Help needed for connecting a RDS PostgreSQL in a private subnet to QuickSight



I have been attempting to connect to an RDS PostgreSQL database instance, which is located in private subnets, from QuickSight. However, I am encountering timeout errors, most likely due to misconfigured security groups. Could someone kindly provide me with step-by-step instructions, explained in a simple manner as if I were a five-year-old, on how to connect QuickSight with RDS PostgreSQL?

Thank you!

1 Answer

Hi @deniz.

For Amazon QuickSight to connect to an Amazon RDS DB instance, you must create a new security group for that DB instance. This security group contains an inbound rule authorizing access from the appropriate IP address range for the Amazon QuickSight servers in that AWS Region. For information on the IP address ranges for Amazon QuickSight in supported AWS Regions, see AWS Regions, websites, IP address ranges, and endpoints.

The steps to configure the security group is as follows:

  1. Sign in to the AWS Management Console and open the Amazon RDS console at
  2. Choose Databases, locate the DB instance, and view its details. To do this, you click directly on its name (a hyperlink in the DB identifier column).
  3. Locate Port and note the Port value. This can be a number or a range.
  4. Locate VPC and note the VPC value.
  5. Choose the VPC value to open the VPC console. In the Amazon VPC Management Console, choose Security Groups in the navigation pane.
  6. Choose Create Security Group.
  7. On the Create Security Group page, enter the security group information as follows:
  • For Name tag and Group name, enter Amazon-QuickSight-access.
  • For Description, enter Amazon-QuickSight-access.
  • For VPC, choose the VPC for your instance. This VPC is the one with the VPC ID that you noted previously.
  1. Choose Create. On the confirmation page, note the Security Group ID. Choose Close to exit this screen.
  2. Choose your new security group from the list, and then choose Inbound Rules from the tab list below.
  3. Choose Edit rules to create a new rule.
  4. On the Edit inbound rules page, choose Add rule to create a new rule. Use the following values:
  • For Type, choose Custom TCP Rule.
  • For Protocol, choose TCP.
  • For Port Range, enter the port number or range of the Amazon RDS cluster. This port number (or range) is the one that you noted previously.
  • For Source, choose Custom from the list. Next to the word "Custom", enter the CIDR address block for the AWS Region where you plan to use Amazon QuickSight.
  1. For Description, enter a useful description.
  2. Choose Save rules to save your new inbound rule. Then choose Close.
  3. Go back to the detailed view of the DB instance. Return the Amazon RDS console ( and choose Databases.
  4. Choose the DB identifier for the relevant RDS instance. Choose Modify. The same screen displays whether you choose Modify from the databases screen or the DB instance screen: Modify DB Instance.
  5. Locate the Network & Security section (the third section from the top). The currently assigned security group or groups are already chosen for Security Group. Don't remove any of the existing ones unless you are sure. Instead, choose your new security group to add it to the other groups that are selected. If you followed the name suggested previously, this group might be named something similar to Amazon-QuickSight-access.
  6. Scroll to the bottom of the screen. Choose Continue. and then choose Modify DB Instance.
  7. Choose Apply during the next scheduled maintenance (the screen indicates when this will occur) or immediately, if you have full control of the pending changes to the instance.

I hope this helps.

profile pictureAWS
answered a year ago
reviewed a year ago
  • Hello Jose

    Thanks for the quick reply. I will delete everything I created today and try your suggested approach on Monday. I will let you know of my results. Thanks!

  • also do I have to wait for the next scheduled maintenance? I thought security group updates could be done instantly without waiting for the maineanance window.

  • I followed all of the steps you have provided. Assuming that the newly created security group should be used during the vpc setup in quicksight. What you suggested did not work :/

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions