Deployment Regions
Why use multiple regions?
There are many reasons that a company might choose to host Prismatic integrations in multiple regions:
- They need to adhere to GDPR, keeping EU-based customers' data in the EU, and US-based customers' data in the US
- They have CJIS or ITAR requirements and need to keep customer data in GovCloud, but would like to test integrations in commercial
- They need low latency between their app and Prismatic, so host certain integrations in Australia or the EU
- They might host Prismatic in a private cloud to fulfil customer requirements
Whatever the reason, if you host integrations in multiple Prismatic stacks you need to keep your components and integrations in sync between regions.
Logging in to additional regions
Prismatic's public regions are accessible through the following URLs:
| Stack | App URL |
|---|---|
| US Commercial (Ohio) | https://app.prismatic.io |
| US GovCloud | https://app.us-gov-west-1.prismatic.io |
| Europe (Ireland) | https://app.eu-west-1.prismatic.io |
| Europe (London) | https://app.eu-west-2.prismatic.io |
| Canada (Central) | https://app.ca-central-1.prismatic.io |
| Australia (Sydney) | https://app.ap-southeast-2.prismatic.io |
Prismatic IP allowlist (whitelist)
If your integration connects to an external app or service that allows connections based on IP, you can add the following relevant IPs to your allowlist.
| Stack | App URL | IP Addresses |
|---|---|---|
| US Commercial (Ohio) | app.prismatic.io | 3.132.205.2043.139.185.169 |
| US GovCloud | app.us-gov-west-1.prismatic.io | 15.200.86.23015.205.78.158 |
| Australia (Sydney) | app.ap-southeast-2.prismatic.io | 52.65.181.7754.252.173.54 |
| Canada (Central) | app.ca-central-1.prismatic.io | 35.182.143.993.99.22.244 |
| Europe (Ireland) | app.eu-west-1.prismatic.io | 54.78.26.1954.246.201.85 |
| Europe (London) | app.eu-west-2.prismatic.io | 18.132.171.18518.134.91.207 |
If your integrations are hosted in a private cloud, please contact Prismatic support for an allowlist.
Note: Integrations in Prismatic send data to third-party apps and services from those IP addresses. Invoking integrations in Prismatic is name-based (e.g. hooks.prismatic.io) and IPs are subject to change.
Private regions
If your contract includes a private cloud deployment, Prismatic's DevOps team will deploy a Prismatic stack in your AWS account in a region of your choosing. See Prismatic support for your endpoint URL and IP allowlist.
Access to additional regions
By default, new Prismatic accounts are added to the US Commercial (Ohio) region, app.prismatic.io. Access to additional regions can be enabled by Prismatic for enterprise customers whose contracts include additional regions.
User authentication spans across all regions, so you can use the same email and password to log in to each region. However, user data is not shared across regions. Once your organization has been enabled by Prismatic support in an additional region, you will need to invite your team members to the new region in order for them to log in to your tenant.
Logging in to additional regions with Prism
The prism CLI tool interacts with the US Commercial region by default.
In order to interact with an additional region, set a PRISMATIC_URL environment variable with the endpoint of the region you want:
$ prism login
Press any key to open prismatic.io in your default browser:
Login complete!
$ prism me
Name: John Doe
Email: john.doe@example.com
Organization: Example Corp - US Region
Endpoint URL: https://app.prismatic.io
$ export PRISMATIC_URL=https://app.eu-west-1.prismatic.io
$ prism login
Press any key to open prismatic.io in your default browser:
Login complete!
$ prism me
Name: John Doe
Email: john.doe@example.com
Organization: Example Corp - EU Region
Endpoint URL: https://app.eu-west-1.prismatic.io
Note: If you are using PowerShell on a Windows machine, you can set an environment variable with this syntax:
$ENV:PRISMATIC_URL=https://app.eu-west-1.prismatic.io
If you use prism on a headless system (like a CI/CD pipeline or when running automated scripts), you will need to generate a refresh token.
See docs on Headless prism Usage.