Cross-region private network connectivity

Atlan supports private network connectivity to your data sources even when they're hosted in a different AWS region or on a different cloud provider than your Atlan tenant. All traffic stays on private cloud networks and never traverses the public internet.

How it works

When your data source is in the same AWS region as your Atlan tenant, Atlan uses AWS PrivateLink to establish a direct private connection.

For cross-region and cross-cloud scenarios, Atlan extends this model by deploying region-specific endpoint VPCs that are peered internally with your Atlan tenant's VPC:

Your AWS Account (any region)
        |
        |  PrivateLink
        v
Atlan Region-Specific Endpoint VPC (same region as your data source)
        |
        |  VPC Peering (internal, Atlan-managed)
        v
Atlan Tenant VPC

From your perspective, the setup process is the same as a standard PrivateLink connection. Atlan handles all cross-region routing internally.

Supported scenarios

AWS cross-region

Your data source is in a different AWS region than your Atlan tenant. For example, your Atlan tenant is in us-east-1 and your Databricks workspace is in us-west-2.

Atlan creates an endpoint VPC in the same region as your data source and peers it with your Atlan tenant's VPC. You create the PrivateLink connection to Atlan's endpoint in your data source's region, just as you can for a same-region setup.

Cross-cloud (Azure or GCP to AWS)

Your data source is hosted on Azure or GCP, and your Atlan tenant is on AWS.

Atlan deploys an endpoint layer in the same cloud provider as your data source and establishes a secure tunnel back to your Atlan tenant's VPC. You can use your cloud provider's native private connectivity (such as Azure Private Link) to connect to Atlan's endpoint layer.

Prerequisites

• Your Atlan tenant must be on a Single Tenant SaaS deployment.
• Your data source must support private connectivity (for example, PrivateLink, Private Endpoint, or Private Service Connect).

Set up cross-region private connectivity

The setup process follows the same steps as a standard private network link for your data source. See the private network link guide for your specific connector:

• Databricks (AWS)
• Databricks (Azure)
• Snowflake (AWS)
• Snowflake (Azure)
• Amazon Redshift
• PostgreSQL
• MySQL
• Microsoft SQL Server (EC2)
• Microsoft SQL Server (RDS)

When you contact Atlan support during setup, let them know that your data source is in a different region or cloud provider than your Atlan tenant. Atlan configures the cross-region routing on your behalf.

Benefits

• No public internet exposure–all traffic stays on private cloud networks.
• No CIDR conflicts–Atlan's region-specific endpoint VPCs are isolated and managed internally.
• Same setup process–from your perspective, the PrivateLink setup is the same regardless of region or cloud.
• Cost-effective–uses native cloud private connectivity services with minimal additional data transfer costs.

Troubleshooting

If you encounter connectivity issues after completing setup, see the troubleshooting guide for your connector:

• Troubleshooting Snowflake connectivity