Private Connection Set Up: Tableau Cloud

Applies to: Tableau Cloud

Cloud administrators create, edit, and delete private connections in Tableau Cloud Manager (TCM). They also assign private connections to sites, and can provide connection information to creators and the groups that support them.

Prerequisites

  • The AWS endpoint service and AWS-hosted data provider is set up. For information on setting up AWS and the AWS-hosted data provider, see the topics for Private Connection Set Up: AWS.
  • You're a cloud administrator, able to use Tableau Cloud Manager (TCM).
  • You see the Private Connect tab in TCM Settings. The Private Connect tab shows when you have Tableau Cloud with an Enterprise or Tableau+ license edition, and you have at least one Private Connect endpoint add-on license.
  • TCM shows available private connection capacity. Above the table of private connections, the capacity is represented as X/Y, where X is current number of private connections, and Y is the maximum number. If there's no available capacity, delete a private connection or talk to your Tableau account manager about more capacity.
  • You know the AWS endpoint service name. The endpoint service name begins with "com.amazonaws.vpce", and looks something like this: com.amazonaws.vpce.us-west-1.vpce-svc-0123456789abcdef0. You may be able to get the endpoint service name, or you may need to rely on a third party to get it for you. It depends on the data provider. For more information, see the topics under Private Connection Set Up: AWS.
  • You are aware of allowances or requirements around connecting with a custom address. For more information, see the topics under Private Connection Set Up: AWS.

Create a Private Connection

  1. Log in to Tableau Cloud Manager (TCM).
  2. Go to Settings.
  3. Select the Private Connect tab.
  4. Select Create.

In the Creation Private Connection dialog:

  1. Enter a Name. Cloud administrators and site administrators can see the private connection name. It has no functional effect on the private connection, but can help administrators distinguish this private connection from others.
  2. Optionally, enter a Description. Cloud administrators and site administrators can see the private connection description. It has no functional effect on the private connection, but can help administrators distinguish one private connection another.
  3. Select a Region. The region needs to match both the Tableau Cloud site's region and the IAM ARN that's allowed as a principal on the AWS endpoint service.
  4. Enter the Endpoint Service Name from AWS. The endpoint service name begins with "com.amazonaws.vpce".
  5. If required or allowed by the endpoint service, enter the endpoint service's Custom Address. The group that administers the AWS endpoint service can help determine if you need or have the option for custom address in this field.
  6. Select Create to create the private connection.

The Create Private Connection dialog

The new private connection is added to the table of private connections, and begins in the Allocating state.

Private Connection Status

Select Sync in the private connection's Actions menu (...) to check for updates in the private connection's status.

Status Description Next Steps
Allocating The private connection is being provisioned. This is a pending state that concludes with either success or failure. Select Sync in the Actions menu (...) to check for updated status every few minutes until the status changes. If the status never changes from Allocating, check to make sure your Tableau Cloud site and the endpoint service are in the same AWS area.
PendingAcceptance Provisioning is waiting because the private connection needs to be accepted by the endpoint service in AWS. Accept the connection in AWS. Optionally configure the endpoint service in AWS so that it doesn't require acceptance.
RejectedRemotely The private connection was rejected by the endpoint service in AWS. This is an error state. Make sure that the endpoint service is configured to allow connections from Tableau Cloud. Verify the IAM ARN is an allowed principal on the AWS endpoint service.
Ready Provisioning is complete and the private connection can be assigned to sites. Select Assign to Sites in the Actions menu (...) to assign the private connection to sites. After a private connection is assigned to a site, site administrators can see it in the site settings Private Connect tab, and creators can use it to create content.
Inactive The private connection is configured but inactive. After 30 days of being inactive, the private connection is deleted. Delete the private connection if it's not being used, or resolve the reason it's inactive.

A cloud administrator's table of private connections

Assign a Private Connection to Sites

After a private connection's status is Ready, it can be assigned to sites. After a private connection is assigned to a site, site administrators can see it in the site settings Private Connect tab, and creators can use it to create workbooks and data sources. Data traffic that uses a private connection never traverses the public internet.

To assign a private connection to sites:

  1. Find the private connection in the list of private connections.
  2. Select Assign to Sites in the Actions menu (...).
  3. Select or deselect sites to change the private connection assignment. You can search for sites using the search bar, or select the check box in the table heading to select or deselect all sites. The number in the Save Assignment button indicates the total number of sites that the private connection will be assigned to.
  4. Select Save Assignment.

Edit the Private Connection Description

To edit the description of a private connection:

  1. Find the private connection in the list of private connections.
  2. Select Edit Description in the Actions menu (...).
  3. Edit the description.
  4. Select Save.

The description has no functional effect on the private connection, but can help administrators distinguish one private connection from another.

Delete a Private Connection

To delete a private connection:

  1. Find the private connection in the list of private connections.
  2. Select Delete in the Actions menu (...).
  3. Select Delete in the Delete Private Connection dialog.

You can't undo a deletion. After the private connection is deleted, workbooks and data sources that use the private connection won't work. Furthermore, because every private connection is assigned a unique connection address at creation time, recreating the private connection won't resolve broken workbooks and data sources. If, however, both the deleted private connection and the recreated private connection use a custom address, and those addresses are the same, the workbooks and data sources will continue to work after private connection delete and recreation.

Back to top
Thanks for your feedback!Your feedback has been successfully submitted. Thank you!