Lightup Cloud

Setup guide for Lightup Cloud

Review details of the Lightup Cloud deployment model.

Sign up for an account

Sign up for a Lightup Cloud trial account at

You will receive the following in email:

  1. A login link dedicated to your account
  2. A Lightup-owned IP address to whitelist

If your data warehouses are publicly accessible, you are ready to use your Lightup Cloud account. No additional setup is needed. Simply log in to your account using the dedicated login link. It usually looks like https://app.<your-organization>

Provision data access for Lightup (if needed)

This step is only needed if your data warehouse(s) are hidden behind a corporate firewall or another access control mechanism (e.g., accessible only from within your corporate VPC or on your corporate VPN). In that case, additional setup is needed to enable your Lightup Cloud instance to access your data warehouse(s) using one of the mechanisms listed ahead.

Whitelist Lightup IP address (recommended)

If your data warehouse is accessible on a public endpoint (a public IP or host name like redshift.<your-org>.com)but access has been limited to authorized connection origins only, whitelisting is an easy way to provide access to Lightup.

Lightup Cloud deploys as a single-tenant instance and originates data warehouse connections from a fixed IP address.

You simply need to whitelist the Lightup IP address dedicated to your account. Look for this IP address in the account signup welcome email.

Setup an SSH tunnel

If your data warehouse is not accessible on a public endpoint or whitelisting the Lightup IP address is proving difficult, you can use this alternative. Send us a message at [email protected] (or on your Slack support channel) to request a Lightup connection server that looks like connect.<your-org> We will set up the connection server and provide you instructions for setting up SSH tunnel(s) that will unblock secure access from your Lightup Cloud instance to your data warehouse(s).

Default and additional security configuration

Lightup Cloud instances are deployed with the following default production model:

  1. No data copying: No data from the customer environment is copied over to the Lightup Cloud deployment.
  2. Single-tenant deployments: Each customer is housed in a dedicated AWS VPC (single-tenant instances, no multi-tenancy). Dedicated EC2 machines and RDS databases are created on a per customer basis (also single-tenant resources, no multi-tenancy).
  3. Minimal access: Those clusters are accessed by Lightup only for maintenance work such as upgrades. Access to Lightup VPC resources is limited, audited, logged and restricted to only within the Lightup VPN.

Those default features make Lightup Cloud deployments extremely secure.

In addition, Lightup supports the following security configurations for a Cloud instance that can be requested separately (optional):

  1. Customer IP whitelisting: This configuration whitelists a customer CIDR block to restrict incoming access to the Lightup Cloud.
  2. VPC peering: Lightup Cloud instances are deployed as single-tenant VPCs under the Lightup AWS account. The dedicated VPC of a Lightup Cloud instance can be peered to the customer's AWS VPC to limit public endpoint visibility and allows routing between private IPs.

To request those additional security measures, please contact us at [email protected].