For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
      • AstroFully-managed data operations, powered by Apache Airflow.
      • Astro Private CloudRun Airflow-as-a-service in your environment.
      • Professional ServicesExpert Airflow services for your enterprise's success.
    • Tools
      • Cosmos
      • Orbiter
      • CLI
      • AI SDK
      • Agents
      • Blueprint
      • UpdatesThe State of Airflow 2026See the insights from over 5,800 data practitioners in the full report. Download Now ➔
  • Customers
  • Docs
    • Insights
      • Blog
      • Webinars
      • Resource Library
      • Events
    • Education
      • Academy
      • What is Airflow?
  • Pricing
Get Started Free
    • Overview
        • Connect to data services
          • Private Network Egress
          • Customer Managed Egress
      • Billing
    • Book Office Hours

Product

  • Platform Overview
  • Astro
  • Astro Observe
  • Astro Private Cloud
  • Security & Trust
  • Pricing

Tools & Services

  • Cosmos
  • Docs
  • Professional Services
  • Product Updates

Use Cases

  • AI Ops
  • Data Observability
  • ETL/ELT
  • ML Ops
  • Operational Analytics
  • All Use Cases

Industries

  • Financial Services
  • Gaming
  • Retail
  • Manufacturing
  • Healthcare
  • All Industries

Resources

  • Academy
  • eBooks & Guides
  • Blog
  • Webinars
  • Events
  • The Data Flowcast Podcast
  • All Resources

Airflow

  • What is Airflow
  • Airflow on Astro
  • Airflow 3.0
  • Airflow Upgrades
  • Airflow Use Cases
  • Airflow 2.x End of Life

Company

  • Our Story
  • Customers
  • Newsroom
  • Careers
  • Contact

Support

  • Knowledge Base
  • Status
  • Contact Support
GitHubYouTubeLinkedInx
  • Legal
  • Privacy
  • Terms of Service
  • Consent Preferences

  • Do Not Sell or Share My Personal information
  • Limit the Use Of My Sensitive Personal Information

Apache Airflow®, Airflow, and the Airflow logo are trademarks of the Apache Software Foundation. Copyright © Astronomer 2026. All rights reserved.

LogoLogo
On this page
  • Prerequisites
  • Step 1: Create a resource share for Transit Gateway with Astro and submit Transit Gateway ID
  • Step 2: Astro accepts resource share and creates Transit Gateway attachment
  • Step 3: Enable Customer Managed Egress for Dag Workloads
AdministrationNetworkingManage network egress

Configure Customer Managed Egress

Edit this page
Built with
This is feature is only available if you are on the Enterprise tier or above. See Astro Plans and Pricing.
Customer Managed Egress is currently only available on dedicated AWS clusters.

Astro supports Customer Managed Egress for Dag Workloads on dedicated AWS clusters.

Customer Managed Egress for Dag Workloads lets you control egress to ensure compliance with security standards and regulations, and provides a data loss protection architecture to secure against unauthorized data transfer.

Enabling Customer Managed Egress through a Transit Gateway attachment between Astro and your corporate network allows you to manage and have full visibility into private and public data flows from your Astro Deployments and from Metrics Export configurations.

An icon on Deployments and Deployment details pages indicate when a Deployment is on a cluster with Customer Managed Egress enabled.

Prerequisites

  • An existing dedicated AWS cluster. Create a dedicated cluster
  • Organization Owner user permissions. See User permissions reference for more information.

Step 1: Create a resource share for Transit Gateway with Astro and submit Transit Gateway ID

  1. In the Astro UI, click Organization Settings, then click Clusters. For an existing dedicated AWS cluster, click the cluster you want to edit. Then, navigate to the Customer Managed Egress for Dag Workloads section of the Cluster Details page.

  2. Click Configure Customer Managed Egress…

  3. Share your Transit Gateway with your Astro cluster account using AWS Resource Access Manager (AWS RAM). Your Astro cluster Account ID is provided to enter into AWS RAM.

  4. Retrieve your AWS Transit Gateway ID from your AWS console.

  5. Enter your AWS Transit Gateway ID into Transit Gateway ID.

Step 2: Astro accepts resource share and creates Transit Gateway attachment

Monitor the automatically generated Astro support ticket to accept the resource share and confirm Transit Gateway attachment is created. This activity is completed by Astronomer Support, so you don’t need to take action during this step.

Step 3: Enable Customer Managed Egress for Dag Workloads

  1. Enable Customer Managed Egress for Dag Workloads.

  2. Astro routes all public and private traffic to your Transit Gateway from your Astro Deployments and Private Network Egress mode is enabled.

Resetting the Transit Gateway ID disables the routing of workload traffic (public and private) to your Transit Gateway, which might cause task failures. You must re-configure a new Transit Gateway to enable Customer Managed Egress again.