[Enhancement]: Resource: aws_quicksight_data_source add to Redshift IAMParameters

[wesleung]

Description

https://docs.aws.amazon.com/cli/latest/reference/quicksight/create-data-source.html Redshift add IAMParameters

Without the IAMParameters, the below error is thrown

│ Error: creating QuickSight Data Source: AccessDeniedException: The QuickSight service role required to access your AWS resources has not been created yet.
│ {
│   RespMetadata: {
│     StatusCode: 401,
│     RequestID: "d80f52ed-253a-4f47-8379-08ff737dc761"
│   },
│   Message_: "The QuickSight service role required to access your AWS resources has not been created yet."
│ }

New Structure of the parameter group for Redshift

RedshiftParameters -> (structure)
  Host -> (string)
  Port -> (integer)
  Database -> (string)
  ClusterId -> (string)
  IAMParameters -> (structure)
    RoleArn -> (string)
    DatabaseUser -> (string)
    DatabaseGroups -> (list)
    AutoCreateDatabaseUser -> (boolean)
  IdentityCenterConfiguration -> (structure)
    EnableIdentityPropagation -> (boolean)

Affected Resource(s) and/or Data Source(s)

Resource:

• aws_quicksight_data_source

Potential Terraform Configuration

resource "aws_quicksight_data_source" "redshift" {
  data_source_id = "example"
  name           = "example"
  parameters {
    redshift {
      cluster_id  = "ZZZZZZ"
      database    = "database"
      host        = "AAA.BBB.us-east-1.redshift.amazonaws.com"
      port        = 5439
      iam_parameters {
        rolearn = "arn:aws:iam::############:role/YYYYYY"
        databaseuser = "dbuser"
        databasegroups = ["CCCC"]
        autocreatedatabaseuser = true
      }
      identitycenterconfiguration {
        enableIdentitypropagation = true
      }
    }
  }
  type = "REDSHIFT"
}

References

https://docs.aws.amazon.com/cli/latest/reference/quicksight/create-data-source.html

  "RedshiftParameters": {
    "Host": "string",
    "Port": integer,
    "Database": "string",
    "ClusterId": "string",
    "IAMParameters": {
      "RoleArn": "string",
      "DatabaseUser": "string",
      "DatabaseGroups": ["string", ...],
      "AutoCreateDatabaseUser": true|false
    },
    "IdentityCenterConfiguration": {
      "EnableIdentityPropagation": true|false
    }
  },

RedshiftParameters -> (structure)

The parameters for Amazon Redshift.

Host -> (string)

Host. This field can be blank if ClusterId is provided. Port -> (integer)

Port. This field can be blank if the ClusterId is provided. Database -> (string)

Database. ClusterId -> (string)

Cluster ID. This field can be blank if the Host and Port are provided. IAMParameters -> (structure)

An optional parameter that uses IAM authentication to grant Amazon QuickSight access to your cluster. This parameter can be used instead of DataSourceCredentials .

RoleArn -> (string)

Use the RoleArn structure to allow Amazon QuickSight to call redshift:GetClusterCredentials on your cluster. The calling principal must have iam:PassRole access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role. DatabaseUser -> (string)

The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster. If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of AutoCreateDatabaseUser to True to create a new user with PUBLIC permissions. DatabaseGroups -> (list)

A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster. These permissions are combined with the permissions granted to Amazon QuickSight by the DatabaseUser . If you choose to include this parameter, the RoleArn must grant access to redshift:JoinGroup .

(string)

AutoCreateDatabaseUser -> (boolean)

Automatically creates a database user. If your database doesn't have a DatabaseUser , set this parameter to True . If there is no DatabaseUser , Amazon QuickSight can't connect to your cluster. The RoleArn that you use for this operation must grant access to redshift:CreateClusterUser to successfully create the user. IdentityCenterConfiguration -> (structure)

An optional parameter that configures IAM Identity Center authentication to grant Amazon QuickSight access to your cluster.

This parameter can only be specified if your Amazon QuickSight account is configured with IAM Identity Center.

EnableIdentityPropagation -> (boolean)

A Boolean option that controls whether Trusted Identity Propagation should be used.

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.