Skip to content

Instantly share code, notes, and snippets.

@richardsonlima

richardsonlima/QuickSight-Model-IAM-Role-Policies

Created November 5, 2020 19:02
Show Gist options
  • Save richardsonlima/07b27cebfb7a410d3ca685d6838d23c5 to your computer and use it in GitHub Desktop.
Save richardsonlima/07b27cebfb7a410d3ca685d6838d23c5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
QuickSight-Model-IAM-Role-Policies
AWS QuickSight Role
Role ARN
arn:aws:iam::NUMERODACONTAAWS:role/service-role/aws-quicksight-service-role-v0
AWS QuickSight Policies
* AWSQuicksightAthenaAccess ( AWS já tem essa Policy, basta apenas usar )
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"athena:BatchGetQueryExecution",
"athena:CancelQueryExecution",
"athena:GetCatalogs",
"athena:GetExecutionEngine",
"athena:GetExecutionEngines",
"athena:GetNamespace",
"athena:GetNamespaces",
"athena:GetQueryExecution",
"athena:GetQueryExecutions",
"athena:GetQueryResults",
"athena:GetQueryResultsStream",
"athena:GetTable",
"athena:GetTables",
"athena:ListQueryExecutions",
"athena:RunQuery",
"athena:StartQueryExecution",
"athena:StopQueryExecution",
"athena:ListWorkGroups",
"athena:GetWorkGroup",
"athena:GetDataCatalog",
"athena:GetDatabase",
"athena:GetTableMetadata"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Effect": "Allow",
"Action": [
"lakeformation:GetDataAccess"
],
"Resource": [
"*"
]
}
]
}
* QuickSightAccessForS3StorageManagementAnalyticsReadOnly ( AWS já tem essa Policy, basta apenas usar )
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::s3-analytics-export-shared-*"
]
},
{
"Action": [
"s3:GetAnalyticsConfiguration",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
* AWSQuickSightIoTAnalyticsAccess ( AWS já tem essa Policy, basta apenas usar )
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iotanalytics:ListDatasets",
"iotanalytics:DescribeDataset",
"iotanalytics:GetDatasetContent"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
* AWSQuickSightRedshiftPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
* AWSQuickSightIAMPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:List*"
],
"Resource": "*"
}
]
}
* AWSQuickSightRDSPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"rds:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
* AWSQuickSightS3Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment