Between 2026-05-26 13:49 UTC and 17:49 UTC, customers using PrivateLink in AWS-hosted dbt Platform environments were unable to connect to their warehouses, causing runs and IDE sessions to fail. The issue was caused by an internal change that incorrectly handled PrivateLink connection settings, which led our systems to block PrivateLink connections. We reverted the change, deployed the fix, and restarted affected services to restore connectivity.
Who was impacted: Customers using warehouse connections over PrivateLink in AWS-hosted dbt Platform environments.
What was impacted: Warehouse connectivity over PrivateLink, affecting scheduled runs and IDE/Studio connections that relied on PrivateLink.
Customer experience: Connections failed (for example: Database Error 250001: Could not connect to Snowflake backend after 3 attempt(s). Aborting) and similar failures for other warehouses over PrivateLink.
Scope:
Impact window: 13:49–17:49 UTC on 2026-05-26 (~4 hours)
Average impact per affected account: ~60% of runs failed during the window
Customers not using PrivateLink were not impacted.
A change to an internal service updated how a CIDR range value was mapped for PrivateLink endpoints. In many cases, this change replaced the correct PrivateLink endpoint CIDR data with an unrelated value or null.
dbt Platform uses the CIDR range at runtime to validate whether a PrivateLink endpoint is correctly configured. When the CIDR range was incorrect, the validation failed and the affected workloads were not labeled for PrivateLink access, causing network policy to block PrivateLink connectivity outgoing from the dbt Platform to customer warehouses.
Reverted the change and deployed the revert through our standard staged rollout process.
Confirmed CIDR values were restored and monitored error rates as each environment was updated.
Restarted impacted services to clear stale configuration that persisted after the data correction.
Improve monitoring and alerting for PrivateLink misconfigurations so issues are detected early and routed to the right responders.
Strengthen change management for network and configuration mappings through staged rollouts and clear validation gates.
Add validation and guardrails to prevent invalid or risky PrivateLink configuration changes from being applied.
Increase visibility into large-scale or high-risk configuration changes through auditing and proactive notifications.