Yes, that seems correct for the inbound traffic at least:

• Control plane services, including webapp: nvirginia.cloud.databricks.com, 3.237.73.224/28
• SCC relay: tunnel.us-east-1.cloud.databricks.com
• SCC relay for PrivateLink: tunnel.privatelink.us-east-1.cloud.databricks.com

Same document can be referred for outbound.

Is the netcat test going through?

Some additional tests:

• Security Groups and Firewalls:

  • Verify that the security group associated with your MySQL RDS instance allows inbound traffic on port 3306 (the default MySQL port) from the IP addresses or CIDR blocks used by your Databricks cluster.
  • Ensure there are no firewall rules blocking the connection.

• VPC Peering:

  • If your Databricks workspace is in a different VPC than your RDS instance, ensure that VPC peering is correctly configured between the two VPCs.
  • Check that the route tables and network ACLs are set up to allow traffic between the VPCs.