3 Replies Latest reply on Sep 12, 2017 12:34 PM by Carisa Chang

    Security issues with Tableau Online and Amazon Aurora

    Mateusz Piatkowski

      Hello everyone,

      we are using now Tableau Online, and we are using Desktop Sync client to update views in Tableau. The Data is taken from a local copy of the database, that is synchronized daily. Since we are using Amazon Aurora in production we would like to connect to the Read-only node directly from Tableau Online.

      As far as I know, and from what we have tested, I see what we can connect without an issue, but only if the Aurora Cluster is set to public. I am a bit afraid to expose our database to the internet. The steps to increase the security that came to my mind:

      • Set Aurora port to some non-standard one
      • Add security group to limit only Tableau IP range
      • Create super long, complicated passowords to protect against brut force
      • SSL Obviously

       

      I still see some security issues in this solution:

      • The master login/master password will be accessible from all Tableau IPs, which means, from all Tableau customers that are in the same location as we are (this can be thousands random companies..)
      • Even long passwords can be hacked or leaked

       

      How to you protect your databases if you want to connect it live to Tableau? I was asking for an option of VPN or some SSH tunnelling, but I understand that this option does not exists. We could set up some proxy ourselves, but I'm not sure how and if it's a good idea. And it's really not solving an issue. Dedicated Tableau IP could be some solution (then we limit access to ONE IP not to a CIDR with 255 addresses). We could migrate to Tableau Server and install it in the same VPC, but this costs much more (around 1500$ monthly for AWS hosting). Any other solutions?
      Thank you!