Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How can I create a private connection from Amazon QuickSight to an Amazon Redshift cluster or an Amazon RDS DB instance that's in a private subnet?

Lesedauer: 4 Minute

I want to create a private connection from Amazon QuickSight to an Amazon Redshift cluster or database instance in a private subnet. How can I do that?

Short description

Amazon QuickSight supports Amazon Virtual Private Cloud (Amazon VPC) connections to AWS data sources. The Amazon VPC connection allows you to privately connect to an Amazon Redshift cluster or an Amazon Relational Database Service (Amazon RDS) instance.

To create a private connection from QuickSight, you must provide a subnet and security group from a VPC in the same AWS Region. Then, create a private connection from QuickSight to the private subnet. After the private connection is established, you can allow traffic between the new security group and the Amazon Redshift cluster or DB instance security group.

Note: The data source must be in the same account and Region that's used for QuickSight.

Resolution

Important: These steps apply to Amazon QuickSight Enterprise Edition. It's a best practice to upgrade to Amazon QuickSight Enterprise Edition to securely access data in private VPCs. For more information about Enterprise Edition pricing, see Amazon QuickSight pricing.

1. Identify the ID of the subnet QuickSight will use to establish a private connection to your datasource. You can either use an existing subnet in the same VPC with a route to the database instance or create a new subnet.

2. Create a new security group for QuickSight in the same VPC.

3. Add an inbound rule to the QuickSight security group that allows all communication from the Amazon Redshift cluster or RDS DB instance.
For Type, choose All TCP.
For Source, choose Custom, and then enter the ID of the security group used by your Amazon Redshift cluster or RDS DB instance.

4. Add an outbound rule to the QuickSight security group that allows all traffic to the Amazon Redshift cluster or RDS DB instance.
For Type, choose Custom TCP Rule.
For Port Range, enter the port used by the Amazon Redshift cluster or RDS DB instance. The default Amazon Redshift port is 5439. The default Amazon RDS port is 3306.
For Destination, choose Custom, and then enter the ID of the security group used by your Amazon Redshift cluster or RDS DB instance.

5. In the Amazon Redshift cluster or RDS DB instance's security group, add an inbound rule. The inbound rule must allow all incoming traffic from the QuickSight security group that you created in Step 2.
For Type, choose Custom TCP Rule.
For Port Range, enter the port used by the Amazon Redshift cluster or RDS DB instance. The default Amazon Redshift port is 5439. The default Amazon RDS port is 3306.
For Source, choose Custom, and then enter the QuickSight security group ID.

6. In the Amazon Redshift cluster or RDS DB instance's security group, add another outbound rule. This outbound rule must allow all traffic to the QuickSight security group that you created.
For Type, choose All TCP.
For Destination, choose Custom, and then enter the QuickSight security group ID.

7. Create a private connection from QuickSight to Amazon VPC.
For VPC ID, select the VPC for your Amazon Redshift cluster or RDS DB instance.
For Subnet ID, select the private subnet that you created in Step 1.
For Security group ID, enter the QuickSight security group that you created.

8. Create a new dataset from the Amazon Redshift cluster or RDS DB instance.
For Connection type, choose the VPC connection that you created in Step 5.

Example security group configuration

In SG-123345678f (QuickSight security group):

Inbound:

Type             Protocol          Port Range         Source                  Description
------------------------------------------------------------------------------------------------------------------
All TCP           All              0 - 65535       sg-122887878f         Amazon RDS/Amazon Redshift security group

Outbound:

Type              Protocol          Port Range           Source                  Description
------------------------------------------------------------------------------------------------------------
Custom TCP          TCP            5439 or 3306       sg-122887878f       Amazon RDS/Amazon Redshift security group

In SG-122887878f (Amazon RDS or Amazon Redshift security group):

Inbound:

Type             Protocol          Port Range           Source                Description
-----------------------------------------------------------------------------------------------------
Custom TCP         TCP            5439 or 3306        sg-123345678f        QuickSight security group

Outbound:

Type            Protocol          Port Range          Source                  Description
-------------------------------------------------------------------------------------------------
All TCP           TCP             0 - 65535           sg-123345678f        QuickSight security group

Related information

Connecting to a VPC with Amazon QuickSight

Themen

Analysen

Relevanter Inhalt

Wie kann ich Amazon S3 in meinen mit Aurora PostgreSQL kompatiblen DB-Cluster integrieren?
AWS OFFICIALAktualisiert vor 4 Monaten
Wie behebe ich SQL-Ausnahmefehler bei benutzerdefinierten SQL-Datenquellen in QuickSight?
AWS OFFICIALAktualisiert vor 8 Monaten
Wie kann ich Amazon QuickSight mit einer privaten Amazon RDS-Datenquelle in einer anderen AWS-Region oder einem anderen AWS-Konto verbinden?
AWS OFFICIALAktualisiert vor 8 Monaten
Wie verbinde ich mein Amazon-SageMaker-Studio-Notebook mit einem Amazon-Redshift-Cluster?
AWS OFFICIALAktualisiert vor 5 Monaten

How can I create a private connection from Amazon QuickSight to an Amazon Redshift cluster or an Amazon RDS DB instance that's in a private subnet?

Short description

Resolution

Related information

Ähnliche Videos

Relevanter Inhalt