AWS managed policies for Amazon QuickSight
To add permissions to users, groups, and roles, it is easier to use AWS managed policies than to write policies yourself. It takes time and expertise to create IAM customer managed policies that provide your team with only the permissions they need. To get started quickly, you can use our AWS managed policies. These policies cover common use cases and are available in your AWS account. For more information about AWS managed policies, see AWS managed policies in the IAM User Guide.
AWS services maintain and update AWS managed policies. You can't change the permissions in AWS managed policies. Services occasionally add additional permissions to an AWS managed policy to support new features. This type of update affects all identities (users, groups, and roles) where the policy is attached. Services are most likely to update an AWS managed policy when a new feature is launched or when new operations become available. Services do not remove permissions from an AWS managed policy, so policy updates won't break your existing permissions.
Additionally, AWS supports managed policies for job functions that span multiple services. For example, the ReadOnlyAccess AWS managed policy provides read-only access to all AWS services and resources. When a service launches a new feature, AWS adds read-only permissions for new operations and resources. For a list and descriptions of job function policies, see AWS managed policies for job functions in the IAM User Guide.
AWS managed policy: AWSQuickSightElasticsearchPolicy
This information is provided for backward compatibility only. The
AWSQuickSightOpenSearchPolicy AWS managed policy replaces the
AWSQuickSightElasticsearchPolicy AWS managed policy.
Previously, you used the AWSQuickSightElasticsearchPolicy AWS managed policy to provide access to Amazon Elasticsearch Service resources
from Amazon QuickSight. Starting on or after September 7, 2021, Amazon Elasticsearch Service is renamed to Amazon OpenSearch Service.
Wherever you are using AWSQuickSightElasticsearchPolicy, you can update
to the new AWS managed policy that's called AWSQuickSightOpenSearchPolicy.
You can attach the policy to your IAM entities. Amazon QuickSight also attaches the policy to a
service role that allows Amazon QuickSight to perform actions on your behalf.
AWSQuickSightElasticsearchPolicy is still available and as of August 31,
2021, had the same permissions as the new policy. However,
AWSQuickSightElasticsearchPolicy is no longer kept up-to-date with latest
changes.
This policy grants read-only permissions that allow access to OpenSearch (previously known as Elasticsearch) resources from Amazon QuickSight.
Permissions details
This policy includes the following permissions:
-
es– Allows principals to usees:ESHttpGetto access your OpenSearch (previously known as Elasticsearch) domains, cluster settings, and indices. This is required to use the search service from QuickSight. -
es– Allows principals to usees:ListDomainNamesto list your OpenSearch (previously known as Elasticsearch) domains. This is required to initiate access of the search service from QuickSight. -
es– Allows principals to usees:DescribeElasticsearchDomainto search your OpenSearch (previously known as Elasticsearch) domains. This is required to use the search service from QuickSight. -
es– Allows principals to usees:ESHttpPostandes:ESHttpGetwith your OpenSearch (previously known as Elasticsearch) domains. This is required to use a SQL plugin with read-only access to the search service domains from QuickSight.
For information on the contents of this IAM policy, see
AWSQuickSightElasticsearchPolicy
AWS managed policy: AWSQuickSightOpenSearchPolicy
Use the AWSQuickSightOpenSearchPolicy AWS managed policy to provide
access to Amazon OpenSearch Service resources from Amazon QuickSight. AWSQuickSightOpenSearchPolicy
replaces AWSQuickSightElasticsearchPolicy. As of August 31, 2021, this policy
had the same permissions as the legacy policy,
AWSQuickSightElasticsearchPolicy. For now, you can use them
interchangeably. For the long term, we recommend updating your policy usage to
AWSQuickSightOpenSearchPolicy.
You can attach AWSQuickSightOpenSearchPolicy to your IAM entities. Amazon QuickSight also attaches this policy to
a service role that allows Amazon QuickSight to perform actions on your behalf.
This policy grants read-only permissions that allow access to OpenSearch resources from Amazon QuickSight.
Permissions details
This policy includes the following permissions:
-
es– Allows principals to usees:ESHttpGetto access your OpenSearch domains, cluster settings, and indices. This is required to use Amazon OpenSearch Service from QuickSight. -
es– Allows principals to usees:ListDomainNamesto list your OpenSearch domains. This is required to initiate access of Amazon OpenSearch Service from QuickSight. -
es– Allows principals to usees:DescribeElasticsearchDomainandes:DescribeDomainto search your OpenSearch domains. This is required to use Amazon OpenSearch Service from QuickSight. -
es– Allows principals to usees:ESHttpPostandes:ESHttpGetwith your OpenSearch domains. This is required to use a SQL plugin with read-only access to Amazon OpenSearch Service domains from QuickSight.
For information on the contents of this IAM policy, see
AWSQuickSightOpenSearchPolicy
Amazon QuickSight updates to AWS managed policies
View details about updates to AWS managed policies for Amazon QuickSight since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon QuickSight Document History page.
| Change | Description | Date |
|---|---|---|
|
|
Amazon QuickSight added new permissions to provide access to Amazon OpenSearch Service resources. |
September 08, 2021 |
|
|
Amazon QuickSight added a new policy to allow access to Amazon OpenSearch Service resources from Amazon QuickSight. |
September 08, 2021 |
|
Amazon QuickSight started tracking changes |
Amazon QuickSight started tracking changes for its AWS managed policies. |
August 2, 2021 |
