Amazon QuickSight Connects Over Internet Instead of VPC to Public Redshift Cluster

Question

I have an Amazon Redshift cluster that is publicly accessible. I can connect to it privately from an EC2 instance in the same VPC. However, QuickSight only connects over the internet, even though I have set up a VPC connection in QuickSight.

What I Did:

1. Redshift Settings:

   • PubliclyAccessible = true (Redshift is public).
   • Security group allows inbound connections on port 5439 from:
     • My EC2 instance (private VPC connection works).
     • QuickSight’s IP ranges (this made QuickSight work, meaning it connects over the internet).

2. QuickSight VPC Connection:

   • Created a VPC connection to the same VPC as Redshift.
   • Selected the VPC connection when setting up the Redshift data source in QuickSight.

3. Behavior Based on Redshift Public/Private Setting:

   • ✅ When Redshift is private (PubliclyAccessible = false), QuickSight connects via the private network.
   • ❌ When Redshift is public (PubliclyAccessible = true), QuickSight connects via the internet, ignoring the VPC connection.

Issue:

• EC2 connects privately to Redshift using the same endpoint.
• QuickSight ignores the VPC connection when Redshift is public and only works over the internet.

Question:

• Why does QuickSight still use the public internet instead of the VPC connection when Redshift is public?
• How can I force QuickSight to connect privately over the VPC instead of the internet, even when Redshift is public?

Any help would be appreciated! Thanks in advance.

Answer 1

It appears that QuickSight is resolving the DNS name to a public IP address based on the fact that it is PubliclyAccessible = true.

If you can, configure QuickSight to use the private IP address and it will likely connect.