:xrefstyle: short

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following Databricks environment in the AWS Cloud.

:xrefstyle: short
[#architecture1]
.Quick Start architecture for Databricks on AWS
[link=images/architecture_diagram.png]
image::../images/architecture_diagram.png[Architecture1,width=100%,height=100%]

As shown in <<architecture1>>, this deployment sets up the following:

* A highly available architecture that spans at least three Availability Zones.
* A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
* In the private subnets:
** Databricks clusters of Amazon Elastic Compute Cloud (Amazon EC2) instances. 
** One or more security groups for secure cluster connectivity.
* In the public subnet:
** A network address translation (NAT) gateway to allow outbound internet access.
* Amazon CloudWatch for the Databricks workspace instance logs.
* (Optional) A customer managed AWS KMS key to encrypt notebooks.
* An Amazon Simple Storage Service (Amazon S3) bucket to store objects, such as cluster logs, notebook revisions, and job results.
* AWS Security Token Service (AWS STS) for requesting temporary, least-privilege access for users.
* A VPC endpoint for access to Amazon S3 artifacts and logs.
* A cross-account AWS Identity and Access Management (IAM) role to deploy clusters in the VPC for the new workspace. Depending on the deployment option you choose, you either use an existing IAM role or create an IAM role during deployment.