AWS DataSync
User Guide

Step 1: Create an Agent

The following procedure shows you how to create an agent that reads from a source Network File System (NFS) location that is on-premises or in the cloud or from Server Message Block (SMB).

To create an agent to read from an NFS or SMB source file system

  1. Download the current DataSync .ova image or launch the EC2 Amazon Machine Image (AMI) from the AWS DataSync Management Console. For information about how to get the .ova image or EC2 AMI, see Create an Agent. For information about hardware requirements and recommended Amazon EC2 instance types, see Virtual Machine Requirements.

  2. Make sure that you satisfy the network connectivity requirements for the agent. For information about network requirements, see Network Requirements.

  3. Deploy the .ova image in your on-premises hypervisor, power on the hypervisor, and take note of the agent-ip-address. Make sure that you can reach the agent on port 80. You can use this command to perform the check:

    $ nc -vz agent-ip-address 80


    The .ova default credentials are login admin, password password. You can change the password on the VM local console. You don't need to log in to the VM for basic DataSync functionality. Login is mainly required for troubleshooting, network-specific settings, and so on.

    You log in to the agent VM local console using the VMware vSphere client. For information about how to use the VM local console, see Configuring Your Agent on the VM Local Console.

  4. Send an HTTP/1.1 GET request to the agent to get the activation-key. You can do this by using standard Unix tools.

    To activate an agent using a public service endpoint use the following command.

    $ curl "http://your-IP-address/?gatewayType=SYNC&activationRegion=aws-region&no_redirect"

    To activate an agent using a private Virtual Private Cloud (VPC) endpoint, you need to provide the Elastic IP address of the VPC endpoint. Use the following command.

    $ curl "http://agent-ip-address/?gatewayType=SYNC&activationRegion=aws-region&privateLinkEndpoint=EIP&endpointType=PRIVATE_LINK&no_redirect


    The AWS Region that you specify is the one where your target Amazon S3 bucket or Amazon EFS file system is located.

    These commands return an activation key similar to the one following.


  5. After you have the activation key, do one of the following:

    • Activate your agent using a public endpoint and have the agent communicate with AWS over the public internet. To do this, use the following command.

      $ aws datasync create-agent --agent-name agent's name --activation-key obtained activation key
    • Activate your agent using a virtual private cloud (VPC) endpoint. If you use a VPC endpoint, all communication from your agent to AWS services occurs through the VPC endpoint in your VPC in AWS. For information about using DataSync in a VPC endpoint, see Using AWS DataSync in a Virtual Private Cloud.

      To activate an agent using a VPC endpoint, create a VPC endpoint as described in Creating an Interface Endpoint. Then use the following command to activate your agent using the VPC endpoint.

      $ aws datasync create-agent --agent-name agent's name --vpc-endpoint-id vpc endpoint id --subnet-arns subnet arns --security-group-arns security group arns --activation-key obtained activation key

      In this command, vpc endpoint id is the AWS endpoint that the agent connects to. The security group arn value is the Amazon Resource Name (ARN) of the security group to use for the task's endpoint. The task's subnet arn value is the ARN of the subnet where the task endpoints for the agent are created.

      These commands return the ARN of the agent that you just activated. The ARN is similar to the one following.

      {"AgentArn": "arn:aws:datasync:us-east-1:111222333444:agent/agent-0b0addbeef44baca3”}


      After you choose a service endpoint, you can't change it later.

After the agent is activated, it closes port 80 and the port is no longer accessible. If you can't connect to the agent after you have activated it, you can check whether the activation was successful by using this command: $ aws datasync list-agents.


Make sure that you are using the same AWS credentials throughout the whole process. Don't switch between multiple terminals where you are authenticated with different AWS credentials.