Setting up a VPC to use with Amazon QuickSight - Amazon QuickSight

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Setting up a VPC to use with Amazon QuickSight

 Applies to: Enterprise Edition 
   Intended audience: System administrators 

To set up a VPC to use with Amazon QuickSight Enterprise edition, you need access to Amazon VPC and Amazon EC2. You also need access to each AWS database service that you plan to add to QuickSight. You can use the console, or you can use the AWS Command Line Interface (AWS CLI). For more information about the CLI, see the AWS Command Line Interface User Guide. To work with the CLI, go to https://aws.amazon.com/cli/.

Before you begin to set up your VPC connection in QuickSight, make sure that you understand the components of a VPC deployment. As part of that, familiarize yourself with the VPC's subnets and security groups in relation to the destinations (databases) that you want to reach from QuickSight. To set up a successful VPC connection, make sure that the following components work together to allow network traffic to pass between QuickSight and your data source:

  • The Amazon VPC service

  • The subnets that your data source is using

  • The QuickSight elastic network interfaces and the subnets they use

  • The route table

  • Inbound and outbound rules for these security groups:

    • Security group for your VPC. We recommend you create a new security group to isolate the rules on the VPC security group from the rules on the QuickSight network interface's security group).

    • Security group attached to the QuickSight network interface.

    • Security group attached to the database server (for each database server that you want to use).

  • (Optional) Amazon Route 53 Resolver inbound endpoints for private DNS resolution.

In the following topics, you can find the network components that are involved. You can also find descriptions of their roles in the network configuration of your VPC and your QuickSight VPC connection. The network interface for QuickSight that is automatically created during setup is called the QuickSight network interface (QNI).

If your VPC is already completely configured, skip to the next section, Finding information to connect to a VPC.

Topics