ServicesAboutNotesContact Get in touch →
EN FR
Note

Elementary report hosting

How to host Elementary HTML reports on S3, GCS, or Azure Blob Storage so the whole team has access, and how to automate report generation in CI pipelines.

Planted
elementarydbtdata qualityautomation

Elementary’s edr send-report command generates and uploads the HTML report to cloud storage in one step, making it accessible to stakeholders, on-call engineers, and anyone else who needs visibility into data quality. It takes the same flags as edr report for controlling report contents, plus cloud credentials for the destination.

AWS S3

Terminal window
edr send-report \
  --aws-access-key-id $AWS_ACCESS_KEY_ID \
  --aws-secret-access-key $AWS_SECRET_ACCESS_KEY \
  --s3-bucket-name your-reports-bucket \
  --bucket-file-path reports/elementary.html \
  --update-bucket-website true

With --update-bucket-website true, S3 serves the file as a static website. The URL pattern is:

http://your-reports-bucket.s3-website-us-east-1.amazonaws.com/index.html

The bucket needs static website hosting enabled and a bucket policy that allows public read. For internal tools where public access is inappropriate, use S3 pre-signed URLs or configure the bucket to be accessible only within your VPC.

Google Cloud Storage

Terminal window
edr send-report \
  --google-service-account-path /path/to/service-account.json \
  --gcs-bucket-name your-reports-bucket \
  --update-bucket-website true

Access at:

https://storage.googleapis.com/your-reports-bucket/index.html

The service account needs storage.objectAdmin on the bucket. For environments using workload identity or application default credentials rather than a service account file, check Elementary’s documentation for the alternative authentication flags.

Azure Blob Storage

Terminal window
edr send-report \
  --azure-container-name your-container \
  --azure-connection-string $AZURE_CONNECTION_STRING \
  --update-bucket-website true

Access at:

https://your-account.blob.core.windows.net/your-container/index.html

Automating in CI

The report is most useful when it updates automatically after each dbt run, so the team always sees current data quality status rather than a snapshot from whenever someone last ran the command manually.

In GitHub Actions, add the send-report step as part of your dbt pipeline:

- name: Generate Elementary report
  run: |
    edr send-report \
      --gcs-bucket-name ${{ secrets.REPORTS_BUCKET }} \
      --google-service-account-path ./sa.json

In Airflow, add edr send-report as a downstream task after your dbt build task. The dependency ensures the report only generates if the dbt run completed, and it always reflects the current state.

The key is sequencing: edr send-report runs after dbt build, not before. Since the command reads from Elementary’s warehouse tables, running it before the dbt run would generate a report based on the previous run’s data.

Access control considerations

Cloud storage static websites are public by default in most configurations. For production data quality reports that might surface failed row samples or business-sensitive metrics, configure access restrictions appropriate to your environment. Options include:

  • Bucket-level IAM policies restricting access to your organization’s IP ranges
  • Authentication proxies in front of the static site
  • Using pre-signed URLs that expire, distributed via Slack when the report generates

If PII is a concern, remember that --disable-samples removes failed row samples from the report entirely before it’s generated, which is simpler than access control and more appropriate when the sensitivity is in the data itself rather than just the metrics.