IP addresses and domains for Databricks services and assets

This article lists IP addresses and domains for Databricks services and assets.

You may need the following information if:

You create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC.

See Configure a customer-managed VPC.
You use AWS PrivateLink within your Databricks network environment.

See Configure classic private connectivity to Databricks.

Inbound IPs

The following table lists the inbound IP addresses for Databricks control plane services.

warning

Always allowlist the provided domain names (FQDNs) for secure cluster connectivity (SCC) relay endpoints, rather than individual IP addresses. IP addresses behind these domains change periodically due to infrastructure updates and multi-availability zone deployments. Customers who allowlist specific IP addresses may experience service disruptions when infrastructure changes occur. If you must use IP addresses, implement automated DNS resolution and regularly update your firewall rules.

Databricks Region	Service	Public IP or domain name
`ap-northeast-1`	Control plane services, including webapp	tokyo.cloud.databricks.com, 35.72.28.0/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.99.67.176/28
	SCC relay	tunnel.ap-northeast-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-northeast-1.cloud.databricks.com
`ap-northeast-2`	Control plane services, including webapp	seoul.cloud.databricks.com, 3.38.156.176/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.129.32/28
	SCC relay	tunnel.ap-northeast-2.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-northeast-2.cloud.databricks.com
`ap-south-1`	Control plane services, including webapp	mumbai.cloud.databricks.com, 65.0.37.64/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.96.224.16/28
	SCC relay	tunnel.ap-south-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-south-1.cloud.databricks.com
`ap-southeast-1`	Control plane services, including webapp	singapore.cloud.databricks.com, 13.214.1.96/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.99.38.0/28
	SCC relay	tunnel.ap-southeast-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-southeast-1.cloud.databricks.com
`ap-southeast-2`	Control plane services, including webapp	sydney.cloud.databricks.com, 3.26.4.0/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.192.128/28
	SCC relay	tunnel.ap-southeast-2.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-southeast-2.cloud.databricks.com
`ap-southeast-3`	Control plane services, including webapp	jakarta.cloud.databricks.com, 18.98.96.160/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.96.192/28
	SCC relay	tunnel.ap-southeast-3.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ap-southeast-3.cloud.databricks.com
`ca-central-1`	Control plane services, including webapp	canada.cloud.databricks.com, 3.96.84.208/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.99.0.192/28
	SCC relay	tunnel.ca-central-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.ca-central-1.cloud.databricks.com
`eu-central-1`	Control plane services, including webapp	frankfurt.cloud.databricks.com, 18.159.44.32/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.96.33.224/28
	SCC relay	tunnel.eu-central-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.eu-central-1.cloud.databricks.com
`eu-west-1`	Control plane services, including webapp	ireland.cloud.databricks.com, 3.250.244.112/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.97.193.128/28
	SCC relay	tunnel.eu-west-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.eu-west-1.cloud.databricks.com
`eu-west-2`	Control plane services, including webapp	london.cloud.databricks.com, 18.134.65.240/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.160.48/28
	SCC relay	tunnel.eu-west-2.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.eu-west-2.cloud.databricks.com
`eu-west-3`	Control plane services, including webapp	paris.cloud.databricks.com, 13.39.141.128/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.64.208/28
	SCC relay	tunnel.eu-west-3.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.eu-west-3.cloud.databricks.com
`sa-east-1`	Control plane services, including webapp	saopaulo.cloud.databricks.com, 15.229.120.16/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.96.64.128/28
	SCC relay	tunnel.sa-east-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.sa-east-1.cloud.databricks.com
`us-east-1`	Control plane services, including webapp	nvirginia.cloud.databricks.com, 3.237.73.224/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.97.15.0/28
	SCC relay	tunnel.us-east-1.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.us-east-1.cloud.databricks.com
`us-east-2`	Control plane services, including webapp	ohio.cloud.databricks.com, 3.128.237.208/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.97.131.208/28
	SCC relay	tunnel.us-east-2.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.us-east-2.cloud.databricks.com
`us-gov-west-1`	Control plane services, including webapp	pendleton.cloud.databricks.us, 3.30.186.128/28
	SCC relay	tunnel.us-gov-west-1.cloud.databricks.us
	SCC relay for PrivateLink	tunnel.privatelink.us-gov-west-1.cloud.databricks.us
`us-gov-west-1` (DoD)	Control plane services, including webapp	pendleton-dod.cloud.databricks.mil
	SCC relay	tunnel.us-gov-west-1dod.cloud.databricks.mil
	SCC relay for PrivateLink	tunnel.privatelink.us-gov-west-1dod.cloud.databricks.mil
`us-west-1`	Control plane services, including webapp	oregon.cloud.databricks.com, 44.234.192.32/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.96.128.16/28
	SCC relay	tunnel.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.cloud.databricks.com
`us-west-2`	Control plane services, including webapp	oregon.cloud.databricks.com, 44.234.192.32/28
	Default storage, Zerobus Ingestion, and Lakebase Autoscaling	18.98.3.224/28
	SCC relay	tunnel.cloud.databricks.com
	SCC relay for PrivateLink	tunnel.privatelink.cloud.databricks.com

