Step 1: Create an Agent

Use the following procedure to create an agent that reads from a source. This source can be a Network File System (NFS) location that is on-premises or in the cloud, or a Server Message Block (SMB) location.

A DataSync agent can transfer data through public service endpoints, Federal Information Processing Standard (FIPS) endpoints, and VPC endpoints. To learn more, see Creating and Activating an Agent

Note

When you configure your agent to use VPC endpoints, the data transferred between your agent and the DataSync service doesn't cross the public internet and doesn't require public IP addresses. For end-to-end instructions for this configuration, see Using AWS DataSync in a Virtual Private Cloud.

To create an agent to read from an NFS or SMB source file system

Download the current DataSync .ova image or launch the current DataSync Amazon Machine Image (AMI) based on Amazon EC2 from the AWS DataSync Management Console. For information about how to get the .ova image or EC2 AMI, see Create an Agent. For information about hardware requirements and recommended EC2 instance types, see Virtual Machine Requirements.
Make sure that you satisfy the network connectivity requirements for the agent. For information about network requirements, see Network Requirements for DataSync.
Deploy the .ova image in your on-premises hypervisor, power on the hypervisor, and note the agent-ip-address. Make sure that you can reach the agent on port 80. You can use the following command to check.
```
$ nc -vz agent-ip-address 80
```
Note

The .ova default credentials are login admin, password password. You can change the password on the VM local console. You don't need to log in to the VM for basic DataSync functionality. Login is mainly required for troubleshooting, network-specific settings, and so on.

You log in to the agent VM local console using the VMware vSphere client. For information about how to use the VM local console, see Configuring Your Agent on the VM Local Console.
Send an HTTP/1.1 GET request to the agent to get the activation key. You can do this by using standard Unix tools:
- To activate an agent using a public service endpoint, use the following command.
```
$ curl "http://agent-ip-address/?gatewayType=SYNC&activationRegion=aws-region&no_redirect"
```
- To activate an agent using a virtual private cloud (VPC) endpoint, use the Elastic IP address of the VPC endpoint. Use the following command.
```
$ curl "http://agent-ip-address/?gatewayType=SYNC&activationRegion=aws-region&privateLinkEndpoint=Elastic IP address of VPC endpoint&endpointType=PRIVATE_LINK&no_redirect"
```
  To find the correct IP address, open the Amazon VPC console at https://console.aws.amazon.com/vpc/ and choose Endpoints from the navigation pane at left. Choose the DataSync endpoint, and check Subnets list to find the private IP address that corresponds to the subnet that you chose for your VPC endpoint setup.
  
  For more information about VPC endpoint configuration, see step 5 in Configuring DataSync to Use Private IP Addresses for Data Transfer.
- To activate an agent using a Federal Information Processing Standard (FIPS) endpoint, specify endpointType=FIPS. Also, the activationRegion value must be set to an AWS Region within the United States. To activate a FIPS endpoint, use the following command.
```
$ curl "http://agent-IP-address/?gatewayType=SYNC&activationRegion=US-based-aws-region&endpointType=FIPS&no_redirect"
```
This command returns an activation key similar to the one following.

F0EFT-7FPPR-GG7MC-3I9R3-27DOH
After you have the activation key, do one of the following:
- To activate your agent using a public endpoint or FIPS endpoint, use the following command.
```
$ aws datasync create-agent --agent-name agent's name --activation-key obtained activation key
```
- To activate your agent using a VPC endpoint, use the following command.
```
$ aws datasync create-agent --agent-name agent's name --vpc-endpoint-id vpc endpoint id --subnet-arns subnet arns --security-group-arns security group arns --activation-key obtained activation key
```
  In this command, use the following arguments:
  - vpc endpoint id – The AWS endpoint that the agent connects to. To find the endpoint ID, open the Amazon VPC console at https://console.aws.amazon.com/vpc/, and choose Endpoints from the navigation pane on the left. Copy the Endpoint ID value of the DataSync endpoint. For more information about VPC endpoint configuration, see step 5 in Configuring DataSync to Use Private IP Addresses for Data Transfer.
  - security group arn – The Amazon Resource Name (ARN) of the security group to use for the task's endpoint. This is the security group that you created in step 3 of Configuring DataSync to Use Private IP Addresses for Data Transfer.
  - task's subnet arn – The ARN of the subnet where the task endpoints for the agent are created.
    
    This is the subnet that you chose in step 1 of Configuring DataSync to Use Private IP Addresses for Data Transfer.
  These commands return the ARN of the agent that you just activated. The ARN is similar to the one following.
```
{"AgentArn": "arn:aws:datasync:us-east-1:111222333444:agent/agent-0b0addbeef44baca3”}
```
  Note
  
  After you choose a service endpoint, you can't change it later.

After the agent is activated, it closes port 80 and the port is no longer accessible. If you can't connect to the agent after you have activated it, check whether the activation was successful by using this command: $ aws datasync list-agents.

Note

Make sure that you are using the same AWS credentials throughout the whole process. Don't switch between multiple terminals where you are authenticated with different AWS credentials.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using the AWS CLI

Step 2: Create Locations