How to connect AWS partners to The Trinity Beast Infrastructure via PrivateLink (TCP) and VPC Peering (UDP).
Our Philosophy — We Receive Freely, We Give Freely
The Trinity Beast exists because of generosity. Coinbase, Gemini, Kraken, Gate.io, Crypto.com, and OKX provide their real-time price feeds to us at no cost. They ask nothing in return. That generosity is the foundation of everything we have built.
We believe the right response to that kind of generosity is to pass it forward. If your AWS application needs live cryptocurrency prices, we will provide them to you — free of charge, with no rate limiting, no monthly caps, and no billing. Not because we expect something back, but because that is how the AWS community should work.
Partner API keys come with unlimited access and direct container connectivity via AWS PrivateLink or VPC Peering for sub-2ms latency. No public internet, no load balancer hops, no throttling. The same infrastructure our paying subscribers use — but at no cost to you.
Beyond the technology, 100% of the subscription revenue that The Trinity Beast generates goes directly to Cross Power Ministries of Pakistan, funding freedom from brick kiln debt bondage. When you partner with us, you are part of something larger than an API.
Partners who need direct, low-latency access to The Trinity Beast — bypassing the public ALB and internet — have two connection paths depending on protocol:
| Protocol | Connection Method | Ports | Consumption Model | Setup |
|---|---|---|---|---|
| TCP (LPO + LRS) | PrivateLink | 8080 (LPO), 9090 (LRS) | Request/response OR real-time WebSocket push feed | Partner creates VPC endpoint → you approve |
| UDP (LPO + LRS) | VPC Peering → NLB | 2679 (LPO), 2680 (LRS) | Request/response — lowest possible latency, zero overhead | Peering connection + route table + security group |
Why two methods? AWS PrivateLink does not support UDP. TCP partners get the cleanest experience via PrivateLink (no CIDR coordination, no route table changes) and can choose between polling or a persistent WebSocket feed. UDP partners require VPC Peering, which involves more setup but delivers raw UDP speed — datagrams routed through the NLB (Layer 4 pass-through, zero measurable overhead, static IP that survives deployments).
PrivateLink creates a private endpoint in the partner's VPC that routes directly to your internal TCP NLB. Traffic stays on the AWS backbone. The partner never sees your VPC CIDR or container IPs.
| Attribute | Value |
|---|---|
| Service ID | vpce-svc-0147410454a727b3f |
| Service Name | com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f |
| Backed by | Trinity-Beast-TCP-NLB (internal) |
| Ports | TCP 8080 (LPO), TCP 9090 (LRS) |
| Acceptance | Required (you approve each partner) |
1 Share the service name with the partner:
com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f
2 Wait for their endpoint request — it will appear in the VPC console under Endpoint Services → Endpoint Connections.
3 Accept the connection request:
aws ec2 accept-vpc-endpoint-connections \ --service-id vpce-svc-0147410454a727b3f \ --vpc-endpoint-ids vpce-XXXXXXXXXXXX \ --region us-east-2
That's it. No security group changes, no route table changes, no CIDR coordination.
1 Create a VPC Interface Endpoint in their VPC:
aws ec2 create-vpc-endpoint \ --vpc-id vpc-THEIR_VPC_ID \ --service-name com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f \ --vpc-endpoint-type Interface \ --subnet-ids subnet-THEIR_SUBNET \ --security-group-ids sg-THEIR_SG \ --region us-east-2
