Databricks clouds and regions
Databricks workspaces can be hosted on Amazon AWS, Microsoft Azure, and Google Cloud Platform. You can use Databricks on any of these hosting platforms to access data wherever you keep it, regardless of cloud.
This article lists:
The regions supported by Databricks on AWS.
Features available in each region, where there is regional differentiation in feature availability.
IP addresses and domains for Databricks services and assets.
You may need this information if you create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC, or if you use AWS PrivateLink within your Databricks network environment.
Supported regions list
This table lists the AWS regions supported by Databricks. There are some features that are available only in a subset of regions. The table indicates whether or not a region supports each of these features. If a feature is supported in all regions, it is not included in the table.
Features that are excluded from at least one region include:
CMK (customer-managed keys) for both managed services (control plane storage of notebook commands, secrets, and Databricks SQL queries) and workspace storage (root S3 bucket and cluster node EBS volumes).
Serverless SQL warehouses. In the serverless SQL warehouses column, “compliance security profile supported” means that you can use serverless SQL warehouses with the compliance security profile enabled, which is required to process some types of regulated data.
Region |
Location |
CMK |
PrivateLink |
Serverless compute for notebooks and workflows |
Serverless SQL warehouses |
Model Serving |
Vector Search |
Predictive optimization |
Firewall enablement for serverless compute |
---|---|---|---|---|---|---|---|---|---|
|
Asia Pacific (Tokyo) |
X |
X |
X |
X |
X |
|||
|
Asia Pacific (Seoul) |
X |
X |
||||||
|
Asia Pacific (Mumbai) |
X |
X |
X |
X |
||||
|
Asia Pacific (Singapore) |
X |
X |
X |
X |
X |
|||
|
Asia Pacific (Sydney) |
X |
X |
X (compliance security profile supported) |
X |
X |
X |
X |
|
|
Canada (Central) |
X |
X |
X |
|||||
|
EU (Frankfurt) |
X |
X |
X |
X |
X |
X |
||
|
EU (Ireland) |
X |
X |
X |
X |
X |
X |
X |
|
|
EU (London) |
X |
X |
||||||
|
EU (Paris) |
X |
X |
X |
X |
||||
|
South America (Sao Paulo) |
X |
X |
X |
X |
||||
|
US East (Northern Virginia) |
X |
X |
X |
X (compliance security profile supported) |
X |
X |
X |
X |
|
US East (Ohio) |
X |
X |
X |
X |
X |
X |
X |
X |
|
US Gov West (Pendleton) |
X |
X |
||||||
|
US West (Northern California) |
||||||||
|
US West (Oregon) |
X |
X |
X |
X |
X |
X |
X |
X |
IP addresses and domains
You may need the following information if:
You create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC.
You use AWS PrivateLink within your Databricks network environment.
Databricks control plane addresses
The following tables list the IP addresses or domain names the Databricks control plane uses for each supported region. Port 443 is used for all addresses except for the SCC relay for PrivateLink, which uses Port 6666.
Inbound to Databricks control plane
Databricks Region |
Service |
Public IP or domain name |
---|---|---|
|
Control plane services, including webapp |
tokyo.cloud.databricks.com, 35.72.28.0/28 |
SCC relay |
tunnel.ap-northeast-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ap-northeast-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
seoul.cloud.databricks.com, 3.38.156.176/28 |
SCC relay |
tunnel.ap-northeast-2.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ap-northeast-2.cloud.databricks.com |
|
|
Control plane services, including webapp |
mumbai.cloud.databricks.com, 65.0.37.64/28 |
SCC relay |
tunnel.ap-south-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ap-south-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
singapore.cloud.databricks.com, 13.214.1.96/28 |
SCC relay |
tunnel.ap-southeast-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ap-southeast-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
sydney.cloud.databricks.com, 3.26.4.0/28 |
SCC relay |
tunnel.ap-southeast-2.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ap-southeast-2.cloud.databricks.com |
|
|
Control plane services, including webapp |
canada.cloud.databricks.com, 3.96.84.208/28 |
SCC relay |
tunnel.ca-central-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.ca-central-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
frankfurt.cloud.databricks.com, 18.159.44.32/28 |
SCC relay |
tunnel.eu-central-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.eu-central-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
ireland.cloud.databricks.com, 3.250.244.112/28 |
SCC relay |
tunnel.eu-west-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.eu-west-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
london.cloud.databricks.com, 18.134.65.240/28 |
SCC relay |
tunnel.eu-west-2.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.eu-west-2.cloud.databricks.com |
|
|
Control plane services, including webapp |
paris.cloud.databricks.com, 13.39.141.128/28 |
SCC relay |
tunnel.eu-west-3.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.eu-west-3.cloud.databricks.com |
|
|
Control plane services, including webapp |
saopaulo.cloud.databricks.com, 15.229.120.16/28 |
SCC relay |
tunnel.sa-east-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.sa-east-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
nvirginia.cloud.databricks.com, 3.237.73.224/28 |
SCC relay |
tunnel.us-east-1.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.us-east-1.cloud.databricks.com |
|
|
Control plane services, including webapp |
