Configuring DataSync transfers with an object storage system
With AWS DataSync, you can transfer data between your object storage system and one of the following AWS storage services:
To set up this kind of transfer, you create a location for your object storage system. You can use this location as a transfer source or destination.
Prerequisites
Your object storage system must be compatible with the following Amazon S3 API operations for DataSync to connect to it:
-
AbortMultipartUpload
-
CompleteMultipartUpload
-
CopyObject
-
CreateMultipartUpload
-
DeleteObject
-
DeleteObjects
-
DeleteObjectTagging
-
GetBucketLocation
-
GetObject
-
GetObjectTagging
-
HeadBucket
-
HeadObject
-
ListObjectsV2
-
PutObject
-
PutObjectTagging
-
UploadPart
Creating your object storage transfer location
Before you begin, you need an object storage system that you plan to transfer data to or from.
Open the AWS DataSync console at https://console.aws.amazon.com/datasync/
. -
In the left navigation pane, expand Data transfer, then choose Locations and Create location.
-
For Location type, choose Object storage.
You configure this location as a source or destination later.
-
For Agents, choose the DataSync agent that can connect to your object storage system.
You can choose more than one agent. For more information, see Using multiple DataSync agents.
-
For Server, provide the domain name or IP address of the object storage server.
-
For Bucket name, enter the name of the object storage bucket involved in the transfer.
-
For Folder, enter an object prefix.
DataSync only copies objects with this prefix.
-
To configure the connection to the object storage server, expand Additional settings and do the following:
-
For Server protocol, choose HTTP or HTTPS.
-
For Server port, use a default port (80 for HTTP or 443 for HTTPS) or specify a custom port if needed.
-
For Certificate, if your object storage system uses a private or self-signed certificate authority (CA), select Choose file and specify a single
.pem
file with a full certificate chain.The certificate chain might include:
-
The object storage system's certificate
-
All intermediate certificates (if there are any)
-
The root certificate of the signing CA
You can concatenate your certificates into a
.pem
file (which can be up to 32768 bytes before base64 encoding). The following examplecat
command creates an
file that includes three certificates:object_storage_certificates
.pemcat
object_server_certificate
.pemintermediate_certificate
.pemca_root_certificate
.pem >object_storage_certificates
.pem -
-
-
If credentials are required to access the object storage server, select Requires credentials and enter the Access key and Secret key for accessing the bucket.
The access key and secret key can be a user name and password, respectively.
-
(Optional) Choose Add tag to tag your object storage location.
Tags are key-value pairs that help you manage, filter, and search for your locations. We recommend creating at least a name tag for your location.
-
Choose Create location.
-
Copy the following
create-location-object-storage
command:aws datasync create-location-object-storage \ --server-hostname
object-storage-server.example.com
\ --bucket-nameyour-bucket
\ --agent-arns arn:aws:datasync:us-east-1
:123456789012
:agent/agent-01234567890deadfb
-
Specify the following required parameters in the command:
-
--server-hostname
– Specify the domain name or IP address of your object storage server. -
--bucket-name
– Specify the name of the bucket on your object storage server that you're transferring to or from. -
--agent-arns
– Specify the DataSync agents that you want to connect to your object storage server.
-
-
(Optional) Add any of the following parameters to the command:
-
--server-port
– Specifies the port that your object storage server accepts inbound network traffic on (for example, port443
). -
--server-protocol
– Specifies the protocol (HTTP
orHTTPS
) which your object storage server uses to communicate. -
--access-key
– Specifies the access key (for example, a user name) if credentials are required to authenticate with the object storage server. -
--secret-key
– Specifies the secret key (for example, a password) if credentials are required to authenticate with the object storage server. -
--server-certificate
– Specifies a certificate chain for DataSync to authenticate with your object storage system if the system uses a private or self-signed certificate authority (CA). You must specify a single.pem
file with a full certificate chain (for example,file:///home/user/.ssh/object_storage_certificates.pem
).The certificate chain might include:
-
The object storage system's certificate
-
All intermediate certificates (if there are any)
-
The root certificate of the signing CA
You can concatenate your certificates into a
.pem
file (which can be up to 32768 bytes before base64 encoding). The following examplecat
command creates an
file that includes three certificates:object_storage_certificates
.pemcat
object_server_certificate
.pemintermediate_certificate
.pemca_root_certificate
.pem >object_storage_certificates
.pem -
-
--subdirectory
– Specifies the object prefix for your object storage server.DataSync only copies objects with this prefix.
-
--tags
– Specifies the key-value pair that represents a tag that you want to add to the location resource.Tags can help you manage, filter, and search for your resources. We recommend creating a name tag for your location.
-
-
Run the
create-location-object-storage
command.You get a response that shows you the location ARN that you just created.
{ "LocationArn": "arn:aws:datasync:us-east-1:123456789012:location/loc-01234567890abcdef" }