VPC Connection automation

This has been a huge pain for us, and many other users I know.

There is currently no way to create a VPC connection programmatically. The only way is through the AWS console UI.

Almost everything else can be automated through CloudFormation, including theme changes, which seem so insignificant compared to a VPC connection given how much focus Amazon puts on security and VPC use.

To be clear, there is no CloudFormation nor direct API support for this feature.

Are there any known workarounds? Any ETAs for this to be added to either of the above? Even if it is just gets added to the API, at least we could use CustomResource in CF to create this automatically.

Thanks.

Please refer the blog addressing steps to create VPC,subnet and security group through AWS CLI and again we have API/SDK allowing same - CreateVpc - Amazon Elastic Compute Cloud

Please post your additional questions , if any on this topic.

Hi @m0ltar -

I don’t believe there’s any workaround for this. It’s great you are highlighting the need here.

To help clarify some possible confusion regarding your question.

QuickSight VPC Configuration
You are talking about the ability to configure a QuickSight VPC connection programmatically (API/SDK/CDK).

You can see that QuickSight is creating a ENI and attaching it, you can describe the ENI after its creation but there is no way to create a ‘QuickSight VPC connection’ outside of the QuickSight admin console.

For context here are some other requests/threads regarding this.

• AWS::QuickSight::Template - AWS::QuickSight::* · Issue #274 · aws-cloudformation/cloudformation-coverage-roadmap · GitHub
• Quicksight:CreateVPCConnection · Issue #23 · awsdocs/amazon-quicksight-user-guide · GitHub

AWS VPC Creation
As @Neeraj pointed out this can be done various ways, for example using CDK

Thanks @robdhondt.

You are talking about the ability to configure a QuickSight VPC connection programmatically (API/SDK/CDK).

Yes, that.

I’m also a participant of those threads on GitHub

Is there some technical limitation to having this be part of CloudFormation? Or was it just not prioritized?

Thanks.

I’ll communicate this feature request to the relevant team. Thanks

Noted the feature request. Thanks for raising this. I’ll add this our list for prioritization.

Can I get a bu bu bump!

Not being able to create a VPC Connection is so frustrating and is limiting our adoption of QuickSight across more accounts, because automatic provisioning is just not possible otherwise. CloudFormation will fail to create DataSources if VPC Connection does not exist. And it needs to be manually created first. But connection details are in the CloudFormation stack, so it’s a and problem.

Hi everyone!

Is there any update about how to create a VPC connection from quicksight, programmatically?

Thanks!

Hi,

+1
We need this feature in API to automate Quicksight datasources creation.
Any update ? Thanks

+1
Any update ? Thanks

+1
We are also looking for this feature. Are there any updates?

This is not @moltar bumping this thread, I am just channelling our customers here. This feature is badly needed.

Hi all! This feature is in roadmap!

So, this has been released!

• Announcement: Amazon QuickSight now supports VPC Connections via public APIs with Multi-AZ support
• CLI: Configuring the VPC connection with the QuickSight CLI - Amazon QuickSight
• API: CreateVPCConnection - Amazon QuickSight
• CloudFormation: AWS::QuickSight::VPCConnection - AWS CloudFormation

However, what is really unclear is this:

What is the AvailabilityStatus here?

Why am I able to set it to PARTIALLY_AVAILABLE? It seems like it might be a return value, rather than a property I should be setting.

I couldn’t find any docs on this.

Hello @m0ltar,

AvailabilityStatus shows the current availability status of your entire VPC Connection. Now that a VPC Connection is in multiple Availability Zones, if all of the network interfaces are ready, the availability status is AVAILABLE and if none are available, it is UNAVAILABLE. The case for PARTIALLY_AVAILABLE is when one of the network interfaces is currently unavailable but the VPC Connection is still available to use as one or more of the other network interfaces are still available. Documentation on the states can be found here:

@skyram But my point was that this prop is required during the VPC creation call. I.e. you are asking me what the VPC connection status is, at creation time.

Here’s an illustrative example. It is using AWS CDK, which basically maps to CloudFormation 1:1.

image1260×420 58.5 KB

Also, per link you have shared:

Availability status is not asked of the user to be provided in the UI:

image1250×1124 72.7 KB

And the docs also state:

When you finish creating a VPC connection, the new connection appears in the Manage VPC connections table. In some cases, the status of the new VPC might be UNAVAILABLE

So this implies that this status should only be known after the connection is created.

In conclusion, I think it is a mistake to ask for this value, ahead of time, at VPC connection creation time in the API.