Outbound IPs

The following sections provide information about the outbound IP addresses for Databricks control plane and workspaces enabled for serverless compute firewall preview.

Outbound IPs for workspaces enabled for serverless firewall preview

Preview

This feature is in Public Preview. To try it, reach out to your Databricks account team.

If your workspace is enabled for the serverless compute firewall preview, you receive a URL to a JSON file containing the outbound IP addresses. Use this information to allow or deny traffic from Databricks services.

Databricks updates the outbound IPs periodically. Updated IPs become active two weeks after publication. After new Databricks regions become available, their active IPs are published to the file.

To track changes, save successive versions of the JSON file and compare the timestampSeconds value between the current and previously saved versions. Use entries where the service field is Databricks, the platform field is aws, and the type field is outbound. Then match the region to your environment.

For details about configuring firewall rules using these IPs, see Serverless compute firewall configuration.

warning

The static list of serverless outbound IPs shared through legacy versions of this preview has been decommissioned. These IPs might have been provided to you through the UI, the Network Connectivity API, or by email. After May 25, 2026, this static list of IPs will be removed. Workloads relying on legacy allow-lists might experience connection errors.

Update your configuration by May 25, 2026 to avoid disruption to your serverless workloads. See Serverless compute firewall configuration.

Outbound IPs from Databricks control plane

The following table list the outbound IP addresses or domain names the Databricks control plane uses for each supported region.

For a complete list of ports to configure in your security group egress rules, see Security groups.

Databricks Region	Service	Public IP or domain name
`ap-northeast-1`	Control plane NAT IPs	35.72.28.0/28, 18.177.16.95
	VPC ID	`vpc-082c211a3fdc5876e`, `vpc-0a9dd2f9a99283178`
`ap-northeast-2`	Control plane NAT IPs	3.38.156.176/28, 54.180.50.119
	VPC ID	`vpc-04e703ba94a49a3ac`, `vpc-097fd29f3acba52e8`
`ap-south-1`	Control plane NAT IPs	65.0.37.64/28, 13.232.248.161
	VPC ID	`vpc-042818d612f90f994`, `vpc-0a0c6fbd8a2890714`
`ap-southeast-1`	Control plane NAT IPs	13.214.1.96/28, 13.213.212.4
	VPC ID	`vpc-01dcc0ded03337911`, `vpc-0e0baa0188c149eae`
`ap-southeast-2`	Control plane NAT IPs	3.26.4.0/28, 13.237.96.217
	VPC ID	`vpc-0c2c00de7182adc20`, `vpc-0a5b21c86d3fc89fa`
`ap-southeast-3`	Control plane NAT IPs	18.98.96.163
	VPC ID	`vpc-0779398c5deec0aa2`
`ca-central-1`	Control plane NAT IPs	3.96.84.208/28, 35.183.59.105
	VPC ID	`vpc-0a2b384708459134f`, `vpc-09e67f3a27be71c9c`
`eu-central-1`	Control plane NAT IPs	18.159.44.32/28, 18.159.32.64
	VPC ID	`vpc-0fac49d340642f67b`, `vpc-0b6768aacb36c9425`
`eu-west-1`	Control plane NAT IPs	3.250.244.112/28, 46.137.47.49
	VPC ID	`vpc-0e362545addfa9470`, `vpc-0004e2691850f29b3`
`eu-west-2`	Control plane NAT IPs	18.134.65.240/28,3.10.112.150
	VPC ID	`vpc-07eb6b6a2cb9e77eb`, `vpc-0f0a9d76e15ca7eff`
`eu-west-3`	Control plane NAT IPs	13.39.141.128/28, 15.236.174.74
	VPC ID	`vpc-0b6f443f7cefdcda2`, `vpc-01ed1436ea79be8f4`
`sa-east-1`	Control plane NAT IPs	15.229.120.16/28, 177.71.254.47
	VPC ID	`vpc-0b13bcae0aa721cbc`, `vpc-0717a4601f05c79d9`
`us-east-1`	Control plane NAT IPs	3.237.73.224/28, 54.156.226.103
	VPC ID	`vpc-0e8e0ec90d0f40c06`, `vpc-08fd12c62a6e0b1df`
`us-east-2`	Control plane NAT IPs	3.128.237.208/28, 18.221.200.169
	VPC ID	`vpc-0865fc77cf45f52b7`, `vpc-0ea50fe31af7760e4`
`us-gov-west-1`	Control plane NAT IPs	3.30.186.128/28, 3.30.245.130
	VPC ID	`vpc-0ab77b8381fdd5416`, `vpc-0b394a016af6d42ab`
`us-west-1`	Control plane NAT IPs	44.234.192.32/28, 52.27.216.188
	VPC ID	N/A
`us-west-2`	Control plane NAT IPs	44.234.192.32/28, 52.27.216.188
	VPC ID	`vpc-dc8086b9`, `vpc-0c51983cc62e5ce0b`

