# QuickSight Project configuration using credential pair authentication. # Use this variant when you need direct username/password credentials for # data source connectivity instead of secret ARN-based authentication. # This approach does not support automatic secret rotation. # Named QuickSight principals (users or groups) referenced in folder and # data source permissions. Each key is a logical name, value is the # QuickSight principal ARN. principals: Lob1_AUTHORS_GROUP: 'arn:{{partition}}:quicksight:{{region}}:{{account}}:group/lob1-qs-ns/lob1-qs-ns-AUTHORS' # (Optional) Nested map of data source type to data source configurations # for QuickSight project data connectivity. Outer key is the data source # type (e.g., REDSHIFT, ATHENA), inner key is a unique data source ID. dataSources: REDSHIFT: datasource-credpair: # Type-specific connection parameters dataSourceSpecificParameters: redshiftParameters: database: 'default_db' clusterId: 'sample-datawarehouse' # A display name for the data source displayName: 'sampleRedshiftCredPair' # (Optional) Credentials used to connect to the data source. # Uses credential pair instead of secretArn. credentials: # (Optional) Username/password credential pair for direct # authentication. Note: does not support secret rotation. credentialPair: # Username for data source authentication username: '{{resolve:secretsmanager:clusterSecret:SecretString:username}}' # Password for data source authentication. Can use dynamic # references for secure credential retrieval. password: '{{resolve:secretsmanager:clusterSecret:SecretString:password}}' # (Optional) Alternate data source parameters alternateDataSourceParameters: - redshiftParameters: database: 'alternate_db' clusterId: 'sample-datawarehouse' # A list of resource permissions on the data source permissions: - actions: 'AUTHOR_DATA_SOURCE' # The Amazon Resource Name (ARN) of the principal principal: 'Lob1_AUTHORS_GROUP'