Attaching additional policies
If you're using another AWS service, such as Amazon Athena or Amazon S3, you can create a permissions policy that grants QuickSight permission to perform specific actions. You can then attach the policy to the IAM roles that you later pass to QuickSight. The following are examples of how you can set up and attach additional permissions policies to your IAM roles.
For an example managed policy for QuickSight in Athena, see AWSQuicksightAthenaAccess Managed Policy in the Amazon Athena User Guide. IAM users can access this role in QuickSight using the following ARN: arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess
.
The following is an example of a permissions policy for QuickSight in Amazon S3. For more information about using IAM with Amazon S3, see Identity and access management in Amazon S3 in the Amazon S3 User Guide.
For information on how to create cross-account access from QuickSight
to an Amazon S3 bucket in another account, see How
do I set up cross-account access from Amazon QuickSight to an Amazon S3
bucket in another account?
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "arn:aws:s3:::*" }, { "Action": [ "s3:ListBucket" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::aws-athena-query-results-us-west-2-123456789" ] }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::aws-athena-query-results-us-west-2-123456789/*" ] }, { "Action": [ "s3:ListBucketMultipartUploads", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::aws-athena-query-results-us-west-2-123456789" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::aws-athena-query-results-us-west-2-123456789/*" ] } ] }