Encryption at rest - Amazon QuickSight

Encryption at rest

Amazon QuickSight securely stores your Amazon QuickSight metadata. This includes the following:

  • Amazon QuickSight user data, including Amazon QuickSight user names, email addresses, and passwords. Amazon QuickSight administrators can view user names and emails, but each user's password is completely private to each user.

  • Minimal data necessary to coordinate user identification with your Microsoft Active Directory or identity federation implementation (Federated Single Sign-On (SSO) through Security Assertion Markup Language 2.0 (SAML 2.0)).

  • Data source connection data

  • Names of your uploaded files, data source names, and data set names.

  • Statistics that Amazon QuickSight uses to populate machine learning (ML) insights

Amazon QuickSight securely stores your Amazon QuickSight data. This includes the following:

  • Data-at-rest in SPICE is encrypted using hardware block-level encryption with AWS-managed keys.

  • Data-at-rest other than SPICE is encrypted using Amazon-managed KMS keys. This includes the following:

    • Email reports, Sample value for filters, Query result cache.

When you delete a user, all of that user's metadata is permanently deleted. If you don't transfer that user's Amazon QuickSight objects to another user, all of the deleted user's Amazon QuickSight objects (data sources, datasets, analyses, and so on) are also deleted. When you unsubscribe from Amazon QuickSight, all metadata and any data you have in SPICE is completely and permanently deleted.