Databricks clouds and regions

Databricks workspaces can be hosted on Amazon AWS, Microsoft Azure, and Google Cloud Platform. You can use Databricks on any of these hosting platforms to access data wherever you keep it, regardless of cloud.

This article lists:

The regions supported by Databricks on AWS.
Features available in each region, where there is regional differentiation in feature availability.
IP addresses and domains for Databricks services and assets.

You may need this information if you create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC, or if you use AWS PrivateLink within your Databricks network environment.

Supported regions list

This table lists the AWS regions supported by Databricks. There are some features that are available only in a subset of regions. The table indicates whether or not a region supports each of these features. If a feature is supported in all regions, it is not included in the table.

Features that are excluded from at least one region include:

Unity Catalog (UC).
E2 version of the Databricks platform.

E2 is required for a number of security and privacy features, including HIPAA support.
CMK (customer-managed keys) for both managed services (control plane storage of notebook commands, secrets, and Databricks SQL queries) and workspace storage (root S3 bucket and cluster node EBS volumes).
AWS PrivateLink.
Serverless SQL warehouses. See also Serverless compute.
Model Serving.

Region	Location	UC	E2	CMK	PrivateLink	Serverless SQL warehouses	Model Serving
`ap-northeast-1`	Asia Pacific (Tokyo)	X	X	X	X
`ap-northeast-2`	Asia Pacific (Seoul)	X	X	X	X
`ap-south-1`	Asia Pacific (Mumbai)	X	X	X	X
`ap-southeast-1`	Asia Pacific (Singapore)	X	X	X	X		X
`ap-southeast-2`	Asia Pacific (Sydney)	X	X	X	X	X	X
`ca-central-1`	Canada (Central)	X	X	X	X		X
`eu-central-1`	EU (Frankfurt)	X	X	X	X	X	X
`eu-west-1`	EU (Ireland)	X	X	X	X	X	X
`eu-west-2`	EU (London)	X	X	X	X
`eu-west-3`	EU (Paris)	X	X	X	X
`sa-east-1`	South America (Sao Paulo)	X	X	X	X
`us-west-1`	US West (Northern California)	X	X
`us-west-2`	US West (Oregon)	X	X	X	X	X	X
`us-east-1`	US East (Northern Virginia)	X	X	X	X	X	X
`us-east-2`	US East (Ohio)	X	X	X	X	X	X

IP addresses and domains

You may need the following information if:

You create your Databricks workspaces in your own VPC, a feature known as customer-managed VPC.

See Customer-managed VPC.
You use AWS PrivateLink within your Databricks network environment.

See Enable AWS PrivateLink.

Webapp addresses

This table lists the address and port of the Databricks web application for each supported region.

VPC region	Address	Port
`ap-northeast-1`	tokyo.cloud.databricks.com	443
`ap-northeast-2`	seoul.cloud.databricks.com	443
`ap-south-1`	mumbai.cloud.databricks.com	443
`ap-southeast-1`	singapore.cloud.databricks.com	443
`ap-southeast-2`	sydney.cloud.databricks.com	443
`ca-central-1`	canada.cloud.databricks.com	443
`eu-central-1`	frankfurt.cloud.databricks.com	443
`eu-west-1`	ireland.cloud.databricks.com	443
`eu-west-2`	london.cloud.databricks.com	443
`eu-west-3`	paris.cloud.databricks.com	443
`sa-east-1`	saopaulo.cloud.databricks.com	443
`us-east-1`	nvirginia.cloud.databricks.com	443
`us-east-2`	ohio.cloud.databricks.com	443
`us-west-1`	oregon.cloud.databricks.com	443
`us-west-2`	oregon.cloud.databricks.com	443

SCC relay addresses

This table lists the address and port used by the secure cluster connectivity (SCC) relay for each supported region.

See Secure cluster connectivity.