Addresses for artifact storage, log storage, system tables, and shared datasets buckets

Databricks Region	Service	Public IP or domain name
`ap-northeast-1`	Artifact storage bucket	`databricks-prod-artifacts-ap-northeast-1`
	Log storage bucket	`databricks-prod-storage-tokyo`
	System tables bucket	`system-tables-prod-ap-northeast-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-tokyo`
`ap-northeast-2`	Artifact storage bucket	`databricks-prod-artifacts-ap-northeast-2`
	Log storage bucket	`databricks-prod-storage-seoul`
	System tables bucket	`system-tables-prod-ap-northeast-2-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-seoul`
`ap-south-1`	Artifact storage bucket	`databricks-prod-artifacts-ap-south-1`
	Log storage bucket	`databricks-prod-storage-mumbai`
	System tables bucket	`system-tables-prod-ap-south-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-mumbai`
`ap-southeast-1`	Artifact storage bucket	`databricks-prod-artifacts-ap-southeast-1`
	Log storage bucket	`databricks-prod-storage-singapore`
	System tables bucket	`system-tables-prod-ap-southeast-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-singapore`
`ap-southeast-2`	Artifact storage bucket	`databricks-prod-artifacts-ap-southeast-2`
	Log storage bucket	`databricks-prod-storage-sydney`
	System tables bucket	`system-tables-prod-ap-southeast-2-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-sydney`
`ap-southeast-3`	Artifact storage bucket	`databricks-prod-artifacts-ap-southeast-3`
	Log storage bucket	`databricks-prod-storage-jakarta`
	System tables bucket	`system-tables-prod-ap-southeast-3-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-oregon`
`ca-central-1`	Artifact storage bucket	`databricks-prod-artifacts-ca-central-1`
	Log storage bucket	`databricks-prod-storage-montreal`
	System tables bucket	`system-tables-prod-ca-central-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-montreal`
`eu-central-1`	Artifact storage bucket	`databricks-prod-artifacts-eu-central-1`
	Log storage bucket	`databricks-prod-storage-frankfurt`
	System tables bucket	`system-tables-prod-eu-central-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-frankfurt`
`eu-west-1`	Artifact storage bucket	`databricks-prod-artifacts-eu-west-1`
	Log storage bucket	`databricks-prod-storage-ireland`
	System tables bucket	`system-tables-prod-eu-west-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-ireland`
`eu-west-2`	Artifact storage bucket	`databricks-prod-artifacts-eu-west-2`
	Log storage bucket	`databricks-prod-storage-london`
	System tables bucket	`system-tables-prod-eu-west-2-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-london`
`eu-west-3`	Artifact storage bucket	`databricks-prod-artifacts-eu-west-3`
	Log storage bucket	`databricks-prod-storage-paris`
	System tables bucket	`system-tables-prod-eu-west-3-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-paris`
`sa-east-1`	Artifact storage bucket	`databricks-prod-artifacts-sa-east-1`
	Log storage bucket	`databricks-prod-storage-saopaulo`
	System tables bucket	`system-tables-prod-sa-east-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-saopaulo`
`us-east-1`	Artifact storage bucket	`databricks-prod-artifacts-us-east-1`
	Log storage bucket	`databricks-prod-storage-virginia`
	System tables bucket	`system-tables-prod-us-east-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-virginia`
`us-east-2`	Artifact storage bucket	`databricks-prod-artifacts-us-east-2`
	Log storage bucket	`databricks-prod-storage-ohio`
	System tables bucket	`system-tables-prod-us-east-2-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-ohio`
`us-gov-west-1`	Artifact storage bucket	`databricks-prod-artifacts-us-gov-west-1`
	Log storage bucket	`databricks-prod-storage-pendleton`
	System tables bucket	N/A
	Shared datasets bucket	`databricks-datasets-pendleton`
`us-gov-west-1` (DoD)	Artifact storage bucket	`databricks-prod-artifacts-us-gov-west-1`
	Log storage bucket	`databricks-prod-storage-pendleton-dod`
	System tables bucket	N/A
	Shared datasets bucket	`databricks-datasets-pendleton`
`us-west-1`	Artifact storage bucket	`databricks-prod-artifacts-us-west-2`
	Log storage bucket	`databricks-prod-storage-oregon`
	System tables bucket	`system-tables-prod-us-west-1-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-oregon`
`us-west-2`	Artifact storage bucket	`databricks-prod-artifacts-us-west-2`, `databricks-update-oregon`
	Log storage bucket	`databricks-prod-storage-oregon`
	System tables bucket	`system-tables-prod-us-west-2-uc-metastore-bucket`
	Shared datasets bucket	`databricks-datasets-oregon`

