Connecting to a VPC with Amazon QuickSight - Amazon QuickSight
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connecting to a VPC with Amazon QuickSight

 Applies to: Enterprise Edition 
   Intended audience: System administrators and Amazon QuickSight administrators 

Amazon QuickSight Enterprise edition is fully integrated with the Amazon VPC service. A VPC based on this service closely resembles a traditional network that you operate in your own data center. It enables you to secure and isolate traffic between resources. You define and control the network elements to suit your requirements, while still getting the benefit of cloud networking and the scalable infrastructure of Amazon.

By creating a VPC connection in QuickSight, you're adding elastic network interfaces in your VPC. These network interfaces allow QuickSight to exchange network traffic with a network instance within your VPC. You can provide all of the standard security controls for this network traffic, as you do with other traffic in your VPC. Route tables, network access control lists (ACLs), subnets, and security groups settings all apply to network traffic to and from QuickSight in the same way that they apply to traffic between other instances in your VPC.

When you register a VPC connection with QuickSight, you can securely connect to data that's available only in your VPC, for example:

  • Data you can reach by IP address

  • Data that isn't available on the public internet

  • Private databases

  • On-premises data

    This works if you set up connectivity between the VPC and your on-premises network. For example, you might set up connectivity with Amazon Direct Connect, a virtual private network (VPN), or a proxy.

After you connect to the data, you can use it to create data analyses and publish secure data dashboards.

To further increase security, consider logging data access operations with Amazon CloudTrail, as described in Logging operations with Amazon CloudTrail. You can even create a dashboard to help you analyze your CloudTrail logs. By combining QuickSight logs with logs from your other Amazon services, you can get a fuller view of how your data is being used.

You don't need to be an networking expert to connect and use a VPC with QuickSight, because QuickSight provides a user interface for adding your network information. However, the person who gathers the information that you need for setup should have some understanding of networking concepts and using VPCs. This person also needs read-only access to the services. If network changes are required, we recommend that you don't make changes to your networking configuration without expert assistance.

To use a command line interface to access your VPC, you can use the Amazon Command Line Interface (Amazon CLI). For more information on using the Amazon CLI, see the Amazon CLI User Guide.

If you're a system administrator – we recommend that you focus on Setting up a VPC to use with Amazon QuickSight and Finding information to connect to a VPC. The sections after that deal with setting up the connections in QuickSight and testing them.

If you're a QuickSight administrator – if you have the information that you need to configure a VPC connection in the QuickSight console, focus on Configuring the VPC connection in Amazon QuickSight and Testing the connection to your VPC data source.

Topics