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Accessing Amazon resources

   Applies to: Enterprise Edition and Standard Edition 
   Intended audience: System administrators and Amazon QuickSight administrators 

You can control the Amazon resources that Amazon QuickSight can access and scope down access to these resources at a more granular level. In Enterprise edition, you can also set up general access defaults for everyone in your account, and you can set up specific access for individual users and groups.

Use the following sections to help you configure your Amazon resources to work with Amazon QuickSight.

Before you begin, make sure that you have the correct permissions; your system administrator can give you these. To do so, your system administrator creates a policy that enables you to use certain IAM actions. Your system administrator then associates that policy with your user or group in IAM. The required actions are the following:

  • quicksight:AccountConfigurations – To enable setting default access to Amazon resources

  • quicksight:ScopeDownPolicy – Scoping policies for permissions to Amazon resources

  • You can also bring your own IAM roles into QuickSight. For more information, see Passing IAM roles to Amazon QuickSight

To enable or disable the Amazon services that Amazon QuickSight can access

  1. Sign in to Amazon QuickSight at https://quicksight.aws.amazon.com/.

  2. At the upper right, choose your user name, and then choose Manage QuickSight.

  3. Choose Security & permissions.

  4. Under QuickSight access to Amazon services, choose Add or remove.

    A screen appears where you can enable all available Amazon services.

    Note

    If you see a permissions error, and you're an authorized Amazon QuickSight administrator, contact your system administrator for assistance.

  5. Select the check boxes for the services that you want to allow. Clear check boxes for services that you don't want to allow.

    If you have already enabled an Amazon service, the check box for that service is already selected. If Amazon QuickSight can't access a particular Amazon service, its check box is not selected.

    In some cases, you might see a message like the following.

    This policy used by Amazon QuickSight for Amazon resource access was modified outside of Amazon QuickSight, so you can no longer edit this policy to provide Amazon resource permission to Amazon QuickSight. To edit this policy permissions, go to the IAM console and delete this policy permission with policy arn - arn:aws-cn:iam::111122223333:policy/service-role/AWSQuickSightS3Policy.

    This type of message means that one of the IAM policies that Amazon QuickSight uses was manually altered. To fix this, the system administrator needs to delete the IAM policy listed in the error message and reload the Security & permissions screen before you try again.

  6. Choose Update to confirm, or Cancel to return to the previous screen.

Topics