Steps for connecting to private Redshift instance through VPC connection are given below.
Same approach will work for other DBs. (Be sure to update port number and security group names based on DB)
- Create two security groups under VPC used for Redshift.
We will create inbound rules in next step. Leave the default outbound rules as is.
- Redshift SecGrp
- QuickSight SecGrp (Note down the security group id for QuickSight SecGrp )
Set the Inbound and Outbound rules for these security groups as follows
* You can type in the security group name and pick from the match list.
In QuickSight, go to Manage QuickSight > Manage VPC Connections > Add VPC connection
Configure the VPC connection as specified below.
VPC Connection name : Choose one that is meaningful to you.
VPC ID: Choose the VPC in which the Redshift cluster exists.
Subnet ID: Choose the subnet for the AZ being used for Redshift.
Security Group ID: Copy paste the security group id for QuickSight SecGrp that we saved from step1.
Click create (You can proceed to step 5; Give it couple of mins before step 6 to allow VPC connection setup to complete)
Associate Redshift SecGrp with the Redshift cluster (Properties > Network and security settings)
In QuickSight, go to Datasets > New Dataset > Redshift Auto-discovered.
Give it a meaningful name.
When you select instance id, Connection type should auto populate with the VPC connection you created in QuickSight. In case it doesn’t, choose this from the drop down.
Enter database and credentials and try validating.
It should validate and you can then proceed with clicking the Create data source button.
If you want to restrict the default outbound rules further, you can update the outbound rule of QuickSight SecGrp to allow only Redshift traffic to Redshift SecGrp and can delete the outbound rule in Redshift SecGrp.