Deploy an AWS DataSync Agent - AWS DataSync

Deploy an AWS DataSync Agent

You can deploy an AWS DataSync agent in either of the following ways:

Your agent can connect to public internet endpoints or private endpoints in virtual private clouds (VPCs). The activation process associates your agent with your AWS account.

Deploy Your DataSync Agent on VMware

You can download and deploy an AWS DataSync agent in your VMware environment and then activate it. You can also use an existing agent instead of deploying a new one. You can use a previously created agent if it can access your on-premises storage and if it's activated in the same AWS Region.

To deploy an agent on VMware

  1. Open the AWS DataSync console at

  2. If you don't have an agent, on the Create agent page in the console, choose Download image in the Deploy agent section. Doing this downloads the agent and deploys it in your VMware ESXi hypervisor. The agent is available as a VM. If you want to deploy the agent as an Amazon EC2 instance, see Deploy Your Agent as an EC2 Instance to Read Files from In-Cloud.

    AWS DataSync currently supports the VMware ESXi hypervisor. For information about hardware requirements for the VM, see Virtual Machine Requirements. For information about how to deploy an .ova file in a VMware host, see the documentation for your hypervisor.

    If you have previously activated an agent in this AWS Region and want to use that agent, choose that agent and choose Create agent. The Configure a Source Location page appears.

  3. Power on your hypervisor, log in to your VM, and get the IP address of the agent. You need this IP address to activate the agent.


    The VM's default credentials are the login admin and the password password.

    You can change the password on the local console. You don't need to log in to the VM for DataSync functionality. Login is mainly required for troubleshooting, such as running a connectivity test or opening a support channel with AWS. It's also required for network-specific settings, such as setting up a static IP address.

After you have deployed an agent, you choose a service endpoint.

Deploy Your Agent as an EC2 Instance to Read Files from In-Cloud

You can use your agent to transfer data between two locations in AWS, including cross-region and cross-account transfers. Doing this enables you to perform the following tasks:

  • Transfer data from one EFS file system to another – migrate data from one AWS account to another, or periodically copy recently added files to a second EFS file system.

  • Migrate from self-managed NFS to EFS – migrate to benefit from a more scalable, fully managed, elastic, and highly available file storage that has an NFS interface.

  • Transfer data from Amazon S3 to in-cloud NFS, and from in-cloud NFS to Amazon S3 – use this approach for cases such as high-performance computing (HPC) processing.

To get started, choose the Amazon Machine Image (AMI) for your agent for the AWS Region where your EFS or self-managed NFS file system resides:

  • To copy between EFS file systems, or from a self-managed NFS to EFS, create the EC2 agent in the source AWS Region.

  • To copy from S3, create the agent in the destination AWS Region.


We don't recommend using a DataSync agent that is deployed as an EC2 instance to read data from an on-premises source location. This approach doesn't deliver maximum throughput.

You can use the procedures following to transfer files from an in-cloud NFS file system to Amazon S3. In this case, the in-cloud NFS file system is an Amazon EFS file system.

To choose the agent AMI for your AWS Region

  • Use the following CLI command to programmatically get the latest AMI ID for DataSync.

    aws ssm get-parameter --name /aws/service/datasync/ami --region $region

    Example command and output

    aws ssm get-parameter --name /aws/service/datasync/ami --region us-east-1 { "Parameter": { "Name": "/aws/service/datasync/ami", "Type": "String", "Value": "ami-01234db92d824a123", "Version": 6, "LastModifiedDate": 1569946277.996, "ARN": "arn:aws:ssm:us-east-1::parameter/aws/service/datasync/ami" } }

    You can also identify the AMI ID for your AWS Region in the following table. You use this AMI ID to deploy your DataSync agent. For the recommended instance types, see Amazon EC2 Instance Requirements.

    If you activated an agent in this AWS Region and want to use that agent, choose the agent and choose Create agent. The Configure a Source Location page appears.

    In the following table, you can find the available DataSync AMIs by AWS Region.