VPC region	Address	Port
`ap-northeast-1`	tunnel.ap-northeast-1.cloud.databricks.com	443
`ap-northeast-2`	tunnel.ap-northeast-2.cloud.databricks.com	443
`ap-south-1`	tunnel.ap-south-1.cloud.databricks.com	443
`ap-southeast-1`	tunnel.ap-southeast-1.cloud.databricks.com	443
`ap-southeast-2`	tunnel.ap-southeast-2.cloud.databricks.com	443
`ca-central-1`	tunnel.ca-central-1.cloud.databricks.com	443
`eu-central-1`	tunnel.eu-central-1.cloud.databricks.com	443
`eu-west-1`	tunnel.eu-west-1.cloud.databricks.com	443
`eu-west-2`	tunnel.eu-west-2.cloud.databricks.com	443
`eu-west-3`	tunnel.eu-west-3.cloud.databricks.com	443
`sa-east-1`	tunnel.sa-east-1.cloud.databricks.com	443
`us-east-1`	tunnel.us-east-1.cloud.databricks.com	443
`us-east-2`	tunnel.us-east-2.cloud.databricks.com	443
`us-west-1`	tunnel.cloud.databricks.com	443
`us-west-2`	tunnel.cloud.databricks.com	443

S3 addresses

To add the global S3 bucket service to a route or allow list, use the following address and port, regardless of region:

s3.amazonaws.com:443

For regional S3 buckets, we provide the following address and port (substituting your region name), but Databricks recommends that you use a VPC endpoint instead.

s3.<region-name>.amazonaws.com:443

STS addresses

To add the global STS (AWS Secure Token Service) to a route or allow list, use the following address and port, regardless of region:

sts.amazonaws.com:443

For regional STS, we provide the following address and port (substituting your region name), but Databricks recommends that you use a VPC endpoint instead:

sts.<region-name>.amazonaws.com:443

Kinesis addresses

For the Kinesis service, we provide the following addresses, but Databricks recommends that you use a VPC endpoint instead.

VPC region	Address	Port
`us-west-1`	kinesis-fips.us-west-2.amazonaws.com	443
All other regions	kinesis.<region-name>.amazonaws.com	443

RDS addresses

To add the Amazon RDS services used by Databricks to a route or allow list, use the following addresses. These are necessary only if you use the default workspace-level Hive metastore for your workspaces.

VPC region	Address	Port
`ap-northeast-1`	mddx5a4bpbpm05.cfrfsun7mryq.ap-northeast-1.rds.amazonaws.com	3306
`ap-northeast-2`	md1915a81ruxky5.cfomhrbro6gt.ap-northeast-2.rds.amazonaws.com	3306
`ap-south-1`	mdjanpojt83v6j.c5jml0fhgver.ap-south-1.rds.amazonaws.com	3306
`ap-southeast-1`	md1n4trqmokgnhr.csnrqwqko4ho.ap-southeast-1.rds.amazonaws.com	3306
`ap-southeast-2`	mdnrak3rme5y1c.c5f38tyb1fdu.ap-southeast-2.rds.amazonaws.com	3306
`ca-central-1`	md1w81rjeh9i4n5.co1tih5pqdrl.ca-central-1.rds.amazonaws.com	3306
`eu-central-1`	mdv2llxgl8lou0.ceptxxgorjrc.eu-central-1.rds.amazonaws.com	3306
`eu-west-1`	md15cf9e1wmjgny.cxg30ia2wqgj.eu-west-1.rds.amazonaws.com	3306
`eu-west-2`	mdio2468d9025m.c6fvhwk6cqca.eu-west-2.rds.amazonaws.com	3306
`eu-west-3`	metastorerds-dbconsolidationmetastore-asda4em2u6eg.c2ybp3dss6ua.eu-west-3.rds.amazonaws.com	3306
`sa-east-1`	metastorerds-dbconsolidationmetastore-fqekf3pck8yw.cog1aduyg4im.sa-east-1.rds.amazonaws.com	3306
`us-east-1`	mdb7sywh50xhpr.chkweekm4xjq.us-east-1.rds.amazonaws.com	3306
`us-east-2`	md7wf1g369xf22.cluz8hwxjhb6.us-east-2.rds.amazonaws.com	3306
`us-west-1`	mdzsbtnvk0rnce.c13weuwubexq.us-west-1.rds.amazonaws.com	3306
`us-west-2`	mdpartyyphlhsp.caj77bnxuhme.us-west-2.rds.amazonaws.com	3306

Control plane infrastructure addresses

This table lists the address and port used by standby infrastructure to improve the stability of Databricks services.

