Choose a service endpoint for your AWS DataSync agent
Your AWS DataSync agent uses a service endpoint to communicate with AWS. An agent can connect to the following types of endpoints:
-
Virtual private cloud (VPC) endpoint – Data is sent through your VPC instead of over the public internet, increasing the security of the transferred data.
-
Public endpoint – Data is sent over the public internet.
-
Federal Information Processing Standard (FIPS) endpoint – Data is sent over the public internet by using processes that comply with FIPS.
Remember the following when choosing a service endpoint:
-
An agent can only use one type of endpoint. If you need to transfer data with different endpoint types, create an agent for each type.
-
For DataSync Discovery, currently you can only use a public endpoint.
For more information, see AWS service endpoints in the AWS General Reference.
Use a VPC endpoint
Your DataSync agent can communicate with AWS using a VPC endpoint provided by AWS PrivateLink. This approach provides a private connection between your storage system, VPC, and AWS services.
For more information, see Using AWS DataSync agents with VPC endpoints.
To specify a VPC endpoint by using the DataSync console
-
Create a VPC endpoint and take note of the endpoint ID.
You also can use an existing VPC endpoint in your current AWS Region.
Open the AWS DataSync console at https://console.aws.amazon.com/datasync/
. -
Go to the Agents page and choose Create agent.
-
For Hypervisor, choose Amazon EC2.
-
In the Service endpoint section, choose VPC endpoints using AWS PrivateLink.
This is the VPC endpoint that the agent has access to.
-
For VPC Endpoint, choose the VPC endpoint that you want your agent to connect to.
You noted the endpoint ID when you created the VPC endpoint.
Important
You must choose a VPC endpoint that includes the DataSync service name (for example,
com.amazonaws.us-east-2.datasync
). -
For Subnet, choose the subnet where you want to run your DataSync task.
This is the subnet where DataSync creates and manages network interfaces for your transfer.
-
For Security Group, choose a security group for your DataSync task.
This is the security group that protects your transfer's network interfaces.
For more information about using DataSync in a VPC, see Using AWS DataSync agents with VPC endpoints.
Next step: Activate your AWS DataSync agent
Use a public endpoint
If you use a public endpoint, all communication between your DataSync agent and AWS occurs over the public internet.
To specify a public endpoint by using the DataSync console
Open the AWS DataSync console at https://console.aws.amazon.com/datasync/
. -
Go to the Agents page and choose Create agent.
-
In the Service endpoint section, choose Public service endpoints in
AWS Region name
. For a list of supported AWS Regions, see AWS DataSync in the AWS General Reference.
Next step: Activate your AWS DataSync agent
Use a FIPS endpoint
See a list of FIPS endpoints used by DataSync
To specify a FIPS endpoint by using the DataSync console
Open the AWS DataSync console at https://console.aws.amazon.com/datasync/
. -
For Hypervisor, choose the type of agent you deployed.
-
In the Service endpoint section, choose the FIPS endpoint that you want.
Next step: Activate your AWS DataSync agent