Manually enabling access to an Amazon RDS instance in a VPC - Amazon QuickSight
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Important: We've redesigned the Amazon QuickSight analysis workspace. You might encounter screenshots or procedural text that doesn't reflect the new look in the QuickSight console. We're in the process of updating screenshots and procedural text.

To find a feature or item, use the Quick search bar.

For more information on QuickSight's new look, see Introducing new analysis experience on Amazon QuickSight.

Manually enabling access to an Amazon RDS instance in a VPC

Use the following procedure to enable Amazon QuickSight access to an Amazon RDS DB instance in a VPC. If your Amazon RDS DB instance is in subnet that is private (in relation to Amazon QuickSight) or that has Internet Gateways attached, see Connecting to a VPC with Amazon QuickSight.

To enable Amazon QuickSight access to an Amazon RDS DB instance in a VPC

  1. Sign in to the Amazon Web Services Management Console and open the Amazon RDS console at https://console.amazonaws.cn/rds/.

  2. Choose Databases, locate the DB instance, and view its details. To do this, you click directly on its name (a hyperlink in the DB identifier column).

  3. Locate Port and note the Port value. This can be a number or a range.

  4. Locate VPC and note the VPC value.

  5. Choose the VPC value to open the VPC console. In the Amazon VPC Management Console, choose Security Groups in the navigation pane.

  6. Choose Create Security Group.

  7. On the Create Security Group page, enter the security group information as follows:

    • For Name tag and Group name, enter Amazon-QuickSight-access.

    • For Description, enter Amazon-QuickSight-access.

    • For VPC, choose the VPC for your instance. This VPC is the one with the VPC ID that you noted previously.

  8. Choose Create. On the confirmation page, note the Security Group ID. Choose Close to exit this screen.

  9. Choose your new security group from the list, and then choose Inbound Rules from the tab list below.

  10. Choose Edit rules to create a new rule.

  11. On the Edit inbound rules page, choose Add rule to create a new rule.

    Use the following values:

    • For Type, choose Custom TCP Rule.

    • For Protocol, choose TCP.

    • For Port Range, enter the port number or range of the Amazon RDS cluster. This port number (or range) is the one that you noted previously.

    • For Source, choose Custom from the list. Next to the word "Custom", enter the CIDR address block for the Amazon Web Services Region where you plan to use Amazon QuickSight.

      For example, for Europe (Ireland) you would enter Europe (Ireland)'s CIDR address block: 52.210.255.224/27. For more information on the IP address ranges for Amazon QuickSight in supported Amazon Web Services Regions, see Amazon Web Services Regions, websites, IP address ranges, and endpoints.

      Note

      If you have activated Amazon QuickSight in multiple Amazon Web Services Regions, you can create inbound rules for each Amazon QuickSight endpoint CIDR. Doing this allows Amazon QuickSight to have access to the Amazon RDS DB instance from any Amazon Region defined in the inbound rules.

      Anyone who uses Amazon QuickSight in multiple Amazon Web Services Regions is treated as a single user. In other words, even if you are using Amazon QuickSight in every Amazon Web Services Region, both your Amazon QuickSight subscription (sometimes called an 'account') and your users are global.

  12. For Description, enter a useful description, for example "Europe (Ireland) QuickSight".

  13. Choose Save rules to save your new inbound rule. Then choose Close.

  14. Go back to the detailed view of the DB instance. Return the Amazon RDS console (https://console.aws.amazon.com/rds/) and choose Databases.

  15. Choose the DB identifier for the relevant RDS instance. Choose Modify. The same screen displays whether you choose Modify from the databases screen or the DB instance screen: Modify DB Instance.

  16. Locate the Network & Security section (the third section from the top).

    The currently assigned security group or groups are already chosen for Security Group. Don't remove any of the existing ones unless you are sure.

    Instead, choose your new security group to add it to the other groups that are selected. If you followed the name suggested previously, this group might be named something similar to Amazon-QuickSight-access.

  17. Scroll to the bottom of the screen. Choose Continue. and then choose Modify DB Instance.

  18. Choose Apply during the next scheduled maintenance (the screen indicates when this will occur).

    Don't choose Apply immediately. Doing this also applies any additional changes that are in the pending modifications queue. Some of these changes might require downtime. If you bring the server down outside the maintenance window, this can cause a problem for users of this DB instance. Consult your system administrators before applying immediate changes.

  19. Choose Modify DB Instance to confirm your changes. Then, wait for the next maintenance window to pass.