Databricks clouds and regions

Databricks workspaces can be hosted on Amazon AWS, Microsoft Azure, and Google Cloud Platform. You can use Databricks on any of these hosting platforms to access data wherever you keep it, regardless of cloud.

This article lists:

• The regions supported by Databricks on AWS.

• Features available in each region, where there is regional differentiation in feature availability.

• IP addresses and domains for Databricks services and assets.

  You may need this information if you create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC, or if you use AWS PrivateLink within your Databricks network environment.

Supported regions list

This table lists the AWS regions supported by Databricks. There are some features that are available only in a subset of regions. The table indicates whether or not a region supports each of these features. If a feature is supported in all regions, it is not included in the table.

Features that are excluded from at least one region include:

• Unity Catalog (UC).

• E2 version of the Databricks platform.

  E2 is required for a number of security and privacy features, including HIPAA support.

• CMK (customer-managed keys) for both managed services (control plane storage of notebook commands, secrets, and Databricks SQL queries) and workspace storage (root S3 bucket and cluster node EBS volumes).

• AWS PrivateLink.

• Serverless SQL warehouses. In the serverless SQL warehouses column, “compliance security profile supported” means that you can use serverless SQL warehouses with the compliance security profile enabled, which is required to process some types of regulated data.

• Model Serving.

Region	Location	UC	E2	CMK	PrivateLink	Serverless SQL warehouses	Model Serving
ap-northeast-1	Asia Pacific (Tokyo)	X	X	X	X
ap-northeast-2	Asia Pacific (Seoul)	X	X	X	X
ap-south-1	Asia Pacific (Mumbai)	X	X	X	X
ap-southeast-1	Asia Pacific (Singapore)	X	X	X	X		X
ap-southeast-2	Asia Pacific (Sydney)	X	X	X	X	X	X
ca-central-1	Canada (Central)	X	X	X	X		X
eu-central-1	EU (Frankfurt)	X	X	X	X	X	X
eu-west-1	EU (Ireland)	X	X	X	X	X	X
eu-west-2	EU (London)	X	X	X	X
eu-west-3	EU (Paris)	X	X	X	X
sa-east-1	South America (Sao Paulo)	X	X	X	X
us-west-1	US West (Northern California)	X	X
us-west-2	US West (Oregon)	X	X	X	X	X	X
us-east-1	US East (Northern Virginia)	X	X	X	X	X (compliance security profile supported)	X
us-east-2	US East (Ohio)	X	X	X	X	X	X

IP addresses and domains

You may need the following information if:

• You create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC.

  See Customer-managed VPC.

• You use AWS PrivateLink within your Databricks network environment.

  See Enable AWS PrivateLink.

Webapp addresses

This table lists the address and port of the Databricks web application for each supported region.

VPC region	Address	Port
ap-northeast-1	tokyo.cloud.databricks.com	443
ap-northeast-2	seoul.cloud.databricks.com	443
ap-south-1	mumbai.cloud.databricks.com	443
ap-southeast-1	singapore.cloud.databricks.com	443
ap-southeast-2	sydney.cloud.databricks.com	443
ca-central-1	canada.cloud.databricks.com	443
eu-central-1	frankfurt.cloud.databricks.com	443
eu-west-1	ireland.cloud.databricks.com	443
eu-west-2	london.cloud.databricks.com	443
eu-west-3	paris.cloud.databricks.com	443
sa-east-1	saopaulo.cloud.databricks.com	443
us-east-1	nvirginia.cloud.databricks.com	443
us-east-2	ohio.cloud.databricks.com	443
us-west-1	oregon.cloud.databricks.com	443
us-west-2	oregon.cloud.databricks.com	443

SCC relay addresses

This table lists the address and port used by the secure cluster connectivity (SCC) relay for each supported region.

See Secure cluster connectivity.