    AWS Region AMI Name AMI ID URL
    ap-east-1 aws-datasync-1578601791 ami-0a2228f0c42627cf4 Launch instance
    ap-northeast-1 aws-datasync-1578601791 ami-05c17aa2b793ebd3e Launch instance
    ap-northeast-2 aws-datasync-1578601791 ami-04709cb141754b5a2 Launch instance
    ap-south-1 aws-datasync-1578601791 ami-0b3027fa88024fa10 Launch instance
    ap-southeast-1 aws-datasync-1578601791 ami-05e784c943c98d3bc Launch instance
    ap-southeast-2 aws-datasync-1578601791 ami-017f985d24cf954d5 Launch instance
    ca-central-1 aws-datasync-1578601791 ami-0678ddd97941bb7fb Launch instance
    eu-central-1 aws-datasync-1578601791 ami-07bdc055550cce299 Launch instance
    eu-north-1 aws-datasync-1578601791 ami-0410d0dc8bc70f33b Launch instance
    eu-west-1 aws-datasync-1578601791 ami-0122531d38aec1fbf Launch instance
    eu-west-2 aws-datasync-1578601791 ami-059bd3460ccf61554 Launch instance
    eu-west-3 aws-datasync-1578601791 ami-05c6a0e4c1d6de4be Launch instance
    me-south-1 aws-datasync-1578601791 ami-0cbe61a092cd25ad7 Launch instance
    sa-east-1 aws-datasync-1578601791 ami-04d9afea2d0b2b3f0 Launch instance
    us-east-1 aws-datasync-1578601791 ami-03a252bd5a382c840 Launch instance
    us-east-2 aws-datasync-1578601791 ami-007674065fe323f83 Launch instance
    us-west-1 aws-datasync-1578601791 ami-00a8467244673ddcb Launch instance
    us-west-2 aws-datasync-1578601791 ami-0e1afcd862bc1329d Launch instance
    us-gov-east-1 aws-datasync-1578601568 ami-022e97af081000ceb Launch instance
    us-gov-west-1 aws-datasync-1578601568 ami-ca6150ab Launch instance

To deploy your DataSync agent as an EC2 instance

  1. From the AWS account where the source EFS resides, launch the agent using your AMI from the Amazon EC2 launch wizard. Use the following URL to launch the AMI.

    In the URL, replace the source-efs-or-nfs-region and ami-id with your own source AWS Region and AMI ID. The Choose an Instance Type page appears on the Amazon EC2 console. For a list of AMI IDs by AWS Region, see Deploy Your Agent as an EC2 Instance to Read Files from In-Cloud.

  2. Choose one of the recommended instance types for your use case, and choose Next: Configure Instance Details. For the recommended instance types, see Amazon EC2 Instance Requirements.

  3. On the Configure Instance Details page, do the following:

    1. For Network, choose the virtual private cloud (VPC) where your source EFS or NFS file system is located.

    2. For Auto-assign Public IP, choose a value. For your instance to be accessible from the public internet, set Auto-assign Public IP to Enable. Otherwise, set Auto-assign Public IP to Disable. If a public IP address isn't assigned, activate the agent in your VPC using its private IP address.

      When you transfer files from an in-cloud NFS, to increase performance we recommend that you choose a Placement Group value where your NFS server resides.

  4. Choose Next: Add Storage. The agent doesn't require additional storage, so you can skip this step and choose Next: Add tags.

  5. (Optional) On the Add Tags page, you can add tags to your EC2 instance. When you're finished on the page, choose Next: Configure Security Group.

  6. On the Configure Security Group page, do the following:

    1. Make sure that the selected security group allows inbound access to HTTP port 80 from the web browser that you plan to use to activate the agent.

    2. Make sure that the security group of the source EFS or NFS system allows inbound traffic from the agent. In addition, make sure that the agent allows outbound traffic to the source EFS or NFS system. The traffic goes through the standard NFS port, 2049.

    For the complete set of network requirements for DataSync, see Network Requirements for DataSync.

    If you deploy your agent using a VPC endpoint, you need to allow additional ports. For information, see How DataSync Works with VPC Endpoints .

  7. Choose Review and Launch to review your configuration, then choose Launch to launch your instance. Remember to use a key pair that's accessible to you. A confirmation page appears and indicates that your instance is launching.

  8. Choose View Instances to close the confirmation page and return to the EC2 instances screen. When you launch an instance, its initial state is pending. After the instance starts, its state changes to running. At this point, it is assigned a public Domain Name System (DNS) name and IP address, which can be found in the Descriptions tab.

  9. If you set Auto-assign Public IP to Enable, choose your instance and note the public IP address in the Description tab. You use this IP address later to connect to your sync agent.

    If you set Auto-assign Public IP to Disable, launch or use an existing instance in your VPC to activate the agent. In this case, you use the private IP address of the sync agent to activate the agent from this instance in the VPC.

After you have deployed an agent, you choose a service endpoint.