AWS private connectivity
The private connection feature is available on the following dbt Enterprise tiers:
- Business Critical
- Virtual Private
To learn more about these tiers, contact us at sales@getdbt.com.
AWS PrivateLink enables secure, private connectivity between dbt and your AWS-hosted services. With PrivateLink, traffic between dbt and your data platforms or self-hosted services stays within the AWS network and does not traverse the public internet.
For more details, refer to the AWS PrivateLink documentation.
AWS private connectivity matrix
The following charts outline private connectivity options for AWS deployments of dbt (multi-tenant and single-tenant).
Legend:
- ✅ = Available
- ❌ = Not currently available
Tenancy: MT (multi-tenant) and ST (single-tenant) — learn more about tenancy.
These tables indicate whether private connectivity can be established to specific services, considering major factors such as the network and basic auth layers. dbt has validated these configurations using common deployment patterns and typical use cases. However, individual configurations may vary. If you encounter issues or have questions about your environment, contact dbt Support for guidance.
Connecting to the dbt platform (Ingress)
Your services can connect to dbt over private connectivity using the dbt-provisioned model. In this case, dbt is the service producer and you are the consumer.
| Loading table... |
Connecting the dbt platform to managed services (Egress)
dbt can establish private connections to managed data platforms and cloud-native services.
| Loading table... |
Connecting the dbt platform to self-hosted services (Egress)
All of the services below share a common PrivateLink setup guide — backend configuration varies by service. Self-hosted connections use the customer-provisioned model — you are the service producer and dbt is the consumer.
Setup guide: Configuring AWS PrivateLink for self-hosted services
| Loading table... |
If you have questions about whether your specific architecture is supported, contact dbt Support.
Cross-region private connections
dbt Labs has globally connected private networks specifically used to host private endpoints, which are connected to dbt instance environments. This connectivity allows dbt environments to connect to any supported region from any dbt instance within the same cloud provider network. To ensure security, access to these endpoints is protected by security groups, network policies, and application connection safeguards, in addition to the authentication and authorization mechanisms provided by each of the connected platforms.
Was this page helpful?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