S3 addresses

To add the global S3 bucket service to a route or allow list, use the following address and port, regardless of region: s3.amazonaws.com:443

For regional S3 buckets, AWS provides an address and port for a regional endpoint (s3.<region-name>.amazonaws.com:443). Databricks recommends that you use a VPC endpoint instead. Databricks uses VPC IDs for accessing S3 buckets in the same region as the Databricks control plane, and NAT IPs for accessing S3 buckets in different regions from the control plane. See (Recommended) Configure regional endpoints.

STS addresses

To add the global STS (AWS Security Token Service) to a route or allow list, use the following address and port, regardless of region: sts.amazonaws.com:443

For regional STS, AWS provides an address and port for a regional endpoint (sts.<region-name>.amazonaws.com:443), but Databricks recommends that you use a VPC endpoint instead. See (Recommended) Configure regional endpoints.

Kinesis addresses

For the Kinesis service, AWS provides addresses and ports for regional endpoints as shown in the table below. However, Databricks recommends that you use a VPC endpoint instead. See (Recommended) Configure regional endpoints.

VPC region	Address	Port
`us-west-1`	kinesis-fips.us-west-2.amazonaws.com	443
All other regions	kinesis.<region-name>.amazonaws.com	443

RDS addresses for legacy Hive metastore

To add the Amazon RDS services used by Databricks to a route or allow list, use the following addresses.

VPC region	Address	Port
`ap-northeast-1`	mddx5a4bpbpm05.cfrfsun7mryq.ap-northeast-1.rds.amazonaws.com	3306
`ap-northeast-2`	md1915a81ruxky5.cfomhrbro6gt.ap-northeast-2.rds.amazonaws.com	3306
`ap-south-1`	mdjanpojt83v6j.c5jml0fhgver.ap-south-1.rds.amazonaws.com	3306
`ap-southeast-1`	md1n4trqmokgnhr.csnrqwqko4ho.ap-southeast-1.rds.amazonaws.com	3306
`ap-southeast-2`	mdnrak3rme5y1c.c5f38tyb1fdu.ap-southeast-2.rds.amazonaws.com	3306
`ap-southeast-3`	metastorerds-dbconsolidationmetastore-qyz4gpf2h6nk.c726em0gm6bk.ap-southeast-3.rds.amazonaws.com	3306
`ca-central-1`	md1w81rjeh9i4n5.co1tih5pqdrl.ca-central-1.rds.amazonaws.com	3306
`eu-central-1`	mdv2llxgl8lou0.ceptxxgorjrc.eu-central-1.rds.amazonaws.com	3306
`eu-west-1`	md15cf9e1wmjgny.cxg30ia2wqgj.eu-west-1.rds.amazonaws.com	3306
`eu-west-2`	mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com	3306
`eu-west-3`	metastorerds-dbconsolidationmetastore-asda4em2u6eg.c2ybp3dss6ua.eu-west-3.rds.amazonaws.com	3306
`sa-east-1`	metastorerds-dbconsolidationmetastore-fqekf3pck8yw.cog1aduyg4im.sa-east-1.rds.amazonaws.com	3306
`us-east-1`	mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com	3306
`us-east-2`	md7wf1g369xf22.cluz8hwxjhb6.us-east-2.rds.amazonaws.com	3306
`us-gov-west-1`	metastorerds-dbconsolidationmetastore-a62zjvlsjzzp.c40ji7ukhesx.us-gov-west-1.rds.amazonaws.com	3306
`us-west-1`	mdzsbtnvk0rnce.c13weuwubexq.us-west-1.rds.amazonaws.com	3306
`us-west-2`	mdpartyyphlhsp.caj77bnxuhme.us-west-2.rds.amazonaws.com	3306

PrivateLink VPC endpoint services

To configure your workspace to use AWS PrivateLink, use the following table to determine your region's VPC endpoint service domains. You can use any availability zone in your region.

The endpoint service identified as Workspace (including REST API) is used for both the front-end connection (user-to-workspace for web application and REST APIs) and the back-end connection (to connect to REST APIs). If you are implementing both front-end and back-end connections, use this same workspace VPC endpoint service for both use cases.

For more information, see Configure classic private connectivity to Databricks.

Region	Create VPC endpoints to these regional VPC endpoint services
`ap-northeast-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-northeast-1.vpce-svc-02691fd610d24fd64` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-northeast-1.vpce-svc-02aa633bda3edbec0` Service-Direct: `com.amazonaws.vpce.ap-northeast-1.vpce-svc-00645ba5aa920181a`
`ap-northeast-2`	Workspace (including REST API): `com.amazonaws.vpce.ap-northeast-2.vpce-svc-0babb9bde64f34d7e` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-northeast-2.vpce-svc-0dc0e98a5800db5c4` Service-Direct: `com.amazonaws.vpce.ap-northeast-2.vpce-svc-0eda2860bd3ffdc62`
`ap-south-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-south-1.vpce-svc-0dbfe5d9ee18d6411` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-south-1.vpce-svc-03fd4d9b61414f3de` Service-Direct: `com.amazonaws.vpce.ap-south-1.vpce-svc-0f8cf0950ddb2df95`
`ap-southeast-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-southeast-1.vpce-svc-02535b257fc253ff4` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-southeast-1.vpce-svc-0557367c6fc1a0c5c` Service-Direct: `com.amazonaws.vpce.ap-southeast-1.vpce-svc-095bb0c17301d018c`
`ap-southeast-2`	Workspace (including REST API): `com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b87155ddd6954974` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b4a72e8f825495f6` Service-Direct: `com.amazonaws.vpce.ap-southeast-2.vpce-svc-0bad186019cff33de`
`ap-southeast-3`	Workspace (including REST API): `com.amazonaws.vpce.ap-southeast-3.vpce-svc-0fec4092997affd53` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-southeast-3.vpce-svc-025ca447c232c6a1b` Service-Direct: `com.amazonaws.vpce.ap-southeast-3.vpce-svc-028527b0920c3e620`
`ca-central-1`	Workspace (including REST API): `com.amazonaws.vpce.ca-central-1.vpce-svc-0205f197ec0e28d65` Secure cluster connectivity relay: `com.amazonaws.vpce.ca-central-1.vpce-svc-0c4e25bdbcbfbb684` Service-Direct: `com.amazonaws.vpce.ca-central-1.vpce-svc-0a677b49b6d71cf54`
`eu-central-1`	Workspace (including REST API): `com.amazonaws.vpce.eu-central-1.vpce-svc-081f78503812597f7` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-central-1.vpce-svc-08e5dfca9572c85c4` Service-Direct: `com.amazonaws.vpce.eu-central-1.vpce-svc-040453426d7a48946`
`eu-west-1`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-1.vpce-svc-0da6ebf1461278016` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-1.vpce-svc-09b4eb2bc775f4e8c` Service-Direct: `com.amazonaws.vpce.eu-west-1.vpce-svc-0a5d3be4f026f5bd7`
`eu-west-2`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-2.vpce-svc-01148c7cdc1d1326c` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-2.vpce-svc-05279412bf5353a45` Service-Direct: `com.amazonaws.vpce.eu-west-2.vpce-svc-000fc680ee188fcf6`
