# Virtual Private Clouds
Every Pipedream workflow is deployed to its own virtual machine in AWS. This means your workflow's execution environment has its own RAM and disk, isolated from other users’ workflows.
However, outbound traffic shares the same network as other AWS services deployed in the us-east-1
region. That means network requests from your workflows (e.g. an HTTP request or a connection to a database) originate from the standard range of AWS IP addresses.
Pipedream VPCs enable you to run workflows in dedicated and isolated networks with static outbound egress IP addresses that are unique to your workspace (unlike other platforms that provide static IPs common to all customers on the platform).
Outbound network requests from workflows that run in a VPC will originate from these static IP addresses, so you can whitelist access to sensitive resources (like databases and APIs) with confidence that the requests will only originate from the Pipedream workflows in your workspace.
# Getting started
# Create a new VPC
- Click on New VPC in the upper right of the page:
- Enter a network name and click Create:
- It may take 5-10 minutes to complete setting up your network. The status will change to Available when complete:
# Run workflows within a VPC
To run workflows in a VPC, check the Run in Private Network option in workflow settings and select the network you created. All outbound network requests for the workflow will originate from the static egress IP for the VPC (both when testing a workflow or when running the workflow in production).
If you don’t see the network listed, the network setup may still be in progress. If the issue persists longer than 10 minutes, please contact support (opens new window).
# Find the static outbound IP address for a VPC
You can view and copy the static outbound IP address for each VPC in your workspace from the Virtual Private Cloud settings (opens new window). If you need to restrict access to sensitive resources (e.g., a database) by IP address, copy this address and configure it in your application with the /32
CIDR block. Network requests from workflows running in the VPC will originate from this address.
# Managing a VPC
To rename or delete a VPC, navigate to the Virtual Private Cloud settings (opens new window) for your workspace and select the option from the menu at the the right of the VPC you want to manage.
# Self-hosting and VPC peering
If you're interested in running Pipedream workflows in your own infrastructure, or configure VPC peering to allow Pipedream to communicate to resources in a private network, please reach out to our Enterprise Sales team.
# Limitations
- Only workflows can run in VPCs (other resources like sources or data stores are not currently supported). For example, sources cannot yet run in VPCs.
- Creating a new network can take up to 5 minutes. Deploying your first workflow into a new network and testing that workflow for the first time can take up to 1 min. Subsequent operations should be as fast as normal.
- VPCs only provide static IPs for outbound network requests. This feature does not provide a static IP for or otherwise restrict inbound requests.
- You can’t set a default network for all new workflows in a workspace or project (you must select the network every time you create a new workflow). Please reach out (opens new window) if you're interesting in imposing controls like this in your workspace.
- Workflows running in a VPC will still route specific requests routed through the shared Pipedream network:
$.send.http()
requests are routed through- Async options requests (these are requests that are made to populate options in drop down menus for actions while a building a workflow — e.g., the option to “select a Google Sheet” when using the “add row to Google Sheets” action)
# Frequently Asked Questions
# Will HTTP requests sent from Node.js, Python and the HTTP request steps use the assigned static IP address?
Yes, all steps that send HTTP requests from a workflow assigned to a VPC will use that VPC's IP address to send HTTP requests.
This will also include axios
, requests
, fetch
or any HTTP client you prefer in your language of choice.
The only exception are requests sent by $.send.http()
or the HTTP requests used to populate async options that power props like "Select a Google Sheet" or "Select a Slack channel". These requests will route through the standard set of Pipedream IP addresses.
# Can a single workflow live within multiple VPCs?
No, a VPC can contain many workflows, but a single workflow can only belong to one VPC.
# Can I modify my VPC's IP address to another address?
No, IP addresses are assigned to VPCs for you, and they are not changeable.
# How much will VPCs cost?
VPCs are available on the Business plan. Upgrade your plan here (opens new window).