The Trinity Beast — AWS Partner Onboarding Guide

How to connect AWS partners to The Trinity Beast Infrastructure via PrivateLink (TCP) and VPC Peering (UDP).

Account: 211998422884 Region: us-east-2 (Ohio) Version: v15 Last Updated: April 21, 2026

Overview

Our Philosophy — We Receive Freely, We Give Freely

The Trinity Beast exists because of generosity. Coinbase, Gemini, Kraken, Gate.io, Bybit, and OKX provide their real-time price feeds to us at no cost. They ask nothing in return. That generosity is the foundation of everything we have built.

We believe the right response to that kind of generosity is to pass it forward. If your AWS application needs live cryptocurrency prices, we will provide them to you — free of charge, with no rate limiting, no monthly caps, and no billing. Not because we expect something back, but because that is how the AWS community should work.

Partner API keys come with unlimited access and direct container connectivity via AWS PrivateLink or VPC Peering for sub-2ms latency. No public internet, no load balancer hops, no throttling. The same infrastructure our paying subscribers use — but at no cost to you.

Beyond the technology, 100% of the subscription revenue that The Trinity Beast generates goes directly to Cross Power Ministries of Pakistan, funding freedom from brick kiln debt bondage. When you partner with us, you are part of something larger than an API.

Partners who need direct, low-latency access to The Trinity Beast — bypassing the public ALB and internet — have two connection paths depending on protocol:

ProtocolConnection MethodPortsLatencySetup
TCP (LPO + LRS) PrivateLink 8080 (LPO), 9090 (LRS) Sub-millisecond (same region) Partner creates VPC endpoint → you approve
UDP (LPO + LRS) VPC Peering 2679 (LPO), 2680 (LRS) Sub-millisecond (same region) Peering connection + route table + security group

Why two methods? AWS PrivateLink does not support UDP. TCP partners get the cleanest experience via PrivateLink (no CIDR coordination, no route table changes). UDP partners require VPC Peering, which involves more setup but delivers the fastest possible path — raw UDP datagrams with no load balancer hop.

TCP Partners — PrivateLink

PrivateLink creates a private endpoint in the partner's VPC that routes directly to your internal TCP NLB. Traffic stays on the AWS backbone. The partner never sees your VPC CIDR or container IPs.

Your PrivateLink Service (already created)
AttributeValue
Service IDvpce-svc-0147410454a727b3f
Service Namecom.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f
Backed byTrinity-Beast-TCP-NLB (internal)
PortsTCP 8080 (LPO), TCP 9090 (LRS)
AcceptanceRequired (you approve each partner)

Onboarding Steps — Your Side (CPMP)

1 Share the service name with the partner:

com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f

2 Wait for their endpoint request — it will appear in the VPC console under Endpoint Services → Endpoint Connections.

3 Accept the connection request:

aws ec2 accept-vpc-endpoint-connections \
  --service-id vpce-svc-0147410454a727b3f \
  --vpc-endpoint-ids vpce-XXXXXXXXXXXX \
  --region us-east-2

That's it. No security group changes, no route table changes, no CIDR coordination.

Onboarding Steps — Partner Side

1 Create a VPC Interface Endpoint in their VPC:

aws ec2 create-vpc-endpoint \
  --vpc-id vpc-THEIR_VPC_ID \
  --service-name com.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f \
  --vpc-endpoint-type Interface \
  --subnet-ids subnet-THEIR_SUBNET \
  --security-group-ids sg-THEIR_SG \
  --region us-east-2

2 Wait for CPMP to accept the connection.

3 Use the endpoint DNS to connect:

# LPO price query via PrivateLink
curl http://vpce-XXXX.vpce-svc-0147410454a727b3f.us-east-2.vpce.amazonaws.com:8080/price?asset=BTC&api_key=YOUR_KEY

# LRS report via PrivateLink
curl http://vpce-XXXX.vpce-svc-0147410454a727b3f.us-east-2.vpce.amazonaws.com:9090/reports/usage?api_key=YOUR_KEY

UDP Partners — VPC Peering

VPC Peering connects the partner's VPC directly to yours. Traffic routes between VPCs using private IPs. The partner sends UDP datagrams directly to your container IPs — no load balancer, no TLS, maximum speed.

Requirement: The partner's VPC CIDR must not overlap with 10.0.0.0/16 (your VPC). Common partner CIDRs: 172.16.0.0/16, 192.168.0.0/16, 10.1.0.0/16.