`eu-west-3`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-3.vpce-svc-008b9368d1d011f37` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-3.vpce-svc-005b039dd0b5f857d` Service-Direct: `com.amazonaws.vpce.eu-west-3.vpce-svc-041f8eb165985a7eb`
`eu-north-1`	Service-Direct: `com.amazonaws.vpce.eu-north-1.vpce-svc-034c0ab59f7a99d04`
`sa-east-1`	Workspace (including REST API): `com.amazonaws.vpce.sa-east-1.vpce-svc-0bafcea8cdfe11b66` Secure cluster connectivity relay: `com.amazonaws.vpce.sa-east-1.vpce-svc-0e61564963be1b43f` Service-Direct: `com.amazonaws.vpce.sa-east-1.vpce-svc-09d56640b3fed29b8`
`us-east-1`	Workspace (including REST API): `com.amazonaws.vpce.us-east-1.vpce-svc-09143d1e626de2f04` Secure cluster connectivity relay: `com.amazonaws.vpce.us-east-1.vpce-svc-00018a8c3ff62ffdf` Service-Direct: `com.amazonaws.vpce.us-east-1.vpce-svc-0a1a39ada4ec3bcdc`
`us-east-2`	Workspace (including REST API): `com.amazonaws.vpce.us-east-2.vpce-svc-041dc2b4d7796b8d3` Secure cluster connectivity relay: `com.amazonaws.vpce.us-east-2.vpce-svc-090a8fab0d73e39a6` Service-Direct: `com.amazonaws.vpce.us-east-2.vpce-svc-052fbd90ec8e1af31`
`us-gov-west-1`	Workspace (including REST API): `com.amazonaws.vpce.us-gov-west-1.vpce-svc-0f25e28401cbc9418` Secure cluster connectivity relay: `com.amazonaws.vpce.us-gov-west-1.vpce-svc-05f27abef1a1a3faa`
`us-gov-west-1` (DoD)	Workspace (including REST API): `com.amazonaws.vpce.us-gov-west-1.vpce-svc-08fddf710780b2a54` Secure cluster connectivity relay: `com.amazonaws.vpce.us-gov-west-1.vpce-svc-05c210a2feea23ad7`
`us-west-1`	Workspace (including REST API): `com.amazonaws.vpce.us-west-1.vpce-svc-09bb6ca26208063f2` Secure cluster connectivity relay: `com.amazonaws.vpce.us-west-1.vpce-svc-04cb91f9372b792fe` Service-Direct: `com.amazonaws.vpce.us-west-1.vpce-svc-070673a01d3f28066`
`us-west-2`	Workspace (including REST API): `com.amazonaws.vpce.us-west-2.vpce-svc-0129f463fcfbc46c5` Secure cluster connectivity relay: `com.amazonaws.vpce.us-west-2.vpce-svc-0158114c0c730c3bb` Service-Direct: `com.amazonaws.vpce.us-west-2.vpce-svc-0d7fe235ba1abe9d2`

Reserved IP ranges for Databricks internal use

Databricks reserves certain IP ranges for internal applications to avoid potential IP conflicts. Customers should avoid using these ranges in their network configurations:

127.187.216.0/24
192.168.216.0/24
198.18.216.0/24

These reserved IP ranges apply to all types of workspaces and all cluster types, including classic and serverless clusters, as well as Databricks Container Service clusters.

Databricks Container Service clusters

For Databricks Container Service (DCS) clusters, you should also avoid using the default Docker network range:

172.17.0.0/16

By reserving these IP ranges for Databricks internal use and avoiding the default Docker network range for DCS clusters, you can help prevent potential IP conflicts and ensure the smooth operation of your Databricks environment.

Inbound IPs​

Outbound IPs​

Outbound IPs for workspaces enabled for serverless firewall preview​

Outbound IPs from Databricks control plane​

Addresses for artifact storage, log storage, system tables, and shared datasets buckets​

S3 addresses​

STS addresses​

Kinesis addresses​

RDS addresses for legacy Hive metastore​

PrivateLink VPC endpoint services​

Reserved IP ranges for Databricks internal use​

Databricks Container Service clusters​