About private connectivity
The private connection feature is available on the following dbt Enterprise tiers:
- Business Critical
- Virtual Private
To learn more about these tiers, contact us at sales@getdbt.com.
Private connections enables secure communication from any dbt environment to your data platform hosted on a cloud provider, such as AWS or Azure, using that provider’s private connection technology. Private connections allow dbt customers to meet security and compliance controls as it allows connectivity between dbt and your data platform without traversing the public internet. This feature is supported in most regions across North America, Europe, and Asia, but contact us if you have questions about availability.
Private connection endpoints can't connect across cloud providers (AWS, Azure, and GCP). For a private connection to work, both dbt and the server (like a data platform) must be hosted on the same cloud provider. For example, dbt hosted on AWS cannot connect to services hosted on Azure, and dbt hosted on Azure can’t connect to services hosted on GCP.
Private connectivity feature matrix
The following feature charts outline the availability of private connectivity features across
Legend:
- ✅ = Available
- ❌ = Not currently supported
- - = Not applicable
Ingress into dbt Cloud
| Loading table... |
Egress from dbt Cloud to services managed by Cloud Provider or 3rd party
| Loading table... |
Egress from dbt Cloud to Self-Hosted service
Private connectivity can be established with self-hosted services, provided they can be integrated with each cloud provider's private connectivity mechanism as a producer:
- AWS: AWS PrivateLink
- Azure: Azure PrivateLink
- GCP: Private Service Connect (Service Attachment)
Self-hosted services can have a virtually infinite number of configurations and architectures. For this reason, dbt Support can only provide accurate guidance on establishing PrivateLink or Private Service Connect (GCP) connections between your self-hosted service and dbt Cloud. Any network guidance beyond this is provided on a best-effort basis. We highly recommend engaging your vendor's support team and documentation for proper configuration of your self-hosted service.
The table below lists some self-hosted services that have been tested.
| Loading table... |
Cross-region private connections
dbt Labs has globally connected private networks specifically used to host private endpoints, which are connected to dbt instance environments. This connectivity allows for dbt environments to connect to any supported region from any dbt instance within the same cloud provider network. To ensure security, access to these endpoints is protected by security groups, network policies, and application connection safeguards, in addition to the authentication and authorization mechanisms provided by each of the connected platforms.
Configuring private connections
dbt supports the following data platforms for use with the private connections feature. Instructions for enabling private connections for the various data platform providers are unique. The following guides will walk you through the necessary steps, including working with dbt Support to complete the connection in the dbt private network and setting up the endpoint in dbt.
AWS
Azure
GCP
Using Environment variables when configuring private connection endpoints isn't supported in dbt. Instead, use Extended Attributes to dynamically change these values in your dbt environment.
Was this page helpful?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
