Quicksight Secret Manager Access while creating dataset

Hi All,

I am trying to create a Quicksight Snowflake Datasource using AWS Cloud Formation. For the Snowflake credentials I created a secret and referenced the Secret ARN in the cloudformation stack.
I was able to create the datasource , however when I try to create a dataset from the AWS Console, I get the below error.

User: arn:aws:sts::12345:assumed-role/aws-quicksight-secretsmanager-role-v0/QuickSight-RoleSession-12345 is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-east-1:12345:secret:secret-nbame because no session policy allows the secretsmanager:GetSecretValue action (Service: AWSSecretsManager; Status Code: 400; Error Code: AccessDeniedException; Request ID: f339cfde-866d-4416-9182-385267930555; Proxy: null)

I verified the IAM policy and the Quicksight role does have access to the SecretManager

I followed the steps mentioned in this link .

Does anyone have any information regarding this ? Thanks in advance

Does your AWS console use that Sercret ARN? I’m assuming it doesn’t

I created that secret in the AWS Console , it isn’t being used or referred anywhere else .
It is being referenced only in Quicksight ( in the Manage Quicksight to AWS Services page)

Hi @roby

I have been successfully able to create a datasource using secrets manager and a dataset. If you are still facing this issue, I would recommend filing a case with AWS Support where we can dive into the details so that we can help you further. Here are the steps to open a support case. If your company has someone who manages your AWS account, you might not have direct access to AWS Support and will need to raise an internal ticket to your IT team or whomever manages your AWS account. They should be able to open an AWS Support case on your behalf. Hope this helps!

Kind Regards,


Thank you for your reply Koushik.
I took a different approach , I went with username and password and had the Datasource deployed using AWS Cloudformation and Terraform . The credentials were passed as a parameter via Terraform.

1 Like