Private Connect for Redshift

This topic covers setup information specific to the data provider. General information on setting up a private connection is in Private Connection Set Up: Overview, and information on setting up the Tableau Cloud endpoint is in Private Connection Set Up: Tableau Cloud.

Prerequisites

  1. Create Redshift in private subnet in a VPC(Link opens in a new window)
  2. Create network load balancer to front the Redshift instance(Link opens in a new window)
  3. Create VPC endpoint for network load balancer(Link opens in a new window)
  4. Create VPC endpoint service for the VPC endpoint(Link opens in a new window)

Tableau Cloud Information for the Data Provider

To get the IAM ARN that needs to be added as an allowed principal on the endpoint service in AWS:

  1. Log in to Tableau Cloud Manager (TCM).
  2. Go to Settings.
  3. Select the Private Connect tab.
  4. Expand IAM Regions and ARNs.
  5. Find the shared region for your Tableau Cloud site and the data provider.
  6. In the Actions menu (...), select Copy IAM ARN.

After you have copied Tableau Cloud's IAM ARN, allow it as an allowed principal on the endpoint service per the instructions in Configure an endpoint service(Link opens in a new window).

Data Provider Information for Tableau Cloud

Use the AWS Management Console or AWS CLI to get the endpoint service name needed for the Tableau Cloud Create Private Connection dialog.

Alternative Approach

As an alternative to the high level steps in the Prerequisites and subsequent sections, you can use the Enhance Agentforce data security with Private Connect for Salesforce Data Cloud and Amazon Redshift – Part 3(Link opens in a new window) blog post for information on configuring a private connection between Redshift and Salesforce Data Cloud. Adjust the instructions as described below to work with Redshift and Tableau Cloud instead.

From the blog post, follow the instructions in these sections completely:

  • Create a security group for the Network Load Balancer
  • Create a target group
  • Create a load balancer

Then, from the "Create an endpoint service" section of the blog post: