Question for Quicksight Community about SPICE Security

Recently I’m working on a project in Quick sight for a client. But the client wants the dashboard in Direct Query mode only. But using Direct Query will impact the performance, due to huge load the visuals will eventually fail to load. The client said “The SPICE stores the customer data for which they don’t have permission”. What I’m able to grasp is the spice will run the query and stores the data and this stored result will be used to compute calculated field or with filter selection it will make selection on result. It will not run query again and again like direct query. I want to know about the security issues of SPICE or are they myth. And also something about KMS was also mentioned in security concern with SPICE.

Hi @Awan

SPICE is designed with security as a top priority, incorporating several measures to ensure that stored data remains well-protected. To address security concerns, SPICE uses AWS KMS for encryption, and there is also the option to use customer-managed keys, offering an additional level of control over the encryption process.

Please refer the below QuickSight documentation and community post this might be helpful for you.

It might be helpful to provide the client with information from Amazon’s official documentation regarding the encryption and security of SPICE datasets to help.

Hope this helps!

What about direct query does it store result and does it work same as SPICE. Does Direct Query uses AWS KMS for encryption, or customer managed keys.

@Awan ,

For direct query, QuickSight is querying the data source at the time of dashboard access to retrieve results and load the visuals. This also means, if a user changes a value for example in a filter, the data is queried again in the data source . The encryption of the data source is the responsibility of the customer .

1 Like

Okay Thanks @Koushik_Muthanna @Xclipse