Revision / schema version: 1.0
Live: ip-ranges.json โ machine-readable IP ranges (AWS, Azure, GCP). Docs: AWS ยท Azure ยท GCP
Latest snapshot on this site: ip-ranges-20260518-0406.json
Previous JSON versions: View JSON History
Inbound โ CP IPs that receive your traffic when you call Databricks. Allowlist as destination for your outbound calls to the CP.
Outbound โ CP egress IPs (source when the CP initiates traffic to you or the internet). Allowlist as source so traffic from the CP is allowed.
Formatted TXT files for Palo Alto Networks firewalls are available on this page: output/
Files are organized by:
aws.txt, aws-inbound.txt, aws-outbound.txt, azure.txt, gcp.txtaws-us-east-1.txt, azure-eastus.txt, gcp-us-central1.txt (emitted only when the region has โฅ1 CIDR)Use the per-region files in production to scope firewall rules to your actual workspace regions instead of allowlisting the entire cloud. Download the file you need and import it into your PA firewall configuration, EDL, AWS Managed Prefix List, Azure IP Group, or GCP Firewall Policy.
This page was created to simplify the integration of Databricks IP ranges into firewalls. The project provides a static link to the latest JSON and per-cloud TXT files so you can automate allowlisting without parsing the official API response each time.
This page is automatically generated using a Python script available at GitHub Repository, and updated regularly through GitHub Actions.
We recommend forking this script if you plan to automate your infrastructure with it. Forking ensures you maintain control of updates, can customize it for your environment, and enhance security by avoiding dependencies on this repository.
Features
<cloud>-<region>.txt) so consumers can scope firewall rules to actual workspace regionsNote: Databricks may update IP ranges periodically. Always verify the ranges against your requirements before implementation. Availability may vary by cloud and region.
Connect on LinkedIn ยท Reach on GitHub