Networking
The documentation on the Tower data plane describes how Tower separates its control plane from its data plane architecturally. You can use the Tower-hosted data plane or run your own data plane using tower-runner.
This document describes the network configuration for Tower's hosted data plane.
Deployment regions
Tower uses Amazon Web Services as its cloud hosting provider. The control plane runs in eu-central-1 (Frankfurt). The data plane is available in multiple regions:
| Region | Location | Status |
|---|---|---|
eu-central-1 | Frankfurt, Germany | Available |
us-east-1 | N. Virginia, USA | Available |
us-west-2 | Oregon, USA | Available |
You can select the execution region for your team under Settings > General > Execution Region. This determines which data plane your runs are dispatched to.
Virtual private cloud
Tower's control plane and the hosted data planes run in separate virtual private clouds. Each data plane VPC has a network configuration that prevents ingress from external services. Users cannot write applications that talk directly to Tower-hosted compute hardware.
IP addresses
In your network policies, to use the Tower-hosted data plane, allowlist the following IP addresses to allow Tower-hosted traffic.
AWS eu-central-1
3.124.118.21063.177.162.15
AWS us-east-1
54.145.91.1932.195.40.107
AWS us-west-2
54.214.239.8754.148.103.191