VPC region	Address	Port
`ap-northeast-1`	35.72.28.0/28	443
`ap-northeast-2`	3.38.156.176/28	443
`ap-south-1`	65.0.37.64/28	443
`ap-southeast-1`	13.214.1.96/28	443
`ap-southeast-2`	3.26.4.0/28	443
`ca-central-1`	3.96.84.208/28	443
`eu-west-1`	3.250.244.112/28	443
`eu-west-2`	18.134.65.240/28	443
`eu-west-3`	13.39.141.128/28	443
`eu-central-1`	18.159.44.32/28	443
`sa-east-1`	15.229.120.16/28	443
`us-east-1`	3.237.73.224/28	443
`us-east-2`	3.128.237.208/28	443
`us-west-1` and `us-west-2`	44.234.192.32/28	443

Control plane NAT and storage bucket addresses

This table includes information required to configure S3 bucket policies and VPC endpoint policies to restrict access to your workspace’s S3 buckets. For more information, see Restrict access to S3 buckets (Optional).

Region	Control plane NAT IP	Artifact storage bucket	Log storage bucket	Shared datasets bucket
`ap-northeast-1`	18.177.16.95	`databricks-prod-artifacts-ap-northeast-1`	`databricks-prod-storage-tokyo`	`databricks-datasets-tokyo`
`ap-northeast-2`	54.180.50.119	`databricks-prod-artifacts-ap-northeast-2`	`databricks-prod-storage-seoul`	`databricks-datasets-seoul`
`ap-south-1`	13.232.248.161	`databricks-prod-artifacts-ap-south-1`	`databricks-prod-storage-mumbai`	`databricks-datasets-mumbai`
`ap-southeast-1`	13.213.212.4	`databricks-prod-artifacts-ap-southeast-1`	`databricks-prod-storage-singapore`	`databricks-datasets-singapore`
`ap-southeast-2`	13.237.96.217	`databricks-prod-artifacts-ap-southeast-2`	`databricks-prod-storage-sydney`	`databricks-datasets-sydney`
`ca-central-1`	35.183.59.105	`databricks-prod-artifacts-ca-central-1`	`databricks-prod-storage-montreal`	`databricks-datasets-montreal`
`eu-central-1`	18.159.32.64	`databricks-prod-artifacts-eu-central-1`	`databricks-prod-storage-frankfurt`	`databricks-datasets-frankfurt`
`eu-west-1`	46.137.47.49	`databricks-prod-artifacts-eu-west-1`	`databricks-prod-storage-ireland`	`databricks-datasets-ireland`
`eu-west-2`	3.10.112.150	`databricks-prod-artifacts-eu-west-2`	`databricks-prod-storage-london`	`databricks-datasets-london`
`eu-west-3`	15.236.174.74	`databricks-prod-artifacts-eu-west-3`	`databricks-prod-storage-paris`	`databricks-datasets-paris`
`sa-east-1`	177.71.254.47	`databricks-prod-artifacts-sa-east-1`	`databricks-prod-storage-saopaulo`	`databricks-datasets-saopaulo`
`us-east-1`	54.156.226.103	`databricks-prod-artifacts-us-east-1`	`databricks-prod-storage-virginia`	`databricks-datasets-virginia`
`us-east-2`	18.221.200.169	`databricks-prod-artifacts-us-east-2`	`databricks-prod-storage-ohio`	`databricks-datasets-ohio`
`us-west-1`	52.27.216.188	`databricks-prod-artifacts-us-west-2`	`databricks-prod-storage-oregon`	`databricks-datasets-oregon`
`us-west-2`	52.27.216.188	`databricks-prod-artifacts-us-west-2`	`databricks-prod-storage-oregon`	`databricks-datasets-oregon`

PrivateLink VPC endpoint services

To configure your workspace to use AWS PrivateLink, use the following table to determine your region’s VPC endpoint service domains. You can use any availability zone in your region.

