Manually enabling access to an Amazon Redshift cluster in a VPC
| Applies to: Enterprise Edition |
Use the following procedure to enable Amazon QuickSight access to an Amazon Redshift cluster in a VPC.
To enable Amazon QuickSight access to an Amazon Redshift cluster in a VPC
Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/
. -
Navigate to the cluster that you want to make available in Amazon QuickSight.
-
In the Cluster Properties section, find Port. Note the Port value.
-
In the Cluster Properties section, find VPC ID and note the VPC ID value. Choose VPC ID to open the Amazon VPC console.
-
On the Amazon VPC console, choose Security Groups in the navigation pane.
-
Choose Create Security Group.
-
On the Create Security Group page, enter the security group information as follows:
-
For Security group name, enter
redshift-security-group. -
For Description, enter
redshift-security-group. -
For VPC, choose the VPC for your Amazon Redshift cluster. This is the VPC with the VPC ID that you noted.
-
-
Choose Create security group.
Your new security group should appear on the screen.
-
Create a second security group with the following properties.
-
For Security group name, enter
quicksight-security-group. -
For Description, enter
quicksight-security-group. -
For VPC, choose the VPC for your Amazon Redshift cluster. This is the VPC with the VPC ID that you noted.
-
-
Choose Create security group.
-
After you create the new security groups, create inbound rules for the new groups.
Choose the new
redshift-security-groupsecurity group, and input the following values.-
For Type, choose Amazon Redshift.
-
For Protocol, choose TCP.
-
For Port Range, enter the port number of the Amazon Redshift cluster to which you are providing access. This is the port number that you noted in an earlier step.
-
For Source, enter the security group ID of
quicksight-security-group.
-
-
Choose Save rules to save your new inbound rule.
-
Repeat the previous step for
quicksight-security-groupand enter the following values.-
For Type, choose All traffic.
-
For Protocol, choose All.
-
For Port Range, choose All.
-
For Source, enter the security group ID of
redshift-security-group.
-
-
Choose Save rules to save your new inbound rule.
-
In QuickSight, navigate to the Manage QuickSight menu.
-
Choose Manage VPC connections, and then choose Add VPC connection.
-
Configure the new VPC connection with the following values.
-
For VPC connection name, choose a meaningful name for the VPC connection.
-
For VPC ID, choose the VPC in which the Amazon Redshift cluster exists.
-
For Subnet ID, choose the subnet for the Availability Zone (AZ) that is used for Amazon Redshift.
-
For Security group id, copy and paste the security group ID for
quicksight-security-group.
-
-
Choose Create. It might take several minutes for the new VPC to generate.
-
In the Amazon Redshift console, navigate to the Amazon Redshift cluster that
redshift-security-groupis configured to. Choose Properties. underNetwork and security settings, enter the name of the security group. -
In QuickSight, choose Datasets, and then choose New dataset. Create a new dataset with the following values.
-
For Data source, choose Amazon Redshift Auto-discovered.
-
Give the data source a meaningful name.
-
The instance ID should auto populate with the VPC connection that you created in QuickSight. If the instance ID doesn't auto populate, choose the VPC that you created from the dropdown list.
-
Enter the database credentials. If your QuickSight account uses trusted identity propagation, choose Single sign-on.
-
-
Validate the connection, and then choose Create data source.
If you want to restrict the default outbound rules further, update the
outbound rule of quicksight-security-group to allow only Amazon Redshift
traffic to redshift-security-group. You can also delete the
outbound rule that's located in the
redshift-security-group.