ohio.cloud.databricks.com, 3.128.237.208/28 |
SCC relay |
tunnel.us-east-2.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.us-east-2.cloud.databricks.com |
|
|
Control plane services, including webapp |
pendleton.cloud.databricks.us, 3.30.186.128/28 |
SCC relay |
tunnel.us-gov-west-1.cloud.databricks.us |
|
SCC relay for PrivateLink |
tunnel.privatelink.us-gov-west-1.cloud.databricks.us |
|
|
Control plane services, including webapp |
oregon.cloud.databricks.com, 44.234.192.32/28 |
SCC relay |
tunnel.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.cloud.databricks.com |
|
|
Control plane services, including webapp |
oregon.cloud.databricks.com, 44.234.192.32/28 |
SCC relay |
tunnel.cloud.databricks.com |
|
SCC relay for PrivateLink |
tunnel.privatelink.cloud.databricks.com |
Outbound from Databricks control plane
Databricks Region |
Service |
Public IP or domain name |
---|---|---|
|
Control plane NAT IPs |
35.72.28.0/28, 18.177.16.95 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.38.156.176/28, 54.180.50.119 |
VPC ID |
|
|
|
Control plane NAT IPs |
65.0.37.64/28, 13.232.248.161 |
VPC ID |
|
|
|
Control plane NAT IPs |
13.214.1.96/28, 13.213.212.4 |
VPC ID |
vpc-01dcc0ded03337911`, |
|
|
Control plane NAT IPs |
3.26.4.0/28, 13.237.96.217 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.96.84.208/28, 35.183.59.105 |
VPC ID |
|
|
|
Control plane NAT IPs |
18.159.44.32/28, 18.159.32.64 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.250.244.112/28, 46.137.47.49 |
VPC ID |
|
|
|
Control plane NAT IPs |
18.134.65.240/28,3.10.112.150 |
VPC ID |
|
|
|
Control plane NAT IPs |
13.39.141.128/28, 15.236.174.74 |
VPC ID |
|
|
|
Control plane NAT IPs |
15.229.120.16/28, 177.71.254.47 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.237.73.224/28, 54.156.226.103 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.128.237.208/28, 18.221.200.169 |
VPC ID |
|
|
|
Control plane NAT IPs |
3.30.186.128/28, 3.30.245.130 |
VPC ID |
|
|
|
Control plane NAT IPs |
44.234.192.32/28, 52.27.216.188 |
VPC ID |
N/A |
|
|
Control plane NAT IPs |
44.234.192.32/28, 52.27.216.188 |
VPC ID |
|
S3 addresses
To add the global S3 bucket service to a route or allow list, use the following address and port, regardless of region: s3.amazonaws.com:443
For regional S3 buckets, AWS provides an address and port for a regional endpoint (s3.<region-name>.amazonaws.com:443
). Databricks recommends that you use a VPC endpoint instead. See (Recommended) Configure regional endpoints.
STS addresses
To add the global STS (AWS Security Token Service) to a route or allow list, use the following address and port, regardless of region: sts.amazonaws.com:443
For regional STS, AWS provides an address and port for a regional endpoint (sts.<region-name>.amazonaws.com:443
), but Databricks recommends that you use a VPC endpoint instead. See (Recommended) Configure regional endpoints.
Kinesis addresses
For the Kinesis service, AWS provides addresses and ports for regional endpoints as shown in the table below. However, Databricks recommends that you use a VPC endpoint instead. See (Recommended) Configure regional endpoints.
VPC region |
Address |
Port |
---|---|---|
|
kinesis-fips.us-west-2.amazonaws.com |
443 |
All other regions |
kinesis.<region-name>.amazonaws.com |
443 |
RDS addresses for legacy Hive metastore
To add the Amazon RDS services used by Databricks to a route or allow list, use the following addresses.
VPC region |
Address |
Port |
---|---|---|
|
mddx5a4bpbpm05.cfrfsun7mryq.ap-northeast-1.rds.amazonaws.com |
3306 |
|
md1915a81ruxky5.cfomhrbro6gt.ap-northeast-2.rds.amazonaws.com |
3306 |
|
mdjanpojt83v6j.c5jml0fhgver.ap-south-1.rds.amazonaws.com |
3306 |
|
md1n4trqmokgnhr.csnrqwqko4ho.ap-southeast-1.rds.amazonaws.com |
3306 |
|
mdnrak3rme5y1c.c5f38tyb1fdu.ap-southeast-2.rds.amazonaws.com |
3306 |
|
md1w81rjeh9i4n5.co1tih5pqdrl.ca-central-1.rds.amazonaws.com |
3306 |
|
mdv2llxgl8lou0.ceptxxgorjrc.eu-central-1.rds.amazonaws.com |
3306 |
|
md15cf9e1wmjgny.cxg30ia2wqgj.eu-west-1.rds.amazonaws.com |
3306 |
|
mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com |
3306 |
|
metastorerds-dbconsolidationmetastore-asda4em2u6eg.c2ybp3dss6ua.eu-west-3.rds.amazonaws.com |
3306 |
|
metastorerds-dbconsolidationmetastore-fqekf3pck8yw.cog1aduyg4im.sa-east-1.rds.amazonaws.com |
3306 |
|
mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com |
3306 |
|
md7wf1g369xf22.cluz8hwxjhb6.us-east-2.rds.amazonaws.com |
3306 |
|
mdzsbtnvk0rnce.c13weuwubexq.us-west-1.rds.amazonaws.com |
3306 |
|
mdpartyyphlhsp.caj77bnxuhme.us-west-2.rds.amazonaws.com |
3306 |
PrivateLink VPC endpoint services
To configure your workspace to use AWS PrivateLink, use the following table to determine your region’s VPC endpoint service domains. You can use any availability zone in your region.
The endpoint service identified as Workspace (including REST API) is used for both the front-end connection (user-to-workspace for web application and REST APIs) and the back-end connection (to connect to REST APIs). If you are implementing both front-end and back-end connections, use this same workspace VPC endpoint service for both use cases.
For more information, see Enable AWS PrivateLink.
Region |
Create VPC endpoints to these regional VPC endpoint services |
---|---|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
Workspace (including REST API):
Secure cluster connectivity relay:
|
|
PrivateLink connectivity is not supported for this region. |
|
Workspace (including REST API):
Secure cluster connectivity relay:
|