Authorizing connections from Amazon QuickSight to Amazon EC2 instances - Amazon QuickSight

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Authorizing connections from Amazon QuickSight to Amazon EC2 instances

   Applies to: Enterprise Edition and Standard Edition 
   Intended audience: System administrators 

For Amazon QuickSight to connect to an Amazon EC2 instance, you must create a new security group for that instance. This security group contains an inbound rule authorizing access from the appropriate IP address range for the Amazon QuickSight servers in that AWS Region.

To modify the security groups for these Amazon EC2 instances, you must have AWS credentials that permit you to access to the instances.

Enabling connection from Amazon QuickSight servers to your instance is just one of several prerequisites for creating a data set based on an AWS database data source. For more information about what is required, see Creating datasets from new database data sources.

To enable Amazon QuickSight access to an Amazon EC2 instance

  1. Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. If your EC2 instance is in a VPC, choose the instance to view the instance details pane. Find its VPC ID and note that ID for later use.

  3. Choose Security Groups in the NETWORK & SECURITY section of the navigation pane. Then choose Create Security Group, as shown following.

  4. Enter the security group information as follows:

    • For Security group name, enter Amazon-QuickSight-access.

    • For Description, enter Amazon-QuickSight-access.

    • For VPC, choose the VPC ID that you noted in step 2 if your Amazon EC2 instance is in a VPC. Otherwise, choose No VPC.

  5. Choose Add Rule on the Inbound tab.

  6. Create a new rule with the following values:

    • For Type, choose Custom TCP Rule.

    • For Protocol, choose TCP.

    • (Optional) For Port Range, enter the port number used by the instance on this Amazon EC2 instance to which you are providing access.

    • For Source, enter the CIDR address block for the AWS Region where you plan to use Amazon QuickSight. For example, here is the CIDR address block for Europe (Ireland): 52.210.255.224/27. For more information on the IP address ranges for Amazon QuickSight in supported AWS Regions, see AWS Regions, websites, IP address ranges, and endpoints.

      Note

      If you have activated Amazon QuickSight in multiple AWS Regions, you can create inbound rules for each Amazon QuickSight endpoint CIDR. Doing this allows Amazon QuickSight to have access to the Amazon RDS DB instance from any AWS Region defined in the inbound rules.

      An Amazon QuickSight user or administrator who uses Amazon QuickSight in multiple AWS Regions is treated as a single user. In other words, even if you are using Amazon QuickSight in every AWS Region, both your Amazon QuickSight account and your users are global.

  7. Choose Create.

  8. Choose Instances in the INSTANCES section of the navigation pane, and then choose the instance that you want to enable access to.

  9. Choose Actions, then Networking, and then Change Security Groups.

  10. In Change Security Groups, choose the Amazon-QuickSight-access security group.

    Then choose Assign Security Groups, as shown following.