Security groups: inbound and outbound rules
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
For your VPC connection, create a new security group with the description QuickSight-VPC
.
This security group must allow all inbound TCP traffic from the security groups
of the data destinations that you want to reach. The following example creates a
new security group in the VPC and returns the ID of the new security
group.
aws ec2 create-security-group \ --name QuickSight-VPC \ --group-name quicksight-vpc \ --description "QuickSight-VPC" \ --vpc-id
vpc-0daeb67adda59e0cd
Important
Network configuration is sufficiently complex that we strongly recommend that you create a new security group for use with QuickSight. It also makes it easier for AWS Support to help you if you need to contact them. Creating a new group isn't absolutely required. However, the following topics are based on the assumption that you follow this recommendation.
To enable Amazon QuickSight to successfully connect to an instance in your VPC, configure your security group rules to allow traffic between the QuickSight network interface and the instance that contains your data. To do this, configure the security group attached to your database's instance inbound rules to allow the following traffic:
-
From the port that QuickSight is connecting to
-
From one of the following options:
-
The security group ID that's associated with QuickSight network interface (recommended)
or
-
The private IP address of the QuickSight network interface
-
For more information, see Security groups for your VPC and VPCs and subnets in the Amazon VPC User Guide.
Use the topics listed below to learn more about inbound and outbound rules.