Onboarding Steps — Your Side (CPMP)

1 Accept the peering request (partner initiates):

aws ec2 accept-vpc-peering-connection \
  --vpc-peering-connection-id pcx-XXXXXXXXXXXX \
  --region us-east-2

2 Add route to your public route table for the partner's CIDR:

aws ec2 create-route \
  --route-table-id rtb-0b16435cb481bf79d \
  --destination-cidr-block PARTNER_CIDR \
  --vpc-peering-connection-id pcx-XXXXXXXXXXXX \
  --region us-east-2

3 Add security group rule to allow UDP from the partner's CIDR:

# Allow UDP 2679 (LPO) from partner
aws ec2 authorize-security-group-ingress \
  --group-id sg-050b617f93b2388f6 \
  --protocol udp --port 2679 \
  --cidr PARTNER_CIDR \
  --region us-east-2

# Allow UDP 2680 (LRS) from partner
aws ec2 authorize-security-group-ingress \
  --group-id sg-050b617f93b2388f6 \
  --protocol udp --port 2680 \
  --cidr PARTNER_CIDR \
  --region us-east-2

Onboarding Steps — Partner Side

1 Create VPC Peering request to your VPC:

aws ec2 create-vpc-peering-connection \
  --vpc-id vpc-THEIR_VPC_ID \
  --peer-owner-id 211998422884 \
  --peer-vpc-id vpc-03deaddb7083cd59c \
  --peer-region us-east-2 \
  --region THEIR_REGION

2 Wait for CPMP to accept.

3 Add route for The Trinity Beast VPC:

aws ec2 create-route \
  --route-table-id rtb-THEIR_RT \
  --destination-cidr-block 10.0.0.0/16 \
  --vpc-peering-connection-id pcx-XXXXXXXXXXXX \
  --region THEIR_REGION

4 Send UDP queries to container IPs (provided by CPMP):

# UDP LPO price query (Python example)
import socket, json
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
payload = json.dumps({"asset": "BTC", "api_key": "YOUR_KEY"})
sock.sendto(payload.encode(), ("CONTAINER_IP", 2679))
data, _ = sock.recvfrom(4096)
print(json.loads(data))

Quick Reference

ResourceValue
Your VPC IDvpc-03deaddb7083cd59c
Your VPC CIDR10.0.0.0/16
Your AWS Account211998422884
Regionus-east-2 (Ohio)
TCP PrivateLink Servicecom.amazonaws.vpce.us-east-2.vpce-svc-0147410454a727b3f
TCP NLB (internal)Trinity-Beast-TCP-NLB
UDP NLB (public)Trinity-Beast-UDP-NLB
ECS Security Groupsg-050b617f93b2388f6 (Trinity-ECS-SG-v3)
Public Route Tablertb-0b16435cb481bf79d
LPO TCP Port8080
LRS TCP Port9090
LPO UDP Port2679
LRS UDP Port2680

TBCC Partner Management Widget

The Trinity Beast Command Center includes a dedicated Partner Management widget for onboarding and managing AWS partners. The onboarding wizard generates the exact CLI commands for both sides of the connection.

The Trinity Beast Command Center — Partner Management
👥 Partner Management Network
Partners
Pending Approvals
Security Groups
Onboard Partner
Step 1 — Choose Connection Type
PrivateLink (TCP)
Endpoint service → interface endpoint. Best for API/TCP workloads.
VPC Peering (UDP)
Bi-directional peering. Required for UDP multicast workloads.
Step 2 — Partner Details
Partner Name
Acme Trading Co.
AWS Account ID
987654321098
Partner VPC CIDR
10.1.0.0/16
Region
us-east-1 (Virginia)
3 Step 3 — Generated PrivateLink Commands
Step A — The Trinity Beast Side (You Run)
# Create VPC Endpoint Service for partner
aws ec2 create-vpc-endpoint-service-configuration \
  --network-load-balancer-arns arn:aws:elasticloadbalancing:us-east-2:211998422884:... \
  --acceptance-required --region us-east-2
Step B — Partner Side (Acme Trading Co. Runs)
# Create VPC Interface Endpoint to The Trinity Beast
aws ec2 create-vpc-endpoint \
  --vpc-endpoint-type Interface \
  --service-name com.amazonaws.vpce.us-east-2.vpce-svc-... \
  --vpc-id vpc-... --region us-east-1

The widget also provides a Partners tab for viewing all connected partners, a Pending Approvals tab for accepting PrivateLink and VPC peering requests, and a Security Groups tab for managing UDP access CIDRs.