2 Wait for CPMP to accept the connection.
3 Use the endpoint DNS to connect:
# LPO price query via PrivateLink (request/response)
curl http://vpce-XXXX.vpce-svc-0147410454a727b3f.us-east-2.vpce.amazonaws.com:8080/price?asset=BTC&api_key=YOUR_KEY
# LRS report via PrivateLink
curl http://vpce-XXXX.vpce-svc-0147410454a727b3f.us-east-2.vpce.amazonaws.com:9090/reports/usage?api_key=YOUR_KEY
# Real-Time WebSocket Feed (persistent connection — prices pushed as they arrive)
wscat -c "ws://vpce-XXXX.vpce-svc-0147410454a727b3f.us-east-2.vpce.amazonaws.com:8080/ws/prices?api_key=YOUR_KEY"
# Then subscribe: {"subscribe": ["BTC","ETH","SOL"]}
# Prices flow continuously — no polling required
Partners can open a persistent WebSocket connection at /ws/prices?api_key=KEY and receive real-time price updates pushed from the same exchange feeds that power the entire system. No polling, no intervals — prices arrive the instant they're received from the 6 exchanges.
| Direction | Message | Purpose |
|---|---|---|
| Client → Server | {"subscribe": ["BTC","ETH","SOL"]} | Subscribe to assets |
| Client → Server | {"unsubscribe": ["DOGE"]} | Remove assets |
| Client → Server | {"ping": true} | Keepalive |
| Server → Client | {"status":"✅ [WS] [us-east-2] [BeastMain] [/ws/prices] [200]","status_code":200,"endpoint":"/ws/prices","cluster_node":"BeastMain","region":"us-east-2","language":"en","api_key_id":"ak_partner_123","ip_address":"10.0.6.42","agent_profile_arn":"arn:tbi:us-east-2:211998422884:agent-profile/partner-ws-hub/v1","timestamp":"...","data":{"type":"price","asset":"BTC","price":97432.51,"source":"coinbase-ws"},"error":""} | Real-time price update (UME) |
| Server → Client | {"status":"✅ [WS] [us-east-2] [BeastMain] [/ws/prices] [200]","status_code":200,"endpoint":"/ws/prices","cluster_node":"BeastMain","region":"us-east-2","language":"en","api_key_id":"ak_partner_123","ip_address":"10.0.6.42","agent_profile_arn":"arn:tbi:us-east-2:211998422884:agent-profile/partner-ws-hub/v1","timestamp":"...","data":{"type":"subscribed","assets":["BTC","ETH","SOL"]},"error":""} | Subscription confirmation (UME) |
| Server → Client | {"type":"pong"} | Keepalive response (lightweight — no UME overhead) |
Available assets: GET /ws/assets — returns all 150 prewarmed assets across 6 exchanges. No auth required (informational endpoint).
VPC Peering connects the partner's VPC to yours. Traffic routes between VPCs using private IPs. The partner sends UDP datagrams to the NLB's static private IP — Layer 4 pass-through with zero measurable overhead. The NLB routes to healthy containers automatically, surviving deployments and scaling events without any partner-side changes.
NLB Zero Overhead — Proven: Stress testing (Run 17, Performance Report) confirmed that UDP through the NLB matches UDP direct-to-container within measurement noise. The NLB's Layer 4 pass-through adds no measurable latency or throughput reduction. Partners get stable addressing with no performance penalty.
Requirement: The partner's VPC CIDR must not overlap with 10.0.0.0/16 (your VPC). Common partner CIDRs: 172.16.0.0/16, 192.168.0.0/16, 10.1.0.0/16.
1 Accept the peering request (partner initiates):
aws ec2 accept-vpc-peering-connection \ --vpc-peering-connection-id pcx-XXXXXXXXXXXX \ --region us-east-2
2 Add route to your public route table for the partner's CIDR:
aws ec2 create-route \ --route-table-id rtb-0b16435cb481bf79d \ --destination-cidr-block PARTNER_CIDR \ --vpc-peering-connection-id pcx-XXXXXXXXXXXX \ --region us-east-2
3 Add security group rule to allow UDP from the partner's CIDR:
# Allow UDP 2679 (LPO) from partner aws ec2 authorize-security-group-ingress \ --group-id sg-050b617f93b2388f6 \ --protocol udp --port 2679 \ --cidr PARTNER_CIDR \ --region us-east-2 # Allow UDP 2680 (LRS) from partner aws ec2 authorize-security-group-ingress \ --group-id sg-050b617f93b2388f6 \ --protocol udp --port 2680 \ --cidr PARTNER_CIDR \ --region us-east-2
