AWS DataSync
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Creating a Location for Amazon S3

A location for Amazon S3 is an endpoint for the Amazon S3 bucket that DataSync uses as a source or destination.

To create an S3 location

  1. Open the AWS DataSync console at

  2. In the navigation pane, choose Locations. The locations that you previously created appear in the list of locations.

  3. On the Create location page, choose Create location.

  4. For Location type, choose Amazon S3 bucket.

  5. For S3 Bucket, choose the Amazon S3 bucket that you want to use as an endpoint. You configure this location as a source or destination later.

  6. For Folder, provide the name of a folder in S3. This is the S3 folder that DataSync uses, either to read data from for an S3 source location or write data to for an S3 destination.

  7. For IAM role, choose Autogenerate for DataSync to automatically create a role with the required permissions.

    If DataSync has previously created such a role for this S3 bucket, that role is chosen as the default in the list. You can also create your own role and choose it from the list. For instructions on how to create an IAM role manually, see Manually Configuring an IAM Role to Access Your S3 Bucket .

  8. (Optional) For Key and Value, provide values to tag your S3 location. A tag is a key-value pair that helps you manage, filter, and search for your locations.

  9. When you are done, choose Create location. The location that you just created appears in the list of locations.


In addition to the IAM policies that grant DataSync permissions, we recommend creating a multipart upload bucket policy for your S3 buckets to help you control your storage cost. For more information, see the blog post S3 Lifecycle Management Update – Support for Multipart Uploads and Delete Markers.

Amazon S3 Location Settings

If the location you want to use as a source or a destination is an Amazon S3 bucket, you configure the following settings.

S3 bucket

The Amazon S3 bucket that you want to use as a source or destination location.

IAM role

The AWS Identity and Access Management (IAM) role that has permissions to access the S3 bucket.

For DataSync to access a destination S3 bucket, it requires access to your Amazon S3 bucket. To obtain this access, DataSync assumes the IAM role that you provide. The role requires an IAM policy and a security token service trust (STS) relationship. The policy determines which actions the role can perform. DataSync can create the role on your behalf. For instructions, see Creating a Location for Amazon S3 . You can also create the role manually and choose it from the list in the console. For instructions, see Manually Configuring an IAM Role to Access Your S3 Bucket .


A key-value pair that identifies the S3 location. By default, the DataSync console prepopulates a name value with the task or location name.

Manually Configuring an IAM Role to Access Your S3 Bucket

When you use the DataSync Management Console to create an Amazon S3 location, DataSync automatically creates an IAM role that has the required permissions for you. If you want to create the IAM role manually, use the following procedure.

To manually configure an IAM role to access your S3 bucket

  1. Open the IAM Management Console.

  2. From the navigation pane, choose Roles, and then choose Create role to open the Create role page.

  3. In the Select type of trusted entity section, make sure that AWS service is selected.

  4. Under Choose the service that will use this role, choose DataSync, or manually configure it as shown in the following example.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "" }, "Action": "sts:AssumeRole" } ] }
  5. Choose Next: Permissions.

  6. Choose AmazonS3FullAccess. You can also manually configure a more restricted policy. For an example of such a policy, see Amazon S3 Location Settings.

  7. (Optional) Choose Next: Tags to create tags for the role.

  8. Choose Next: Review, choose the role name, and then choose Create role.

  9. Open the DataSync Management Console.

  10. Choose the refresh button on the right side of the IAM role list, and then choose the role that you just created.