Configuring DataSync transfers with an object storage system - AWS DataSync

Configuring DataSync transfers with an object storage system

With AWS DataSync, you can transfer data between your object storage system and one of the following AWS storage services:

To set up this kind of transfer, you create a location for your object storage system. You can use this location as a transfer source or destination.

Prerequisites

Your object storage system must be compatible with the following Amazon S3 API operations for DataSync to connect to it:

  • AbortMultipartUpload

  • CompleteMultipartUpload

  • CopyObject

  • CreateMultipartUpload

  • DeleteObject

  • DeleteObjects

  • DeleteObjectTagging

  • GetBucketLocation

  • GetObject

  • GetObjectTagging

  • HeadBucket

  • HeadObject

  • ListObjectsV2

  • PutObject

  • PutObjectTagging

  • UploadPart

Creating your object storage transfer location

Before you begin, you need an object storage system that you plan to transfer data to or from.

  1. Open the AWS DataSync console at https://console.aws.amazon.com/datasync/.

  2. In the left navigation pane, expand Data transfer, then choose Locations and Create location.

  3. For Location type, choose Object storage.

    You configure this location as a source or destination later.

  4. For Agents, choose the DataSync agent that can connect to your object storage system.

    You can choose more than one agent. For more information, see Using multiple DataSync agents.

  5. For Server, provide the domain name or IP address of the object storage server.

  6. For Bucket name, enter the name of the object storage bucket involved in the transfer.

  7. For Folder, enter an object prefix.

    DataSync only copies objects with this prefix.

  8. To configure the connection to the object storage server, expand Additional settings and do the following:

    1. For Server protocol, choose HTTP or HTTPS.

    2. For Server port, use a default port (80 for HTTP or 443 for HTTPS) or specify a custom port if needed.

    3. For Certificate, if your object storage system uses a private or self-signed certificate authority (CA), select Choose file and specify a single .pem file with a full certificate chain.

      The certificate chain might include:

      • The object storage system's certificate

      • All intermediate certificates (if there are any)

      • The root certificate of the signing CA

      You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:

      cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem
  9. If credentials are required to access the object storage server, select Requires credentials and enter the Access key and Secret key for accessing the bucket.

    The access key and secret key can be a user name and password, respectively.

  10. (Optional) Choose Add tag to tag your object storage location.

    Tags are key-value pairs that help you manage, filter, and search for your locations. We recommend creating at least a name tag for your location.

  11. Choose Create location.

  1. Copy the following create-location-object-storage command:

    aws datasync create-location-object-storage \ --server-hostname object-storage-server.example.com \ --bucket-name your-bucket \ --agent-arns arn:aws:datasync:us-east-1:123456789012:agent/agent-01234567890deadfb
  2. Specify the following required parameters in the command:

    • --server-hostname – Specify the domain name or IP address of your object storage server.

    • --bucket-name – Specify the name of the bucket on your object storage server that you're transferring to or from.

    • --agent-arns – Specify the DataSync agents that you want to connect to your object storage server.

  3. (Optional) Add any of the following parameters to the command:

    • --server-port – Specifies the port that your object storage server accepts inbound network traffic on (for example, port 443).

    • --server-protocol – Specifies the protocol (HTTP or HTTPS) which your object storage server uses to communicate.

    • --access-key – Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server.

    • --secret-key – Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server.

    • --server-certificate – Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single .pem file with a full certificate chain (for example, file:///home/user/.ssh/object_storage_certificates.pem).

      The certificate chain might include:

      • The object storage system's certificate

      • All intermediate certificates (if there are any)

      • The root certificate of the signing CA

      You can concatenate your certificates into a .pem file (which can be up to 32768 bytes before base64 encoding). The following example cat command creates an object_storage_certificates.pem file that includes three certificates:

      cat object_server_certificate.pem intermediate_certificate.pem ca_root_certificate.pem > object_storage_certificates.pem
    • --subdirectory – Specifies the object prefix for your object storage server.

      DataSync only copies objects with this prefix.

    • --tags – Specifies the key-value pair that represents a tag that you want to add to the location resource.

      Tags can help you manage, filter, and search for your resources. We recommend creating a name tag for your location.

  4. Run the create-location-object-storage command.

    You get a response that shows you the location ARN that you just created.

    { "LocationArn": "arn:aws:datasync:us-east-1:123456789012:location/loc-01234567890abcdef" }