AWS DataSync
User Guide

Choose a Service Endpoint

You can activate your agent by using one of the following endpoint types:

  • Public endpoints – If you use public endpoints, all communication from your DataSync agent to AWS occurs over the public internet. For instructions, see Choose a Public Service Endpoint.

  • Federal Information Processing Standard (FIPS) endpoints – If you need to use FIPS 140-2 validated cryptographic modules when accessing the AWS GovCloud (US-East) or AWS GovCloud (US-West) Region, use this endpoint to activate your agent. You use the AWS CLI or API to access this endpoint. For more information, see Federal Information Processing Standard (FIPS) 140-2.

  • Virtual private cloud (VPC) endpoints – If you use a VPC endpoint, all communication from DataSync to AWS services occurs through the VPC endpoint in your VPC in AWS. This approach provides a private connection between your on-premises data center, your VPC, and AWS services. It increases the security of your data as it is copied over the network. For instructions, see Choose a VPC Endpoint.

Note

After you choose a service endpoint type and activate your agent, you can't change it to use a different service endpoint type later. If you want to use a different service endpoint type, delete the agent and create a new one.

For more information about service endpoints, see AWS DataSync in the AWS General Reference.

Choose a Public Service Endpoint

If you use a public endpoint, all communication from your DataSync agent to AWS occurs over the public internet.

To choose a public service endpoint

  1. From the DataSync Agents page on the DataSync Management Console, choose Create agent to open the Create agent page.

  2. In the Service endpoint section, choose Public service endpoints in AWS Region name. For a list of supported AWS Regions, see AWS DataSync in the AWS General Reference.

Next Step: Activate Your Agent

Choose a FIPS Service Endpoint

If you use a FIPS service endpoint, DataSync will communicate with GovCloud (US) or AWS Canada (Central).

To choose a FIPS service endpoint

  1. From the DataSync Agents page on the DataSync Management Console, choose Create agent to open the Create agent page.

  2. In the Service endpoint section, choose the FIPS endpoint you want. For information about supported FIPS endpoint, see AWS DataSync in the AWS General Reference.

Next Step: Activate Your Agent

Choose a VPC Endpoint

If you use a VPC endpoint, all communication from DataSync to AWS services occurs through the VPC endpoint in your VPC in AWS. This approach provides a private connection between your on-premises data center, your VPC, and AWS services.

To choose a VPC endpoint

  1. Before you begin, you need to create a VPC endpoint. For instructions, Creating an Interface Endpoint. If you already have a VPC endpoint in the AWS Region, you can use it.

    Important

    In step 4 of Creating an Interface Endpoint instructions, choose com.amazonaws.region.datasync for Service Name, in the table of endpoints. For information about supported AWS Regions, see AWS DataSync in the AWS General Reference.

  2. From the DataSync Agents page on the DataSync Management Console, choose Create agent to open the Create agent page.

  3. In the Service endpoint section, choose VPC endpoints using AWS PrivateLink. This is the VPC endpoint that the agent has access to.

  4. For VPC Endpoint, choose the private VPC endpoint that you want your agent to connect to. You noted the endpoint ID when you created the VPC endpoint.

  5. For Subnet, choose the subnet in which you want to run your task. This is the subnet where the elastic network interface is created.

  6. For Security Group, choose a security group for your task. This is the security group that protects your network interface for tasks that run on your agent.

For additional information about using DataSync in a Virtual Private Cloud, see Using AWS DataSync in a Virtual Private Cloud.

Next Step: Activate Your Agent