IBM Cloud Docs
Endpoints available

Endpoints available

Before you can run workloads in an IBM Cloud VPC, you must first set up your environment to access the VPC API. That is, if you choose to manage your VPC resources programmatically. The following information lists the regional API endpoints that you can use to access your VPC resources.

For more information about setting up your VPC API environment or referencing methods to access your VPC resources, see Setting up your CLI or API environment or the Virtual Private Cloud API reference.

Use one of the following public endpoints to connect to the VPC infrastructure API. The endpoints are based on the region of the service.

Table 1. VPC API Regional Endpoints for North and South America
This table displays the VPC API Regional Endpoints.
Location Region Public Endpoint Private Endpoint
US South (Dallas) us-south
US East (Washington DC) us-east
Brazil (São Paulo) br-sao
Canada (Toronto) ca-tor
Table 1. VPC API Regional Endpoints for Europe
This table displays the VPC API Regional Endpoints.
Location Region Public Endpoint Private Endpoint
United Kingdom (London) eu-gb
EU Germany (Frankfurt) eu-de
Spain (Madrid) eu-es

For x86-64 dedicated host profiles, the Madrid region only supports dedicated host profiles with instance storage. For more information, see Dedicated host profiles.

Table 1. VPC API Regional Endpoints for Asia Pacific
This table displays the VPC API Regional Endpoints.
Location Region Public Endpoint Private Endpoint
Japan (Tokyo) jp-tok
Japan (Osaka) jp-osa
Australia (Sydney) au-syd

LinuxONE (s390x processor architecture) profiles are supported on virtual server instances in the US South (Dallas), Japan (Tokyo), Brazil (São Paulo), Spain (Madrid), Canada (Toronto), United Kingdom (London), and US East (Washington DC) regions.   

After resources are created and accessible in your VPC, you're ready to run workloads. From inside the VPC infrastructure, you can access two types of IBM Cloud endpoints: platform as a service (PaaS) endpoints, also known as service endpoints, and infrastructure as a service (IaaS) endpoints.

Although the addresses for these endpoints look as if they communicate through the public internet, traffic to and from these endpoints does not leave IBM Cloud. Therefore, this traffic avoids the bandwidth charges associated with traffic that exits the cloud and goes onto the public internet.

Service endpoints

Use service endpoints to securely connect to IBM Cloud services over the IBM Cloud private network. These endpoints are available through DNS (Domain Name System) names in the domain and resolve to addresses.

Traffic to and from service endpoints are subject to ACL and security group rules. In other words, these mechanisms can be used in cases where you want to limit what virtual server instances use a particular service endpoint.

VPCs are automatically able to reach service endpoints. For more information about service endpoints, see Services that support service endpoints. After you provision a service as a private endpoint, ping the endpoint from your virtual server instance to verify that the endpoint is reachable.

You can also use VPN for VPC to access service endpoints. For more information, see Access service endpoints through VPN.

IaaS endpoints

Infrastructure services are available by using certain DNS names from the domain, and they resolve to addresses. Services that you can reach include:

  • DNS resolvers
  • Ubuntu and Debian APT (Advanced Packaging Tool) Mirrors
  • Network Time Protocol (NTP)
  • IBM Cloud Object Storage

The following ports must be open to allow ADN network traffic to flow for the following services.

Table 2. Ports required for network traffic
Protocol Port Service

For Linux virtual machines, open port 8443 to

Virtual private endpoints

IBM Cloud services available through IBM Cloud Virtual Private Endpoints (VPE) for VPC are listed at VPE supported services. VPE supports both service and IaaS endpoints. For more information about private connectivity and VPE, see About virtual private endpoint gateways.

DNS resolver endpoints

IBM Cloud DNS Services provide private DNS to VPC users. Private DNS zones are resolvable only on IBM Cloud, and only from explicitly permitted networks in an account. For more information about DNS Services, see Getting started with IBM Cloud DNS Services.

DNS resolvers use IP address, rather than names. For shared cloud service endpoints, use the DNS server addresses and

Ubuntu and Debian APT Mirrors

APT mirrors for updating Ubuntu and Debian images are available from, which resolves to

For instances that are provisioned with stock images for CentOS, Red Hat Enterprise Linux, or Windows, update connections are configured as part of the provisioning process.

NTP servers

NTP is widely used to synchronize a computer to internet time servers or other sources. The IBM NTP server is available for VPC instances to use for time synchronization.

An NTP server is available from, which resolves to

IBM Cloud Object Storage

IBM Cloud Object Storage stores encrypted and dispersed data across multiple geographic locations. For more information about IBM Cloud Object Storage, see Getting started with IBM Cloud Object Storage.

For more information about reaching Object Storage from a VPC see Connecting to IBM Cloud Object Storage from VPC.