The endpoint service identified as Workspace (including REST API) is used for both the front-end connection (user-to-workspace for web application and REST APIs) and the back-end connection (to connect to REST APIs). If you are implementing both front-end and back-end connections, use this same workspace VPC endpoint service for both use cases.

For more information, see Enable AWS PrivateLink.

Region	Create VPC endpoints to these regional VPC endpoint services
`ap-northeast-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-northeast-1.vpce-svc-02691fd610d24fd64` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-northeast-1.vpce-svc-02aa633bda3edbec0`
`ap-northeast-2`	Workspace (including REST API): `com.amazonaws.vpce.ap-northeast-2.vpce-svc-0babb9bde64f34d7e` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-northeast-2.vpce-svc-0dc0e98a5800db5c4`
`ap-south-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-south-1.vpce-svc-0dbfe5d9ee18d6411` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-south-1.vpce-svc-03fd4d9b61414f3de`
`ap-southeast-1`	Workspace (including REST API): `com.amazonaws.vpce.ap-southeast-1.vpce-svc-02535b257fc253ff4` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-southeast-1.vpce-svc-0557367c6fc1a0c5c`
`ap-southeast-2`	Workspace (including REST API): `com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b87155ddd6954974` Secure cluster connectivity relay: `com.amazonaws.vpce.ap-southeast-2.vpce-svc-0b4a72e8f825495f6`
`ca-central-1`	Workspace (including REST API): `com.amazonaws.vpce.ca-central-1.vpce-svc-0205f197ec0e28d65` Secure cluster connectivity relay: `com.amazonaws.vpce.ca-central-1.vpce-svc-0c4e25bdbcbfbb684`
`eu-central-1`	Workspace (including REST API): `com.amazonaws.vpce.eu-central-1.vpce-svc-081f78503812597f7` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-central-1.vpce-svc-08e5dfca9572c85c4`
`eu-west-1`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-1.vpce-svc-0da6ebf1461278016` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-1.vpce-svc-09b4eb2bc775f4e8c`
`eu-west-2`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-2.vpce-svc-01148c7cdc1d1326c` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-2.vpce-svc-05279412bf5353a45`
`eu-west-3`	Workspace (including REST API): `com.amazonaws.vpce.eu-west-3.vpce-svc-008b9368d1d011f37` Secure cluster connectivity relay: `com.amazonaws.vpce.eu-west-3.vpce-svc-005b039dd0b5f857d`
`sa-east-1`	Workspace (including REST API): `com.amazonaws.vpce.sa-east-1.vpce-svc-0bafcea8cdfe11b66` Secure cluster connectivity relay: `com.amazonaws.vpce.sa-east-1.vpce-svc-0e61564963be1b43f`
`us-east-1`	Workspace (including REST API): `com.amazonaws.vpce.us-east-1.vpce-svc-09143d1e626de2f04` Secure cluster connectivity relay: `com.amazonaws.vpce.us-east-1.vpce-svc-00018a8c3ff62ffdf`
`us-east-2`	Workspace (including REST API): `com.amazonaws.vpce.us-east-2.vpce-svc-041dc2b4d7796b8d3` Secure cluster connectivity relay: `com.amazonaws.vpce.us-east-2.vpce-svc-090a8fab0d73e39a6`
`us-west-1`	PrivateLink connectivity is not supported for this region.
`us-west-2`	Workspace (including REST API): `com.amazonaws.vpce.us-west-2.vpce-svc-0129f463fcfbc46c5` Secure cluster connectivity relay: `com.amazonaws.vpce.us-west-2.vpce-svc-0158114c0c730c3bb`