An IP rule is created when you add a CIDR address with a public IP version 4 address to the restrictions table. A VPC endpoint rule is created when you add either a VPC ID or a VPC endpoint ID to the restrictions table. You can add up to IP or VPC endpoint rules to the restrictions table. You can only add rules from the AWS Region where your account is. All traffic that is not allowed by either the IP rule or the VPC endpoint rule is blocked when the restriction is turned on.
A CIDR address is composed of two parts: the
prefix and the suffix. The prefix is the CIDR's network address and is written like
a normal IP address. The suffix shows how many bits are in the address. An example
of a complete CIDR address is 10.24.34.0/23.
IP and VPC endpoint rules apply only to Amazon QuickSight web, embedded, and mobile access and don't restrict access to the public API. Your users can still call all API operations from restricted IP ranges. For information on restricting calls to the public API from specific IP addresses, see AWS: Denies access to AWS based on the source IP in the IAM User Guide.
Before you save any rule changes or turn on other rules, make sure that you have a rule that includes your IP address or VPC endpoint ID. If there isn’t a rule that includes allows your traffic, you can't save your changes.
To add an IP or VPC endpoint rule
-
On the Amazon QuickSight start page, choose Manage QuickSight, and then choose Security and Permissions.
-
Choose IP and VPC endpoint restrictions.
-
Perform one of the following actions.
-
For IP restriction, enter the CIDR address that defines the IP range that you want to create a rule for.
-
For VPC endpoint restriction, enter either the VPC ID or the VPC endpoint ID of the endpoint that you want to create a rule for.
-
-
(Optional) For Description, enter a description for the rule. Doing this can help you differentiate your rules.
-
Choose Add.
-
Choose Save changes in the box that appears to apply the rule.
It can take up to 10 minutes for a rule to be fully implemented.
