I’m getting this error about missing VPC connection, even though I have a connection (second picture) any ideas on how to fix this?
Can you run this list vpc command to make sure the ARN is correct?
https://docs.aws.amazon.com/cli/latest/reference/quicksight/list-vpc-connections.html
1 Like
The VPC connection shows up, but I don’t remember typing in the ARN for the VPC at any point when trying to export and import the bundle. I don’t know how the command decideds which VPC to connect to. I was originally getting this message, so I created this VPC with the same name “AWSQS” that it was looking for to see if that would fix it, but it didn’t.
1 Like
looks like the specific datasource you are importing relies on a VPC connection, which should also exist with the same VpcConnectionId in the destination account.
You have 2 options to proceed:
- Export the bundle with “–include-all-dependencies” set, which will include the VPCConnection in the bundle and you can import it into the destination account with overrides for the subnet and security group ids to match the new account. Syntax for overrides: describe-asset-bundle-import-job — AWS CLI 1.27.159 Command Reference
- Create a VPC connection with the same ID in the destination account using the CLI/API: Configuring the VPC connection with the QuickSight CLI - Amazon QuickSight
2 Likes
The latest updates makes it invalid to create a VPC connection with one subnet, so we fail exports that have just 1 subnet because we cannot import them. you can add one more subnet to the existing VPC connection through the UI/API and it should go through.
2 Likes
@rangpava I have two VPC’s with 2 subnets now and I’m getting this error. I’m trying to connect a prod and dev account, prod is in region us-west-2 and dev is in us-east-1 just for more information if that helps you. I saw there was a place to override parameters for VPC connections, would that fix the issue?
Are you trying to connect a datasource from dev to prod? Its not possible because you can only have a VPC connection to a VPC inside the same account and region as the datasource. (Finding information to connect to a VPC - Amazon QuickSight)
If you’re just trying to migrate a datasource/VPC connection from dev to prod, then yes, you’d need to check the subnets and security group that’s already present in the destination account (from VPC console/APIs) and enter those as overrides.
1 Like
I’m trying to move a dataset from prod to dev
I did a full set of overrides, and I’m getting errors still. I’ve tried the override using the VPC in the dev account and the VPC in the prod account. VPC starting with 963 is the VPC in dev, 91e is the prod. First two image is using the dev VPC in overrides, second is using prod, both had the same error message.
Here are a few things to verify:
- Verify that the VPC connection asset is in the exported bundle. You can extract the .qs file as a ZIP file and you will see the individual JSON files for each resource.
- You cannot override the IDs of the assets, just its parameters. So, when importing, the VPCConnectionId in the override parameters should be the same VPCConnectionId as the one in the bundle.
- You dont need to provide the override parameters for DataSources if you’re not really changing any parameters for the datasource.
- The subnets and security group IDs in override parameters for VPC Connection should match the existing subnets and security groups in the destination account (the one you’re importing into).
2 Likes
Thanks for helping your peers in the Quick Sight Community @rangpava! 
1 Like
- This is what I see when I extract it as a ZIP file, I believe this means the VPC connections asset is in the bundle.
- Thanks for the clarification!
- Noted
- I’m unable to have the same subnets and security groups across accounts. Or am I mistaken about that?
There should be a json file for the VPCConnection separately, in a folder named “vpcConnection”. Only then will it be imported. (It should be there if the datasource was exported using “–include-all-dependencies”)
something like:
{
"resourceType": "vpcConnection",
"vpcConnectionId": "abc123-ac123",
"name": "Test VPC Connection",
"subnetIds": [
"subnet-123456",
"subnet-98765
],
"securityGroupIds": [
"sg-123456"
],
"roleArn": "arn:aws:iam::123456789012:role/testrole"
}
The subnet IDs being the same was for the destination account and the overide parameter provided in API during import. (not between 2 accounts)
1 Like
I see the separate JSON.
And understood, override parameters should be the same as the destination account.
you will need to provide the credentials to talk to your datasource through override parameters. it can be either CredentialPair or SecretArn depending on how you have configured the datasource, like:
{
"DataSources": [
{
"DataSourceId": "<datasource_id>",
"Credentials": {
"CredentialPair": {
"Username": "",
"Password": ""
}
}
}
]
}
1 Like
I think I got it. It says successful, where can I find it in quicksight? Should the dataset just appear in the destination account now? Thank you for all your answers so far, it’s very appreciated and helpful.
the permissions are not applied through the asset bundle API currently, so you will need to update permissions separately unfortunately. example: UpdateDataSetPermissions - Amazon QuickSight, UpdateDataSourcePermissions - Amazon QuickSight, UpdateAnalysisPermissions - Amazon QuickSight
2 Likes
So this command doesn’t create a duplicate dataset in the other account, it just shares the existing one?