With PlanetScale Managed on Amazon Web Services (AWS) is a single-tenant deployment of PlanetScale in your AWS organization within an isolated sub-account. In this configuration, you can use the same API, CLI, and web interface that PlanetScale offers, with the benefit of running entirely in an AWS sub-account that you own and PlanetScale manages for you.
As you can see in the architecture diagram below, the PlanetScale data plane is deployed inside of a PlanetScale-controlled sub-account in your AWS organization. Within the Vitess cluster orchestrated by Kubernetes, we use three AWS availability zones within a region to ensure high availability.
You can deploy PlanetScale Managed to any AWS region with at least three availability zones, including those not supported by the PlanetScale self-serve product.
Backups, part of the data plane, are stored in S3 inside the same sub-account. PlanetScale Managed uses isolated Amazon Elastic Compute Cloud (Amazon EC2) instances as part of the deployment.
PlanetScale will not have access to any other sub-accounts or your organization level settings. Outside of your AWS organization, we run the PlanetScale control plane, which includes the PlanetScale API and web application, including the dashboard you see at
PlanetScale Managed is an excellent option for organizations with specific security and compliance requirements.
You own the AWS organization and sub-account that PlanetScale is deployed within in an isolated architecture. This differs from when your PlanetScale database is deployed within our AWS organizations.
Along with System and Organization Controls (SOC) 2 Type 2 and other security and compliance practices that PlanetScale has been issued and follows, PlanetScale Managed on AWS has been issued an Attestation of Compliance (AoC) and Report on Compliance (RoC), certifying our compliance with the PCI DSS 4.0 as a Level 1 Service Provider. This enables PlanetScale Managed to be used via a shared responsibility model across merchants, acquirers, issuers, and other roles in storing and processing cardholder data.
If you have any questions or concerns related to the security and compliance of PlanetScale Managed, please contact us, and we will be happy to discuss them further.
By default, all connections are encrypted, but public. Optionally, you also have the option to use private database connectivity through AWS PrivateLink, which is only available on single-tenancy deployment options, including PlanetScale Managed.
With any of the PlanetScale Enterprise offerings, including PlanetScale Managed, you have the option to purchase PlanetScale through the AWS Marketplace. In addition to this, the resources you use on PlanetScale will qualify against your EDP commitment.
If you have any billing-related questions for PlanetScale Managed, please contact us, and we will be happy to discuss them further.
If you want to see what is involved in getting set up with PlanetScale Managed in AWS, you can see the AWS set up documentation.
If you are interested in exploring PlanetScale Managed further, please contact us, and we can chat more about your requirements and see if PlanetScale Managed is a good fit for you.