VPC region	Address	Port
ap-northeast-1	tunnel.ap-northeast-1.cloud.databricks.com	443
ap-northeast-2	tunnel.ap-northeast-2.cloud.databricks.com	443
ap-south-1	tunnel.ap-south-1.cloud.databricks.com	443
ap-southeast-1	tunnel.ap-southeast-1.cloud.databricks.com	443
ap-southeast-2	tunnel.ap-southeast-2.cloud.databricks.com	443
ca-central-1	tunnel.ca-central-1.cloud.databricks.com	443
eu-central-1	tunnel.eu-central-1.cloud.databricks.com	443
eu-west-1	tunnel.eu-west-1.cloud.databricks.com	443
eu-west-2	tunnel.eu-west-2.cloud.databricks.com	443
eu-west-3	tunnel.eu-west-3.cloud.databricks.com	443
sa-east-1	tunnel.sa-east-1.cloud.databricks.com	443
us-east-1	tunnel.us-east-1.cloud.databricks.com	443
us-east-2	tunnel.us-east-2.cloud.databricks.com	443
us-west-1	tunnel.cloud.databricks.com	443
us-west-2	tunnel.cloud.databricks.com	443

S3 addresses

To add the global S3 bucket service to a route or allow list, use the following address and port, regardless of region:

s3.amazonaws.com:443

For regional S3 buckets, we provide the following address and port (substituting your region name), but Databricks recommends that you use a VPC endpoint instead.

s3.<region-name>.amazonaws.com:443

STS addresses

To add the global STS (AWS Security Token Service) to a route or allow list, use the following address and port, regardless of region:

sts.amazonaws.com:443

For regional STS, we provide the following address and port (substituting your region name), but Databricks recommends that you use a VPC endpoint instead:

sts.<region-name>.amazonaws.com:443

Kinesis addresses

For the Kinesis service, we provide the following addresses, but Databricks recommends that you use a VPC endpoint instead.

VPC region	Address	Port
us-west-1	kinesis-fips.us-west-2.amazonaws.com	443
All other regions	kinesis.<region-name>.amazonaws.com	443

RDS addresses

To add the Amazon RDS services used by Databricks to a route or allow list, use the following addresses. These are necessary only if you use the default workspace-level Hive metastore for your workspaces.

VPC region	Address	Port
ap-northeast-1	mddx5a4bpbpm05.cfrfsun7mryq.ap-northeast-1.rds.amazonaws.com	3306
ap-northeast-2	md1915a81ruxky5.cfomhrbro6gt.ap-northeast-2.rds.amazonaws.com	3306
ap-south-1	mdjanpojt83v6j.c5jml0fhgver.ap-south-1.rds.amazonaws.com	3306
ap-southeast-1	md1n4trqmokgnhr.csnrqwqko4ho.ap-southeast-1.rds.amazonaws.com	3306
ap-southeast-2	mdnrak3rme5y1c.c5f38tyb1fdu.ap-southeast-2.rds.amazonaws.com	3306
ca-central-1	md1w81rjeh9i4n5.co1tih5pqdrl.ca-central-1.rds.amazonaws.com	3306
eu-central-1	mdv2llxgl8lou0.ceptxxgorjrc.eu-central-1.rds.amazonaws.com	3306
eu-west-1	md15cf9e1wmjgny.cxg30ia2wqgj.eu-west-1.rds.amazonaws.com	3306
eu-west-2	mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com	3306
eu-west-3	metastorerds-dbconsolidationmetastore-asda4em2u6eg.c2ybp3dss6ua.eu-west-3.rds.amazonaws.com	3306
sa-east-1	metastorerds-dbconsolidationmetastore-fqekf3pck8yw.cog1aduyg4im.sa-east-1.rds.amazonaws.com	3306
us-east-1	mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com	3306
us-east-2	md7wf1g369xf22.cluz8hwxjhb6.us-east-2.rds.amazonaws.com	3306
us-west-1	mdzsbtnvk0rnce.c13weuwubexq.us-west-1.rds.amazonaws.com	3306
us-west-2	mdpartyyphlhsp.caj77bnxuhme.us-west-2.rds.amazonaws.com	3306

Control plane infrastructure addresses

This table lists the address and port used by standby infrastructure to improve the stability of Databricks services.

