Deployment¶
Bauplan offers two secure deployment options tailored to your needs.
Single-tenant Private Link Deployment¶
In this model, Bauplan manages a dedicated cloud environment for you, linked to your own object storage:
┌───────────────────────────────────────────────────────┐
| Your Local Environment |
| (IDE / CLI / SDK) |
└───────────────────────────────────────────────────────┘
|
auth + data streaming (private link)
|
┌───────────────────────────▼───────────────────────────┐
| Bauplan Managed Cloud |
| +----------------------+ +----------------------+ |
| | Bauplan APIs |----| EC2 Runner | |
| | Data Catalog | | (compute runtime) | |
| +----------------------+ +----------+-----------+ |
└───────────────────────────────────────────────────────┘
|
┌───────────────▼─────────────┐
| Your S3 Bucket |
| (in your cloud account) |
└─────────────────────────────┘
Key Benefits:
Fully isolated, SOC2-compliant managed environment.
Data stays in your cloud with no S3 egress costs.
No infrastructure management required by your team.
Bring Your Own Cloud (BYOC) Deployment¶
In the BYOC model, the entire Bauplan runtime is deployed within your existing VPC, under your control:
┌────────────────────────────────────────────────────────┐
| Your Local Environment |
| (IDE / CLI / SDK) |
└────────────────────────────────────────────────────────┘
|
auth + data streaming
|
|
┌───────────────▼─────────────────────┐
| Your Cloud (BYOC - VPC) |
| (compute runs here only) |
| |
| +-------------------------------+ |
| | EC2 Runner (primary) | |
| +-------------------------------+ |
| | EC2 Runner (backup) | |
| +-------------------------------+ |
| | |
| | |
| +-------▼--------+ |
| | Object Storage | |
| | (Your S3) | |
| +----------------+ |
└───────────────▲─────────────────────┘
|
|
|
┌────────────────────────────────────────────────┐
| Bauplan APIs (Control Plane) |
| |
| - Catalog (Iceberg + Git-for-data) |
| - Auth, scheduling, observability |
| - Multi-tenant, managed by Bauplan |
└────────────────────────────────────────────────┘
Key Benefits:
Maximum security and control within your infrastructure.
No external data traffic, fully private and compliant.
Efficient, with zero data transfer costs to external networks.