Bring your own VPC


Only available to Enterprise Customers


  • Multi-AZ VPC Recommended
  • Private S3 endpoint required
  • We strongly recommend a minimum of 256 IPs (/24) across your private subnets (1024 IPs is better (/22), giving plenty of room for all future expansion). We strongly recommend against a private IP space any smaller than 32 IPs (/27).
  • We recommend provisioning an NAT gateway per AZ to limit cross-AZ network transfer costs related to network egress.
  • Private Subnets require unrestricted egress access to
  • Must have tags on all public and private subnets as shown below:
# environment_name is typically the same as the subdomain you request for your environment.
tags = {
  "{environment_name}-main" = "shared"

The Ascend team can help confirm the exact tag value with your team.

Required Information for Ascend Installation

Provide the following information to Ascend. This information is in addition to the required information for deploying Ascend in your AWS account.

  • VPC ID
  • Private Subnet IDs
  • Public Subnet IDs
  • Availability zone list
  • NAT Gateway Public IPs
  • S3 VPC Endpoint ID
  • Pod IP range (in CIDR format)

Pod IP Range Details

  • Pod IP range must be equal to the total number of private subnet IPs * 256. An easy way to get this is if you've allocated a combined /24 of IPs across all the private subnets, the pod IP range must be a /16 (24–8 = 16).
  • The pod IP range may overlap with other peered network resources, but must not overlap with the IPs of any data sources the customer is connecting to Ascend.
  • The pod IP range may be in any RFC 1918 IP range. We have no preference between 10, 172, and 192 as long as there are sufficient IPs.
  • If you have multiple Ascend environments peered to your private network, we recommend using the same pod IP range for simplicity.
  • As an example, if you have a VPC IP range of, a valid Pod IP range would be (the two ranges don't overlap, and the Pod IP range is 256* the size of the VPC IP range)