Allowing autodiscovery of AWS resources
Applies to: Enterprise Edition and Standard Edition |
Intended audience: System administrators |
Each AWS service that you access from Amazon QuickSight needs to allow traffic from QuickSight. Instead of opening each service console separately to add permissions, a QuickSight administrator can do this in the administration screen. Before you begin, make sure that you have addressed the following prerequisites.
If you choose to enable autodiscovery of AWS resources for your Amazon QuickSight account, Amazon QuickSight creates an AWS Identity and Access Management (IAM) role in your AWS account. This IAM role grants your account permission to identify and retrieve data from your AWS data sources.
Because AWS limits the number of IAM roles that you can create, make sure that you have at least one free role. You need this role for Amazon QuickSight to use if you want Amazon QuickSight to autodiscover your AWS resources.
You can have Amazon QuickSight autodiscover Amazon RDS DB instances or Amazon Redshift clusters that are associated with your AWS account. These resources must be located in the same AWS Region as your Amazon QuickSight account.
If you choose to enable autodiscovery, choose one of the following options to make the AWS resource accessible:
-
For Amazon RDS DB instances that you created in a default VPC and didn't make private, or that aren't in a VPC (EC2-Classic instances), see Authorizing connections from Amazon QuickSight to Amazon RDS DB instances. In this topic, you can find information on creating a security group to allow connections from Amazon QuickSight servers.
-
For Amazon Redshift clusters that you created in a default VPC and didn't choose to make private, or that aren't in a VPC (that is, EC2-Classic instances), see Authorizing connections from Amazon QuickSight to Amazon Redshift clusters. In this topic, you can find information on creating a security group to allow connections from Amazon QuickSight servers.
-
For an Amazon RDS DB instance or Amazon Redshift cluster that is in a nondefault VPC, see Authorizing connections from Amazon QuickSight to Amazon RDS DB instances or Authorizing connections from Amazon QuickSight to Amazon Redshift clusters. In these topics, you can find information on first creating a security group to allow connections from Amazon QuickSight servers. In addition, you can find information on then verifying that the VPC meets the requirements described in Network configuration for an AWS instance in a nondefault VPC.
-
If you don't use a private VPC, set up the Amazon RDS instance to allow connections from the Amazon QuickSight Region's public IP address.
Enabling autodiscovery is the easiest way to make this data available in Amazon QuickSight. You can still manually create data connections whether or not you enable autodiscovery.