I am connecting a redshift datasource with an IAM based authentication but seems it only allows you to enter a username and password. Any way to use IAM instead of username/password?
Same situation for connecting S3. And “parquet” is not one of allowed manifest type to upload.
Hi. Thanks you for your question! 
Many of our community Experts and folks from our team are on holiday right now. I asked “My Assistant” (universal chat) in Quick Suite, and got this back. @Brett Could you review and validate the answer below on Monday after you return from holiday?
”Connecting to Redshift with IAM Authentication in Quick Suite
Quick Suite supports three authentication methods for connecting to Amazon Redshift data sources :
Trusted identity propagation (via IAM Identity Center)
Run-as IAM role
Amazon Redshift database credentials (traditional username/password)
This is the most secure IAM-based authentication method. With trusted identity propagation:
A user’s identity is passed to Amazon Redshift with single sign-on managed by IAM Identity Center
The end user is authenticated in Amazon Redshift when they access Quick Suite assets
Fine-grained data permissions are applied in Amazon Redshift before data is presented
All data security rules are automatically applied to data consumers in Quick Suite
Prerequisites:
Your Quick Suite account must be integrated with IAM Identity Center
Your Amazon Redshift cluster must be integrated with IAM Identity Center
Both must be in the same AWS organization and configured with the same IAM Identity Center instance
Setup steps:
Configure Amazon Redshift OAuth scopes in your Quick Suite account using the AWS CLI
Specify the IAM Identity Center application ARN of your Redshift cluster
When creating a dataset, choose Amazon Redshift as the data source
Select IAM Identity Center as the identity option
Alternatively, you can use a run-as IAM role for Redshift connections :
Create an IAM role with appropriate Redshift permissions
Attach the role ARN to your Redshift data source
The role can include redshift:GetClusterCredentialsWithIAM permission for passwordless authentication
This works for both public network and VPC connections
Important limitations:
Trusted identity propagation is not currently supported for: SPICE datasets, Custom SQL on data sources, Alerts, Email reports, Quick Suite Q, CSV/Excel/PDF exports, and Anomaly detection
Trusted identity propagation only works with Direct Query datasets, not SPICE”
Hi, @haojunx We hope this solution worked for you. Let us know if this is resolved. And if it is, please help the community by marking this answer as a “Solution" (check box under the reply).
Hi @haojunx,
Following up here as it’s been awhile since we last heard from you; do you have any additional questions regarding your initial post? If we do not hear back within the next 3 business days, I’ll mark the solution.
Thank you
Hi @haojunx,
Since we haven’t received any further updates from you, I’ll mark this post as “Solution.” However, if you have any additional questions, feel free to create a new post in the community and link this discussion for context.
Thank you!
Hi team, sorry for late response. I was out in the last month.
I followed the instruction for Run-as IAM Role you mentioned but there is no choice of IAM role when creating data source (See image). How can I create a redshift data source with IAM role used rather than username/password?
Thank you
Thanks for Brett’s reply. I will look into this doc: https://community.amazonquicksight.com/t/re-connect-a-redshift-datasource-with-an-iam-based-authentication/51114/2?u=haojunx