VPC region	Address	Port
ap-northeast-1	35.72.28.0/28	443
ap-northeast-2	3.38.156.176/28	443
ap-south-1	65.0.37.64/28	443
ap-southeast-1	13.214.1.96/28	443
ap-southeast-2	3.26.4.0/28	443
ca-central-1	3.96.84.208/28	443
eu-west-1	3.250.244.112/28	443
eu-west-2	18.134.65.240/28	443
eu-west-3	13.39.141.128/28	443
eu-central-1	18.159.44.32/28	443
sa-east-1	15.229.120.16/28	443
us-east-1	3.237.73.224/28	443
us-east-2	3.128.237.208/28	443
us-west-1 and us-west-2	44.234.192.32/28	443

Control plane NAT and storage bucket addresses

This table includes information required to configure S3 bucket policies and VPC endpoint policies to restrict access to your workspace’s S3 buckets. For more information, see Restrict access to S3 buckets (Optional).

Region	Control plane NAT IP	Artifact storage bucket	Log storage bucket	System tables bucket	Shared datasets bucket
ap-northeast-1	18.177.16.95	databricks-prod-artifacts-ap-northeast-1	databricks-prod-storage-tokyo	system-tables-prod-ap-northeast-1-uc-metastore-bucket	databricks-datasets-tokyo
ap-northeast-2	54.180.50.119	databricks-prod-artifacts-ap-northeast-2	databricks-prod-storage-seoul	system-tables-prod-ap-northeast-2-uc-metastore-bucket	databricks-datasets-seoul
ap-south-1	13.232.248.161	databricks-prod-artifacts-ap-south-1	databricks-prod-storage-mumbai	system-tables-prod-ap-south-1-uc-metastore-bucket	databricks-datasets-mumbai
ap-southeast-1	13.213.212.4	databricks-prod-artifacts-ap-southeast-1	databricks-prod-storage-singapore	system-tables-prod-ap-southeast-1-uc-metastore-bucket	databricks-datasets-singapore
ap-southeast-2	13.237.96.217	databricks-prod-artifacts-ap-southeast-2	databricks-prod-storage-sydney	system-tables-prod-ap-southeast-2-uc-metastore-bucket	databricks-datasets-sydney
ca-central-1	35.183.59.105	databricks-prod-artifacts-ca-central-1	databricks-prod-storage-montreal	system-tables-prod-ca-central-1-uc-metastore-bucket	databricks-datasets-montreal
eu-central-1	18.159.32.64	databricks-prod-artifacts-eu-central-1	databricks-prod-storage-frankfurt	system-tables-prod-eu-central-1-uc-metastore-bucket	databricks-datasets-frankfurt
eu-west-1	46.137.47.49	databricks-prod-artifacts-eu-west-1	databricks-prod-storage-ireland	system-tables-prod-eu-west-1-uc-metastore-bucket	databricks-datasets-ireland
eu-west-2	3.10.112.150	databricks-prod-artifacts-eu-west-2	databricks-prod-storage-london	system-tables-prod-eu-west-2-uc-metastore-bucket	databricks-datasets-london
eu-west-3	15.236.174.74	databricks-prod-artifacts-eu-west-3	databricks-prod-storage-paris	system-tables-prod-eu-west-3-uc-metastore-bucket	databricks-datasets-paris
sa-east-1	177.71.254.47	databricks-prod-artifacts-sa-east-1	databricks-prod-storage-saopaulo	system-tables-prod-sa-east-1-uc-metastore-bucket	databricks-datasets-saopaulo
us-east-1	54.156.226.103	databricks-prod-artifacts-us-east-1	databricks-prod-storage-virginia	system-tables-prod-us-east-1-uc-metastore-bucket	databricks-datasets-virginia
us-east-2	18.221.200.169	databricks-prod-artifacts-us-east-2	databricks-prod-storage-ohio	system-tables-prod-us-east-2-uc-metastore-bucket	databricks-datasets-ohio
us-west-1	52.27.216.188	databricks-prod-artifacts-us-west-2	databricks-prod-storage-oregon	system-tables-prod-us-west-1-uc-metastore-bucket	databricks-datasets-oregon
us-west-2	52.27.216.188	databricks-prod-artifacts-us-west-2 and databricks-update-oregon	databricks-prod-storage-oregon	system-tables-prod-us-west-2-uc-metastore-bucket	databricks-datasets-oregon

PrivateLink VPC endpoint services

To configure your workspace to use AWS PrivateLink, use the following table to determine your region’s VPC endpoint service domains. You can use any availability zone in your region.

