AWS PrivateLink: connect your AWS resources without exposing them

Reach private databases, caches, and APIs from your tasks over AWS PrivateLink — no public endpoints, IP allowlists, or VPN required.

With AWS PrivateLink support, Trigger.dev tasks can connect directly to private AWS resources inside your VPC:

• RDS (Postgres, MySQL, Aurora)
• ElastiCache (Redis, Memcached)
• Internal microservices and APIs
• Self-hosted databases on EC2
• Anything else reachable inside your VPC

How it works

1. Create a Network Load Balancer and VPC Endpoint Service in your AWS account.
2. Add Trigger.dev's account as an allowed principal.
3. Provision a VPC Endpoint — Trigger.dev handles the rest.

Connections are isolated using a CiliumNetworkPolicy (eBPF kernel-level traffic filtering) targeting pods labeled with your org ID, so your private resources are only reachable from your own tasks.

Setup options

• Enter an existing VPC Endpoint Service name
• Generate a pre-filled Terraform script
• Use an AI agent prompt to create resources automatically
• Follow a step-by-step AWS Console walkthrough

All configured via Settings → Private Connections.

Availability

• Plans: Pro and Enterprise
• Default limit: 2 connections per organization
• Regions: Available across 28 AWS regions on the customer side; consumed in us-east-1 and eu-central-1
• Connections are organization-wide, accessible across all projects and environments