Multi-AZ sovereign and hybrid cloud architecture on OVHcloud FR with two VPCs (Ligne 1 Souverain and Ligne 2 Hybride) connected via Transit Gateway, each spanning eu-west-1a and eu-west-1b availability zones. Traffic flows from Users through WAF and ALB to presentation-layer applications (Metabase, OpenProject), while backend services (Flowise, Apache Hop, n8n) communicate via API Gateway to data layer components (Baserow, S3). Secrets Manager and KMS provide encryption and credential management across both VPCs, with CloudWatch and CloudTrail enabling monitoring and compliance auditing. This architecture demonstrates data residency compliance, high availability, and secure multi-tenant isolation for regulated workloads requiring French data sovereignty. Fork and customize this diagram on Diagrams.so to adapt VPC CIDR ranges, add additional AZs, or integrate your own SaaS connectors like Make.