Quick Sight Datasource Connectivity Guide.

Permissions Issues under Manage Quick Sight

AWS Permissions

• Navigate to Manage QuickSight > Security & permissions > QuickSight access to AWS services
• Verify you've selected all services you need to integrate with QuickSight
• Confirm explicit selection of:
• S3 buckets with appropriate access levels
• Read/write access to Athena workgroups

Resource Access Policies

• Check the default resource access policy
• Verify it is not set to DENY
• Review any custom permissions for restrictions that might block access

IAM Policy Assignment

• Review IAM policy assignments for QuickSight
• Confirm policies grant necessary permissions to access required data sources
• Check for any restrictive policies that might override access permissions

Custom Permissions

• Review any new profile of custom permissions added for any user.

Network Configuration

VPC Connections

• Navigate to Manage QuickSight > Manage VPC connections
• Verify the VPC of your data source has been added to QuickSight
• Confirm the connection status shows as AVAILABLE
• Check that security groups allow traffic between QuickSight and your data sources

Default VPC Configuration

If your AWS instances are in a default VPC:

• Verify the database is publicly accessible
• Enable access from Amazon QuickSight
• Check that security groups allow inbound traffic on the required database port

Private/Non-Default VPC Configuration

If your instances are in non-default or private VPCs:

• Confirm bidirectional traffic is allowed between QuickSight and your database
• Verify security group rules permit connections on the required ports
• Ensure network ACLs don't block necessary traffic

Data Source-Specific Requirements

S3 Data Sources

• Verify manifest file configuration is correct
• Check for any syntax errors in the manifest file
• Consider creating a new manifest file to rule out corruption
• Confirm QuickSight has permissions to access the S3 bucket and objects

RDS/Redshift (Private VPC)

• Remember that instances in a private VPC are not directly accessible from the internet
• Configure security groups to allow inbound traffic from QuickSight
• Verify the database is in the same AWS Region as your QuickSight account for auto-discovery
• Confirm VPC connection security group rules allow bidirectional traffic on required ports

Snowflake

• Verify OAuth client credentials are correctly configured
• Confirm the connection between your QuickSight account and Snowflake through QuickSight APIs
• Check that all required permissions are granted in Snowflake

Troubleshooting Checklist

When experiencing connectivity issues, systematically check:

• AWS resource permissions
• Resource access policies
• IAM policy assignments
• VPC connections in Quick Sight
• Network configuration with security groups
• Data source-specific requirements

References

[] https://docs.aws.amazon.com/quicksuite/latest/userguide/troubleshoot-connect-S3.html

[] https://docs.aws.amazon.com/quicksuite/latest/userguide/connecting-to-snowflake.html

[] https://docs.aws.amazon.com/quicksuite/latest/userguide/configure-access.html