Private Connect for AWS

Private Connect for AWS (Amazon Web Services) allows cloud administrators to create secure, private, and dedicated connections between Tableau Cloud and AWS-hosted data providers. These private connections are provisioned on top of AWS PrivateLink, using private IP address space, meaning that data traffic doesn't traverse the public internet. The private and secure nature of private connections addresses a key requirement of restricting data traffic to private networks.

Private Connection Diagram, including AWS and Tableau clouds, endpoint, endpoint service, and data provider

After the private connection is created and ready, creators use the resulting connection address like any other database address in workbook and data source connection dialogs.

Note: Using a private connection address in a virtual connection isn't supported.

Supported AWS data providers are:

  • Athena
  • Redshift
  • Snowflake

Your ability to work with private connections depends on your role:

  • Cloud administrators create private connections in Tableau Cloud Manager (TCM), and assign them to sites. They can also provide connection information to creators and the groups that support them.
  • Site administrators have read-only access to information about the private connections that are assigned to their site. They can also provide connection information to creators and the groups that support them.
  • Creators use private connections to securely connect to data stored in AWS. Using a private connection in a workbook or data source is as simple as using a regular connection, except the creator uses a special connection address provided by the site administrator or cloud administrator. The data traffic doesn't traverse the public internet, but is instead restricted to private connections between AWS Virtual Private Clouds (VPCs).

Example Use Cases

Scenario 1: Avoid Public Internet

Your organization's data is in Snowflake. Network security policy prevents Tableau Cloud from reaching the Snowflake data over the public internet.

With Private Connect for AWS

You create a private connection between your Tableau Cloud site and your Snowflake data. Data travels securely and privately between Tableau Cloud and Snowflake, without traversing the public internet.

Scenario 2: Migrate from Bridge, Use Private Address Space

Your organization's data is in Redshift. Network security policy requires Tableau Cloud to reach the Redshift data using private IP addresses, so you use Tableau Bridge to connect to it. Tableau Bridge is free, but has management overhead.

With Private Connect for AWS

You create a private connection between your Tableau Cloud site and your Redshift data. Data now travels securely and privately between Tableau Cloud and Redshift, using private IP addresses, without traversing the public internet, and without the need for Tableau Bridge. Management is simpler using Private Connect, though there is a cost for data transferred.

Licensing Requirements

Private Connect works on Tableau Cloud with an Enterprise or Tableau+ license edition, and requires an add-on license for each private connection. For information on licensing and pricing, contact your account manager.

Private connection data usage is billed per terabyte. For information on Private Connect usage, see Private Connect Licensing.