How to Enable App Platform VPCpublic
Validated on 8 Jul 2025 • Last edited on 14 Jul 2025
App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to publish code directly to DigitalOcean servers without worrying about the underlying infrastructure.
Now in public preview, App Platform apps in FRA, NYC, and TOR support VPC networks, allowing you to connect apps to other VPC-enabled resources (such as DBaaS, Droplets, and Kubernetes) over a private network. For more details about VPC networks, see the VPC product page.
The App Platform VPC integration enables you to:
- Access resources over a secure private network instead of the public internet
- Connect to VPC resources in any DigitalOcean datacenter using VPC peering
Apps can only directly connect to VPCs in one specific datacenter in their region. This limitation exists because App Platform regions abstract away underlying datacenters, but VPC networks are tied to specific datacenter locations. As a result, apps can only connect to VPC networks that are in the same datacenter where the app is deployed.
| App Spec Region | App Can Connect To VPCs In |
|---|---|
fra |
fra1 |
nyc |
nyc1 |
tor |
tor1 |
You can use VPC peering to work around this limitation. Peering allows resources in different VPC networks, including those in other regions, to communicate over the private network. For example, if an app is deployed in the nyc region and connects to a VPC network in nyc1, you can peer that nyc1 VPC network with another in ams3. This allows your app to privately access resources located in Amsterdam through the peered connection.
To set this up:
- Create or use an existing VPC network in the app’s region based on the mapping above. For example, an app deployed in the
nycregion must connect to a VPC network innyc1. - Peer that VPC network with another VPC network in the region where your resources are located. For instance, peering a VPC network in
nyc1with one inams3.
Once peered, your app can connect to resources in the peered VPC network through its regional VPC network, all over a private connection.
To gain access to this feature, contact support.
Enable VPC using the App Spec
Once you have access to the feature, to enable VPC network access for your app, first find the UUID of the specific VPC network you want to connect your app to. You can list all DigitalOcean VPCs and their UUIDs by running the following doctl command:
doctl vpcs listAlternatively, you can go to a specific VPC’s dashboard in the control panel and check the URL in your browser. The following example URL displays the VPC network’s UUID as your-id:
https://cloud.digitalocean.com/networking/vpc/your-id/resources?i=c7a311Once you have the VPC’s ID, update or add the vpc field to your app’s spec file, replacing your-id with the UUID of the VPC you want to connect to:
vpc:
id: your-idClick Save and wait for your app to redeploy. Then, confirm you have successfully enabled VPC on your app by running the following command from the app’s terminal in the control panel:
curl <droplet private ip>:<port>To change which VPC network your app is connected to, update the id field in the app spec and then click Save. To disconnect your app from the VPC network, remove the entire vpc field from the app spec and then click Save.