Can an Atlassian Forge app connect to an AWS VPC?
Technically, yes. But not in the way that would be useful to reporting.
To elaborate the “technical yes”, a recent announcement opens up a way to call “external compute” using OAuth 2:
That’s not using AWS VPC for security but it would be possible to put OAuth 2 in front of a VPC using AWS API Gateway.
To elaborate why it’s not useful for reporting, whatever is inside your VPC that would do “the heavy-lifting” needs to query Jira. (That’s the heavy-lifting for reporting, right?) In order to query Jira, those external components need some kind of authentication, which Forge cannot share. So those external compute components would need to operate as their own OAuth 2 App, separate from Forge.
One could still have Forge talking to that OAuth 2 back-end; however, the architect in me doesn’t like splitting components this way. The dual-auth would be too easy to run into permissions mismatches that leak data. And the code bases would be tightly coupled, while needing pretty different deployment pipelines. Hence, I would recommend Connect (even if older and less shiny) instead of Forge.