Private Connect for Redshift
This topic covers setup information specific to the data provider. General information on setting up a private connection is in Private Connection Set Up: Overview, and information on setting up the Tableau Cloud endpoint is in Private Connection Set Up: Tableau Cloud.
Prerequisites
- Create Redshift in private subnet in a VPC(Link opens in a new window)
- Create network load balancer to front the Redshift instance(Link opens in a new window)
- Create VPC endpoint for network load balancer(Link opens in a new window)
- Create VPC endpoint service for the VPC endpoint(Link opens in a new window)
To get the IAM ARN that needs to be added as an allowed principal on the endpoint service in AWS:
- Log in to Tableau Cloud Manager (TCM).
- Go to Settings.
- Select the Private Connect tab.
- Expand IAM Regions and ARNs.
- Find the shared region for your Tableau Cloud site and the data provider.
- In the Actions menu (...), select Copy IAM ARN.
After you have copied Tableau Cloud's IAM ARN, allow it as an allowed principal on the endpoint service per the instructions in Configure an endpoint service(Link opens in a new window).
Data Provider Information for Tableau Cloud
Use the AWS Management Console or AWS CLI to get the endpoint service name needed for the Tableau Cloud Create Private Connection dialog.
Alternative Approach
As an alternative to the high level steps in the Prerequisites and subsequent sections, you can use the Enhance Agentforce data security with Private Connect for Salesforce Data Cloud and Amazon Redshift – Part 3(Link opens in a new window) blog post for information on configuring a private connection between Redshift and Salesforce Data Cloud. Adjust the instructions as described below to work with Redshift and Tableau Cloud instead.
From the blog post, follow the instructions in these sections completely:
- Create a security group for the Network Load Balancer
- Create a target group
- Create a load balancer
Then, from the "Create an endpoint service" section of the blog post:
- Instead of steps 9-12, use Tableau Cloud Information for the Data Provider below to get the IAM ARN.
- In step 14, use the IAM ARN in place of the Principal ID when adding allowed principals to the endpoint service.
- In step 15, note the endpoint service name.
- For step 17 and later, set up the private connection in Tableau Cloud per Private Connection Set Up: Tableau Cloud(Link opens in a new window).