4 Provide the NLB private IP to the partner (static per AZ — does not change on deployments).
1 Create VPC Peering request to your VPC:
aws ec2 create-vpc-peering-connection \ --vpc-id vpc-THEIR_VPC_ID \ --peer-owner-id 211998422884 \ --peer-vpc-id vpc-03deaddb7083cd59c \ --peer-region us-east-2 \ --region THEIR_REGION
2 Wait for CPMP to accept.
3 Add route for The Trinity Beast VPC:
aws ec2 create-route \ --route-table-id rtb-THEIR_RT \ --destination-cidr-block 10.0.0.0/16 \ --vpc-peering-connection-id pcx-XXXXXXXXXXXX \ --region THEIR_REGION
4 Send UDP queries to the NLB private IP (provided by CPMP):
# UDP LPO price query (Python example)
import socket, json
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
payload = json.dumps({"asset": "BTC", "api_key": "YOUR_KEY"})
sock.sendto(payload.encode(), ("NLB_PRIVATE_IP", 2679))
data, _ = sock.recvfrom(4096)
response = json.loads(data)
print(json.dumps(response, indent=2))
# Response — Unified Messaging Envelope (same 12-field structure as TCP):
# {
# "status": "✅ [LPO] [us-east-2] [BeastMain] [/price] [200]",
# "status_code": 200,
# "endpoint": "/price",
# "cluster_node": "BeastMain",
# "region": "us-east-2",
# "language": "en",
# "api_key_id": "YOUR_KEY",
# "ip_address": "10.0.1.50",
# "agent_profile_arn": "arn:tbi:us-east-2:211998422884:agent-profile/tbi/v1",
# "timestamp": "2026-05-29T22:00:00Z",
# "data": {
# "assets": [{
# "asset": "BTC",
# "price": 97432.384729501,
# "exchange": "coinbase-ws",
# "cached": true,
# "cache_age_seconds": 0.847,
# "timestamp": 1748548800,
# "readable_timestamp": "2026-05-29T22:00:00Z",
# "latency_ms": 0
# }],
# "failed": [],
# "duration_ms": 1,
# "monthly_usage": 0,
# "monthly_limit": 0,
# "usage_pct": 0.0,
# "usage_warning": ""
# },
# "error": ""
# }
The NLB IP is static — it survives container deployments, scaling events, and AZ failovers. No reconnection logic needed.
| Resource | Value |
|---|---|
| Your VPC ID | vpc-03deaddb7083cd59c |
| Your VPC CIDR | 10.0.0.0/16 |
| Your AWS Account | 211998422884 |
| Region | us-east-2 (Ohio) |
| TCP PrivateLink Service | com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f |
| TCP NLB (internal) | Trinity-Beast-TCP-NLB |
| UDP NLB (static IP) | Trinity-Beast-UDP-NLB — Layer 4 pass-through, zero overhead |
| ECS Security Group | sg-050b617f93b2388f6 (Trinity-ECS-SG-v3) |
| Public Route Table | rtb-0b16435cb481bf79d |
| LPO TCP Port | 8080 |
| LRS TCP Port | 9090 |
| LPO UDP Port | 2679 |
| LRS UDP Port | 2680 |
| WebSocket Feed | /ws/prices?api_key=KEY (port 8080, via PrivateLink) |
| Available Assets | GET /ws/assets (no auth — lists all 150 subscribable assets) |
The Trinity Beast Command Center includes a dedicated Partner Management widget for onboarding and managing AWS partners. The onboarding wizard generates the exact CLI commands for both sides of the connection.
The widget also provides a Partners tab for viewing all connected partners, a Pending Approvals tab for accepting PrivateLink and VPC peering requests, and a Security Groups tab for managing UDP access CIDRs.