reference deployment

Tableau Server for Healthcare on AWS

Deploy business intelligence for HIPAA workloads on AWS

This Partner Solution deploys a Tableau Server standalone environment to the Amazon Web Services (AWS) Cloud, following best practices from AWS and Tableau Software. Specifically, this environment can help organizations with workloads that fall within the scope of the U.S. Health Insurance Portability and Accountability Act (HIPAA). The Partner Solution addresses certain technical requirements in the Privacy, Security, and Breach Notification Rules under the HIPAA Administrative Simplification Regulations (45 C.F.R. Parts 160 and 164).  

This Partner Solution includes AWS CloudFormation templates that configure the Tableau Server environment in less than an hour. The security controls reference (Microsoft Excel spreadsheet) shows how architecture decisions, components, and configurations map to HIPAA regulatory requirements.

This Partner Solution is for health IT infrastructure architects, administrators, and DevOps professionals who are planning to implement or extend their Tableau Server workloads to the AWS Cloud.

This Partner Solution was developed by Tableau Software in collaboration with AWS. Tableau Software is an AWS Partner.


AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  • This Partner Solution sets up the following:

    • A virtual private cloud (VPC) configured with public and private subnets according to AWS best practices.*
    • An internet gateway to allow access to the internet.*
    • In the public subnets, managed NAT gateways to allow outbound internet access for resources in the private subnets.*
    • In the public subnets, a bastion host in an Auto Scaling group to allow remote access to the VPC.*
    • In a private subnet, an Amazon Elastic Compute Cloud (Amazon EC2) instance that contains Tableau Server, in an Auto Scaling group.
    • An Application Load Balancer to route traffic to Tableau Server over HTTPS.
    • A Secure Sockets Layer (SSL) certificate managed by AWS Certificate Manager (ACM) on the load balancer to encrypt all traffic between the internet and the load balancer. A separate self-signed certificate is generated on the EC2 instance to encrypt traffic between the load balancer and Tableau Server.
    • AWS Config rules to monitor the Tableau Server deployment configuration. If you haven’t created a configuration recorder and delivery channel, the Partner Solution will create those as well.
    • An Amazon Route 53 record set that maps the fully qualified domain name to the load balancer DNS.

    * The template that deploys the Partner Solution into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • Before you deploy the Partner Solution with protected health information (PHI), you must accept the AWS Business Associate Addendum (BAA) and configure your AWS account(s) as required by the BAA. You must also have a Tableau Server trial license or product key and a domain managed by Amazon Route 53. For more information, refer to the deployment guide.

    After you complete these prerequisites, you can build the Partner Solution in about 45–50 minutes. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at https://aws.amazon.com.
    2. Launch the Partner Solution. You can choose from two options:
    3. Test your deployment by logging in to Tableau Server and verifying that all processes are running.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • This Partner Solution requires a license for Tableau Server. You can also use a 14-day trial version of Tableau Server, which is free of charge. Sign up for a trial license on the Tableau Server website. To obtain a product key, contact sales@tableau.com.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?