Allowing autodiscovery of Amazon resources
Applies to: Enterprise Edition and Standard Edition |
Intended audience: System administrators |
Each Amazon service that you access from Amazon QuickSight needs to allow traffic from QuickSight. Instead of opening each service console separately to add permissions, a QuickSight administrator can do this in the administration screen. Before you begin, make sure that you have addressed the following prerequisites.
If you choose to enable autodiscovery of Amazon resources for your Amazon QuickSight account, Amazon QuickSight creates an Amazon Identity and Access Management (IAM) role in your Amazon Web Services account. This IAM role grants your account permission to identify and retrieve data from your Amazon data sources.
Because Amazon limits the number of IAM roles that you can create, make sure that you have at least one free role. You need this role for Amazon QuickSight to use if you want Amazon QuickSight to autodiscover your Amazon resources.
You can have Amazon QuickSight autodiscover Amazon RDS DB instances or Amazon Redshift clusters that are associated with your Amazon Web Services account. These resources must be located in the same Amazon Web Services Region as your Amazon QuickSight account.
If you choose to enable autodiscovery, choose one of the following options to make the Amazon resource accessible:
-
For Amazon RDS DB instances that you created in a default VPC and didn't make private, or that aren't in a VPC (EC2-Classic instances), see Authorizing connections from Amazon QuickSight to Amazon RDS DB instances. In this topic, you can find information on creating a security group to allow connections from Amazon QuickSight servers.
-
For Amazon Redshift clusters that you created in a default VPC and didn't choose to make private, or that aren't in a VPC (that is, EC2-Classic instances), see Authorizing connections from Amazon QuickSight to Amazon Redshift clusters. In this topic, you can find information on creating a security group to allow connections from Amazon QuickSight servers.
-
For an Amazon RDS DB instance or Amazon Redshift cluster that is in a nondefault VPC, see Authorizing connections from Amazon QuickSight to Amazon RDS DB instances or Authorizing connections from Amazon QuickSight to Amazon Redshift clusters. In these topics, you can find information on first creating a security group to allow connections from Amazon QuickSight servers. In addition, you can find information on then verifying that the VPC meets the requirements described in Network configuration for an Amazon instance in a nondefault VPC.
-
If you don't use a private VPC, set up the Amazon RDS instance to allow connections from the Amazon QuickSight Region's public IP address.
Enabling autodiscovery is the easiest way to make this data available in Amazon QuickSight. You can still manually create data connections whether or not you enable autodiscovery.