AWS DataSync
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Other Use Cases

In this section, you can find information about use cases that are not common to most users.

Transferring Files in Opposite Directions

Transferring data in opposite directions allows for workflows where the active application moves between locations. AWS DataSync doesn't support workflows where multiple active applications write to both locations at the same time. Use the steps in the following procedure to configure DataSync to transfer data in opposite directions.

To configure DataSync to data transfers in opposite directions

  1. Create a location and name it Location A.

  2. Create a second location and name it Location B.

  3. Create a task, name it Task A-B, and then configure Location A as the source location and Location B as the destination location.

  4. Create a second task, name it Task B-A, and then configure Location B as the source location and Location A as the destination location.

  5. To update Location B with data from Location A, run Task A-B.

    To update Location A with data from Location B, run Task B-A.

    Don't run these two tasks concurrently. DataSync can transfer files in opposite directions periodically. However, it doesn't support workflows where multiple active applications write to both Location A and Location B simultaneously.

Using Multiple Tasks to Write to the Same Amazon S3 Bucket

In certain use cases, you might want different tasks to write to the same Amazon S3 bucket. In this case, you create different folders in the S3 bucket for each of the task. This approach prevents file name conflicts between the tasks, and also means that you can set different permissions for each of folders.

For example, you might have three tasks: task1, task2, and task3 write to an S3 bucket named MyBucket.

You create three folders in the bucket:

s3://MyBucket/task1

s3://MyBucket/task2

s3://MyBucket/task3

For each task, you choose the folder in MyBucket that corresponds to the task as the destination, and set different permissions for each of the three folders.

Allowing Amazon S3 Access From a Private VPC Endpoint

In certain cases, you might want to only allow Amazon S3 access from a private endpoint. In that case, you create an IAM policy that allows that access and attach it to the S3 bucket. If you need a policy that restricts your S3 bucket's access to DataSync VPC endpoints, contact AWS DataSync Support to get the DataSync VPC endpoint for your AWS Region.

The following is a sample policy that only allows Amazon S3 access from a private endpoint.

{ "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "", "Action": "s3:", "Effect": "Deny", "Resource": ["arn:aws:s3:::examplebucket", "arn:aws:s3:::examplebucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpce": "vpce-your vpc enpoint", "aws:sourceVpce": "vpce-DataSync vpc endpoint for your region" } } } ] }

For more information, see Example Bucket Policies for VPC Endpoints for Amazon S3 in the Amazon Simple Storage Service Developer Guide.