Amazon QuickSight - AWS GovCloud (US)

Amazon QuickSight

This service is currently available in AWS GovCloud (US-West) only.

Amazon QuickSight is a cloud-scale business intelligence (BI) service that you can use to deliver easy-to-understand insights to the people who you work with, wherever they are. Amazon QuickSight connects to your data in the cloud and combines data from many different sources. In a single data dashboard, Amazon QuickSight can include AWS data, third-party data, big data, spreadsheet data, SaaS data, B2B data, and more. As a fully managed cloud-based service, Amazon QuickSight provides enterprise-grade security, global availability, and built-in redundancy. It also provides the user-management tools that you need to scale from 10 users to 10,000, all with no infrastructure to deploy or manage.

Amazon QuickSight gives decision-makers the opportunity to explore and interpret information in an interactive visual environment. They have secure access to dashboards from any device on your network and from mobile devices.

How Amazon QuickSight Differs for AWS GovCloud (US)

Below listed are the differences between the AWS GovCloud (US) and the standard AWS Regions.

  • Email based user provisioning is not supported in AWS GovCloud (US).

  • Using geospatial visualizations is not supported in AWS GovCloud (US).

  • Using Amazon SageMaker integration is not supported in AWS GovCloud (US).

Amazon QuickSight in AWS GovCloud (US) supports user authorization for federated users only. Amazon QuickSight directly supports authentication through AWS Identity and Access Management (IAM), single-sign on (SSO), and AWS Directory Service for Microsoft Active Directory. For more information, see Identity federation in AWS.

Specialized configurations that allow users to authenticate with a different identity service can also work, even if not directly supported from inside Amazon QuickSight. For example, you can use Amazon Cognito as is described in the Embedded Analytics Tutorial. This authentication method works because it is compatible and transparent to Amazon QuickSight. For more information on Amazon QuickSight authentication, see Identity and Access Management in Amazon QuickSight.


If you are using the Embedded Analytics Tutorial, you can point to AWS GovCloud (US) ARNs and URLs for your resources, but in the step for the static website that uses Amazon CloudFront and Amazon S3, you need to point to a classic AWS Region, for example US East (N. Virginia), for the tutorial to work. This is not necessary outside the tutorial. For more information and additional examples, see Developing with Amazon QuickSight in the Amazon QuickSight User Guide.

Documentation for Amazon QuickSight

Amazon QuickSight documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the table below explains how certain components of data may leave the Regions in the normal course of the Service Offerings. The table can be used as a guide to help meet applicable customer compliance obligations.

Data in the following service attributes will not leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings Data in the following service attributes may leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings
  • All data ingested into Amazon QuickSight can contain export-controlled data.

  • All data processed by Amazon QuickSight can contain export-controlled data.

  • Avoid using export-controlled data in names, descriptions, custom IDs, or tags used for any Amazon QuickSight object or entity, including but not limited to:

    • Amazon QuickSight users

    • Amazon QuickSight groups

    • Connections to data sources

    • Datasets

    • Analyses

    • Dashboards

    • Embedded dashboards

    • Folders

    • Templates

    • Custom URL actions

    • Parameters

    • VPC connection names

    • IAM policy assignments

    • Amazon QuickSight "account" names (the name you give to your Amazon QuickSight subscription on your AWS account)

    • Names of actual database objects and files in your on-prem or local data sources, if you use these with Amazon QuickSight

  • Use caution with email reports to make sure no restricted data is displayed in the email.

  • Use caution when allowing data to be downloaded, for example from a dashboard or analysis. Users who can download data can export a downloaded file directly to any drive location they have access to.

  • We recommend that you avoid accessing export-controlled data on mobile devices.