Menu
Amazon QuickSight
User Guide

Authorizing Connections from Amazon QuickSight to Amazon RDS DB Instances

For Amazon QuickSight to connect to an Amazon RDS DB instance, you must create a new security group for that DB instance. This security group contains an inbound rule authorizing access from the appropriate IP address range for the Amazon QuickSight servers in that region. To learn more about authorizing Amazon QuickSight connections, see Manually Enabling Access to an Amazon RDS Instance in a VPC or Manually Enabling Access to an Amazon RDS Instance That Is Not in a VPC.

To create and assign a security group for an Amazon RDS DB instance, you must have AWS credentials that permit access to that DB instance.

Enabling connection from Amazon QuickSight servers to your instance is just one of several prerequisites for creating a data set based on an AWS database data source. For more information about what is required, see Creating Data Sets from New Database Data Sources.

Manually Enabling Access to an Amazon RDS Instance in a VPC

Use the following procedure to enable Amazon QuickSight access to an Amazon RDS DB instance in a VPC.

To enable Amazon QuickSight access to an Amazon RDS DB instance in a VPC

  1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. On the Instances page, select the instance to which you want to grant access, and then choose the details page icon, as shown following.

  3. Locate Port in the Cluster Database Properties section. Note the Port value.

  4. Locate VPC in the Security and Network section, and note the VPC value. Choose the VPC value to open the VPC console.

  5. On the Amazon VPC Management Console, choose Security Groups in the navigation pane.

  6. Choose Create Security Group.

  7. On the Create Security Group page, enter the security group information as follows:

    • For Name tag and Group name, type Amazon-QuickSight-access.

    • For Description, type Amazon-QuickSight-access.

    • For VPC, choose the VPC for your instance. This VPC is the one with the VPC ID that you noted.

  8. Choose Yes, Create.

  9. Your new security group should be displayed on the screen. Choose the security group, and then choose Inbound Rules from the tab list.

    Choose Edit to create a new rule. Use the following values:

    • For Type, choose Custom TCP Rule.

    • For Protocol, choose TCP (6).

    • For Port Range, type the port number of the Amazon RDS cluster to which you are providing access. This port number is the one that you noted in an earlier step.

    • For Source, type the CIDR address block for the region where you'll be using QuickSight. For example, here is the CIDR address block for EU (Ireland): 52.210.255.224/27. For more information on the IP address ranges for Amazon QuickSight in supported regions, see AWS Regions and IP Address Ranges.

      Note

      If you have activated Amazon QuickSight in multiple regions, you can create inbound rules for each Amazon QuickSight endpoint CIDR. Doing this allows Amazon QuickSight to have access to the Amazon RDS DB instance from any region defined in the inbound rules.

      An Amazon QuickSight user or administrator who uses Amazon QuickSight in multiple regions is treated as a single user. In other words, even if you are using Amazon QuickSight in every region, both your Amazon QuickSight account and your users are global.

  10. Choose Save to save your new inbound rule.

  11. Return to the Instances page of the Amazon RDS console.

    Choose the instance that you want to enable access to.

    Choose Instance Actions, and then choose Modify.

  12. In the Network & Security section, the currently assigned security group or groups are already chosen for Security Group. Press CTRL and choose Amazon-QuickSight-access in addition to the other selected groups.

  13. Choose Continue, and then choose Modify DB Instance.

Manually Enabling Access to an Amazon RDS Instance That Is Not in a VPC

Use the following procedure to access an Amazon RDS DB instance that is not in a VPC.

To access an Amazon RDS DB instance that is not in a VPC

  1. Sign in to the Amazon RDS console.

  2. Choose Security Groups in the navigation pane.

  3. Choose Create DB Security Group.

  4. Type Amazon-QuickSight-access for the Name and Description values, and then choose Create.

  5. The new security group is selected by default.

    Select the details icon next to the security group, as shown following.

  6. For Connection Type, choose CIDR/IP.

  7. For CIDR/IP to Authorize, type the appropriate CIDR address block. For more information on the IP address ranges for Amazon QuickSight in supported regions, see AWS Regions and IP Address Ranges.

  8. Choose Authorize.

  9. Return to the Instances page of the Amazon RDS Management Console, choose the instance that you want to enable access to, choose Instance Actions, and then choose Modify.

  10. In the Network & Security section, the currently assigned security group or groups already is chosen for Security Group. Press CTRL and choose Amazon-QuickSight-access in addition to the other selected groups.

  11. Choose Continue, and then choose Modify DB Instance.