The endpoint service identified as Workspace (including REST API) is used for both the front-end connection (user-to-workspace for web application and REST APIs) and the back-end connection (to connect to REST APIs). If you are implementing both front-end and back-end connections, use this same workspace VPC endpoint service for both use cases.

For more information, see Enable AWS PrivateLink.

Region	Create VPC endpoints to these regional VPC endpoint services
ap-northeast-1	Workspace (including REST API): com.amazonaws.vpce.ap-northeast-1.vpce-svc-02691fd610d24fd64 Secure cluster connectivity relay: com.amazonaws.vpce.ap-northeast-1.vpce-svc-02aa633bda3edbec0
ap-northeast-2	Workspace (including REST API): com.amazonaws.vpce.ap-northeast-2.vpce-svc-0babb9bde64f34d7e Secure cluster connectivity relay: com.amazonaws.vpce.ap-northeast-2.vpce-svc-0dc0e98a5800db5c4
ap-south-1	Workspace (including REST API): com.amazonaws.vpce.ap-south-1.vpce-svc-0dbfe5d9ee18d6411 Secure cluster connectivity relay: com.amazonaws.vpce.ap-south-1.vpce-svc-03fd4d9b61414f3de
ap-southeast-1	Workspace (including REST API): com.amazonaws.vpce.ap-southeast-1.vpce-svc-02535b257fc253ff4 Secure cluster connectivity relay: com.amazonaws.vpce.ap-southeast-1.vpce-svc-0557367c6fc1a0c5c
ap-southeast-2	Workspace (including REST API): com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b87155ddd6954974 Secure cluster connectivity relay: com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b4a72e8f825495f6
ca-central-1	Workspace (including REST API): com.amazonaws.vpce.ca-central-1.vpce-svc-0205f197ec0e28d65 Secure cluster connectivity relay: com.amazonaws.vpce.ca-central-1.vpce-svc-0c4e25bdbcbfbb684
eu-central-1	Workspace (including REST API): com.amazonaws.vpce.eu-central-1.vpce-svc-081f78503812597f7 Secure cluster connectivity relay: com.amazonaws.vpce.eu-central-1.vpce-svc-08e5dfca9572c85c4
eu-west-1	Workspace (including REST API): com.amazonaws.vpce.eu-west-1.vpce-svc-0da6ebf1461278016 Secure cluster connectivity relay: com.amazonaws.vpce.eu-west-1.vpce-svc-09b4eb2bc775f4e8c
eu-west-2	Workspace (including REST API): com.amazonaws.vpce.eu-west-2.vpce-svc-01148c7cdc1d1326c Secure cluster connectivity relay: com.amazonaws.vpce.eu-west-2.vpce-svc-05279412bf5353a45
eu-west-3	Workspace (including REST API): com.amazonaws.vpce.eu-west-3.vpce-svc-008b9368d1d011f37 Secure cluster connectivity relay: com.amazonaws.vpce.eu-west-3.vpce-svc-005b039dd0b5f857d
sa-east-1	Workspace (including REST API): com.amazonaws.vpce.sa-east-1.vpce-svc-0bafcea8cdfe11b66 Secure cluster connectivity relay: com.amazonaws.vpce.sa-east-1.vpce-svc-0e61564963be1b43f
us-east-1	Workspace (including REST API): com.amazonaws.vpce.us-east-1.vpce-svc-09143d1e626de2f04 Secure cluster connectivity relay: com.amazonaws.vpce.us-east-1.vpce-svc-00018a8c3ff62ffdf
us-east-2	Workspace (including REST API): com.amazonaws.vpce.us-east-2.vpce-svc-041dc2b4d7796b8d3 Secure cluster connectivity relay: com.amazonaws.vpce.us-east-2.vpce-svc-090a8fab0d73e39a6
us-west-1	PrivateLink connectivity is not supported for this region.
us-west-2	Workspace (including REST API): com.amazonaws.vpce.us-west-2.vpce-svc-0129f463fcfbc46c5 Secure cluster connectivity relay: com.amazonaws.vpce.us-west-2.vpce-svc-0158114c0c730c3bb