[ad_1]
Amazon QuickSight is a fully-managed, cloud-native enterprise intelligence (BI) service that makes it straightforward to hook up with your information, create interactive dashboards, and share these with tens of hundreds of customers, both throughout the QuickSight interface, or embedded in software program as a service (SaaS) functions or net portals. In contrast to most of the different options out there right now, QuickSight requires no server deployments or administration for scaling to tens of hundreds of customers, and authors construct dashboards utilizing a web-based interface, with out any shopper downloads wanted. QuickSight additionally helps personal VPC connectivity to AWS databases and analytics companies similar to Amazon Relational Database Service (Amazon RDS) and Amazon Redshift, and AWS Identification and Entry Administration (IAM) permissions-based entry to Amazon Easy Storage Service (Amazon S3) and Amazon Athena, making it safe and simple to entry information in AWS by way of QuickSight.
On this publish, we discover a brand new characteristic in QuickSight that enables directors to additional safe entry to QuickSight with IP-based entry restrictions. With this characteristic, you may implement supply IP restrictions on entry to the QuickSight UI, cell app, in addition to embedded pages. For extra data, see Turning On Web Protocol (IP) Restrictions in Amazon QuickSight.
Answer overview
Our use case options OkTank, a fictional enterprise within the fintech area. They’ve a whole lot of customers throughout inside groups similar to finance and HR that use QuickSight for his or her BI gathering wants. Workers in these groups use their respective QuickSight credentials to log in to QuickSight and do their work. Along with the team-specific BI dashboards, some frequent dashboards are accessible to all the staff within the group. These dashboards mirror total enterprise metrics similar to variety of energetic prospects and the corporate’s progress over time.
Workers with entry to the frequent dashboard and their QuickSight account are generally working with delicate information, and in sure circumstances end-user information as nicely. Though they should have login credentials to make use of QuickSight, QuickSight is accessible exterior of OkTank’s VPN community.
OkTank’s data safety workforce want to guarantee staff solely entry QuickSight or view frequent dashboards whereas they’re throughout the firm’s personal community by way of VPN.
Allow IP-based restrictions
To allow IP-based restrictions, OkTank’s IT administrator with IAM credentials who has entry to QuickSight admin console takes the next steps:
- On the QuickSight console, on the consumer title menu, select Handle QuickSight.
- Within the navigation pane, select Safety & permissions.
- Beneath IP restrictions, select Handle.
- For IP deal with, enter the IP deal with which is to be allowed entry in CIDR format.
- Select Add.
- To edit an current rule, select the pencil icon subsequent to the rule.
- To delete an current rule, select the trash icon subsequent to the rule.
- Be sure so as to add your personal IP deal with to the listing to forestall being locked out your self.
- After you add, edit or delete IP deal with guidelines, select Save adjustments.
- Activate the foundations to begin your IP-based restriction.
When the IP restriction is turned on and the listing of allowed IP addresses in CIDR format is in place, any OkTank worker attempting to entry QuickSight when not logged in to OkTank’s VPN (no matter their position of admin, creator, or reader) is offered with an error web page.
IP restriction may be turned on or off and guidelines may be considered and edited by utilizing following public APIs
Conclusion
With IP restrictions in place, directors can now strengthen controls round QuickSight entry by making certain that solely staff logged within the group’s VPN community can entry QuickSight. Keep tuned for extra new admin capabilities, and observe What’s New with Analytics for the most recent on QuickSight.
In regards to the Writer
Mayank Agarwal is a product supervisor for Amazon QuickSight, AWS’ cloud-native, totally managed BI service. He focuses on account administration, governance and developer expertise. He began his profession as an embedded software program engineer growing handheld units. Previous to QuickSight he was main engineering groups at Credence ID, growing customized cell embedded system and net options utilizing AWS companies that make biometric enrollment and identification quick, intuitive, and cost-effective for Authorities sector, healthcare and transaction safety functions.
[ad_2]
