Choose a service endpoint for your AWS DataSync agent - AWS DataSync
Use a VPC endpointUse a public endpointUse a FIPS endpoint

Choose a service endpoint for your AWS DataSync agent

Your AWS DataSync agent uses a service endpoint to communicate with AWS. An agent can connect to the following types of endpoints:

  • Virtual private cloud (VPC) endpoint – Data is sent through your VPC instead of over the public internet, increasing the security of the transferred data.

  • Public endpoint – Data is sent over the public internet.

  • Federal Information Processing Standard (FIPS) endpoint – Data is sent over the public internet by using processes that comply with FIPS.

Remember the following when choosing a service endpoint:

  • An agent can only use one type of endpoint. If you need to transfer data with different endpoint types, create an agent for each type.

  • For DataSync Discovery, currently you can only use a public endpoint.

For more information, see AWS service endpoints in the AWS General Reference.

Use a VPC endpoint

Your DataSync agent can communicate with AWS using a VPC endpoint provided by AWS PrivateLink. This approach provides a private connection between your storage system, VPC, and AWS services.

For more information, see Using AWS DataSync agents with VPC endpoints.

To specify a VPC endpoint by using the DataSync console

  1. Create a VPC endpoint and take note of the endpoint ID.

    You also can use an existing VPC endpoint in your current AWS Region.

  2. Open the AWS DataSync console at https://console.aws.amazon.com/datasync/.

  3. Go to the Agents page and choose Create agent.

  4. For Hypervisor, choose Amazon EC2.

  5. In the Service endpoint section, choose VPC endpoints using AWS PrivateLink.

    This is the VPC endpoint that the agent has access to.

  6. For VPC Endpoint, choose the VPC endpoint that you want your agent to connect to.

    You noted the endpoint ID when you created the VPC endpoint.

    Important

    You must choose a VPC endpoint that includes the DataSync service name (for example, com.amazonaws.us-east-2.datasync).

  7. For Subnet, choose the subnet where you want to run your DataSync task.

    This is the subnet where DataSync creates and manages network interfaces for your transfer.

  8. For Security Group, choose a security group for your DataSync task.

    This is the security group that protects your transfer's network interfaces.

For more information about using DataSync in a VPC, see Using AWS DataSync agents with VPC endpoints.

Next step: Activate your AWS DataSync agent

Use a public endpoint

If you use a public endpoint, all communication between your DataSync agent and AWS occurs over the public internet.

To specify a public endpoint by using the DataSync console

  1. Open the AWS DataSync console at https://console.aws.amazon.com/datasync/.

  2. Go to the Agents page and choose Create agent.

  3. In the Service endpoint section, choose Public service endpoints in AWS Region name. For a list of supported AWS Regions, see AWS DataSync in the AWS General Reference.

Next step: Activate your AWS DataSync agent

Use a FIPS endpoint

See a list of FIPS endpoints used by DataSync.

To specify a FIPS endpoint by using the DataSync console

  1. Open the AWS DataSync console at https://console.aws.amazon.com/datasync/.

  2. For Hypervisor, choose the type of agent you deployed.

  3. In the Service endpoint section, choose the FIPS endpoint that you want.

Next step: Activate your AWS DataSync agent